Session Cache - Same WAN for SSL

We have the feature called "session_cache" enabled by default in all products.

You could view the setting at /proc/Xtreme/session_cache


[root@Dot2-Primary Xtreme]# cat session_cache

                 ROUNDROBIN NON_SSL= 0          SSL=10

                 LEASTRESPONSE NON_SSL= 0          SSL=10

                 METERED NON_SSL= 0          SSL=10

                 FASTESTRT NON_SSL=10          SSL=10

                 WEIGHTED NON_SSL= 0          SSL=10

 

What it is does, is it applies the session_cache to all SSL traffic.  When first SSL session is created, it will create 10 more SSL session with the same source/destination address and destination port as 443, but leave source port as unknown.  The new session entry has state as SYNACK which by default is 60 seconds.  During one minutes, if there is new SSL session initiated from the client, it will match those pre-created session and will be bound to the same WAN interface which first one is bound to.

 

You could change and verify SYN timeout value by below method:

 

[root@Dot2-Primary Xtreme]# echo "TIMEOUT_SET SYN 1200" > /proc/Xtreme/xifaces

 

You could change/verify the session_cache setting by below method:

[root@Dot2-Primary Xtreme]# echo "SESSION_CACHE_SET ROUNDROBIN 0 20" > /proc/Xtreme/xifaces

[root@Dot2-Primary Xtreme]# cat session_cache

                  ROUNDROBIN NON_SSL= 0          SSL=20

                  LEASTRESPONSE NON_SSL= 0          SSL=10

                  METERED NON_SSL= 0          SSL=10

                  FASTESTRT NON_SSL=10          SSL=10

                  WEIGHTED NON_SSL= 0          SSL=10

 

needed echo commands:

echo "SESSION_CACHE_SET WEIGHTED 10 10" > /proc/Xtreme/xifaces

echo "SESSION_CACHE_SET ROUNDROBIN 10 10" > /proc/Xtreme/xifaces

echo "SESSION_CACHE_SET LEASTRESPONSE 10 10" > /proc/Xtreme/xifaces

echo "SESSION_CACHE_SET METERED 10 10" > /proc/Xtreme/xifaces

echo "SESSION_CACHE_SET FASTESTRT 10 10" > /proc/Xtreme/xifaces

15 of 36 people found this helpful.   




Powered by LiveZilla Helpdesk