Forum Discussion
nitass
Feb 03, 2014Employee
If I enable oneconnect, won't it continually disconnect and reconnect a session to the back end servers since I am doing https / server-side ssl to the back end?
but only one server ssl handshake per connection is done, isn't it?
e.g.
config
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:443
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
clientssl {
context clientside
}
http { }
oneconnect { }
serverssl {
context serverside
}
tcp { }
}
rules {
myrule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 2
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
members {
200.200.200.101:443 {
address 200.200.200.101
}
}
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]"
}
when CLIENTSSL_HANDSHAKE {
log local0. "[IP::client_addr]:[TCP::client_port]"
}
when SERVER_CONNECTED {
log local0. "[IP::client_addr]:[TCP::client_port]"
}
when SERVERSSL_HANDSHAKE {
log local0. "[IP::client_addr]:[TCP::client_port]"
}
}
client
[root@centos1 ~] ab -n 10 https://172.28.24.10/
/var/log/ltm
[root@ve11a:Active:In Sync] config tail -f /var/log/ltm
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50485
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50485
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule SERVER_CONNECTED: 172.28.24.1:50485
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule SERVERSSL_HANDSHAKE: 172.28.24.1:50485
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50486
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50486
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule SERVER_CONNECTED: 172.28.24.1:50486
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule SERVERSSL_HANDSHAKE: 172.28.24.1:50486
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50487
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50487
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50488
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50488
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50489
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50489
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50490
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50490
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50491
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50491
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50492
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50492
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50493
Feb 3 15:18:43 ve11a info tmm[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50493
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENT_ACCEPTED: 172.28.24.1:50494
Feb 3 15:18:43 ve11a info tmm1[13662]: Rule /Common/myrule CLIENTSSL_HANDSHAKE: 172.28.24.1:50494