Setting up ssl session id switching – Brocade Virtual ADX Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual
Page 314
298
Brocade Virtual ADX Server Load Balancing Guide
53-1003247-01
Setting up SSL session ID switching
5
The fields described in
provide statistics about out-of-sequence (oos) TCP packets.
The number variable specifies the number of database entries. This variable can range from 8,192
to 256,000.
Setting up SSL session ID switching
SSL (Secure Sockets Layer) is a protocol for secure World Wide Web connections. The SSL protocol
protects your confidential information with server authentication, data encryption, and message
integrity. SSL is layered beneath application protocols such as HTTP, Telnet, FTP, Gopher, and NNTP,
and layered above the TCP/IP connection protocol. This structure allows SSL to operate
independently of the Internet application protocols. With SSL implemented on both the client and
server, your Internet communications are transmitted in encrypted form, ensuring privacy.
For SSL to work, all the SSL connections between a client and server must reach the same host.
SSL connections come in sequentially on particular ports; only one is open at a time. However,
each must go to the same server.
SSL Session ID switching is the Brocade Virtual ADX’s ability to connect a client to the same real
server to which it had previously established an SSL (Secure Sockets Layer) connection.
SSL provides security in Web transactions. An SSL connection is initiated when a user clicks a
hyperlink that begins with "https" (for example, https://secure.brocadenet.com). The browser
(client) initiates an SSL connection with the server on TCP port 443, a secure link is negotiated,
and encrypted data is transferred across it.
The SSL Handshake Protocol (SSLHP), one of two component protocols of SSL, negotiates the
connection between the client and server. SSLHP establishes security parameters for an SSL
session, including the SSL version number and the method of data encryption to use. One of the
security parameters set by SSLHP is the SSL Session ID, a variable-length value contained in the
session_id field in SSLHP messages. The SSL Session ID indicates whether the client wants to use
the security parameters established in a previous session or establish a completely new
connection.
To set up SSL session ID switching, perform the following tasks:
1. Configure the real servers for SSL.
2. Configure the virtual server for SSL session ID switching.
3. Adjust the age timer in the Brocade Virtual ADX’s database (optional).
4. Adjust the maximum number of session ID to real server associations that the Brocade Virtual
ADX can store in its internal database (optional).
TABLE 34
Out-of-sequence TCP packets statistics
Field
Description
Total stored oos pkt
The total number of out-of-sequence packets buffered by
the Brocade Virtual ADX.
Total freed oos pkt
The total number of out-of-sequence packets transmitted
by the Brocade Virtual ADX.