ltm persistence ssl
ltm persistence ssl(1) BIG-IP TMSH Manual ltm persistence ssl(1)
NAME
ssl - Configures a Secure Socket Layer (SSL) persistence profile.
MODULE
ltm persistence
SYNTAX
Configure the ssl component within the ltm persistence module using the syntax in the following sections.
MODIFY
create ssl [name]
modify ssl [name]
options:
all
app-service [[string] | none]
defaults-from [name]
description [string]
match-across-pools [ enabled | disabled]
match-across-services [enabled | disabled]
match-across-virtuals [enabled | disabled]
mirror [enabled | disabled]
override-connection-limit [enabled | disabled]
timeout [integer]
edit ssl [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
mv ssl [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
options:
to-folder
DISPLAY
list ssl
list ssl [ [ [name] | [glob] | [regex] ] ... ]
show running-config ssl
show running-config ssl [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
non-default-properties
one-line
partition
DELETE
delete ssl [name]
options:
all
DESCRIPTION
You can use the ssl component to configure a destination address affinity persistence profile for the BIG-IP(r) system. SSL
persistence is a type of persistence that tracks non-terminated SSL sessions, using the SSL session ID. Even when the
client's IP address changes, the system still recognizes the connection as being persistent based on the session ID. Note
that the term, non-terminated SSL sessions, refers to sessions in which the system does not perform the tasks of SSL
certificate authentication and encryption/re-encryption.
A persistence profile is a profile that enables persistence when you assign the profile to a virtual server. Using a
persistence profile means that you do not have to write an iRule to implement a type of persistence. You can either use the
default profile, or create a custom profile based on the default.
EXAMPLES
list ssl
Displays all SSL persistence profiles.
create ssl ssl_persistence defaults-from ssl
Creates a custom SSL persistence profile named ssl_persistence that inherits its settings from the default SSL persistence
profile.
mv ssl /Common/my_ssl_profile to-folder /Common/my_folder
Moves a custom SSL persistence profile named my_ssl_profile to a folder named my_folder, where my_folder has already been
created and exists within /Common.
OPTIONS
app-service
Specifies the name of the application service to which the profile belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
profile. Only the application service can modify or delete the profile.
defaults-from
Specifies the existing profile from which the system imports settings for the new profile. The default value is ssl,
the system default cookie persistence profile.
description
User defined description.
glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.
match-across-pools
Specifies, when enabled, that the system can use any pool that contains this persistence record. The default value is
disabled.
match-across-services
Specifies, when enabled, that all persistent connections from a client IP address, which go to the same virtual IP
address, also go to the same node. The default value is disabled.
match-across-virtuals
Specifies, when enabled, that all persistent connections from the same client IP address go to the same node. The
default value is disabled.
mirror
Specifies whether the system mirrors persistence records to the high-availability peer. The default value is disabled.
name Specifies a unique name for the component. This option is required for the commands create, delete, and modify.
override-connection-limit
Specifies, when enabled, that the pool member connection limits are not enforced for persisted clients. Per-virtual
connection limits remain hard limits and are not disabled. The default value is disabled.
partition
Displays the administrative partition within which the component resides.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
expression syntax.
timeout
Specifies the duration of the persistence entries. The default value is 300 seconds.
to-folder
ssl persistence profiles can be moved to any folder under /Common, but configuration dependencies may restrict moving
the profile out of /Common.
SEE ALSO
create, delete, edit, glob, list, ltm virtual, modify, mv, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012. All rights reserved.
BIG-IP 2014-01-14 ltm persistence ssl(1)