ltm persistence ssl
ltm persistence ssl(1) BIG-IP TMSH Manual ltm persistence ssl(1)
NAME
ssl - Configures a Secure Socket Layer (SSL) persistence profile.
MODULE
ltm persistence
SYNTAX
Configure the ssl component within the ltm persistence module using the
syntax in the following sections.
MODIFY
create ssl [name]
modify ssl [name]
options:
all
app-service [[string] | none]
defaults-from [name]
description [string]
match-across-pools [ enabled | disabled]
match-across-services [enabled | disabled]
match-across-virtuals [enabled | disabled]
mirror [enabled | disabled]
override-connection-limit [enabled | disabled]
timeout [integer]
edit ssl [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
mv ssl [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
options:
to-folder
DISPLAY
list ssl
list ssl [ [ [name] | [glob] | [regex] ] ... ]
show running-config ssl
show running-config ssl [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
non-default-properties
one-line
partition
DELETE
delete ssl [name]
options:
all
DESCRIPTION
You can use the ssl component to configure a destination address
affinity persistence profile for the BIG-IP(r) system. SSL persistence
is a type of persistence that tracks non-terminated SSL sessions, using
the SSL session ID. Even when the client's IP address changes, the
system still recognizes the connection as being persistent based on the
session ID. Note that the term, non-terminated SSL sessions, refers to
sessions in which the system does not perform the tasks of SSL
certificate authentication and encryption/re-encryption.
A persistence profile is a profile that enables persistence when you
assign the profile to a virtual server. Using a persistence profile
means that you do not have to write an iRule to implement a type of
persistence. You can either use the default profile, or create a custom
profile based on the default.
EXAMPLES
list ssl
Displays all SSL persistence profiles.
create ssl ssl_persistence defaults-from ssl
Creates a custom SSL persistence profile named ssl_persistence that
inherits its settings from the default SSL persistence profile.
mv ssl /Common/my_ssl_profile to-folder /Common/my_folder
Moves a custom SSL persistence profile named my_ssl_profile to a folder
named my_folder, where my_folder has already been created and exists
within /Common.
OPTIONS
app-service
Specifies the name of the application service to which the profile
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the profile. Only the application
service can modify or delete the profile.
defaults-from
Specifies the existing profile from which the system imports
settings for the new profile. The default value is ssl, the system
default cookie persistence profile.
description
User defined description.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
match-across-pools
Specifies, when enabled, that the system can use any pool that
contains this persistence record. The default value is disabled.
match-across-services
Specifies, when enabled, that all persistent connections from a
client IP address, which go to the same virtual IP address, also
go to the same node. The default value is disabled.
match-across-virtuals
Specifies, when enabled, that all persistent connections from the
same client IP address go to the same node. The default value is
disabled.
mirror
Specifies whether the system mirrors persistence records to the
high-availability peer. The default value is disabled.
name Specifies a unique name for the component. This option is required
for the commands create, delete, and modify.
override-connection-limit
Specifies, when enabled, that the pool member connection limits
are not enforced for persisted clients. Per-virtual connection
limits remain hard limits and are not disabled. The default value
is disabled.
partition
Displays the administrative partition within which the component
resides.
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
timeout
Specifies the duration of the persistence entries. The default
value is 300 seconds.
to-folder
ssl persistence profiles can be moved to any folder under /Common,
but configuration dependencies may restrict moving the profile out
of /Common.
SEE ALSO
create, delete, edit, glob, list, ltm virtual, modify, mv, regex, show,
tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012. All rights
reserved.
BIG-IP 2014-01-14 ltm persistence ssl(1)