Load Balancing with BigIP / SSL question

Report · Apr 26, 2006

I have an oddball question. We're load balancing ColdFusion MX7 across 3 servers using a BigIP load balancing server. We decided to go the hardware approach and it has been great except for one small configuration issue.

We use a mix of SSL and non SSL pages, prior to the switch from a single server to a load balanced setup I used to script that would determine if a page that was supposed to be SSL had the variable CGI.HTTPS turned on or off. If it was off, the page would redirect back to itself with the SSL turned on.

The problem we have is that we followed BigIP's instruction to secure the load balancing hardware instead of the three servers running behind it. So what happens is that the traffic goes to the load balancer port 441, but then the calls from the load balancer to the individual servers is port 80. So even if a page is called as HTTPS://... the coldfusion server says that CGI.HTTPS is "off" since the traffic is port 80.

This isn't much of a problem, our SSL pages are linked as HTTPS:// and the only problem would actually arise if someone was to type in the URL and call it as HTTP rather than HTTPS.

My questions is this, does anyone know of a way that I can detect if the page should be HTTPS and is not without changing our configuration and putting SSL certificates on each individual server?

Report · Jul 26, 2007

HiH,

Have you found a solution to your problem?

I am very interested in how your Big IP solution has been working for you. Currently we have 300+ sites, 150 with SSL, all running off of six seperate servers no loadbalancing. We want to move to a hardware load balanced solution and place up to 300 sites on 3 servers all using SSL.

Are you still using the BigIp loadbalancer?

Thanks,

Report · Jul 26, 2007

Hey,
Well the load balancing with the BigIP device is really very amazing. I think what i liked most was swapping out servers when their lease was up, through the BigIP manager I just stopped all traffic to a server, shut it down, plugged in the new one and turned traffic back on. It was really very easy.

The SSL stuff still gives me a headache to think about. but I should mention I no longer work where I was, plus now I'm all .net C# but that's a different story.

I think if I was going to do this all again I would not have secured the bigIP unit. It was nice to buy one SSL cert for all the servers I attached rather than one per server, but getting the SSL sites to work properly was a headache. We also use windows file replication where now I would go with like a pair of Dell MD1000's mirrored for storage and just have tons of ram and cpu on the front end units. Depends what you want to spend I guess. I think the bigIP unit we bought was like 20 grand, i think they are cheaper now though.

Hope I helped.

Report · Jul 26, 2007

Hey,
Well the load balancing with the BigIP device is really very amazing. I think
what i liked most was swapping out servers when their lease was up, through the
BigIP manager I just stopped all traffic to a server, shut it down, plugged in
the new one and turned traffic back on. It was really very easy.

The SSL stuff still gives me a headache to think about. but I should mention I
no longer work where I was, plus now I'm all .net C# but that's a different
story.

I think if I was going to do this all again I would not have secured the bigIP
unit. It was nice to buy one SSL cert for all the servers I attached rather
than one per server, but getting the SSL sites to work properly was a headache.
We also use windows file replication where now I would go with like a pair of
Dell MD1000's mirrored for storage and just have tons of ram and cpu on the
front end units. Depends what you want to spend I guess. I think the bigIP unit
we bought was like 20 grand, i think they are cheaper now though.

Hope I helped.

Adobe Community

Load Balancing with BigIP / SSL question