beautypg.com

Brocade Virtual ADX Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual

Page 316

background image

300

Brocade Virtual ADX Server Load Balancing Guide

53-1003247-01

Setting up SSL session ID switching

5

FIGURE 34

How the Brocade Virtual ADX uses an SSL Session ID to Select a Real Server

Figure 34

illustrates the following process.

1. The first time a client attempts to establish an SSL connection to the server, there is no history

of a previous SSL session, so the session_id field in the client_hello message it sends to the
server is empty.

2. The server (in this example, real server rs10) sees that the session_id field in the client_hello

message is empty, indicating the client wants to establish a new SSL session. The server
responds to the client with a server_hello message that contains a session_id field with a
non-zero value.

3. The Brocade Virtual ADX examines the value in the session_id field sent by the server. The

Brocade Virtual ADX adds this value to an internal database, associating it with the real server
that sent it. This association between the session_id value and the real server resides in the
Brocade Virtual ADX’s database for a user-specified amount of time (default 30 minutes), after
which it is aged out. In this example, the Brocade Virtual ADX would map the value in the
session_id field to real server rs10.

4. When the client resumes the SSL connection to the server, it sends a client_hello message

containing the session_id value sent by the server.

5. The Brocade Virtual ADX examines the value in the session_id field sent by the client and looks

it up in its internal database.

6. If the value in the session_id field maps to a real server, the Brocade Virtual ADX initiates a TCP

connection to the server and passes the client_hello message to it. The Brocade Virtual ADX
forwards subsequent packets between the client and server with modifications to the IP and
TCP header for sequence number, acknowledgment number, and checksum adjustment.

2

1

3

4

5

6

Client

Internet

Remote Access
Router

Real Server rs10
209.157.22.10

Real Server rs20
209.157.22.20

Client sends initial client_hello message
with empty session_id

When client wants to resume session, it
sends a client_hello message containing
the session_id it received from the server

Brocade Virtual ADX stores session_id value
in an internal database that maps
session_id values to real servers

Brocade Virtual ADX looks up session_id
value in its internal database,
sees that this session_id value
maps to real server rs10

Brocade Virtual ADX passes client_hello
message to real server rs10

Real server rs10 responds with
server_hello message containing
non-zero session_id

See also other documents in the category Brocade Computer Accessories: