Question

Session Affinity options

Hi PSC Community,

This is regarding the F5 load balancer setup.As per our network team F5 does not support cookie based session affinity without terminating SSL at load balancer. This will introduce bandwidth issues at F5 as SSL termination will consume F5 bandwidth. So we have below options:

1. Terminate SSL at F5 and then re-encrypt data before sending it to the worker node.

2. Make F5 pass through from SSL point of view but that does not support cookie based authentication. So we would have to implement source IP based session affinity. As per Pega documentation Pega does not support any other session affinity apart from cookies, so will this implementation even work.

Looking out for inputs/experiences from PSC community based on their implementations of F5 load balancer.

Comments

Keep up to date on this post and subscribe to comments

September 19, 2019 - 7:55am

From what I know, option 1 is the way for almost all Pega clients that I come across. With option 2, you are right that Pega only supports cookie based persistence. You would have to know exactly what you are doing to go with the option 2 at your own risk (I recall there was only one client using that to be consistent with its own internal infrastructure using source ip based session affinity with quite a few issues at the time). Even that certain Pega features may not work (e.g., HA feature) well. Hope this helps!