This section discusses about the TLS persistence and its configuration.

The TLS mode of persistence can be applied to any virtual service configured to terminate HTTPS. With this persistence method, the Avi Load Balancer embeds the client-to-server mapping in the TLS ticket ID sent to the client. It is similar to how HTTP cookies behave. The data is embedded in an encrypted format that a SE can read if a client reconnects to a different SE.

Note:

This persistence method is often confused for an older, broken method of persistence called SSL Session ID. While both are used for secure connections, these methods are unrelated.

See also Overview of Server Persistence for descriptions of other persistence methods and options.

Persist Table

The TLS ticket ID is automatically mirrored to all Service Engines supporting the virtual service, regardless of this persistence mode. If this persistence is enabled, it adds no additional overhead to the SEs or the automated TLS ticket mirroring.

As with any SSL/TLS concurrency, additional memory is beneficial for increasing the maximum size of concurrent connections and, therefore, TLS persistence mappings.

Configuration Options

  • Name: A unique name for the persistence profile.

  • Description: An optional, custom description for the profile.

  • Type: TLS. Changing the type will change the profile to another persistence method.

  • Select New Server When Persistent Server Down: If a server is marked DOWN, such as by a health monitor or when it has reached a connection limit, should existing persisted users continue to be sent to the server or load balanced to a new server?

    • Immediate: Avi Load Balancer will immediately select a new server to replace the one marked DOWN and switch the persistence entry to the new server.

    • Never: No replacement server will be selected. Persistent entries will be required to expire normally based on the persistence type.