Prior to version 30.2.1, if the virtual service (that are GSLB pool members) have both SSL and non-SSL service ports, then the HTTP-to-HTTPS-Redirect knob must be enabled in the application profile attached to the virtual service. Starting with version 30.2.1, it is not necessary to enable the HTTP-to-HTTPS-Redirect knob for GSLB site cookie persistence to work.
SP Flow Compatibility
SP flow works for all the combinations of SSL and non-SSL ports if all the ports are either HTTP/1 or HTTP/2. When both HTTP/1 and HTTP/2 are configured together, the below scenario is an exceptional case where SP flow does not work.
Consider that GSLB service has GSLB pool members where GSLB pool member1 is Virtual Service-1 on site-1 and GSLB pool member2 is Virtual Service-2 from site-2, each having two non-SSL service ports on 80 and 81. In this case, SP flow works only when HTTP/2 is either enabled or disabled on both the service ports and it does not work when HTTP/2 is enabled on one service port but disabled on the other. For more details, see the table below:
Multi Non-SSL ports |
Virtual Service-1 |
Virtual Service-2 |
Site Persistence Status |
||
|---|---|---|---|---|---|
Service Port-1 |
Service Port-2 |
Service Port-1 |
Service Port-2 |
||
Port |
80 |
81 |
80 |
81 |
When both the ports are non-SSL enabled and HTTP2 values are different, SP works with HTTP1 requests on port 80 but fails with HTTP2 requests on port 81. SP status: OPER_DOWN |
SSL |
false |
false |
false |
false |
|
HTTP/2 |
false |
true |
false |
true |
|
Ports 80 and 81 are for example. Any non-SSL ports (standard or non standard) would have the same behavior.
As shown in the case above, SP flow does not work on multiple non-SSL ports when HTTP/2 is enabled on one service port but disabled on the other. These scenarios are supported only when all the ports are either SSL or a combination of SSL and non-SSL ports.
When virtual service is configured with multiple ports (more than two ports) and if two of all ports are non-SSL ports, then the HTTP/2 settings of all the non-SSL ports must be the same.
Recommendation
It is recommended to configure multiple health monitors on GSLB service to monitor all ports. If the virtual service has multiple service ports, the user must configure different health monitors to monitor each port. For instance, if the virtual service has ports 80 and 443, the user must configure a health monitor in the GSLB service to monitor port 80 and another health monitor to monitor port 443 respectively.
