Jump to content
Welcome to our new Citrix community!

SSL_BRIDGE type service versus ANY type service


Recommended Posts

Hello, 

 

This might have been answered already here:  https://discussions.citrix.com/topic/376225-ssl_bridge-vs-tcp-passthrough/

 

However, I may have some additional questions.

 

I have a situation where I have to load-balance multiple ports on the same vserver.  So I setup my vserver with type ANY with a listen policy that listens on the service ports I need.  Then I bind multiple services with type ANY to the vserver.  

 

My question is when one of these services is  SSL.  I do not want to do SSL offloading, and I expect when I do type ANY that offloading does not happen.   What I expect is for SSL connections to pass-through to the backend nodes normally.  I'm using source ip persistence.  

 

Is there anything about using lb type ANY that might break SSL as it passes through?

 

Thanks.

Link to comment
Share on other sites

That thread really summarizes the difference in both vyan940 and Paul Blitz' messages. Was about to post it to you until I realized it was the same one you referenced :)

 

SSL_BRIDGE the ADC knows it is SSL-based but will not do ssl-termination.  

ANY is intended when the aDC doesn't need to know the protocol involved and needs to stay out of way such as when load balancing routers/firewalls etc...

 

You can technically use either SSL_BRIDGE or ANY in this scenario, but SSL_BRIDGE will keep you from getting into a feature or setting that *could* cause a conflict.

Ultimately, it comes down to your persistence/monitoring needs and which traffic type meets your requirements  if the ADC needs to know the traffic is in ssl_bridge mode.

 

My recommendation would be to declare it as SSL_BRIDGE if that is what you are doing and only go with ANY if the scenario is more generic than that.

 

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...