101 · Question #571

101 Question #571: Real Exam Question with Answer & Explanation

The correct answer is A: SSL session ID persistence. When HTTPS traffic traverses a load balancer without SSL decryption, SSL session ID persistence is the F5-recommended method because it uses data visible in the unencrypted SSL handshake.

Section 3: Load Balancing and High Availability Basics

Question

HTTPS traffic is being passed from behind a NAT router, through a load balancer, to servers without being decrypted. What is the F5-recommended persistence method in this situation?

Options

ASSL session ID persistence
Bsource address persistence
CSIP persistence
Ddestination address persistence

Explanation

When HTTPS traffic traverses a load balancer without SSL decryption, SSL session ID persistence is the F5-recommended method because it uses data visible in the unencrypted SSL handshake.

Common mistakes.

B. Source address persistence is unreliable behind a NAT router because multiple clients share the same external IP address, causing all clients from that network to be incorrectly directed to a single server.
C. SIP persistence is designed for Session Initiation Protocol traffic used in VoIP applications, not for HTTPS web traffic.
D. Destination address persistence routes traffic based on the destination IP address, which does not maintain client-to-server affinity across a pool of backend servers.

Concept tested. F5 BIG-IP SSL passthrough persistence configuration

Reference. https://support.f5.com/csp/article/K7911

Topics

#SSL persistence#NAT#load balancing#HTTPS

Community Discussion

No community discussion yet for this question.

Full 101 Practice