LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

FW: SSL Persistent Connections

To: "lvs-users@LinuxVirtualServer. org" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: FW: SSL Persistent Connections
From: "Ryan Clark" <ryan.clark@xxxxxxxxxxxxxxxxx>
Date: Wed, 28 Aug 2002 08:01:31 -0700
-----Original Message-----
From: Ryan Clark [mailto:ryan.clark@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 27, 2002 1:58 PM
To: Joseph Mack
Subject: RE: SSL Persistent Connections


Good to know.

Erm, it seems that the SSL is only hitting the 1st realserver.  What
connection types are ideal for the SSL persistent connections?

Ryan.

-----Original Message-----
From: mack@xxxxxxxxxxxxxxxxxxx [mailto:mack@xxxxxxxxxxxxxxxxxxx]On
Behalf Of Joseph Mack
Sent: Tuesday, August 27, 2002 1:35 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx; ryan.clark@xxxxxxxxxxxxxxxxx
Subject: Re: SSL Persistent Connections


Ryan Clark wrote:
>
> Thanks Joe!
>
> It worked,

hooray!

> I need to do the "ipvsadm -a -t $VIP -r realserver_name -m -w 1"
> command as well, but system is working now.

you'll definitely need that.

> How long till you plan to release the new version of the configure-lvs?

Not real soon I'm afraid. It's working but minimally tested and
documentation
is partial. I would guess that puts me with another month full time.
Unfortunately I've been hit with a deluge of paperwork at work and I don't
see the end of it.

Fortunately I got the framework done and I can put it aside without fear of
losing it
all.

Last time I tried any big changes, I started putting in code to
automatically
generate ipchains/iptables filter rules for every packet
the LVS expected (and dropping all other packets). This required a lot of
testing,
the results of which I found best kept in my head. One false move
and you're locked out of your machine.
Then a deluge of work came along and the  results of my testing vaporised.
By the time I got back to the script, other things were more important, and
I just turned off all that code with a switch. It's still in there waiting
to be resusitated (that was 2yrs ago).

The new stuff I just wrote is far enough advanced that this same fate
doesn't
await this code.

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA



<Prev in Thread] Current Thread [Next in Thread>