LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: cookie persistence

To: Horms <horms@xxxxxxxxxxxx>
Subject: Re: cookie persistence
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: John Casu <casuj@xxxxxxxxxxx>
Date: Fri, 06 Oct 2000 11:46:23 -0700
Horms wrote:
> 
> On Thu, Oct 05, 2000 at 08:52:49AM -0700, Wayne wrote:
> > LVS as is does not have the problem.  Since
> > LVS is based on <sip,sport; vip,vport; rip, rport>
> > which is not change between HTTP and HTTPS
> > requests, so it works fine.  However, any other
> > ones, like Cisco or Arrowpoint, unless they add
> > SSL terminator (which is not cheap and is not
> > very effecient), will not be able to take the
> > advantage of cookie persistent.
> >
> > F5 sales a version with SSL termination with
> > ADDITIONAL $6000 charge and only can
> > handle up to 120 transaction/s, based on their
> > SSL terminator supplier (Rainbow Technology).
> > At the mean time, LVS can handle 100,000
> > transactions/s, by sharing the load on many
> > HTTPS servers.
> 
> I havn't had much experience with SSL accelerators,
> but for a $6000 price tag, given the litte I know
> you should be able to get an accelerator that can do
> several 1000 connections/s. That is asside from
> weather or not you want to go down that path.
> 
> John Casu: Do you have anything to add to this?
> 

The CryptoSwift cards from Rainbow offer between 
200 and 600 rsa1024 signs/sec, depending on the 
model.   The list price for these cards is between
$6000 and $12000, again depending on the model.
Volume pricing will obviously be more aggressive.

On a 500Mhz Pentium III processor, you can do 80 signs/sec 
in software (that's openSSL with hand optimized assembler, 
but no MMX/SSI instructions).  


john c.

-- 
"But I don't feel afraid.
 As long as I gaze on Waterloo Sunset,
 I am in paradise."   -- Waterloo Sunset, The Kinks


<Prev in Thread] Current Thread [Next in Thread>