|
Dan Browning wrote:
>
> Wow. Thank you so much for the feedback.
>
> > First of all, cookie persistent is not solving the problem of
> > AOL using proxy servers, unless you have SSL termination.
>
> Intel has a SSL termination network appliance for $10,000 that does 200 TPS.
> I could either use this for the front end SSL decoding, or I heard that some
> HTTP proxies can do that. Does anyone have any information on HTTP proxies
> that decode SSL (HTTPS) into clear text (HTTP)? I think that I heard Squid
> with some SSL modules loaded has something of that functionality.
Squid's SSL proxying stuff is strictly CVS stuff. It likely won't be in
release until 2.5 or even 3.0 of Squid STABLE. (2.4 is nearing STABLE
status and it's not one of the things on the list to be merged.)
http://netizen.com.au/~benno/
Is Benno's website about it. (Benno wrote it.) And the CVS branch for
it is 'ssl'.
> > I do not think $30k load balancer has SSL termination built-in.
> > If they do, check the spec, it probably about 100 transaction/s.
> > If you think that is all you need for SSL, you could have a
> > medium size server and do not need load balancer at all :)
>
> The Intel E-Commerce Director (taken from iPivot, or something) does in fact
> have SSL termination built-in. And it's 600 transactions/sec. That's new
> transactions. It can handle 3000 transactions/sec of established
> connections.
Squid will not do anywhere near that. I wouldn't shoot for more than
50-75 per box (and that's big boxes). Without the SSL stuff, it can do
150-200 reqs/sec (when severely tuned for performance on big hardware
(i.e. 512MB RAM, 800MHz CPU, and dual+ 10000RPM disks). We're working
on the performance of Squid in general now, which the SSL stuff will be
the benefactor of once we've freed up a lot of CPU usage from Squid's
general use case.
Just thought I'd chime in on issues I know a little about. ;-)
--
Joe Cooper <joe@xxxxxxxxxxxxx>
Affordable Web Caching Proxy Appliances
http://www.swelltech.com
|
