Dirk Vleugels wrote:
> > Look at http://www.modssl.org/docs/2.4/ssl_faq.html
> > "Why can't I use SSL with name-based/non-IP-based virtual hosts?"
>
> Yes. With LVS-NAT this would be no problem (targeting different
> ports on the RS's). But with direct routing i need different virtual IP's
> on the RS. The qustion: will the return traffic use the VIP-IP by
> default?
Do you mean, if you send a packet to VIP1 in VS-DR, will it return with
src_addr=VIP1, and if I send another packet to VIP2, will it return with
src_addr=VIP2? The answer has to be yes, as a multi-VIP LVS wouldn't work
otherwise.
> Otherwise the client will notice the mismatch during the SSL
handshake.
the client would send a tcpip reset if the IP's didn't match.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|