|
On 2002-02-11T13:46:51,
Henrik Rossner <lvs@xxxxxxxxxxxxxxxxx> said:
> we plan to substitute a commercial product with FreeS/WAN
> (www.freeswan.org) under Linux . As we expect high traffic rates
> (100MBit wirespeed, in the future even 5 times more) we thought about
> building a cluster. Using LVS seems to be a good choice.
> As the commercial product is very expensive, we can afford a number of
> quite nice Servers (we think about Dell Power Edge 1550, 1Gig Ram).
You cannot load-balance the same IPSec session to multiple end points; so the
basic question is whether you expect to have many "low bandwidth" connections
(ie each of them could be handled by a single node) or few "high bandwidth"
ones. The second one might not adapt too well to being load balanced.
Second, LVS doesn't do load balancing of non-UDP/TCP protocols right now; and
if my memory doesn't fail me, IPSec is such a protocol. It might be reasonably
(?) easy to extend LVS to do this though.
But I am pretty sure ratz will be the person for you to talk to; he is the
resident security expert ;-)
Sincerely,
Lars Marowsky-Brée <lmb@xxxxxxx>
--
Perfection is our goal, excellence will be tolerated. -- J. Yahl
|
