LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: FreeS/WAN Cluster - any experiences?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: FreeS/WAN Cluster - any experiences?
From: Wayne <wayne@xxxxxxxxxxxxxxx>
Date: Mon, 11 Feb 2002 11:57:53 -0800
If LVS can support that, it will allow LVS to have cookie persistent.
Actually, with CPU speed so fast these days, LVS could even do 
SSL termination in software only.

At 01:30 PM 2/11/2002 -0600, you wrote:
>Broadcom has fully open-sourced GPL drivers for their Broadcom 5820. 
>Broadcom-list@xxxxxxxxxx for more details. Driver is included in the RH7.2
>kernel SRPM. This does hardware acceleration for OpenSSL at the moment, I'm
>not aware of the status of IPSEC support.
>--
>Michael
>
>-----Original Message-----
>From: jsc3@xxxxxxx [mailto:jsc3@xxxxxxx]
>Sent: Monday, February 11, 2002 12:11 PM
>To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>Subject: Re: FreeS/WAN Cluster - any experiences?
>
>
>> On Mon, Feb 11, 2002 at 01:46:51PM +0100, Henrik Rossner mentioned:
>> > we plan to substitute a commercial product with FreeS/WAN=20
>> > (www.freeswan.org) under Linux . As we expect high traffic rates=20
>> > (100MBit wirespeed, in the future even 5 times more) we thought about=20
>> > building a cluster. Using LVS seems to be a good choice.
>> > As the commercial product is very expensive, we can afford a number of
>> > quite nice Servers (we think about Dell Power Edge 1550, 1Gig Ram).
>> 
>>  Your main bottleneck will be in the amount of data that your average CPU
>> can {de,en}crypt. Something like a 2Ghz chip should be able to encrypt a
>> little over a megabyte a second, with a good tail wind. You would be
>> better advised to use one box, with hardware FreeS/Wan acceleration
>> instead.=20
>> 
>>  There was some rumours of Intel doing drivers for the secure versions of
>> the eepro100 chips (which I think some PowerEdges support), but they
>> certainly never released it. Checkout the FreeS/WAN website for more
>> details on what hardware is supported.=20
>
>Broadcom was also talking about Linux support for some of their
>IPsec and SSL accelerator products, but I don't know if that ever
>materialized.
>
>-- 
>John Cronin
>mailto: `echo NjsOc3@xxxxxxxxxxx | sed 's/[NOSPAM]//g'`
>
>_______________________________________________
>LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
>_______________________________________________
>LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>or go to http://www.in-addr.de/mailman/listinfo/lvs-users



<Prev in Thread] Current Thread [Next in Thread>