|
<jsc3@xxxxxxx>
> > There was some rumours of Intel doing drivers for the
> secure versions of
> > the eepro100 chips (which I think some PowerEdges support), but they
> > certainly never released it. Checkout the FreeS/WAN website for more
> > details on what hardware is supported.=20
>
> Broadcom was also talking about Linux support for some of their
> IPsec and SSL accelerator products, but I don't know if that ever
> materialized.
I heard quite a lot of talk about freeswan integrating IPsec hardware
support, but it seemed to dematerialize like pizza around teenagers once
talk of KLIPS2/new design of freeswan started coming out. However that
doesn't mean some enterprising soul hasn't finished the implementation; you
should query the freeswan developer mailing list to find that answer.
<Lars>
> You cannot load-balance the same IPSec session to multiple
> end points; so the
> basic question is whether you expect to have many "low
> bandwidth" connections
> (ie each of them could be handled by a single node) or few
> "high bandwidth"
> ones. The second one might not adapt too well to being load balanced.
>
> Second, LVS doesn't do load balancing of non-UDP/TCP
> protocols right now; and
> if my memory doesn't fail me, IPSec is such a protocol. It
> might be reasonably
> (?) easy to extend LVS to do this though.
IPsec initiates a connection over UDP:500, and from there passes to IPsec
protocols. Therefore theoretically LVS-DR topology should support IPsec
connections. Hmm well I haven't heard of anyone actually testing such a
thing before though >:)
It sounds like a fun project! Good luck with it, let us know the result.
Peter
|
