Hi Jimmy,
>Can anyone tell me if the following will work? I know it may defeat the
whole purpose of load balance at layer 4, but I just need something to
simulate >BigIP kinda stuffs.
>
>Client -> SSL -> KTCPVS -> Apache (which terminate SSL by listen 2 virtual
IP) -> Real Servers
KTCPVS operate at layer7. So it consist of a socket pair used to forward
stream between remote client and scheduled realserver. The application
listener is first located to the director which is the connection acceptor.
So if you want to accept SSL connection directly on the KTCPVS box, this
protocol need to be implemented into the KTCPVS code. Currently KTCPVS only
support HTTP listener forwarding stream.
A strict/typic layer7 switching env is : client -> SSL -> KTCPVS ->
Realservers (HTTP protocol) => SSL is handled by director. Adding SSL
support to KTCPVS is adding SSL support into the kernel which is a hard
task.
So in short the setup you describe will not work properly.
>KTCPVS & Apache (with 2 virtual IP) are in the same physical linux box. I
understand that same certificate needs to be used for both virtual IP of
the apache.
hmm.. a SSL certificates in a loadbalancing env must be registered with the
Common Name of the VIP DNS entry... This is the only need...
>Once I add the KTCPVS patch to existing LVS patched kernel source ... then
compile it. Is that mean this new compiled kernel can only do >KTCPVS? Is
it configurable between KTCPVS & LVS? ... without using 2 different kernels
by selecting from LILO?
KTCPVS is a kernel module. So no need to rebuild your kernel simply compile
the KTCPVS modules and load then into the kernel. Currently there is no
communication between LVS & KTCPVS.
This is probably the final goal of Wensong :)
Best regards,
Alexandre
|