Matthias/Joe,
Sounds like this test ssl accelerator setup spoken of
below is for https/http correct? I mean Apache is
involved (all of which is fine). Keep in mind major
SSL Accelerators support other protocols than web,
though probably a lot of people use them just for web.
Anyway smtps, imaps, pops are also SSL based
protocols too, however the less expensive SSL
Accelerator card and units only support https.
Peter
--- Matthias Krauss <MKrauss@xxxxxxxxxxxxxx> wrote:
> Joe wrote:
>
> >what was your setup? accelarator box in front of
> the LVS (as below)?
>
> I had 2 different test scenarios, 1st was apache
> directly on the director
> (running DR), were only the director answered the
> ssl request and nothing
> gots passed to the realservers, since this was only
> a quick test were i'd
> like
> to see accleration i quickly jumped to a seperate
> host running apache, on
> this
> host i addressed the VIP/realservers.
>
> >were you running localnode?, or were you hoping to
> decrypt the packets
> >on the director and then pass the decrypted
> >packets to the realserver via the LVS?
>
> I hoped to decrypt the packets on the director and
> then pass the decrypted
> packets to the realserver via the LVS
>
> >you are using an SSL accelerator box in front of
> the director?
>
> Yes, this i did on my 2nd try were i had success,
> but i cant say
> anyhing about performance, i've simulated ~~ 10
> concurrent requests and
> downloads of about 3 GB via the ssl acclerator,
> apache's cpu time went
> up to 30% on a 1 Ghz / 512 MB host.
>
> Thanks
> Matthias
>
>
> -----Ursprüngliche Nachricht-----
> Von: Joseph Mack [mailto:mack.joseph@xxxxxxx]
> Gesendet: Montag, 10. März 2003 17:46
> An: Matthias Krauss;
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx; Julian Anastasov
> Cc: 'peterbaitz@xxxxxxxxx'; 'Joseph Mack'
> Betreff: Re: AW: SSL accelarators and LVS by Peter
> Baitz
>
>
> Matthias Krauss wrote:
>
> hope you don't mind, I'm cc:'ing the mailing list.
>
> > I was working on this and got this successfully to
> run,
>
> what was your setup? accelarator box in front of the
> LVS (as below)?
>
> > at the end i was not able to use a apache server
> on the director
> > directly
>
> were you running localnode?, or were you hoping to
> decrypt the packets
> on the director and then pass the decrypted
> packets to the realserver via the LVS?
>
> Julian,
> Should you be able to send packets for the VIP to
> an
> SSL accelarator card on the director, before the LVS
> gets them?
>
>
> > because i had the prob that the director takes
> > over the responsibiliy of the incomming ssl query
> and didnt passed
> > it to the VIP and hanled this by himself, i asked
> for this ones in
> > the mailing list but didnt got a answer and i
> didnt continue there
> > but i'm sure that this is also possible with a
> litle RTNM,
> > so i used a seperate host who is doing en and
> decryption and pass
> > the decrypted http packets over to the VIP.
>
> you are using an SSL accelerator box in front of the
> director?
>
>
> > i was watching this with tcpdump and noticed that
> from the ssl rewrite
> > engine over to the VIP was regular http traffic
> and also back, the
> > client self didnt noticed that.
>
> Thanks Joe
http://www.in-addr.de/mailman/listinfo/lvs-users
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
|