LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: How to handle SSL traffic

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: How to handle SSL traffic
From: Horms <horms@xxxxxxxxxxxx>
Date: Sun, 19 Oct 2003 14:43:15 +0900
On Wed, Oct 15, 2003 at 02:43:26PM -0700, pb wrote:
> Kenton,
> 
> Where I work we use Piranha (Red Hat's spin of LVS)
> and regarding SSL, we let the real servers do the SSL
> work. 
> 
> No sense busying the LB with processing the SSL, and
> even if you wanted to, you would look to SSL
> Accelerators, which we have not implemented, though we
> looked at the technology theoretically speaking - but
> you also get into what service(s) you are using SSL
> for, webmail, web sites, etc.  
> 
> Better to let the real servers handle the SSL... you
> can always add more real servers if SSL processing
> bogs them down by some fraction.   

I agree. And arguments that I have heard to the contrary
are usually tedious at best. SSL is probably the
most expensive thing that your cluster needs to do.
Thus disributing amongst the real servers makes the most sense
as you can scale that by just adding new machines.

-- 
Horms
<Prev in Thread] Current Thread [Next in Thread>