LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: lvs and sonicwall ssl rx ssl offloader

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: lvs and sonicwall ssl rx ssl offloader
From: Mack.Joseph@xxxxxxxxxxxxxxx
Date: Tue, 01 Mar 2005 14:32:29 -0500
Joseph Mack PhD, High Performance Computing & Scientific Visualisation
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.john@xxxxxxx

lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx wrote on 03/01/2005 01:16:43
PM:

> Hello,
>
> I am kinda new to lvs and need to see if there is a way
> for lvs to help me. I am working in an enviroment where
> we need to utilize sonicwall ssl rx ssl offloaders.

We haven't had a lot of experience with LVS and SSL accelerators.
However with what little we've had (see the HOWTO) the conclusion
is that there's no point in having them, ie it's best to have
the SSL decryption done directly on the realservers.
Now with the little experience we've had, I'm not going
to be surprised if someone finds that this is not true,
but I thought you should know the current state of our knowledge.


> There is also a one arm'ed trasparent proxy mode.
> This is the mode that needs to be used to remove
> any single point of failer.  In this configuration
> encrypted data hits the load balnacer witch passes
> it to the sonic wall then the sonic wall
> send the plain text data to a ip port specified in the
> proxy setup. I find it very easy to understand
> how to load balance the incoming trafic
> the problem becomes the return trip and how to have the
> load balancer keep route state for witch sonic
> wall to pass the data back to?

The SSL accelarator is between the director and the realservers?
Is there a one-to-one mapping of accelarator to server? I don't
understand
why you can't have the default route of the realserver be the
accelarator.

Joe


<Prev in Thread] Current Thread [Next in Thread>