Re: SSL questions

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: SSL questions
From: "Chad Morland" <cmorland@xxxxxxxxx>
Date: Tue, 30 May 2006 16:22:27 -0400
On 5/30/06, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:

> To save some time repeating myself, have you read the
> section in the HOWTO on SSL accelarators with LVS?

After going through the lengthy section on SSL, I still have a a question
regarding IP management.

As far as I can tell the following will not work because of the nature of
SSL and the fact that LVS-DR does not modify the packets.

TCP rr
 ->           Route   1      0          0
TCP rr
 ->           Route   1      0          0

So, if I am using a LVS-DR setup am I correct in assuming that I need to
have 1 VIP for every certificate in addition to 1 RIP per certificate on
each real server?

(RIP=(certificates x servers)) + (VIP=(1x certificates)) = total # of IP
addresses needed

So to take my example of 50 certificates with 20 real servers...

(RIP=(50x20)) + (VIP=(1x50)) = 1050?!?!!

I will need 1000+ IP addresses in order to support 50 certificates?  Please
set me straight because this doesn't seem right to me.


<Prev in Thread] Current Thread [Next in Thread>