LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: SSL questions

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: SSL questions
From: "Chad Morland" <cmorland@xxxxxxxxx>
Date: Tue, 30 May 2006 16:22:27 -0400
On 5/30/06, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:

>
> To save some time repeating myself, have you read the
> section in the HOWTO on SSL accelarators with LVS?



After going through the lengthy section on SSL, I still have a a question
regarding IP management.

As far as I can tell the following will not work because of the nature of
SSL and the fact that LVS-DR does not modify the packets.

TCP  site1.com:443 rr
 -> 192.168.14.170:443           Route   1      0          0
TCP  site2.com:443 rr
 -> 192.168.14.170:443           Route   1      0          0

So, if I am using a LVS-DR setup am I correct in assuming that I need to
have 1 VIP for every certificate in addition to 1 RIP per certificate on
each real server?

(RIP=(certificates x servers)) + (VIP=(1x certificates)) = total # of IP
addresses needed

So to take my example of 50 certificates with 20 real servers...

(RIP=(50x20)) + (VIP=(1x50)) = 1050?!?!!

I will need 1000+ IP addresses in order to support 50 certificates?  Please
set me straight because this doesn't seem right to me.

-CM

<Prev in Thread] Current Thread [Next in Thread>