|
Joe wrote:
>what was your setup? accelarator box in front of the LVS (as below)?
I had 2 different test scenarios, 1st was apache directly on the director
(running DR), were only the director answered the ssl request and nothing
gots passed to the realservers, since this was only a quick test were i'd
like
to see accleration i quickly jumped to a seperate host running apache, on
this
host i addressed the VIP/realservers.
>were you running localnode?, or were you hoping to decrypt the packets
>on the director and then pass the decrypted
>packets to the realserver via the LVS?
I hoped to decrypt the packets on the director and then pass the decrypted
packets to the realserver via the LVS
>you are using an SSL accelerator box in front of the director?
Yes, this i did on my 2nd try were i had success, but i cant say
anyhing about performance, i've simulated ~~ 10 concurrent requests and
downloads of about 3 GB via the ssl acclerator, apache's cpu time went
up to 30% on a 1 Ghz / 512 MB host.
Thanks
Matthias
-----Ursprüngliche Nachricht-----
Von: Joseph Mack [mailto:mack.joseph@xxxxxxx]
Gesendet: Montag, 10. März 2003 17:46
An: Matthias Krauss; lvs-users@xxxxxxxxxxxxxxxxxxxxxx; Julian Anastasov
Cc: 'peterbaitz@xxxxxxxxx'; 'Joseph Mack'
Betreff: Re: AW: SSL accelarators and LVS by Peter Baitz
Matthias Krauss wrote:
hope you don't mind, I'm cc:'ing the mailing list.
> I was working on this and got this successfully to run,
what was your setup? accelarator box in front of the LVS (as below)?
> at the end i was not able to use a apache server on the director
> directly
were you running localnode?, or were you hoping to decrypt the packets
on the director and then pass the decrypted
packets to the realserver via the LVS?
Julian,
Should you be able to send packets for the VIP to an
SSL accelarator card on the director, before the LVS gets them?
> because i had the prob that the director takes
> over the responsibiliy of the incomming ssl query and didnt passed
> it to the VIP and hanled this by himself, i asked for this ones in
> the mailing list but didnt got a answer and i didnt continue there
> but i'm sure that this is also possible with a litle RTNM,
> so i used a seperate host who is doing en and decryption and pass
> the decrypted http packets over to the VIP.
you are using an SSL accelerator box in front of the director?
> i was watching this with tcpdump and noticed that from the ssl rewrite
> engine over to the VIP was regular http traffic and also back, the
> client self didnt noticed that.
Thanks Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
ph# 919-541-0007, RTP, NC, USA. mailto:mack.joseph@xxxxxxx
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
