Distributed Session Cache
We are in the process of switching from round-robin DNS (clients tend to stay on one web server) to IBM Network Dispatcher (client connections are spread across all web servers). It looks like this is going to defeat the current lift we're getting with the per-server session cache. I found a blurb on ApacheWeek about a discussion at ApacheCon 2001: The future of mod_ssl was discussed including the work currently going on to port it to Apache 2.0, add LDAP - CRL handling, and a distributed session cache. mod_ssl will not need EAPI hooks for Apache 2.0, but other EAPI functions may be useful. It is not certain how this effort will fit into the work being done in Apache 2.0 on mod_tls and if we will end up with two SSL solutions like we have with Apache 1.3. How far along is the mod_ssl port to Apache 2? Has anyone hacked up a distributed session cache? Would a dbm session cache over NFS work? Did the old Apache-SSL ssl_gcache ever work as a DSC? How did ssl_gcache deal with security/integrity of the cache? Is this problem even worse: Does the client throw away it's current session key every time it gets a different session key from the web server? I see that there is a great deal of work on distributed shared memory (mostly for parallel computing). Has anyone put one of these solutions under mm? John -- John Bly Milton IV (512) w:493-2764, h:323-5622, m:750-1783 FundsXpress [EMAIL PROTECTED] Don't FLAME, inform! O- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Distributed Session Cache
How far along is the mod_ssl port to Apache 2? It is basically done, already bundled with Apache itself as a regular module Has anyone hacked up a distributed session cache? The closest I know of is for Apache-SSL, which Ben Laurie mentioned at one of the Apachecons: http://anoncvs.aldigital.co.uk/splash/ based on http://spread.org Some discussion on this: http://marc.theaimsgroup.com/?l=apache-modsslm=99055320101822w=2 Daniel -- Teach Yourself Apache 2 -- http://apacheworld.org/ty24/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Distributed Session Cache
On Fri, 12 Jul 2002, John Milton wrote: How far along is the mod_ssl port to Apache 2? Done, for all intents and purposes. AFAIK, the only big still-missing functionality is the per-directory POST renegotiations. Has anyone hacked up a distributed session cache? Not that I'm aware of. But somebody out there might have one I suppose... anybody? Would a dbm session cache over NFS work? Hmmm... probably not. For one thing, it would be slow. For another, files are typically not lockable over NFS. With multiple writers I'd think it would be pretty easy to corrupt the dbm. But I'm not positive. Try it and see what happens I guess. Did the old Apache-SSL ssl_gcache ever work as a DSC? How did ssl_gcache deal with security/integrity of the cache? You'd probably have to ask the Apache-SSL guys on that one. Is this problem even worse: Does the client throw away it's current session key every time it gets a different session key from the web server? It's supposed to, yes. I see that there is a great deal of work on distributed shared memory (mostly for parallel computing). Has anyone put one of these solutions under mm? Don't think so. And anyway, Apache 2.0's mod_ssl doesn't use mm. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Distributed Session Cache
On Sat, 13 Jul 2002, Daniel Lopez wrote: How far along is the mod_ssl port to Apache 2? It is basically done, already bundled with Apache itself as a regular module Has anyone hacked up a distributed session cache? The closest I know of is for Apache-SSL, which Ben Laurie mentioned at one of the Apachecons: http://anoncvs.aldigital.co.uk/splash/ based on http://spread.org Some discussion on this: http://marc.theaimsgroup.com/?l=apache-modsslm=99055320101822w=2 before I get a wave of follow-ups as a result of this, let me save myself some typing ... The good news: the work was actually done, finished, and working nicely (very fast and scales about two orders of magnitude higher than you'd be able to scale the SSL crypto to match it :) The bad news: the work was done in/for a company and is not at this stage open source. I am in the process of seeing what could be done to change that now that someone has jogged my memory, but I need to stress that this will be someone else's decision, not mine. Cheers, Geoff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
