On 21/08/09 12:24 PM, Chris Buechler wrote:
Bonus points for being able
> to also perform SSL offloading. Our application server uses HTTP cookies to
> maintain sessions, so it is important that the load balancer be able to
> maintain connection to a specific web server for the life of the cookie.
>
The session stickiness is based on firewall states, which isn't going
to guarantee that it's tied to that server for the life of the cookie.
Current stable versions don't provide the kind of functionality you
require for that.
Ah, thanks Chris. Is this something planned for the near future (6-9 months)? We
aren't in a hurry, and any alternative solution is going to cost us >$5,000 for
some appliance (in HA redundant mode). I'd rather fund a good cause (like you
guys) with those dollars, but it seems like several pieces would be needed:
1. HA failover (pfSense already has that)
2. load balancing (pfSense already has that as round robin but not balancing
response times)
3. layer 7 (HTTP/HTTPS) awareness of cookies to maintain application stickiness
4. SSL offloading (I suspect that 3 requires this since the cookie is inside
the HTTPS payload)
5. HTTP dead host detection (as opposed to a simple ping)
Does that sound about right? Do you have a clear idea of how much work is
involved in all this?
Ari Maniatis
-------------------------->
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001 fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
---------------------------------------------------------------------
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org