On Tue, 5 Feb 2008, David Black wrote: > I have a stable keeplived IPVS-TUN+keepalived setup, am > looking at whether it's feasible to do SSL offloading, and > if so, how.
I haven't done SSL off-loading and my knowledge is limited to what's in the HOWTO. You sound as knowledgeable about the topic as anyone else who's posted here, so I expect you're going to have to nut it out yourself. Any experience you get, I'd be very happy to hear about. If you move the SSL off-loading to the director, you'll have to use LVS-NAT so that the return packets go through the SSL apparatus on the way back to the clients. > The real servers are currently terminating the SSL > sessions (as is common) and persistence is enabled in IPVS > because we don't yet share session state on the backend. do you know about the -dh scheduler as a replacement for persistence? > If we have to do SSL offloading the load balancer boxes > themselves look like good candidates, do you have enough cpu power in a single director to handle the encoding/decoding for the number of realservers you have? Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
