Re: certs and load balancing?

Tue, 22 Jun 1999 09:40:51 -0700 

You may want to consider a solution from F5 Labs or HolonTech that will
always "route" data to a particular server based upon SSL session
id. Otherwise, you'll have a boat load of re-negotiations going on. Not that
I endorse any of these products, but these are the few that I know of that
do this. 

-Tom

Dave Paris <[EMAIL PROTECTED]> writes:

> Greets,
> 
> I've been sifting through FAQs and archives, but I'm left with a
> lingering question.
> 
> Given the following configuration:
> 
> 
>                         +-----------+
>                         |   router  |
>                         +-----------+
>                               |
>                               |
>              +----------------------------------+
>              |  Load Balancer 'www.domain.com'  |
>              +----------------------------------+
>                    /          |          \
>                   /           |           \
>                  /            |            \
>                 /             |             \
>          +-----------+  +-----------+  +-----------+
>          |  xxx.100  |  |  xxx.101  |  |  xxx.102  |
>          +-----------+  +-----------+  +-----------+
> 
> In the example, the Load Balancer is something akin to a Cisco
> LocalDirector or a Nortel Accelar 750.  Where the host of 'www' is
> actually the load balancer which forwards requests between
> xxx.xxx.xxx.100, .101, and .102.
> 
> The question posed is how does one handle certificates on each of .100,
> .101, and .102 such that  https://www.domain.com  can be handled by any
> of the three machines?
> 
> Obviously, the machines can't all be named the same and still resolve
> (ie, naming each of them 'www' with a different IP would result in DNS
> round-robining .. which isn't desirable)
> 
> Can anyone shed a little light on this one while I still have my hair
> left? (explanations, URLs, FAQ pointing all welcomed with open
> sockets..)
> 
> mille grazie in advance..
> -dsp
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 

-- 
Tom Vaughan <tvaughan at aventail dot com>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to