On Tue, May 3, 2011 at 5:39 AM, Dirk-Willem van Gulik <[email protected]> wrote: > > On 3 May 2011, at 10:31, Soren Hansen wrote: > >> 2011/5/3 Todd Willey <[email protected]>: >>> In a heavily load-balanced environment you'll probably want to terminate >>> SSL before it gets >>> proxied to the actual api servers, >> >> Why is that? It seems like a win to distribute as much processing as >> possible, including SSL termination? > > Because most load balancing vendors are either 1) convinced that they need to > go up the stack and have gradually made it impossible to do blind socket LB - > and insist on looking at headers and what not, or 2) is soo far out of touch > and old that blind socket forwarding is not overly practical as the outdated > means to inform the LB what to blindly forward where is just too painful. >
I was thinking of hardware acceleration. > But yes - a bright vendor/standard would indeed do a clever pass through to > the distributed boxes for at least the initial exchange; optionally > facilitate session sharing and/or providing it in-line and after the exchange > it could be informed of the session key and then do a bit more than just > blind forwarding. > > Dw. > > _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
