SSL acceleration for a web farm

Peter Mueller pmueller at sidestep.com
Wed Aug 17 21:29:18 BST 2005


> I have been using LVS for a small farm for a couple of years 
> now.  I am interested in adding SSL hardware acceleration to 
> my two LVS servers. It is my goal to maintain performance by 
> offloading the SSL chores, and reduce the cost of certificate 
> renewal by not applying certificates to my web servers.  
> 
> Can anyone offer advice from experience doing the same?  I am 
> using an LVS-NAT configuration currently and am happy with 
> it.  It has been suggested that I get a commercial product to 
> do this (Big-IP from F5) which I am not absolutely opposed 
> to, but if there is a good track record with adding SSL 
> hardware acceleration to LVS then I will be happy to stick 
> with what I've been using.

Intel used to make a daisy-chain network device that would do this.  A lot of
companies still add an SSL card to a few servers, e.g.
http://h18004.www1.hp.com/products/servers/security/axl600l/ or
http://www.chipsign.com/modex_7000.htm.  And then there are the accelerators
on F5s and their like.  I think the least disruptive way will be the
add-on-card to two servers and a :443 vip containing only them.

> Thanks for any comments or links which address this topic.

Hope it helps.

Regards,

P


More information about the lvs-users mailing list