[lvs-users] SSL persistence/offloading and IPVS-TUN

David Black dave at jamsoft.com
Tue Feb 5 23:07:17 GMT 2008 

Joseph Mack NA3T wrote:
> topic as anyone else who's posted here, so I expect you're 
> going to have to nut it out yourself. Any experience you 
> get, I'd be very happy to hear about.
>   

Sure, will do.  Thus far I see Apache can be made to do it - at least
2.2, if not 2.0.
But that would be moving the load balancing to Apache userland and such
is not my first choice.

> If you move the SSL off-loading to the director, you'll have 
> to use LVS-NAT so that the return packets go through the SSL 
> apparatus on the way back to the clients.
>   

Should have said I *am* using LVS-NAT - whoops!  Thanks for the reminder.

>
> do you know about the -dh scheduler as a replacement for 
> persistence?
>   

No, but thanks for the tip.

>> If we have to do SSL offloading the load balancer boxes 
>> themselves look like good candidates,
>>     
>
> do you have enough cpu power in a single director to handle 
> the encoding/decoding for the number of realservers you 
> have?
>
> Joe
>   
Good question and the answer is yes, at least in the short term.

Dave

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list