From: Michael Ferraro (mikeIZZATmyvest.com)
Date: Mon Jan 05 2004 - 18:54:50 EST
Hi,
We're about to buy a pair of F5 BigIPs in the secondary market and I had
a few questions I was hoping somebody could help us with. Since we're
not looking to buy new, we can't really have the F5 sales engineers
helping us out too much...
If the BigIP doesn't have an SSL accelerator, what functionality do we
lose aside from rapid decryption/re-encryption of traffic? Can a BigIP
still function as an SSL endpoint without the card? My impression is
no.
If the BigIP can't be an SSL endpoint w/out an SSL Accelerator card, how
would it function to load-balance HTTPS traffic? My assumption is that
it can read the SSL session ID w/out decrypting the packets, use round
robin (or another method) to distribute the connections among pool
members, and use that SSL session ID to route future requests for that
session to the same pool member. If that's true, what about IE 5.5+'s
habit of changing (renegotiating) SSL IDs periodicially? Can BigIP
v4.2.6 account for that?
When NAT'ing traffic to pool members, is the source IP address unchanged
by the BigIP? If not, I'm assuming that I have to have the BigIP's IP
be the default router for my pool members. Yuck. If the BigIP is the
default router, what about non-HTTPS traffic (e.g., SSH) originating
from the pool members -- will it simply forward that traffic, too?
Thanks in advance!
Regards,
Mike
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Mon Jan 05 2004 - 19:11:56 EST