On Fri, Feb 16, 2001 at 11:02:08AM -0500, Steve Reppucci wrote:
> On Fri, 16 Feb 2001, Paris Lundis wrote:
> > We have considered such.. however, great cost prohibition... need two
> > of those for redundancy :) so 30k on top of other network
> > expenditures...
> Agreed, but note that when these fail, they look like a piece of wire, so
> your redundancy option *could* be normal secure servers on the back end.
> (But then, there goes the cert management savings...)
He's not talking about failover that way, he's talking about how
they would be for a typical site with HA load balancers.
Typical HA scenario. doing active/passive failover.
I have 2 intel boxes, 1 doing something, the other doing nothing.
If I only need 200 conn/s then that's fine. But if I need
201 then it looks like this.
I now have 4 intel boxes, 2 doing something, 2 doing nothing.
If I need 601 I have 6 boxes, 3 doing something 2 doing nothing.
And doing nothing just means it's waiting for failover.
The architecture we like is a 1 armed scenario.
| | | | | | | |
ssl ssl ssl ssl web web web web
The ssl box being a SSL accelerator proxy (alteons SSL ISD does this, as well
as a few other new boxes).
you have 443 go to the ssl farm load balanced. The SSL proxy takes in 443
decrypts it, and spits it back out on say port 81. port 81 is load balanced
to the webservers on port 81. Giving you N+1 ssl accelrator scalability
just like your webfarm.
The SSL one armed can also be done like a firewall sandwitch, but because
SSL traffic is only a small percentage of overall traffic, having
it pass through the same LB twice isn't a big burden.
Also, in this case you're using each box equally (load balanced) intel's
architecture fills one box to capacity and then spills over to
This archive was generated by hypermail 2b30 : Fri Feb 16 2001 - 19:21:22 EST