Re: [load balancing] Verisign and Load Balancers

From: Michael Batchelder (
Date: Wed Feb 21 2001 - 00:23:39 EST

  • Next message: KJ & JC Salchow: "Re: [load balancing] Verisign and Load Balancers"

     Alex Samonte wrote:
    > Let me leave you with this interesting thought on SSL accelerators.

    Ha. In explicitly trying to escape the thread by saying "Let me leave
    you with...", you've guaranteed that someone (me, in this case) will
    insist on jumping in and perpetuating it... (A corollary of the USENET
    "Nazi" principle...)

    > From our testing we can get 100 conn/s out of a PIII-800 running
    > mod_ssl. Obviously it maxes out the CPU at that point. Let's just
    > say for example I wanted 200 conn/s of SSL. That PIII-800 box costs
    > me about 1.5-3K each. How much does 1 cryptoswift 200 cost? How
    > much does it cost when F5 sells it to you? Or Intel, or alteon?
    > (plus I still need to buy the server).

    So just to be pedantic... The issue of which you'd choose at this point
    isn't just the shelf price tag, but that great acronym, TCO. Yes, the
    two are comparably priced, but the whole new system has larger cost to
    install, administrate, and generally up-keep. In particular, if this is
    an SSL-serving critter, you've likely got it co-lo'd, and even if you
    add a 1U server, the footprint in that expensive co-lo'd rack is a
    recurring cost. That 1U server probably could've been just enough to
    put you .51A over 20A in one rack, or some BTU limit, or some other colo
    limit that'll cost you an added amount. And we know your site isn't
    going to have just one server, so the problem's upper bound might be
    doubling the # of servers to implement SSL to your conn/s requirement.

    Or just pop in this card...

    I feel sure that the folks who sell SSL accelerator cards took this into
    account when deciding what the price tag was gonna be... Cha-chinggg.


    This archive was generated by hypermail 2b30 : Wed Feb 21 2001 - 00:22:48 EST