[ale] http accelerator?
Robert L. Harris
Robert.L.Harris at rdlg.net
Tue Nov 6 16:08:30 EST 2001
We're actually using Ipivots now. They work real well, but we may have
issue with the load they can handle. I'm wondering about a linux system
for a couple reasons though.
If an Ipivot fails, it just sends everything non-encrypted... Bad thing.
I'm thinking of a pair of clustered Linux boxes doing the same thing.
It could be scaled with "pairs" handeling multiple sites, etc...
Thus spake Barlow, Jim D (jim.d.barlow at intel.com):
> Hiya Robert,
>
> This was done by I-Pivot corp, a company which was purchased by Intel
> Corporation.
>
> Other companies followed suit with some of these products.
>
> The Intel box was a 1 rack unit high box. The OS was BSD based, and there
> was Application
> Specific Integrated Circuitry to do the encryption / decription, much like
> the cards
> you can put in servers to do this work. The software resided entirely
> within flash memory.
>
> One of the benefits of a seperate box was in integrating this into a server
> farm without
> downing and taking apart operating servers. Security certificates could be
> loaded on this
> box. It could handle bulk encryption as well as the asynchronous handshake.
> For security,
> it was initially a MAC layer device with no IP address.
>
> Later these boxes evolved into load balancers and site balancers.
>
> This product was pretty popular, and was sold by Hewlett Packard as well as
> Intel.
>
> Most of this HTTPS proxy stuff has now moved into Ethernet media switches.
>
> Also transform functions that aid encryption / decryption have inspired a
> fused
> instruction in the Itanium Architecture ( EPIC ) to make general purpose
> processing
> more effective at handling SSL type loads.
>
> Sorry to ramble on....
>
> - Jim
>
>
>
> -----Original Message-----
> From: Robert L. Harris [mailto:Robert.L.Harris at rdlg.net]
> Sent: Tuesday, November 06, 2001 3:08 PM
> To: Atlanta Linux Enthusiasts
> Subject: [ale] http accelerator?
>
>
>
>
> I'm looking at a project for an "https accelerator" to front for a
> web server farm. I'm wonderng if anyone's built something like this.
> Basically a box that listens on eth0 for traffic on port 443, decrypts
> the ssl, forwards it to a box on eth1, then reverses the traffic for
> outbound traffic.
>
> Anyone?
>
>
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris | Micros~1 :
> Senior System Engineer | For when quality, reliability
> at RnD Consulting | and security just aren't
> \_ that important!
> DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
> FYI:
> perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>
> sent to listmaster at ale dot org.
:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list