Jeffrey Burgoyne wrote:
> On Thu, 2 Nov 2000, Owen Boyle wrote:
>> "Wohlgemuth, Michael J." wrote:
>>
>>> I would like to implement some sort of load balancing for this site.
>>> ...the SSLSessionCache will need to be shared
>>> somehow across separate physical hosts.
the current proven approach is not to share the session cache, but
to inspect the packets, and route them to the same server for a
given session.
>>
>> We have a different approach and what we plan to do is to configure the
>> load-balancer so that all transactions within the same session are
>> routed to the same server.
>>
>> Since we haven't yet decided what to use for load balancing, we haven't
>> yet discovered how to do this... :-)
There are two routes: software or hardware.
Software: you can use an off the shelf product, e.g.
"Resonate" that will install on your severs or on a
separate server, and be careful in the case of sessions,
to direct them to the right place. I heard that TuboLinux
and RedHat also have a product that might do that...
Hardware: SlashDotOrg uses Alteon load balancers that do
well with SSL as well as with cookies. Other hardware
solutions are available from Cisco, Rockridge and probably
others.
> I have not played around with the session cache stuff, but a quick look on
> my system seems to indicate it is a file. Would it be possible to NSF
> mount this file among multiple machine making it shared? It would be
> useful for myself as we are adding a second server to our installation and
> all our pertinant files are on a shared HDS drive. If this could be shared
> as well, it would be quite helpful.
With NFS, you would have a serious bottleneck due to file locking,
and not even a shared RAID could help you there...
(PS: if you were kind enough to put your comments at the bottom
of the thread, it would make it easier to follow for others. I
took the liberty to cut it an paste it to the bottom...)
--
Cheers,
Balázs
thenewpush, LLC / 303-523-5729 / 720-283-2873
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
