> -----Original Message-----
> From: Balázs Nagy [mailto:[EMAIL PROTECTED]]
>
> the current proven approach is not to share the session cache, but
> to inspect the packets, and route them to the same server for a
> given session.
I've done a bit more research, and here is what I've found:
If it absolutely is a requirement that you have a shared ssl session cache,
and you don't absolutely need Apache, and you are willing to spend some
money, you could use Zeus (http://www.zeus.co.uk/). This is not an option
for us.
Spread (http://www.spread.org/) is a wide area group communication system.
It is free for non commercial use, but has a specific exception in the
license for implementing a shared ssl session cache in Apache. They refer
specifically to apache-ssl. I can't find any reference to spread anywhere
in the apache-ssl documentation, though, so I have no idea how any of it
would work. Perhaps someone has modified gcache to work with it, but I
can't find it if they have. This is not an option for us, since we require
mod_ssl.
If you really want to try sharing the ssl session cache using DBM, you might
try AnyDBM (http://www.webthing.com/software/AnyDBM/) which includes
RDBM-Lite, which converts your DBM calls to a network client which talks to
a server which is included in the distribution. I haven't tried this, so I
can make no recommendations. Even if performance was good enough, you would
still end up with a single point of failure where ever you stored your
session cache. Since redundancy is at least as important to us as
performance, this isn't really an option for us, although I am tempted
experiment with it just for fun.
So it looks like the only option for us is to route each given client to the
same webserver for all the requests. We have some Cisco LocalDirectors in
house for this purpose. Does anyone have any experience in the real world
on doing this? I'm a bit concerned that balancing in this manner will lead
to a few heavy users managing to hammer one of the servers while the others
sit relatively unused. My fears are probably a bit exaggerated, but how
unbalanced should I expect it to get? Any tips on things I should either
definitely do or definitely avoid in the configuration?
Thanks
Mike
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
