Mark 1.This is a vendor netural reply.Please check for the follwing points:-
- Can you install certs on this device ? What cert formats does it take ? Can you install multiple certs ? - Does it off load SSL processing from your web servers or do you need a external device connected to this device for SSL.If you need a external device, is it a proprietery device or any third party would work. - Most important - How many SSL transacations can it undertake. The best SSL device of year 2000 was the Alteon iSD.Does 400 tps. Their iSD 3does 600 ( I didnt test this ). But as of this email there are better tps figures available. ( I work on equipment which does 25,000 SSL sessions per second. ) 2.Mark - Today you are :- -Going to setup Loadbalancing + HA ( failover/VRRP/HSRP ) + SSL When are you going to be working your minds on " Now I want to add FW + VPN " :-). 3. What I am trying to allude is " SCALEABILITY ". Is this system you are builiding scaleable ? Ask yourself:- - Is SSL enough ? - What tps am I looking for and when I need more TPS, do I throw out this box ? - What thruput are you looking for on a L4 box ( your loadbalancer is a Layer 4 device). - What kind of loadbalancing are you looking for - if you do a IP based load balancing and tommorow your CTO says , lets switch to cookie based loadbalacing but the Application developer says that his app works best with URL based loadbalancing - where would you go ?? Your load balancer should be versatile. URL/Cookie LB provides "delayed binding" protection. ( there are two tcp connections to get the content instead of one ) and more. 4. What can save a nation money are those integrated multigigabit ASIC based devices which does the following on ONE DEVICE :- - FW - VPN - SSL - Load balancing So if your ISP has one of these then it can hook up 100 customers per box and give each one of them the above services. Lets take your case.Add up the cost of each of your Loadbalancer + FW + SSL + VPN. Multiply this by 100 devices( customers ). The cost of the integrated equipment will be 100 times less than the cost for the 400 devices!!! If you/anyone needs details, please shoot me an email.( for academic/technical discussions only ) Regards Pradeep -----Original Message----- From: Mark Fagan [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 18, 2001 7:25 AM To: Security-Basics (E-mail) Subject: CIcso Load Balancer I am going to setup loadbalancing and failover with Cisco 417's. Is there a problem related to SSL sessions ? Mark Fagan CSP Network Engineer Esat Business 1 Grand Canal Quay Dublin 2, Ireland. E [EMAIL PROTECTED] www.esatbusiness.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. http://www.esatbusiness.com **********************************************************************
