[openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

Stephen Balukoff sbalukoff at bluebox.net
Fri Apr 18 15:21:49 UTC 2014


Howdy, folks!

Could someone explain to me the SSL usage scenario where it makes sense to
re-encrypt traffic traffic destined for members of a back-end pool?  SSL
termination on the load balancer makes sense to me, but I'm having trouble
understanding why one would be concerned about then re-encrypting the
traffic headed toward a back-end app server. (Why not just use straight TCP
load balancing in this case, and save the CPU cycles on the load balancer?)

We terminate a lot of SSL connections on our load balancers, but have yet
to have a customer use this kind of functionality.  (We've had a few ask
about it, usually because they didn't understand what a load balancer is
supposed to do-- and with a bit of explanation they went either with SSL
termination on the load balancer + clear text on the back-end, or just
straight TCP load balancing.)

Thanks,
Stephen


-- 
Stephen Balukoff
Blue Box Group, LLC
(800)613-4305 x807
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140418/e30d3c2a/attachment.html>


More information about the OpenStack-dev mailing list