[openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question
Clint Byrum
clint at fewbar.com
Mon Apr 21 21:25:06 UTC 2014
Excerpts from Eichberger, German's message of 2014-04-21 11:51:05 -0700:
> Hi,
>
> Despite there are some good use cases for the re-encryption I think it’s out of scope for a Load Balancer. We can defer that functionality to the VPN – as long as we have a mechanism to insert a LoadBalancer as a VPN node we should get all kind of encryption infrastructure “for free”.
>
> I like the Unix philosophy of little programs doing one task very well and can be chained. So in our case we might want to chain a firewall to a load balancer to a VPN to get the functionality we want.
>
I think that only makes things simpler in an IPv6+IPSec situation (which,
btw, would be fantastic and should be something we all drive OpenStack
toward). But if you have to add something like OpenVPN to the load
balancer service nodes, I'm not sure you're saving any complexity by
using VPN vs. something like stunnel.
More information about the OpenStack-dev
mailing list