[openstack-dev] [Neutron][LBaaS] Use Case Question

Samuel Bercovici SamuelB at Radware.com
Wed Apr 30 16:39:37 UTC 2014


Hi,

As stated, this could either be handled by SSL session ID persistency or by SSL termination and using cookie based persistency options.
If there is no need to inspect the content hence to terminate the SSL connection on the load balancer for this sake, than using SSL session ID based persistency is obviously a much more efficient way.
The reference to source client IP changing was to negate the use of source IP as the stickiness algorithm.


-Sam.


From: Trevor Vardeman [mailto:trevor.vardeman at RACKSPACE.COM]
Sent: Thursday, April 24, 2014 7:26 PM
To: openstack-dev at lists.openstack.org
Subject: [openstack-dev] [Neutron][LBaaS] Use Case Question

Hey,

I'm looking through the use-cases doc for review, and I'm confused about one of them.  I'm familiar with HTTP cookie based session persistence, but to satisfy secure-traffic for this case would there be decryption of content, injection of the cookie, and then re-encryption?  Is there another session persistence type that solves this issue already?  I'm copying the doc link and the use case specifically; not sure if the document order would change so I thought it would be easiest to include both :)

Use Cases:  https://docs.google.com/document/d/1Ewl95yxAMq2fO0Z6Dz6fL-w2FScERQXQR1-mXuSINis

Specific Use Case:  A project-user wants to make his secured web based application (HTTPS) highly available. He has n VMs deployed on the same private subnet/network. Each VM is installed with a web server (ex: apache) and content. The application requires that a transaction which has started on a specific VM will continue to run against the same VM. The application is also available to end-users via smart phones, a case in which the end user IP might change. The project-user wishes to represent them to the application users as a web application available via a single IP.

-Trevor Vardeman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140430/ccf5efa9/attachment.html>


More information about the OpenStack-dev mailing list