Ask Your Question
0

LBaaS ssl offloading

asked 2014-03-26 06:43:14 -0600

icm3012 gravatar image

I can see that ssl offloading using haproxy is listed in the Neutron/LbaaS pages but cant decide if this is actually implemented in Havanna or in Icehouse. This is a key requirement as I was considering moving to a hardware loadbalancer solution, but am presently using haproxy with stunnel and keepalive in our present Xen based virtual solution. This is messy and we have performance issues, but likely to be the existing hardware rather than the haproxy setup as we do not have a massive loading - about 150 concurrent users accessing three tomcat servers via this method.

So... Is Openstack Neutron LbaaS SSL offloading viable, assuming it is available to use now? Does anyone use this setup in production systems? Does anyone use other hardware or software options for SSL offloading?

Regards Ian

edit retag flag offensive close merge delete

Comments

Hi Ian, Have you been able to do the Neutron LbaaS SSL offloading in Icehouse?

Cheers.

Gobin Sougrakpam gravatar imageGobin Sougrakpam ( 2014-10-02 22:34:40 -0600 )edit
add a comment

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-03-26 08:26:09 -0600

SamYaple gravatar image

I have not tested this deeply. I do know you will need HAProxy 1.5 to do SSL offloading. Most distros only have 1.4 in the repositories. When I compiled haproxy 1.5 and set everything up, it worked well.

But again, I did not test this too throughly. In the end, I did not put LBaaS in our production enviroment. But I have plans to enable it once further testing has taken place.

edit flag offensive delete link more

Comments

Thanks Sam

I have since found 'snapt' which I am considering as an option - although present plan is to go with hardware LB supplied by Kemp.

Regards Ian

icm3012 gravatar imageicm3012 ( 2014-03-27 01:13:51 -0600 )edit
add a comment
0

answered 2014-04-29 07:46:07 -0600

hjjung gravatar image

sam, Do you mean that ssl offload is visible in icehouse horizon? I Can't see.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-03-26 06:43:14 -0600

Seen: 446 times

Last updated: Apr 29 '14

Related questions

No tenant network is available for allocation.

Problem with dnsmasq getting killed.

Possible routing issue: Cannot get VM access outside

Neutron Static IP

Why Linux bridge Quantum plugin ?

multiple fixed-ip without filter

How to assign floating IP [closed]

[Juno] Neutron-metadata-agent can't start

caught error: Timeout while waiting on RPC response - topic: "network", RPC method: "validate_networks" info: "<unknown>"

cirros image no network