Ask Your Question
0

LBaaS ssl offloading

asked 2014-03-26 06:43:14 -0600

icm3012 gravatar image

I can see that ssl offloading using haproxy is listed in the Neutron/LbaaS pages but cant decide if this is actually implemented in Havanna or in Icehouse. This is a key requirement as I was considering moving to a hardware loadbalancer solution, but am presently using haproxy with stunnel and keepalive in our present Xen based virtual solution. This is messy and we have performance issues, but likely to be the existing hardware rather than the haproxy setup as we do not have a massive loading - about 150 concurrent users accessing three tomcat servers via this method.

So... Is Openstack Neutron LbaaS SSL offloading viable, assuming it is available to use now? Does anyone use this setup in production systems? Does anyone use other hardware or software options for SSL offloading?

Regards Ian

edit retag flag offensive close merge delete

Comments

Hi Ian, Have you been able to do the Neutron LbaaS SSL offloading in Icehouse?

Cheers.

Gobin Sougrakpam gravatar imageGobin Sougrakpam ( 2014-10-02 22:34:40 -0600 )edit
add a comment

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-03-26 08:26:09 -0600

SamYaple gravatar image

I have not tested this deeply. I do know you will need HAProxy 1.5 to do SSL offloading. Most distros only have 1.4 in the repositories. When I compiled haproxy 1.5 and set everything up, it worked well.

But again, I did not test this too throughly. In the end, I did not put LBaaS in our production enviroment. But I have plans to enable it once further testing has taken place.

edit flag offensive delete link more

Comments

Thanks Sam

I have since found 'snapt' which I am considering as an option - although present plan is to go with hardware LB supplied by Kemp.

Regards Ian

icm3012 gravatar imageicm3012 ( 2014-03-27 01:13:51 -0600 )edit
add a comment
0

answered 2014-04-29 07:46:07 -0600

hjjung gravatar image

sam, Do you mean that ssl offload is visible in icehouse horizon? I Can't see.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-03-26 06:43:14 -0600

Seen: 470 times

Last updated: Apr 29 '14

Related questions

How do I modify the IP pool?

load balancer rdp

Security Group Problem: GRE

No instance console when using dashboard with SSL

Instances not reachable from outside

Unable to get DHCP lease in Juno

neutron: publicURL endpoint for network service not found

Problem connecting external host to vxlan

Connection to neutron failed: Maximum attempts reached

Are there plans to enable SCTP protocol in security rules?