SSL Termination + Transparent + Failover + Many sessions?


#1

Researching load balancing for our setup and wondering if our requirement list is feasible to do with haproxy.

  1. SSL Termination on the load balancer
  2. Transparent IPv4/IPv6 ie client ip shows up on the servers
  3. HAProxy in a high availability setup, ie failover between 2 or more.
  4. Lots of sessions, (assuming we have the proper cpu/ram resources in place), I found this link https://www.linangran.com/?p=547, we are trying to build for the 200k concurrent range. 50/50 https/http

This will run in a virtual vmware environment, but I assume it’s not much different from Amazon etc.

From reading up on stuff, I think the challenge is the combination of all 4 requirements. I feel quite certain that 1 & 2 is okay, but when you add 3 & 4 its when it gets tricky.

Is this possible to do with the free haproxy or must we look at the commercial version or maybe another solution entirely?

All feedback is greatly appreciated.

Pedro


#2

The open source version doesn’t have any limitation in that direction, it is definitely possible, but plan for some research, tuning and testing.

The mailing list archives contain a lot of informations regarding high scale ssl configurations. The limiting factor is usually the number of TLS handshakes for new sessions, so take special care about that.

I would suggest you dig through mailing list archives, and direct any followup questions to the mailing list, because this is where people with lots of operational experience are.


#3

Thanks, I will look at the mailing lists and read up on the TLS handshakes for new sessions.