osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL offloading for Virtual Routers / Loadbalancer


Hi Stephan,

It is done in our own fork based on cloudstack 4.7.1 . We are planning to
port all our changes to 4.11 with pull requests.

If you need in urgently, I can share some commits with you (it might not
work on 4.11).

-Wei

2018-04-12 11:23 GMT+02:00 Stephan Seitz <s.seitz@xxxxxxxxxxxxxxxxxxx>:

> Thank's for your feedback Wei!
>
> I'll dscuss the configuration via tags/values with some collegues, but I
> think that's a very practical way of configuring some LB specialities.
>
> AFAIK there'll be some changes necessary to the codebase. Have you've done
> that changes internally or do I live in an ideal world and it's available
> maybe as pullrequest on github?
> In short, may we use that work? :)
>
> cheers,
>
> - Stephan
>
> Am Donnerstag, den 12.04.2018, 10:59 +0200 schrieb Wei ZHOU:
> > Hi Stephan,
> >
> > We (Leaseweb in Netherlands) had some work on it. It is implemented by
> > network tags and lb tags.
> > Here is our KB:
> > https://kb.leaseweb.com/display/KB/Network%3A+
> CloudStack#Network:CloudStack-ConfiguringloadbalancerforanIP
> AddressofanIsolatedNetwork
> >
> > -Wei
> >
> > 2018-04-12 10:23 GMT+02:00 Stephan Seitz <s.seitz@xxxxxxxxxxxxxxxxxxx>:
> >
> > >
> > > Hi!
> > >
> > > We've got some projects where it would be very reasonable to have SSL
> > > offloading for https available at the loadbalancing component in the
> VR.
> > >
> > > Since loadbalancing is done via haproxy, that wouldn't be impossible to
> > > configure (at least for the haproxy.conf).
> > >
> > > I wonder if there's some documentation for the management <-> VR
> > > communication. IMHO we need to add
> > > - upload/update of ssl certs from the management node to the
> respective VR
> > > - configuring/updating SSL as additional LB method (besides the
> > > tcp-oproxy, tcp and udp methods)
> > > - some VR's feedback or canary code to inform the management node about
> > > the LB capabilities(?)
> > >
> > > It would be really nice if someone could share some information. How
> would
> > > you start that?
> > >
> > >
> > > Thanks!
> > >
> > > - Stephan
> > >
> Mit freundlichen Grüßen,
>
> Stephan Seitz
>
> --
>
> Heinlein Support GmbH
> Schwedter Str. 8/9b, 10119 Berlin
>
> http://www.heinlein-support.de
>
> Tel: 030 / 405051-44
> Fax: 030 / 405051-19
>
> Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
> Berlin-Charlottenburg,
> Geschäftsführer: Peer Heinlein -- Sitz: Berlin
>
>
>