Security '02 Abstract
SSLACC: A Clustered SSL Accelerator
Eric Rescorla, RTFM, Inc.; Adam Cain, Nokia, Inc.; Brian Korver, Xythos Software
Abstract
We describe a clustered SSL accelerator. Although
current SSL acceleration solutions [1, 2] often employ
multiple nodes in parallel (or in series [3]) for improved
performance and resistance to single failures, the failure
of any node results in all client connections to that node
being torn down. Our implementation goes beyond this to
provide robustness against node failures at the connection
level--any proper subset of the nodes in the cluster can
fail and no effect (other than possibly performance
degradation) will be observed. This result is accomplished
by a novel combination of tight control of TCP [4] behavior
and state-sharing between cluster members. Unlike many high
availability clustering systems, ours uses commodity
hardware.
- View the full text of this paper in HTML, PDF. Until August 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|