Session Establishment Client Hello Server Hello Establish protocol
Session Establishment Client. Hello Server. Hello Establish protocol version, session- id, cipher suite, compression method. Certificate Request Optionally send server certificate and request client certificate Server. Hello. Done Certificate Send client certificate response if requested. Certificate Verify Change. Cipher. Spec Handshake Change Cipher. Spec and finish handshake. Change. Cipher. Spec Handshake Client Server
Session Reusability Client. Hello Server. Hello Establish protocol version, session-id Including previous session info), cipher suite, compression method. Change. Cipher. Spec Handshake Change. Cipher. Spec Change Cipher. Spec and finish handshake. Handshake Client Server • If the Client wants to reuses the same session, if sends the previous session id in the client. Hello message. • If the servers wants to reuse the same session then it sends the same session id back in the server. Hello (
Process Control for Dynamic Forking LACS Linux Application Level Content Switch (LACS) (Fork) Child c f Socket File Descriptor d b g Socket File Descriptor e Real Server Decide Real Server a Web Browser In step 1. (a & b) Web Browser(Client) establishes a connection with the Linux Application Content Switch (LACS). 2. (c ) LACS forks and creates a new Process, the child process reads the HTTP request 3. (d & e ) Child process establishes a connection with the rule matching module, the rule matching module sends back the information about the Real Server, that is going to serve the Request 4. 5. (f & g) Child process establishes a connection with the real Server and sends the Request to the Real Server
Process Control for Pre-forked LACS Linux Application Level Content Switch (LACS) Child n Child 2 Socket File Descriptor Child 1 e c Socket File Descriptor b f Socket File Descriptor d Real Server a Decide Real Server In the Pre-fork model of LACS, child Process are created ahead of time In step Web Browser 1. (a & b) Web Browser(Client) establishes a connection with the LACS child Process and sends an HTTP request 2. (c & d ) child process reads the HTTP Request and establishes a connection with the rule matching module. The rule matching module sends back the information about the Real Server, that is going to serve the Request 3. (e & f) Child process establishes a connection with the real Server and sends the Request to the Real Server
Dynamic Rule Update • In the configuration section the following information is defined #define RULE_SERVER_NAME “abc. uccs. edu" #define RULE_SERVER_PORT 4000 #define DEFAULT_RULE_SERVER_NAME “xyz. uccs. edu" #define DEFAULT_RULE_SERVER_PORT 4000 • The Rule Module can run on the same or different machine as the LACS. • The Child process tries to establish a connection with the machine running the Rule Module. If the child process is unable to establish a connection it will route the rule matching information to the DEFAULT_RULE_SERVER_NAME. • To UPDATE the Rule Module the user needs to – down/kill the rule matching module/process. – Update with the new rule matching information – compile and run the rule matching process • When the rule matching process is down – Rule matching will be performed by the DEFAULT_RULE_SERVER_NAME • When the rule matching process is back – Rule matching will be performed by the RULE_SERVER_NAME
Impact of Rules on the Performance of Dynamic LACS on 933 MHz, 512 MB Ram • Clearly there is some impact of Rules on the Performance of Dynamic Forking LACS – the lower the rules the better the performance • No heavy impact of the performance of the LACS with increase in the number of rules
Impact of Real Servers on the Performance of Dynamic SSL LACS on 933 MHz, 512 MB Ram • Clearly there is no impact of Real Server on the Performance of Dynamic Forking SSL LACS – LACS is the bottleneck ? ?
Performance of LACS on 512 MHz, 512 MB RAM • The performance of the Pre-forking SSLProxy is better than Dynamic Forking SSLProxy
Performance of LACS on 933 MHz, 512 MB Ram • The performance of the Dynamic forking SSLProxy is better than Pre-forked SSLProxy.
Performance of LACS on 933 MHz, 512 MB Ram Rule Module running locally • • • Pre-fork SSLProxy Overtakes Dynamic SSLProxy Performance was degraded by 100% Others Variations of LACS did not suffer much
Performance of LACS on 933 MHz, 512 MB Ram, Rule Module running on 233 MHz, 96 MB RAM • No major change in performance w. r. t rule module running locally
- Slides: 11