Presentation is loading. Please wait.

Presentation is loading. Please wait.

ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate.

Similar presentations


Presentation on theme: "ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate."— Presentation transcript:

1 ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate Certificate Verify ChangeCipherSpec Handshake ChangeCipherSpec Handshake Optionally send server certificate and request client certificate Change CipherSpec and finish handshake. Send client certificate response if requested. Session Establishment ClientServer

2 ClientHello ServerHello Establish protocol version, session-id ( Including previous session info), cipher suite, compression method. ChangeCipherSpec Handshake ChangeCipherSpec Handshake Change CipherSpec and finish handshake. ClientServer If the Client wants to reuses the same session, if sends the previous session id in the clientHello message. If the servers wants to reuse the same session then it sends the same session id back in the serverHello Session Reusability

3 Web Browser Socket File Descriptor Linux Application Level Content Switch (LACS) Child (Fork) Socket File Descriptor Decide Real Server Socket File Descriptor Real Server a b c e d f g In step (a & b) Web Browser(Client) establishes a connection with the Linux Application Content Switch (LACS). (c ) LACS forks and creates a new Process, the child process reads the HTTP request (d & e ) Child process establishes a connection with the rule matching module, the rule matching module sends back the information about the Real Server, that is going to serve the Request (f & g) Child process establishes a connection with the real Server and sends the Request to the Real Server Process Control for Dynamic Forking LACS

4 Process Control for Pre-forked LACS Web Browser Socket File Descriptor Linux Application Level Content Switch (LACS) Socket File Descriptor Decide Real Server Socket File Descriptor Real Server a d c e f Child nChild 1Child 2 b In the Pre-fork model of LACS, child Process are created ahead of time In step (a & b) Web Browser(Client) establishes a connection with the LACS child Process and sends an HTTP request (c & d ) child process reads the HTTP Request and establishes a connection with the rule matching module. The rule matching module sends back the information about the Real Server, that is going to serve the Request (e & f) Child process establishes a connection with the real Server and sends the Request to the Real Server

5 Dynamic Rule Update In the configuration section the following information is defined #define RULE_SERVER_NAME“abc.uccs.edu" #define RULE_SERVER_PORT4000 #define DEFAULT_RULE_SERVER_NAME“xyz.uccs.edu" #define DEFAULT_RULE_SERVER_PORT4000 The Rule Module can run on the same or different machine as the LACS. The Child process tries to establish a connection with the machine running the Rule Module. If the child process is unable to establish a connection it will route the rule matching information to the DEFAULT_RULE_SERVER_NAME. To UPDATE the Rule Module the user needs to –down/kill the rule matching module/process. –Update with the new rule matching information –compile and run the rule matching process When the rule matching process is down – Rule matching will be performed by the DEFAULT_RULE_SERVER_NAME When the rule matching process is back – Rule matching will be performed by the RULE_SERVER_NAME

6 Impact of Rules on the Performance of Dynamic LACS on 933 MHz, 512 MB Ram Clearly there is some impact of Rules on the the Performance of Dynamic Forking LACS –the lower the rules the better the performance N o heavy impact of the performance of the LACS with increase in the number of rules

7 Impact of Real Servers on the Performance of Dynamic SSL LACS on 933 MHz, 512 MB Ram Clearly there is no impact of Real Server on the the Performance of Dynamic Forking SSL LACS –LACS is the bottleneck ??

8 Performance of LACS on 512 MHz, 512MB RAM The performance of the Pre-forking SSLProxy is better than Dynamic Forking SSLProxy

9 Performance of LACS on 933 MHz, 512 MB Ram The performance of the Dynamic forking SSLProxy is better than Pre-forked SSLProxy.

10 Performance of LACS on 933 MHz, 512 MB Ram Rule Module running locally Pre-fork SSLProxy Overtakes Dynamic SSLProxy Dynamic SSLProxy Performance was degraded by 100% Others Variations of LACS did not suffer much

11 Performance of LACS on 933 MHz, 512 MB Ram, Rule Module running on 233 MHz, 96MB RAM No major change in performance w.r.t rule module running locally


Download ppt "ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate."

Similar presentations


Ads by Google