Table of Contents
Advertisement
SSL Offloading
The Barracuda Load Balancer is able to perform decryption and encryption of SSL traffic to reduce
the load on the Real Servers. It also keeps the SSL certificates associated with that traffic in one
location for easier management.
SSL offloading is not compatible with Direct Server Return.
To set up SSL offloading, complete the following two tasks:
Upload one SSL certificate for each Service to the Barracuda Load Balancer.
1.
Identify the Services that are using SSL offloading.
2.
These two tasks are described in the following sections.
Uploading SSL Certificates
One SSL certificate for each Service to be offloaded must be stored on the Barracuda Load Balancer.
If the Service has never used SSL before, then a certificate has to be ordered from a trusted Certificate
Authority such as Verisign. If the Service has used SSL, then the certificate may be retrieved from a
server providing that Service and loaded on the Barracuda Load Balancer.
To view, edit or add SSL certificates, go to the
Specifying SSL Offloading for a Service
To configure SSL offloading for a Service, go to the
a specific listen port and must not be configured as an ALL ports Service. Click
to see the Service Detail window. Select the SSL certificate you wish to use from the menu. Specify
the SSL Engine Listen Port, which must differ from the port used when configuring the Service. The
Service will also accept non-encrypted traffic to its VIP on the port specified when the Service was
first created.
Encrypted traffic received on the SSL Engine Listen Port will be decrypted before reaching the Real
Servers, and traffic coming from the Real Servers will be encrypted before it leaves the Barracuda
Load Balancer. Since the Real Servers send and receive decrypted traffic, no SSL configuration on
any of the Real Servers is necessary.
Selecting a Scheduling Policy
The Barracuda Load Balancer supports multiple scheduling methods to determine which Real Server
that supports a Service gets the next new connection. Each Real Server is assigned a weight, which
indicates the proportion of the load that this Real Server will bear relative to other Real Servers.
Weights are either calculated dynamically using Adaptive Scheduling, or they are pre-assigned.
These Real Server weights are used by the scheduling algorithm, which is either Weighted Round-
Robin or Weighted Least Connections, to determine which Real Server gets the next connection.
Adaptive Scheduling
The Adaptive Scheduling feature polls the Real Servers frequently and assigns weights to those Real
Servers using the information gathered. The parameter polled may be:
•
CPU Load, determined by an SNMP query. In order to use this option, Real Servers must allow
SNMP access to the public community by the Barracuda Load Balancer.
Basic > Certificate Management
page. The Service must specify
Basic > Services
Managing the Barracuda Load Balancer 47
page.
for the Service
Edit
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the Load Balancer and is the answer not in the manual?
Questions and answers