Distributed Session Cache

We are in the process of switching from round-robin DNS
(clients tend to stay on one web server) to IBM Network
Dispatcher (client connections are spread across all web
servers). It looks like this is going to defeat the current
lift we're getting with the per-server session cache. I found
a blurb on ApacheWeek about a discussion at ApacheCon 2001:

The future of mod_ssl was discussed including the work
currently going on to port it to Apache 2.0, add LDAP
-> CRL handling, and a distributed session cache. mod_ssl
will not need EAPI hooks for Apache 2.0, but other EAPI
functions may be useful. It is not certain how this effort
will fit into the work being done in Apache 2.0 on mod_tls
and if we will end up with two SSL solutions like we have
with Apache 1.3.

How far along is the mod_ssl port to Apache 2?
Has anyone hacked up a distributed session cache?
Would a dbm session cache over NFS work?
Did the old Apache-SSL ssl_gcache ever work as a DSC?
How did ssl_gcache deal with security/integrity of the cache?
Is this problem even worse: Does the client throw away
it's current session key every time it gets a different
session key from the web server?
I see that there is a great deal of work on distributed
shared memory (mostly for parallel computing). Has anyone
put one of these solutions under mm?

John
--
John Bly Milton IV (512) w:493-2764, h:323-5622, m:750-1783
FundsXpress john.milton@fxfn.com Don't FLAME, inform! O-
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Distributed Session Cache

> How far along is the mod_ssl port to Apache 2?

It is basically done, already bundled with Apache itself as a regular module

> Has anyone hacked up a distributed session cache?

The closest I know of is for Apache-SSL, which Ben Laurie mentioned at one
of the Apachecons: http://anoncvs.aldigital.co.uk/splash/
based on http://spread.org

Some discussion on this:
http://marc.theaimsgroup.com/?l=apache-modssl&m=990553201018 22&w=2

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Distributed Session Cache

On Fri, 12 Jul 2002, John Milton wrote:

> How far along is the mod_ssl port to Apache 2?

Done, for all intents and purposes. AFAIK, the only big still-missing
functionality is the per-directory POST renegotiations.

> Has anyone hacked up a distributed session cache?

Not that I'm aware of. But somebody out there might have one I suppose...
anybody?

> Would a dbm session cache over NFS work?

Hmmm... probably not. For one thing, it would be slow. For another,
files are typically not lockable over NFS. With multiple writers I'd
think it would be pretty easy to corrupt the dbm. But I'm not positive.
Try it and see what happens I guess.

> Did the old Apache-SSL ssl_gcache ever work as a DSC?
> How did ssl_gcache deal with security/integrity of the cache?

You'd probably have to ask the Apache-SSL guys on that one.

> Is this problem even worse: Does the client throw away
> it's current session key every time it gets a different
> session key from the web server?

It's supposed to, yes.

> I see that there is a great deal of work on distributed
> shared memory (mostly for parallel computing). Has anyone
> put one of these solutions under mm?

Don't think so. And anyway, Apache 2.0's mod_ssl doesn't use mm.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Distributed Session Cache

On Sat, 13 Jul 2002, Daniel Lopez wrote:

> > How far along is the mod_ssl port to Apache 2?
>
> It is basically done, already bundled with Apache itself as a regular module
>
> > Has anyone hacked up a distributed session cache?
>
> The closest I know of is for Apache-SSL, which Ben Laurie mentioned at one
> of the Apachecons: http://anoncvs.aldigital.co.uk/splash/
> based on http://spread.org
>
> Some discussion on this:
> http://marc.theaimsgroup.com/?l=apache-modssl&m=990553201018 22&w=2

before I get a wave of follow-ups as a result of this, let me save myself
some typing ...

The good news: the work was actually done, finished, and working nicely
(very fast and scales about two orders of magnitude higher than you'd be
able to scale the SSL crypto to match it :)

The bad news: the work was done in/for a company and is not at this stage
open source. I am in the process of seeing what could be done to change
that now that someone has jogged my memory, but I need to stress that this
will be someone else's decision, not mine.

Cheers,
Geoff


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org