Entry 20430 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 20430

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/07/11 [General] UID:1000 Activity:popular

7/11

2001/1/25-26 [Computer/SW/WWW/Server] UID:20430 Activity:kinda low

1/24    I've heard of companies making daughterboards that process SSL
        sessions to offload the CPU to do the real work.  Anybody know where
        I can find them?  I searched for "SSL daughterboard" and some other
        similar words and couldn't find anything.  Thanks.
        \_ Don't erase correct answers. SSL accelerator cards are made by
                nCipher, Phobos and Rainbow.
        \_ bigIP makes one for their load balancers. http://www.f5.com
                \_ DON'T!  DON'T DO IT!  -John
        \_ Intel makes a box you put in front of the web server.  BigIP/F5
           has an add-in card as stated above.  Ask their sales guys how they
           compare to their other competitors to get the full list.  That
           trick always works.
                \_ The Intel Box 2180 kicks serious butt compared to the F5.
                   The daughtercard does RSA and cipher ops in HW and more
                   the point--  BigIP == BSDi + rainbow card.  Check out
                   http://www.rainbow.com and there is one or two other people out
                   there selling similar products.  THe bad thing there is
                   they only do the SSL symmetric key negotiation RSA ops in
                   HW.  I.e..  you get one per interactive session, so you
                   in effect get little if any speedup in real situations.
                   What blows my mind is that Intel and F5 sell these boxes
                   for ~ $50k+.  They are little more than BSD + regexp
                   parsing http headers in hacked kernel.  ack...
                        \_ Intel has an ssl-decrypt-only box for much less
                           where you put their box inlineon the wire.  SSL
                           goes in the front and decrypted stream comes out
                           the back wire.  I _think_ it was about $1.5k/box
                           or so but I can't recall for sure.  The $50k thing
                           was a full load balancer/ssl decrypter/switch/etc/
                           do everything box.  You can put the ssl-only box
                           in front of your bigip or other load balancer.
                           Can you explain why you say there's no real speed
                           increase with the bigip/rainbox combo in the real
                           world?  I'm not getting it.

Cache (196 bytes)

www.f5.comF5 optimizes and scales any application or Web service in a highly available and secure manner, while simplifying deployments by automating the interaction between the application and the network.

Cache (363 bytes)

www.rainbow.comSafeNet, Inc. Monday 16 , April 5, 2004 SafeNet Provides Post-Merger Guidance Update Company Provides Q1 Guidance; Members will receive enhanced levels of service and support, training, opportunities for technical innovation and the ability to offer end-to-end security solutions to your customers. Copyright 2004, SafeNet, Inc. All rights reserved. References 1.