Effective Request Distributing in Distributed SSL Reverse Proxies

We focus on effective request distributing for locally or globally distributed Secure Sockets Layer (SSL) reverse proxies in a Web system. We assume a system consisting of a front-end request distributor and several back-end SSL reverse proxy nodes, each has its own queue for caching requests. The proposed two request distribution strategies SSLSARD-D and SSLSARD-W are both composed of a back-end load estimation algorithm, a request distribution algorithm and a queue resource scheduling algorithm. We test the proposed strategies' performances using a request flow with bursty arrivals. We show that the proposed strategies perform well in reducing packet losses when coming across bursty arrivals, but need to be at the expense of increasing request latency. Comparing with SSLSARD-D, SSLSARD-W provides higher SSL session resumption rate and performs better when the request flow fluctuates greatly.

[1]  Sotirios Kontogiannis,et al.  ALBL: an adaptive load balancing algorithm for distributed web systems , 2014, Int. J. Commun. Networks Distributed Syst..

[2]  Michael E. Kounavis,et al.  Encrypting the internet , 2010, SIGCOMM '10.

[3]  Chita R. Das,et al.  An SSL Back-End Forwarding Scheme in Cluster-Based Web Servers , 2007, IEEE Transactions on Parallel and Distributed Systems.

[4]  Jun Yang,et al.  SSLSARD: A Request Distribution Technique for Distributed SSL Reverse Proxies , 2016, J. Commun..

[5]  Krithi Ramamritham,et al.  ReDAL: An Efficient and Practical Request Distribution Technique for Application Server Clusters , 2007, IEEE Transactions on Parallel and Distributed Systems.

[6]  Michele Colajanni,et al.  Content-Aware Dispatching Algorithms for Cluster-Based Web Servers , 2004, Cluster Computing.

[7]  Ronald Mraz Secure Blue: an architecture for a scalable, reliable high volume SSL Internet server , 2001, Seventeenth Annual Computer Security Applications Conference.

[8]  Victoria Ungureanu,et al.  Effective load balancing for cluster-based servers employing job preemption , 2008, Perform. Evaluation.

[9]  Xue Liu,et al.  A predictive dynamic load balancing algorithm with service differentiation , 2013, 2013 15th IEEE International Conference on Communication Technology.

[10]  Takamichi Saito,et al.  Load-Balancing SSL Cluster Using Session Migration , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[11]  Richard B. Bunt,et al.  Hierarchical Workload Characterization for a Busy Web Server , 2002, Computer Performance Evaluation / TOOLS.

[12]  Michele Colajanni,et al.  Performance study of dispatching algorithms in multi-tier web architectures , 2002, PERV.

[13]  Erik Tews,et al.  Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks , 2014, USENIX Security Symposium.