{SSLACC}: A Clustered {SSL} Accelerator

Eric Rescorla; Adam Cain; Brian Korver

SSLACC: A Clustered SSL Accelerator

We describe a clustered SSL accelerator. Although current SSL acceleration solutions [1, 2] often employ multiple nodes in parallel (or in series [3]) for improved performance and resistance to single failures, the failure of any node results in all client connections to that node being torn down. Our implementation goes beyond this to provide robustness against node failures at the connection level--any proper subset of the nodes in the cluster can fail and no effect (other than possibly performance degradation) will be observed. This result is accomplished by a novel combination of tight control of TCP [4] behavior and state-sharing between cluster members. Unlike many high availability clustering systems, ours uses commodity hardware.

Eric Rescorla, RTFM, Inc.

Adam Cain, Nokia, Inc.

Brian Korver, Xythos Software

BibTeX

@inproceedings {270562,
author = {Eric Rescorla and Adam Cain and Brian Korver},
title = {{SSLACC}: A Clustered {SSL} Accelerator},
booktitle = {11th USENIX Security Symposium (USENIX Security 02)},
year = {2002},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/11th-usenix-security-symposium/sslacc-clustered-ssl-accelerator},
publisher = {USENIX Association},
month = aug
}

Download

Links

Paper:

http://www.usenix.org/events/sec02/full_papers/rescorla/rescorla.pdf

Paper (HTML):

http://www.usenix.org/events/sec02/full_papers/rescorla/rescorla_html/index.html

USENIX Conference Policies

SSLACC: A Clustered SSL Accelerator

Eric Rescorla, RTFM, Inc.

Adam Cain, Nokia, Inc.

Brian Korver, Xythos Software

Links