摘要
针对将客户端请求向Web系统中各SSL反向代理网关分发的问题,提出了两种系统架构设计方案,为SSL会话粒度的SSL反向代理网关请求分发算法设计提供了理论支持,并总结了两种设计方案的优缺点。其中一种方案的请求分发设备串联在客户端与安全网关系统之间,用TCP hand-off的方法转发客户端请求,其额外开销较小,响应速度较快,但无法分析客户端请求内容,且实现较为复杂;另一种方案的请求分发设备利用HTTP的重定向机制转发客户端请求,其额外开销较大,但可以分析客户端请求内容,且实现较为容易。
Aiming at the problem of distributing client requests to SSL reverse proxy gateways in a Web system, this paper proposed two different design schemes of system architecture, which provided theoretical support for the design of request distribution algorithms for SSL reverse proxy gateways in the granularity of SSL session, and then summarized their advantages and disadvantages, In the first seheme, the request distributor was connected between the clients and the SSL reverse proxy gateways in series, while the client requests were distributed to the SSL reverse proxy gateways via the TCP hand - off mechanism. This scheme' s extra overhead is relatively small and its response speed is relatively high. However, it can' t analyse the content of client requests, and it is difficult to be implemented. The second scheme utilizes the redirect mechanism of HTTP to distribute client requests. It has the disadvantage of a relatively large extra overhead, whereas the advantages of being able to analyse the content of client requests and easy to be implemented.
出处
《网络新媒体技术》
2016年第3期49-54,共6页
Network New Media Technology
基金
中国科学院战略性先导科技专项("Strategic Priority Research Program"of the Chinese Academy of Sciences)课题:未来网络架构研究与边缘设备研制(编号:XDA06010302)
中国科学院声学研究所知识创新工程项目课题:新媒体服务网络技术研究与设备研制(编号:Y154191601)
