We're building a load balanced setup with two load balancers (that also terminate SSL) and several upstream servers. Both the load balancers and the upstream servers run nginx. The network on which requests are forwarded to the upstream servers cannot be trusted, hence we have to re-encrypt it after SSL termination on the load balancer. We're wondering which route we should take for re-encrypting the connection:
- SSL: the load balancer connects to an upstream server using SSL.
- positive: fairly resilient, since every connection is established from the ground up
- negative: added latency from the SSL handshake
- persistent SSH tunnel
- positive: no (or less?) added latency
- negative: tunnel may break down and has to be monitored with e.g. autossh
Additionally, I'm not sure how both solutions compare in throughput. Does anybody have some experience with one or both of these solutions? Or are there better approaches?
Nice question and also in my interest.
I would vote for a persistent SSL tunnel with monitoring or VPN, as said. Encryption then needs to be done once and for all traffic. As it's a load balancer you should be able to easily timeout on failing encryption link.
Have you already implemented something?