SSLSARD: A request distribution technique for distributed SSL reverse proxies

Although Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are the for transport layer security, their cryptographic operations tend to be highly CPU intensive. Web systems that support SSL/TLS often deploy several locally or globally distributed SSL reverse proxies in front of Web servers to offload SSL/TLS operations from Web servers and improve the execution performance of the SSL/TLS protocol. A particularly obvious problem is the distribution strategy of incoming requests to the SSL reverse proxies. In this paper, we propose a request distribution technique to improve the overall performance of SSL reverse proxy system. This technique is called SSL-Session-Aware Request Distribution (SSLSARD), consisting of a real-time load estimation algorithm and an SSL-session-aware request distribution algorithm. Our experimental results show that SSL session resumption is critical in improving the performance of a SSL reverse proxy system. And comparing with the client-granularity distribution strategy of SSL_session_only, SSLSARD can deal with more concurrent requests and further increase system throughput.