AnsweredAssumed Answered

Offloading SSL in Loadbalancer

Question asked by lakshmi_1234 on Apr 4, 2018
Latest reply on Apr 4, 2018 by irfan.mugale

Hi All,

We are currently designing the architecture for our environment.We have a public facing Loadbalancer and CA API gateway is placed in private network.We suggested Loadbalancer bypass the SSL and CA Gateway takes of SSL part.But LB team suggested that they will do the SSL authentication and forward the message with http protocol to CA API Gateway.Is this the correct approach.What is the best approach to design this requirement using ca api gw.I have three options in mind.

1)Loadbalacer teriminates the SSL and send the plan text to CA Gateway.(when LB is not using the message why they need to decrypt it.

2)Loadbalancer bypass the SSL ,CA gateway takes care of SSL authentication.

3)Loadbalancer terminates the SSL at their end and agiain there will SSL connection b/w LB and CA API GW.

 

Can anyone tell me which is the best approach to follow.

Outcomes