Excerpts from Eichberger, German's message of 2014-04-21 11:51:05 -0700: > Hi, > > Despite there are some good use cases for the re-encryption I think it’s out > of scope for a Load Balancer. We can defer that functionality to the VPN – as > long as we have a mechanism to insert a LoadBalancer as a VPN node we should > get all kind of encryption infrastructure “for free”. > > I like the Unix philosophy of little programs doing one task very well and > can be chained. So in our case we might want to chain a firewall to a load > balancer to a VPN to get the functionality we want. >
I think that only makes things simpler in an IPv6+IPSec situation (which, btw, would be fantastic and should be something we all drive OpenStack toward). But if you have to add something like OpenVPN to the load balancer service nodes, I'm not sure you're saving any complexity by using VPN vs. something like stunnel. _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
