NSX / SSL LB passthrough and enable acceleration ?

ferdi_bulbul · ‎05-18-2017

I have a question about NSX LB.

SSL Passthrough means that NSXEge don't terminate clients HTTPS (SSL sessions). Client SSL sessions are terminated to the servers (not the edge).

There is also a note as below on the configuration page (VMware Documentation Library);

* If Enable Acceleration check box is selected and there are no L7 related configurations, the session would NOT be terminated by the edge.

* If Enable Acceleration check box is not selected, the session would be treated as L7 TCP mode, and Edge will terminate it into two sessions.

Does this mean that we must select "enable Acceleration" when configuring SSL passthrough? If not selected, there will be two sessions such as socket-based LB (a client-facing connection and a server-facing connection)?

Thanks

lhoffer · ‎05-18-2017

You do not need to select "enable acceleration" to utilize SSL passthrough as that just determines whether the L4 or L7 engine gets used in the load balancer. When you don't select "enable acceleration", the two separate sessions referred to in the documentation you referenced are the TCP sessions, not the SSL sessions so you can still do that in conjunction with SSL offload.

All

NSX / SSL LB passthrough and enable acceleration ?