|
Hi,all.
I want know whether the following functions is implemented in the lvs.
Thank you.
■Delayed Removal of TCP Connection Context
Because of IP packet ordering anomalies, IOS SLB might "see"
the termination of a TCP connection (a finish [FIN] or reset [RST])
followed by other packets for the connection. This problem usually
occurs when there are multiple paths that the TCP connection packets
can follow. To correctly redirect the packets that arrive after the
connection is terminated, IOS SLB retains the TCP connection
information, or context, for a specified length of time.
The length of time the context is retained after the connection
is terminated is controlled by a configurable delay timer.
■TCP Session Reassignment
IOS SLB tracks each TCP synchronous idle character (SYN) sent to
a real server by a client attempting to open a new connection.
If several consecutive SYNs are not answered, or if an SYN is
replied
to with an RST, the TCP session is reassigned to a new real server.
The number of SYN attempts is controlled by a configurable reassign
threshold.
■Automatic Server Failure Detection
IOS SLB automatically detects each failed connection attempt to
a real server, and increments a failure counter for that server.
(The failure counter is not incremented if a failed connection from
the same client has already been counted.) If a server's failure
counter exceeds a configurable failure threshold, the server is
considered out of service and is removed from the list of
active real servers.
■Auto Unfail
When a real server fails and is removed from the list of active
servers,
it is assigned no new connections for an amount of time specified
by a configurable retry timer. After that timer expires, the server
is again eligible for new virtual server connections and IOS SLB
sends
the server the next connection for which it qualifies. If the
connection
is successful, the failed server is placed back on the list of
active
real servers. If the connection is unsuccessful, the server remains
out of service and the retry timer is reset.
■Slow Start
In an environment that uses weighted least connections load
balancing,
a real server that is placed in service initially has no
connections,
and could therefore be assigned so many new connections that
it becomes overloaded. To prevent such an overload, the slow start
feature controls the number of new connections that are directed to
a real server that has just been placed in service.
■SynGuard
The SynGuard feature limits the rate of TCP SYNs handled by
a virtual server to prevent a type of network problem known as
an SYN flood denial of service attack. A user might send a large
number of SYNs to a server, which would overwhelm or crash the
server,
denying service to other users. The SynGuard feature prevents
an SYN flood denial of service attack from bringing down IOS SLB or
a real server. SynGuard monitors the number of SYNs to a virtual
server over a specific time interval and does not allow the number
to exceed a configured SYN threshold. Once the threshold is reached,
any new SYNs are dropped
Regards.
zhao.
|
