|
At 08.22 29/09/00 +0000, Julian Anastasov wrote:
...
> -aux |grep httpd, but if I try a connection to localhost on one of the
> realserver I can't get anything). The only solutions is to restart apache.
This result is expected. Have you seen DDoS :)
I've read "LVS defence strategies against DoS attacks"
(www.linuxvirtualserver.org/defense.html), but I've not implemented any of
the strategies it talks about yet!
Is this what you're talking about?
Is DoS protection you're talking about at kernel level or at LVS level? I
think the first one since I can't connect to real servers' port 80 after
testlvs launch even trying to connect from "realservers localhost" (it's
realservers' kernel to stop processing packet directed to port 80)
I can perform testlvs runs if I set -srcnum < ~20, it seems to me that
kernel considers a packet flooding as a DoS attack only if it comes from a
lot of different Ip numbers... Am I wrong?
> Has anyone of you experienced such a problem?
You are brave people :)
This tool is for people that often ask "Hm, what CPU I need for
LVS? Can LVS supprt N connections/sec? Is 128MB RAM enough for LVS?".
But if you want to hit your real servers, go ahead :)
Having set "srcnum 10", I've done some test with testlvs, and I can get
about 3200-3400 packets/sec. This is CPU limited: my PIII 733 LVS servers
report full CPU usage during tests, while occupied memory doesn't seem to
grow (used memory: ~40Mb, and it doesn't grow during tests).
I have reached ~17500 packets/sec during first tests, I can't understand
why I can't get this result anymore (I've not change anything in SW/HW
configuration, I only went lunch! :)
My LVS servers are single PIII 733, 256Mb, doing NAT on a 100Mbit switched
(Cabletron Smart Stack) network.
Regards,
Pietro
|
