Hi Imi,
So, my question is since we don't use load balancing and we just do 1-1
redirection do we gain something by using ipvs or we can just use iptables
for it ?
Hmm, ... using LVS you can benefit internal DoS attack strategies defense :
http://www.linux-vs.org/docs/defense.html
Since DoS generate most of the time random & different src_ip, new cnx
entries are created and appended to the LVS cnx table. Since DoS attack try
to memory flood remote director (by flooding LVS cnx table with fake cnx),
the internal LVS DoS prevention stategie can increase security providing
active handling.
can be usefull,
Best regards,
Alexandre
|