[lvs-users] LVS and D/Dos

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	[lvs-users] LVS and D/Dos
From:	"Sameer Garg" <sameer.garg@xxxxxxxxx>
Date:	Tue, 15 Apr 2008 12:13:53 +0530

Hi All,

We have been experiencing D/Dos on http. The LVS is uneffected by the
D/Dos but the real servers are suffering. Beside the D/Dos the LVS is
currently handling 5 subdomains and approximately 10QPS.

We are using LVS-Tun configuration. Due to our distributed setup and
service provider limitation we can't put a perimeter firewall so we
are thinking of stopping them at or before the LVS.

At the director I have tuned the route flush and route garbage
collection variables but that is all I could figure out.After reading
the howto and the mailing list I have concluded  that it is possible
to use iptalbles with LVS-DR and LVS-NAT.  Is it advisable to put
iptables on the director in a LVS-TUN setup?

Unrelated question: Anybody using a opensource firewall Iptables/pf in
production for 100M connection?

Sameer

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] LVS and D/Dos, Sameer Garg <= Re: [lvs-users] LVS and D/Dos, Michael Schwartzkopff Re: [lvs-users] LVS and D/Dos, Sameer Garg Re: [lvs-users] LVS and D/Dos, Michael Schwartzkopff Re: [lvs-users] LVS and D/Dos, Bgs

Previous by Date:	Re: [lvs-users] Decreasing the number of backup nodes!!, Graeme Fowler
Next by Date:	Re: [lvs-users] LVS and D/Dos, Michael Schwartzkopff
Previous by Thread:	[lvs-users] using fwmark with kernel 2.6, Matthias Krauss
Next by Thread:	Re: [lvs-users] LVS and D/Dos, Michael Schwartzkopff
Indexes:	[Date] [Thread] [Top] [All Lists]