LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] IPVS SYN-cookies -> IPVS security patch not 3.x kernels

from [Alexander Frolkin] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] IPVS SYN-cookies -> IPVS security patch not 3.x kernels
From: Alexander Frolkin <avf@xxxxxxxxxxxxxx>
Date: Thu, 16 May 2013 09:13:00 +0100 
> It is a view that I do not share.
> I prefer to use the solution to "limit" at the IPVS IP server and use
> the SYN Cookies on the real servers.
> Maybe I'm wrong, but I prefer distribute the attack on the real servers
> rather than take the risk of dropping the IPVS director himself.

In our set-up, we're planning to have multiple directors running
active-active with the traffic spread across them via ECMP routing, and
we will have enough directors to take the load of a SYN flood that maxes
out our Internet link.


Alex


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] IPVS SYN-cookies -> IPVS security patch not 3.x kernels, Ivan Havlicek
Next by Date:  [lvs-users] Connecting to service from behind VIP, Samuel Winchenbach
Previous by Thread:  Re: [lvs-users] IPVS SYN-cookies -> IPVS security patch not 3.x kernels, Ivan Havlicek
Next by Thread:  Re: [lvs-users] IPVS SYN-cookies, Ivan Havlicek
Indexes:  [Date] [Thread] [Top] [All Lists]