[lvs-users] LVS and D/Dos

Sameer Garg sameer.garg at gmail.com
Tue Apr 15 07:43:53 BST 2008 

Hi All,

We have been experiencing D/Dos on http. The LVS is uneffected by the
D/Dos but the real servers are suffering. Beside the D/Dos the LVS is
currently handling 5 subdomains and approximately 10QPS.

We are using LVS-Tun configuration. Due to our distributed setup and
service provider limitation we can't put a perimeter firewall so we
are thinking of stopping them at or before the LVS.

At the director I have tuned the route flush and route garbage
collection variables but that is all I could figure out.After reading
the howto and the mailing list I have concluded  that it is possible
to use iptalbles with LVS-DR and LVS-NAT.  Is it advisable to put
iptables on the director in a LVS-TUN setup?

Unrelated question: Anybody using a opensource firewall Iptables/pf in
production for 100M connection?

Sameer

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list