Hi, Am a happy ipvs user for many years, but I was recently troubled by a syn flood that took our redundant LVS-DR directors down (too many eth interrupts to even use the console). I noticed that http://www.linuxvirtualserver.org/docs/defense.html is quite outdated, as the sysctl variables aren't even in recent kernels anymore. So I wonder if anyone can refer me to any recent syn flood mitigation strategies. I assume the secure_tcp and drop_packet functionality has been merged with the netfilter code, but I couldnt find any relevant info.
In my setup, the default gateway for the 150+ realservers is also the director. The realservers are on a private network. Apparently, if a realserver receives a syn packet from a spoofed ip, it will reply six times in 1 minute. So the flooder has a multiplier of 6, which seems the first thing to fix. Now I wonder what everyone else out there is using as sane sys.net.ipv4 parameters, besides the obvious tcp_synack_retries (2?) and tcp_syncookies ? Cheers! Willem _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
