0

LVS

Linux Virtual Server的分发版,具有一些高级功能。 它引入了一种新的数据包转发方法 - 除NAT/Tunneling/DirectRouting之外的FULLNAT,以及针对synflooding攻击的防御机制 - SYNPROXY。(A distribution of Linux Virtual Server with some advanced features. It introduces a new packet forwarding method - FULLNAT other than NAT/Tunneling/DirectRouting, and defense mechanism against synflooding attack - SYNPROXY.)

Github repo
Main metrics

Github stars Tracking Chart

LVS

Linux Virtual Server的分发版,具有一些高级功能。

FullNAT:除DR/NAT/TUNNEL之外的一种新的IPVS报文转发方法主要原理如下:模块引入本地IP地址(IDC内部ip地址,lip),IPVS将cip-vip转换为/从lip-rip转换,其中lip和rip都是IDC内部ip地址,这样LVS负载均衡器和真实服务器可以在不同的vlan中,而真正的服务器只需要访问内部网络。有关详细信息,请参阅通过完全NAT的Virtual Server。

SYNPROXY:针对synflooding攻击的防御模块主要原则:基于tcp syncookies,请参考http://en.wikipedia.org/wiki/SYN_cookies ;

Linux内核2.6.32中的IPVS的FullNAT和SYNPROXY代码由淘宝网的吴家明、陈家俊、陈亮、朱顺民;360.cn的陈健,以及来自淘宝网的张文松的一些建议。代码受到源码NAT和SYNPROXY版本的影响,这些版本在Linux内核2.6.9中被硬编码为IPVS,在2009年由Wen Li,Yan Tian,Jian Chen,Yang Yi,Yaoguang Sun,Fang Han,Ying liu和baidu.com的Jiaming Wu。

在淘宝网上,Jiajun Chen和Ziang Chen将keepNAT和SYNPROXY支持添加到keepalived/ipvsadm中。

Overview

Name With Owneralibaba/LVS
Primary LanguageC
Program languageC (Language Count: 14)
PlatformLinux
License:
Release Count0
Created At2013-07-02 06:07:10
Pushed At2019-07-02 02:59:08
Last Commit At2013-07-04 14:35:42
Stargazers Count2k
Watchers Count249
Fork Count677
Commits Count9
Has Issues Enabled
Issues Count35
Issue Open Count29
Pull Requests Count1
Pull Requests Open Count3
Pull Requests Close Count4
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private

LVS

A distribution of Linux Virtual Server with some advanced features.

FullNAT: A new packet forwarding method for IPVS, other than DR/NAT/TUNNEL
The main principle is as follows: the module introduces local ip address (IDC internal ip address, lip), IPVS translates cip-vip to/from lip-rip, in which lip and rip both are IDC internal ip address, so that LVS load balancer and real servers can be in different vlans, and real servers only need to access internal network. See Virtual Server via Full NAT for more information.

SYNPROXY: Defence module against synflooding attack
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;

This FullNAT and SYNPROXY code for IPVS in Linux kernel 2.6.32 was written by Jiaming Wu,Jiajun Chen,Ziang Chen,Shunmin Zhu at taobao.com, Jian Chen at 360.cn, with some advising from Wensong Zhang at taobao.com. The code was affected by ideas of the source NAT and SYNPROXY version that was hard coded to IPVS in Linux kernel 2.6.9 by Wen Li, Yan Tian, Jian Chen, Yang Yi, Yaoguang Sun, Fang Han, Ying liu and Jiaming Wu at baidu.com in 2009.

The FullNAT and SYNPROXY support were added to keepalived/ipvsadm by Jiajun Chen and Ziang Chen at taobao.com.

To the top