0

LVS

Linux Virtual Server的分发版,具有一些高级功能。 它引入了一种新的数据包转发方法 - 除NAT/Tunneling/DirectRouting之外的FULLNAT,以及针对synflooding攻击的防御机制 - SYNPROXY。(A distribution of Linux Virtual Server with some advanced features. It introduces a new packet forwarding method - FULLNAT other than NAT/Tunneling/DirectRouting, and defense mechanism against synflooding attack - SYNPROXY.)

Github 資源庫
主要指標

Github星跟蹤圖

LVS

Linux Virtual Server的分发版,具有一些高级功能。

FullNAT:除DR/NAT/TUNNEL之外的一种新的IPVS报文转发方法主要原理如下:模块引入本地IP地址(IDC内部ip地址,lip),IPVS将cip-vip转换为/从lip-rip转换,其中lip和rip都是IDC内部ip地址,这样LVS负载均衡器和真实服务器可以在不同的vlan中,而真正的服务器只需要访问内部网络。有关详细信息,请参阅通过完全NAT的Virtual Server。

SYNPROXY:针对synflooding攻击的防御模块主要原则:基于tcp syncookies,请参考http://en.wikipedia.org/wiki/SYN_cookies ;

Linux内核2.6.32中的IPVS的FullNAT和SYNPROXY代码由淘宝网的吴家明、陈家俊、陈亮、朱顺民;360.cn的陈健,以及来自淘宝网的张文松的一些建议。代码受到源码NAT和SYNPROXY版本的影响,这些版本在Linux内核2.6.9中被硬编码为IPVS,在2009年由Wen Li,Yan Tian,Jian Chen,Yang Yi,Yaoguang Sun,Fang Han,Ying liu和baidu.com的Jiaming Wu。

在淘宝网上,Jiajun Chen和Ziang Chen将keepNAT和SYNPROXY支持添加到keepalived/ipvsadm中。

概覽

名稱與所有者alibaba/LVS
主編程語言C
編程語言C (語言數: 14)
平台Linux
許可證Apache License 2.0
發布數0
創建於2013-07-02 06:07:10
推送於2019-07-02 02:59:08
最后一次提交2013-07-04 14:35:42
星數2k
關注者數249
派生數678
提交數9
已啟用問題?
問題數35
打開的問題數29
拉請求數1
打開的拉請求數3
關閉的拉請求數4
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?

LVS

A distribution of Linux Virtual Server with some advanced features.

FullNAT: A new packet forwarding method for IPVS, other than DR/NAT/TUNNEL
The main principle is as follows: the module introduces local ip address (IDC internal ip address, lip), IPVS translates cip-vip to/from lip-rip, in which lip and rip both are IDC internal ip address, so that LVS load balancer and real servers can be in different vlans, and real servers only need to access internal network. See Virtual Server via Full NAT for more information.

SYNPROXY: Defence module against synflooding attack
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;

This FullNAT and SYNPROXY code for IPVS in Linux kernel 2.6.32 was written by Jiaming Wu,Jiajun Chen,Ziang Chen,Shunmin Zhu at taobao.com, Jian Chen at 360.cn, with some advising from Wensong Zhang at taobao.com. The code was affected by ideas of the source NAT and SYNPROXY version that was hard coded to IPVS in Linux kernel 2.6.9 by Wen Li, Yan Tian, Jian Chen, Yang Yi, Yaoguang Sun, Fang Han, Ying liu and Jiaming Wu at baidu.com in 2009.

The FullNAT and SYNPROXY support were added to keepalived/ipvsadm by Jiajun Chen and Ziang Chen at taobao.com.

去到頂部