> It is a view that I do not share. > I prefer to use the solution to "limit" at the IPVS IP server and use > the SYN Cookies on the real servers. > Maybe I'm wrong, but I prefer distribute the attack on the real servers > rather than take the risk of dropping the IPVS director himself.
In our set-up, we're planning to have multiple directors running active-active with the traffic spread across them via ECMP routing, and we will have enough directors to take the load of a SYN flood that maxes out our Internet link. Alex _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
