alibaba-LVS release New features are: 1. FullNAT: A new packet forwarding method for IPVS, other than DR / NAT / TUNNEL The main principle is as follows: the module introduces local ip address (IDC internal ip address, lip), IPVS translates cip-vip to / from lip-rip, in which lip and rip both are IDC internal ip address, so that LVS load balancer and real servers can be in different vlans, and real servers only need to access internal network. See Virtual Server via Full NAT for more information. FULLNAT is a new forwarding mode. The main idea: the introduction of local address (within the network ip address), cip-vip converted into lip-> rip, and rip and lip are IDC network ip, vlan communications across. 2. SYNPROXY: Defence module against synflooding attack The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies; SYNPROXY for defense synflood attacks. The main idea: see linux tcp protocol stack syncookies Qie thought, LVS- construct special seq Qie synack package, verify the legality of ack packets ack_seq - implements TCP three-way handshake agent. Project address: https:
Reproduced in: https: //my.oschina.net/766/blog/211447