http://kb.linux-vs.org/api.php?action=feedcontributions&feedformat=atom&user=BenjiamingLVSKB - User contributions [en]2026-05-24T17:30:43ZUser contributionsMediaWiki 1.26.2http://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43823IPVS FULLNAT and SYNPROXY2012-08-08T09:37:05Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FullNAT: A new packet forwarding method for IPVS, other than DR/NAT/TUNNEL'''<br />
<br />
The main principle: the module introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS is capable of inter-vlan communication, while RS only need to access internal network.<br />
<br />
'''SYNPROXY: Defence module against synflooding attack'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
This FullNAT and SYNPROXY code for IPVS in Linux kernel 2.6.32 was written by Jiaming Wu at taobao.com, Jian Chen at 360.cn, and Shunmin Zhu at taobao.com, with some advising from Wensong Zhang at taobao.com. The code was affected by ideas of the source NAT and SYNPROXY version that was hard coded to IPVS in Linux kernel 2.6.9 by Wen Li, Yan Tian, Jian Chen, Yang Yi,Yaoguang Sun, Fang Han, Ying liu and Jiaming Wu at baidu.com in 2009.<br />
<br />
<br />
The FullNAT and SYNPROXY support were added to keepalived/ipvsadm by Jiajun Chen, and Ziang Chen at taobao.com. <br />
<br />
Please note that FullNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
<br />
3.1 keepalived install<br />
cd /home/pukong/tools/keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd /home/pukong/tools/ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd /home/pukong/tools/quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43816IPVS FULLNAT and SYNPROXY2012-08-08T07:41:26Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model for IPVS besides DR/NAT/TUNNEL'''<br />
<br />
The main principle: the module introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS is capable of inter-vlan communication, while RS only need to access internal network.<br />
<br />
'''SYNPROXY: Defence module against synflood attack'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first version of FULLNAT and SYNPROXY were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second version were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang at TAOBAO; <br />
<br />
The FULLNAT and SYNPROXY support were added to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
<br />
3.1 keepalived install<br />
cd /home/pukong/tools/keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd /home/pukong/tools/ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd /home/pukong/tools/quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Lvs-fullnat-synproxy-doc.zip&diff=43815File:Lvs-fullnat-synproxy-doc.zip2012-08-08T07:40:35Z<p>Benjiaming: uploaded a new version of "Image:Lvs-fullnat-synproxy-doc.zip"</p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:LVS%E6%93%8D%E4%BD%9C%E6%89%8B%E5%86%8C.zip&diff=43814File:LVS操作手册.zip2012-08-08T07:39:53Z<p>Benjiaming: uploaded a new version of "Image:LVS操作手册.zip"</p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Lvs-fullnat-synproxy-doc.zip&diff=43813File:Lvs-fullnat-synproxy-doc.zip2012-08-08T07:16:36Z<p>Benjiaming: uploaded a new version of "Image:Lvs-fullnat-synproxy-doc.zip"</p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43812IPVS FULLNAT and SYNPROXY2012-08-08T07:14:29Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model for IPVS besides DR/NAT/TUNNEL'''<br />
<br />
The main principle: the module ntroduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS is capable of inter-vlan communication, while RS only need to access internal network.<br />
<br />
'''SYNPROXY: Defence module against synflood attack'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first version of FULLNAT and SYNPROXY were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second version were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang at TAOBAO; <br />
<br />
The FULLNAT and SYNPROXY support were added to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
<br />
3.1 keepalived install<br />
cd /home/pukong/tools/keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd /home/pukong/tools/ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd /home/pukong/tools/quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43756IPVS FULLNAT and SYNPROXY2012-08-01T02:06:36Z<p>Benjiaming: /* Building */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model for IPVS besides DR/NAT/TUNNEL'''<br />
<br />
The main principle: the module introduces introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS is capable of inter-vlan communication, while RS only need to access internal network.<br />
<br />
'''SYNPROXY: Defence module against synflood attack'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first version of FULLNAT and SYNPROXY were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second version were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang at TAOBAO; <br />
<br />
The FULLNAT and SYNPROXY support were added to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
<br />
3.1 keepalived install<br />
cd /home/pukong/tools/keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd /home/pukong/tools/ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd /home/pukong/tools/quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43755IPVS FULLNAT and SYNPROXY2012-08-01T02:05:59Z<p>Benjiaming: /* Building */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model for IPVS besides DR/NAT/TUNNEL'''<br />
<br />
The main principle: the module introduces introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS is capable of inter-vlan communication, while RS only need to access internal network.<br />
<br />
'''SYNPROXY: Defence module against synflood attack'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first version of FULLNAT and SYNPROXY were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second version were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang at TAOBAO; <br />
<br />
The FULLNAT and SYNPROXY support were added to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd /home/pukong/tools/keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd /home/pukong/tools/ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd /home/pukong/tools/quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43751IPVS FULLNAT and SYNPROXY2012-07-31T09:34:23Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model for IPVS besides DR/NAT/TUNNEL'''<br />
<br />
The main principle: the module introduces introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS is capable of inter-vlan communication, while RS only need to access internal network.<br />
<br />
'''SYNPROXY: Defence module against synflood attack'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first version of FULLNAT and SYNPROXY were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second version were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang at TAOBAO; <br />
<br />
The FULLNAT and SYNPROXY support were added to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Lvs-fullnat-synproxy-doc.zip&diff=43749File:Lvs-fullnat-synproxy-doc.zip2012-07-31T08:47:05Z<p>Benjiaming: uploaded a new version of "Image:Lvs-fullnat-synproxy-doc.zip"</p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS&diff=43746IPVS2012-07-31T07:33:09Z<p>Benjiaming: /* Design and Implementation */</p>
<hr />
<div>IPVS (IP Virtual Server) implements transport-layer [[load balancing]] inside the Linux kernel, so called [[Layer-4 switching]]. IPVS running on a host acts as a [[load balancer]] before a cluster of real servers, it can direct requests for TCP/UDP based services to the real servers, and makes services of the real servers to appear as a virtual service on a single IP address.<br />
<br />
== IP Load Balancing Technologies ==<br />
<br />
Since the IP load balancing techniques have good scalability, IPVS extends the TCP/IP stack of the Linux kernel to support three IP load balancing techniques: [[LVS/NAT]], [[LVS/TUN]] and [[LVS/DR]]. The box running IPVS acts as a [[load balancer]] of network connections<br />
from clients who know a single IP address for a service, and distributes them to a set of<br />
servers that actually perform the work.<br />
<br />
* [[LVS/NAT | Virtual Server via Network Address Translation]]<br />
* [[LVS/TUN | Virtual Server via IP Tunneling]]<br />
* [[LVS/DR | Virtual Server via Direct Routing]]<br />
<br />
== Job Scheduling Algorithms ==<br />
<br />
=== Connection Scheduling Algorithms inside the Kernel ===<br />
<br />
IPVS schedules jobs at connection granularity inside the Linux kernel. Here connection is defined as data communication between client socket and server socket, no matter whether it uses TCP or UDP protocol. For scheduling UDP datagrams, IPVS [[load balancer]] records UDP datagram scheduling with configurable timeout, and the default UDP timeout is 300 seconds. Before UDP connection timeouts, all UDP datagrams from the same socket (protocol, ip address and port) will be directed to the same server.<br />
<br />
IPVS has implemented ten connection scheduling algorithms inside the kernel so far:<br />
<br />
* [[Round-Robin Scheduling]] <br />
* [[Weighted Round-Robin Scheduling]] <br />
* [[Least-Connection Scheduling]]<br />
* [[Weighted Least-Connection Scheduling]] <br />
* [[Locality-Based Least-Connection Scheduling]] <br />
* [[Locality-Based Least-Connection with Replication Scheduling]] <br />
* [[Destination Hashing Scheduling]] <br />
* [[Source Hashing Scheduling]] <br />
* [[Shortest Expected Delay Scheduling]] <br />
* [[Never Queue Scheduling]]<br />
<br />
=== Dynamic Feedback Load Balancing Scheduling ===<br />
<br />
The dynamic feedback load balancing scheduling algorithm is to use connection scheduling algorithm and adjust server weight based on dynamic feeback load information of each server, in order to avoid load imbalance among servers.<br />
<br />
* [[Dynamic Feedback Load Balancing Scheduling]]<br />
<br />
== Software ==<br />
<br />
See http://www.linuxvirtualserver.org/software/ipvs.html for downloading IPVS related software.<br />
<br />
[[ipvsadm]] is used to set up, maintain or inspect the IP virtual server table in the Linux kernel. For how to compile ipvsadm on different Linux distributions, check [[compiling ipvsadm on different Linux distributions|this article]] for detailed information.<br />
<br />
== Design and Implementation ==<br />
<br />
* [[IPVS Design]]<br />
* [[IPVS Implementation]]<br />
* [[IPv6 load balancing]] - the status of IPv6 support in IPVS and examples<br />
<br />
== Ongoing Development ==<br />
<br />
=== IPVS On FreeBSD ===<br />
<br />
The [http://dragon.linux-vs.org/~dragonfly/htm/lvs_freebsd.htm LVS On FreeBSD] project was started by Li Wang, the goal is to port IPVS code to FreeBSD. Now, the LVS On FreeBSD module supports the [[LVS/DR]] and [[LVS/TUN]] ip load balancing technologies.<br />
<br />
=== Todo ===<br />
<br />
* [[IPVS Wish List]]<br />
<br />
[[Category:LVS Software]]<br />
[[Category:Load Balancing]]<br />
[[Category:Terms and Abbreviations]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43745IPVS FULLNAT and SYNPROXY2012-07-31T07:29:33Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first version of FULLNAT and SYNPROXY were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second version were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang at TAOBAO; <br />
<br />
The FULLNAT and SYNPROXY support was added to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43744IPVS FULLNAT and SYNPROXY2012-07-31T07:28:11Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first version of FULLNAT and SYNPROXY were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second version were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang at TAOBAO; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43743IPVS FULLNAT and SYNPROXY2012-07-31T07:21:23Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first version of FULLNAT and SYNPROXY were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second version were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Lvs-fullnat-synproxy.tar.gz&diff=43742File:Lvs-fullnat-synproxy.tar.gz2012-07-31T07:16:42Z<p>Benjiaming: uploaded a new version of "Image:Lvs-fullnat-synproxy.tar.gz"</p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz&diff=43741File:Linux-2.6.32-220.23.1.el6.x86 64.lvs.src.tar.gz2012-07-31T07:15:31Z<p>Benjiaming: uploaded a new version of "Image:Linux-2.6.32-220.23.1.el6.x86 64.lvs.src.tar.gz"</p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz&diff=43740File:Linux-2.6.32-220.23.1.el6.x86 64.rs.src.tar.gz2012-07-31T07:13:42Z<p>Benjiaming: </p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz&diff=43739File:Linux-2.6.32-220.23.1.el6.x86 64.lvs.src.tar.gz2012-07-31T06:44:17Z<p>Benjiaming: </p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43738IPVS FULLNAT and SYNPROXY2012-07-31T06:23:39Z<p>Benjiaming: /* Building */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.gz ./; // lvs-tools.tar.gz is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.gz;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43737IPVS FULLNAT and SYNPROXY2012-07-31T06:21:40Z<p>Benjiaming: /* Building */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./; // lvs-tools.tar.bz2 is in lvs-fullnat-synproxy.tar.gz <br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Lvs-fullnat-synproxy-doc.zip&diff=43736File:Lvs-fullnat-synproxy-doc.zip2012-07-31T06:19:30Z<p>Benjiaming: </p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43735IPVS FULLNAT and SYNPROXY2012-07-31T06:19:15Z<p>Benjiaming: /* Document */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43734IPVS FULLNAT and SYNPROXY2012-07-31T06:19:08Z<p>Benjiaming: /* Document */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
[[Media:lvs-fullnat-synproxy-doc.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:LVS%E6%93%8D%E4%BD%9C%E6%89%8B%E5%86%8C.zip&diff=43733File:LVS操作手册.zip2012-07-31T06:08:40Z<p>Benjiaming: </p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43732IPVS FULLNAT and SYNPROXY2012-07-31T06:08:30Z<p>Benjiaming: /* Document */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.zip]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:LVS%E6%93%8D%E4%BD%9C%E6%89%8B%E5%86%8C.docx&diff=43731File:LVS操作手册.docx2012-07-31T06:04:53Z<p>Benjiaming: </p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43730IPVS FULLNAT and SYNPROXY2012-07-31T06:02:36Z<p>Benjiaming: /* Document */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
[[Media:LVS操作手册.docx]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43729IPVS FULLNAT and SYNPROXY2012-07-31T05:45:03Z<p>Benjiaming: /* Download */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[Image:LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43728IPVS FULLNAT and SYNPROXY2012-07-31T05:44:54Z<p>Benjiaming: /* Download */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[Image:LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz]]<br />
[[Media:linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43727IPVS FULLNAT and SYNPROXY2012-07-31T05:43:47Z<p>Benjiaming: /* Building */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[Image:LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch; // patch is in lvs-fullnat-synproxy.tar.gz <br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43726IPVS FULLNAT and SYNPROXY2012-07-31T05:41:47Z<p>Benjiaming: /* Download */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[Image:LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar.gz]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=File:Lvs-fullnat-synproxy.tar.gz&diff=43725File:Lvs-fullnat-synproxy.tar.gz2012-07-31T05:39:01Z<p>Benjiaming: </p>
<hr />
<div></div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43724IPVS FULLNAT and SYNPROXY2012-07-31T05:38:18Z<p>Benjiaming: /* Download */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[Image:LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
[[Media:lvs-fullnat-synproxy.tar]]<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43723IPVS FULLNAT and SYNPROXY2012-07-31T03:36:53Z<p>Benjiaming: /* Document */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[Image:LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43722IPVS FULLNAT and SYNPROXY2012-07-31T03:33:17Z<p>Benjiaming: /* Document */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[Media:LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43721IPVS FULLNAT and SYNPROXY2012-07-31T03:30:49Z<p>Benjiaming: /* Document */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[Image:LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43720IPVS FULLNAT and SYNPROXY2012-07-31T03:29:08Z<p>Benjiaming: /* Document */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
[[LVS操作手册]]<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43719IPVS FULLNAT and SYNPROXY2012-07-31T03:00:01Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun, FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43718IPVS FULLNAT and SYNPROXY2012-07-31T02:59:23Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen, YangYi,YaoguangSun,FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43717IPVS FULLNAT and SYNPROXY2012-07-31T02:59:10Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL;'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen, YangYi,YaoguangSun,FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY have only had limited testing.<br />
<br />
== Document ==<br />
<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43716IPVS FULLNAT and SYNPROXY2012-07-31T02:58:47Z<p>Benjiaming: /* Introduction */</p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL;'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), IPVS translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, please refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen, YangYi,YaoguangSun,FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The FULLNAT and SYNPROXY support was add to keepalived/ipvsadm by JiajunChen,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY has only had limited testing.<br />
<br />
== Document ==<br />
<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43715IPVS FULLNAT and SYNPROXY2012-07-31T02:53:03Z<p>Benjiaming: </p>
<hr />
<div>== Introduction==<br />
<br />
'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL;'''<br />
<br />
The main principle: introduce local ip address (IDC internal ip address, lip), translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
<br />
The main principle: based on tcp syncookies, refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun,FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; <br />
<br />
The new FULLNAT+SYNPROXY support was add to keepalived/ipvsadm by JiajunZhang,ZiangChen and ShunminZhu. <br />
<br />
Please note that FULLNAT and SYNPROXY are experimental and has only had limited testing. <br />
<br />
== Document ==<br />
<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS_FULLNAT_and_SYNPROXY&diff=43714IPVS FULLNAT and SYNPROXY2012-07-31T02:46:46Z<p>Benjiaming: New page: '''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL;''' The main principle: introduce local ip address (IDC internal ip address, lip), translate cip-vip to lip-rip, lip and rip both...</p>
<hr />
<div>'''FULLNAT: A new packet forwarding model as DR/NAT/TUNNEL;'''<br />
The main principle: introduce local ip address (IDC internal ip address, lip), translate cip-vip to lip-rip, lip and rip both are IDC internal ip address, so LVS-RS can be inter-vlan communication, and RS only need access to internal network.<br />
<br />
'''SYNPROXY: synflood attack defence module'''<br />
The main principle: based on tcp syncookies, refer to http://en.wikipedia.org/wiki/SYN_cookies;<br />
<br />
The first FULLNAT and SYNPROXY modules were added to IPVS in Linux kernel 2.6.9 by WenLi,YanTian,JianChen,YangYi,YaoguangSun,FangHan,Yingliu and JiamingWu. Now, the second FULLNAT and SYNPROXY modules were added in Linux kernel 2.6.32 by JianChen,JiamingWu and WensongZhang; The new FULLNAT+SYNPROXY support was add to keepalived/ipvsadm by JiajunZhang,ZiangChen and ShunminZhu. <br />
Please note that FULLNAT and SYNPROXY are experimental and has only had limited testing. <br />
<br />
== Document ==<br />
<br />
<br />
== Download ==<br />
<br />
<br />
== Building ==<br />
<br />
1. LVS Kernel<br />
1.1 get kernel rpm from redhat<br />
wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm<br />
<br />
1.2 get kernel source code from rpm<br />
vim ~/.rpmmacros;<br />
add:<br />
%_topdir /home/pukong/rpms<br />
%_tmppath /home/pukong/rpms/tmp<br />
%_sourcedir /home/pukong/rpms/SOURCES<br />
%_specdir /home/pukong/rpms/SPECS<br />
%_srcrpmdir /home/pukong/rpms/SRPMS<br />
%_rpmdir /home/pukong/rpms/RPMS<br />
%_builddir /home/pukong/rpms/BUILD<br />
cd /home/pukong;<br />
mkdir rpms;<br />
mkdir rpms/tmp;<br />
mkdir rpms/SOURCES;<br />
mkdir rpms/SPECS;<br />
mkdir rpms/SRPMS;<br />
mkdir rpms/RPMS;<br />
mkdir rpms/BUILD;<br />
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm;<br />
cd /home/pukong/rpms/SPECS;<br />
rpmbuild -bp kernel.spec;<br />
<br />
then you can find kernel source code in /home/pukong/rpms/BUILD.<br />
<br />
1.3 add lvs patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp lvs-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<lvs-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can directly get source code from linux-2.6.32-220.23.1.el6.x86_64.lvs.src.tar.gz;<br />
<br />
1.4 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
2. RealServer Kernel (TOA)<br />
2.1 get kernel source code, the same as step 1.1 and 1.2;<br />
<br />
2.2 add toa patch<br />
cd /home/pukong/rpms/BUILD/;<br />
cd kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/;<br />
cp toa-2.6.32-220.23.1.el6.patch ./;<br />
patch -p1<toa-2.6.32-220.23.1.el6.patch;<br />
<br />
Or you can get source code directly from linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz;<br />
<br />
2.3 compile and install<br />
make -j16;<br />
make modules_install;<br />
make install;<br />
<br />
3. LVS Tools (keepalived/ipvsadm/quaage)<br />
cd /home/pukong;<br />
cp lvs-tools.tar.bz2 ./;<br />
tar xzf lvs-tools.tar.bz2;<br />
cd tools;<br />
<br />
3.1 keepalived install<br />
cd keepalived;<br />
./configure --with-kernel-dir="/lib/modules/`uname -r`/build";<br />
make;<br />
make install;<br />
<br />
3.2 ipvsadm install<br />
cd ipvsadm;<br />
make;<br />
make install;<br />
<br />
3.3 quaage install<br />
cd quagga;<br />
./configure --disable-ripd --disable-ripngd --disable-bgpd --disable-watchquagga --disable-doc --enable-user=root --enable-vty-group=root --enable-group=root --enable-zebra --localstatedir=/var/run/quagga<br />
make<br />
make;<br />
make install;<br />
<br />
[[Category:IPVS]]<br />
[[Category:Load Balancing]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS&diff=43713IPVS2012-07-31T02:13:44Z<p>Benjiaming: </p>
<hr />
<div>IPVS (IP Virtual Server) implements transport-layer [[load balancing]] inside the Linux kernel, so called [[Layer-4 switching]]. IPVS running on a host acts as a [[load balancer]] before a cluster of real servers, it can direct requests for TCP/UDP based services to the real servers, and makes services of the real servers to appear as a virtual service on a single IP address.<br />
<br />
== IP Load Balancing Technologies ==<br />
<br />
Since the IP load balancing techniques have good scalability, IPVS extends the TCP/IP stack of the Linux kernel to support three IP load balancing techniques: [[LVS/NAT]], [[LVS/TUN]] and [[LVS/DR]]. The box running IPVS acts as a [[load balancer]] of network connections<br />
from clients who know a single IP address for a service, and distributes them to a set of<br />
servers that actually perform the work.<br />
<br />
* [[LVS/NAT | Virtual Server via Network Address Translation]]<br />
* [[LVS/TUN | Virtual Server via IP Tunneling]]<br />
* [[LVS/DR | Virtual Server via Direct Routing]]<br />
<br />
== Job Scheduling Algorithms ==<br />
<br />
=== Connection Scheduling Algorithms inside the Kernel ===<br />
<br />
IPVS schedules jobs at connection granularity inside the Linux kernel. Here connection is defined as data communication between client socket and server socket, no matter whether it uses TCP or UDP protocol. For scheduling UDP datagrams, IPVS [[load balancer]] records UDP datagram scheduling with configurable timeout, and the default UDP timeout is 300 seconds. Before UDP connection timeouts, all UDP datagrams from the same socket (protocol, ip address and port) will be directed to the same server.<br />
<br />
IPVS has implemented ten connection scheduling algorithms inside the kernel so far:<br />
<br />
* [[Round-Robin Scheduling]] <br />
* [[Weighted Round-Robin Scheduling]] <br />
* [[Least-Connection Scheduling]]<br />
* [[Weighted Least-Connection Scheduling]] <br />
* [[Locality-Based Least-Connection Scheduling]] <br />
* [[Locality-Based Least-Connection with Replication Scheduling]] <br />
* [[Destination Hashing Scheduling]] <br />
* [[Source Hashing Scheduling]] <br />
* [[Shortest Expected Delay Scheduling]] <br />
* [[Never Queue Scheduling]]<br />
<br />
=== Dynamic Feedback Load Balancing Scheduling ===<br />
<br />
The dynamic feedback load balancing scheduling algorithm is to use connection scheduling algorithm and adjust server weight based on dynamic feeback load information of each server, in order to avoid load imbalance among servers.<br />
<br />
* [[Dynamic Feedback Load Balancing Scheduling]]<br />
<br />
== Software ==<br />
<br />
See http://www.linuxvirtualserver.org/software/ipvs.html for downloading IPVS related software.<br />
<br />
[[ipvsadm]] is used to set up, maintain or inspect the IP virtual server table in the Linux kernel. For how to compile ipvsadm on different Linux distributions, check [[compiling ipvsadm on different Linux distributions|this article]] for detailed information.<br />
<br />
== Design and Implementation ==<br />
<br />
* [[IPVS Design]]<br />
* [[IPVS Implementation]]<br />
* [[IPv6 load balancing]] - the status of IPv6 support in IPVS and examples<br />
* [[IPVS FULLNAT and SYNPROXY]] <br />
<br />
== Ongoing Development ==<br />
<br />
=== IPVS On FreeBSD ===<br />
<br />
The [http://dragon.linux-vs.org/~dragonfly/htm/lvs_freebsd.htm LVS On FreeBSD] project was started by Li Wang, the goal is to port IPVS code to FreeBSD. Now, the LVS On FreeBSD module supports the [[LVS/DR]] and [[LVS/TUN]] ip load balancing technologies.<br />
<br />
=== Todo ===<br />
<br />
* [[IPVS Wish List]]<br />
<br />
[[Category:LVS Software]]<br />
[[Category:Load Balancing]]<br />
[[Category:Terms and Abbreviations]]</div>Benjiaminghttp://kb.linux-vs.org/wiki?title=IPVS&diff=43712IPVS2012-07-31T01:21:35Z<p>Benjiaming: </p>
<hr />
<div>IPVS (IP Virtual Server) implements transport-layer [[load balancing]] inside the Linux kernel, so called [[Layer-4 switching]]. IPVS running on a host acts as a [[load balancer]] before a cluster of real servers, it can direct requests for TCP/UDP based services to the real servers, and makes services of the real servers to appear as a virtual service on a single IP address.<br />
<br />
== IP Load Balancing Technologies ==<br />
<br />
Since the IP load balancing techniques have good scalability, IPVS extends the TCP/IP stack of the Linux kernel to support three IP load balancing techniques: [[LVS/NAT]], [[LVS/TUN]] and [[LVS/DR]]. The box running IPVS acts as a [[load balancer]] of network connections<br />
from clients who know a single IP address for a service, and distributes them to a set of<br />
servers that actually perform the work.<br />
<br />
* [[LVS/NAT | Virtual Server via Network Address Translation]]<br />
* [[LVS/TUN | Virtual Server via IP Tunneling]]<br />
* [[LVS/DR | Virtual Server via Direct Routing]]<br />
<br />
== Job Scheduling Algorithms ==<br />
<br />
=== Connection Scheduling Algorithms inside the Kernel ===<br />
<br />
IPVS schedules jobs at connection granularity inside the Linux kernel. Here connection is defined as data communication between client socket and server socket, no matter whether it uses TCP or UDP protocol. For scheduling UDP datagrams, IPVS [[load balancer]] records UDP datagram scheduling with configurable timeout, and the default UDP timeout is 300 seconds. Before UDP connection timeouts, all UDP datagrams from the same socket (protocol, ip address and port) will be directed to the same server.<br />
<br />
IPVS has implemented ten connection scheduling algorithms inside the kernel so far:<br />
<br />
* [[Round-Robin Scheduling]] <br />
* [[Weighted Round-Robin Scheduling]] <br />
* [[Least-Connection Scheduling]]<br />
* [[Weighted Least-Connection Scheduling]] <br />
* [[Locality-Based Least-Connection Scheduling]] <br />
* [[Locality-Based Least-Connection with Replication Scheduling]] <br />
* [[Destination Hashing Scheduling]] <br />
* [[Source Hashing Scheduling]] <br />
* [[Shortest Expected Delay Scheduling]] <br />
* [[Never Queue Scheduling]]<br />
<br />
=== Dynamic Feedback Load Balancing Scheduling ===<br />
<br />
The dynamic feedback load balancing scheduling algorithm is to use connection scheduling algorithm and adjust server weight based on dynamic feeback load information of each server, in order to avoid load imbalance among servers.<br />
<br />
* [[Dynamic Feedback Load Balancing Scheduling]]<br />
<br />
== Software ==<br />
<br />
See http://www.linuxvirtualserver.org/software/ipvs.html for downloading IPVS related software.<br />
<br />
[[ipvsadm]] is used to set up, maintain or inspect the IP virtual server table in the Linux kernel. For how to compile ipvsadm on different Linux distributions, check [[compiling ipvsadm on different Linux distributions|this article]] for detailed information.<br />
<br />
== Design and Implementation ==<br />
<br />
* [[IPVS Design]]<br />
* [[IPVS Implementation]]<br />
* [[IPv6 load balancing]] - the status of IPv6 support in IPVS and examples<br />
* [[FULLNAT+SYNPROXY]] <br />
<br />
== Ongoing Development ==<br />
<br />
=== IPVS On FreeBSD ===<br />
<br />
The [http://dragon.linux-vs.org/~dragonfly/htm/lvs_freebsd.htm LVS On FreeBSD] project was started by Li Wang, the goal is to port IPVS code to FreeBSD. Now, the LVS On FreeBSD module supports the [[LVS/DR]] and [[LVS/TUN]] ip load balancing technologies.<br />
<br />
=== Todo ===<br />
<br />
* [[IPVS Wish List]]<br />
<br />
[[Category:LVS Software]]<br />
[[Category:Load Balancing]]<br />
[[Category:Terms and Abbreviations]]</div>Benjiaming