Re: [load balancing] Urgent help with "URL rewriting on alteon 2208 switch for session persistence"

From: Sake Blok <sake [izzat]>
Date: Wed Apr 23 2008 - 12:17:59 EDT

On Wed, Apr 23, 2008 at 11:01:55AM -0400, John Wobus wrote:

We are basically saying the same things, but I'd like to keep all the
naming clear to prevent misunderstanding.

> TCP has headers, where, among other things, its options are carried, as
> can be seen by Googling "TCP headers", or reading about TCP in wikipedia
> or RFC 793.

You are right in saying there exists something called an "TCP header". But
the term "TCP header" is used in the context of an TCP/IP packet. A TCP/IP
packet has an IP header and a TCP header and after that the TCP payload.
*Within* the TCP protocol (ie, the TCP header), there is no such thing as
TCP headers.

There *is* room for options and the amount of space reserved
for these options can be enlarged by the TCP header length field (which
gives the length of the whole "TCP header" and not just the options part).

See RFC 793

> Furthermore, there are folks who label what they encode in
> their TCP headers as "cookies", e.g.
> or
> syn_flooding_attacks.html

Those links talk about the same technique as I linked to in my last mail :-)
The technique used is syn-flood protection by encdoing the TCP control
block (TCB) inside the TCP sequence number so that it's not necessary
to store the TCB in the local connection table (until the final ACK
arrives, which in s SYN-flood never will).

> (In any case, I am curious in how and where a cookie is inserted in the
> TCP header for load balancing purposes. I imagine it could be clever
> use of the sequence number or source port.)

I don't think it's possible to create persistency based on information
stored in the "TCP header", the loadbalancer has no control over any of
the TCP header fields of a new SYN that it receives. Therefor, if the
client does not do anything special to the values within the TCP header,
there is no way to build persistency on it. Of course if two TCP/IP
enabled devices share a common protocol to encode things into the TCP
header fields, they can use that to maintain persistency, but that would
require customized TCP/IP stacks on every client that wants to use that

lb-l mailing list
Searchable Archive: Load Balancing Digest
Received on Wed Apr 23 12:18:12 2008

This archive was generated by hypermail 2.1.8 : Wed Apr 23 2008 - 12:18:12 EDT