Alteon Application Switch Operating System Application Guide
Server Load Balancing
Document ID: RDWR-ALOS-V2900_AG1302 205
Repelling DoS SYN Attacks With Delayed Binding
Figure 36 - Normal Request with Delayed Binding, page 205 is an illustration of a normal request
with delated binding.
Figure 36: Normal Request with Delayed Binding
After Alteon receives a valid ACK or DATA REQ from the client, Alteon sends a SYN request to the
server on behalf of the client, waits for the server to respond with a SYN ACK, and then forwards the
clients DATA REQ to the server. This means that Alteon delays binding the client session to the
server until the proper handshakes are complete.
As a result, two independent TCP connections span a session: one from the client to Alteon, and the
second from Alteon to the selected server. Alteon temporarily terminates each TCP connection until
content has been received, preventing the server from being inundated with SYN requests.
Note: Delayed binding is enabled when content-intelligent load balancing is used. However, if you
are not parsing content, you must explicitly enable delayed binding if desired.
To Next Page
