A virtual server often refers to a virtual server-clustering system, such as a Linux virtual server (LVS). Such virtual server may provide a virtual interne protocol (VIP) between virtual networks for user access. The access request first passes through the VIP of the virtual server to arrive at the load balancer. Later, the load balancer selects one service node from the back-end server list for carrying out response.
FIG. 1 illustrates a flow chart of an existing network load balance processing method. As shown in FIG. 1, the connection of the virtual server may be established in a direct routing (DR) mode, a tunnel mode, or a network address translation (NAT) mode. The client may issue a transmission control protocol (TCP) connection request with the target IP being the VIP. When the Linux external preset command SEQ is equal to 1, first, the client sends a transmission control protocol (TCP) handshake signal (i.e., a synchronous packet, hereinafter referred to as “SYN packet”) to the virtual server. Further, the virtual server forwards the SYN packet to the back-end server, and after receiving the SYN packet, the back-end server sends an acknowledgement signal (i.e., a synchronous acknowledgement packet, hereinafter referred to as “SYN ACK packet”) to the client. As indicated by the dashed lines and solid lines shown in FIG. 1, whether the SYN ACK packet passes through the virtual server when being sent to the client differs slightly in different modes. When the client receives the SYN ACK packet, a response signal (i.e., an acknowledgement packet, hereinafter referred to as “ACK packet”) is sent to the virtual server, and the visual sever forwards the received ACK packet to the back-end server. Accordingly, the TCP request connection of the user is actually a connection established with the back-end server, and the virtual server only functions to forward the data packet.
In such a manner, when the server suffers from denial of service type attack (e.g., SYN Flood), the virtual server needs to establish a connection record for each SYN packet and forward the SYN packet to the back-end server at the back end. When the volume of the attack traffic is very large, the virtual server needs to establish a large amount of connection records, which consume memory resources and result in the memory to be easily consumed up, thereby causing the system to crash because of a too heavy load and leading to a consequence of service interruption.
Directed to the issue of high memory consumption in the network load balance processing in related techniques, no effective resolution has been put forwards yet.