Workaround na alteona

Alteon to sprzętowy balancer. Źle działający (źle skonfigurowany) powoduje objawy w postaci SocketException: Connection reset. Workaround to napisanie proxy poprzedzającego alteona (po ServerSocket.accept() tworzymy wątek do obsługi klienta):

BufferedInputStream bis = new BufferedInputStream(cli.getInputStream());
dst = new Socket();
dst.setKeepAlive(true);
dst.setReceiveBufferSize(1024);
dst.setSendBufferSize(1024);
dst.setReuseAddress(true);
dst.setSoLinger(true, 3000);
dst.setTcpNoDelay(true);
dst.setSoTimeout(30000);
int n = bis.read(buff);
System.out.println("---- outgoing ----");
System.out.println(new String(buff, 0, n));
dst.connect(new InetSocketAddress(dstHost, dstPort), 10000);
OutputStream os = dst.getOutputStream();
InputStream is = dst.getInputStream();
os.write(buff, 0, n);
os.flush();
Thread.sleep(10000);
int m = is.read(buff);
System.out.println("---- incoming ----");
System.out.println(new String(buff, 0, m));
cli.getOutputStream().write(buff, 0, m);
cli.close();
dst.close();

Co jest tutaj ważne? Keep-alive. Ponadto po zapisaniu całej wiadomości wychodzącej nie zamykamy strumienia wyjściowego, a przed czytaniem ze strumienia od alteona, śpimy przez kilka sekund.

Z dokumentacji: Preventing Denial of Service: Alteon Web Switches can thwart Denial of Service (DoS) attacks or TCP SYN attacks without blocking valid session requests. Through “delayed binding” Alteon Web OS intercepts client SYN requests before they reach the server. The Web Switch then responds to the client with a SYN ACK that contains embedded client information and does not allocate a session until a valid SYN ACK is received from the client or the three-way handshake is complete. By temporarily terminating each TCP connection until content has been received, Alteon Web Switches prevent the server from being inundated with SYN requests. Half-open sessions are a result of an incomplete three-way handshake between the server and client. To detect SYN attacks, Alteon Web OS enables tracking of the number of new half-open sessions over a set period of time. If the value exceeds a specified threshold, then the Alteon Web Switch triggers a trap to notify the administrator.