隨著基礎設施即服務(Infrastructure as a Service, IaaS)市場的快速成長,如何讓IaaS服務提供一個具有高度可靠性及可用性的作業環境變得更加重要。因此,在經過虛擬機器的即時移轉後,要如何保持網路服務的連線將會是一個重要的議題。在本研究中,我們提出了一個在廣域網路中進行即時移轉後,仍然能夠維持用戶的TCP連線狀態的機制,稱作Handover。當虛擬機器的IP位址因為即時移轉的緣故而有變動的時候,Handover會透過在iptables的nat table裡插入一條OUTPUT規則,使用戶對外送出的封包被重新導向到虛擬機器的新IP位址。此外為了避免轉向後的連線被NAT路由器所阻擋,我們還加入了一個偽造的三方交握步驟。從實驗結果可以看到Handover的確能夠在不同的網路環境中發揮作用,並且這個連線切換的過程只需要額外消耗大約0.165秒的時間。Handover可以被應用在絕大多數以Unix為基礎的作業系統裡。不只如此,它或許還會被整合進一個分散式阻斷服務攻擊(Distributed Denial of Service, DDoS)的防禦系統之中。隨著Handover與DDoS防禦系統剩餘部件的搭配部署,我們相信這將會成為一個抵禦DDoS攻擊的有效手段。;With a rapid growth of the Infrastructure as a Service (IaaS) market, it becomes more important for IaaS services to provide the work environment with high reliability and availability. Therefore, how to maintain the network connections after live Virtual Machine (VM) migration is going to be a big issue. In this research, we propose a new mechanism to keep clients’ TCP sessions across live migration over Wide Area Networks (WANs), called Handover. After the VM’s IP address changed after live migration, Handover inserts an OUTPUT rule in the nat table of iptables to redirect the client’s outgoing packets to the new IP address of the VM. In addition, we apply a fake three-way handshake mechanism to prevent the redirected traffic from being blocked by the NAT router. The experimental results demonstrate that Handover is effective in varied network environments, and the overhead of this changeover process is about only 0.165 seconds. Handover can be utilized in most of Unix-based systems. Furthermore, it may be integrated into a Distributed Denial of Service (DDoS) Defense System. By deploying the remaining parts of the DDoS defense system with Handover, we believe it could serve as a useful method to guard against DDoS attacks.