LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

AW: DNS Server Cluster

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: AW: DNS Server Cluster
From: "Simon Pearce" <sp@xxxxxxxx>
Date: Mon, 27 Nov 2006 18:27:08 +0100
Hi

Thank you for your quick responce i don't want to sound rude but you work for 
this company going by your e-mail. Are you trying to recommend one of your 
products or are you certain my setup with open lvs will not work. What makes 
your load balances that much better?

Simon 

-----Ursprüngliche Nachricht-----
Von: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx 
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] Im Auftrag von Wayne at CAI
Gesendet: Montag, 27. November 2006 18:20
An: LinuxVirtualServer.org users mailing list.
Betreff: Re: DNS Server Cluster

This is a problem almost all commercial load balancers also have, Cisco, F5, 
Alteon, Foundry, etc, all have this same problem.
So far, only one load balancer called WebMux actually has a BAM feature that 
address the DNS server load balancing issue.

At 05:55 PM 11/27/2006 +0100, you wrote:

>Hi,
>
>
>I am running a dns cluster with 6 Servers running Gentoo Linux two load 
>balancers with an active active setup and 4 real servers running 
>powerdns.
>Each server has a 3Ghz Pentium 4 and 1 Gig of Ram. At the moment i am 
>migrating our windows bind9 cluster to the new linux cluster. I have a 
>total of about 250 IP addresses to migrate and here's where the 
>problems start. Everytime time the dns cluster exceedes a certain limit 
>some of the ip addresses stop working properly. It effects the system 
>in a way that for certain domains you get a timeout when querying the cluster.
>Some of the transfered IP's seem to stop working or slow down to an 
>extend that other dns servers stop querying us. I am also using 
>iptables on the two load balancers with a conntrack table because the 
>real servers have private ip addresses and i can't update them 
>otherwise. I checked the logs but i can't find any info that the 
>conntrack tables is full. But i read on the lvs list that the conntrack 
>tables ist not needed for lvs nat and can slow the system down i am 
>however not sure about this? Is there anything else someone could think 
>of that i might have done wrong. The unuseal thing is that the cluster 
>seems to work fine untill the load exceedes a certain limit i 
>menchioned earlier which i can't really define in words. Perhaps 
>someone has a few minutes to spare to check my config i might have a mistake 
>there.
>
>
>Thanks Regards
>
>Simon
>
>! Configuration File for keepalived
>global_defs {
>notification_email {
>sp@xxxxxxxx
>     
>}
>notification_email_from sp@xxxxxxxx
>smtp_server 127.0.0.1
>smtp_connect_timeout 30
>router_id LVS01
>}
>
>vrrp_sync_group ONE {
>group {
>LVS01-WAN
>LVS01-LAN
>        }
>}
>
>vrrp_sync_group TWO {
>group {
>LVS02-WAN
>LVS02-LAN
>        }
>}
>
>vrrp_instance LVS01-WAN {
>state MASTER
>interface eth0
>virtual_router_id 51
>priority 150
>advert_int 1
>smtp_alert
>authentication {
>auth_type PASS
>auth_pass secret
>}
>virtual_ipaddress {
>213.161.58.37 
>    }
>virtual_ipaddress_excluded {
>213.161.85.86
>213.161.85.90
>213.161.85.91
>213.161.85.92
>213.161.85.93
>213.161.85.94
>213.161.85.95
>213.161.85.96
>213.161.85.97
>213.161.85.98
>213.161.85.99 # I took out some IP's to shorten the config
>213.161.85.101
>213.161.85.102
>213.161.85.103
>213.161.85.104
>213.161.85.105
>213.161.85.106
>213.161.85.107
>213.161.85.108
>213.161.85.109
>213.161.85.110
>213.161.85.111
>213.161.85.112
>213.161.85.254
>    }
>vrrp_instance LVS01-LAN {
>state MASTER   
>interface eth1
>virtual_router_id 52
>priority 150
>advert_int 1
>smtp_alert
>authentication {
>auth_type PASS
>auth_pass secret
>}
>!Gateway fuer die Realserver
>virtual_ipaddress {
>192.168.1.1
>    }
>}
>
>vrrp_instance LVS02-WAN {
>state BACKUP
>interface eth0
>virtual_router_id 53
>priority 100
>advert_int 1
>smtp_alert
>authentication {
>auth_type PASS
>auth_pass mKOt&59TG
>}
>virtual_ipaddress {
>213.161.58.39 
>    }
>virtual_ipaddress_excluded {
>213.161.86.86
>213.161.86.97
>213.161.86.100
>213.161.86.133
>213.161.86.134
>213.161.86.135
>213.161.85.177
>213.161.86.178 # I took out some IP's to shorten the config
>213.161.86.179
>213.161.86.180
>213.161.86.181
>213.161.86.182
>213.161.86.183
>213.161.86.184
>213.161.86.185
>213.161.86.186
>213.161.86.187
>213.161.86.188
>213.161.86.189
>213.161.86.190
>213.161.86.250
>    }
>vrrp_instance LVS02-LAN {
>state BACKUP
>interface eth1
>virtual_router_id 54
>priority 100
>advert_int 1
>smtp_alert
>authentication {
>auth_type PASS
>auth_pass mKOt&59TG
>}
>!Gateway fuer die Realserver
>virtual_ipaddress {
>192.168.1.100
>    }
>}
>
>#####################################DNS
>Group_1#############################################################
>
>virtual_server_group DNS_1 {
>213.161.85.86 53
>213.161.85.90-99 53
>213.161.85.101-118 53
>213.161.85.120-121 53
>213.161.85.130 53
>213.161.85.132-157 53
>213.161.85.159-176 53
>213.161.86.177 53
>213.161.85.178-254 53
>}
>virtual_server group DNS_1 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol TCP
>
>real_server 192.168.1.2 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.2 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>        }
>}
>real_server 192.168.1.25 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.25 
>+time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>                }
>        }
>}
>
>virtual_server_group DNS_2 {
>213.161.85.86 53
>213.161.85.90-99 53
>213.161.85.101-118 53
>213.161.85.120-121 53
>213.161.85.130 53
>213.161.85.132-157 53
>213.161.85.159-176 53
>213.161.86.177 53
>213.161.85.178-254 53
>}
>virtual_server group DNS_2 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol UDP
>
>real_server 192.168.1.2 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.2 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>        }
>}
>real_server 192.168.1.25 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.25 
>+time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>                }
>        }               
>}
>
>#####################################DNS
>Group_2#############################################################
>
>virtual_server_group DNS_3 {
>213.161.86.86 53
>213.161.86.97 53
>213.161.86.100 53
>213.161.86.133-135 53
>213.161.86.137-139 53
>213.161.86.140 53
>213.161.86.142-145 53
>213.161.86.167-170 53
>213.161.85.177 53
>213.161.86.178-190 53
>213.161.86.250 53
>}
>virtual_server group DNS_3 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol TCP
>
>real_server 192.168.1.3 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.3 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>        }
>}
>real_server 192.168.1.30 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.30 
>+time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>                }
>        }
>}
>
>virtual_server_group DNS_4 {
>213.161.86.86 53
>213.161.86.97 53
>213.161.86.100 53
>213.161.86.133-135 53
>213.161.86.137-139 53
>213.161.86.140 53
>213.161.86.142-145 53
>213.161.86.147 53
>213.161.86.151 53               
>213.161.86.153 53       
>213.161.86.178-190 53
>213.161.86.250 53
>}
>virtual_server group DNS_4 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol UDP
>
>real_server 192.168.1.3 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.3 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>        }
>}               
>real_server 192.168.1.30 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.30 
>+time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>                }
>        }               
>}
>
>######################################DNS Group_3 NO!
>RECURSING!#############################################################
>#
>#####
>
>virtual_server_group DNS_5 {
>213.161.85.158 53
>}
>virtual_server group DNS_5 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol TCP
>
>real_server 192.168.1.4 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.4 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>        }
>}               
>real_server 192.168.1.26 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.26 
>+time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>                }
>        }
>}
>
>virtual_server_group DNS_6 {
>213.161.85.158 53
>}
>virtual_server group DNS_6 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol UDP
>
>real_server 192.168.1.4 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.4 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>        }
>}               
>real_server 192.168.1.26 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.26 
>+time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>                }
>        }               
>}
>
>######################################DNS Group_4 NO!
>RECURSING!#############################################################
>#
>#####
>
>virtual_server_group DNS_7 {
>213.161.86.158 53
>}
>virtual_server group DNS_7 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol TCP
>
>real_server 192.168.1.5 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.5 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>        }
>}               
>real_server 192.168.1.40 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.40 
>+time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>                }
>        }
>}
>
>virtual_server_group DNS_8 {
>213.161.86.158 53
>}
>virtual_server group DNS_8 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol UDP
>
>real_server 192.168.1.5 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.5 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>        }
>}               
>real_server 192.168.1.40 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.40 
>+time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
>                }
>        }               
>}
>
>
>-----------------------------------------------------------------------
>----------------------------
>Text inserted by Platinum 2006:
>
> This message has NOT been classified as spam. If it is unsolicited 
>mail (spam), click on the following link to reclassify it: 
>http://127.0.0.1:6083/Panda?ID=pav_16309&SPAM=true
>-----------------------------------------------------------------------
>----------------------------



<Prev in Thread] Current Thread [Next in Thread>