DNS Server Cluster

To:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, <Keepalived-devel@xxxxxxxxxxxxxxxxxxxxx>
Subject:	DNS Server Cluster
From:	"Simon Pearce" <sp@xxxxxxxx>
Date:	Mon, 27 Nov 2006 17:55:00 +0100

Hi,


I am running a dns cluster with 6 Servers running Gentoo Linux two load
balancers with an active active setup and 4 real servers running
powerdns.
Each server has a 3Ghz Pentium 4 and 1 Gig of Ram. At the moment i am
migrating our windows bind9 cluster to the new linux cluster. I have a
total of about 250 IP addresses to migrate and here's where the problems
start. Everytime time the dns cluster exceedes a certain limit some of
the ip addresses stop working properly. It effects the system in a way
that for certain domains you get a timeout when querying the cluster.
Some of the transfered IP's seem to stop working or slow down to an
extend that other dns servers stop querying us. I am also using iptables
on the two load balancers with a conntrack table because the real
servers have private ip addresses and i can't update them otherwise. I
checked the logs but i can't find any info that the conntrack tables is
full. But i read on the lvs list that the conntrack tables ist not
needed for lvs nat and can slow the system down i am however not sure
about this? Is there anything else someone could think of that i might
have done wrong. The unuseal thing is that the cluster seems to work
fine untill the load exceedes a certain limit i menchioned earlier which
i can't really define in words. Perhaps someone has a few minutes to
spare to check my config i might have a mistake there. 


Thanks Regards

Simon

! Configuration File for keepalived
global_defs {
notification_email {
sp@xxxxxxxx
     
}
notification_email_from sp@xxxxxxxx
smtp_server 127.0.0.1 
smtp_connect_timeout 30
router_id LVS01 
}

vrrp_sync_group ONE {
group {
LVS01-WAN
LVS01-LAN
        }
}

vrrp_sync_group TWO {
group {
LVS02-WAN
LVS02-LAN
        }
}

vrrp_instance LVS01-WAN {
state MASTER 
interface eth0
virtual_router_id 51
priority 150
advert_int 1
smtp_alert
authentication {
auth_type PASS
auth_pass secret 
}
virtual_ipaddress {
213.161.58.37 
    }
virtual_ipaddress_excluded {
213.161.85.86
213.161.85.90
213.161.85.91
213.161.85.92
213.161.85.93
213.161.85.94
213.161.85.95
213.161.85.96
213.161.85.97
213.161.85.98
213.161.85.99 # I took out some IP's to shorten the config
213.161.85.101
213.161.85.102
213.161.85.103
213.161.85.104
213.161.85.105
213.161.85.106
213.161.85.107
213.161.85.108
213.161.85.109
213.161.85.110
213.161.85.111
213.161.85.112
213.161.85.254
    }
vrrp_instance LVS01-LAN {
state MASTER   
interface eth1
virtual_router_id 52 
priority 150
advert_int 1
smtp_alert
authentication {
auth_type PASS
auth_pass secret
}
!Gateway fuer die Realserver
virtual_ipaddress {
192.168.1.1
    }
}

vrrp_instance LVS02-WAN {
state BACKUP 
interface eth0
virtual_router_id 53 
priority 100
advert_int 1
smtp_alert
authentication {
auth_type PASS
auth_pass mKOt&59TG 
}
virtual_ipaddress {
213.161.58.39 
    }
virtual_ipaddress_excluded {
213.161.86.86
213.161.86.97
213.161.86.100
213.161.86.133
213.161.86.134
213.161.86.135
213.161.85.177
213.161.86.178 # I took out some IP's to shorten the config
213.161.86.179
213.161.86.180
213.161.86.181
213.161.86.182
213.161.86.183
213.161.86.184
213.161.86.185
213.161.86.186
213.161.86.187
213.161.86.188
213.161.86.189
213.161.86.190
213.161.86.250
    }
vrrp_instance LVS02-LAN {
state BACKUP 
interface eth1
virtual_router_id 54 
priority 100
advert_int 1
smtp_alert
authentication {
auth_type PASS
auth_pass mKOt&59TG 
}
!Gateway fuer die Realserver
virtual_ipaddress {
192.168.1.100
    }
}

#####################################DNS
Group_1#############################################################

virtual_server_group DNS_1 {
213.161.85.86 53
213.161.85.90-99 53
213.161.85.101-118 53
213.161.85.120-121 53
213.161.85.130 53
213.161.85.132-157 53
213.161.85.159-176 53
213.161.86.177 53
213.161.85.178-254 53
}
virtual_server group DNS_1 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol TCP

real_server 192.168.1.2 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.2 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
        }
}
real_server 192.168.1.25 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.25 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
                }
        }
}

virtual_server_group DNS_2 {
213.161.85.86 53
213.161.85.90-99 53
213.161.85.101-118 53
213.161.85.120-121 53
213.161.85.130 53
213.161.85.132-157 53
213.161.85.159-176 53
213.161.86.177 53
213.161.85.178-254 53
}
virtual_server group DNS_2 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol UDP 

real_server 192.168.1.2 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.2 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
        }
}
real_server 192.168.1.25 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.25 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
                }
        }               
}

#####################################DNS
Group_2#############################################################

virtual_server_group DNS_3 {
213.161.86.86 53
213.161.86.97 53
213.161.86.100 53
213.161.86.133-135 53
213.161.86.137-139 53
213.161.86.140 53
213.161.86.142-145 53
213.161.86.167-170 53
213.161.85.177 53
213.161.86.178-190 53
213.161.86.250 53
}
virtual_server group DNS_3 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol TCP

real_server 192.168.1.3 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.3 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
        }
}
real_server 192.168.1.30 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.30 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
                }
        }
}

virtual_server_group DNS_4 {
213.161.86.86 53
213.161.86.97 53
213.161.86.100 53
213.161.86.133-135 53
213.161.86.137-139 53
213.161.86.140 53
213.161.86.142-145 53
213.161.86.147 53
213.161.86.151 53               
213.161.86.153 53       
213.161.86.178-190 53
213.161.86.250 53
}
virtual_server group DNS_4 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol UDP 

real_server 192.168.1.3 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.3 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
        }
}               
real_server 192.168.1.30 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.30 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
                }
        }               
}

######################################DNS Group_3 NO!
RECURSING!##############################################################
#####

virtual_server_group DNS_5 {
213.161.85.158 53
}
virtual_server group DNS_5 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol TCP

real_server 192.168.1.4 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.4 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
        }
}               
real_server 192.168.1.26 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.26 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
                }
        }
}

virtual_server_group DNS_6 {
213.161.85.158 53
}
virtual_server group DNS_6 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol UDP 

real_server 192.168.1.4 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.4 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
        }
}               
real_server 192.168.1.26 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.26 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
                }
        }               
}

######################################DNS Group_4 NO!
RECURSING!##############################################################
#####

virtual_server_group DNS_7 {
213.161.86.158 53
}
virtual_server group DNS_7 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol TCP

real_server 192.168.1.5 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.5 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
        }
}               
real_server 192.168.1.40 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.40 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
                }
        }
}

virtual_server_group DNS_8 {
213.161.86.158 53
}
virtual_server group DNS_8 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol UDP 

real_server 192.168.1.5 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.5 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
        }
}               
real_server 192.168.1.40 53 {
weight 1
MISC_CHECK {
misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.40 +time=5
+tries=5 +fail > /dev/null"
misc_timeout 6
                }
        }               
}

<Prev in Thread]	Current Thread	[Next in Thread>
DNS Server Cluster, Simon Pearce <= Re: DNS Server Cluster, Joseph Mack NA3T Re: DNS Server Cluster, Graeme Fowler Re: DNS Server Cluster, Horms AW: DNS Server Cluster, Simon Pearce Re: AW: DNS Server Cluster, Joseph Mack NA3T Re: DNS Server Cluster, Joseph Mack NA3T Re: DNS Server Cluster, Mark de Vries Re: DNS Server Cluster, Wayne at CAI AW: DNS Server Cluster, Simon Pearce Re: DNS Server Cluster, Joseph Mack NA3T

Previous by Date:	Re: Our LVS/DR backends freezes, Joseph Mack NA3T
Next by Date:	Re: DNS Server Cluster, Wayne at CAI
Previous by Thread:	Our LVS/DR backends freezes, Olle Ö?stlund
Next by Thread:	Re: DNS Server Cluster, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]