This is a problem almost all commercial load balancers also have,
Cisco, F5, Alteon, Foundry, etc, all have this same problem.
So far, only one load balancer called WebMux actually has a BAM
feature that address the DNS server load balancing issue.
At 05:55 PM 11/27/2006 +0100, you wrote:
>Hi,
>
>
>I am running a dns cluster with 6 Servers running Gentoo Linux two load
>balancers with an active active setup and 4 real servers running
>powerdns.
>Each server has a 3Ghz Pentium 4 and 1 Gig of Ram. At the moment i am
>migrating our windows bind9 cluster to the new linux cluster. I have a
>total of about 250 IP addresses to migrate and here's where the problems
>start. Everytime time the dns cluster exceedes a certain limit some of
>the ip addresses stop working properly. It effects the system in a way
>that for certain domains you get a timeout when querying the cluster.
>Some of the transfered IP's seem to stop working or slow down to an
>extend that other dns servers stop querying us. I am also using iptables
>on the two load balancers with a conntrack table because the real
>servers have private ip addresses and i can't update them otherwise. I
>checked the logs but i can't find any info that the conntrack tables is
>full. But i read on the lvs list that the conntrack tables ist not
>needed for lvs nat and can slow the system down i am however not sure
>about this? Is there anything else someone could think of that i might
>have done wrong. The unuseal thing is that the cluster seems to work
>fine untill the load exceedes a certain limit i menchioned earlier which
>i can't really define in words. Perhaps someone has a few minutes to
>spare to check my config i might have a mistake there.
>
>
>Thanks Regards
>
>Simon
>
>! Configuration File for keepalived
>global_defs {
>notification_email {
>sp@xxxxxxxx
>
>}
>notification_email_from sp@xxxxxxxx
>smtp_server 127.0.0.1
>smtp_connect_timeout 30
>router_id LVS01
>}
>
>vrrp_sync_group ONE {
>group {
>LVS01-WAN
>LVS01-LAN
> }
>}
>
>vrrp_sync_group TWO {
>group {
>LVS02-WAN
>LVS02-LAN
> }
>}
>
>vrrp_instance LVS01-WAN {
>state MASTER
>interface eth0
>virtual_router_id 51
>priority 150
>advert_int 1
>smtp_alert
>authentication {
>auth_type PASS
>auth_pass secret
>}
>virtual_ipaddress {
>213.161.58.37
> }
>virtual_ipaddress_excluded {
>213.161.85.86
>213.161.85.90
>213.161.85.91
>213.161.85.92
>213.161.85.93
>213.161.85.94
>213.161.85.95
>213.161.85.96
>213.161.85.97
>213.161.85.98
>213.161.85.99 # I took out some IP's to shorten the config
>213.161.85.101
>213.161.85.102
>213.161.85.103
>213.161.85.104
>213.161.85.105
>213.161.85.106
>213.161.85.107
>213.161.85.108
>213.161.85.109
>213.161.85.110
>213.161.85.111
>213.161.85.112
>213.161.85.254
> }
>vrrp_instance LVS01-LAN {
>state MASTER
>interface eth1
>virtual_router_id 52
>priority 150
>advert_int 1
>smtp_alert
>authentication {
>auth_type PASS
>auth_pass secret
>}
>!Gateway fuer die Realserver
>virtual_ipaddress {
>192.168.1.1
> }
>}
>
>vrrp_instance LVS02-WAN {
>state BACKUP
>interface eth0
>virtual_router_id 53
>priority 100
>advert_int 1
>smtp_alert
>authentication {
>auth_type PASS
>auth_pass mKOt&59TG
>}
>virtual_ipaddress {
>213.161.58.39
> }
>virtual_ipaddress_excluded {
>213.161.86.86
>213.161.86.97
>213.161.86.100
>213.161.86.133
>213.161.86.134
>213.161.86.135
>213.161.85.177
>213.161.86.178 # I took out some IP's to shorten the config
>213.161.86.179
>213.161.86.180
>213.161.86.181
>213.161.86.182
>213.161.86.183
>213.161.86.184
>213.161.86.185
>213.161.86.186
>213.161.86.187
>213.161.86.188
>213.161.86.189
>213.161.86.190
>213.161.86.250
> }
>vrrp_instance LVS02-LAN {
>state BACKUP
>interface eth1
>virtual_router_id 54
>priority 100
>advert_int 1
>smtp_alert
>authentication {
>auth_type PASS
>auth_pass mKOt&59TG
>}
>!Gateway fuer die Realserver
>virtual_ipaddress {
>192.168.1.100
> }
>}
>
>#####################################DNS
>Group_1#############################################################
>
>virtual_server_group DNS_1 {
>213.161.85.86 53
>213.161.85.90-99 53
>213.161.85.101-118 53
>213.161.85.120-121 53
>213.161.85.130 53
>213.161.85.132-157 53
>213.161.85.159-176 53
>213.161.86.177 53
>213.161.85.178-254 53
>}
>virtual_server group DNS_1 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol TCP
>
>real_server 192.168.1.2 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.2 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
>}
>real_server 192.168.1.25 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.25 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
> }
>}
>
>virtual_server_group DNS_2 {
>213.161.85.86 53
>213.161.85.90-99 53
>213.161.85.101-118 53
>213.161.85.120-121 53
>213.161.85.130 53
>213.161.85.132-157 53
>213.161.85.159-176 53
>213.161.86.177 53
>213.161.85.178-254 53
>}
>virtual_server group DNS_2 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol UDP
>
>real_server 192.168.1.2 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.2 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
>}
>real_server 192.168.1.25 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.25 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
> }
>}
>
>#####################################DNS
>Group_2#############################################################
>
>virtual_server_group DNS_3 {
>213.161.86.86 53
>213.161.86.97 53
>213.161.86.100 53
>213.161.86.133-135 53
>213.161.86.137-139 53
>213.161.86.140 53
>213.161.86.142-145 53
>213.161.86.167-170 53
>213.161.85.177 53
>213.161.86.178-190 53
>213.161.86.250 53
>}
>virtual_server group DNS_3 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol TCP
>
>real_server 192.168.1.3 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.3 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
>}
>real_server 192.168.1.30 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.30 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
> }
>}
>
>virtual_server_group DNS_4 {
>213.161.86.86 53
>213.161.86.97 53
>213.161.86.100 53
>213.161.86.133-135 53
>213.161.86.137-139 53
>213.161.86.140 53
>213.161.86.142-145 53
>213.161.86.147 53
>213.161.86.151 53
>213.161.86.153 53
>213.161.86.178-190 53
>213.161.86.250 53
>}
>virtual_server group DNS_4 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol UDP
>
>real_server 192.168.1.3 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.3 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
>}
>real_server 192.168.1.30 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.30 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
> }
>}
>
>######################################DNS Group_3 NO!
>RECURSING!##############################################################
>#####
>
>virtual_server_group DNS_5 {
>213.161.85.158 53
>}
>virtual_server group DNS_5 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol TCP
>
>real_server 192.168.1.4 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.4 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
>}
>real_server 192.168.1.26 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.26 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
> }
>}
>
>virtual_server_group DNS_6 {
>213.161.85.158 53
>}
>virtual_server group DNS_6 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol UDP
>
>real_server 192.168.1.4 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.4 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
>}
>real_server 192.168.1.26 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.26 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
> }
>}
>
>######################################DNS Group_4 NO!
>RECURSING!##############################################################
>#####
>
>virtual_server_group DNS_7 {
>213.161.86.158 53
>}
>virtual_server group DNS_7 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol TCP
>
>real_server 192.168.1.5 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.5 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
>}
>real_server 192.168.1.40 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.40 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
> }
>}
>
>virtual_server_group DNS_8 {
>213.161.86.158 53
>}
>virtual_server group DNS_8 {
>delay_loop 30
>lb_algo rr
>lb_kind NAT
>protocol UDP
>
>real_server 192.168.1.5 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.5 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
>}
>real_server 192.168.1.40 53 {
>weight 1
>MISC_CHECK {
>misc_path "/usr/bin/dig -b 192.168.1.1 routing.net @192.168.1.40 +time=5
>+tries=5 +fail > /dev/null"
>misc_timeout 6
> }
> }
>}
>
>
>---------------------------------------------------------------------------------------------------
>Text inserted by Platinum 2006:
>
> This message has NOT been classified as spam. If it is unsolicited mail
> (spam), click on the following link to reclassify it:
> http://127.0.0.1:6083/Panda?ID=pav_16309&SPAM=true
>---------------------------------------------------------------------------------------------------
|