Question

dns and apache and Cisco router

Asked by: fosiul01

Hi,I am trying to design  a network for load balancing and redundancy. but don't know where i will face problem , that's why i am looking for comments for problem finding and solution .. from DNS, cicso and apache point of view...

My Goal is :

1. make a load balancing network for incoming http  request(www.mydomain.com) and out going http request(internal user).

Please have a look to the network diagram.

Here.
i will have a domain . www.mydomain.com,
and i will create 2 A record which will point to 2 isp(public Ip) and request  will come to our network.
so i need load balancing and redundancy.
(From DNS point of view is that the right way ??setup 2 A record with 2 public ip for a domain ??)


NOw when request will come to our network, I want it be load balanced via 2 Cisco router also, if one ISP is down load, http will come via another (isp) router. when 2 isp is up then http request will come via both isp (load balanced)

bellow link will show how to make cisco router for load balanced and redundancy
http://articles.techrepublic.com.com/5100-10878_11-6063344.html
but here i guess both router is using 1 isp line,but i want to use 2 isp line

NOw from Cisco point of view the way i set-up my network, will it work ??with Cisco router 1841 or 1081)
Now for http request point of view , is there any problem ??


I will speak about clustering later on.. but now upper 2 question is my main point of view


Here I just want you guys to pin point problems.Solution can come up later on with other questions..


Thanks for your time and patients

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-09-18 at 04:19:31ID24742829
Topics

Domain Name Service (DNS)

,

Network Routers

,

Linux

Participating Experts
1
Points
500
Comments
19

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Dos attackes on apache
    how to prevent DoS attackes on my apache web server (1.3.26) these attackes are on a particular site (100 get request per second). due to this server server httpd process exceed their limit . I also used tcp interest on cisco router but these attacks also exceed the tcp inter...
  2. how to make clustering in apache
    Hi all, my manager assign me the task of making a cluster for web applications on apache on a lan that use fedora and working in a mixed network with windows . the problem is I'm a newbie in that task and without experience in that area so can any body help me in that??? any ...
  3. Apache Conf
    Hi guys, our server has been getting attacked everyday by some people,,, what happens is that they find one file on our server (lets say a zip file 5 meg ) and they make soooo many connections to the same file that the server stops functioning pretty much, I looked over the ...
  4. Clustering and high availability options for Apache Webserv…
    Hi everyone, I'm starting to do a little bit of research on how to make our webservers a litt more resistant to downtime. Our webservers are made up of a collection of Apache and Tomcat servers. Obviously I'm looking to make sure that if one server goes down, another picks...
  5. clustering of Cisco switches
    Regarding Cisco switches, what is the different between a switch cluster vs a switch stack? When would you use them and why.

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: nociPosted on 2009-09-18 at 05:46:22ID: 25365334

load balancing over 2 ISP's will become difficult.

you ask for a name www           say it gives ip1 & ip2
the next query will give ip2 & ip1 (rond robin fashion) this is at all levels in DNS queries (when  forwarded to a provider, which uses the same technique etc). (and does a browser reuse a known address or ask a new one every time...etc).
All your remote users will see a different switching preference. (you can help a bit by f.e. user ip1, ip1, ip2; then on average 2/3 of all connections will enter on ip1.  

Because the remote user goes over separate networks the routing decision for ip1 or ip2 is out of reach for your organisation....

You can use DNS for failover though: use a DNS record with short (f.e. 60 second TTL). Then utmost 60 seconds after updating DNS the last record will expire all caches in the world. Do prepare for quite a bit more DNS traffic though.

If you can have a private IP registerd with your provider, that will inject BGP records into the internet then you can make use of a virtual IP for your services, no need to use DNS failover then. But both your ISP's have to do the BGP lifting.

 

by: fosiul01Posted on 2009-09-18 at 05:59:08ID: 25365434

Hi thanks

about your comments :

You can use DNS for failover though: use a DNS record with short (f.e. 60 second TTL). Then utmost 60 seconds after updating DNS the last record will expire all caches in the world. Do prepare for quite a bit more DNS traffic though.

-> with this dns failover, still there would be a problem is not it ?? if https trafiq come via isp1, then suddently isp1 stops so those existing request will fail.. is that right ??



If you can have a private IP registerd with your provider, that will inject BGP records into the internet then you can make use of a virtual IP for your services, no need to use DNS failover then. But both your ISP's have to do the BGP lifting.

-> i never hard of this theory!! will you be able to explan little bit or sent some article ...
I see other company , they have A record of 2 Ip. so are they doing BGP ??

 

by: fosiul01Posted on 2009-09-18 at 06:04:15ID: 25365473

also, if i have 1 isp then i can do this easily, is not it ??
but  i want, 2 isp with always ON website ( because in case if one ISP is down then i need another isp to backup)

what do you suggest ?? what's the best way to perform, how do you do ??

 

by: nociPosted on 2009-09-18 at 06:51:26ID: 25365917

@1: Yes, max. 60 seconds after you update the DNS the will get the right entry, you could try shorter TTL times.

@2 how does an internet router know the way to your common IP address (which should not be a private IP (in the sense of the RFC1918 addresses (10/8; 172.16/12; 192.168/16) but a public IP that doesn't belong to either provider.

You need an AS number from IANA, and an IP(range?) from RIPE/ARIN/???
You need to be able to publish this address with the access points needed.

Here is a howto on the subject, please read it first....
http://articles.techrepublic.com.com/5100-10878_11-1039765.html

Ever thought of finding a hosting partner that can handle/has handled the internet traffic redundcy shuffle allready?
Any decent hosting outfit should be able to do this. (maybe not the el'cheapo's)

Also with 1 isp there might be enough trouble to get it right, you will ALLWAYS need some support on the outside.

And 2 ipaddresses don't imply BGP, using one address space over several independant connects implies BGP.
2 Ip addresses might as well be 2 (sets of ) physical server(s) spread over 2 separated data centers with some means of mirroring.

 

by: fosiul01Posted on 2009-09-18 at 07:16:43ID: 25366184

Ok so normal round robin is not a solution.... for good web service, right ??


Ok Again.. i am totally new of this cocept , so please bare with me
the article you sent me, thats really good. but what is
what is ASN ?? why i need to get it from ARIN ??

Example : doming www.mydomain.com  ,
Zone Record:
www IN A 202.101.303.202
www IN A 88.66.99.56

so with this BGP, those A record would be changed ?? so will i not be able to use public IP ??


your comments :
Ever thought of finding a hosting partner that can handle/has handled the internet traffic redundcy shuffle allready?
-> You meants instead of doing myself , try to find a hosting partner who already developed this ???

if yes, then no... i want to learn this. I had an interview few days ago, and that interview made me mad. currently in our company we don't do redundancy, but if i can implement this design then i will tell my company to implement this. basically i want to do this by myself. what ever it takes.

Your comments :
2 Ip addresses might as well be 2 (sets of ) physical server(s) spread over 2 separated data centers with some means of mirroring.

-> Yes it could be , but if you set 2 A record like this

Example : doming www.mydomain.com  ,
Zone Record:
www IN A 202.101.303.202
www IN A 88.66.99.56

then if both DATACENTRE is Up and runing, then SErver A (202.101.303.202) which is located Datacentre A and SErver B (88.66.99.56) which is located Datacentre B

Now as a rule , as you said earlier, First set of http trafiq will go to DataCentre A, 2nd set of request will go to DataCentre B

right ??
Now if DataCentreA is down, all trafiq will go to Datacentre B, which is allright, but again, what will happend those trafiq which already set to DatacentreA before line is down, so those request will get Error. which i dont want. and i guess they use some sort of BGP or something else to prevent those..

right ?

but from my point of view is, suppose if i have only one centre and i want full redundancy then you need redundancy in every point is not it ?? From Isp -> router -> server , is not it ???


what you use ?? BGP ??








 

by: nociPosted on 2009-09-18 at 07:41:17ID: 25366454

ASN is Autonomous System number -- it uniquely defines your address space (i.e. Your network).
ASN you would get from IANA (http://www.iana.org/) as they manage the AS table.
ARIN supplies an IP address for North america, RIPE does the same for Europe + Middle East,
see: http://www.iana.org/numbers/

Example 1
If you bouth the  public address 1.2.3.4, then with BGP you woud install 1.2.3.4 as the ip address for your www.
And use BGP (it's an IP routing method, (layer 3) and has nothing to do with www etc.) to move the traffic from the internet to your two entry points of your network (identified by your AS number).

Example 2:
No first query answer will give order Server A, Server B; next query will be Server B, Server A etc. It depends on DNS Querying if a browser queries DNS for every request then the main page could come from A, the first picture from B, the 2nd picture from A etc.  You can hardly predict how systems would be accessed
No you need to update the DNS to have all traffic go to one place..., there is no automation there.

try f.e. 'dig google.com'
you will see that addresses rotate, if asked in succession.


BGP is too expensive for private use. ALL bgp routers have ALL internet forwarding routes in memory, you would need a BIIIIIIG router to manage that (twice) and then internal you will need routing too (OSPF based).
BGP only advertises how others can reach your network, where you prefer it (priority) and if a link goes down, the OTHER BGP routers will miss an update and remove a route....
(You can try this in a small simulated network using f.e. quagga (formerly zebra) http://www.quagga.net and some virtual linux systems )

 

by: fosiul01Posted on 2009-09-18 at 07:45:34ID: 25366498

yes, i agree, i was reading about BGP, its not an ideal for small business, it could be for big isp or similier type of organization

http://www.quagga.net, this link does not work

so whats the solution for me ??  

 

by: fosiul01Posted on 2009-09-18 at 08:02:54ID: 25366698

Ok i might have some idea how it could be done..


Suppose if i have a device which will works as dns server aswell and it will hold the dns record , and this device will have a 2 wan port. when it will realized that One isp is down, it will edit the dns record and will just keep one,
example network using powerlink  :http://www.ecessa.com/pages/solutions/solutions_technology_ispfailover.php

but i need cisco basae solution... with 2 router ..

if i use a server , then that server will have a script, this will script wil check both isp line, as soon as it will see one isp is down, it will edit the dns record and will keep the runnign one


but then i need the load balancing aswell .....

LOL!! i want to much but i have little idea!!
hence you guys here, is not it!!


but whats your solution ?? how you do ???

 

by: nociPosted on 2009-09-18 at 08:06:29ID: 25366729

 

by: fosiul01Posted on 2009-09-18 at 08:10:45ID: 25366774

Ok i will try that one

so you using BGP in your organization ???

 

by: fosiul01Posted on 2009-09-18 at 08:28:04ID: 25366960

read this pd file


its a hardware base solution which will hold the Dns entry

but i want something for cisco router base solution ..

i will create another question as cisco zone, if you know any cisco brand can do then answer to that one,
its not good to ask too many in one question

 

by: fosiul01Posted on 2009-09-18 at 09:22:36ID: 25367546

have a look to this one

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24743652.html

also read the pdf file, its very related to what i want but i want cisco base solution ..

you did not tel me, how you solving this situation ?? do you using BGP ??

 

by: nociPosted on 2009-09-18 at 10:38:34ID: 25368141

(I was driving home since 17:00 my time).
No i don't use BGP it only makes sense if you want your own network accessible through multiple access paths, so no i don't use it. Organisations I work for are relatively big, they have big networks of their own, they are big enough to get a deal with a provider that arranges all backup ... (it's a bit like selecting a good hosting provider).

regarding the ecessa box... This is "just a DNS server" with one added extra; it only answers if links are available. Could be done in linux... Make a DNS server , make it the authoritive server with the nameservice provider.. (ie. set the ns records at Net.Sol for .com & .org f.e.).
On that box make an empty zone, with only the static info (MX, NS rr records).
Then run the following script for each provider:, "

#X = provider
while true; do
  ping $upstream[X]  
  if there was response then add dynamic address for $public_ip[X]
                                     else remove dynamic address for $public_ip[X]
  sleep 5
done

the DNS server will do the remaining part.

As you need an DNS server this cannot be done in a CISCO router, but take your avarage Linux Distro and you;'re almost set.

 

by: fosiul01Posted on 2009-09-18 at 12:50:13ID: 25369382

Sorry i was breaking my fast...

so you saying With Cisco router you can do what i am trying to achive ??

if i use cisco router, then i will have to edit zone record manualy via script ??

is that 100% correct ??


if even i edit zone record by script and with very short ttl like 1M

is there any change for user to get http error ?? this is my main concern

 

by: nociPosted on 2009-09-18 at 13:17:11ID: 25369616

yes there allways will be a chance a user will see an error. If it fails in the middle of a transfer that cannot be helped (not this way).
And NO Cisco has NO DNS ==> you cannot just use CISCO to do this.
A cisco can direct IP packets & filter them not update above layer 3 services like DNS.

A linux system with DNS and a little bit of scripting can do it, if you can have a cisco to sit in between the linux system and the Internet router well ...

ISP1====ACCESS-ROUTER=====[Cisco?]============[cisco?]======ACCESS-ROUTER======IPS2
           ISP1                     |       |                    ISP2
                                 +------+ +-------+
                                 |Linux | |Other  | 
                                 | DNS  | |Servers|
                                 +------+ +-------+
wether there is a cisco or not is not really relevant.
                                              
1:
2:
3:
4:
5:
6:
7:

Select allOpen in new window

 

by: fosiul01Posted on 2009-09-18 at 13:29:33ID: 25369725

hmmmmm Ok its clearing up now...
but you said, : If it fails in the middle of a transfer that cannot be helped (not this way).

so whats other way ?? how can you make it 100% transparent ??


Example if i use power link router ( the pdf file i have attached) which has built-in dns zone and can zone edit facilities, still i cant assure 100% transparent, right ???

if yes, then whats other way ??

Sorry to ask soo many question, but i need to clearup this things ..

 

by: fosiul01Posted on 2009-09-18 at 15:18:06ID: 25370452

but since i am following our idea , i will add couple of question for next few days to grasp the concept properly, so please stay with me for next few days

thansk

 

by: fosiul01Posted on 2009-09-21 at 01:51:36ID: 25381139

Hi.
This is another one, if you have time please have a look
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24747724.html

 

by: nociPosted on 2009-09-21 at 12:02:52ID: 25386304

You need multiple independent redundant pipe's (connections to ISP)  per ISP, have a firewall/router combination that can handle statefull failover from one box to another.
The independent pipes need to act as an Aggregate link.

I.E. Very expensive as well in procurement as well as maintaining.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...