redworks
asked on
Load balance with SRV records (DNS)
I am trying to setup load balance for a website (http/https), but a subdomain.
So, we have domain.com, and we have subdomain.domain.com
I have 2 identical replica's up for subdomain.domain.com
example IPs: 123.123.123.123 and 234.234.234.234
I have added two A-records for subdomain.domain.com, and that seems to balance fine.
HOWEVER, this does not do what is described here: http://www.zytrax.com/books/dns/ch8/srv.html
What I want, and for this subdomain only, is setup a 50-50 load balance.
In PowerAdmin (using pDNS), I have:
(mind you, it is a bit different than the example on that link, cause poweradmin GUI does not allow it to setup exactly like that)
Anyway, I have done this. I ping subdomain, and I get the default I used by the wildcard A-record for domain.com
Any idea what I am doing wrong?
So, we have domain.com, and we have subdomain.domain.com
I have 2 identical replica's up for subdomain.domain.com
example IPs: 123.123.123.123 and 234.234.234.234
I have added two A-records for subdomain.domain.com, and that seems to balance fine.
HOWEVER, this does not do what is described here: http://www.zytrax.com/books/dns/ch8/srv.html
; foobar - use old-slow-box or new-fast-box if either is
; available, make three quarters of the logins go to
; new-fast-box.
What I want, and for this subdomain only, is setup a 50-50 load balance.
In PowerAdmin (using pDNS), I have:
_http._tcp.subdomain.domain.com 0 80 subdomain-server1.domain.com 0 3600
_http._tcp.subdomain.domain.com 0 80 subdomain-server2.domain.com 0 3600(mind you, it is a bit different than the example on that link, cause poweradmin GUI does not allow it to setup exactly like that)
Anyway, I have done this. I ping subdomain, and I get the default I used by the wildcard A-record for domain.com
Any idea what I am doing wrong?
ASKER
What would the best way of load balancing for HTTP be?
What I want, is a fail-over more than load balance. So, if a server is down, it automatically goes to the next...
What I want, is a fail-over more than load balance. So, if a server is down, it automatically goes to the next...
What HTTP server are you running?
You can setup another HTTP server running Apache and have it be a reverse proxy server. It will detect that one of your real HTTP servers is down and stop sending traffic to it.
http://gerrydevstory.com/2012/08/26/reverse-proxy-and-load-balancing-using-apache-mod_proxy/
You can setup another HTTP server running Apache and have it be a reverse proxy server. It will detect that one of your real HTTP servers is down and stop sending traffic to it.
http://gerrydevstory.com/2012/08/26/reverse-proxy-and-load-balancing-using-apache-mod_proxy/
ASKER
Thanks for this. The 2 nodes I have now are Apache indeed...
I read the article, and that would mean setting up a 3rd apache server "in front" of those two, to make it balance that... That would work, but it's not ideal.
If THAT (the balancer/proxy) goes down, both nodes are down too.
With DNS (SRV), this is different... we have plenty of slave DNS servers... It would then work, using the SRV logic from above.
Do we have an alternative here?
I read the article, and that would mean setting up a 3rd apache server "in front" of those two, to make it balance that... That would work, but it's not ideal.
If THAT (the balancer/proxy) goes down, both nodes are down too.
With DNS (SRV), this is different... we have plenty of slave DNS servers... It would then work, using the SRV logic from above.
Do we have an alternative here?
This may help you:
http://www.howtoforge.com/high_availability_loadbalanced_apache_cluster
Or you could look at hardware load balancers like from F5 or Kemp. You by a pair that run in a HA/Cluster. They also can do SSL offload (if you are using SSL) and can do caching and compression. But they are expensive. The company I work for use F5, but Kemp is supposed to be just as good and less expensive. We needed F5's iRule capability and Kemp did not have a function like this.
However a Apache just doing reverse proxy function has a slim chance of failing.
http://www.howtoforge.com/high_availability_loadbalanced_apache_cluster
Or you could look at hardware load balancers like from F5 or Kemp. You by a pair that run in a HA/Cluster. They also can do SSL offload (if you are using SSL) and can do caching and compression. But they are expensive. The company I work for use F5, but Kemp is supposed to be just as good and less expensive. We needed F5's iRule capability and Kemp did not have a function like this.
However a Apache just doing reverse proxy function has a slim chance of failing.
Normally it looks like this
www-balancer IN A 111.111.111.111
IN A 222.222.222.222
ldap-balancer IN A 11.111.111.11
IN A 222.222.22.222
www cname www-balancer
webimages cname www-balancer
ldap cname ldap-balancer
Normally browser (ldap library, wget etc) will retry on another exposed address.
Thinking in large scale - extra load balancer layer is expensive as opposed to N+1 redundancy.
And you need to restart load balancers one-by-one just like having generic reverse proxies (squid, varnish, apache) on those addresses, so you have same internet-visible interruption for unplanned maintenance...
www-balancer IN A 111.111.111.111
IN A 222.222.222.222
ldap-balancer IN A 11.111.111.11
IN A 222.222.22.222
www cname www-balancer
webimages cname www-balancer
ldap cname ldap-balancer
Normally browser (ldap library, wget etc) will retry on another exposed address.
Thinking in large scale - extra load balancer layer is expensive as opposed to N+1 redundancy.
And you need to restart load balancers one-by-one just like having generic reverse proxies (squid, varnish, apache) on those addresses, so you have same internet-visible interruption for unplanned maintenance...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry - all modern internet client software is fully aware of DNS round robin scenario with some hosts out.
Client gets an error if no server in pool responds. No need to plant fear in newbies.
Actually in your scenario 1/3 of users will choose other IP (proxies will choose enough other IPs)
Client gets an error if no server in pool responds. No need to plant fear in newbies.
Actually in your scenario 1/3 of users will choose other IP (proxies will choose enough other IPs)
Sorry, you're absolutely right - I'd completely forgotten about client retry (which doesn't seem to be very clearly documented by anyone, even though most everyone supports it). Not only that, but I fumbled the explanation of round robin. In my defense, I was up several hours earlier than I normally am. Looks like I should stay off EE until I'm more awake!
I forgot about that too. The latest releases of all browsers will do retry look up if it can't connect the first time to a specific IP address.
So just by having two hosts, with an A record with two IP addresses you have round robin load balancing and "fail over."
So just by having two hosts, with an A record with two IP addresses you have round robin load balancing and "fail over."
Even better if you keep DNS TTL reasonable you can even plan the maintenance by bringing all but one servers down...
Yes, we set our TTL to 15 minutes. The only issue we have had is when somebody is using a caching DNS server configured to ignore our TTL, but that is their fault.
"It is not widely supported except notably by OpenLDAP and increasingly by VoIP systems in conjunction with the NAPTR RR."
Very few programs issue a lookup for SRV records. Issuing a lookup for a SRV record is a separate process from doing a normal host name look up. Just because you define SRV records does not mean that there is something out there actually using them.
I know of no web browsers that do SRV lookups. There could be one or two, but I don't know of any.