The Cisco CSS (and the newer Cisco ACE module) load balancers handle DNS
very well by disabling flow management for port 53 UDP packets. The CSS
provides a robust single point of service for DNS that isolates the clients
from the back-end servers. We also use anycasting with multipe CSS's
advertising the DNS service address host routes. And the CSS scripted
keepalives are more reliable than having the servers check their own health.
A warning for anyone considering anycasting with the ACE Appliances (as
opposed to the ACE modules): the ACE appliances have no routing protocols
and no other way to communicate route health.
The CSS worked well for us because we already had several in operation, and
they made it very easy to add considerable value. However, I think the IP
SLA router feature looks like a very attractive way to eliminate the CSS's
from our anycast architecture. While the CSS's have worked well for DNS,
they can only work where they happen to already exist -- we cannot justify
buying load balancers just for DNS purposes -- and with the lack of OSPF on
the ACE appliances -- which is our impending upgrade path -- we will be
migrating DNS off of the load balancers asap.
FWIW
--
Gordon A. Lang / 313-819-7978
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users