On 09/03/12 16:23, Matthew Huff wrote:
Anyone have any suggestions/best practices/config examples for DNS load
balancing for internal use on CISCO ACE blades?
I’ve got the standard example working, but wondered about keepalive
frequency, timeouts, fragments, etc…
Anyone got any examples they use that they could share?
We do transparent LB; the servers all have the service VIP as a /32 on
their loopback interface. The packet flow is:
Req: client -> ace -> dns server
Rsp: dns server -> client
This has the advantage that the DNS servers don't have to sit "behind"
the ACE.
We then use this config:
probe tcp TCP_53_RECDNS
ip address <the service VIP>
port 53
interval 10
serverfarm host INTERNAL-DNS
transparent
predictor leastconns
probe TCP_53_RECDNS
rserver RSERVER1 53
inservice
rserver RSERVER2 53
inservice
rserver RSERVER3 53
inservice
rserver RSERVER4 53
inservice
class-map match-any VIP_RECURSIVE-DNS
2 match virtual-address <the service VIP> udp eq domain
3 match virtual-address <the service VIP> tcp eq domain
policy-map type loadbalance first-match SLB_INTERNAL-DNS
class class-default
serverfarm INTERNAL-DNS
policy-map multi-match VIPS_VLANXX
class VIP_RECURSIVE-DNS
loadbalance vip inservice
loadbalance policy SLB_INTERNAL-DNS
loadbalance vip icmp-reply
loadbalance vip advertise
We didn't fiddle with the keepalive, probes, or anything else. It's been
very well behaved in this config.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
