Re: Anycast DNS - LB/LTM
I'm not familiar with LTM, so there is no need to check the pool with the script, LTM will know itself and stop advertising through some other mechanism when the pool is empty? therefore checking VIPA using the script is just redundant? From: David Klein To: ju wusuo Cc: "bind-users@lists.isc.org" Sent: Saturday, March 10, 2012 3:31 PM Subject: Re: Anycast DNS - LB/LTM Exactly. The script runs inside the LTM, and wraps "nslookup" or "dig". It should output a distinct output for success, and another distinct output for failure. It should only check the pool members, not the VIPA itself. If the pool is empty, the LTM will stop advertise the VIPA. -DTK On Fri, Mar 9, 2012 at 1:16 PM, ju wusuo wrote: so the script would run on the LTM, it will periodically check each physical DNS node, if one cannot resolve then takes it out of the pool; it will also check the VIP, if the VIP cannot resolve, pool is empty or LTM issue, stop the advertising? > > > > > From: David Klein >To: ju wusuo >Cc: "bind-users@lists.isc.org" >Sent: Wednesday, March 7, 2012 11:18 PM >Subject: Re: Anycast DNS > > > >You would need to create a custom script to use as your monitor, which does a >lookup of an address that you know will always be in your domain. If that >fails, force-down/inactive the node, and tie this script as a monitor to the >pool holding the DNS server nodes. > > >You can advertise the /32 containing the VIPA to the up-stream router via >either OSPF or IBGP, and if the pool goes empty, stop advertising the route >(the only option is stop advertising, not actively withdraw the route, since >that could cause a massive reconvergence cycle in your enterprise-wide RIB, if >done wrong, just because of a flapping interface). > > > > > > >HTH, > > > -DTK > > > >On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo wrote: > > >> >>thanks everyone for all responses with the great inputs .. >> >> >>now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to >>announce the routes dynamically for the DNS servers, and a VIP can be >>withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS >>service failure and stop sending over DNS queries, i.e., in the case a named >>is still up but just not able to resolve names (assuming LTM can detect a >>named is down)? >> >> >>___ >>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >>from this list >> >>bind-users mailing list >>bind-users@lists.isc.org >>https://lists.isc.org/mailman/listinfo/bind-users >> > > > >-- > >david t. klein > >Cisco Certified Network Associate (CSCO11281885) >Linux Professional Institute Certification (LPI000165615) >Redhat Certified Engineer (805009745938860) > >Quis custodiet ipsos custodes? > > > > > > -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes?___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Anycast DNS - LB/LTM
Exactly. The script runs inside the LTM, and wraps "nslookup" or "dig". It should output a distinct output for success, and another distinct output for failure. It should only check the pool members, not the VIPA itself. If the pool is empty, the LTM will stop advertise the VIPA. -DTK On Fri, Mar 9, 2012 at 1:16 PM, ju wusuo wrote: > so the script would run on the LTM, it will periodically check each > physical DNS node, if one cannot resolve then takes it out of the pool; it > will also check the VIP, if the VIP cannot resolve, pool is empty or LTM > issue, stop the advertising? > > -- > *From:* David Klein > *To:* ju wusuo > *Cc:* "bind-users@lists.isc.org" > *Sent:* Wednesday, March 7, 2012 11:18 PM > *Subject:* Re: Anycast DNS > > > You would need to create a custom script to use as your monitor, which > does a lookup of an address that you know will always be in your domain. If > that fails, force-down/inactive the node, and tie this script as a monitor > to the pool holding the DNS server nodes. > > You can advertise the /32 containing the VIPA to the up-stream router via > either OSPF or IBGP, and if the pool goes empty, stop advertising the route > (the only option is stop advertising, not actively withdraw the route, > since that could cause a massive reconvergence cycle in your > enterprise-wide RIB, if done wrong, just because of a flapping interface). > > > > HTH, > > -DTK > > > On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo wrote: > > > thanks everyone for all responses with the great inputs .. > > now if I want to put the DNS servers behind LBs, 1) would the LTMs be able > to announce the routes dynamically for the DNS servers, and a VIP can be > withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS > service failure and stop sending over DNS queries, i.e., in the case a > named is still up but just not able to resolve names (assuming LTM can > detect a named is down)? > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > > > -- > > david t. klein > > Cisco Certified Network Associate (CSCO11281885) > Linux Professional Institute Certification (LPI000165615) > Redhat Certified Engineer (805009745938860) > > Quis custodiet ipsos custodes? > > > > > > -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Anycast DNS - LB/LTM
so the script would run on the LTM, it will periodically check each physical DNS node, if one cannot resolve then takes it out of the pool; it will also check the VIP, if the VIP cannot resolve, pool is empty or LTM issue, stop the advertising? From: David Klein To: ju wusuo Cc: "bind-users@lists.isc.org" Sent: Wednesday, March 7, 2012 11:18 PM Subject: Re: Anycast DNS You would need to create a custom script to use as your monitor, which does a lookup of an address that you know will always be in your domain. If that fails, force-down/inactive the node, and tie this script as a monitor to the pool holding the DNS server nodes. You can advertise the /32 containing the VIPA to the up-stream router via either OSPF or IBGP, and if the pool goes empty, stop advertising the route (the only option is stop advertising, not actively withdraw the route, since that could cause a massive reconvergence cycle in your enterprise-wide RIB, if done wrong, just because of a flapping interface). HTH, -DTK On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo wrote: > >thanks everyone for all responses with the great inputs .. > > >now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to >announce the routes dynamically for the DNS servers, and a VIP can be >withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS >service failure and stop sending over DNS queries, i.e., in the case a named >is still up but just not able to resolve names (assuming LTM can detect a >named is down)? > > >___ >Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >from this list > >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users > -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes?___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
