[clue] load-balancing

Will will.sterling at gmail.com
Fri Oct 31 11:11:31 MDT 2014


Mike,

You can have Dyn or a script check data centers to verify that they are up
and remove whole DCs from DNS if they fail.

You would then run HAProxy in each data center to remove individual servers
from rotation as it is much faster and manages client sessions.

DNS is preferred at the global level because you can have many DNS server
around the world serving the same zone.  HAProxy clusters, as far as I am
aware, run in one DC. All requests regardless of location would have to
make their initial request to one central location before getting a more
appropriate DC, not to mention if that central DC hosting HAProxy goes down
you are now 100% down worldwide.

On Fri, Oct 31, 2014 at 10:46 AM, Mike Nolte <obiwanmikenolte at gmail.com>
wrote:

> Will,
>
> Is there a way to do health checks with GeoDNS?  In my brain, it seems
> like DNS would know proximity and preference, but it would still dole out
> IPs that might not be responding to a particular service.  I hope I'm
> wrong, because that would be sweet.
>
> I agree that HAProxy, while awesome, might not be what David's asking for,
> but his use case isn't quite clear enough.  When I first read his
> description, I was thinking that he was asking for some kind of smart
> routing or heartbeat-type functionality, but Ryan had already given a good
> answer.
>
> David, if it wasn't HAProxy, can you be more specific about what you want?
>
> Yours in Christ,
> Mike
>
> On Fri, Oct 31, 2014 at 10:31 AM, Will <will.sterling at gmail.com> wrote:
>
>> David,
>>
>> The kind of load balancing you are trying to accomplish is typically done
>> at DNS.  Usually in a large globally disperse set of DNS servers and if you
>> are not a large serivce provider you probably pay someone like Dyn to do it
>> for you.  But you could spin up DNS servers all over the world now pretty
>> quickly using various Iaas providers so who needs Dyn right?
>>
>> HAProxy is best suited to load balancing traffic over servers in a local
>> data center *after* a client has been directed to the appropriate DC via
>> DNS.
>>
>> This blog describes how to solve your problem using BIND
>> http://backreference.org/2010/02/01/geolocation-aware-dns-with-bind/
>>
>>
>> On Thu, Oct 30, 2014 at 9:34 AM, Ryan Naef <rnaef at aspdd.com> wrote:
>>
>>> David,
>>>
>>> That should not be an issue.
>>>
>>>
>>>
>>> You would set up your acl’s for each of your networks:
>>>
>>> *acl networkA x.x.x.x*
>>>
>>> *acl networkB x.x.x.y …*
>>>
>>>
>>>
>>> Then set the backends to use:
>>>
>>> *use_backend destNodeA if networkA*
>>>
>>> *use_backend destNodeC if networkD*
>>>
>>>
>>>
>>> *default_backend destNodeA*
>>>
>>>
>>>
>>> Then your backends:
>>>
>>> *backend destNodeA*
>>>
>>> *…*
>>>
>>> *Server nodeA z.z.z.z:pp options weight 256*
>>>
>>> *Server nodeB z.z.z.y:pp options weight 1*
>>>
>>>
>>>
>>>
>>>
>>> So for each network you can specify which backends to use, how often to
>>> check and even what port to connect on.
>>>
>>>
>>>
>>> *Regards,*
>>> *Ryan Naef*
>>> *Systems Administrator*
>>> *Web Development*
>>>
>>> Direct: (303) 532-4536, (303) 682-3621
>>>
>>> Toll Free: (866) 764-8324
>>> Fax: (877) 495-9165
>>> Email:*rnaef at aspdd.com <http://aspdd.com>*
>>> Web: aspdd.com
>>>
>>> This message and accompanying documents are covered by the Electronic
>>> Communications Privacy Act, 18 U.S.C. 2510-2521, and contain information
>>> intended for the specified individual(s) only. This information is
>>> confidential. If you are not the intended recipient or an agent responsible
>>> for delivering it to the intended recipient, you are hereby notified that
>>> you have received this document in error and that any review,
>>> dissemination, copying, or the taking of any action based on the contents
>>> of this information is strictly prohibited. If you have received this
>>> communication in error or wish to be removed from the Email list, please
>>> notify us immediately by e-mail, and delete the original message.
>>>
>>>
>>>
>>> *From:* clue-bounces at cluedenver.org [mailto:clue-bounces at cluedenver.org]
>>> *On Behalf Of *David L. Willson
>>> *Sent:* Thursday, October 30, 2014 9:21 AM
>>> *To:* CLUE's mailing list
>>> *Subject:* Re: [clue] load-balancing
>>>
>>>
>>>
>>> Thanks Ryan,
>>>
>>> Here's the thing I need that might be hard, I need to be able to satisfy
>>> these assertions:
>>>
>>> For source networks A, B, and C, dest-node A is preferred, B is a usable
>>> standby, but dest-node C should never be tried (even if it's up).
>>> For source networks C, D, and E, dest-node C is preferred, B is a usable
>>> standby, but dest-node A should never be tried (even if it's up).
>>>
>>> Do you think HAProxy is up to that?
>>>
>>> --
>>> David L. Willson
>>> Teacher, Engineer, Evangelist
>>> RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA
>>> Mobile 720-333-LANS(5267)
>>> http://sofree.us
>>>
>>> This is a good time for a r3VOLution.
>>>
>>>
>>> ------------------------------
>>>
>>> David,
>>>
>>> While I do not profess to be an HAProxy expert, we have used it to check
>>> most of the boxes on your list in the past.
>>>
>>> You can use the weight parameter on your backend servers to specify
>>> where the traffic is preferred – a value of 256 for your primary and 1 as
>>> your failover should accomplish what you are looking for.
>>>
>>> You can also write IP based ACL’s to set traffic from each network to
>>> specific backends.
>>>
>>>
>>>
>>> There are some limitations – HAProxy will only support TCP, and I have
>>> had issues with some ssl.
>>>
>>>
>>>
>>> *Regards,*
>>> *Ryan Naef*
>>>
>>>
>>>
>>> *From:* clue-bounces at cluedenver.org [mailto:clue-bounces at cluedenver.org
>>> <clue-bounces at cluedenver.org>] *On Behalf Of *David L. Willson
>>> *Sent:* Thursday, October 30, 2014 7:43 AM
>>> *To:* CLUE's mailing list
>>> *Subject:* [clue] load-balancing
>>>
>>>
>>>
>>> I am looking for an intelligent load-balancer. It needs to understand
>>> proximity / preference. I want to be able to send all the clients from
>>> (these networks) to this node, unless it's down, or fully-loaded, or
>>> otherwise uninterested in new connections, then send them to this node,
>>> instead.
>>>
>>> I don't mind if I have to setup the preference rules (which networks
>>> prefer which servers), but it would be cool if I didn't have to.
>>>
>>>
>>>
>>> I'd *strongly* prefer a solution that doesn't generate vendor lock-in.
>>> ie: I don't mind paying for it, but I'd like to preserve the freedom to
>>> choose *who* to pay.
>>>
>>>
>>>
>>> It would be really great if someone that has a lot of experience with
>>> HAProxy confidently said something like, "Oh yeah, it does all that. Just
>>> do this and this, and that, and it works great, lasts a long time, and
>>> you'll lose weight doing it."
>>>
>>>
>>>
>>> --
>>> David L. Willson
>>> Teacher, Engineer, Evangelist
>>> RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA
>>> *killed my phone on Sunday. This space for rent.*
>>> http://sofree.us
>>>
>>> This is a good time for a r3VOLution.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> clue mailing list: clue at cluedenver.org
>>> For information, account preferences, or to unsubscribe see:
>>> http://cluedenver.org/mailman/listinfo/clue
>>>
>>>
>>>
>>> _______________________________________________
>>> clue mailing list: clue at cluedenver.org
>>> For information, account preferences, or to unsubscribe see:
>>> http://cluedenver.org/mailman/listinfo/clue
>>>
>>
>>
>> _______________________________________________
>> clue mailing list: clue at cluedenver.org
>> For information, account preferences, or to unsubscribe see:
>> http://cluedenver.org/mailman/listinfo/clue
>>
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20141031/30f4117d/attachment-0001.html 


More information about the clue mailing list