<div dir="ltr">Mike,<div><br></div><div>You can have Dyn or a script check data centers to verify that they are up and remove whole DCs from DNS if they fail.</div><div><br></div><div>You would then run HAProxy in each data center to remove individual servers from rotation as it is much faster and manages client sessions.</div><div><br></div><div>DNS is preferred at the global level because you can have many DNS server around the world serving the same zone. HAProxy clusters, as far as I am aware, run in one DC. All requests regardless of location would have to make their initial request to one central location before getting a more appropriate DC, not to mention if that central DC hosting HAProxy goes down you are now 100% down worldwide.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 31, 2014 at 10:46 AM, Mike Nolte <span dir="ltr"><<a href="mailto:obiwanmikenolte@gmail.com" target="_blank">obiwanmikenolte@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Will,<br><br></div>Is there a way to do health checks with GeoDNS? In my brain, it seems like DNS would know proximity and preference, but it would still dole out IPs that might not be responding to a particular service. I hope I'm wrong, because that would be sweet.<br><br></div>I agree that HAProxy, while awesome, might not be what David's asking for, but his use case isn't quite clear enough. When I first read his description, I was thinking that he was asking for some kind of smart routing or heartbeat-type functionality, but Ryan had already given a good answer.<br><br>David, if it wasn't HAProxy, can you be more specific about what you want?<br><br></div>Yours in Christ,<br>Mike<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 31, 2014 at 10:31 AM, Will <span dir="ltr"><<a href="mailto:will.sterling@gmail.com" target="_blank">will.sterling@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">David,<div><br></div><div>The kind of load balancing you are trying to accomplish is typically done at DNS. Usually in a large globally disperse set of DNS servers and if you are not a large serivce provider you probably pay someone like Dyn to do it for you. But you could spin up DNS servers all over the world now pretty quickly using various Iaas providers so who needs Dyn right?</div><div><br></div><div>HAProxy is best suited to load balancing traffic over servers in a local data center <u>after</u> a client has been directed to the appropriate DC via DNS.</div><div><br></div><div>This blog describes how to solve your problem using BIND</div><div><a href="http://backreference.org/2010/02/01/geolocation-aware-dns-with-bind/" target="_blank">http://backreference.org/2010/02/01/geolocation-aware-dns-with-bind/</a><br></div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 30, 2014 at 9:34 AM, Ryan Naef <span dir="ltr"><<a href="mailto:rnaef@aspdd.com" target="_blank">rnaef@aspdd.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">David,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">That should not be an issue.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">You would set up your acl’s for each of your networks:<u></u><u></u></span></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">acl networkA x.x.x.x<u></u><u></u></span></i></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">acl networkB x.x.x.y …<u></u><u></u></span></i></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">Then set the backends to use:<u></u><u></u></span></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">use_backend destNodeA if networkA<u></u><u></u></span></i></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">use_backend destNodeC if networkD<u></u><u></u></span></i></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"><u></u> <u></u></span></i></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">default_backend destNodeA<u></u><u></u></span></i></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">Then your backends:<u></u><u></u></span></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">backend destNodeA<u></u><u></u></span></i></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">…<u></u><u></u></span></i></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">Server nodeA z.z.z.z:pp options weight 256<u></u><u></u></span></i></p><p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">Server nodeB z.z.z.y:pp options weight 1<u></u><u></u></span></i></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">So for each network you can specify which backends to use, how often to check and even what port to connect on.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"><u></u> <u></u></span></p><div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">Regards,</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#244061"><br></span><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">Ryan Naef</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#244061"><br></span><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">Systems Administrator</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#244061"><br></span><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">Web Development</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#244061"><br></span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061"><br></span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061">Direct: <a href="tel:%28303%29%20532-4536" value="+13035324536" target="_blank">(303) 532-4536</a>, <a href="tel:%28303%29%20682-3621" value="+13036823621" target="_blank">(303) 682-3621</a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061">Toll Free: <a href="tel:%28866%29%20764-8324" value="+18667648324" target="_blank">(866) 764-8324</a></span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061"><br></span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061">Fax: <a href="tel:%28877%29%20495-9165" value="+18774959165" target="_blank">(877) 495-9165</a></span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061"><br></span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061">Email:</span><u><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:blue"><a>rnaef</a>@<a href="http://aspdd.com" target="_blank">aspdd.com</a></span></u><u><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:blue"><br></span></u><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061">Web: <a title="blocked::http://www.aspdd.com/
http://www.aspdd.com/">aspdd.com</a></span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061"><br><br></span><span style="font-size:7.5pt;font-family:"Calibri","sans-serif";color:#244061">This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, and contain information intended for the specified individual(s) only. This information is confidential. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited. If you have received this communication in error or wish to be removed from the Email list, please notify us immediately by e-mail, and delete the original message.</span><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#244061"><u></u><u></u></span></p></div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"><u></u> <u></u></span></p><div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal" style="margin-left:.5in"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:clue-bounces@cluedenver.org" target="_blank">clue-bounces@cluedenver.org</a> [mailto:<a href="mailto:clue-bounces@cluedenver.org" target="_blank">clue-bounces@cluedenver.org</a>] <b>On Behalf Of </b>David L. Willson<br><b>Sent:</b> Thursday, October 30, 2014 9:21 AM<span><br><b>To:</b> CLUE's mailing list<br></span><b>Subject:</b> Re: [clue] load-balancing<u></u><u></u></span></p></div></div><div><div><p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:12.0pt;margin-left:.5in"><span style="color:black">Thanks Ryan,<br><br>Here's the thing I need that might be hard, I need to be able to satisfy these assertions: <br><br>For source networks A, B, and C, dest-node A is preferred, B is a usable standby, but dest-node C should never be tried (even if it's up).<br>For source networks C, D, and E, dest-node C is preferred, B is a usable standby, but dest-node A should never be tried (even if it's up).<br><br>Do you think HAProxy is up to that?<u></u><u></u></span></p><div><p class="MsoNormal" style="margin-left:.5in"><span style="color:black">--<br>David L. Willson<br>Teacher, Engineer, Evangelist<br>RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA<br>Mobile 720-333-LANS(5267)<br><a href="http://sofree.us" target="_blank">http://sofree.us</a><br><br>This is a good time for a r3VOLution.<u></u><u></u></span></p></div><p class="MsoNormal" style="margin-left:.5in"><span style="color:black"><u></u> <u></u></span></p><div class="MsoNormal" style="margin-left:.5in;text-align:center" align="center"><span style="color:black"><hr size="2" width="100%" align="center"></span></div><blockquote style="border:none;border-left:solid #1010ff 1.5pt;padding:0in 0in 0in 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-bottom:5.0pt"><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">David,</span><span style="color:black"><u></u><u></u></span></p><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">While I do not profess to be an HAProxy expert, we have used it to check most of the boxes on your list in the past. </span><span style="color:black"><u></u><u></u></span></p><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">You can use the weight parameter on your backend servers to specify where the traffic is preferred – a value of 256 for your primary and 1 as your failover should accomplish what you are looking for. </span><span style="color:black"><u></u><u></u></span></p><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">You can also write IP based ACL’s to set traffic from each network to specific backends. </span><span style="color:black"><u></u><u></u></span></p><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"> </span><span style="color:black"><u></u><u></u></span></p><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061">There are some limitations – HAProxy will only support TCP, and I have had issues with some ssl. </span><span style="color:black"><u></u><u></u></span></p><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"> </span><span style="color:black"><u></u><u></u></span></p><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:12.0pt;margin-left:.5in"><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">Regards,</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#244061"><br></span><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black">Ryan Naef</span></b><span style="color:black"><u></u><u></u></span></p></div><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#244061"> </span><span style="color:black"><u></u><u></u></span></p><div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal" style="margin-left:1.0in"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"> <a href="mailto:clue-bounces@cluedenver.org" target="_blank">clue-bounces@cluedenver.org</a> [<a href="mailto:clue-bounces@cluedenver.org" target="_blank">mailto:clue-bounces@cluedenver.org</a>] <b>On Behalf Of </b>David L. Willson<br><b>Sent:</b> Thursday, October 30, 2014 7:43 AM<br><b>To:</b> CLUE's mailing list<br><b>Subject:</b> [clue] load-balancing</span><span style="color:black"><u></u><u></u></span></p></div></div><p class="MsoNormal" style="margin-left:1.0in"><span style="color:black"> <u></u><u></u></span></p><div><p class="MsoNormal" style="margin-left:1.0in"><span style="color:black">I am looking for an intelligent load-balancer. It needs to understand proximity / preference. I want to be able to send all the clients from (these networks) to this node, unless it's down, or fully-loaded, or otherwise uninterested in new connections, then send them to this node, instead.<br><br>I don't mind if I have to setup the preference rules (which networks prefer which servers), but it would be cool if I didn't have to.<u></u><u></u></span></p><p style="margin-left:1.0in"><span style="color:black"> <u></u><u></u></span></p><p style="margin-left:1.0in"><span style="color:black">I'd *strongly* prefer a solution that doesn't generate vendor lock-in. ie: I don't mind paying for it, but I'd like to preserve the freedom to choose *who* to pay.<u></u><u></u></span></p><p style="margin-left:1.0in"><span style="color:black"> <u></u><u></u></span></p><p style="margin-left:1.0in"><span style="color:black">It would be really great if someone that has a lot of experience with HAProxy confidently said something like, "Oh yeah, it does all that. Just do this and this, and that, and it works great, lasts a long time, and you'll lose weight doing it."<u></u><u></u></span></p><p style="margin-left:1.0in"><span style="color:black"> <u></u><u></u></span></p><div><p class="MsoNormal" style="margin-left:1.0in"><span style="color:black">--<br>David L. Willson<br>Teacher, Engineer, Evangelist<br>RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA<br>*killed my phone on Sunday. This space for rent.*<br><a href="http://sofree.us" target="_blank">http://sofree.us</a><br><br>This is a good time for a r3VOLution.<u></u><u></u></span></p></div><p class="MsoNormal" style="margin-left:1.0in"><span style="color:black"> <u></u><u></u></span></p></div><p class="MsoNormal" style="margin-left:.5in"><span style="font-family:"Helvetica","sans-serif";color:black"><br>_______________________________________________<br>clue mailing list: <a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>For information, account preferences, or to unsubscribe see:<br><a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><u></u><u></u></span></p></blockquote><p class="MsoNormal" style="margin-left:.5in"><span style="color:black"><u></u> <u></u></span></p></div></div></div></div></div><br>_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br></blockquote></div><br></div>