Cisco ACE config for internal DNS load balancing
Phil Mayers
p.mayers at imperial.ac.uk
Fri Mar 9 16:39:53 UTC 2012
On 09/03/12 16:23, Matthew Huff wrote:
> Anyone have any suggestions/best practices/config examples for DNS load
> balancing for internal use on CISCO ACE blades?
>
> I’ve got the standard example working, but wondered about keepalive
> frequency, timeouts, fragments, etc…
>
> Anyone got any examples they use that they could share?
We do transparent LB; the servers all have the service VIP as a /32 on
their loopback interface. The packet flow is:
Req: client -> ace -> dns server
Rsp: dns server -> client
This has the advantage that the DNS servers don't have to sit "behind"
the ACE.
We then use this config:
probe tcp TCP_53_RECDNS
ip address <the service VIP>
port 53
interval 10
serverfarm host INTERNAL-DNS
transparent
predictor leastconns
probe TCP_53_RECDNS
rserver RSERVER1 53
inservice
rserver RSERVER2 53
inservice
rserver RSERVER3 53
inservice
rserver RSERVER4 53
inservice
class-map match-any VIP_RECURSIVE-DNS
2 match virtual-address <the service VIP> udp eq domain
3 match virtual-address <the service VIP> tcp eq domain
policy-map type loadbalance first-match SLB_INTERNAL-DNS
class class-default
serverfarm INTERNAL-DNS
policy-map multi-match VIPS_VLANXX
class VIP_RECURSIVE-DNS
loadbalance vip inservice
loadbalance policy SLB_INTERNAL-DNS
loadbalance vip icmp-reply
loadbalance vip advertise
We didn't fiddle with the keepalive, probes, or anything else. It's been
very well behaved in this config.
More information about the bind-users
mailing list