CNAME used in Global Server Loadbalancing - is it RFC compliant ?
Kevin Darcy
kcd at chrysler.com
Wed May 27 17:46:50 UTC 2009
support at gday.ch wrote:
> Hello,
>
> we are using Global Server Loadbalancing (GSLB) for site redundancy.
>
> GSLB is based on DNS technology and works as follows
>
> -------------------------------
> standard implementation case
> -------------------------------
>
> www.example.com. NS loadbalancer-1.example.com.
> # --> ( LB located at site-a)
>
> www.example.com. NS loadbalancer-2.example.com.
> # --> ( LB located at site-b)
>
>
> # the loadbalancer (LB) resolves the DNS query for www.example.com, based
> # on load balancing criteria with a site specific public IP address
>
> loadbalancer-1.example.com. A 1.y.z.w
> loadbalancer-2.example.com. A 2.y.z.w
>
>
>
> -------------------------------
> ?? 'CNAME approach' in question
> -------------------------------
>
> (-) Above setup works fine and for each service and we need 2 public IP
> addresses one at each site hosted on the loadbalancer device.
>
> (--) now considering that we host the same application with different names
> on the same server we need for each one another 2 public IP addresses -
> this leads to an unnecessary waste of addresses (x * 2)
>
Why would you need a separate set of load-balancer addresses?
Are you assuming, or is it a requirement of your load-balancer
implementation, that a DNS query *must* be received on the same set of
VIPs which are given as A records in the response to the query?
That seems like a silly restriction.
Your load-balancers should be able to listen for DNS queries on a single
set of IPs and then differentiate their answers -- which may be
addresses from a completely separate address pool, if the load-balancers
are multi-homed -- based on the *name* that is being queried. Assuming
that's the case, then your 2 best options are
1) delegate each site name directly to that same set of load-balancer
names, e.g.
www.example.com. NS loadbalancer-1.example.com.
www.example.com. NS loadbalancer-2.example.com.
new-www.example.com. NS loadbalancer-1.example.com.
new-www.example.com. NS loadbalancer-2.example.com.
even-newer-www.example.com NS loadbalancer-1.example.com.
even-newer-www.example.com NS loadbalancer-2.example.com.
2) alias each site name to an arbitrarily-chosen name *underneath* a
common domain which is delegated to the load-balancers, using whatever
naming conventions for those alias targets that are most
comfortable/appropriate for your environment:
us3.lb.chrysler.com. NS gssoddi1.extra.chrysler.com.
us3.lb.chrysler.com. NS gsssdci1.extra.chrysler.com.
automobility.chrysler.com. CNAME brnd-vs.us3.lb.chrysler.com.
singapore.chrysler.com. CNAME int.us3.lb.chrysler.com.
econtract.chrysler.com. CNAME cfc-ec.us3.lb.chrysler.com.
> ==> NEW APPROACH
>
> Instead of using two new IP public addresses for the new service name I
> defined following:
>
> new-www.example.com CNAME www.example.com.
>
> ==> it works fine so far an the resolve process is as it should be, but
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Is it legitimate (RFC compliant) to use CNAME in this setup or is is just
> luck that it works and more compliant resolvers won't work properly ??
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
It's compliant, since the target of the CNAME (www.example.com) resolves
to A records (right?), once the delegation is followed. The relevant
restriction is that you can't point a CNAME at another CNAME; that's not
the case here.
But, again, I don't fully understand your load-balancer environment.
Maybe you're struggling with some ridiculous limitation of your
load-balancer implementation, that we've never had to deal with.
If you alias all of your site names to www.example.com, and that
resolves to the same set of IP addresses, how are you going to
differentiate one set of content from another set of content? Are all of
your backend servers populated with the necessary content and vhost
definitions for all of the sites that you intend to serve? That doesn't
seem very scalable or tunable to me.
Or, is your load-balancer looking at the Host: headers of the HTTP
packets and transparently redirecting them to the correct destinations?
That seems to me rather kludgey and inefficient, and if it's got that
level of coding complexity, it should be able to differentiate via the
query QNAME and you can implement one of the more straightforward
solutions I outlined above.
- Kevin
More information about the bind-users
mailing list