transparent DNS load-balancing with a Cisco ACE

[Phil Mayers]

On 10/19/2012 07:25 PM, John Miller wrote:

> Here's a question, however: how does one get probes working for a
> transparent LB setup?  If an rserver listens for connections on all
> interfaces, then probes work fine, but return traffic from the uses the
> machine's default IP (not the VIP that was originally queried) for the
> source address of the return traffic.

I'm not sure I understand this.

If a DNS request comes in on a particular IP, bind should reply from 
that IP, always. If it doesn't, something is going seriously wrong.

> What have people done to get probes working with transparent LB?  Are
> any of you using NAT to handle your dns traffic?  Not tying up NAT
> tables seems like the way to go, but lack of probes is a deal-breaker on
> this end.

We didn't have to do anything special, and I'm not sure why you have 
either. Our probes are just:

probe tcp TCP_53_RECDNS
   ip address <public ip>
   port 53
   interval 10

serverfarm host INTERNAL-DNS
   transparent
   predictor leastconns
   probe TCP_53_RECDNS
   rserver <private IP> 53
     inservice

The ACE uses ARP to discover the destination MAC of the private IP, but 
sends an IP packet to that MAC with a destination of the public IP. The 
DNS reply comes back from that, and all is well.

I get the feeling I'm not understanding what isn't working for you; can 
you describe the failure in more detail? What server OS are you running, 
and can you describe the network config?

Cheers,
Phil