Advice on balancing web traffic using geoip ACls

Sun Feb 23 15:44:55 UTC 2020

"Splitting traffic evenly" may not be in the interest of your clients -
suppose their locations are skewed?

In any case, this seems like a lot of work - including committing to
ongoing maintenance - for not much gain.

Consider setting up an anycast address - let the network do the work. 
This will route to the server closest to the client.  You can do this
with two DNS servers - pair each with a webserver, have the zone file
select the corresponding webserver.  And/Or the webservers - works well
for static content; there's a distributed DB challenge.

(It might be nice if someone with experience could write an end-to-end
tutorial on how to do this - from obtaining a suitable address - at a
reasonable cost - to setting up the BGP routing to the servers...)

Of course the simplest way out is to use a CDN - as this is a previously
solved problem.  It trades money for effort, which may be worthwhile if
it allows you to concentrate on your unique value proposition.

Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

On 22-Feb-20 20:25, Scott A. Wozny wrote:
> Greetings BIND gurus,
>
> I’m setting up hot-hot webserver clusters hosted on the west and east
> coasts of the US and would like to use Bind 9.11.4 with the Maxmind
> GeoIP database to split the traffic about evenly between those
> clusters.  Most of the traffic will be from the US so what I would
> like most to do is set up my ACLs to use the longitude parameter in
> the city DB and send traffic less than X (let's say -85) to a zone
> file that prioritizes the west coast servers and those greater than X
> to the east coast servers.  However, when I look through the 9.11.4
> ARM it doesn’t include the longitude field in the geoip available
> field list in section 7.1.  Has anyone tried this and it actually
> works as an undocumented feature or, because it’s not an “exact match”
> type operation, this is a non-starter?
>
> If this isn’t an option at all, does anyone have any suggestions on
> how to get a reasonably close split with ACLs using the geoIP
> database?  My first thought is to do continent based assignments to
> west and east coast zone files for all the non North American IPs with
> country based assignments of the non-US North American countries and
> then region (which, in the US, I believe translates to states) based
> assignments within the US.   I would need to do some balancing, but it
> seems fairly straightforward.  The downside is that the list would be
> fairly long and ACLs in most software can be kind of a performance hit.  
>
> The other alternative I was considering was doing splits by time zone,
> but there are a little over 400 TZs in the MaxMind GeoLite DB last
> time I checked and that also seems like it would be a performance hit
> UNLESS I could use wildcards in the ACL to group overseas time zones.
>  While I’ve not seen a wildcard in a geoip ACL, that doesn’t
> necessarily mean it can’t be done so I was wondering if anyone was
> able to make that work.
>
> Finally, I could try a hybrid of continent matches outside North
> America and then the North American timezones which seems like a
> reasonable compromise, but only if my preferred options of longitude <
> > isn’t available nor is wildcarding tz matches.  OR am I overthinking
> all of this and there is a simple answer for splitting my load that I
> haven’t thought of?  The documentation and examples available online
> are fairly limited so I thought I’d check with the people most likely
> to have actually done this.
>
> Any thoughts or suggestions would be appreciated.
>
> Thanks,
>
> Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200223/4c375db0/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200223/4c375db0/attachment-0001.bin>