transparent DNS load-balancing with a Cisco ACE
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 24 22:10:36 UTC 2012
On 10/19/2012 07:25 PM, John Miller wrote:
> Here's a question, however: how does one get probes working for a
> transparent LB setup? If an rserver listens for connections on all
> interfaces, then probes work fine, but return traffic from the uses the
> machine's default IP (not the VIP that was originally queried) for the
> source address of the return traffic.
I'm not sure I understand this.
If a DNS request comes in on a particular IP, bind should reply from
that IP, always. If it doesn't, something is going seriously wrong.
> What have people done to get probes working with transparent LB? Are
> any of you using NAT to handle your dns traffic? Not tying up NAT
> tables seems like the way to go, but lack of probes is a deal-breaker on
> this end.
We didn't have to do anything special, and I'm not sure why you have
either. Our probes are just:
probe tcp TCP_53_RECDNS
ip address <public ip>
port 53
interval 10
serverfarm host INTERNAL-DNS
transparent
predictor leastconns
probe TCP_53_RECDNS
rserver <private IP> 53
inservice
The ACE uses ARP to discover the destination MAC of the private IP, but
sends an IP packet to that MAC with a destination of the public IP. The
DNS reply comes back from that, and all is well.
I get the feeling I'm not understanding what isn't working for you; can
you describe the failure in more detail? What server OS are you running,
and can you describe the network config?
Cheers,
Phil
More information about the bind-users
mailing list