Advice on balancing web traffic using geoip ACls

Scott A. Wozny sawozny at hotmail.com
Sun Feb 23 01:25:13 UTC 2020


Greetings BIND gurus,

I’m setting up hot-hot webserver clusters hosted on the west and east coasts of the US and would like to use Bind 9.11.4 with the Maxmind GeoIP database to split the traffic about evenly between those clusters.  Most of the traffic will be from the US so what I would like most to do is set up my ACLs to use the longitude parameter in the city DB and send traffic less than X (let's say -85) to a zone file that prioritizes the west coast servers and those greater than X to the east coast servers.  However, when I look through the 9.11.4 ARM it doesn’t include the longitude field in the geoip available field list in section 7.1.  Has anyone tried this and it actually works as an undocumented feature or, because it’s not an “exact match” type operation, this is a non-starter?

If this isn’t an option at all, does anyone have any suggestions on how to get a reasonably close split with ACLs using the geoIP database?  My first thought is to do continent based assignments to west and east coast zone files for all the non North American IPs with country based assignments of the non-US North American countries and then region (which, in the US, I believe translates to states) based assignments within the US.   I would need to do some balancing, but it seems fairly straightforward.  The downside is that the list would be fairly long and ACLs in most software can be kind of a performance hit.

The other alternative I was considering was doing splits by time zone, but there are a little over 400 TZs in the MaxMind GeoLite DB last time I checked and that also seems like it would be a performance hit UNLESS I could use wildcards in the ACL to group overseas time zones.  While I’ve not seen a wildcard in a geoip ACL, that doesn’t necessarily mean it can’t be done so I was wondering if anyone was able to make that work.

Finally, I could try a hybrid of continent matches outside North America and then the North American timezones which seems like a reasonable compromise, but only if my preferred options of longitude < > isn’t available nor is wildcarding tz matches.  OR am I overthinking all of this and there is a simple answer for splitting my load that I haven’t thought of?  The documentation and examples available online are fairly limited so I thought I’d check with the people most likely to have actually done this.

Any thoughts or suggestions would be appreciated.

Thanks,

Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200223/4729bbd1/attachment.htm>


More information about the bind-users mailing list