Advice on balancing web traffic using geoip ACls

Scott A. Wozny sawozny at hotmail.com
Sun Feb 23 19:37:14 UTC 2020


Thanks for your reply.  I'm starting to really examine my motivations behind traffic splitting by geography.  While I definitely want to run traffic to all web servers at all times (outside maintenance time and down time) the user performance delta of geographical load balancing may not be worth the hassle and, more importantly, with large central caches being so popular, may not ACTUALLY be routing users to their closest data center, anyway.

CDN and anycast are intriguing options in the trade-off of cost for development effort.  Not sure if they're going to work for my situation, but I appreciate the suggestion.

Thanks,

Scott


________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Timothe Litt <litt at acm.org>
Sent: February 23, 2020 10:44 AM
To: bind-users at lists.isc.org <bind-users at lists.isc.org>
Subject: Re: Advice on balancing web traffic using geoip ACls


"Splitting traffic evenly" may not be in the interest of your clients - suppose their locations are skewed?


In any case, this seems like a lot of work - including committing to ongoing maintenance - for not much gain.


Consider setting up an anycast address - let the network do the work.  This will route to the server closest to the client.  You can do this with two DNS servers - pair each with a webserver, have the zone file select the corresponding webserver.  And/Or the webservers - works well for static content; there's a distributed DB challenge.


(It might be nice if someone with experience could write an end-to-end tutorial on how to do this - from obtaining a suitable address - at a reasonable cost - to setting up the BGP routing to the servers...)


Of course the simplest way out is to use a CDN - as this is a previously solved problem.  It trades money for effort, which may be worthwhile if it allows you to concentrate on your unique value proposition.


Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.


On 22-Feb-20 20:25, Scott A. Wozny wrote:
Greetings BIND gurus,

I’m setting up hot-hot webserver clusters hosted on the west and east coasts of the US and would like to use Bind 9.11.4 with the Maxmind GeoIP database to split the traffic about evenly between those clusters.  Most of the traffic will be from the US so what I would like most to do is set up my ACLs to use the longitude parameter in the city DB and send traffic less than X (let's say -85) to a zone file that prioritizes the west coast servers and those greater than X to the east coast servers.  However, when I look through the 9.11.4 ARM it doesn’t include the longitude field in the geoip available field list in section 7.1.  Has anyone tried this and it actually works as an undocumented feature or, because it’s not an “exact match” type operation, this is a non-starter?

If this isn’t an option at all, does anyone have any suggestions on how to get a reasonably close split with ACLs using the geoIP database?  My first thought is to do continent based assignments to west and east coast zone files for all the non North American IPs with country based assignments of the non-US North American countries and then region (which, in the US, I believe translates to states) based assignments within the US.   I would need to do some balancing, but it seems fairly straightforward.  The downside is that the list would be fairly long and ACLs in most software can be kind of a performance hit.

The other alternative I was considering was doing splits by time zone, but there are a little over 400 TZs in the MaxMind GeoLite DB last time I checked and that also seems like it would be a performance hit UNLESS I could use wildcards in the ACL to group overseas time zones.  While I’ve not seen a wildcard in a geoip ACL, that doesn’t necessarily mean it can’t be done so I was wondering if anyone was able to make that work.

Finally, I could try a hybrid of continent matches outside North America and then the North American timezones which seems like a reasonable compromise, but only if my preferred options of longitude < > isn’t available nor is wildcarding tz matches.  OR am I overthinking all of this and there is a simple answer for splitting my load that I haven’t thought of?  The documentation and examples available online are fairly limited so I thought I’d check with the people most likely to have actually done this.

Any thoughts or suggestions would be appreciated.

Thanks,

Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200223/ebf1b967/attachment-0001.htm>


More information about the bind-users mailing list