Thank you, Maksim - this is well presented. Have you already posted or plan to post a similar description of using haproxy for Knox?
On Tue, Dec 24, 2013 at 2:07 PM, Maksim Kononenko < [email protected]> wrote: > Hi all! > > Here are results of "simulating" DNS Round Robin. > > For this purpose I used BIND DNS Server. > Here are links how to install/configure it: > > https://www.digitalocean.com/community/articles/how-to-install-the-bind-dns-server-on-centos-6 > http://www.centos.org/docs/2/rhl-rg-en-7.2/s1-bind-configuration.html > http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-bind-zone.html > > Also here are steps that I executed to configure BIND Server. It is > expected that BIND Sever has been installed successfully: > 1. Configure "/etc/named.conf" file. I used configuration template from > links listed above: > > options { > #listen-on port 53 { 127.0.0.1; }; > listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > allow-query { any; }; > allow-transfer { localhost; }; > recursion no; > > dnssec-enable yes; > dnssec-validation yes; > dnssec-lookaside auto; > > /* Path to ISC DLV key */ > bindkeys-file "/etc/named.iscdlv.key"; > > managed-keys-directory "/var/named/dynamic"; > }; > > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > > zone "." IN { > type hint; > file "named.ca"; > }; > > zone "mydomain.com" IN { > type master; > file "mydomain.com.zone"; > allow-update { none; }; > }; > > include "/etc/named.rfc1912.zones"; > include "/etc/named.root.key"; > > > > 2. Configure "/var/named/mydomain.com.zone" file. I used configuration > template from links listed above: > > $TTL 86400 > @ IN SOA ns1.mydomain.com. root.mydomain.com. ( > 2013042201 ;Serial > 3600 ;Refresh > 1800 ;Retry > 604800 ;Expire > 86400 ;Minimum TTL > ) > ; Specify our two nameservers > IN NS ns1.mydomain.com. > ; Resolve nameserver hostnames to IP, replace with your two droplet IP > addresses. > ns1 IN A 192.168.56.104 > > ; Define hostname -> IP pairs which you wish to resolve > knox IN A 192.168.56.105 > knox IN A 192.168.56.106 > > > Here: > 192.168.56.104 - it is nameserver IP. BIND is installed here. > 192.168.56.105 and 192.168.56.106 - hosts where Knox istances are > installed. > > I used "mydomain.com" as domain name, so to talk to Knox I use " > knox.mydomain.com" host name. > > > 3. On host with tests I added to "/etc/resolv.conf" additional line: > nameserver 192.168.56.104 > > It points to host where BIND DNS Server is installed. Now client host can > talk to BIND Server to resolve "knox.mydomain.com" host name. > > > > > Now here is some description of how DNS RR works (all what I managed to > find and understand :) ): > 1. DNS Server responses to client's request with all possible IPs. > IPs order is changed every time - this way DNS server makes RR. > To check it, use "dig knox.mydomain.com" command. In my case it contains: > > ;; ANSWER SECTION: > knox.mydomain.com. 86400 IN A 192.168.56.105 > knox.mydomain.com. 86400 IN A 192.168.56.106 > > Next time I got: > > ;; ANSWER SECTION: > knox.mydomain.com. 86400 IN A 192.168.56.106 > knox.mydomain.com. 86400 IN A 192.168.56.105 > > Client is then responsible for selecting IP address/failover. > > 2. DNS RR is not required to support session stickiness. > > 3. Resolved IPs are cached in different layers and caching can be > configured. For clear picture, please read > http://en.wikipedia.org/wiki/DNS#Record_caching. Also you can read > http://en.wikipedia.org/wiki/DNS#Client_lookup. > > 4. I ran some tests using FF browser, Knox samples, CURL, ping command. > > They gave me following results: > - these clients internally select IP from the received list. > - these clients can provide session stickiness; > - these clients can provide failover; > > > So, I can conclude that HAProxy takes all resposibility for hiding proxied > instances, load balancing, session stickiness, failover, whereas DNS RR > just provides a list of all hosts (which is different every time) and > delegates all resposibility to clients. > > > Maksim. > > -- > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader > of this message is not the intended recipient, you are hereby notified that > any printing, copying, dissemination, distribution, disclosure or > forwarding of this communication is strictly prohibited. If you have > received this communication in error, please contact the sender immediately > and delete it from your system. Thank You. >
