Comments inline. From: Igor Cicimov [mailto:[email protected]] Sent: July-08-17 11:20 PM To: Norman Branitsky <[email protected]> Cc: HAProxy <[email protected]> Subject: RE: HAProxy failover - DNS change cached by IE for a long time
Of course it can work see https://icicimov.github.io/blog/high-availability/Keepalived-in-Amazon-VPC-across-availability-zones/ Nice but way too complicated for my needs. I don’t have to guarantee uninterrupted failover for my app. I’m also planning to switch to a Docker Swarm based deployment with 2 Container Hosts – 1 in each Availability Zone. I originally planned to run standalone HAProxy servers, but it seems to me that if I create them as Docker Containers, then Docker Swarm will act like VRRP and automatically redirect traffic should one of the HAProxy containers fail. If your servers are in aws why are you not using Route53 then? It allows for low dns ttl even lower then 10 sec. It has many advanced options of load balancing and health checking for sure it is superior compared to NS1. I do have support for the Route53 api as well as DynECT and NS1. I’m using RightScale as a Cloud Management Platform for cloud “independence” so I need generic solutions. It was only on June 21 that AWS made the following announcement: https://aws.amazon.com/about-aws/whats-new/2017/06/amazon-route-53-announces-support-for-multivalue-answers-in-response-to-dns-queries/ If your app does not need sticky sessions you dont need peers setup and you can start using both haproxies right away. You can also set haproxy to insert its own cookies and mantain the stickinnes in that way. I've been using it that way with active-active haproxy servers for ages in AWS with Route53 dns health checks (min hc interval is 10 seconds though and additonal costs apply) for apps that need sticky sessions. All our apps require sticky sessions (I’ve been trying for 4 years to get this changed.) And 10 second Health Checks cost real money with AWS. The 30 second Health Checks with NS1 are included in our contract. The 60 second Health Checks using the DynECT Managed DNS Traffic Managers are in our contract. In HAProxy 1.5.18, I was using “appsession JSESSIONID”. In HAProxy 1.7.8, I’ve switched to letting HAProxy insert a SRV cookie. So I believe I can now safely change the NS1 Filter to round-robin mode. I’m guessing you think this will force IE to refresh its DNS cache. Just confirming that returning multiple records to the clients might fix ie10 issue. According to this https://blogs.msdn.microsoft.com/ieinternals/2012/09/26/braindump-dns/ ie10 will cache up to 256 records up to 30min and wil not respect ttl. You need to change this setting in the windows registry which you can't expect your costumers to do. Well maybe this is the solution to the problem. If I let NS1 and Route53 return a multi-value response of all the healthy HAProxy servers, then when a server goes offline, IE will mark it bad and failover to the next in the list. When the first server comes back online, IE won’t bother switching back.
