DNS load balancing

Andy Bennett andyjpb at ashurst.eu.org
Tue May 11 10:00:57 EDT 2010 

Hi,

> I'm setting up a two-machine cyrus cluster using OCFS2 over DRBD. The
> setup is working fine, and I'm now considering the load balancing
> options I have.
> 
> I believe the simplest option would be to simply rely on DNS load
> balancing. However, for this to work, I need to consider what happens
> when one of the cluster nodes fails, regarding the clients which access
> the cluster:
> 
>  - Will IMAP and POP3 clients automatically try the second DNS entry if 
>    connecting to the first one fails?
>  - Will the LMTP client also do this? I'm using the postfix LMTP client 
>    for delivery.
> 
> Does any one have experience with this kind of setup?

I've not done this with Cyrus servers but to make DNS load balancing 
like this "failover safe" there are a couple of solutions.

I guess in DNS you have something like the following:

-----
imap  A a.b.c.x
imap  A a.b.c.y
host1 A a.b.c.x
host2 A a.b.c.y
-----




If you have a couple of spare IPs you can assign things like this instead:

-----
imap  A a.b.c.x
imap  A a.b.c.y
host1 A a.b.c.p
host2 A a.b.c.q
-----

Then use something like wackamole (http://www.backhand.org/wackamole/) 
to ensure that a.b.c.{x,y} are always being listened on by exactly 1 
machine each. a.b.c.{p,q} would be used to admin access to specific 
machines.

This option involves installing and configuring the wackamole software 
on each host.

DNS will give each client an arbitrary IP address. If the server 
listening on that IP address fails wackamole will move the IP from the 
failed host to another. This will cause all the connected clients to 
have to reconnect. New clients that come along whilst a node failure is 
in progress will not experience anything unusual but you might have to 
check the semantics when a new server is added to the pool.




The alternative is to delgate 'imap' as a subdomain in DNS thusly:

-----
imap NS host1
imap NS host2
host1 A a.b.c.p
host2 A a.b.c.q
-----

Then run bind on host1 and host2 to serve the imap zone. On host1 it 
would look like this:

-----
@ A a.b.c.p
-----

and on host2 it would look like this:

-----
@ A a.b.c.q
-----

You should set appropriately short TTLs on imap and the delegated zone.

This will mean that each client will randomly resolve to one of the 
machines. When a machine is down its DNS server will also be down so the 
lookup will timeout in the client's resolver and it will try the other 
NS servers listed in turn until it gets a server that will give it an A 
record.

In failure cases existing clients will wobble for a bit until their 
cache expires and then the connections will have to be reestablished. 
New clients will just take slightly longer to connect in some situations 
but that will (hopefully) pass mostly unnoticed by the users.








Regards,
@ndy

-- 
andyjpb at ashurst.eu.org
http://www.ashurst.eu.org/
0x7EBA75FF

More information about the Info-cyrus mailing list