Application and service delivery with the Elfiq idns module



Similar documents
How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

How to Configure Split DNS

How to set up the Integrated DNS Server for Inbound Load Balancing

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

How to Add Domains and DNS Records

- Domain Name System -

DNS based Load Balancing with Fault Tolerance

Copyright

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

LinkProof DNS Quick Start Guide

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Elfiq Link Balancer (Link LB) Quick Web Configuration Guide

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager

Configuring an External Domain

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

Global Service Loadbalancing & DNSSEC. Ralf Brünig Field Systems Engineer r.bruenig@f5.com DNSSEC

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

White Paper. Complementing or Migrating MPLS Networks

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

Layer-2 Design: Link Balancers Simplified

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

How To Guide Edge Network Appliance How To Guide:

Configuring a Domain to work with your Server

HUAWEI OceanStor Load Balancing Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services (5 days)

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Elfiq Link Load Balancer Frequently Asked Questions (FAQ)

Network Working Group. Category: Best Current Practice S. Bradner Harvard University M. Patton Consultant July 1997

ECE 4321 Computer Networks. Network Programming

Application Note. Cell Janus Load Balancing Algorithms Technical Overview

The Use of DNS Resource Records

Voice over IP Networks: Ensuring quality through proactive link management

WAN Traffic Management with PowerLink Pro100

Business Continuity. Proactive Telecom Strategies for Decision Makers

Contents. Load balancing and high availability

Understanding DNS (the Domain Name System)

Network Layers. CSC358 - Introduction to Computer Networks

2 HDE Controller X DNS Server Manual

netkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s)

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

Deployment Guide. Deploying F5 BIG-IP Global Traffic Manager on VMware vcloud Hybrid Service

Networking Domain Name System

The Erado Hosted Messaging Installation Process Erado Hosted Mail Services with Domain Transfer

Global Server Load Balancing (GSLB) Concepts

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Microsoft Exchange Load Balancing. Unique Applied Patent Technology By XRoads Networks

Domain Name System (DNS) Services

cpanel installation guide for CloudFlare certified partners

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router

Configuring WAN Failover & Load-Balancing

Internet Load Balancing Guide. Peplink Balance Series. Peplink Balance. Internet Load Balancing Solution Guide

Domain Name System Server Round-Robin Functionality for the Cisco AS5800

Creating a master/slave DNS server combination for your Grid Infrastructure

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

How do I configure multi-wan in Routing Table mode?

Preliminary Course Syllabus

Configuring DNS. Finding Feature Information

Connection Broker The Leader in Managing Hosted Desktop Infrastructures and Virtual Desktop Infrastructures (HDI and VDI) DNS Setup Guide

F5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution

Remote DNS Cache Poisoning Attack Lab

DNS Pharming Attack Lab

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

DNS + DHCP. Michael Tsai 2015/04/27

Appendix D: Configuring Firewalls and Network Address Translation

Application. Transport. Network. Data Link. Physical. Network Layers. Goal

Citrix NetScaler Global Server Load Balancing Primer:

Monitoring the DNS. Gustavo Lozano Event Name XX XXXX 2015

Introduction to the Domain Name System

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

Key Features of Dynamic Address Objects

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Computer Networks: Domain Name System

Applied Network Services. Janet Services for Resilience. Andrew Davis Network Services Coordinator

CHAPTER ANSWERS IMPLEMENTING, MANAGING, AND MAINTAINING A MICROSOFT WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE

Configuration Example

The Hybrid Enterprise. Enhance network performance and build your hybrid WAN

Application Protocols in the TCP/IP Reference Model

Configuring Citrix NetScaler for IBM WebSphere Application Services

Getting Started with AWS. Hosting a Static Website

Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy

DNS and Interface User Guide

FortiBalancer: Global Server Load Balancing WHITE PAPER

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Managing Name Resolution

Using Webmin and Bind9 to Setup DNS Sever on Linux

CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)

Inbound Load Balance. User Manual

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

Overview Chapter 1: Initial Setup Quick Install Instructions Chapter 2: Interfaces LAN... 7 WAN... 8

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

Lab Organizing CCENT Objectives by OSI Layer

FAQ: BroadLink Multi-homing Load Balancers

netkit lab Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1.

Linking 2 Sites Together Using VPN How To

walkthrough Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1.

Transcription:

Technical White Paper Application and service delivery with the Elfiq idns module For Elfiq Operating System (EOS) version 3.x Document Revision 1.63 June 2012

Table of Contents 1. The IDNS module... 3 1.1 DNS sub-domain requests (internal DNS scenario)... 4 1.2 DNS sub-domain requests (external DNS scenario)... 5 2012 Elfiq Networks 2 www.elfiq.com

1. The IDNS module The key element for the Elfiq Link Load Balancer (Link LB) that will allow it to balance outside traffic for incoming load balancing is to properly manage domain name resolution, or DNS, requests. One of the most fundamental services of internet and IP networks is the DNS service. When accessing an IP service, users and applications will almost always try to access it with a fully qualified domain name, and not through it IP address. Standard DNS servers usually statically map resource records to a single IP address. Although some improvements have been made to allow DNS servers to link a resource record to multiple IP addresses, this will still limit incoming requests to a round robin balancing. The major problem is that DNS servers won t verify the availability of the link before sending DNS resolutions in a round robin balancing. In case of a link failure, this could result in a false unavailable service access attempt. The Link LB, on the other hand, can dynamically answer DNS queries submitted by the client applications according to the balancing algorithms configured for each of the resources, which provides a very high level of flexibility and a much higher level of balancing. The Elfiq Link Load Balancer has an Intelligent DNS module (called IDNS) for incoming load balancing. It monitors all traffic going through the Elfiq Link Load Balancer and watches for incoming DNS requests. When it sees one, the Link LB verifies if it is the right type and if it has a matching entry in its configuration and if it does, it intercepts the request and answers on behalf of the DNS server. The IDNS will intercept the DNS requests only for IP services you need to balance and that are configured with incoming rules. If there are request for services that are not configured in the Link LB, they will simply pass through the Link LB, transparently, and reach your DNS server. Figure1.1: Flowchart of the IDNS facility DNS interception process Public DNS servers can be hosted inside your organization or via your Internet service provider (ISP). Both scenarios are covered in this document. 2012 Elfiq Networks 3 www.elfiq.com

1.1 DNS sub-domain requests (internal DNS scenario) If your public DNS servers for each domain that will have balanced resources are hosted internally, behind the Elfiq Link Load Balancer, no modifications to your DNS servers are needed. They will keep A records pointing to your resource IP addresses on the primary link network. Elfiq LB configuration should be adjusted in order to listen for DNS requests on both links. You should also contact you registrar and ask him to add an NS record pointing to your secondary link. Any query about a balanced resource within your domain will necessarily have to pass through the Link LB to reach your DNS servers. While all DNS queries pass through the Link LB, it will verify if it has an IDNS resource record associated with that DNS query. If it does, it will intercept the query and answer with the appropriate IP address according to the balancing algorithm. This means every DNS query for which you create IDNS resource records will never reach your real DNS server. Should you primary link go down, Elfiq LB will resolve the requested resource through the secondary link. Figure1.2: The DNS request interception process and link selection process 2012 Elfiq Networks 4 www.elfiq.com

1.2 DNS sub-domain requests (external DNS scenario) If your public DNS servers are hosted by an external site, then some changes will need to be performed to the current DNS entries of each of the resources that you want to be balanced by the Elfiq Link Load Balancer. In a typical configuration, each service that you want to provide to the Internet requires an A record DNS entry to resolve its server name to an IP address. This works well when your network is not load balanced and only accessible through one link. In this scenario we want to perform DNS queries and resolve a server name to its IP address on the best available link even in the event of a link failure. Such a resolution is impossible if all the DNS queries are to be answered by the external DNS, since that server has no information on the alternate IPs to give, let alone which link is the best to use. Moreover, because the DNS server is not behind the Link LB, there is no way that the Link LB can intercept those DNS queries before they reach the DNS server, like it is the case when all the DNS servers are hosted internally. In order to resolve this issue, we need to force a redirection of the DNS queries for all resources or services that we want to balance to the Link LB, which will then be able to resolve the hostnames to the desired balanced IP addresses. This is performed by modifying the A records on the external DNS servers for the services that you wish to balance into NS records. Those NS records will be pointing to the Link LB. This enables your external DNS server to delegate the resolution of those specific records to the Link LB, which will now be able to properly resolve the DNS queries according to the balancing methods configured on your Link LB. However, since the Link LB operates at the data link layer (layer 2 of the OSI model) it doesn t have any IP address defined on its interfaces; in this manner it resembles an Ethernet switch or a hub. This means that you cannot send IP packets directly to the Link LB, instead, queries have to be redirected to an IP address in the network segment behind your Link LB. This way, the queries will have to pass through the Link LB unit, and at that point they can be intercepted. No real DNS server has to exist at this address. This IP address will be used in the creation of the IDNS interceptors in your Link LB, so that it knows that it should only intercept DNS queries destined for this virtual DNS server. Let s take a look at the following example, from a BIND DNS configuration, which illustrates how the zone file for your DNS could be configured, should it be hosted on a public DNS server: $TTL 1h example.com. IN SOA ns1.isp.com. hostmaster.isp.com. ( 2005041301 ; serial yymmddxx 1800 ; Refresh 30 min. 3600 ; Retry 1hours 360000 ; Expire 100hours 3600 ) ; Minimum TTL 1 hour 2012 Elfiq Networks 5 www.elfiq.com

; IN NS IN NS ns1.isp.com. ns2.isp.com. www IN A 33.33.33.9 No mention of the Elfiq Link Load Balancer is present in this configuration. There is only an A record of hosts that currently can be resolved: www.example.com Now, let s modify the DNS server to start to balance www.example.com. To do so, as mentioned before, we would have to change the A type record of the www entry, to an NS type record, pointing to a virtual DNS server behind our Link LB. Here is how the new DNS entry for www would look like: www IN NS virtualdns1.example.com. IN NS virtualdns2.example.com. The hostname that you give to this virtual DNS server can be anything you wish, however, the DNS server must know at which IP it can reach it. Therefore, you would need to add another entry, pointing to the IP addresses of the virtual DNS (one IP per link), like the following: virtualdns1 IN A 33.33.33.5 ;Primary Link IP virtualdns2 IN A 44.44.44.35 ;Secondary link IP The same entry needs to be added once per link that you are balancing, pointing to the virtual DNS server of each of those links. This will enable your DNS server to direct the DNS queries of all resources that point to virtualdnsx.example.com to be reached on any of the available virtual DNS server IP addresses, ensuring that queries will always be properly resolved by the Link LB on each of your balanced links. This method ensures, in case of a link failure, that the sub-domain request will always reach the Elfiq Link LB, as long as one link is available, because the external DNS server will try every virtualdnsx IP address to get a DNS resolution for the www.example.com domain resource. This configuration for incoming load balancing ensures to always return an accessible IP address on the best available link for DNS resolution. It solves the issues discussed in the introduction with a basic DNS resource record to multiple IP addresses in round robin. 2012 Elfiq Networks 6 www.elfiq.com

Figure 1.3: Flowchart of the DNS sub-domain request 2012 Elfiq Networks 7 www.elfiq.com

Produced by Elfiq Networks Elfiq Networks is a technology leader and innovator in the field of WAN link management and balancing. With hundreds of successful installations in over 115 countries, Elfiq s Link Balancer products help organizations of any type and size perform more competitively every day with the ability to use multiple Internet and private links easily and securely. For more information on Elfiq Networks products and technologies, please contact: Elfiq Networks 1155 University, #712 Montreal, Quebec, H3A 3A7 Canada Telephone: 888-GO-ELFIQ / 514-667-0611 Internet: www.elfiq.com Email: info@elfiq.com Copyright 2012, Elfiq Networks (Elfiq Inc.). The contents of this document are protected by copyright. Any modification of this document, in any shape or form, is prohibited. Any redistribution, publication or derivation of the contents of this document without written authorization from Elfiq is also prohibited. All rights reserved. All names, trademarks and copyrights are the property of their respective owners. Elfiq registered in the U.S. Patent and Trademark Office 2012 Elfiq Networks 8 www.elfiq.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information