Load Balancing & Failover Question

I am relative newbie to routing & networking

I am trying to use a debian box for load balancing & failover.

I found this guide which lays down the steps -
http://www.linuxquestions.org/linux/...onfiguration_0

It seems to be a nice & simple guide, but I have a few questions.

1)The failover seems to be accomplished by using the gc_timeout parameter
- by setting it to a low value like 10. Won't this cause the route caches
to be destroyed & reacreated every 10 seconds - i.e won't this be rather
inefficient?

2) The guide has some stuff common to the guide published at lartc site.
http://lartc.org/howto/lartc.rpdb.multiple-links.html
However, there are significant differences. The lartc guide adds entries
to the the rt_tables & routes based on those - is that not neccessary.

3) I am a little confused about dns servers in the whole scenario. Many a
times a DNS Server can be used only when you are connected through a
particular ISP - i.e. it's the ISP's private DNS Server. So what do we do
in the load balancing/failover case to ensure that the DNS query goes to
the right DNS Server?

On Thu, 19 Aug 2010 15:02:08 +0530, habibielwa7id <(E-Mail Removed)>
wrote:

> On Aug 18, 4:51 pm, LinNew <l...@new.com> wrote:
>> I am relative newbie to routing & networking
>>
>> I am trying to use a debian box for load balancing & failover.
>>
>> I found this guide which lays down the steps
>> -http://www.linuxquestions.org/linux/answers/Networking/Linux_Router_C...
>>
>> It seems to be a nice & simple guide, but I have a few questions.
>>
>> 1)The failover seems to be accomplished by using the gc_timeout
>> parameter - by setting it to a low value like 10. Won't this cause the
>> route caches to be destroyed & reacreated every 10 seconds - i.e won't
>> this be rather inefficient?
>>
>> 2) The guide has some stuff common to the guide published at lartc
>> site.http://lartc.org/howto/lartc.rpdb.multiple-links.html
>> However, there are significant differences. The lartc guide adds
>> entries to the the rt_tables & routes based on those - is that not
>> neccessary.
>>
>> 3) I am a little confused about dns servers in the whole scenario. Many
>> a times a DNS Server can be used only when you are connected through a
>> particular ISP - i.e. it's the ISP's private DNS Server. So what do we
>> do in the load balancing/failover case to ensure that the DNS query
>> goes to the right DNS Server?

Thank you for your reply.

Few questions.

> 1-I configured a fail-over capability before between 2 WAN connections
> but using a ping script, So I am not sure if this method the guide
> talked about is better, Anybody tried it may help us and acknowledges
> to us if it's good.

Do you have a daemon script running which uses "ping -I" to check the
gateways
periodically to see which ISP is active & then change the routes?
How frequently does the script check?

What do you ping? Do you ping the interfaces gateway or do you ping some
external server?

> 2-So not to have to do all this manually I used some scripts to help
> me and it worked fine, So I am not sure if the linuxquestions.org's
> guide is sufficient or not.

Ok.

> 3-The DNS lookup facility isn't mandatory on a gateway, If your
> clients have a DNS configured it will be able to resolve and reach the
> Internet, So you will have to configure a DNS on your gateway if you
> have for example an installed cache server or for other reasons, Any
> way you can add 3 or even 4 DNS servers on your gateway so it will be
> like a fail-over DNS servers, Your system wil use the second DNS if
> the first is not available, But from my experience some applications
> will not be able to resolve from the second DNS server if it can't
> reach the first, Any way you may use some public DNS servers that are
> available to any body any where using any ISP, Like for example
> opendns servers, It's fast and very good,
> 208.67.222.222
> 208.67.220.220 or may be something like 8.8.8.8, 4.2.2.1 or 4.2.2.3
> and there are more others.

I tried using OpenDNS in my resolv.conf, but there is some pesky resolver
program running on my box which keeps changing the resolv.conf entries
to point to the ISP specific DNS servers. I have no idea how to stop
this.

Hello,

Lin New a écrit :
>
> I tried using OpenDNS in my resolv.conf,

Beware : OpenDNS servers lie.

> but there is some pesky resolver
> program running on my box which keeps changing the resolv.conf entries
> to point to the ISP specific DNS servers.

If the box is configured with DHCP, the "pesky program" may be the DHCP
client itself. I guess this can be overriden with resolvconf, or in the
DHCP client configuration if it allows it.

habibielwa7id a écrit :
> On Aug 19, 2:45 pm, Pascal Hambourg <boite-a-s...@plouf.fr.eu.org>
> wrote:
>>
>> Beware : OpenDNS servers lie.
>
> -I disagree with you

You can disagree as much as you want, but the fact is OpenDNS servers
mangle replies. It is advertised on their website.

- Query for a non-existent domain on a normal DNS server :

$ host -t a edgjrljcv.wxfxd
Host edgjrljcv.wxfxd not found: 3(NXDOMAIN)

- Same query on an OpenDNS server :

$ host edgjrljcv.wxfxd 208.67.222.222
Using domain server:
Name: 208.67.222.222
Address: 208.67.222.222#53
Aliases:

edgjrljcv.wxfxd has address 67.215.65.132

On Mon, 2010-08-23, habibielwa7id wrote:
> On Aug 22, 3:25*pm, Pascal Hambourg <boite-a-s...@plouf.fr.eu.org>
> wrote:
>> habibielwa7id a écrit :
>>
>> > On Aug 19, 2:45 pm, Pascal Hambourg <boite-a-s...@plouf.fr.eu.org>
>> > wrote:
>>
>> >> Beware : OpenDNS servers lie.
>>
>> > -I disagree with you
>>
>> You can disagree as much as you want, but the fact is OpenDNS servers
>> mangle replies. It is advertised on their website.
....
> -I know from the beginnings of your words last time that this is what
> you meant, If you query anon existent domain on OpenDNS it will give
> you an ip address which will redirect your browser to there
> advertising web page,

I.e. OpenDNS lies, just like he said.

> It's I think the only solution they can make
> money from this free service, Or may they did so to help people with
> an info page that tells them this domain doesn't existent right now or
> has a temporary problem, So it's a good feature may be,

The software making the query is better suited to handle the failure.

Nothing can be better if a name doesn't exist, than to *say* that it
doesn't exist. The economical aspect must be only the reason they're
doing what they're doing.

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .