North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: DNS Based Load Balancers

  • From: David Temkin
  • Date: Mon Jul 03 13:08:12 2006



> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On 
> Behalf Of Paul Vixie
> Sent: Monday, July 03, 2006 12:09 AM
> To: [email protected]
> Subject: Re: DNS Based Load Balancers
> 
> 
> > The problem being that most of what you linked to below is 
> either A) 
> > out of date, or B) the only way to get proximity based load 
> balancing 
> > (GSLB type stuff) with them is with DNS tricks. =20
> 
> "most of", huh?  let's have a looksie.
> 
> > Breaking it down in order:
> > 
> >  The IBM solution hasn't been updated since 1999.  It also seems 
> > relatively proprietary.
> 
> the ibm white paper i referred you to was writteh in 1999.  
> websphere is quite current, and its implementation of GSLB 
> functionality has been updated plenty since 1999.  and the 
> competitors james baldwin said he was eval'ing (cisco, f5) 
> are certainly patent-holders offering proprietary solutions.
> 
> >  The Cisco solution relies on either doing HTTP redirects (which is 
> > useless if you're not doing HTTP) or DNS.  =20
> 
> james baldwin said he was using the cisco solution today, so 
> clearly HTTP is the main target.  i can't think of a protocol 
> requiring GSLB that isn't HTTP based (either web browsing or 
> web services).  FTP just isn't a growth industry and the 
> transaction processing systems i know of (the ones that 
> aren't based on HTTP, that is) have GSLB hooks built into them.
> 
> IOW, either you can do GSLB with session redirects, or you 
> don't need GSLB.
> 
> >  Both Foundry and Radware rely 100% on DNS to do their 
> GSLB.  You can do
> > local load balancing on both boxes   	without, however.
> 
> did you read the same radware white paper i did?  in
> 
> 	http://www.radware.com/content/products/library/faq_wsd.pdf
> 
> it says that they can do session level redirects.  so, less 
> than 100% of radware is dns.  i can see that i misread the 
> foundry whitepaper i ref'd (perhaps we both saw most readily 
> that data which fit our preconceptions?)
> 
> >  The last link is an outdated thesis paper that makes 
> reference moreso 
> > to local load balancing and not global.
> 
> why is it "outdated"?  as a survey of the desired 
> functionality it's still pretty good background.  no new GSLB 
> has been invented since then, surely?
> 
> > It seems that in lieu of a real, currently produced 
> solution, the only 
> > option is presently DNS to meet the requirements.  Others 
> have sent me 
> > off-list stuff they're working on, but none of it's ready for prime 
> > time. =20
> 
> well, i see that fezhead is dead.  but 3-party TCP is alive and well:
> <http://www.cs.bu.edu/~best/res/projects/DPRClusterLoadBalancing/>.
> 
> see also <http://www.tenereillo.com/GSLBPageOfShame.htm>
> and      <http://www.tenereillo.com/GSLBPageOfShameII.htm>.
> 
> the references sections of those last three are particularly 
> informative.
> --
> Paul Vixie
> 



Without getting into a massive back and forth, I just want to make 3
points:

1) Websphere is proprietary to IBM and requires their servers.  It's not
scalable to other applications. It's also not targeted to the same
market as, say, F5.

2) There are definitely protocols that require GSLB that aren't HTTP.
Off the top of my head: RTSP/MMS, VoIP services.  I'd say that, at the
very least, VoIP protocols are the killer app for GSLB moreso than HTTP.
Surely the internet isn't only the web, right?

3) TCP-redirect solutions, such as the Radware one you pointed out, do
not work in large scales.  Have you ever met anyone who's actually
implemented that in a large scale?  The solution they point to they
don't even sell anymore (the WSD-DS/NP).  If you talk to their sales,
they'll point you at the DNS based solution because they know that doing
Triangulation is a joke.  Triangulation and NAT-based methods both
crumble under any sort of DoS and provide no site isolation.


Pete Tenereillo's papers are interesting, but they're also slanted and
ignore other implementation methods of DNS GSLB.  How about handing out
NS records instead of A records?   That's an method that would make
large parts of his papers irrelevant. 

My main point here is that each solution has it's evils, and when faced
with a choice, he needs to evaluate what method works best for him.
Anyone could just as easily say that Triangulation and NAT are a hack
just the same as GSLB DNS is a hack.   Akamai and UltraDNS will actually
sell you GSLB without even buying localized hardware to do it - are
these bad services, too?  Patrick said it best: Just in case we like to
decide things for ourselves.

-Dave