[dns-operations] DNS load-balancing/failover using an ASR 9xxx (few questions)

Warren Kumari warren at kumari.net
Fri Aug 15 16:00:51 UTC 2014

On Thu, Aug 14, 2014 at 6:00 PM, Nat Morris <nat at nuqe.net> wrote:
> On 14 August 2014 18:48, Jake Zack <jake.zack at cira.ca> wrote:
>> In the ASR 9xxx series with IOS XR, the “ipsla” that it has available
>> doesn’t seem to do either TCP connections or UDP DNS queries.  It seems my
>> only real option is to monitor for ICMP reachability and nothing else.
>> Anyone have a better solution?  I’ve considered throwing a wrapper around
>> BIND doing OSPF updates and such…but it seems unideal.

What seems unideal about it? It is a well know and understood
technique, relies only on open and tested core features. I'd suggest
doing BGP instead of OSPF, but much of that is personal preference...

> BGP sessions between the ASR 9xxxx and each DNS server in the cluster,
> ExaBGP running on them announcing their loopback/service /32 + /128
> address(es).

Yup, this also only uses well know, well understood systems - with
anything like the Cisco solution you end up with vendor lock-in - and
are subject to their whims (like what Jake described). ipsla is not
part of their core features and so changes over releases / platforms.
I'm sure they'd be happy to sell you an ACE though :-)

> Health check scripts on each service to probe for service ability,
> retract the announcement upon failure.
> --
> Nat
> https://nat.ms
> +44 7531 750292
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the dns-operations mailing list