[f-nsp] dns keepalive checks on "unknown" ports
David J. Hughes
bambi at Hughes.com.au
Thu Nov 11 16:55:24 EST 2004
A better idea for aliased ports is to associate them with a
master port. If you have X aliased ports then you are generating
X + 1 healthchecks (if you could get them to work in your setup
that is :). This is not only an excessive load but also provides
a window during which 1 VIP may believe a real server is fine
while another knows it's failed a healthcheck.
If you associate the aliased port with a master port then it
just uses the current state of the master port without re-testing
the service's health. You can set it up using something like
the following fragment.
---
server port 1110
connection-log all
session-sync
tcp keepalive 5 3
tcp keepalive use-master-state
---
In this situation, port 1110 is an alias to 110 and is bound using
a "no port 110 translate" on the VIP. Works like a charm.
David
...
On 12/11/2004, at 4:48 AM, Michael Renner wrote:
> Hi,
>
> I currently have a "Many-to-one" setup [1] on a Foundry ServerIron XL
> running 07.4.00T12, with 2 virtual servers pointing to 3 real servers,
> but I'm not able to enable keepalive on the "aliased" port as
> suggested in the documentation [2].
>
[ ..... ]
>
> ---
>
> server port 53
> udp keepalive 3 2
>
> server port 153
> udp keepalive 3 2
> udp keepalive protocol 53
>
> server real www1 1.1.1.1
> port 153
> port 153 keepalive
> port dns
> port dns keepalive
> port dns addr_query "www.domain.com"
>
> [repeat for www2 and www3]
>
> server virtual a.ns.domain.com 1.2.1.1
> port dns
> bind dns www1 dns www2 dns www3 dns
>
> server virtual b.ns.domain.com 1.3.1.1
> port dns
> no port dns translate
> bind dns www1 153 www2 153 www3 153
>
> ---
More information about the foundry-nsp
mailing list