 |
|
DNS based load balancing ENPAQ supports a full fledged DNS server that can be used for Internet facing DNS queries. One of the significant use case of this DNS server is to provide a link load balance and failover capability. Consider a case where an enterprise has two ISP connections to the Internet. VPN or other users access this location, through the Internet, for server or other application access. Usually, the two ISP public IP addresses will be mapped to a DNS name (specifically an A record) for clients to access the servers through DNS name, rather than IP addresses. Handling link failures Usually, when a client is presented with two IP addresses in response to a DNS query, the client chooses one of them and continues. In the event of a link failure at the server location, the DNS records do not get updated and clients would see a connection failure. The DNS server on the ENPAQ can circumvent this failure scenario and provide robust and intelligent DNS service to clients. Changing public DNS entry The required FQDN (for example: www.elinanetworks.com) is usually configured as an A record on the public DNS server. For the DNS based load balancing to work, the record now has to be changed to a NS record. Refer to the figure below. In the above diagram, in the public DNS server two NS records for www.elinanetworks.com should be configured. These two point to the A records for IP1 and IP2 respectively. Two A records for IP1 and IP2 should be configured, which should point to the two public IPs from the ISPs. In the ENPAQ, two A records should be configured for www, which point to IP1 and IP2 respectively. DNS query flow The client computer requests for the IP address of www.elinanetworks.com from the public DNS server. This query is redirected, transparently, to the ENPAQ. The public DNS server will check automatically on the link that is reachable on the ENPAQ, get the IP address that ENPAQ has assigned to the FQDN and reply back to the client. This flow happens automatically and is completely transparent to the client. Automatic change of IP address based on link status The ENPAQ can be configured to change the DNS records on multiple events. Some of these are the link status, Tx or Rx bandwidth usage (time average can be specified in minutes) and the priority. Assume that the links from the ISPs are with different bandwidths - this means that one ISP can be favoured over the other for the client requests, automatically load balancing the links. TTL (time to live) for DNS queries can also be setup, so that DNS changes are affected at the rate the enterprise chooses.
Fixing security concerns Though the ENPAQ has a full fledged DNS server, it will respond to queries for only the DNS records configured on it. It cannot be, therefore, used as a DNS server for the Internet. Moreover, DNS updates are not accepted, preventing DNS poisoning attacks. Conclusion ENPAQ provides a powerful way to perform incoming load balance on multiple ISP links. For fail safe client access, the authoritative DNS functions can be used. |
