DNS Load Balancer
Objective
This guide provides instructions on how to set up DNS load balancers and apply them to your DNS zones using F5® Distributed Cloud Services. A DNS load balancer is an ingress controller for the DNS queries made to your DNS servers. The DNS load balancer receives the requests and answers with an IP address from a pool of members based on the configured load balancing rules.
Using this service, you can set up DNS load balancer, add load balancer record, load balancing rule, and pools for your DNS zones.
Overview
A DNS load balancer is composed of load balancing rules that specify what should be returned to requesting DNS clients. You can set these rules to take into account the Geo-Location of the request and send an answer pointing to an IP endpoint member of a pool.
Rules are ordered using a score. If a request matches 2 (or more) rules, the rule with the higher score has precedence. The rule with the lower score is considered as “catch all” for DNS requests that do not match any rule (for example, client belongs to a country not matched in any rule).
The DNS load balancer pools can have one or more members (IP endpoints). Healthchecks can be performed against the endpoints, to exclude members who are down or unreachable. Multiple load balancing algorithms are available for the load balancer pools.
A DNS load balancer must be attached to a zone to activate the load balancer. This is achieved by creating a DNS Load Balancer
record inside a zone, and attaching the DNS load balancer to that record.
Prerequisites
The following prerequisites apply:
-
A Distributed Cloud Services Account. If you do not have an account, see Create an Account.
-
A DNS domain for your web application. Obtain a domain from the Internet domain registrar.
-
Name servers for managing your DNS records.
-
Add the IP addresses mentioned here to your firewall or ACL
allow
list:
Configuration
Creating DNS load balancer includes configuring or creating Geo-Location sets, creating load balancer pools, and optionally configuring health checks.
You can create DNS load balancer as part of DNS zone creation or separately create and apply it to an existing DNS zone configuration. This example shows creating DNS load balancer separately and applying to an existing DNS zone. Log into the F5 Distributed Cloud Console and perform the instructions shown in the following chapters.
Create Geo-Location Sets
A Geo-Location Set is a grouping of geographical locations identified using either a selector expression or a predefined global Geolocations. Do the following to create a Geo-Location Set:
Step 1: Navigate to zone management and start adding a Geo-Location Set.
- Click
DNS Management
service on the Console home page.
Figure: Navigate to DNS Management
-
Select
Manage
>DNS Load Balancer Management
>Geo-Location Sets
in the primary navigation menu located on the left side of the page. -
Select
Add Geo-Location Set
. Enter a name in theName
field in the metadata section. Optionally, set labels and add a description.
Step 2: Configure Geolocation properties.
Configure the Geolocation Label Selector
as per the following guidelines:
-
Select
Global Geolocation
to include all predefined Geolocations. This is also populated by default and will include any location. -
Select
Geolocation Selector
to group locations using a selector expression. SelectAdd Label
in theSelector Expression
field and do the following:- Select a key from the drop-down for the
Select Key
field. - Choose an expression from the drop-down for the
Selector Operator
field. - Start typing a value in the
Assign Values
box. Select a value from the drop-down.
- Select a key from the drop-down for the
Figure: Set GeoLocation Selector
Note: To match several countries or cities, do the following:
- Select the
IN
operator.- Select the first country or city of your choice and clear the search.
- Find the second country or city of your choice and select it.
- Repeat for the other countries or cities.
- Select
Apply
.
- Click
Save and Exit
.
Create Health Check
Health check performs periodic inspection of health for each pool member. Do the following to create health check:
Step 1: Start creating a health check object.
-
Select
Manage
>DNS Load Balancer Management
>DNS Load Balancer Health Checks
in the DNS management service page. -
Select
Add DNS Load Balancer Health Check
. -
Enter a name in the
Name
field in the metadata section. -
Optionally, set labels and add a description for the health check.
Step 2: Configure health check and complete creating the health check.
Select an option from the drop-down for Health Check Type
and configure as per the following guidelines:
-
In case of HTTP or HTTPS or TCP or UDP health check choice, do the following:
-
Enter a value for the
Send String
field to send this string in the request to the target. -
Enter a value for the
Receive String
field to receive this string in the response from the target. This response indicates that the member is healthy. -
Enter a value for the
Health Check Port
to set the port for performing health checks. You can also use theCommon Values
option and select from a predefined list of ports. -
Select
Save and Exit
.
-
-
In case of ICMP health check choice, select the ICMP health check and select
Save and Exit
.
This example creates HTTP health check.
Figure: HTTP Health Check
Note: The health monitor interval is 30 seconds and the timeout value is 90 seconds (i.e. 3x30 seconds). If an endpoint is identified as down, it will be marked as up as soon as it starts to respond correctly again. Configuring health monitor interval and timeout values is currently not supported.
Create DNS Load Balancer Pool
Do the following to create a group of members:
Step 1: Start creating a pool.
-
Select
Manage
>DNS Load Balancer Management
>DNS Load Balancer Pools
in the DNS management service page. -
Select
Add DNS Load Balancer Pool
. -
Enter a name in the
Name
field in the metadata section. -
Optionally, set labels and add a description for your pool.
Step 2: Configure pool members.
-
Select an option for the
Pool Type
field and useAdd Item
button to open pool member configuration page. -
Enter an IP address in the
Public IP
field. -
Enter a name for this pool.
-
Enter values for the
Load Balancing Ratio
andLoad Balancing Priority
fields. The values 1 and 10 are populated by default for these fields respectively.
Note: The ratio and priority determine how the load balancing happens when the load balancing mode is based on the ratio and priority. The mode is set in subsequent steps.
Figure: DNS LB Pool Endpoint
- Select
Apply
.
Note: You can use
Add Item
button to add more than one member.
Step 3: Configure health check.
-
Select
Enable Health Check
for theDNS Load Balancer Health Check
field. -
Select a health check object from the drop-down of the
Enable Health Check
field. You can also use theAdd Item
option in the drop-down to create a new health check object and apply to pool type settings.
Note: The healcheck is disabled by default and in this mode, all pool members are assumed to be healthy.
- Optionally, enter a value for the
Maximum Answers
field to set the maximum number of resource records included in the responses.
Step 4: Configure load balancing mode and TTL.
The Static Persist load balancing method uses the persist mask, with the source IP address of the Local Domain Name Sever (LDNS), in a deterministic algorithm to send requests to a specific pool member. If the DNS resolver passes ECS (EDNS-Client-Subnet) information, then a hash of it will be used, to send the client to the same pool member.
-
Select a choice from the drop-down for the
Load Balancing Mode
field as per the following guidelines:- Select
Round-Robin
to enable equal distribution of load among the pool members. - Select
Ratio-Member
to distribute requests based on the ratio set to pool members. - Select
Statc-Persist
to distribute requests persistently to specific members. Using this, when a request is answered by a member, subsequent such requests are persistently forwarded to that member. - Select
Priority
to distribute requests based on the priority assigned to pool members. Lower number for the priority field for a member means higher priority for that member.
- Select
Figure: DNS Load Balancer Pool Settings
-
Select a Time-To-Live (TTL) choice for the
TTL
fied as per the following guidelines:- Select
Use RRSet TTL
to use the TTL value set in the load balancer record associated with this pool. - Select
TTL
to enforce a custom TTL and enter a value in seconds in theTTL(s)
field. It is recommended you use a lower value for this setting.
- Select
Step 5: Complete creating the load balancer pool.
Select Save and Exit
to complete creating the pool.
Create DNS Load Balancer
Do the following to create DNS load balancer:
Step 1: Start creating a DNS load balancer.
-
Select
Manage
>DNS Load Balancer Management
>DNS Load Balancers
in the DNS management service page. -
Select
Add DNS Load Balancer
. -
Enter a name in the
Name
field in the metadata section. -
Optionally, set labels and add a description for your load balancer.
Step 2: Configure record type and load balancing rules.
-
Select an option for the
Record Type
field. -
Select
Configure
for theLoad Balancing Rules
field to open the load balancing rules page and use the+ Add Item
button on the page to start adding a rule. -
Select
Client Selection
drop-down option for theGeo Location Selection
, and configure as per the following guidelines:- Select
Geo Locations by label selector
and SelectAdd Label
in theSelector Expression
field. Select a key from the drop-down for theSelect Key
field, choose an expression from the drop-down for theSelector Operator
field. Start typing a value in theAssign Values
box and select a value from the drop-down. - Select
Geo Location Set selector
and select a Geo-Location set from the drop-down of the selector field. You can also use theAdd Item
button to create a new Geo-Location set and apply it to the rule. - Select
ASN List
and enter an ASN value in theAS Numbers
field. You can add more than one ASN usingAdd Item
option and also drag and drop the row entries to change the ASN match order. - Select
BGP ASN Sets
and select or create new BGP ASN sets from the drop-down. You can add more than one BGP ASN set using theAdd Item
option and also drag and drop the row entries to change the ASN match order. - Select
IP Prefix List
and select+ Add Item button
forIPv4 Prefix List
andIPv6 Prefix List
sections to enter prefixes. - Select
IP Prefix Sets
and select or create new IP Prefix sets from the drop-down. You can add more than one IP Prefix set using theAdd Item
option and also drag and drop the row entries to change the IP Prefix match order.
- Select
-
Select
Use DNS Load Balancer pool
for theAction
field and select a pool from the drop-down. -
Select
Use DNS Load Balancer pool
drop-down menu. You can also use theAdd Item
button to create a new pool and apply it to the rule. -
Optionally, enter a
Score
for this rule. When a number of rules match a specific query, rule with the highest score is used to process the query. -
Select
Apply
to add the rule to the list of rules.
Figure: DNS Load Balancer Rule Settings
Note: You can use
Add Item
button to add more than one rule.
- Select
Apply
button to add rules to the load balancer configuration.
Step 3: Configure response cache settings.
Select an option for the Response Cache Parameters Choice
and configure as per the following guidelines:
-
Select
Disable Response Cache
to disable caching of response. -
Select
Default Response Cache Parameters
to apply default settings for response caching. -
Select
Response Cache Parameters
to apply custom caching and do the following:- Enter a value for
Length of IPv4 CIDR masks
to group IPv4 clients into subnets. - Enter a value for
Length of IPv6 CIDR masks
to group IPv6 clients into subnets. - Enter a value for
TTL(s)
to set TTL value for response cache. The cache gets cleared and responses are recomputed after the expiry of TTL.
- Enter a value for
Note: Exercise caution when using IP prefix load balancing rules in conjunction with the Response Cache. For example, if prefix list has CIDR with /28 subnet mask and response cache parameters has subnet mask as /24 then the response cache would be used even if the src prefix doesn't match the rule.
Figure: DNS Load Balancer Settings
- Optionally. add a fallback pool by selecting a pool from the
Fallback Pool
field. If no pool matches, then this pool will be the fallback pool.
Step 4: Complete creating the load balancer.
Select Save and Exit
to complete creating the pool.
Add DNS Load Balancer to DNS Zone
After creating a DNS load balancer, it is required that you add the load balancer record to a DNS zone.
Note: Subdomains are not supported for DNS load balancer record names. In case you want to use a subdomain, create another DNS zone with the subdomain included in the zone name and add the load balancer record to that zone.
Step 1: Navigate to zone management and start adding a zone.
-
Select
DNS Zone Management
option in the primary navigation menu located on the left side of the page. -
Select
...
>Manage Configuration
for your zone object among the list of displayed zones. -
Select
Edit Configuration
located on the top right in the manage configuration page.
Step 2: Add load balancer record for the resource records.
-
Go to
Resource Record Sets
section and clickAdd Item
. The resource record sets configuration form opens. -
Enter a value for the
Time to live
field. -
Select
DNS Load Balancer
for theRecord Set
field, enter your record name in theRecord Name
field, and set the fields as per your record type selection. -
Select a DNS load balancer from the drop-down for the
DNS Load Balancer Record
field. You can also use theAdd Item
button to create a new load balancer and apply. -
Select
Apply
to add the load balancer record to the zone configuration. -
Select
Save and Exit
in the main zone configuration form to save changes to the zone configuration.
Note: You can inspect DNS load balancer status in the
Overview
>DNS Load Balancers
page. However, at any given time, the health status value displayed is valid only for pools currently associated with an active DNS load balancer applied to a DNS zone.You can use the
...
>Disable Object
in theActions
column of any DNS load balancer, pool, and healthcheck objects to disable them in case you want to perform troubleshooting activities. Also, a disabled object can be enabled using the...
>Enable Object
option.
Monitor DNS Load Balancer
- In the
DNS Management
service, clickOverview
>DNS Load Balancer
to see a list of DNS load balancers.
Figure: DNS Load Balancers
- Click the name of the load balancer you want to observe.
Figure: DNS Zone Dashboard
-
Click the
Refresh
button next in the upper right to update the contents of the dashboard. -
The
Health
section shows the overall health of the load balancer. -
The
Pools Overview
section provides overview health information for the pools in the load balancer. -
The
Pools
list provides some details for each pool.- Enter a string into the
Search
field to only show pool names containing that string. - Click the gear icon ( ⚙ ) to change the columns shown in the pools table.
- Click on a column name to sort the table by that column.
- Hover over a column name to see the drag icon ( ⠿ ). Click and drag the icon to move the column.
- Click on a pool name to get health information for individual members (IP endpoints) in that pool.
Figure: Pool Member Health
- Enter a string into the
Note: Health checks are triggered every 30s.
- A pool member will be marked as unhealthy only when the third check fails.
- A pool member will be marked as healthy upon the first successful health check. In both cases, visibility will be reflected in the Console 60 to 90 seconds later.
See the following table for expected time taken for pool events:
Member | Remove from Pool | Added to Pool | Console Reflection |
---|---|---|---|
Unhealthy | 1m 30s | N/A | 2m 30s to 3m |
Healthy | N/A | 30s | 2m to 2m 30s |