DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with...
Transcript of DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with...
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
DNS as an Auto-scaling VNF
March, 2016John Belamaric, Principal Architect
2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● What is DNS?○ DNS = Domain Name System○ Translates domain names (google.com) into IPs (173.194.206.100)
● What is auto-scaling?○ When demand increases, so does capacity○ When demand decreases, so does capacity○ Service IP address never changes during scaling
● What is a VNF?○ VNF = Virtualized Network Function○ A network service provided via a virtual machine○ An “instance” of Network Function Virtualization (NFV)○ Goal of NFV is to reduce or eliminate specialized network boxes○ Replacing them with VNFs
Introduction
3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● DNS is critical infrastructure○ When it fails, everything fails
● DNS is vulnerable to distributed denial-of-service (DDoS) attacks
● Traffic surges increase DNS capacity requirements○ At certain times of day○ During special events or seasonally○ At specific venues (trade shows, stadiums)
Why should we autoscale DNS?
4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● DNS = Domain Name System○ Translates domain names (google.com) into IPs (173.194.206.100)
● UDP-based protocol● Primary Authoritative Server
○ The “master” server with the IPs for a given zone (zone == domain)○ Edits to the zone records are made on the primary server
● Secondary Authoritative Server○ Replicates the primary data○ Still authoritative: it is not just a cache
■ Same administrative control as primary■ There is an NS record for it for the zone
● Caching Server○ Different administrative control than the primary and secondary servers
A mini DNS primer
5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
DNS Basics
6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
1. Primary and secondary DNS servers○ And a way to configure / reconfigure them during scaling○ We will scale secondary DNS
2. Shared IP Address
3. OpenStack Compute and Networking - Nova and Neutron○ To run and connect the VMs
4. OpenStack Telemetry - Ceilometer○ Monitors load○ Alarm on specified load conditions
5. OpenStack Orchestrator - Heat○ Responds to alarms○ Launch and configure VM to handle additional load○ Tear down VM when load decreases
Components for Auto-scaling DNS
7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● Infoblox grid○ Single point-of-control for all servers via the “grid master”○ Primary could be Infoblox, or other server○ Grid master configured with a name server group
■ Defines “primary + list of secondaries”○ In our case:
■ GM is primary■ Replicates to all secondaries in the group
● To add a new secondary server:○ Spin up VM and join grid as a member○ Add member to the name server group○ Grid automatically configures new server with appropriate zones
1. DNS Servers
8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Grid Members
9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Name Server Group
10 | © 2013 Infoblox Inc. All Rights Reserved. 10 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Authoritative Zones
11 | © 2013 Infoblox Inc. All Rights Reserved. 11 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Name Server Records
12 | © 2013 Infoblox Inc. All Rights Reserved. 12 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● Option 1: LBaaS○ OpenStack Load Balancer-as-a-Service
● Pros○ Simple - no need to run routing protocols○ Fully integrated with OpenStack and its orchestration tools○ All software solution requires no special physical gear
● Cons○ Capacity limited by network nodes (DVR does not help)
● Showstopper: Only supports TCP, not UDP!
2. Shared IP: How?
13 | © 2013 Infoblox Inc. All Rights Reserved. 13 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● Option 2: Anycast○ IP Routing method for one-to-nearest routing
● Pros○ No single chokepoint!○ Highly reliable and built into the network○ Actually works best with UDP
● Cons○ Requires appropriate routing infrastructure and configuration○ Requires advertising routes via BGP or OSPF routing protocols
2. Shared IP: How?
14 | © 2013 Infoblox Inc. All Rights Reserved. 14 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● Option 3: Physical Load Balancer● Pros
○ Relatively simple - no need to run routing protocols● Cons
○ Capacity limited by load balancer○ Needs to be reconfigured on scale up or down○ Needs special physical gear
● But...I happened to have an old one sitting in my lab...
2. Shared IP: How?
15 | © 2013 Infoblox Inc. All Rights Reserved. 15 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● Chosen for simpler demo○ No need to setup routing infrastructure and protocols
● But how do you automatically reconfigure the LB?○ In theory LBaaS can do this
■ Lack of UDP support is in API as well as reference implementation○ Infoblox NetMRI
■ Execute CLI scripts against network devices■ Jobs can be initiated via a Heat resource
2. Shared IP: Physical Load Balancer
16 | © 2013 Infoblox Inc. All Rights Reserved. 16 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Load Balancer Pool - Before Auto-scaling
17 | © 2013 Infoblox Inc. All Rights Reserved. 17 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● OpenStack Nova and Neutron
● Ideally○ Run DVR to avoid network node bottleneck○ Spread load across availability zones○ Spread load across regions
● Lab has only one availability zone and region
● Lab is running legacy routers not DVR
3. Compute and Networking
18 | © 2013 Infoblox Inc. All Rights Reserved. 18 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Autoscale Project Network Topology
19 | © 2013 Infoblox Inc. All Rights Reserved. 19 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
So, we still need:- 4. Telemetry- 5. Orchestration
Our story so far...
20 | © 2013 Infoblox Inc. All Rights Reserved. 20 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
4. OpenStack Telemetry - Ceilometer
● Periodically polls the cloud and takes measurements
● Custom meters leverage SNMP on Infoblox appliances
● DNS queries-per-second (QPS)
● Polls from host network space
○ Floating IPs required
21 | © 2013 Infoblox Inc. All Rights Reserved. 21 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Ceilometer CLI - Sample List - No Activity
22 | © 2013 Infoblox Inc. All Rights Reserved. 22 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Generate Load
23 | © 2013 Infoblox Inc. All Rights Reserved. 23 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Ceilometer CLI - Sample List - With Activity
24 | © 2013 Infoblox Inc. All Rights Reserved. 24 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Ceilometer CLI - Alarms
25 | © 2013 Infoblox Inc. All Rights Reserved. 25 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● Manages “stacks”○ Declarative set of inputs, resources, and outputs○ Captured in a YAML file○ Lifecycle: Create, Update, Delete○ Resource lifecycle mirrors stack lifecycle
● autoscale.yaml defines○ Autoscaling Group: members defined by autoscale-member.yaml○ Ceilometer Alarms: Criteria and action definition○ Scaling Policies: Specific action behavior for alarms
● autoscale-member.yaml defines○ Nova servers, ports, floating IPs for new members○ Gridmaster configuration for new members
■ Member pre-provisioning (GM can expect a member to join)■ Member licensing■ Member name server group entry
5. OpenStack Orchestration - Heat
26 | © 2013 Infoblox Inc. All Rights Reserved. 26 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Heat Stacks - Before Scaling
27 | © 2013 Infoblox Inc. All Rights Reserved. 27 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Heat Stack - autoscale
28 | © 2013 Infoblox Inc. All Rights Reserved. 28 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Heat Stack - autoscale
29 | © 2013 Infoblox Inc. All Rights Reserved. 29 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
FinalArchitecture
30 | © 2013 Infoblox Inc. All Rights Reserved. 30 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Where were we….oh, yeah, “scale up alarm”
31 | © 2013 Infoblox Inc. All Rights Reserved. 31 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Heat Stack - Member Group During Scaling
32 | © 2013 Infoblox Inc. All Rights Reserved. 32 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Instances During Scaling
33 | © 2013 Infoblox Inc. All Rights Reserved. 33 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Instance Console - During Scaling
34 | © 2013 Infoblox Inc. All Rights Reserved. 34 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Grid - During Scaling
35 | © 2013 Infoblox Inc. All Rights Reserved. 35 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Load Balancer - During Scaling
36 | © 2013 Infoblox Inc. All Rights Reserved. 36 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
A few minutes later...
37 | © 2013 Infoblox Inc. All Rights Reserved. 37 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Nova - After Scaling
38 | © 2013 Infoblox Inc. All Rights Reserved. 38 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Project Topology - After Scaling
39 | © 2013 Infoblox Inc. All Rights Reserved. 39 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Name Server Group - After Scaling
40 | © 2013 Infoblox Inc. All Rights Reserved. 40 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Grid - After Scaling
41 | © 2013 Infoblox Inc. All Rights Reserved. 41 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Load Balancer - After Scaling
42 | © 2013 Infoblox Inc. All Rights Reserved. 42 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
Lower load per VM...and no more alarm!
43 | © 2013 Infoblox Inc. All Rights Reserved. 43 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL
● Scripts and Code For this Demo○ https://github.com/infobloxopen/engcloud/tree/master/dns-vnf
● OpenStack, Heat, Ceilometer and LBaaS○ Search Amazon “OpenStack Cloud Application Development”○ http://www.amazon.com/OpenStack-Cloud-Application-Development-Adkins/dp/1119194318○ Autoscaling example using LBaaS in Chapter 6
● Adding Custom Ceilometer Meters○ https://www.packtpub.com/books/content/adding-custom-meter-ceilometer
● Adding Custom Heat Resources○ https://www.packtpub.com/books/content/building-custom-heat-resources
● OpenStack and SDN○ https://www.packtpub.com/books/content/openstack-and-software-defined-networking-0
More Info and Resources