locked
E2013 namespace, unbound and DNS round robin RRS feed

  • Question

  • Hi,

    Just check Ross Smith's blog abuot namespace for E2013. He stated on "Figure 1" that VIPs per DAGs are behind single namespace "mail.contsoso.com" and clients reach those by DNS round robin. Anybody knows the answers for the questions:

    How clients find the other VIP1 if VIP2 is down, but client has got on the responce from the DNS with VIP2's IP?

    Do you need to have one IP per DAG? Would be it be possible to have one VIP only?


    Petri


    • Edited by Petri X Tuesday, January 13, 2015 3:48 PM Replaced: "Figure 2" by "Figure 1"
    Monday, January 12, 2015 2:33 AM

Answers

  • Hi,

    Per my knowledge, the VIP mentioned in the article you provided above isn't the VIP of DAG. This is the VIP of the Load Balancer configured in the organization.

    About figure 2, if it can't be resolved to load balanced VIP2, then user need to be told to use mail.contoso.com, instead of mail2.contoso.com.

    Best regards,

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Belinda Ma
    TechNet Community Support

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:04 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Tuesday, January 13, 2015 6:23 AM
  • mail.contoso.com resolves to multiple IP addresses; one for each load balancer. In this figure, clients will receive both addresses in random order (or a smarter order if your DNS provider supports it) when they resolve mail.contoso.com and try the second if the first fails.

    Yes, you can have only one VIP. However, it will need to direct users to all of your CAS role servers somehow.

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:04 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Tuesday, January 13, 2015 7:12 PM
  • Hi,

    If all CAS servers in the primary site go down, then without the aid of a load balancer the Outlook clients takes some time to time out and then re-establish connectivity to the other VIP address that mail.contoso.com resolves to.

    Best regards,


    Belinda Ma
    TechNet Community Support

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:04 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Wednesday, January 14, 2015 2:11 AM
  • Hi,

    The re-connection is based on TTL value. You can look the following thread:

    https://social.technet.microsoft.com/Forums/exchange/en-US/8381c957-1189-4380-9e05-48f10ec15933/support-dns-roundrobin-for-exchange-2013-clients?forum=exchangesvravailabilityandisasterrecovery

    HLB can detect when a specific Client Access server has become unavailable and remove it from the set of servers that will handle inbound connections, but DNS round robin can't do this.

    Best regards,

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Belinda Ma
    TechNet Community Support

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:04 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Friday, January 16, 2015 2:59 AM
  • If a DNS entry resolves to multiple addresses, and the first address the client tries is dead, the client will retry for the next address. This is the behavior for nearly everything connected to the internet since the early 2000s. But don't take my word for it:

    http://webmasters.stackexchange.com/questions/10927/using-multiple-a-records-for-my-domain-do-web-browsers-ever-try-more-than-one

    This is a recommended way to achieve disaster recovery for your namespace. It is not recommended to achieve fault tolerance of individual servers. A HLB is much faster, though since it is in one place, it isn't exactly resilient to datacenter failure.

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:05 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Monday, January 19, 2015 6:26 AM
  • What datacenter is your HLB in? What will happen when that datacenter fails?

    If you don't care, the HLB is a better solution.

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:05 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Monday, January 19, 2015 7:56 PM

All replies

  • Hi,

    Per my knowledge, the VIP mentioned in the article you provided above isn't the VIP of DAG. This is the VIP of the Load Balancer configured in the organization.

    About figure 2, if it can't be resolved to load balanced VIP2, then user need to be told to use mail.contoso.com, instead of mail2.contoso.com.

    Best regards,

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Belinda Ma
    TechNet Community Support

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:04 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Tuesday, January 13, 2015 6:23 AM
  • Autch... my mistake, I was referring the Figure 1 (which have the round robin). How is the sceario in that case?

    Petri

    Tuesday, January 13, 2015 3:47 PM
  • How are you looking at setting up your environment DAG? How many sites and where are databases going to be located?

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Tuesday, January 13, 2015 4:10 PM
  • mail.contoso.com resolves to multiple IP addresses; one for each load balancer. In this figure, clients will receive both addresses in random order (or a smarter order if your DNS provider supports it) when they resolve mail.contoso.com and try the second if the first fails.

    Yes, you can have only one VIP. However, it will need to direct users to all of your CAS role servers somehow.

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:04 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Tuesday, January 13, 2015 7:12 PM
  • Correct me if I'm wrong, but on the picture Ross says "Round Robin", which means you get one IP now, and depends on your TTL you get the next IP (or same depends on DNS) when TTL is expired.

    When you say "..try the second if the first fails..." that behavior covers all main clients (OL2010/2013, browsers, Lync, etc...?). And how the client can find the other HLB if the TTL is e.g. 5 min?

    "Yes, you can have only one VIP. However, it will need to direct users to all of your CAS role servers somehow."

    Do you know some reasons to not do so, especially in case where HLBs are relative close (<100km) from each others.


    Petri

    Tuesday, January 13, 2015 11:11 PM
  • Something simple, pretty much close to the example picture. Two rooms close to each other (<25 km) with databases on the both places.

    But I still like to focus to the Ross' article, how the client resilience is covered if the DNS is setup to Round Robin. Unless TTL is less than 5 s. But still as all guidelines says, DNS round robin should not covered as a real load balancing.


    Petri

    Tuesday, January 13, 2015 11:15 PM
  • Hi,

    If all CAS servers in the primary site go down, then without the aid of a load balancer the Outlook clients takes some time to time out and then re-establish connectivity to the other VIP address that mail.contoso.com resolves to.

    Best regards,


    Belinda Ma
    TechNet Community Support

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:04 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Wednesday, January 14, 2015 2:11 AM
  • Belinda,

    Do you have more details of this? How long time the time is, which clients are affected: Lync, browsers, Ol2010/2013 etc...

    Would it still be better to let HLB to take care of its own failover, and that way offer unbreakable service for the users?

    I just try to understand the logic of using the Round Robin, that is why I'm asking this :)


    Petri

    Wednesday, January 14, 2015 11:52 PM
  • Hi,

    The re-connection is based on TTL value. You can look the following thread:

    https://social.technet.microsoft.com/Forums/exchange/en-US/8381c957-1189-4380-9e05-48f10ec15933/support-dns-roundrobin-for-exchange-2013-clients?forum=exchangesvravailabilityandisasterrecovery

    HLB can detect when a specific Client Access server has become unavailable and remove it from the set of servers that will handle inbound connections, but DNS round robin can't do this.

    Best regards,

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Belinda Ma
    TechNet Community Support

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:04 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Friday, January 16, 2015 2:59 AM
  • Hi,

    Is there any update on this issue?

    Best regards,

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Belinda Ma
    TechNet Community Support

    Monday, January 19, 2015 1:04 AM
  • If a DNS entry resolves to multiple addresses, and the first address the client tries is dead, the client will retry for the next address. This is the behavior for nearly everything connected to the internet since the early 2000s. But don't take my word for it:

    http://webmasters.stackexchange.com/questions/10927/using-multiple-a-records-for-my-domain-do-web-browsers-ever-try-more-than-one

    This is a recommended way to achieve disaster recovery for your namespace. It is not recommended to achieve fault tolerance of individual servers. A HLB is much faster, though since it is in one place, it isn't exactly resilient to datacenter failure.

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:05 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Monday, January 19, 2015 6:26 AM
  • But Ross had a combination of the HLB and DNS round robin on the figure 1. And I'm hunting the answer: what is the point to have round robin on there?

    Would'n be much more reliable for users to use HLB for sharing the load between servers cross sites? And then use HLB's tecnologies to protect the "mail.contoso.com".

    Also as Abram later told, the DNS LB is also one option (assuming all clients can manage that), better than round robin. But the DNS LB is more riskable, and requires good testing to be sure it is working with all available clients and servers.


    Petri

    Monday, January 19, 2015 10:10 AM
  • What datacenter is your HLB in? What will happen when that datacenter fails?

    If you don't care, the HLB is a better solution.

    • Proposed as answer by Belinda Ma Monday, January 26, 2015 3:05 AM
    • Marked as answer by Belinda Ma Tuesday, January 27, 2015 2:17 AM
    Monday, January 19, 2015 7:56 PM
  • Hi,

    Any update on this issue?

    Best regards,

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Belinda Ma
    TechNet Community Support

    Wednesday, January 21, 2015 1:58 AM