-
dandan
I have a question about DNS SRV setup for xmpp server for a cluster of XMPP servers. Anyone able to help?
-
Link Mauve
dandan, ask your question, if someone can answer they’ll do so.
-
Link Mauve
They can’t if you don’t ask.
-
dandan
Sure, Thanks.
-
dandan
The question is that I have a cluster of 2 nodes (very simple) deployed on AWS.
-
dandan
I have setup DNS SRV records correctly (hopefully) for all servers.
-
dandan
Now the question is that in case I do not use a load balancer for my servers, to what address should my clients connect to?
-
dandan
For instance if my configuration is as below: 0 5 5223 server1.mydomain.com 0 5 5223 server2.mydomain.com for _xmpps-client._tcp.mydomain.com then to what address should my clients connect?
-
dandan
should they connect to server1.mydomain.com or server2.mydomain.com?
-
Zash
yes
-
Zash
they should pick one of them with about 50/50 chance
-
dandan
Yes but that would be up to the client then and different from what load balancer is.
-
Zash
yes
-
dandan
As far as I have understood, these records are supposed to do the work of load balancer.
-
Zash
but what you pasted amounts to 50/50 load balancing
-
Link Mauve
dandan, without any software required in front of your server.
-
dandan
What do you mean Link Mauve?
-
dandan
Ah sure. Yes. I mean no load balancing will be needed in that case. But how the client should decide what server to choose? The client has no idea about the load.
-
Zash
dandan: if you want more control then use a load balancer
-
Link Mauve
dandan, it will pick one at random, throw a coin, and go for that one.
-
moparisthebest
The client literally flips a coin
-
Link Mauve
flip*, that’s the word.
-
Link Mauve
Thanks. ^^
-
dandan
Ok then. I see.
-
Zash
but if it for whatever reason can't establish a connection to the chosen one it should try the other
-
dandan
I see. Well is it really realiable? I mean a NLB seems to be a better solution, or?
-
Zash
No idea what "NLB" is
-
dandan
Network Load Balancer
-
Zash
It's up to you
-
Zash
more moving parts etc
-
dandan
If this is totally random by the client side, so why the wight is decided on the server side in DNS record?
-
moparisthebest
dandan: refer to the algorithm here https://tools.ietf.org/html/rfc2782
-
dandan
I mean 50%, 30%, etc.
-
Zash
dandan: that's what the second number is
-
Link Mauve
dandan, because the administrator might have provisioned different size of servers.
-
Link Mauve
So they prefer clients to flip a four-faced coin and go 25% of the time to one physical server, 75% of the time to another one.
-
Link Mauve
Or any other possible combinaison.
-
Zash
dandan: in your example you have 5 and 5 as weight. so each entry should have a 5/10 = 50% chance of being selected first
-
dandan
Yes I know. This is an example.
-
dandan
OK. Then so if I have 4 servers of shared load of 50%, 30% and 20% then I should flip a dice of 3 sides with respective probabilities?
-
Zash
if you set up SRV records like that, yes
-
dandan
OK thanks. One more question if you don't mind.
-
dandan
Is it OK not to set DNS SRV records and just go for load balancer?
-
Zash
of course
-
Zash
altho for xmpps you do need them
-
dandan
I am asking because for instance Openfire will complain when DNS SRV records are not set.
-
Link Mauve
For normal _xmpp-client record (non-xmpps), you need either a SRV record or a A record, if the user will only ever connect to a single server (or load-balancer).
-
Guus
Openfire will warn, but will operate fine.
-
Link Mauve
You can set both but the end result will be identical.
-
dandan
Yes I have observed that it work as it should but I was wondering if this is recommended to set DNS SRV records or not.
-
dandan
Yes sure. The result will be identical as you said.
-
Link Mauve
You only need a SRV record if you plan to use xmpps (XEP-0368), or if you want to use the inherent “load” balancing SRV provides with multiple records.
-
Guus
or if you want to run a cluster
-
dandan
I run a cluster.
-
Guus
or if you run on a server for which the host name doesn't match the XMPP domain name
-
Zash
or if you wanna use a non-standard port or point at a different machine/A record
-
dandan
and want it to be scalable.
-
Zash
(what Guus said)
-
Guus
generally, DNS SRV records are good.
-
Guus
Openfire should give you concrete examples of DNS SRV records suitable for your instance.
-
Zash
dandan: If I were you I'd worry about using a separate load balancer later if it turns out you need one
-
Guus
but a general grasp of the concept is good to have, so that you can make informed decisions.
-
dandan
Yes I know. But I mean if I use a load balancer then I don't need to set DNS SRV records that are recommended by Openfire.
-
Zash
It's easy to change DNS
-
moparisthebest
dandan: what's the point of a cluster if you put a single point of failure load balancer in front?
-
Guus
(capacity, probably)
-
dandan
Well, I might be wrong, but by having a cluster I will be able to have fail-over config and scale the system.
-
Guus
dandan, it won't fail over a failing loadbalancer.
-
moparisthebest
He said AWS, isn't it cheaper to run 1 big server vs 2 small?
-
dandan
The load balancer in AWS AFAIK is not a single point failure system since the load balancer itself will be scaled. I might be wrong though.
-
Guus
Oh, I dropped in half way through the conversation - I missed that.
-
Link Mauve
Fail-over is also definitely possible with SRV records, if the coin flipped by the client leads it to a dead end^Wserver, it will fallback to the other one(s).
-
Guus
but yeah, DNS SRV records are less complex by an order of magnitude
-
Guus
that's generally good.
-
Guus
a lot cheaper too, presumably
-
Zash
you can have 1 5 5222 first-choice.example.com 2 5 5222 second-choice.example.com etc
-
moparisthebest
dandan: are you running them both in the same AWS datacenter too?
-
dandan
Yes Zash?
-
dandan
Then choose randomly between them?
-
dandan
Yes mopasisthebest.
-
moparisthebest
dandan: so single point of failure again
-
Zash
dandan: no, they get tried in order of the priority (first number)
-
moparisthebest
Whole AWS datacenters fail often
-
Guus
dandan i suggest you read up on DNS SRV. They're pretty versatile, and easy to work with. You can always invest in load balancers if you feel that DNS SRV doesn't suit your needs.
-
dandan
Thanks Guus.
-
Guus
wikipedia comes with a handy example
-
Guus
Ok, I'm off to bed
-
dandan
Zash the question is that how the client will know that for instance the first server is loaded and chose the second one?
-
Zash
dandan: it doesn't
-
Zash
dandan: it sorts the records by priority and if there are multiple with the same priority it'll shuffle them and pick by weight. if the connection fails it removes that one and tries the whole thing again (roughly)
-
Zash
the RFC moparisthebest linked explains how it works, I recommend you read it
-
Zash
and as I said, if you need more control then use a load balancer
-
moparisthebest
But you probably don't, and regardless don't run all your services in the same DC if you are after reliability
-
dandan
Yes you are right.
-
dandan
I will read the link that moparisthebest sent.
-
Zash
load balancing and high availability at the same time is non-trivial. most xmpp clustering solutions are focused on load balancing afaik
-
dandan
Definitely need to read more about it.
-
dandan
Zash you mean that the clients have knowledge about all servers that a DNS SRV record has been assigned to it?
-
Zash
I don't understand the question
-
dandan
Like your example, a client will also have the list of all serves you listed?
-
Zash
client would query for the SRV records, receive a list
-
dandan
first-choice, second-choice ?
-
Zash
?
-
Zash
If you query for _xmpp-client._tcp.example.com you get an aswer with all the SRV records there
-
dandan
Aha ok. That is what I wanted to know. Is there any special command for querying in XMPP client libraries like Smack for instance or this should be done in other ways?
-
Zash
then it follows the sorting algorithm and tries to connect until it gets a connection or runs out of options
-
Zash
I know nothing of Smack, can't help you with that.
-
dandan
OK. Thanks a lot all of you for your kind help.
-
guus.der.kinderen
Smack does SRV lookup by default
-
guus.der.kinderen
It'll actually warn you if you're connecting to a domain that has no SRV records