You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by salil GK <gk...@gmail.com> on 2018/05/25 16:27:08 UTC
Question about traffic server dns resolution
Hello
I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy. My
deployment is as follows
client -> ATS-1 -> ATS-2 -> "Origin server”
Here between ATS-1 and ATS-2 I have created ssh tunnels and
traffic will be passed through that tunnel, using parent.config.
ATS-1 is opening a MTLS socket to client and "Origin server" is https
I have some questions regarding the capability of ATS.
1. From ATS-2 there will be a dns A query and get the address resolved
before connecting to "Origin Server”
If dns server return 2 or three addresses, is there any way
ATS use the alternative address ( second or third ) in case it fails
to reach first address ? How dns resolution works in ATS, is the dns
functionality embedded in dns or it allow the system to resolve the
address ?
2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
parent.config I have specified these two ATS-2 machines and
round_robin parameters is set to true. From document, I guess the
round_robin will happen if request come from different IP addresses (
? ). All requests come from same IP address will take same parent
machine only. Is there any way I can have round robin in place even
for requests come from same IP address ?
3. Is there any chance that http connection to origin server from
ATS-2 can be made persistent.
4. Since this is multi hop deployment I need to handle error
condition in ATS-1 and ATS-2 gracefully. So based on the HTTP response
code, I would like to put some logic for handling this. For example,
if an error is returned from the origin server, or if there is any
network issue between ATS-2 and origin server, I need to handle it in
ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
Any help on this would be of great help for me.
Thanks
~S
Re: Question about traffic server dns resolution
Posted by Alan Carroll <so...@oath.com.INVALID>.
ATS does support multiple A records. That's what "round robin" means. For
instance, see here -
https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/records.config.en.html#proxy-config-hostdb-strict-round-robin
On Fri, Jun 1, 2018 at 12:37 PM, salil GK <gk...@gmail.com> wrote:
> Thanks Alan for the reply
> So ats doesn't support multiple A records ?
> Is there any technical reason why this feature is not supported ? If not
> it's there any possibility of getting this support done in ats .. I think
> this is a good and common use case for Enterprise servers ?
> Thanks and regards
> ~S
>
> On Fri, Jun 1, 2018, 10:52 PM Alan Carroll <solidwallofcode@oath.com.
> invalid>
> wrote:
>
> > I'll take a look, but the DNS failover is about nameserver failover, not
> > upstream failover.
> >
> > 1) Yes, should be able to set this via the server retry settings. See
> here
> > -
> >
> > https://docs.trafficserver.apache.org/en/7.1.x/admin-
> guide/files/records.config.en.html#proxy-config-http-
> connect-attempts-max-retries
> > - "proxy.config.http.connect_attempts_rr_retries" may be of interest as
> > well.
> >
> > 3) Yes, that should be the default behavior. See here -
> >
> > https://docs.trafficserver.apache.org/en/7.1.x/admin-
> guide/files/records.config.en.html#proxy-config-http-server-
> session-sharing-match
> >
> > On Thu, May 31, 2018 at 6:29 PM, salil GK <gk...@gmail.com> wrote:
> >
> > > Can I get some ad hoc document for the dns failover. This is pretty
> > > much urgent for me for my solution.
> > >
> > > Thanks and regards
> > > ~S
> > >
> > > On 30 May 2018 at 04:45, salil GK <gk...@gmail.com> wrote:
> > > > Thanks Susan for the reply.
> > > >
> > > > Can I get some help on dns failover settings.
> > > > Basically if dns server return multiple A records, how can I setup
> ATS
> > > > to select alternative IP address in case first IP address is not
> > > > accessible.
> > > >
> > > > Thanks
> > > > ~S
> > > >
> > > > On 29 May 2018 at 20:19, Susan Hinrichs <sh...@oath.com.invalid>
> > > wrote:
> > > >> We need to file an issue on getting these documented. Judging from
> > "git
> > > >> blame" . the failover settings have been around for quite a while.
> I
> > > >> cannot help you much with the failover settings, since I haven't
> > worked
> > > in
> > > >> that area.
> > > >>
> > > >> I can help you on some of the other settings since Fei and I have
> been
> > > >> digging through here recently.
> > > >>
> > > >> proxy.config.dns.max_dns_in_flight Controls how many DNS requests
> are
> > > >> allowed to be outstanding. If this limit is reached, further
> requests
> > > will
> > > >> be delayed until some responses arrive. I think this is a per
> thread
> > > limit.
> > > >>
> > > >> proxy.config.dns.lookup_timeout The timeout in seconds on a DNS
> > > request.
> > > >>
> > > >> proxy.config.dns.retries Number of times ATS will retry a DNS
> request.
> > > >>
> > > >> proxy.config.dns.local_ipv4
> > > >> proxy.config.dns.local_ipv6 Specify the source address ATS uses to
> > make
> > > DNS
> > > >> requests. NULL will pull the IP address from the interface
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >> On Mon, May 28, 2018 at 7:34 PM, gksalil@gmail.com <
> gksalil@gmail.com
> > >
> > > >> wrote:
> > > >>
> > > >>>
> > > >>>
> > > >>> On 2018/05/25 16:27:08, salil GK <gk...@gmail.com> wrote:
> > > >>> > Hello
> > > >>> >
> > > >>> > I have a ATS ( 6.2.2 ) deployed in my server for Forward
> proxy.
> > > My
> > > >>> > deployment is as follows
> > > >>> >
> > > >>> >
> > > >>> > client -> ATS-1 -> ATS-2 -> "Origin server”
> > > >>> >
> > > >>> > Here between ATS-1 and ATS-2 I have created ssh tunnels and
> > > >>> > traffic will be passed through that tunnel, using parent.config.
> > > >>> >
> > > >>> > ATS-1 is opening a MTLS socket to client and "Origin server"
> is
> > > https
> > > >>> >
> > > >>> > I have some questions regarding the capability of ATS.
> > > >>> >
> > > >>> > 1. From ATS-2 there will be a dns A query and get the address
> > > resolved
> > > >>> > before connecting to "Origin Server”
> > > >>> > If dns server return 2 or three addresses, is there
> any
> > > way
> > > >>> > ATS use the alternative address ( second or third ) in case it
> > fails
> > > >>> > to reach first address ? How dns resolution works in ATS, is the
> > dns
> > > >>> > functionality embedded in dns or it allow the system to resolve
> the
> > > >>> > address ?
> > > >>> >
> > > >>> > 2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
> > > >>> > parent.config I have specified these two ATS-2 machines and
> > > >>> > round_robin parameters is set to true. From document, I guess the
> > > >>> > round_robin will happen if request come from different IP
> > addresses (
> > > >>> > ? ). All requests come from same IP address will take same parent
> > > >>> > machine only. Is there any way I can have round robin in place
> even
> > > >>> > for requests come from same IP address ?
> > > >>> >
> > > >>> > 3. Is there any chance that http connection to origin server from
> > > >>> > ATS-2 can be made persistent.
> > > >>> >
> > > >>> > 4. Since this is multi hop deployment I need to handle
> error
> > > >>> > condition in ATS-1 and ATS-2 gracefully. So based on the HTTP
> > > response
> > > >>> > code, I would like to put some logic for handling this. For
> > example,
> > > >>> > if an error is returned from the origin server, or if there is
> any
> > > >>> > network issue between ATS-2 and origin server, I need to handle
> it
> > in
> > > >>> > ATS-1 ( logging or try another ATS-2 etc ). How do I achieve
> this ?
> > > >>> >
> > > >>> >
> > > >>> > Any help on this would be of great help for me.
> > > >>> >
> > > >>> > Thanks
> > > >>> > ~S
> > > >>> >
> > > >>>
> > > >>> While searching in the web, I have seen some configuration
> variables
> > > >>> related to dns
> > > >>>
> > > >>> proxy.config.dns.failover_number INT 5
> > > >>> proxy.config.dns.failover_period INT 60
> > > >>> proxy.config.dns.local_ipv4 STRING NULL
> > > >>> proxy.config.dns.local_ipv6 STRING NULL
> > > >>> proxy.config.dns.lookup_timeout INT 20
> > > >>> proxy.config.dns.max_dns_in_flight INT 2048
> > > >>> proxy.config.dns.retries INT 5
> > > >>>
> > > >>> Where do I get the document related to these parameters ?
> > > >>>
> > > >>> This is a bit urgent issue for me to resolve this issue. It would
> be
> > > of
> > > >>> great help if I get some directions on this.
> > > >>>
> > > >>> Thanks in advance
> > > >>> ~S
> > > >>>
> > >
> >
>
Re: Question about traffic server dns resolution
Posted by salil GK <gk...@gmail.com>.
Thanks Alan for the reply
So ats doesn't support multiple A records ?
Is there any technical reason why this feature is not supported ? If not
it's there any possibility of getting this support done in ats .. I think
this is a good and common use case for Enterprise servers ?
Thanks and regards
~S
On Fri, Jun 1, 2018, 10:52 PM Alan Carroll <so...@oath.com.invalid>
wrote:
> I'll take a look, but the DNS failover is about nameserver failover, not
> upstream failover.
>
> 1) Yes, should be able to set this via the server retry settings. See here
> -
>
> https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/records.config.en.html#proxy-config-http-connect-attempts-max-retries
> - "proxy.config.http.connect_attempts_rr_retries" may be of interest as
> well.
>
> 3) Yes, that should be the default behavior. See here -
>
> https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/records.config.en.html#proxy-config-http-server-session-sharing-match
>
> On Thu, May 31, 2018 at 6:29 PM, salil GK <gk...@gmail.com> wrote:
>
> > Can I get some ad hoc document for the dns failover. This is pretty
> > much urgent for me for my solution.
> >
> > Thanks and regards
> > ~S
> >
> > On 30 May 2018 at 04:45, salil GK <gk...@gmail.com> wrote:
> > > Thanks Susan for the reply.
> > >
> > > Can I get some help on dns failover settings.
> > > Basically if dns server return multiple A records, how can I setup ATS
> > > to select alternative IP address in case first IP address is not
> > > accessible.
> > >
> > > Thanks
> > > ~S
> > >
> > > On 29 May 2018 at 20:19, Susan Hinrichs <sh...@oath.com.invalid>
> > wrote:
> > >> We need to file an issue on getting these documented. Judging from
> "git
> > >> blame" . the failover settings have been around for quite a while. I
> > >> cannot help you much with the failover settings, since I haven't
> worked
> > in
> > >> that area.
> > >>
> > >> I can help you on some of the other settings since Fei and I have been
> > >> digging through here recently.
> > >>
> > >> proxy.config.dns.max_dns_in_flight Controls how many DNS requests are
> > >> allowed to be outstanding. If this limit is reached, further requests
> > will
> > >> be delayed until some responses arrive. I think this is a per thread
> > limit.
> > >>
> > >> proxy.config.dns.lookup_timeout The timeout in seconds on a DNS
> > request.
> > >>
> > >> proxy.config.dns.retries Number of times ATS will retry a DNS request.
> > >>
> > >> proxy.config.dns.local_ipv4
> > >> proxy.config.dns.local_ipv6 Specify the source address ATS uses to
> make
> > DNS
> > >> requests. NULL will pull the IP address from the interface
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> On Mon, May 28, 2018 at 7:34 PM, gksalil@gmail.com <gksalil@gmail.com
> >
> > >> wrote:
> > >>
> > >>>
> > >>>
> > >>> On 2018/05/25 16:27:08, salil GK <gk...@gmail.com> wrote:
> > >>> > Hello
> > >>> >
> > >>> > I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy.
> > My
> > >>> > deployment is as follows
> > >>> >
> > >>> >
> > >>> > client -> ATS-1 -> ATS-2 -> "Origin server”
> > >>> >
> > >>> > Here between ATS-1 and ATS-2 I have created ssh tunnels and
> > >>> > traffic will be passed through that tunnel, using parent.config.
> > >>> >
> > >>> > ATS-1 is opening a MTLS socket to client and "Origin server" is
> > https
> > >>> >
> > >>> > I have some questions regarding the capability of ATS.
> > >>> >
> > >>> > 1. From ATS-2 there will be a dns A query and get the address
> > resolved
> > >>> > before connecting to "Origin Server”
> > >>> > If dns server return 2 or three addresses, is there any
> > way
> > >>> > ATS use the alternative address ( second or third ) in case it
> fails
> > >>> > to reach first address ? How dns resolution works in ATS, is the
> dns
> > >>> > functionality embedded in dns or it allow the system to resolve the
> > >>> > address ?
> > >>> >
> > >>> > 2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
> > >>> > parent.config I have specified these two ATS-2 machines and
> > >>> > round_robin parameters is set to true. From document, I guess the
> > >>> > round_robin will happen if request come from different IP
> addresses (
> > >>> > ? ). All requests come from same IP address will take same parent
> > >>> > machine only. Is there any way I can have round robin in place even
> > >>> > for requests come from same IP address ?
> > >>> >
> > >>> > 3. Is there any chance that http connection to origin server from
> > >>> > ATS-2 can be made persistent.
> > >>> >
> > >>> > 4. Since this is multi hop deployment I need to handle error
> > >>> > condition in ATS-1 and ATS-2 gracefully. So based on the HTTP
> > response
> > >>> > code, I would like to put some logic for handling this. For
> example,
> > >>> > if an error is returned from the origin server, or if there is any
> > >>> > network issue between ATS-2 and origin server, I need to handle it
> in
> > >>> > ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
> > >>> >
> > >>> >
> > >>> > Any help on this would be of great help for me.
> > >>> >
> > >>> > Thanks
> > >>> > ~S
> > >>> >
> > >>>
> > >>> While searching in the web, I have seen some configuration variables
> > >>> related to dns
> > >>>
> > >>> proxy.config.dns.failover_number INT 5
> > >>> proxy.config.dns.failover_period INT 60
> > >>> proxy.config.dns.local_ipv4 STRING NULL
> > >>> proxy.config.dns.local_ipv6 STRING NULL
> > >>> proxy.config.dns.lookup_timeout INT 20
> > >>> proxy.config.dns.max_dns_in_flight INT 2048
> > >>> proxy.config.dns.retries INT 5
> > >>>
> > >>> Where do I get the document related to these parameters ?
> > >>>
> > >>> This is a bit urgent issue for me to resolve this issue. It would be
> > of
> > >>> great help if I get some directions on this.
> > >>>
> > >>> Thanks in advance
> > >>> ~S
> > >>>
> >
>
Re: Question about traffic server dns resolution
Posted by Alan Carroll <so...@oath.com.INVALID>.
I'll take a look, but the DNS failover is about nameserver failover, not
upstream failover.
1) Yes, should be able to set this via the server retry settings. See here
-
https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/records.config.en.html#proxy-config-http-connect-attempts-max-retries
- "proxy.config.http.connect_attempts_rr_retries" may be of interest as
well.
3) Yes, that should be the default behavior. See here -
https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/records.config.en.html#proxy-config-http-server-session-sharing-match
On Thu, May 31, 2018 at 6:29 PM, salil GK <gk...@gmail.com> wrote:
> Can I get some ad hoc document for the dns failover. This is pretty
> much urgent for me for my solution.
>
> Thanks and regards
> ~S
>
> On 30 May 2018 at 04:45, salil GK <gk...@gmail.com> wrote:
> > Thanks Susan for the reply.
> >
> > Can I get some help on dns failover settings.
> > Basically if dns server return multiple A records, how can I setup ATS
> > to select alternative IP address in case first IP address is not
> > accessible.
> >
> > Thanks
> > ~S
> >
> > On 29 May 2018 at 20:19, Susan Hinrichs <sh...@oath.com.invalid>
> wrote:
> >> We need to file an issue on getting these documented. Judging from "git
> >> blame" . the failover settings have been around for quite a while. I
> >> cannot help you much with the failover settings, since I haven't worked
> in
> >> that area.
> >>
> >> I can help you on some of the other settings since Fei and I have been
> >> digging through here recently.
> >>
> >> proxy.config.dns.max_dns_in_flight Controls how many DNS requests are
> >> allowed to be outstanding. If this limit is reached, further requests
> will
> >> be delayed until some responses arrive. I think this is a per thread
> limit.
> >>
> >> proxy.config.dns.lookup_timeout The timeout in seconds on a DNS
> request.
> >>
> >> proxy.config.dns.retries Number of times ATS will retry a DNS request.
> >>
> >> proxy.config.dns.local_ipv4
> >> proxy.config.dns.local_ipv6 Specify the source address ATS uses to make
> DNS
> >> requests. NULL will pull the IP address from the interface
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Mon, May 28, 2018 at 7:34 PM, gksalil@gmail.com <gk...@gmail.com>
> >> wrote:
> >>
> >>>
> >>>
> >>> On 2018/05/25 16:27:08, salil GK <gk...@gmail.com> wrote:
> >>> > Hello
> >>> >
> >>> > I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy.
> My
> >>> > deployment is as follows
> >>> >
> >>> >
> >>> > client -> ATS-1 -> ATS-2 -> "Origin server”
> >>> >
> >>> > Here between ATS-1 and ATS-2 I have created ssh tunnels and
> >>> > traffic will be passed through that tunnel, using parent.config.
> >>> >
> >>> > ATS-1 is opening a MTLS socket to client and "Origin server" is
> https
> >>> >
> >>> > I have some questions regarding the capability of ATS.
> >>> >
> >>> > 1. From ATS-2 there will be a dns A query and get the address
> resolved
> >>> > before connecting to "Origin Server”
> >>> > If dns server return 2 or three addresses, is there any
> way
> >>> > ATS use the alternative address ( second or third ) in case it fails
> >>> > to reach first address ? How dns resolution works in ATS, is the dns
> >>> > functionality embedded in dns or it allow the system to resolve the
> >>> > address ?
> >>> >
> >>> > 2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
> >>> > parent.config I have specified these two ATS-2 machines and
> >>> > round_robin parameters is set to true. From document, I guess the
> >>> > round_robin will happen if request come from different IP addresses (
> >>> > ? ). All requests come from same IP address will take same parent
> >>> > machine only. Is there any way I can have round robin in place even
> >>> > for requests come from same IP address ?
> >>> >
> >>> > 3. Is there any chance that http connection to origin server from
> >>> > ATS-2 can be made persistent.
> >>> >
> >>> > 4. Since this is multi hop deployment I need to handle error
> >>> > condition in ATS-1 and ATS-2 gracefully. So based on the HTTP
> response
> >>> > code, I would like to put some logic for handling this. For example,
> >>> > if an error is returned from the origin server, or if there is any
> >>> > network issue between ATS-2 and origin server, I need to handle it in
> >>> > ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
> >>> >
> >>> >
> >>> > Any help on this would be of great help for me.
> >>> >
> >>> > Thanks
> >>> > ~S
> >>> >
> >>>
> >>> While searching in the web, I have seen some configuration variables
> >>> related to dns
> >>>
> >>> proxy.config.dns.failover_number INT 5
> >>> proxy.config.dns.failover_period INT 60
> >>> proxy.config.dns.local_ipv4 STRING NULL
> >>> proxy.config.dns.local_ipv6 STRING NULL
> >>> proxy.config.dns.lookup_timeout INT 20
> >>> proxy.config.dns.max_dns_in_flight INT 2048
> >>> proxy.config.dns.retries INT 5
> >>>
> >>> Where do I get the document related to these parameters ?
> >>>
> >>> This is a bit urgent issue for me to resolve this issue. It would be
> of
> >>> great help if I get some directions on this.
> >>>
> >>> Thanks in advance
> >>> ~S
> >>>
>
Re: Question about traffic server dns resolution
Posted by salil GK <gk...@gmail.com>.
Can I get some ad hoc document for the dns failover. This is pretty
much urgent for me for my solution.
Thanks and regards
~S
On 30 May 2018 at 04:45, salil GK <gk...@gmail.com> wrote:
> Thanks Susan for the reply.
>
> Can I get some help on dns failover settings.
> Basically if dns server return multiple A records, how can I setup ATS
> to select alternative IP address in case first IP address is not
> accessible.
>
> Thanks
> ~S
>
> On 29 May 2018 at 20:19, Susan Hinrichs <sh...@oath.com.invalid> wrote:
>> We need to file an issue on getting these documented. Judging from "git
>> blame" . the failover settings have been around for quite a while. I
>> cannot help you much with the failover settings, since I haven't worked in
>> that area.
>>
>> I can help you on some of the other settings since Fei and I have been
>> digging through here recently.
>>
>> proxy.config.dns.max_dns_in_flight Controls how many DNS requests are
>> allowed to be outstanding. If this limit is reached, further requests will
>> be delayed until some responses arrive. I think this is a per thread limit.
>>
>> proxy.config.dns.lookup_timeout The timeout in seconds on a DNS request.
>>
>> proxy.config.dns.retries Number of times ATS will retry a DNS request.
>>
>> proxy.config.dns.local_ipv4
>> proxy.config.dns.local_ipv6 Specify the source address ATS uses to make DNS
>> requests. NULL will pull the IP address from the interface
>>
>>
>>
>>
>>
>>
>> On Mon, May 28, 2018 at 7:34 PM, gksalil@gmail.com <gk...@gmail.com>
>> wrote:
>>
>>>
>>>
>>> On 2018/05/25 16:27:08, salil GK <gk...@gmail.com> wrote:
>>> > Hello
>>> >
>>> > I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy. My
>>> > deployment is as follows
>>> >
>>> >
>>> > client -> ATS-1 -> ATS-2 -> "Origin server”
>>> >
>>> > Here between ATS-1 and ATS-2 I have created ssh tunnels and
>>> > traffic will be passed through that tunnel, using parent.config.
>>> >
>>> > ATS-1 is opening a MTLS socket to client and "Origin server" is https
>>> >
>>> > I have some questions regarding the capability of ATS.
>>> >
>>> > 1. From ATS-2 there will be a dns A query and get the address resolved
>>> > before connecting to "Origin Server”
>>> > If dns server return 2 or three addresses, is there any way
>>> > ATS use the alternative address ( second or third ) in case it fails
>>> > to reach first address ? How dns resolution works in ATS, is the dns
>>> > functionality embedded in dns or it allow the system to resolve the
>>> > address ?
>>> >
>>> > 2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
>>> > parent.config I have specified these two ATS-2 machines and
>>> > round_robin parameters is set to true. From document, I guess the
>>> > round_robin will happen if request come from different IP addresses (
>>> > ? ). All requests come from same IP address will take same parent
>>> > machine only. Is there any way I can have round robin in place even
>>> > for requests come from same IP address ?
>>> >
>>> > 3. Is there any chance that http connection to origin server from
>>> > ATS-2 can be made persistent.
>>> >
>>> > 4. Since this is multi hop deployment I need to handle error
>>> > condition in ATS-1 and ATS-2 gracefully. So based on the HTTP response
>>> > code, I would like to put some logic for handling this. For example,
>>> > if an error is returned from the origin server, or if there is any
>>> > network issue between ATS-2 and origin server, I need to handle it in
>>> > ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
>>> >
>>> >
>>> > Any help on this would be of great help for me.
>>> >
>>> > Thanks
>>> > ~S
>>> >
>>>
>>> While searching in the web, I have seen some configuration variables
>>> related to dns
>>>
>>> proxy.config.dns.failover_number INT 5
>>> proxy.config.dns.failover_period INT 60
>>> proxy.config.dns.local_ipv4 STRING NULL
>>> proxy.config.dns.local_ipv6 STRING NULL
>>> proxy.config.dns.lookup_timeout INT 20
>>> proxy.config.dns.max_dns_in_flight INT 2048
>>> proxy.config.dns.retries INT 5
>>>
>>> Where do I get the document related to these parameters ?
>>>
>>> This is a bit urgent issue for me to resolve this issue. It would be of
>>> great help if I get some directions on this.
>>>
>>> Thanks in advance
>>> ~S
>>>
Re: Question about traffic server dns resolution
Posted by salil GK <gk...@gmail.com>.
Thanks Susan for the reply.
Can I get some help on dns failover settings.
Basically if dns server return multiple A records, how can I setup ATS
to select alternative IP address in case first IP address is not
accessible.
Thanks
~S
On 29 May 2018 at 20:19, Susan Hinrichs <sh...@oath.com.invalid> wrote:
> We need to file an issue on getting these documented. Judging from "git
> blame" . the failover settings have been around for quite a while. I
> cannot help you much with the failover settings, since I haven't worked in
> that area.
>
> I can help you on some of the other settings since Fei and I have been
> digging through here recently.
>
> proxy.config.dns.max_dns_in_flight Controls how many DNS requests are
> allowed to be outstanding. If this limit is reached, further requests will
> be delayed until some responses arrive. I think this is a per thread limit.
>
> proxy.config.dns.lookup_timeout The timeout in seconds on a DNS request.
>
> proxy.config.dns.retries Number of times ATS will retry a DNS request.
>
> proxy.config.dns.local_ipv4
> proxy.config.dns.local_ipv6 Specify the source address ATS uses to make DNS
> requests. NULL will pull the IP address from the interface
>
>
>
>
>
>
> On Mon, May 28, 2018 at 7:34 PM, gksalil@gmail.com <gk...@gmail.com>
> wrote:
>
>>
>>
>> On 2018/05/25 16:27:08, salil GK <gk...@gmail.com> wrote:
>> > Hello
>> >
>> > I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy. My
>> > deployment is as follows
>> >
>> >
>> > client -> ATS-1 -> ATS-2 -> "Origin server”
>> >
>> > Here between ATS-1 and ATS-2 I have created ssh tunnels and
>> > traffic will be passed through that tunnel, using parent.config.
>> >
>> > ATS-1 is opening a MTLS socket to client and "Origin server" is https
>> >
>> > I have some questions regarding the capability of ATS.
>> >
>> > 1. From ATS-2 there will be a dns A query and get the address resolved
>> > before connecting to "Origin Server”
>> > If dns server return 2 or three addresses, is there any way
>> > ATS use the alternative address ( second or third ) in case it fails
>> > to reach first address ? How dns resolution works in ATS, is the dns
>> > functionality embedded in dns or it allow the system to resolve the
>> > address ?
>> >
>> > 2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
>> > parent.config I have specified these two ATS-2 machines and
>> > round_robin parameters is set to true. From document, I guess the
>> > round_robin will happen if request come from different IP addresses (
>> > ? ). All requests come from same IP address will take same parent
>> > machine only. Is there any way I can have round robin in place even
>> > for requests come from same IP address ?
>> >
>> > 3. Is there any chance that http connection to origin server from
>> > ATS-2 can be made persistent.
>> >
>> > 4. Since this is multi hop deployment I need to handle error
>> > condition in ATS-1 and ATS-2 gracefully. So based on the HTTP response
>> > code, I would like to put some logic for handling this. For example,
>> > if an error is returned from the origin server, or if there is any
>> > network issue between ATS-2 and origin server, I need to handle it in
>> > ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
>> >
>> >
>> > Any help on this would be of great help for me.
>> >
>> > Thanks
>> > ~S
>> >
>>
>> While searching in the web, I have seen some configuration variables
>> related to dns
>>
>> proxy.config.dns.failover_number INT 5
>> proxy.config.dns.failover_period INT 60
>> proxy.config.dns.local_ipv4 STRING NULL
>> proxy.config.dns.local_ipv6 STRING NULL
>> proxy.config.dns.lookup_timeout INT 20
>> proxy.config.dns.max_dns_in_flight INT 2048
>> proxy.config.dns.retries INT 5
>>
>> Where do I get the document related to these parameters ?
>>
>> This is a bit urgent issue for me to resolve this issue. It would be of
>> great help if I get some directions on this.
>>
>> Thanks in advance
>> ~S
>>
Re: Question about traffic server dns resolution
Posted by Susan Hinrichs <sh...@oath.com.INVALID>.
We need to file an issue on getting these documented. Judging from "git
blame" . the failover settings have been around for quite a while. I
cannot help you much with the failover settings, since I haven't worked in
that area.
I can help you on some of the other settings since Fei and I have been
digging through here recently.
proxy.config.dns.max_dns_in_flight Controls how many DNS requests are
allowed to be outstanding. If this limit is reached, further requests will
be delayed until some responses arrive. I think this is a per thread limit.
proxy.config.dns.lookup_timeout The timeout in seconds on a DNS request.
proxy.config.dns.retries Number of times ATS will retry a DNS request.
proxy.config.dns.local_ipv4
proxy.config.dns.local_ipv6 Specify the source address ATS uses to make DNS
requests. NULL will pull the IP address from the interface
On Mon, May 28, 2018 at 7:34 PM, gksalil@gmail.com <gk...@gmail.com>
wrote:
>
>
> On 2018/05/25 16:27:08, salil GK <gk...@gmail.com> wrote:
> > Hello
> >
> > I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy. My
> > deployment is as follows
> >
> >
> > client -> ATS-1 -> ATS-2 -> "Origin server”
> >
> > Here between ATS-1 and ATS-2 I have created ssh tunnels and
> > traffic will be passed through that tunnel, using parent.config.
> >
> > ATS-1 is opening a MTLS socket to client and "Origin server" is https
> >
> > I have some questions regarding the capability of ATS.
> >
> > 1. From ATS-2 there will be a dns A query and get the address resolved
> > before connecting to "Origin Server”
> > If dns server return 2 or three addresses, is there any way
> > ATS use the alternative address ( second or third ) in case it fails
> > to reach first address ? How dns resolution works in ATS, is the dns
> > functionality embedded in dns or it allow the system to resolve the
> > address ?
> >
> > 2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
> > parent.config I have specified these two ATS-2 machines and
> > round_robin parameters is set to true. From document, I guess the
> > round_robin will happen if request come from different IP addresses (
> > ? ). All requests come from same IP address will take same parent
> > machine only. Is there any way I can have round robin in place even
> > for requests come from same IP address ?
> >
> > 3. Is there any chance that http connection to origin server from
> > ATS-2 can be made persistent.
> >
> > 4. Since this is multi hop deployment I need to handle error
> > condition in ATS-1 and ATS-2 gracefully. So based on the HTTP response
> > code, I would like to put some logic for handling this. For example,
> > if an error is returned from the origin server, or if there is any
> > network issue between ATS-2 and origin server, I need to handle it in
> > ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
> >
> >
> > Any help on this would be of great help for me.
> >
> > Thanks
> > ~S
> >
>
> While searching in the web, I have seen some configuration variables
> related to dns
>
> proxy.config.dns.failover_number INT 5
> proxy.config.dns.failover_period INT 60
> proxy.config.dns.local_ipv4 STRING NULL
> proxy.config.dns.local_ipv6 STRING NULL
> proxy.config.dns.lookup_timeout INT 20
> proxy.config.dns.max_dns_in_flight INT 2048
> proxy.config.dns.retries INT 5
>
> Where do I get the document related to these parameters ?
>
> This is a bit urgent issue for me to resolve this issue. It would be of
> great help if I get some directions on this.
>
> Thanks in advance
> ~S
>
Re: Question about traffic server dns resolution
Posted by gk...@gmail.com,
gk...@gmail.com.
On 2018/05/25 16:27:08, salil GK <gk...@gmail.com> wrote:
> Hello
>
> I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy. My
> deployment is as follows
>
>
> client -> ATS-1 -> ATS-2 -> "Origin server”
>
> Here between ATS-1 and ATS-2 I have created ssh tunnels and
> traffic will be passed through that tunnel, using parent.config.
>
> ATS-1 is opening a MTLS socket to client and "Origin server" is https
>
> I have some questions regarding the capability of ATS.
>
> 1. From ATS-2 there will be a dns A query and get the address resolved
> before connecting to "Origin Server”
> If dns server return 2 or three addresses, is there any way
> ATS use the alternative address ( second or third ) in case it fails
> to reach first address ? How dns resolution works in ATS, is the dns
> functionality embedded in dns or it allow the system to resolve the
> address ?
>
> 2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
> parent.config I have specified these two ATS-2 machines and
> round_robin parameters is set to true. From document, I guess the
> round_robin will happen if request come from different IP addresses (
> ? ). All requests come from same IP address will take same parent
> machine only. Is there any way I can have round robin in place even
> for requests come from same IP address ?
>
> 3. Is there any chance that http connection to origin server from
> ATS-2 can be made persistent.
>
> 4. Since this is multi hop deployment I need to handle error
> condition in ATS-1 and ATS-2 gracefully. So based on the HTTP response
> code, I would like to put some logic for handling this. For example,
> if an error is returned from the origin server, or if there is any
> network issue between ATS-2 and origin server, I need to handle it in
> ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
>
>
> Any help on this would be of great help for me.
>
> Thanks
> ~S
>
While searching in the web, I have seen some configuration variables related to dns
proxy.config.dns.failover_number INT 5
proxy.config.dns.failover_period INT 60
proxy.config.dns.local_ipv4 STRING NULL
proxy.config.dns.local_ipv6 STRING NULL
proxy.config.dns.lookup_timeout INT 20
proxy.config.dns.max_dns_in_flight INT 2048
proxy.config.dns.retries INT 5
Where do I get the document related to these parameters ?
This is a bit urgent issue for me to resolve this issue. It would be of great help if I get some directions on this.
Thanks in advance
~S