[ale] Does anybody have experience with a load-balancing/failover distro?

Michael Trausch mike at trausch.us
Thu Sep 30 12:34:35 EDT 2010 

On Thu, Sep 30, 2010 at 5:54 AM, Paul Cartwright <ale at pcartwright.com> wrote:
> On Wed September 29 2010, Michael Trausch wrote:
>> Oh, yes.  A caching proxy is absolutely required in an environment
>> where you have more than 5 or 10 people using it concurrently on a
>> regular basis.  Even when you have 70+ Mbps Internet service, it makes
>> a difference, having both a caching DNS server and a caching Web
>> proxy.  A _huge_ difference.  Also, while it was _totally_ not
>> practical when I was in high school (in part because my school wasted
>> so much money on fscking infrastructure software such as Novell's
>> network setup on a Windows 98/NT 4/Win2k network).
>
> would that improve performance at all using your ISP's DNS server, rather than
> say openDNS??

There is a break-even point somewhere in there.  I would not use a
caching Web proxy nor a caching DNS resolver for a “network” where
there was only one human user.  I would, consider it for a network
with 5 to 20 people on it.  For any more than that, I think it's silly
_not_ to have at least one or the other.

For a single person, it won't improve performance much at all, unless
they're just reloading the same pages over and over again.  But for a
crowd, a network of people, there is a whole realm of latency that can
be avoided by doing it.  One person's DNS access with a 30ms to 70ms
response time isn't a big deal.  But with a whole network, there are
other factors:

  * If the connection is saturated at any given moment, latency goes
WAY up.  So it can take 10, 20, 30 seconds to get a DNS query
resolved.  Plus another 10-30 seconds to connect to a Web site and
pull a page.  However, if there is both a caching DNS server and a
caching Web proxy, and both are in play with lots of storage and the
content being accessed is cached, you go from waiting 60 seconds to
less than 1.  Big advantage.

  * Even if the connection isn't saturated, certain Internet
connections have latency higher than others.  My client's connection
has 70ms of latency to the gateway on the other side of the PPP link
(AT&T DSL) on a good day.  If you are running around the Internet
issuing several DNS queries, those 70ms delays add up.  A page that
has to ask for 7 names to be resolved will take 7 * 70ms = 490ms.
Users _will_ notice that.  With a caching DNS server, you get that
cache miss on the first visit, and after that, it's a cache hit, with
an average of 3ms latency and up to 10ms to answer the query.   That
means at most (7 * 10) + (7 * 3) = 91ms to resolve all those names,
which is just above most people's threshold of noticing a delay.

  * Offices don't exactly staff people who are high-level
professionals with computing environments.  If they have to access a
document and it is a link in an email message, they'll download the
thing 30 times.  Best to have that sort of thing hit the cache so that
they're not saturating the downstream 30 times just to get that same
stupid file repeatedly.

I don't have exact numbers, and I've not run specific experiments to
try to find the ideal break-even point under various usage patterns,
mostly because I fail to see the point of doing it.  Humans aren't
purely predictable, and such an experiment would have to be done so
many different times and in so many different ways that I wouldn't
even bother.  In general, the fewer people and systems there are on a
network, the lower the probability that they need some sort of caching
mechanism.  I have a caching DNS server here at the house and I set
one up on every network I manage.  That said, I'm about to change the
software that I use for it.  I don't like the way dnscache itself
works, causing hundreds of connections to nameservers around the
Internet.  It is nice that it'll only go fetch authoritative data, but
it sucks because what I really want for it to do is just cache answers
from the local DNS servers (e.g., the ISP, or Level 3) so that
responses are faster without connecting to half the damned Internet.

    -  Mike

More information about the Ale mailing list