SlideShare a Scribd company logo

Dnscluster @ DevOps Krakow 2013

Slawomir Skowron
Slawomir Skowron

Simple infrastructure DNS service inside Amazon Cloud automated by Ansible, created @ BaseCRM

Technology
1 of 35
Download to read offline
DevOps Krakow #Meet 1 DNS CLUSTER Automated Internal DNS Service with Amazon VPC integration Sławomir Skowron System Engineer (DevOps Team) slawomir.skowron@getbase.com 2013
DNS INTRODUCTION
WHAT IS DNS ? • Domain Name System is hierarchical and distributed naming system • Essentially name service for TCP/IP networks • Allow IP address resolution mechanism • Adds tree based domain name space, • Name space is sub-divides into zones and start with root zone • One of the first NoSQL key-value database
NAMESPACE Tree hierarchical structure starting from . (root)
ZONES Delegated part of domain name space for administrative responsibility.
DOMAIN NAME SERVERS Software on servers that store, manage and serve information about own part of domain namespace called zone Two types of servers: master and slave
DNS QUERIES Two type of external queries: Recursive and Iterative • Recursive - querying other servers until positive response • Iterative - add local response (cache, local zone) or give info where to look for it. Cached Queries - DNS Cache - improve latency and throughput
DNS AS A SERVICE INSIDE AMAZON CLOUD
AMAZON EC2 DNS (VPC) PROBLEMS • Route-53 (right now) is not supporting internal DNS domains • Amazon VPC Internal DNS support only ec2.internal domains • Amazon VPC DHCP in default support only AWS DNS
Our own DNS Service
USE CASE Our own DNS Service • Available only in LAN and through VPN • Only A and SRV - infrastructure DNS • Resolv local and forward if not exist • No zone transfer, No slaves, No masters • Updates are simple, secure and fast
SOLUTION Our own DNS Service • Clustering for High Availability and Performance • Integration with our VPC’s DHPC • Availability in every Amazon Region • Caching • Fully Automated and Integrated with Instance Provisioning • Support for our name space
HIERARCHY Hierarchy of private DNS at BaseCRM
DNSCLUSTER RELEASE 1.0
:) T S O M L A
SOLUTION • Puppet 3 as Configuration Management solution • Puppet Hiera, PuppetDB integration • TheForeman - http://theforeman.org/ • Foreman integrates with BIND • Unbound as DNSCluster core - local zones, forwarder, cache • Git for store zones and versioning
DNSCLUSTER Integration with Puppet and TheForeman
WHAT’S WRONG WITH PUPPET ? • Puppet is slow • Hard and slow flow developing with Puppet • Hard to integrate on running machines before puppet. • PuppetDB is ok but it’s not scalable enough • Everything go through Foreman and BIND in our case
PUPPET
ANSIBLE Radicaly simple IT orchestration
ANSIBLE • Minimal setup - Python + Libs - pip install ansible • Use existing auth (root, sudo) on SSH as default transport or accelerated mode • Ad-hoc operations built in • async, sync and parallel operations • Predictable, easy to expand (plugins, connectors, filters, modules) • Use powerful templates in jinja2 • outputs in json, • configure in yaml
source: http://www.ansibleworks.com/
ANSIBLE @ BASE • Two months of work all in GIT • 15 playbooks (Universal Flow) • 25 roles • 180 yaml files • 52 template
DNSCLUSTER RELEASE 2.0
SOLUTION • Ansible • Unbound as DNSCluster core - local zones, forwarder, cache • Git for store zones and versioning • Amazon VPC DHCP integration - under development • ETCD integration - under development
KISS Keep it simple, stupid Core Thinking
IMPROVEMENT KISS as core thinking • Simple workflow • Faster development • Fast Deploy with low memory/cpu consumption • No central DB • All data are stored in 3 places and can be restored from running machines • Work as push or pull workflow • Integrated with VPC DHCP if new DNSCluster is created
DNSCLUSTER 2.0 Flow for DNSCluster Client
DNSCLUSTER 2.0 - MULTI-REGIONS
DNS CLUSTER PERFORMANCE
DNSCLUSTER PERFORMANCE Queries per second / Concurrency 2500 2000 AWS DNS DNSCLUSTER 1 node (1 cpu core – ec2.x1.small) 1500 QPS UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 1 pass – 1 unbound thread UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 2 pass – from cache – 1 unbound threads 1000 UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 2 pass – from cache – 2 unbound threads 500 0 1 500 Concurrency 1000
DNSCLUSTER PERFORMANCE 0.12 Latency / Concurrency 0.1 AWS DNS DNSCLUSTER 1 node (1 cpu core – ec2.x1.small) Latensy [seconds] 0.08 UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 1 pass – 1 unbound thread 0.06 UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 2 pass – from cache – 1 unbound threads 0.04 UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 2 pass – from cache – 2 unbound threads 0.02 0 1 500 Concurrency 1000
SOON / NEXT TIME ? Ansible Universal Template Flow Created @ Base for simple consistent create/destroy instances Monitoring and Alerting second element for our auto scaling
THE END

Recommended

QNAP QTS 4.0 Overview
QNAP QTS 4.0 OverviewQNAP QTS 4.0 Overview
QNAP QTS 4.0 Overviewqnapchris
 
DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...
DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...
DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...ClusterHQ
 
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Cloud Native Day Tel Aviv
 
Word press and containers
Word press and containersWord press and containers
Word press and containerswcto2017
 
Shipping python project by docker
Shipping python project by dockerShipping python project by docker
Shipping python project by dockerWei-Ting Kuo
 
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017Frank Munz
 
Libnetwork update at Moby summit June 2017
Libnetwork update at Moby summit June 2017Libnetwork update at Moby summit June 2017
Libnetwork update at Moby summit June 2017Docker, Inc.
 
Wanting distributed volumes - Experiences with ceph-docker
Wanting distributed volumes - Experiences with ceph-dockerWanting distributed volumes - Experiences with ceph-docker
Wanting distributed volumes - Experiences with ceph-dockerEwout Prangsma
 

Recommended

QNAP QTS 4.0 Overview
QNAP QTS 4.0 OverviewQNAP QTS 4.0 Overview
QNAP QTS 4.0 Overviewqnapchris
 
DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...
DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...
DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...ClusterHQ
 
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016Cloud Native Day Tel Aviv
 
Word press and containers
Word press and containersWord press and containers
Word press and containerswcto2017
 
Shipping python project by docker
Shipping python project by dockerShipping python project by docker
Shipping python project by dockerWei-Ting Kuo
 
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017Frank Munz
 
Libnetwork update at Moby summit June 2017
Libnetwork update at Moby summit June 2017Libnetwork update at Moby summit June 2017
Libnetwork update at Moby summit June 2017Docker, Inc.
 
Wanting distributed volumes - Experiences with ceph-docker
Wanting distributed volumes - Experiences with ceph-dockerWanting distributed volumes - Experiences with ceph-docker
Wanting distributed volumes - Experiences with ceph-dockerEwout Prangsma
 
Apache Kafka - Martin Podval
Apache Kafka - Martin PodvalApache Kafka - Martin Podval
Apache Kafka - Martin PodvalMartin Podval
 
Kafka blr-meetup-presentation - Kafka internals
Kafka blr-meetup-presentation - Kafka internalsKafka blr-meetup-presentation - Kafka internals
Kafka blr-meetup-presentation - Kafka internalsAyyappadas Ravindran (Appu)
 
ES & Kafka
ES & KafkaES & Kafka
ES & KafkaDiego Pacheco
 
Do more with Galera Cluster in your OpenStack cloud
Do more with Galera Cluster in your OpenStack cloudDo more with Galera Cluster in your OpenStack cloud
Do more with Galera Cluster in your OpenStack cloudphilip_stoev
 
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...Docker, Inc.
 
Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)StreamNative
 
Integrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemIntegrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemStreamNative
 
Micro services infrastructure with AWS and Ansible
Micro services infrastructure with AWS and AnsibleMicro services infrastructure with AWS and Ansible
Micro services infrastructure with AWS and AnsibleBamdad Dashtban
 
Big data, better networks
Big data, better networksBig data, better networks
Big data, better networksCumulus Networks
 
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...ScyllaDB
 
"High-load is at the intersection of DevOps and PHP development",
"High-load is at the intersection of DevOps and PHP development", "High-load is at the intersection of DevOps and PHP development",
"High-load is at the intersection of DevOps and PHP development", Fwdays
 
Kafka as a message queue
Kafka as a message queueKafka as a message queue
Kafka as a message queueSoftwareMill
 
Qts 4.2 presentation
Qts 4.2 presentationQts 4.2 presentation
Qts 4.2 presentationFernando Barrientos
 
Kafka Tutorial: Advanced Producers
Kafka Tutorial: Advanced ProducersKafka Tutorial: Advanced Producers
Kafka Tutorial: Advanced ProducersJean-Paul Azar
 
Integrating Puppet with Cloud Infrastructures-Remco Overdijk
Integrating Puppet with Cloud Infrastructures-Remco OverdijkIntegrating Puppet with Cloud Infrastructures-Remco Overdijk
Integrating Puppet with Cloud Infrastructures-Remco OverdijkMaxServ
 
DockerCon 18 docker storage
DockerCon 18 docker storageDockerCon 18 docker storage
DockerCon 18 docker storageDaniel Finneran
 
DNSSEC in Windows DNS Server
DNSSEC in Windows DNS ServerDNSSEC in Windows DNS Server
DNSSEC in Windows DNS ServerKumar Ashutosh
 
Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Kumar Ashutosh
 
Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutSander Temme
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 
6421 b Module-03
6421 b Module-036421 b Module-03
6421 b Module-03Bibekananada Jena
 

More Related Content

What's hot

Apache Kafka - Martin Podval
Apache Kafka - Martin PodvalApache Kafka - Martin Podval
Apache Kafka - Martin PodvalMartin Podval
 
Do more with Galera Cluster in your OpenStack cloud
Do more with Galera Cluster in your OpenStack cloudDo more with Galera Cluster in your OpenStack cloud
Do more with Galera Cluster in your OpenStack cloudphilip_stoev
 
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...Docker, Inc.
 
Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)StreamNative
 
Integrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemIntegrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemStreamNative
 
Micro services infrastructure with AWS and Ansible
Micro services infrastructure with AWS and AnsibleMicro services infrastructure with AWS and Ansible
Micro services infrastructure with AWS and AnsibleBamdad Dashtban
 
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...ScyllaDB
 
"High-load is at the intersection of DevOps and PHP development",
"High-load is at the intersection of DevOps and PHP development", "High-load is at the intersection of DevOps and PHP development",
"High-load is at the intersection of DevOps and PHP development", Fwdays
 
Kafka as a message queue
Kafka as a message queueKafka as a message queue
Kafka as a message queueSoftwareMill
 
Kafka Tutorial: Advanced Producers
Kafka Tutorial: Advanced ProducersKafka Tutorial: Advanced Producers
Kafka Tutorial: Advanced ProducersJean-Paul Azar
 
Integrating Puppet with Cloud Infrastructures-Remco Overdijk
Integrating Puppet with Cloud Infrastructures-Remco OverdijkIntegrating Puppet with Cloud Infrastructures-Remco Overdijk
Integrating Puppet with Cloud Infrastructures-Remco OverdijkMaxServ
 
DockerCon 18 docker storage
DockerCon 18 docker storageDockerCon 18 docker storage
DockerCon 18 docker storageDaniel Finneran
 
DNSSEC in Windows DNS Server
DNSSEC in Windows DNS ServerDNSSEC in Windows DNS Server
DNSSEC in Windows DNS ServerKumar Ashutosh
 
Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Kumar Ashutosh
 

What's hot (18)

Apache Kafka - Martin Podval
Apache Kafka - Martin PodvalApache Kafka - Martin Podval
Apache Kafka - Martin Podval
 
Kafka blr-meetup-presentation - Kafka internals
Kafka blr-meetup-presentation - Kafka internalsKafka blr-meetup-presentation - Kafka internals
Kafka blr-meetup-presentation - Kafka internals
 
ES & Kafka
ES & KafkaES & Kafka
ES & Kafka
 
Do more with Galera Cluster in your OpenStack cloud
Do more with Galera Cluster in your OpenStack cloudDo more with Galera Cluster in your OpenStack cloud
Do more with Galera Cluster in your OpenStack cloud
 
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
 
Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)
 
Integrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemIntegrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data Ecosystem
 
Micro services infrastructure with AWS and Ansible
Micro services infrastructure with AWS and AnsibleMicro services infrastructure with AWS and Ansible
Micro services infrastructure with AWS and Ansible
 
Big data, better networks
Big data, better networksBig data, better networks
Big data, better networks
 
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
 
"High-load is at the intersection of DevOps and PHP development",
"High-load is at the intersection of DevOps and PHP development", "High-load is at the intersection of DevOps and PHP development",
"High-load is at the intersection of DevOps and PHP development",
 
Kafka as a message queue
Kafka as a message queueKafka as a message queue
Kafka as a message queue
 
Qts 4.2 presentation
Qts 4.2 presentationQts 4.2 presentation
Qts 4.2 presentation
 
Kafka Tutorial: Advanced Producers
Kafka Tutorial: Advanced ProducersKafka Tutorial: Advanced Producers
Kafka Tutorial: Advanced Producers
 
Integrating Puppet with Cloud Infrastructures-Remco Overdijk
Integrating Puppet with Cloud Infrastructures-Remco OverdijkIntegrating Puppet with Cloud Infrastructures-Remco Overdijk
Integrating Puppet with Cloud Infrastructures-Remco Overdijk
 
DockerCon 18 docker storage
DockerCon 18 docker storageDockerCon 18 docker storage
DockerCon 18 docker storage
 
DNSSEC in Windows DNS Server
DNSSEC in Windows DNS ServerDNSSEC in Windows DNS Server
DNSSEC in Windows DNS Server
 
Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server
 

Similar to Dnscluster @ DevOps Krakow 2013

Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutSander Temme
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 
AWS Database Services-Philadelphia AWS User Group-4-17-2018
AWS Database Services-Philadelphia AWS User Group-4-17-2018AWS Database Services-Philadelphia AWS User Group-4-17-2018
AWS Database Services-Philadelphia AWS User Group-4-17-2018Bert Zahniser
 
Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07gameaxt
 
AWS re:Invent 2013 Recap
AWS re:Invent 2013 RecapAWS re:Invent 2013 Recap
AWS re:Invent 2013 RecapBarry Jones
 
Implementing Domain Name
Implementing Domain NameImplementing Domain Name
Implementing Domain NameNapoleon NV
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
Network latency - measurement and improvement
Network latency - measurement and improvementNetwork latency - measurement and improvement
Network latency - measurement and improvementMatt Willsher
 
Performance out
Performance outPerformance out
Performance outJack Huang
 
Performance out
Performance outPerformance out
Performance outJack Huang
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveMadhu Venugopal
 
Performance_Out.pptx
Performance_Out.pptxPerformance_Out.pptx
Performance_Out.pptxsanjanabal
 
Performance out
Performance outPerformance out
Performance outJack Huang
 

Similar to Dnscluster @ DevOps Krakow 2013 (20)

Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling Out
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul Islam
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
6421 b Module-03
6421 b Module-036421 b Module-03
6421 b Module-03
 
AWS Database Services-Philadelphia AWS User Group-4-17-2018
AWS Database Services-Philadelphia AWS User Group-4-17-2018AWS Database Services-Philadelphia AWS User Group-4-17-2018
AWS Database Services-Philadelphia AWS User Group-4-17-2018
 
Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07
 
AWS re:Invent 2013 Recap
AWS re:Invent 2013 RecapAWS re:Invent 2013 Recap
AWS re:Invent 2013 Recap
 
Implementing Domain Name
Implementing Domain NameImplementing Domain Name
Implementing Domain Name
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
Network latency - measurement and improvement
Network latency - measurement and improvementNetwork latency - measurement and improvement
Network latency - measurement and improvement
 
Performance out
Performance outPerformance out
Performance out
 
Performance out
Performance outPerformance out
Performance out
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep dive
 
Performance_Out.pptx
Performance_Out.pptxPerformance_Out.pptx
Performance_Out.pptx
 
2 7
2 72 7
2 7
 
Performance out
Performance outPerformance out
Performance out
 
Performance out
Performance outPerformance out
Performance out
 
Performance out
Performance outPerformance out
Performance out
 

Recently uploaded

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

Dnscluster @ DevOps Krakow 2013

  • 1. DevOps Krakow #Meet 1 DNS CLUSTER Automated Internal DNS Service with Amazon VPC integration Sławomir Skowron System Engineer (DevOps Team) slawomir.skowron@getbase.com 2013
  • 3. WHAT IS DNS ? • Domain Name System is hierarchical and distributed naming system • Essentially name service for TCP/IP networks • Allow IP address resolution mechanism • Adds tree based domain name space, • Name space is sub-divides into zones and start with root zone • One of the first NoSQL key-value database
  • 4. NAMESPACE Tree hierarchical structure starting from . (root)
  • 5. ZONES Delegated part of domain name space for administrative responsibility.
  • 6. DOMAIN NAME SERVERS Software on servers that store, manage and serve information about own part of domain namespace called zone Two types of servers: master and slave
  • 7. DNS QUERIES Two type of external queries: Recursive and Iterative • Recursive - querying other servers until positive response • Iterative - add local response (cache, local zone) or give info where to look for it. Cached Queries - DNS Cache - improve latency and throughput
  • 8. DNS AS A SERVICE INSIDE AMAZON CLOUD
  • 9.
  • 10. AMAZON EC2 DNS (VPC) PROBLEMS • Route-53 (right now) is not supporting internal DNS domains • Amazon VPC Internal DNS support only ec2.internal domains • Amazon VPC DHCP in default support only AWS DNS
  • 11. Our own DNS Service
  • 12. USE CASE Our own DNS Service • Available only in LAN and through VPN • Only A and SRV - infrastructure DNS • Resolv local and forward if not exist • No zone transfer, No slaves, No masters • Updates are simple, secure and fast
  • 13. SOLUTION Our own DNS Service • Clustering for High Availability and Performance • Integration with our VPC’s DHPC • Availability in every Amazon Region • Caching • Fully Automated and Integrated with Instance Provisioning • Support for our name space
  • 17. SOLUTION • Puppet 3 as Configuration Management solution • Puppet Hiera, PuppetDB integration • TheForeman - http://theforeman.org/ • Foreman integrates with BIND • Unbound as DNSCluster core - local zones, forwarder, cache • Git for store zones and versioning
  • 19. WHAT’S WRONG WITH PUPPET ? • Puppet is slow • Hard and slow flow developing with Puppet • Hard to integrate on running machines before puppet. • PuppetDB is ok but it’s not scalable enough • Everything go through Foreman and BIND in our case
  • 21. ANSIBLE Radicaly simple IT orchestration
  • 22. ANSIBLE • Minimal setup - Python + Libs - pip install ansible • Use existing auth (root, sudo) on SSH as default transport or accelerated mode • Ad-hoc operations built in • async, sync and parallel operations • Predictable, easy to expand (plugins, connectors, filters, modules) • Use powerful templates in jinja2 • outputs in json, • configure in yaml
  • 24. ANSIBLE @ BASE • Two months of work all in GIT • 15 playbooks (Universal Flow) • 25 roles • 180 yaml files • 52 template
  • 26. SOLUTION • Ansible • Unbound as DNSCluster core - local zones, forwarder, cache • Git for store zones and versioning • Amazon VPC DHCP integration - under development • ETCD integration - under development
  • 27. KISS Keep it simple, stupid Core Thinking
  • 28. IMPROVEMENT KISS as core thinking • Simple workflow • Faster development • Fast Deploy with low memory/cpu consumption • No central DB • All data are stored in 3 places and can be restored from running machines • Work as push or pull workflow • Integrated with VPC DHCP if new DNSCluster is created
  • 29. DNSCLUSTER 2.0 Flow for DNSCluster Client
  • 30. DNSCLUSTER 2.0 - MULTI-REGIONS
  • 32. DNSCLUSTER PERFORMANCE Queries per second / Concurrency 2500 2000 AWS DNS DNSCLUSTER 1 node (1 cpu core – ec2.x1.small) 1500 QPS UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 1 pass – 1 unbound thread UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 2 pass – from cache – 1 unbound threads 1000 UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 2 pass – from cache – 2 unbound threads 500 0 1 500 Concurrency 1000
  • 33. DNSCLUSTER PERFORMANCE 0.12 Latency / Concurrency 0.1 AWS DNS DNSCLUSTER 1 node (1 cpu core – ec2.x1.small) Latensy [seconds] 0.08 UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 1 pass – 1 unbound thread 0.06 UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 2 pass – from cache – 1 unbound threads 0.04 UNBOUND local cache (forwarders: 3 dnscluster nodes – 3 x ec2.x1.small) 2 pass – from cache – 2 unbound threads 0.02 0 1 500 Concurrency 1000
  • 34. SOON / NEXT TIME ? Ansible Universal Template Flow Created @ Base for simple consistent create/destroy instances Monitoring and Alerting second element for our auto scaling