3 Replies Latest reply on Apr 5, 2020 1:00 AM by Amin Masoudifard

    DNS VM's FT

    jeddgo12 Lurker

      Hi everyone

       

      vSphere Enterprise +

      ESX 6.7U2 maybe U3 not sure yet :-)

       

      Hope everyone is staying safe and healthy. Just wanted to get feedback from the community on below scenario

       

      Goal: Install/Configure/ VM running BIND based on RedHat 7. Will be using 2 VM's for both master/slave scenario. I am looking at VMware FT for both VM's in case of host failures.

      My questions:

      1. Will FT replicate application data? I can't find any documentation on this?

      2. Is it overkill to have master/slave and then FT (I know stupid question)?

      3. I am looking for some data on network traffic between master/slave DNS server and can't find any? I know FT is network-bound. Can anyone share any data?

      4. Has anyone done this type of setup and willing to share their setup/experience with this?

       

      Thanks everyone.

        • 1. Re: DNS VM's FT
          scott28tt Champion
          User ModeratorsCommunity WarriorsVMware Employees

          I would not say that DNS is a typical use case for FT given that you can have primary/secondary servers to give resilience, with multiple secondaries.

           

          FT is more often used with applications and services which do not have their own mechanism for resilience.

           

          You can learn more about FT here: Providing Fault Tolerance for Virtual Machines

          • 2. Re: DNS VM's FT
            NicolasAlauzet Hot Shot

            As Scott said, DNS is not a tipical use case for FT.

             

            But in case is a must for you, or you want to try it anyways, the answers to your questions will be:

             

            1. Will FT replicate application data? I can't find any documentation on this?

            FT Will replicate the entire VM and it status. (document provided by scott will help you a lot)

            2. Is it overkill to have master/slave and then FT (I know stupid question)?

            In this case, from my point of view and for a service like DNS, yes it is.

            What I have encountered in an implementation for a customer, was that the application was not able to manage secondary dns (it was configured, but it keep retrying on the primary) in a weird case like that could help.

            Always depends on the environment and the requeriments that you have there.

            3. I am looking for some data on network traffic between master/slave DNS server and can't find any? I know FT is network-bound. Can anyone share any data?

            You should use dedicated vlan for ft traffic. And replication traffic for dns is really low.

            The FT traffic wil vary depending on the consumption/changes on the master vm.

            4. Has anyone done this type of setup and willing to share their setup/experience with this?

            Yes FT, yes to that DNS config, but both to be hones with you, will be hard to find someone with that setup

             

            Hope that helps

            Cheers

            Nicolas

            • 3. Re: DNS VM's FT
              Amin Masoudifard Expert

              Other answers to your questions, clarified what you need, but totally remember the following points when we talk about the FT technology:

               

              1. FT logging traffic can be very heavy and also network bandwidth consumer, based on rate of changes and modification (data, network, ...) of the primary VM. So do not forget if you want to enable this feature for a critical VM, to achieve better data replication, assign at least a single dedicated physical  1Gbps NIC (10G is better in veri high density of traffics) on both of source and destination ESXi hosts for deploying primary and secondary VM.

               

              2. You mentioned to the guest OS service (DNS). FT will not consider the guest OS and service levels. So keep in mind if there is an availability-failover feature for your services, it's better to consider them as the final solution, however you can still use the FT as a zero downtime capability in front of disasters like host failure with its specific considerations and limitations on each of vSphere versions.

               

              3. FT logging traffic between primary and secondary VMs is not encrypted by default, so if there is any sensitive data, you should secure the network segment between them to prevent MITM attacks.

              Please mark my comment as the Correct Answer if this solution resolved your problem