For numerous critical websites within a company there is a requirement for load balancing and fault tolerance. A number of options exist for this such as:
- Hardware Load-balancing e.g. Cisco Content Services Switch, F5, Citrix NetScalar
- Software Load-balancing e.g. Windows Load Balancing Services
These have a number of drawbacks. Typically cost may be an limitation to purchasing hardware for a service that is not seen as high profile enough to have an associated budget. WLBS may require a broadcast domain to spoof MAC addresses or IGMP/multicast configuration on switches, is typically noisy on the network and is generally unloved by the Network Engineers.
A simple solution is to move the load balancing and fault tolerance mechanism from the server to inbuilt functionality in the web browser.
This method has some specific limitations as the behaviour is a function of the web browser:
- A proxy server will use it's own behaviour, and therefore must be bypassed, limiting the approach to internal websites.
- Anything that manages or inspects HTTP traffic , such as antivirus software, may break the browser behaviour.
To configure client side load balancing and failover:
- Ensure the DNS name to be used will not be proxied by the web browser
- Create a DNS A Record for each web server e.g.
website IN A 10.1.1.100
website IN A 10.1.1.101
If using authentication or session variables on the website it may be necessary to set the TTL on the individual A records to ensure users are not switched to another server when the DNS record expires. e.g. 8 hours
website 28800 IN A 10.1.1.100
website 28800 IN A 10.1.1.101
In Windows 2003 DNS this can be set by:
- View | Advanced
- Select DNS A record
- Enter TTL
- Click OK
Client Testing
The following is testing of each web browser loading a simple web page from two servers as listed in multiple DNS A records for a single DNS name.
The web browsers have no proxy set. Different behaviour may be observed using a proxy server, unless the site is included in the proxy exclusion list. Antivirus software that proxies web traffic such as the Trend OfficeScan 8.0 NT Proxy Service is known to cause the client side failover to stop working.
The test web page had the following meta tags set to avoid caching the page:
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
Browser respects A record order as returned by DNS server
- Internet Explorer 6 SP1: Yes
- Internet Explorer 7: Yes
- Firefox 2: Yes
Initial connection, preferred website unavailable (website disabled)
- Internet Explorer 6 SP1: 2 seconds
- Internet Explorer 7: 2 seconds
- Firefox 2: 2 seconds
Initial connection, preferred website unavailable (network disabled)
- Internet Explorer 6 SP1: 20 seconds
- Internet Explorer 7: 20 seconds
- Firefox 2: 20 seconds
Page loaded, click on hyperlink to DNS name, preferred website unavailable (website disabled)
- Internet Explorer 6 SP1: 2 seconds
- Internet Explorer 7: 2 seconds
- Firefox 2: 2 seconds
Page loaded, click on hyperlink to DNS name, preferred website unavailable (network disabled)
- Internet Explorer 6 SP1: 2 seconds to 7 minutes (depending on page staleness)
- Internet Explorer 7: 20 seconds to 3 minutes (depending on page staleness)
- Firefox 2: 2 seconds
Page loaded, click on Refresh, preferred website unavailable (website disabled)
- Internet Explorer 6 SP1: 2 seconds
- Internet Explorer 7: 2 seconds
- Firefox 2: 3 minutes
Page loaded, click on Refresh, preferred website unavailable (network disabled)
- Internet Explorer 6 SP1: 2 seconds
- Internet Explorer 7: 2 seconds
- Firefox 2: 3 minutes