一直在测试GCE和负载平衡功能,但是已经看到了一些意想不到的结果。
试用配置涉及两个实例,它们作为带有第三个测试实例的目标池中的DNS解析器。主机上还运行着一个http服务器。没有添加任何健康检查脚本。
我可以在实例日志中看到,DNS请求到达所有情况,并且分布均匀--尽管答复似乎没有返回到发起人那里。
这种行为似乎出乎意料。我使用过类似结果的会话关联--尽管默认行为是最理想的选项。
撞到墙了。有什么想法可以试试吗?
有关设置的信息:
$ gcutil listhttphealthchecks
+------+------+------+
| name | host | port |
+------+------+------+
$ gcutil listtargetpools
+----------+-------------+
| name | region |
+----------+-------------+
| dns-pool | us-central1 |
+----------+-------------+
$ gcutil listforwardingrules
+---------+-------------+-------------+
| name | region | ip |
+---------+-------------+-------------+
| dns-tcp | us-central1 | 8.34.215.45 |
+---------+-------------+-------------+
| dns-udp | us-central1 | 8.34.215.45 |
+---------+-------------+-------------+
| http | us-central1 | 8.34.215.45 |
+---------+-------------+-------------+
$ gcutil getforwardingrule dns-udp
+---------------+----------------------------------+
| name | dns-udp |
| description | |
| creation-time | 2013-12-28T12:28:05.816-08:00 |
| region | us-central1 |
| ip | 8.34.215.45 |
| protocol | UDP |
| port-range | 53-53 |
| target | us-central1/targetPools/dns-pool |
+---------------+----------------------------------+
$ gcutil gettargetpool dns-pool
+------------------+-------------------------------+
| name | dns-pool |
| description | |
| creation-time | 2013-12-28T11:48:08.896-08:00 |
| health-checks | |
| session-affinity | NONE |
| failover-ratio | |
| backup-pool | |
| instances | us-central1-a/instances/dns-1 |
| | us-central1-b/instances/dns-2 |
+------------------+-------------------------------+
[@dns-1 ~]$ curl "http://metadata/computeMetadata/v1/instance/network-interfaces/?recursive=true" -H "X-Google-Metadata-Request: True"
[{"accessConfigs":[{"externalIp":"162.222.178.116","type":"ONE_TO_ONE_NAT"}],"forwardedIps":["8.34.215.45"],"ip":"10.240.157.97","network":"projects/763472520840/networks/default"}]
[@dns-2 ~]$ curl "http://metadata/computeMetadata/v1/instance/network-interfaces/?recursive=true" -H "X-Google-Metadata-Request: True"
[{"accessConfigs":[{"externalIp":"8.34.215.162","type":"ONE_TO_ONE_NAT"}],"forwardedIps":["8.34.215.45"],"ip":"10.240.200.109","network":"projects/763472520840/networks/default"}]
$ gcutil getfirewall dns2
+---------------+------------------------------------+
| name | dns2 |
| description | Allow the incoming service traffic |
| creation-time | 2013-12-28T10:35:18.185-08:00 |
| network | default |
| source-ips | 0.0.0.0/0 |
| source-tags | |
| target-tags | |
| allowed | tcp: 53 |
| allowed | udp: 53 |
| allowed | tcp: 80 |
| allowed | tcp: 443 |
+---------------+------------------------------------+
这些实例是CentOS,禁用了它们的iptable防火墙。
来自目标池中实例的答复
@dns-1 ~]$ nslookup test 8.34.215.45 | grep answer
Non-authoritative answer:
@dns-1 ~]$
来自目标池中其他实例的答复
@dns-2 ~]$ nslookup test 8.34.215.45 | grep answer
Non-authoritative answer:
@dns-2 ~]$
没有来自实例的答复,而不是在负载平衡IP上的目标池中。但是,它会从所有其他接口获得答复。
@dns-3 ~]$ nslookup test 8.34.215.45 | grep answer
@dns-3 ~]$
@dns-3 ~]$ nslookup test 8.34.215.162 | grep answer
Non-authoritative answer:
@dns-3 ~]$ nslookup test 10.240.200.109 | grep answer
Non-authoritative answer:
@dns-3 ~]$ nslookup test 10.240.157.97 | grep answer
Non-authoritative answer:
@dns-3 ~]$ nslookup test 162.222.178.116 | grep answer
Non-authoritative answer:
-更新-增加一项健康检查,使实例不会被标记为不健康。但是得到了同样的结果。
$ gcutil gettargetpoolhealth dns-pool
+-------------------------------+-------------+--------------+
| instance | ip | health-state |
+-------------------------------+-------------+--------------+
| us-central1-a/instances/dns-1 | 8.34.215.45 | HEALTHY |
+-------------------------------+-------------+--------------+
| us-central1-b/instances/dns-2 | 8.34.215.45 | HEALTHY |
+-------------------------------+-------------+--------------+
更新这无疑是它似乎没有反应的原因。
0.000000 162.222.178.130 -> 8.34.215.45 DNS 82 Standard query 0x5323 A test.internal
2.081868 10.240.157.97 -> 162.222.178.130 DNS 98 Standard query response 0x5323 A 54.122.122.227
发布于 2013-12-29 08:29:31
看起来DNS服务没有响应请求所使用的IP。这无疑是它似乎没有反应的原因。
0.000000 162.222.178.130 -> 8.34.215.45 DNS 82 Standard query 0x5323 A test.internal
2.081868 10.240.157.97 -> 162.222.178.130 DNS 98 Standard query response 0x5323 A 54.122.122.227
https://stackoverflow.com/questions/20820349
复制相似问题