Search code examples
nginxamazon-ec2dnsamazon-route53amazon-elb

Create a UDP Load Balancer with Failover at Amazon for EC2 Instances


Task:

Create a UDP Load Balancer with Failover at Amazon for EC2 Instances.

Problems:

Based on the explanation below, I have the following problems:

  • AWS EC2 Doesn't have a Public DNS Name that works for both IPv4 and IPv6 traffic.
  • Unable to reassign the current IPv6 address to a new instance in another availability zone.

Explanation:

By Failover, I mean that if the instance goes down for whatever reason, spin up a new one and replace it. If the availability zone it is in is down spin up a new instance in another availability zone and replace it.

With Elastic IP Addresses I am able to re-assign the existing Elastic IP Address to the new instance, regardless of its availability zone.

With IPv6 Addresses, I am unable to reassign the existing IPv6 Address if the new instance is created in a different availability zone, because it is not in the same subnet. By availability zone, I am referring to Amazon's Availability Zones, such as us-west-2a, us-west-2b, us-west-2c, etc.

The only way I know how to resolve this is to update the Host Record at my registrar (Godaddy in my case.) with the new IPv6 address. Godaddy has an API and I believe I can update my host record programmatically. However, Godaddy has a minimum TTL of 600 seconds, that means my server could be unreachable by IPv6 Traffic for 10 minutes or more based on propagation.

Amazon has an amazing Load Balancer system if I am just doing normal TCP traffic. This problem would be non existent if that were the case. Since I need to load balance UDP traffic, I'm running into this problem. The AWS ELB (Amazon Elastic Load Balancer) provides me with a CNAME that I can point all of my traffic to for TCP traffic. So I don't need to worry about the separate IPv4 vs IPv6 traffic. I can just point the CNAME directly to the DNS Name that Amazon provides with the ELB.

Amazon Also Provides a Public DNS for EC2, but it is only for IPv4 Traffic. So that would work for my IPv4 Traffic but not my IPv6 Traffic.

The only option I can think of is to setup a Software Based Load Balancer, in my case NGINX on an EC2 Instance. Then point the domain to the NGINX Load Balancer's IPv4 and IPv6 Addresses. Then when a zone crashes, I spin up a new AWS EC2 Instance in another zone. Then use Godaddy's API to update the IPv6 Address to the New Instance's IPv6 Address.

Request

Does anyone know how to assign a CNAME to an EC2 Instance without an AWS ELB? The instance would need to be able to receive both IPv4 and IPv6 traffic at the CNAME.

The only way I can think of doing it, will cause down time due to propagation issues with DNS changes at my Domain Registrar.

I've been looking at the Route 53 options in Amazon and it appears to have the same propagation delays.

I've thought about setting up my own DNS server for the domain. Then if the IP Address changes I could potentially change the DNS entry faster than using Godaddy. But DNS Propagation issues are going to be a problem with any dns change.


Solution

  • [EDIT after thinking about my answer]

    One item that I did not mention is that Route 53 supports simple load balancing and failover. Since you will need two systems in my answer below, just spin up two EC2 instances for your service, round-robin load balance with Route 53 and add a failover record. Create a CloudWatch alarm so that when one of your instances fail, you know to replace it manually. This will give you a "poor man" load balancer for UDP.

    Configuring DNS Failover

    [END of EDIT]

    First, I would move from GoDaddy DNS to Route 53. I have no experience with programming GoDaddy DNS entries, but Route 53's API is excellent.

    GoDaddy does not support zone apex CNAME records (example.com). You would need to use IPv4 A records and IPv6 AAAA records. This should not be a problem. I would use AWS EIP records so that when launching the new instance, at least IPv4 DNS entries would not require DNS delays.

    I would not setup my own DNS server. I would switch to Route 53 first. When you mention propagation delays, you mean TTL. You can change the TTL to be short. Route 53 supports a 1 second TTL entry, but most DNS clients will ignore short TTL values so you will have little to no control over this. Short TTLs also mean more DNS requests.

    AWS does not offer UDP load balancing but there are third party products and services that do that run on AWS. If your service is critical or revenue producing use a well tested solution.

    I would not try to reinvent the wheel. However, sometimes this is fun to do so to better understand how real systems work.

    STEP 1: You will need to design a strategy to detect that your instance has failed. You will need to duplicate the health check that a load balancer performs and then trigger an action.

    STEP 2: You will need to write code that can update Route 53 (GoDaddy) DNS entries.

    STEP 3: You will need to write code that can launch an EC2 instance and to terminate the old instance.

    STEP 4: You will need to detect the new addresses for the new instance and update Route 53 (GoDaddy).

    The above steps will require a dedicated always on computer with a highly reliable Internet connection. I would use EC2 for the monitoring system. T2-micro is probably fine.

    However, look at the amount of time that it will take you to develop and test this new system. Go back and rethink your strategy.