Global Site
Displaying present location in the site.
October 14th, 2022
Machine translation is used partially for this article. See the Japanese version for the original article.
Introduction
We tried connecting to an HA cluster based on DNS name control using Amazon Route 53 Resolver (hereinafter called "Route 53 Resolver") on Amazon Web Services (hereinafter called "AWS").
Last time, we explained an overview of how to connect to the HA cluster and its configuration.
This time, we will explain building procedure of the HA cluster.
Contents
1. HA Cluster Configuration
This time, we will build a "HA cluster based on DNS name control" in the VPC environment in the N. Virginia region.
As a pseudo-environment for on-premises environments, we build client machine in the Singapore region and connect VPC in the Singapore and the N. Virginia region with a VPN.
- * If you are actually connecting from an on-premises environment, please replace the following Singapore region with on-premises environment.
Here is the configuration after replacement.
* VyOS in the Singapore region is used for VPN connection.
Using the virtual host name (sample.expresscluster.local) from the client machine, confirm that the active server can be accessed before and after failover.
2. HA Cluster Building Procedure
Build a "HA cluster based on DNS name control".
This time, we will omit the VPN connection procedure.
2.1 Preparation for HA Cluster Construction
2.1.1 VPC Settings
Create VPCs in advance. The configuration of the VPCs is as follows:
N. Virginia region
- VPC(VPC ID : vpc-1234abcd)
- - CIDR : 10.0.0.0/16
- - Subnets
- ■Subnet-A1 (Subnet ID : sub-1111aaaa) : 10.0.10.0/24
- ■Subnet-A2 (Subnet ID : sub-2222aaaa) : 10.0.110.0/24
- ■Subnet-A3 (Subnet ID : sub-3333aaaa) : 10.0.111.0/24
- ■Subnet-B1 (Subnet ID : sub-1111bbbb) : 10.0.20.0/24
- ■Subnet-B2 (Subnet ID : sub-2222bbbb) : 10.0.120.0/24
- ■Subnet-B3 (Subnet ID : sub-3333bbbb) : 10.0.121.0/24
Singapore region
- VPC(VPC ID : vpc-5678efgh)
- - CIDR : 11.0.0.0/16
- - Subnets
- ■Subnet-A1 (Subnet ID : sub-1111aaaa) : 11.0.10.0/24
2.1.2 Amazon Route 53 Settings
Configure Amazon Route 53 to realize HA cluster based on DNS name control.
- Domain Name : expresscluster.local
- Hosted Zone ID : 123456789abcde
- Type : Private Hosted Zone for Amazon VPC
- Associated VPCs : vpc-1234abcd
For more information on other preparations in AWS environments, please refer to the Configuration Guide.
[Reference]
Documentation - Setup Guides
Documentation - Setup Guides- Windows > Cloud > Amazon Web Services > HA Cluster Configuration Guide for Amazon Web Services
2.2 Building HA Cluster Based on DNS Name Control
Build a "HA cluster based on DNS name control". The configuration of the EXPRESSCLUSTER is as follows:
Register two resources in the failover group of EXPRESSCLUSTER, AWS DNS resource and Mirror disk resource.
For more information about how to build an HA cluster using AWS DNS resources, refer to the Configuration Guide.
- EXPRESSCLUSTER
- - Failover group (failover)
- ■AWS DNS resource
- ・Resource Record Set Name : sample.expresscluster.local.
- ・Host Zone ID : 123456789abcde
- ■Mirror disk resource
- ・Data Partition : M:\
- ・Cluster Partition : R:\
[Reference]
Documentation - Setup Guides
Documentation - Setup Guides- Windows > Cloud > Amazon Web Services > HA Cluster Configuration Guide for Amazon Web Services > CONSTRUCTING AN HA CLUSTER BASED ON DNS NAME CONTROL
2.3 Route 53 Resolver Settings
This time, we will create an inbound endpoint to resolve the virtual host name registered in the private hosted zone of Amazon Route 53 from the Singapore region.
2.3.1 Creating Security Group
Create a security group to be configured for the inbound endpoint.
Allow communication on port 53 to receive DNS queries from the Singapore region DNS servers.
- Security Group
- - Security Groups
- ■InboundEndpoint (Group ID : sg-00000001)
- >Inbound rules (Security group rule ID : sgr-00000001) :
- ・Type : DNS (UDP)
- ・Protocol : UDP
- ・Port range : 53
- ・Source : 11.0.10.0/24 <- Subnet where DNS server in the Singapore region reside
- >Inbound rules (Security group rule ID : sgr-00000002) :
- ・Type : DNS (TCP)
- ・Protocol : TCP
- ・Port range : 53
- ・Source : 11.0.10.0/24 <- Subnet where DNS server in the Singapore region reside
2.3.2 Creating Route 53 Resolver
Create an inbound endpoint.
- Inbound Endpoint
- Endpoint name : InboundTest
- VPC in the Region: us-east-1 (N. Virginia) : vpc-1234abcd
- Security group for this endpoint : sg-00000001
- IP address #1 :
- ・Availability Zone : us-east-1a
- ・Subnet : subnet-A3
- ・IP address : 10.0.111.100
- IP address #2 :
- ・Availability Zone : us-east-1b
- ・Subnet : subnet-B3
- ・IP address : 10.0.121.100
The procedure for creating inbound endpoint was referred to the following site.
[Reference]
Forwarding inbound DNS queries to your VPCs
Forwarding inbound DNS queries to your VPCs2.3.3 DNS Server Settings
This time, we will create a conditional forwarder on the DNS server in the Singapore region and configure it to request DNS queries for "expresscluster.local" to the inbound endpoint.
Windows Server 2019 is used for the OS of the DNS server and client machines in the Singapore region.
If the environment is different, such as when using Linux, please set the DNS server appropriately according to the environment.
Confirm that name resolution is possible beforehand using the nslookup command.
> nslookup sample.expresscluster.local 10.0.111.100
Server: ip-10-0-111-100.ec2.internal
Address: 10.0.111.100
Non-authoritative answer:
Name: sample.expresscluster.local
Address: 10.0.110.100
Create a conditional forwarder on the DNS server.
Specify the domain name (expresscluster.local) for the "DNS Domain".
Also, specify the IP Address (10.0.111.100, 10.0.121.100) that you specified when creating the inbound endpoint in the "IP addresses of the master servers".
3. Checking the Operation
Confirm that the client machine can access the active server using the virtual host name.
Specify the Singapore region DNS server set in "2.3.3 DNS server settings" as the primary DNS server of the client machine in advance.
- 1.Start the failover group on the active server.
- 2.From the client machine in the Singapore region, access "sample.expresscluster.local" and confirm that you can connect to the active server.
- 3.By using Cluster WebUI, manually move the failover group from the active server to the standby server.
- 4.From the client machine in the Singapore region, access "sample.expresscluster.local" and confirm that you can connect to the standby server.
We have confirmed that we can connect to the HA cluster from the Singapore region using the Route 53 resolver.
Conclusion
This time, we tried connecting to an HA cluster based on DNS name control using Route 53 Resolver on AWS.
The ability to easily connect to an HA cluster on AWS from outside the VPC (e.g. on-premises environment) is very attractive.
If you consider introducing the configuration described in this article, you can perform a validation with the trial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.