Hey guys, so I have been using Linode since 2019. However, last night, I switched to Vultr. Linode offers better value for their service, however, Vultr offers the lowest cost plans with the cheapest cloud compute costing only $2.50 per month at their Atlanta and NY datacenters (though if you want IPv4, you need to use their NY datacenter to get access to the $3.50 per month plan). It would be more beneficial from a latency perspective to use their Atlanta datacenter, as I have been with Linode, but having IPv4 is nice. Their cheapest plan uses “last generation Intel CPUs”; and it comes with 1vCPU, 512mb of RAM, and 10gb of “regular” (as opposed to “fast NVMe”) SSD storage - I am assuming by regular that they mean SATA. By comparison, the plan comparable to my Linode plan would be $6 - $1 more than Linode.
Well they also have a free tier and it’s the exact same hardware as the $3.50 tier I am using. The catch is that you have to apply for it, and the selection is random. Well I got accepted into the program. There’s another catch. I can only use the free tier for the year. I do not know how or if you can renew it. Because of that catch, I think I am going to keep my $3.50 per month tier and use the free tier as a load balancer/failover server, not that one is needed, but I might as well use it; it’s free. I was hoping I could use the free tier in a data center closer to me (ideally Atlanta, but Dallas or Chicago is good too). Alas, it seems that the only options I have are Miami and Seattle. New York is 931 miles away, and, rather surprisingly, Miami is a whopping 878 miles from me according to Google maps. I say it like that because Florida borders my own state, whereas New York is 5 states away.
So I think I am going to choose a data center in Seattle. At least if I go to that side of the country for my college graduation or Linux Fest Northwest or something, I’ll have lower latency. I just don’t think Miami gives any advantage whatsoever because of it’s proximity to New York as compared to Seattle, coupled with its distance from me.
So the question is, how can I set this up as a load balancer/failover? Its only job is to proxy internet traffic back to my homelab here in Huntsville, AL over a wireguard tunnel so that I do not have to poke holes in my router. Can I add a second IP to my A and AAAA records?
So I found an article on Cloudflare’s website about round-robin DNS. So I could do that, but it would be nice if there was a way to have DNS send users to the closest geographical location instead of sending users to IPs in a rotation. Cloudflare mentioned that some DNS services detect when a service goes offline, so the other issues with round robin might be solved.
Edit: I also just read an article by my own DNS provider, Cloudns, about it. They list the following under the benefits section:
High availability: Round-Robin DNS helps to ensure high availability by directing traffic to available servers. If one server goes down, the traffic is automatically directed to the remaining servers.
So it seems like my DNS provider will do most of what I want. Though, now the question is what do I do about SSL. Does one server provide different SSL certs? I am looking into that now.
It depends on what you’re trying to achieve, having a failover is a slightly different pattern to a load balanced configuration, and the usage and failure modes are a bit different.
Load balancing is the easiest thing to achieve in that DNS natively supports it via multiple records, but that won’t get you failover: the DNS will resolve to an IP once, and if that server is down, the request will fail. Load balancing over long distances (eg different sides of the country) can also lead you to data synchronisation issues like split brains, since you’re running a multi-master configuration - if you don’t have any state on your server (ie it’s all static files or using an external DB), that’s fine, but you’ll need to be careful.
What you really want is probably a DNS server that can do health checks, and which you can then configure to failover or remove from the pool as necessary. That’s implemented in the DNS server/service though, not the protocol, so it’s not as simple as adding more records.
It’s simpler to implement though: data can be synched in one direction from your primary server to the secondary, and if a disaster happens, you promote the secondary (maybe via your DNS server). You’ll need to be prepared to accept a bit of data loss if that sync is lagged (“RPO” is the industry term for that).
This is effectively what CDNs do, and there’s a few different techniques.
Anycast works at the IP and BGP level to route a single IP to different servers based on proximity, but it’s pretty complex to implement (and likely costly too!). Cloudflare’s articles on it are pretty useful, see also https://blog.cloudflare.com/cloudflares-architecture-eliminating-single-p
For a less complex (to set up) version of this, some DNS services will support geo specific routing, but that requires more complexity in the server; Route 53 seems to support it eg: Geolocation routing - Amazon Route 53
Totally missed this part, assumed HTTP since you mentioned Let’s Encrypt!
If you don’t have any state and you’re just using it to tunnel, then multi-master is pretty safe - but beware that you’ll probably run into that state issue at some point (like, “oops forgot to update my SSH keys on both servers).
If your DNS server supports geoproximity or geolocation routing, that’s what you’ll want.
