I have a Balance One and have a question about the outbound policies that use DNS hostnames. Is this correlating IP addresses by doing a reverse lookup only? I ask because I am trying to balance (1:1 weights) for game and content download for my xbox. The hostname that the xbox uses never matches up to a reverse lookup since the content is coming from a CDN. The following names are fictional since I don’t want to break any TOS with Xbox live.
Let’s say the xbox downloads game titles from games.xbox.com. When I try to use this as the DNS name for outbound policy - it doesn’t work. I see the connections in the active sessions on the wrong WAN. I always wait a full minute after applying config changes to make sure that I don’t have any persistent sessions getting it stuck.
Basically, even though the Peplink is what told the Xbox that games.xbox.com is 25.25.25.25; it doesn’t know the information when it is time to do the routing for that host. I tested my theories by changing the domain name in the outbound policy to match what is returned with the reverse lookup and my traffic was balanced as expected. This is not ideal since the Xbox can use several different CDNs, but they will all be a product of the forward resolved address for games.xbox.com.
unfortunately no, it is all port 80 traffic. I tried, and it did work. However, much more than I wanted “balanced” this way ended up being routed in a round robin fashion. I would get all kinds of weird issues across multiple applications. I guess people have built logic inside their dispersed applications that are not expecting multiple IP addresses for a single client.
Since you are trying to balance traffic from the xbox specifically, can’t you have a rule based on its IP as the source and ignore destination? Or does that negatively affect other apps on the xbox?
It does work, but some components of the matchmaking system depend on a single WAN and varying and sometimes ethereal ports.
I have tried almost every conceivable combination with varying levels of success. None of them were perfect. I thought that finding the actual root pointer was going to get me something, but I guess not.
It seems to me that IF the router is being used as a caching DNS server, it should maintain an internal reverse lookup table based upon query results returned to clients. It should use this information when possible. It does not gauruntee there won’t be incorrectly routed connections due to the same IPs of CDNs being used by multiple host names. This could be mitigated by including/indexing this internal reverse lookup cache by WAN and then source IP that originally requested the lookups. The TTL could be set to 1 second less than the forward lookup that exists in the cache already.
The problem is that the applications URL pointer seldom matches the reverse DNS lookup information in today’s cloud based service delivery model. In fact the reverse lookup is typically a non-identifying server name that may be used by cloud admins (maybe). Sometimes it is a generic dhcp reservation type record. The valuable record is the originating query, since subsequent connections will have been derived from it.
Does anybody else use outbound routing by DNS name? This seems like such a great way to balance traffic. Unfortunately, the way it is currently implemented does not work. Very rarely does a reverse lookup yield the actual domain name of the website that you are talking to.
youtube.com resolves by forward lookup to 216.58.193.206. A reverse lookup of 216.58.193.206 yields the name 206.193.58.216.in-addr.arpa with an alias of lax02s23-in-f206.1e100.net. So, if I wanted to do a simple routing for all youtube traffic; I would have to set up individual outbound policies for every possible network that has youtube servers in it. And then keep it all up to date and current as the youtube pointers move around.
This is a huge deficiency. Maybe it worked 10-15 years ago when servers only ran one website, but in the cloud based world with dispersed datacenters and DNS trickery happening everywhere - - it doesn’t work. Should I submit a feature request to spend some time on engineering a forward resolution based approach?
Being able to import a list with a textbox - just like this box in which I’m typing this message - would be a fantastic improvement. Copy/Paste/Apply - done.