In this section:
Route53 is a scalable Domain Name System (DNS) service managed by Amazon Web Services (AWS). One option available under Route53 is the ability to blacklist an IP in the DNS. Another is directly monitoring the SBC endpoint. The SBC can use Route53:
The testing environment used the following setup:
Create a Hosted Zone:
a. Navigate to Services→Networking & Content Delivery→Route53.
b. Select Hosted zones from the left-side panel. A DNS name (example: "sonusnet.com") should be given. For Public hosted zones, the DNS name should be registered.
Create Record sets in the Hosted Zone. There are NS and SOA records created by default, these can be ignored if not used.
a. Create a new record set.
c. Each Record set can be given a prefix such as "test.sonusnet.com."
d. Type A or AAAA.
e. Configure TTL (minimum of 3s).
f. Add the IP address that maps to this name. (Corresponding address is returned by the DNS when the record is used for generating DNS response.)
g. Select a routing policy (in this example, Failover – Primary and Secondary instance support with failure detection). Create two record sets with same name, one in primary mode of failover and other in secondary mode of failover. With primary, you must associate a health check (otherwise you cannot create a primary record set) because, on detection of this health check failure, the DNS returns the secondary value's data for this record set.
For primary, associate the HFE-1's eth0 IP. For secondary, associate HFE-2's eth0 IP.
For the primary node, selection of a Health Check is mandatory, while in the secondary node it is optional.
Route 53 health checks let you track the health status of your resources, such as web servers or mail servers, and take action when an outage occurs. Route53 health check can monitor the EC2 instance for the reachablity or health in multiple ways.
Note that Health Check probes public IP addresses only.
Route53 can also monitor non-AWS endpoints for health (for a fee).
Monitoring can be setup using a simple HTTP port for the IP address of the instance. Health Checks can be done using HTTP/TCP. Detailed steps are as follows:
Select a Create health check option:
Request Interval specifies the time after which the next check for health is done.
Failure threshold specifies how many times a request is sent to the endpoint from the regions before a failure is confirmed.
Health checker regions specify the regions from where the requests to the endpoints to monitor its health are sent .
After few minutes the health check must be successful in order for the route53 failover to work as expected. (The HFE eth1 IP provided in health check is tried for reachability from different regions selected). Also, the same health check must be selected for the primary record set created in failover mode in the Route53 configuration for record set.
Install 'httpd' service on the node.
'httpd' service Installation
[root@ip-172-31-20-153 ~]# yum install httpd -y Loaded plugins: priorities, update-motd, upgrade-helper Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.2.34-1.16.amzn1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================= Package Arch Version Repository Size ========================================================================================================================================= Installing: httpd x86_64 2.2.34-1.16.amzn1 amzn-updates 1.2 M Transaction Summary ========================================================================================================================================== Install 1 Package Total download size: 1.2 M Installed size: 3.1 M Downloading packages: httpd-2.2.34-1.16.amzn1.x86_64.rpm | 1.2 MB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : httpd-2.2.34-1.16.amzn1.x86_64 1/1 Verifying : httpd-2.2.34-1.16.amzn1.x86_64 1/1 Installed: httpd.x86_64 0:2.2.34-1.16.amzn1 Complete! [root@ip-172-31-20-153 ~]#
The entries for the health check regions needs to be added in SECURITY GROUP corresponding to the HFE.
In this example, let us say 3 regions then the security group looks like :
Bind the HFE eth1's IP for HTTP (IP interface for which the health check has been configured) and allow HTTP by doing the following on HFE-1:
Update the private IP of eth1 in /etc/httpd/conf/httpd.conf with port 80 and comment the part where just the port is allowed.
Initial conf file :
Before updating the conf file[root@ip-172-31-10-70 ~]# grep "Listen" /etc/httpd/conf/httpd.conf # Listen: Allows you to bind Apache to specific IP addresses and/or # Change this to Listen on specific IP addresses as shown below to #Listen 12.34.56.78:80 Listen 80
Updated conf file :
After updating the conf file
[root@ip-172-31-10-70 ~]# grep "Listen" /etc/httpd/conf/httpd.conf # Listen: Allows you to bind Apache to specific IP addresses and/or # Change this to Listen on specific IP addresses as shown below to Listen 172.31.10.210:80 #Listen 80
Replace the line which has "Options -Indexes" with :
Options Indexes SymLinksIfOwnerMatch FollowSymLinks
in the files
/etc/httpd/conf.d/welcome.conf
Finding file names which has 'Options Indexes' or 'Options -Indexes'[root@ip-172-31-10-70 httpd]# sed -i 's/Options -Indexes/Options Indexes SymLinksIfOwnerMatch FollowSymLinks/g' /etc/httpd/conf.d/welcome.conf
Stop and start the httpd service
'start' and 'stop' of HTTPD service[root@ip-172-31-10-70 ~]# service httpd stop Stopping httpd: [ OK ] [root@ip-172-31-10-70 ~]# service httpd start Starting httpd: [ OK ] [root@ip-172-31-10-70 ~]#
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring.html
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html