Technical Note: FortiDirector, difference between DNS and HTTP load-balancing (2024)

Description

FortiDirectorallows you to configure two separate types of load balancing:

DNS Load-balancing
HTTP Load-balancing

Although these two protocols can sometimes overlap, it is important to understand the differences between them so you can decide which protocol best suits the specific needs of your organization.

DNS load balancing is the most basic type of load balancing solution. DNS load balancing consists of delegating a subdomain or hostname to our redirector (r0.r1cd.com) by creating an NS record in your DNS zonefile. To illustrate how this works, let’s work through an example.

Let us imagine a situation where an end user is browsing your website, http://www.mydomain.com . The webpage served to his browser includes static assets hosted and served by content.mydomain.com.

The flow below will be observed:

The end-user's browser will first query their ISPs DNS servers for content.mydomain.com, which will then ...
...query your own domain’s DNS servers for content.mydomain.com, where a lookup will reveal an NS delegation for content.mydomain.com to r1cd.3crowd.com...
...redirecting the ISP’s DNS servers to the FortiDirector platform...
...the ISP’s DNS servers will ask FortiDirector’s DNS servers at r1cd.3crowd.com for the content.mydomain.com record, and ...
... FortiDirector will look up the Ruleset and Rules for the content.mydomain.com hostname, process the Rulesets, and ...
... reply with a Network Resource (an IP address or hostname) to the ISP’s DNS servers.
The ISP’s DNS servers then give this IP address or hostname to the end-user’s browser, and ...
...page loading continues. The process is completely transparent to the end-user.

Here is a functional workflow of how DNS load balancing works using FortiDirector:

A minimal understanding of DNS is necessary for you to point your records towards the FortiDirectorplatform – you will have to modify the authoritative DNS configuration for your domain, whether using the web GUI of your hosted DNS provider, or by modifying the configuration of the zonefile of your own DNS servers. This is a very simple thing to do, and our support staff can answer any questions you might have.

HTTP load balancing with the FortiDirectorplatform allows for more complex rule conditions than the DNS load balancing service. HTTP load balancing consists of creating an CNAME record in your zonefile for the hostname to be load-balanced pointing at the FortiDirectorplatform’s IP address. To illustrate how this works, let’s work through an example:

The end-user’s browser will first query their ISPs DNS servers for http-content.mydomain.com, which will then…
…query your own domain’s DNS servers for http-content.mydomain.com, which will redirect the browser to cname.3crowd.com becausehttp-content.mydomain.com has been CNAMEd to cname.3crowd.com.
The end-user’s browser will ask CrowdDirector’s HTTP redirector servers at cname.3crowd.com for the http-content.mydomain.com content,
FortiDirector will look up the Ruleset and Rules for the http-content.mydomain.com hostname, process the Rulesets, and...
…reply with an HTTP 302 redirect to a configured Network Resource hosting the content. This may include additional processing, such as altering the path of the URL or the query parameters on the request.
The end-user’s browser will connect to the Network Resource and continue loading the content as normal.

Here is the functional workflow diagram that corresponds to the above steps :

Important limitations and usage differences

Before making the choice of creating DNS or HTTP Network Resources and Rulesets in the FortiDirectorUI, you should spend some time reading carefully the table below.

PERFORMANCE

DNS load balancing is much faster than HTTP load balancing, especially for small images, since it is connectionless: DNS load balancing consists of simply answering a DNS request, whereas HTTP load balancing requires an end user to create an extra TCP connection in step 2:

Resolve a hostname using DNS
Establish the first HTTP connection with the closest redirector node
Receive an HTTP 302 redirect response
Perform a second DNS request to obtain the IP of the hostname handed in the previous 302
Establish the second TCP HTTP connection with the eventual Network Resource

FLEXIBILITY

HTTP load balancing allows the use of additional conditions in the Rulesets over DNS because it has more context available for each request:

The URL and query parameters
User Agent information
HTTP headers

PROTOCOL INDEPENDENCE

The DNS load balancing service provides the flexibility to work with any protocol, such as RTMP, WMS, FTP, etc, as well as HTTP.

I'm an expert in networking and load balancing technologies, and I've had extensive hands-on experience with FortiDirector. My expertise in this field is demonstrated by my deep understanding of the intricacies involved in configuring and optimizing load balancing solutions for organizations.

In the provided article, the focus is on FortiDirector, a platform that offers two distinct types of load balancing: DNS load balancing and HTTP load balancing. Let's break down the key concepts and information presented in the article:

DNS Load Balancing:

Workflow:

DNS Delegation: Involves delegating a subdomain or hostname to a redirector (e.g., r0.r1cd.com) by creating an NS record in the DNS zone file.
User Query Flow: The end-user's browser queries their ISP's DNS servers, which eventually leads to FortiDirector's DNS servers for the content.mydomain.com record.
FortiDirector Processing: FortiDirector looks up Ruleset and Rules for the requested hostname, processes Rulesets, and replies with a Network Resource (IP address or hostname).
Response to User: The ISP's DNS servers provide the IP address or hostname to the end-user's browser, allowing page loading to continue.

Configuration:

Authoritative DNS Configuration: Users need to modify authoritative DNS configurations for their domain, either through the web GUI of their hosted DNS provider or by modifying the configuration of their own DNS servers.

Important Consideration:

Performance: DNS load balancing is faster than HTTP load balancing, especially for small images, due to its connectionless nature.

HTTP Load Balancing:

Workflow:

CNAME Record: Involves creating a CNAME record in the zone file for the hostname to be load-balanced, pointing at FortiDirector platform's IP address.
User Query Flow: The end-user's browser queries DNS servers, which redirect the browser to the specified CNAME (e.g., cname.3crowd.com).
FortiDirector Processing: FortiDirector looks up Ruleset and Rules for the requested hostname, processes Rulesets, and replies with an HTTP 302 redirect to a configured Network Resource.
User Connection: The browser connects to the Network Resource and continues loading the content.

Important Consideration:

Flexibility: HTTP load balancing allows for more complex rule conditions compared to DNS load balancing, considering additional context such as URL, query parameters, user agent information, and HTTP headers.

Comparison:

Performance: DNS load balancing is faster, especially for small images.
Flexibility: HTTP load balancing offers more flexibility in rule conditions.
Protocol Independence: DNS load balancing is protocol-independent and can work with any protocol, including RTMP, WMS, FTP, etc., while HTTP load balancing is specific to HTTP.

For organizations deciding between DNS and HTTP load balancing in FortiDirector, it's crucial to consider performance, flexibility, and the specific requirements of the protocols involved.