Help
FortiDirector
FortiDirector uses conditions to determine if a redirector Rule is a match for a given request.
tdietrich
Staff
Staff

Created on ‎03-16-2015 03:43 PM

Article Id 194582

Technical Note: FortiDirector, difference between DNS and HTTP load-balancing

Description

FortiDirector allows you to configure two separate types of load balancing:

  • DNS Load-balancing
  • HTTP Load-balancing

Although these two protocols can sometimes overlap, it is important to understand the differences between them so you can decide which protocol best suits the specific needs of your organization.

DNS Load-balancing:

DNS load balancing is the most basic type of load balancing solution.  DNS load balancing consists of delegating a subdomain or hostname to our redirector (r0.r1cd.com) by creating an NS record in your DNS zonefile.  To illustrate how this works, let’s work through an example.

Let us imagine a situation where an end user is browsing your website,  http://www.mydomain.com . The webpage served to his browser includes static assets hosted and served by content.mydomain.com.

The flow below will be observed:

  1. The end-user's browser will first query their ISPs DNS servers for content.mydomain.com , which will then ...
  2. ...query your own domain’s DNS servers for content.mydomain.com, where a lookup will reveal an NS delegation for content.mydomain.com to r1cd.3crowd.com...
  3. ...redirecting the ISP’s DNS servers to the FortiDirector platform...
  4. ...the ISP’s DNS servers will ask FortiDirector’s DNS servers at r1cd.3crowd.com for the content.mydomain.com record, and ...
  5. ... FortiDirector will look up the Ruleset and Rules for the content.mydomain.com hostname, process the Rulesets, and ...
  6. ...  reply with a Network Resource (an IP address or hostname) to the ISP’s DNS servers.
  7. The ISP’s DNS servers then give this IP address or hostname to the end-user’s browser, and ...
  8. ...page loading continues.  The process is completely transparent to the end-user.
 
Here is a functional workflow of how DNS load balancing works using FortiDirector:
tdietrich_FD36325_tn_FD36325-1.jpg

A minimal understanding of DNS is necessary for you to point your records towards the FortiDirector platform – you will have to modify the authoritative DNS configuration for your domain, whether using the web GUI of your hosted DNS provider, or by modifying the configuration of the zonefile of your own DNS servers.  This is a very simple thing to do, and our support staff can answer any questions you might have.

HTTP Load-balancing:

HTTP load balancing with the FortiDirector platform allows for more complex rule conditions than the DNS load balancing service.  HTTP load balancing consists of creating an CNAME record in your zonefile for the hostname to be load-balanced pointing at the FortiDirector platform’s IP address.  To illustrate how this works, let’s work through an example:

  1. The end-user’s browser will first query their ISPs DNS servers for http-content.mydomain.com, which will then…
  2. …query your own domain’s DNS servers for http-content.mydomain.com, which will redirect the browser to cname.3crowd.com becausehttp-content.mydomain.com has been CNAMEd to cname.3crowd.com.
  3. The end-user’s browser will ask CrowdDirector’s HTTP redirector servers at cname.3crowd.com for the http-content.mydomain.com content,
  4. FortiDirector will look up the Ruleset and Rules for the http-content.mydomain.com hostname, process the Rulesets, and... 
  5. …reply with an HTTP 302 redirect to a configured Network Resource hosting the content. This may include additional processing, such as altering the path of the URL or the query parameters on the request.
  6. The end-user’s browser will connect to the Network Resource and continue loading the content as normal.
Here is the functional workflow diagram that corresponds to the above steps :
tdietrich_FD36325_tn_FD36325-2.jpg

Important limitations and usage differences

Before making the choice of creating DNS or HTTP Network Resources and Rulesets in the FortiDirector UI, you should spend some time reading carefully the table below.
PERFORMANCE

DNS load balancing is much faster than HTTP load balancing, especially for small images, since it is connectionless: DNS load balancing consists of simply answering a DNS request, whereas HTTP load balancing requires an end user to create an extra TCP connection in step 2:

  1. Resolve a hostname using DNS
  2. Establish the first HTTP connection with the closest redirector node
  3. Receive an HTTP 302 redirect response
  4. Perform a second DNS request to obtain the IP of the hostname handed in the previous 302
  5. Establish the second TCP HTTP connection with the eventual Network Resource
FLEXIBILITY

HTTP load balancing allows the use of additional conditions in the Rulesets over DNS because it has more context available for each request:

  • The URL and query parameters
  • User Agent information
  • HTTP headers
PROTOCOL INDEPENDENCE 

The DNS load balancing service provides the flexibility to work with any protocol, such as RTMP, WMS, FTP, etc, as well as HTTP.


5539
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.