Introduction to high performance intranet DNS system

author ： Tianyi cloud   Guoaijie

Key words of this article ：DPDK, multi-tenancy ,DNS, Private domain

​

One summary

High performance intranet DNS Is based on DPDK Multi tenant private domain resolver , It involves the technology in the domain of computer domain name resolution , The system includes control plane and data plane communication . The control plane communication is mainly used to synchronize the tenant configuration information to DNS Network element node , Data plane communication is to meet the needs of tenants ECS Domain name resolution function . stay DNS Network element node , The underlying the DPDK Sending and receiving messages , Guaranteed performance benefits , At the same time, when the protocol stack processes the session , Transparently transfer tenant information to business processes for data isolation . The tenant's domain name space adopts a directory hierarchy to facilitate maintenance and deployment . When the driver is connected to the protocol stack , Strictly distinguish data and control diversion , It greatly reduces the difficulty of troubleshooting problems in the later stage , Nor does it depend on other service components , Easy to deploy , Support ARP Study , In a complex cloud ring environment , Flexible deployment . Next, we will introduce the high-performance intranet DNS.

Two System composition

2.1 data communication

2.1.1 Network topology

ECS Through the host OVS establish vxlan Tunnel , Directly reach the intranet DNS Network element node , stay DNS Side use VXLAN The tunnel information carried by the is the tenant information, which directly finds the corresponding tenant domain name information , Return the result to ECS.

2.1.2 Access Process

The domain name access process is to access the tenant domain name in turn , Shared domain name , Cache module , Forwarding module , As long as the query hits . Shared domain name is an internal domain name shared by all tenants , At the same time, the caching module only caches the results obtained by forwarding , When the cache has not expired , Direct hit cache returns results , Used to improve performance , Save system resources .

2.2  Control communication

After the control platform accepts the user's configuration information , adopt IP Communications are sent directly to DNS Of the ne node agent process . Agent The process adds, deletes and modifies the configuration information , Inform the main process of the data plane to load the changed configuration information . At the same time, the controller is responsible for DNS Nodes are selectively assigned to tenants ECS Side , And meet the requirements of each ECS Have 2 individual DNS node , It serves the purpose of disaster recovery mechanism and load balancing .

2.3  Domain name space

Adopt a hierarchical directory structure to isolate the private domain of the tenant , meanwhile VXLAN The only way to communicate VNI Associated with the tenant VPC Corresponding upper , Loading data structure adopts hash bucket and binary tree to realize efficient query service .

ZONE

conf/{tenant_id}/zone/{zone_id}/{zone_name}

The shared domain name is the corresponding domain name of Tianyi cloud intranet zone_id It's all. 0

The cache module is a domain name tree storage module

VPC  

conf/{tenant_id}/vpc/{vni}

first line    100.125.200.1           #VTEP IP

The second line 192.168.0.0/16          #VPC   The private network

The third line 8a106a4e7859c01801793fa5d84e01c2   # The associated zone id

In the fourth row ba106a4e7859c01801793fa5d84e01ab  # The associated zone id

3、 ... and System architecture

DPDK Sending and receiving messages , After driving treatment , Conduct business diversion ; Data plane VXLAN 4789 and DNS 53 Message via freeBSD Protocol stack processing , The business process handles the query business ; Control surface HTTP 80 the KNI,linux Protocol stack processing ,agent The process handles addition, deletion, and modification businesses , Finally, the business process is notified to load the changed configuration , Realize thermal data update .

Pictured above ,

1. DPDK Sending and receiving messages , After driving treatment , Conduct business diversion

2. VXLAN 4789 and DNS 53 The message is sent to freeBSD Protocol stack processing

3. Agent The message of northbound interface service is sent via KNI To linux Kernel protocol stack ;

4. Agent Message notification of southbound interface service DNS The main process reloads the configuration

5. DNS The forwarding service is handled by freeBSD The protocol stack routes to the Internet port To get the results , meanwhile DNS The cache module saves the query results

Four system performance

4.1 Performance limits

Under the same physical system resource configuration , This product can reach the level of millions or even tens of millions QPS,  Far better than other similar products , At the same time, the traffic is balanced , The implementation performance increases linearly with the growth of system resources .

Under the same virtual system resource configuration , Measured ： Virtual machine single core  5W QPS  Two core 10W QPS   Tetranuclear  20W QPS  8 nucleus  40W QPS. Much higher than the virtual machine performance of the same configuration .

5、 ... and summary

Just to summarize , It can also explain the purpose of writing 、 Application scenarios 、 Or experience sharing .

Possible future application scenarios

1. Tianyi cloud network product line , As a cloud service provider, the standard service component intranet DNS After the launch , Meet the private domain resolution of customers , Tianyi cloud shares domain name resolution and also takes into account the public domain name resolution service .

2. As a public network DNS The service , Support authorization sub domain , At the same time, it supports DNS Over TLS; Will greatly increase DNS Refine the product line and meet the market demand , Expand customer base .

Possible value

1. The system resources in the resource pool are limited , In a fixed hardware configuration , This product can meet high-performance business scenarios .

2.   Network environment in resource pool , The topology is complex and changeable , Use this product to deploy the intranet DNS, It greatly reduces the difficulty and maintenance cost for the O & M engineers to deploy and go online .