Every Gateway Service defined with a host containing a hostname that resolves to multiple IP addresses automatically uses DNS-based load balancing.
If there are no Upstreams or Targets defined for a Gateway Service, Kong Gateway also falls back to this method.
By default, and with no Upstreams configured, Kong Gateway uses round-robin load balancing.
The type of algorithm used depends on the hostname’s DNS record type:
-
A records: unweighted round-robin
-
SRV records: weighted round-robin
The DNS record ttl setting (time to live) determines how often the information is refreshed.
When using a ttl of 0, every request is resolved using its own DNS query.
This has a performance penalty, but the latency of updates is very low.
An A record contains one or more IP addresses.
When a hostname resolves to an A record, each upstream service must have its own IP address.
Because there is no weight information, all entries are treated as equally weighted in the load balancer, and the balancer uses a straightforward round-robin to distribute traffic across IP addresses.
An SRV record contains weight and port information for each of its IP addresses.
An upstream service can be identified by a unique combination of IP address and port number, so a single IP address can host multiple instances of the same service on different ports.
SRV records also feature a priority property.
Kong Gateway will only use the entries with the highest priority (lowest priority value), and ignore all others.
Because the weight information is available, each entry gets its own weight in the load balancer and the load balancer performs a weighted round-robin.
Similarly, any given port information is overridden by the port information from the DNS server.
For example, if a Gateway Service has the attributes host=myhost.com and port=123, and myhost.com resolves to an SRV record with 127.0.0.1:456, then the request will be proxied to http://127.0.0.1:456/somepath, as port 123 will be overridden by 456.
-
Kong Gateway trusts the nameserver.
This means that information retrieved via a DNS query has higher precedence than the configured values.
This mostly relates to SRV records which carry port and weight information.
-
Whenever the DNS record is refreshed, a list is generated to handle the weighting properly.
Try to keep the weights as multiples of each other to keep the algorithm performant.
For example, the weights 16 and 32 have the lowest common denominators of 1 and 2, which results in a structure of only 3 entries.
This is especially relevant with a very small (or even 0) ttl value.
- DNS is carried over UDP with a default limit of 512 Bytes.
If there are many entries to be returned, a DNS server responds with partial data and sets a truncate flag, indicating there are more entries unsent.
DNS clients, including Kong Gateway, then make a second request over TCP to retrieve the full list of entries.
- By default, some nameservers don’t respond with the truncate flag, but trim the response
to be under 512 byte UDP size.
- If a deployed nameserver doesn’t provide the truncate flag, the pool of upstream instances might be loaded inconsistently.
The Kong Gateway node is effectively unaware of some of the instances, due to the limited information provided by the nameserver.
To mitigate this, use a different nameserver, use IP addresses instead of names, or make sure you use enough Kong Gateway nodes to still keep all upstream services in use.
-
When the nameserver returns a 3 name error, then that is a valid response for Kong Gateway.
If this is unexpected, validate the correct name is being queried for, then check your nameserver configuration.
- The initial pick of an IP address from a DNS record (A or SRV) is based on the order in which they were originally returned by the DNS server.
When using records with a
ttl of 0, the nameserver is expected to randomize the record entries.