I have several servers. We want to set up new big service (word 'big' came from my boss).
I want to use two Cisco LoadBalancer ACE 4700, but what will it happen if one of ACE is down?
So I want to setup DNS loadbalancing between these two device.
My goal is protect against failure of one Load Balancer using DNS.
How to do? Is using Round robin a good or bad idea?
DNS round robin load balancing is good for spreading load but it is not good for failover or redundancy. The reason for this is that DNS records are cached, usually for many hours. If one of your load balancers goes down, 50% of your users will already have that IP address as the result for your domain and will keep using it until their cache expires.
I know that the Cisco CSS load balancers can be configured to act as a redundant pair so that each of them monitors the health of the other. Only one of them handles traffic at any given time but if that one goes down, the other one takes over immediately. You only need one IP address for this kind of setup.
I don't know about the ACE product line but I would be surprised if they couldn't do the same sort of thing. A quick Google suggests that it does support some kind of failover.
We do DNS load balancing(sharing would be the right word) and DNS failover using dnsmadeeasy.com service. So we have multiple records for same DNS names and in DNS made easy you can configure failover and monitoring and is is not expensive either. We have had this save us multiple times.
Here is the catch: If you are using session persistence in your user sessions, don't use DNS load balancing. Only use DNS failover and that works great too.
And to answer Ladadadada's concern, you can set ttl very low. We use 60 seconds for the ttl.
The Cisco ACE would typically (AFAIK) be deployed in an active-passive pair, so if one goes down, the other should take over. This is independent of DNS (DNS would just be another type of service being provided through the ACE). This would be suitable if both DNS servers are in the same data-center (or possibly metropolitan data-center).
One thing to bear in mind about an ACE (I imagine this will depend on your deployment), but if you need to know the client IP (perhaps you are doing split-DNS with different client views), then you will lose that visibility, and you would need to point internal and external clients to different (load-balanced/shared/redundant) servers (which is closer to best-practice for DNS anyway, as you'd want internal (recursing, caching) servers seperate from your external (authoritative) DNS servers.
Dynamic DNS updates will also be something to consider (where is the state in your cluster?)
Don't use DNS loadbalancing, because it cannot react to (un)availability of some device. Use VRRP instead of it (those two loadbalancers will share one IP and when master dies, slave will take this IP) and point your DNS records to that virtual IP.