Why Loggly Chose AWS Route 53 Over Elastic Load Balancing

Former Loggly employee here. Loggly is at CTO #3 or 4 in about 3 years. The CEO, marketing guy with black turtle neck, &quot;runs&quot; engineering. It is NOT an engineering company and they are on their way to outsourcing all development to India.<p>Formally they had all of their EC2 instances configured to run without swap and didn&#x27;t use EBS such that instances would crash 1-3 times a day and lose all data which would require 1-2 day customer restores of data.<p>Additionally, this Java shop oversubscribed threads on every Solr box which made them restart each Solr instance every hour. To think any revolutionary engineering ideas come from an former Apple marketing wannabee who puts outsourced Indian engineering in place as yes men is a huge stretch.<p>Let&#x27;s be honest, Loggly is in huge trouble and can&#x27;t hire quality engineering talent and as a result is trying to remarket themselves as an engineering driven company as they outsource to India.<p>Key question isn&#x27;t..do you use DNS or Elastic Load Balance...it is...what is your VOLUNTARY RATE OF ATTRITION? Hint, really bad!

Serious question: Are people upvoting this to poke fun like some kind of daily wtf?<p>A logging platform that lists 1 of their 2 major requirements as &quot;To not drop any data, ever&quot; is using round robin DNS for fault tolerance? I can&#x27;t see too many people on HN upvoting this for being insightful or impressive.<p>Edit: I just can&#x27;t help myself. How are you going to send syslog when any server fails and not &quot;drop any data, ever&quot;? Even over TCP the in transit messages are lost when the connection is broken. So like, their business is basically syslog and they don&#x27;t know that?

&gt; If there is an issue with a collector, Route 53 automatically takes it out of the service; our customers won’t see any impact.<p>Except when for example rsyslog caches DNS resolution forever. Or the log forwarded doesn&#x27;t have a buffer and logs get lost.

Lots of other comments have torn this article apart (and justifiably so), but I still feel the need to pile on.<p>In their docs, Loggly only gives out one API endpoint: logs-01.loggly.com.<p>It is referenced as the endpoint for HTTP, HTTPS, syslog and syslog TLS. These seem to be the only methods available to send log data to them.<p>There is the obvious problem that a DNS record with a 60s TTL cannot possibly receive every single packet sent to it in the event of a server failure. Even if the returned IP address is an elastic IP, it takes a substantial amount of time to move to another instance in AWS.<p>I don&#x27;t know why you would use the same service hostname for all of these endpoints. Separate names for each endpoint, even if they all pointed to the same pool of hosts, would at least give some flexibility in the future when they have enough traffic to get desperate about capacity. I would also think they might want to segregate native syslog from HTTP traffic, since I presume it uses different processes on the backend.<p>It&#x27;s also curious that they chose to return only one A record. DNS RR is a poor substitute for real load balancing, but it&#x27;s better than nothing. With multiple A records, there is at least a chance that some of their traffic will go to other servers -- rather than all of it potentially going to one as it is now.<p>While they made no claims about using Route 53 for its geo DNS capabilities, I still found it amusing that I was sent to a US East IP from California. Not that it&#x27;s super critical that my log lines get delivered quickly, but it is ideal to shorten the path of an insecure and unreliable transport in order to improve durability. Although I would never ship syslog out to some host on the Internet, a host 16 hops away is even more ludicrous.<p>I think their article says a lot more about how poorly ELBs function when you exceed the low traffic threshold it is seemingly designed for than about how well Route 53 works (and it is a decent static DNS service). The inability to robustly direct incoming traffic is the achilles heel of AWS.

There is a rather large technical divide between &#x27;no logs left behind&#x27; and relying on DNS lookup to provide that guarantee.

This is primitive. It seems like they are on the verge of discovering BGP, which could be used to provide scalability, load balancing, and clean failover without DNS caching issues.

Why would you allow your clients to transmit potentially sensitive data to you as clear text over the internet?

What are some alternatives to Loggly? I really like being able to aggregate my logs with minimal setup (and cost). I&#x27;m logging with Logback (Java), and there is a convenient extension that forwards log statements to Loggly.

Interesting points. Here is a few things you&#x27;ll miss choosing Route 53 over ELB:<p>* HTTPS termination.<p>* Autoscaling group management. By connecting an ELB to an autoscaling group, the logic of registration and deregistration is fully managed behind the scenes. With route53, you have to implement it yourself.<p>* Minimum autoscaling group size. If you enable ELB health checks, you can rely on the ELB to maintain a group of instances of constant size.

What kind of TTL value would they use for these records? Should something happen to one of the collectors, couldn&#x27;t that value still be cached by an endpoint or an intermediary?<p>Even with a short TTL, are there still servers out there that don&#x27;t respect all TTLs, or has that been eliminated by now?

Everyone should use hosted services for everything. Soon we&#x27;ll have hosted services for hosted services. (I actually worked at a company that was a hosted service running mainly off of another hosted service + AWS.)

&gt;Amazon Route 53 DNS Round Robin Was a Win<p>&gt;If you’ve ever used the Internet, you’ve used the Domain Name System, or DNS, weather you realize it or not.<p>Interesting article, wrong weather used in this sentence.

It seems odd to leave off any discussion about DNS TTLs, and the risk that something like 8.8.8.8 could end up sending them a thundering herd.

What kind of time granularity can you get for health checks on ELB vs Route 53?