• No results found

Global Server Load Balancing

N/A
N/A
Protected

Academic year: 2021

Share "Global Server Load Balancing"

Copied!
41
0
0

Loading.... (view fulltext now)

Full text

(1)

Global Server Load Balancing

Juniper Networks, Inc. 1194 North Mathilda Avenue

(2)

Table of Contents

1. Application Note topic – GSLB ...3

2. How the DX-GSLB technically works in the customer environment...4

2.1. How the DNS resolution works...4

2.2. How the DX-GSLB is integrated into the customer DNS solution ...5

Customer-DNS / DX-GSLB integration...5

DX-GSLB only integration...6

DX-GSLB / Customer-DNS integration...7

2.3. How the DX-GSLB creates its DNS response...9

Static entries ...9

GSLB entries ...9

2.4. How the DX-GSLB checks the site availability ...11

3. How to implement DX-GSLB ...12 3.1. Customer-DNS / DX-GSLB integration...12 Customer DNS configuration ...13 DX-GSLB configuration ...19 3.2. DX-GSLB only integration ...28 Customer DNS configuration ...28 DX-GSLB configuration ...28 DX-static configuration ...30 3.3. DX-GSLB / Customer-DNS integration...33 Customer DNS configuration ...33 DX-GSLB configuration ...33

4. DX-GSLB status and stats ...36

4.1. DX-GSLB status...36

DX-GSLB Resolver...36

DX-GSLB Resolver GSLB entry member status ...36

DX-GSLB Agent ...36

DX-GSLB Remote Nodes ...37

DX-GSLB LocalDNS ...37

4.2. DX-GSLB stats...38

DX-GSLB Resolver...38

DX-GSLB Resolver GSLB entry member stats ...39

DX-GSLB Agent ...39

DX-GSLB Remote Nodes ...39

DX-GSLB LocalDNS ...40

5. How to check GSLB configuration ...41

Select the DNS server nslookup will use for its requests ...41

(3)

1.

Application Note topic – GSLB

Global server load balancing (GSLB) allows customers with applications in two or multiple sites: • to have a Disaster Recovery solution

When the application on the main site is running, all the users accessing this application transparently go to this main site. In case of application failure on the main site or main site failure, all the users for this application transparently go to the backup site.

• to share the load on the multiple sites The users are shared to all the different sites.

• to continue operations when one, or more sites goes down

In case of application failure on a specific site or a specific site failure, the users accessing this application transparently use all the sites but this one.

This Application Note describes:

• How the DX-GSLB technically works • How to implement DX-GSLB • DX GSLB status and stats

(4)

2.

How the DX-GSLB technically works in the

customer environment

Important Note:

GSLB is supported on all DX appliances but requires a specific license.

• GSLB was implemented in the 4.1 release. Important improvements were added in the 5.1 release and the 5.2 release added WebUI configuration support (the status and statistics are currently CLI only). This document is related to the DX 5.2 release.

GSLB is based on DNS.

When the users access an application, they use a name such as "www.foo.com" or "smtp.foo.com". This name is converted to an IP address with a DNS request. Depending on the GSLB configuration, the user will receive a DNS response with the IP address of this or that site where the application is available.

2

2

2

2....1

1

1

1....

How the

How the

How the

How the DNS

DNS

DNS

DNS resolution works

resolution works

resolution works

resolution works

The following figure shows the different steps:

1. The user sends a DNS request "www.foo.com" to its Local DNS server. 2. The LDNS contacts a Root DNS server to know who manages ".com".

This is generally already in the Local DNS cache, so the LDNS would go directly to step 4. 3. The Root DNS server replies with the list of name servers managing ".com".

(5)

6. The LDNS contacts a "foo.com" DNS server to know what is the IP address of "www.foo.com" In this example, the first name server in the list is the customer DNS server located in the US. 7. The "foo.com" DNS server replies with the IP address or the list of IP addresses for

"www.foo.com" to the LDNS.

8. The LDNS replies with the IP address or the list of IP addresses for "www.foo.com" to the user.

2

2

2

2....2

2

2....

2

How

How

How

How the

the

the

the DX

DX

DX

DX----GSLB

GSLB is integrated

GSLB

GSLB

is integrated

is integrated

is integrated in

in

in

into

to

to

to the customer DNS solution

the customer DNS solution

the customer DNS solution

the customer DNS solution

Three different DX-GSLB integrations are available.

Glossary:

• DNS Static entry

An entry where the DNS response is always the same IP address. In other words, an entry for a service which is located in one unique site. Even if the service on this IP address is no longer available, the DNS server always replies with this IP address.

• DNS GSLB entry

An entry where the DNS response may vary. In other words, an entry for a service located in multiple sites. In addition, if the service on a specific site is no longer available, the DNS server removes this IP address from it’s responses.

Customer

Customer

Customer

Customer----DNS / DX

DNS / DX

DNS / DX----GSLB integration

DNS / DX

GSLB integration

GSLB integration

GSLB integration

The customer DNS server receives all DNS queries. For static entries, it replies directly looking at its internal DNS entries. For GLSB entries, it directs the LDNS to the DX-GSLB to resolve the query. This solution is the easiest way to test or to migrate to a DX-GSLB solution.

The customer needs:

• To create a new sub-domain for each GSLB entry in the customer DNS server • To set up all the GSLB entries in the DX-GSLB

These 2 points are detailed in section 3.1. This solution assumes:

• the customer has DNS servers in different sites

If not, the solution is not highly available. In the case of a site failure where the customer’s DNS server is located or in the case of customer DNS server failure, the services are no longer accessible.

• these customer DNS servers are primary and/or secondary name servers for its company domain ("foo.com")

(6)

The following figure shows the different steps for a DNS request received in the data center:

1. The ".com" DNS server replies with the list of name servers managing "foo.com".

In this example, the first name server in the list is the customer DNS server located in the US. 2. The LDNS contacts the "foo.com" DNS server to know what is the IP address of "www.foo.com"

or "static.foo.com".

3. In the case of static entry, the customer DNS server replies directly with the IP address to the LDNS.

In the case of GSLB entry, the customer DNS server replies with the list of IP addresses of the DX-GSLBs.

4. In the case of GSLB entry, the LDNS contacts a DX-GSLB from the list, querying for “www.foo.com”.

5. In the case of GSLB entry, the DX-GSLB replies with the IP address or list of IP addresses for "www.foo.com" to the LDNS. The way the DX-GSLB response is created is detailed in section 2.3.

DX

DX

DX

DX----GSLB only integration

GSLB only integration

GSLB only integration

GSLB only integration

The customer fully replaces its DNS server with the DX-GSLB.

With this solution, the DX-GSLB manages all the DNS entries (GSLB and static entries). The customer needs:

• To update the upstream DNS servers with the new name servers (the DX-GSLB) • To set up all the entries (static and GSLB) in the DX

Note: On static entries, the DX-GSLB supports all significant record types and zone transfers but it doesn't support all advanced DNS configuration, such as split DNS, rndc-keys and advanced forwarding.

(7)

The following figure shows the different steps for a DNS request received in the data center:

1. The ".com" DNS server replies the list of name servers managing "foo.com" In this example, the first name server in the list is the DX-GSLB located in the US.

2. The LDNS contacts the "foo.com" DX-GSLB to know what is the IP address of "www.foo.com" or "static.foo.com"

3. In the case of a static entry, the DX-GSLB replies directly with the IP address to the LDNS. In the case of a GSLB entry, the DX-GSLB replies with the IP address or list of IP addresses for "www.foo.com" to the LDNS. The way the DX-GSLB response is created is detailed in section 2.3.

DX

DX

DX

DX----GSLB / Customer

GSLB / Customer

GSLB / Customer

GSLB / Customer----DNS integration

DNS integration

DNS integration

DNS integration

The DX-GSLB receives all DNS queries. For GSLB entries, it replies directly looking at its GSLB configuration. For static entries, it contacts the customer DNS server to know the response. The customer needs:

• To update the upstream DNS servers with the new name servers (the DX-GSLB) • To set up all the GSLB entries in the DX-GSLB

(8)

The following figure shows the different steps for a DNS request received in the data center:

1. The ".com" DNS server replies with the list of name servers managing "foo.com" In this example, the first name server in the list is the DX-GSLB located in the US.

2. The LDNS contacts the "foo.com" DX-GSLB to know what is the IP address of "www.foo.com" or "static.foo.com"

3. In case of the GSLB entry "www.foo.com", the DX-GSLB replies directly with the IP address or list of IP addresses for "www.foo.com" to the LDNS. The way the DX-GSLB response is created is detailed in section 2.3.

In case of a static entry, the DX-GSLB contacts the customer DNS server to know what is the IP address of "static.foo.com"

a. customer DNS server replies with the IP address for "static.foo.com" to the DX-GSLB b. The DX-GSLB replies with the IP for "static.foo.com" to the LDNS

(9)

2

2

2

2....3

3

3

3....

How the DX

How the DX

How the DX

How the DX----GSLB create

GSLB create

GSLB create

GSLB creates

ss

s its

its

its DNS

its

DNS

DNS response

DNS

response

response

response

Depending on the implementation selected, the DX-GSLB can reply to DNS requests with: • static entries • GSLB entries

Static entries

Static entries

Static entries

Static entries

These entries are defined in GSLB Local DNS.

The static entries in DX-GSLB are used in "DX-GSLB only integration".

They can be used in the two other integration cases, but it's unusual and not covered in this document. Note: On static entries, the DX-GSLB supports all significant record types and zone transfers but it doesn't support all advanced DNS configuration, such as split DNS, rndc-keys and advanced forwarding.

GSLB entries

GSLB entries

GSLB entries

GSLB entries

These entries are defined in GSLB Resolver Groups.

Depending on the customer needs, multiple options are available.

Disaster Recovery

When the application on the main site is available, all the users accessing this application

transparently go to this main site. In case of application failure on the main site or main site failure, all the users for this application transparently go to the backup site.

The policy to select is "Fixed". The DX-GSLB always replies the first IP address available (up) in the list of sites.

Share the load on the sites with static load balancing policy

The users are shared to all the different sites available.

The DX-GSLB supports many static options to share the users on the multiple sites:

. "Random" The DX-GSLB replies the IP address available (up) in random order

. "Roundrobin" The DX-GSLB replies the IP address available (up) in round robin order

. "Weightedroundrobin" The DX-GSLB replies the IP address available (up) in round robin with weight

Share the load on the sites with dynamic load balancing policy

The users are shared to all the different sites available. The policy to select is "Metric".

The DX-GSLB replies the IP address available (up) depending on the site’s DX (member) information:

(10)

. sessions DX-SLB sessions

. targethostavailability DX-Clusters/DX-Forwarders/DX-SLB target servers availability Note: The DX-GSLB pulls this information from different sites. Each site needs to have a DX with the GSLB license.

Share the load on the sites with client proximity

The users are shared to their fastest available site. The policy to select is "Metric" with "rtt".

The DX-GSLB replies with the fastest IP address available (up) to the user.

To select the fastest site, the DX-GSLB asks a licensed DX in each site to ping (icmp) the LDNS and to report the time. The site with the fastest response time is selected.

Important Notes:

. Some LDNS can block ping (icmp) from Internet. In that case the DX-GSLB won't be able to make it’s decision and the response will be based on other selected metrics. If no other metric other than rtt is selected, the response will be the first entry up.

. We recommend changing the rtt default values (detailed in section "3.1 – DX-GSLB Resolver Group with metric (optional – only with dynamic load balancing policy")

Let another DNS server make the response or do the response from the DX static entries

This entry is not a GSLB entry but a static entry managed by an external DNS server or the DX static entries.

The policy to select is "Forward". The DX-GSLB forwards the DNS request received to an external DNS server or to its DX static entries. The DNS request is forwarded to the "Target IP:Port" under the DX-GSLB-Resolver.

(11)

2

2

2

2....4

4

4

4....

How the DX

How the DX

How the DX

How the DX----GSLB checks the site availability

GSLB checks the site availability

GSLB checks the site availability

GSLB checks the site availability

The DX-GSLB checks the availability of each site for each service.

The goal is to be sure the DX-GSLB will resolve the DNS request with an IP address that is accessible and available.

Up to release 5.2.2, the availability test is that for each GSLB resolver group the DX-GSLB does a ping test to each member IP every second.

From release 5.2.3, the availability test is that for each GSLB resolver group the DX-GSLB does a ping or TCP check to each member IP every second.

After two successive failed tests, the member IP is detected down. After one successful test, the member IP is detected up.

Note: Before the release 5.2.3 the specific failure case "Application failure on a specific site" was not covered. To be covered, TCP healthcheck has to be selected.

(12)

3.

How to implement DX-GSLB

As seen in the previous section, there are three possible DX-GSLB integrations. Depending on the integration selected the DX-GSLB configuration varies.

The configuration can be done in WebUI and CLI. This document covers only WebUI.

3

3

3

3....1

1

1

1....

Customer

Customer

Customer

Customer----DNS / DX

DNS / DX

DNS / DX----GSLB integration

DNS / DX

GSLB integration

GSLB integration

GSLB integration

The following figure shows the different steps for a DNS request received in the data center:

The customer DNS server receives all DNS queries. For static entries, it replies directly looking at its internal DNS entries. For GLSB entries, it contacts the DX-GSLB to know the response.

The customer needs:

• To create a new sub-domain for each GSLB entries in the customer DNS server • To set up all the GSLB entries in the DX-GSLB

These 2 points are detailed in section 3.1. This solution assumes:

• the customer has DNS servers in different sites

If not, the solution is not highly available. In case of site failure where the customer DNS server is or in case of customer DNS server failure, the services are not more accessible.

• these customer DNS servers are primary and/or secondary name servers for its company domain ("foo.com")

(13)

Customer DNS configuration

Customer DNS configuration

Customer DNS configuration

Customer DNS configuration

This example shows how to change the DNS server configuration to forward the GSLB entry (www.foo.com) to the DX.

Windows DNS server:

Start Windows DNS management (dnsmgmt.msc) • Validate the DNS server have the recursion mode enabled

Select the DNS server, then "Action – Properties" and select the Advanced Tab. The "Disable recursion (also disabled forwarders)" has to be unchecked (not default value).

Important Note: In case of Disaster Recovery GSLB implementation, you don't have to enable the recursion; so you can keep the default value. In that case the different steps for a DNS request are:

(14)

Delete the "www" record

Select the Forward Lookup Zones

And select the record "www", then "Action – Delete" and confirm you want to delete it. • Create the "www" sub-domain new delegation

o Select the domain "foo.com", then "Action – New Delegation"

o Follow the wizard

(15)

o Select the Delegated Domain

Delegated domain "www", then "Next".

o Add the Delegated DNS server

(16)

o Enter the DX Resolver IP address information

Enter the FQDN name and IP address, then click OK.

o Follow the wizard

(17)

o Follow the wizard

Click "Finish"

Unix/Linux DNS server:

• Validate the DNS server have recursion mode

o In the "named.conf" file

On BIND 8.x: Comment the line "recursion no" if present ;recursion no

On BIND 9.x: Comment the line " allow-recursion { none; };" if present ; allow-recursion { none; };

Important Note: In case of Disaster Recovery GSLB implementation, you can disable the recursion mode. In that case the different steps for a DNS request are:

• Delete the "www" record

o In the zone "foo.com" file Comment the www A record

(18)

• Create the "www" sub-domain

o Create a new record for the DX

dx-resolver-site1 A 10.80.80.33 dx-resolver-site2 A 20.80.80.33

o Create a new NS record for the sub-domain www.foo.com. www NS dx-resolver-site1.foo.com.

www NS dx-resolver-site2.foo.com. • Update the serial number in the SOA and reload the zone

(19)

DX

DX

DX

DX----GSLB configuration

GSLB configuration

GSLB configuration

GSLB configuration

In this implementation, the DX-GSLB receives DNS requests only for GSLB entries.

Each site with one customer DNS server requires one DX-GSLB with following configuration. This configuration can be done via WebUI or CLI. This document covers only WebUI.

DX-GSLB Resolver

To set up the DX-GSLB listening IP@ and port. That's the IP@-port the customer DNS server contacts for the GSLB entries.

o In "Services" – "Global Server LoadBalancer" – "GSLB Resolvers":

o Create a new resolver:

o Set up the resolver then save it:

Resolver Name: Resolver name.

Note: It can be any name, but for clarity we recommend the domain name.

Listen Address : Port : IP@ and udp/tcp port

Note: That's the IP@ the customer DNS server will contact Target IP:Port : In case the DNS request can't be resolved by the GSLB entries

or the GSLB entry is configured with the policy Forward, the DNS request is forwarded to the TargetIP:Port DNS server. LocalDNS means the DX-GSLB tries to its Local DNS entries. Note: In this integration case, that option is useless

(20)

DX-GSLB Resolver Group To set up the GSLB entries.

o . Add a Group in "Services" – "Global Server LoadBalancer" – "GSLB Resolvers" – "Resolver":

o Set up the Resolver Group "General" section

Group Name: Group Name

Note: It can be any name, but for clarity we recommend the DNS name.

Fail IP: IP@ used for DNS response if all member IP@ are down Load Balancing Policy: GSLB policy: Forward, Fixed, Random, RoundRobin,

WeightedRoundRobin, Metric. (default = RoundRobin) Note: For explanation between each policy, refer to section 2.3

o Set up the Resolver Group "Sticky" section

Enable Sticky: Enable sticky (default = disabled).

For the DNS requests from the same LDNS for that GSLB entry, the DX-GSLB replies always the same IP@.

Note: It is not required if a client can start the application on site1 and then transparently jump to site2. Since most of the time it's not the case, we recommend sticky enabled.

(21)

Sticky Netmask: Sticky Netmask (default = 255.255.255.255)

LDNS coming from the same netmask will be stuck to the same site.

Note: Reducing the netmask reduce the number of sticky entries

Sticky Max: Sticky Max (default = 16384) Maximum number of sticky entries.

Note: If the DX-GSLB reaches the limit, the older entry will be removed.

o Set up the Resolver Group "DNS" section

Host Name: DNS name

Note: Must be the fully qualified domain name Attention this host name is without a "." at the end

Time to Live: In case of Disaster Recovery GSLB implementation, where the customer DNS server has the recursion disabled (cf above Customer DNS configuration), change the value to 1sec. DNS TTL (default = 300 secs = 5mins)

Note: Attention LDNS can overwrite this value. And the client can overwrite it too. For instance Internet Explorer overwrites all TTL lower than 30 mins to 30 mins. Firefox does that same but the limit is at 15 mns.

Authoritative Domain: In "Customer-DNS / DX-GSLB integration", it's the sub-domain.

In "DX-GSLB only integration" and "DX-GSLB /

Customer-DNS integration", it's the domain (cf section 3.2 or 3.3).

Note: That's the domain.

Attention this domain name is with a "." at the end Authoritative DNS

Server:

In "Customer-DNS / DX-GSLB integration", it's with the sub-domain.

In "DX-GSLB only integration" and "DX-GSLB / Customer-DNS integration", it's with the domain (cf section 3.2 or 3.3).

Note: That's the authoritative name server for this domain. (This information has to be asked to the customer or retrieved with a application, as DIG)

(22)

Technical explanation: The LDNS, when they receive multiple IP@, shuffle the list of IP before replying the IP to the clients.

o Set up the Resolver Group "Members" section

Name: Site name.

Note: Can be any name, but for clarity we recommend the site name.

Remote Node: GSLB Remote Node.

This is used only with the dynamic load balancing policy (policy "Metric" selected in "General" section) otherwise it's useless.

Note: The dynamic load balancing policy cases are described further.

IP: Site IP@.

That's the IP@ for the application on the site.

Weight: Weight (default = 1).

Note: This is used only with the policy "WeightedRoundRobin"

o Set up the Resolver Group "Service Checking" section

Enable Service Checking: Service check status By default: enabled. Service Check Mode: Can be ICMP or TCP.

By default: ICMP

Service Check Ports: Can be 1 or a list or TCP ports. Used only if TCP Service Check Mode is selected.

All of them have to be up to have the site considered up. By default, no TCP ports are configured.

o Set up the Resolver Group "Metric" section

This section is needed only in case of dynamic load balancing policy (policy "Metric" is selected in the "General" section).

Two extra steps need to be set up first in the case of dynamic load balancing policy:  DX-GSLB Remote Nodes

(23)
(24)

DX-GSLB Agent and Remote Nodes (optional – only with metric load balancing policy) To set up the DX-GSLB probing to the DX at the different sites.

This communication will be used only if the GSLB Load Balancing Policy "metric" is selected in one of the DX-GSLB Resolver Group.

o Set up the DX-GSLB Agent

The DX-GSLB Agent is the process listening to the DX-GSLB Resolver probes requests. This has to be set up in all the DX in different sites with DX-Clusters/DX-Forwarders/DX-SLB VIP for GDX-Clusters/DX-Forwarders/DX-SLB entries (including the DX-GDX-Clusters/DX-Forwarders/DX-SLB Resolver themselves if they are managing DX-Clusters/DX-Forwarders/DX-SLB VIP for GSLB entries too)

 In "Services" – "Global Server Load Balancer" – "GSLB Agent":

 Set up the DX-GSLB Agent

Enable Agent: Enable DX-GSLB Agent

Process status: Display the DX-GSLB Agent status Listen Address : Port: IP@ and TCP port

This IP has to be unique but can be on any DX interface. Note: The DX-GSLB Resolvers must be able to communicate to that IP:port.

Enable Encryption: Enable Encryption

Key: Key

Note: Multiple keys can be defined in case each DX-GSLB Resolvers uses a specific one

(25)

o Set up the DX-GSLB Remote Nodes

The GSLB Remote Nodes are the GSLB Agent in different sites managing the DX-Clusters/DX-Forwarders/DX-SLB VIP for GSLB entries.

This has to be set up in the DX-GSLB Resolver sites.

 In "Services" – "Global Server Load Balancer" – "GSLB Remote Nodes":

 Create as many New Remotenodes as sites with DX

 Create as many New Remotenodes as sites with DX

Name: Name

Note: It can be any name, but for clarity we recommend the site name.

IP Address : Port: IP@ and TCP port

That's the site DX-GSLB agent IP@ and TCP port Interval: Probe interval (default = 3 sec)

Timeout: Timeout (default = 3 sec) Enable Encryption: Enable Encryption Encryption Key: Encryption Key  Save the configuration

(26)

DX-GSLB Resolver Group with metric (optional – only with dynamic load balancing policy) DX-GSLB Agent and Remote Nodes have to be set up first.

o Set up the Resolver Group "Members" section with the Remote Node

o Set up the Resolver Group "Metric" section

Smoothing: How fast metric fluctuations are important in the decision. Values are Low, Medium and High.

Any – Max Maximum where when reached the site is removed from the balancing

Any –Weight Importance dedicated to that field.

Note: Range between 0 (no considered) to 100 (highest priority)

Note: At least one field must have a weight greater than 0 Round Trip Time DX-LDNS ping response time

Round Trip Time – Max:

DX-LDNS ping maximum response time Note: Change the default value to 200 Round Trip Time –

Time Out:

DX-LDNS ping time out

Note: Change the default value to 200 Round Trip Time –

Count:

Number of RTT tries:

Note: Change the default value to 3 Round Trip Time –

Net Mask:

RTT netmask:

Note: rtt is not supported in this DX-GSLB implementation Connections: DX-Clusters / DX-Forwarders connections

Note: It's for all DX-Clusters / DX-Forwarders and not for a specific one.

Sessions: DX-SLB sessions

(27)

CPU Usage: DX CPU usage Host Available –

Min.(%):

Minimum DX-Clusters / DX-Forwarders / DX-SLB target servers availability

Note: It's for all VIP and not for a specific one.

(28)

3

3

3

3....2

2

2

2....

DX

DX

DX

DX----GSLB only integration

GSLB only integration

GSLB only integration

GSLB only integration

The following figure shows the different steps for a DNS request received in the data center:

The customer fully replaces its DNS server with the DX-GSLB.

With this solution, the DX-GSLB manages all the DNS entries (GSLB and static entries). The customer needs:

• To update the company upstream DNS servers with the new name servers (the DX-GSLB) • To set up all the entries (static and GSLB) in the DX

Note: On static entries, the DX-GSLB supports all significant record types and zone transfers but it doesn't support all advanced DNS configuration, such as split DNS, rndc-keys and advanced forwarding.

Customer DNS configuration

Customer DNS configuration

Customer DNS configuration

Customer DNS configuration

Contact your DNS provider to update your domain name server information with DX-GSLB Resolver IP@.

DX

DX

DX

DX----GSLB configuration

GSLB configuration

GSLB configuration

GSLB configuration

In this configuration, the DX-GSLB receives all DNS requests (GSLB and static entries).

Each site acting as Primary or Secondary name servers requires one DX-GSLB with the following configuration.

This configuration can be done via WebUI or CLI. This document covers only WebUI.

DX-GSLB Resolver

Same as section 3.1. The only add-ons are:

(29)

o Set up the resolver (red squares) then save it

Resolver Name: Resolver name.

Note: It can be any name, but for clarity we recommend the domain name.

Listen Address : Port : IP@ and udp/tcp port

Note: That's the IP@ the customer DNS server will contact Target IP:Port : In case the DNS request can't be resolved by the GSLB entries

or the GSLB entry is configured with the policy Forward, the DNS request is forwarded to the TargetIP:Port DNS server. LocalDNS means the DX-GSLB tries to its Local DNS entries. Enable Resolver: Enable resolver

o Set up the Resolver Group "DNS" section

Host Name: DNS name

Note: Must be the fully qualified domain name Attention this host name is without a "." at the end

Time to Live: In case of Disaster Recovery GSLB implementation, where the customer DNS server has the recursion disabled (cf above Customer DNS configuration), change the value to 1sec. DNS TTL (default = 300 secs = 5mins)

Note: Attention LDNS can overwrite this value. And the client can overwrite it too. For instance Internet Explorer overwrites all TTL lower than 30 mins to 30 mins. Firefox does that same but the limit is at 15 mns.

Authoritative Domain: In "Customer-DNS / DX-GSLB integration", it's the sub-domain (cf section 3.1).

In "DX-GSLB only integration" and "DX-GSLB / Customer-DNS integration", it's the domain. Note: That's the domain.

Attention this domain name is with a "." at the end Authoritative DNS

Server:

In "Customer-DNS / DX-GSLB integration", it's with the sub-domain (cf section 3.1).

(30)

Attention this host name is with a "." at the end Answer Mode: "Single" or "Multiple" IP@.

The DX replies one IP@ or a list of IP@.

Note: It can be multiple if a client can start the application on site1 and then can transparently jump to site2. Since most of the time it's not the case, we recommend Answer Mode Single. Technical explanation: The LDNS, when they receive multiple IP@, shuffle the list of IP before replying the IP to the clients.

DX-GSLB Resolver Group

Same as section 3.1.

DX-GSLB Agent and Remote Nodes (optional – only with dynamic load balancing policy)

Same as section 3.1.

DX-GSLB Resolver Group with metric (optional – only with dynamic load balancing policy)

Same as section 3.1.

DX

DX

DX

DX----static configuration

static configuration

static configuration

static configuration

In this configuration, the DX-GSLB receives all DNS requests (GSLB and static entries).

Each site acting as Primary or Secondary name servers requires one DX-GSLB with the following configuration.

This configuration can be done via WebUI or CLI. This document covers only WebUI.

DX-GSLB LocalDNS

To set up the static entries for a domain.

o In "Services" – "Global Server LoadBalancer" – "GSLB Local DNS":

(31)

o Set up the new Local DNS "General" section:

Domain Name: Domain name

Attention this domain name is with a "." at the end Time to Live: DNS entry TTL (default = 300 sec = 5 min)

Contact Email: Contact Email

Note: DNS administrator email

Attention this domain name is with a "." at the end Sequence Number: Sequence number

Enable Auto Increment: Sequence number auto incremented

o Set up the new Local DNS "A" section:

Enter all static A records and click Add for each.

Host: Host name

Attention this is the host without the domain information IP Address: Static IP@ for that host name

o Set up the new Local DNS "CNAME" section: Enter all CNAME records and click Add for each.

Host: Host name

Attention this is the host without the domain information

Alias: Alias for that host name

o Set up the new Local DNS "PTR" section: PTR should be supported in 5.2.5.

o Set up the new Local DNS "NS" section: Enter all NS records and click Add for each.

(32)

o Set up the new Local DNS "MX" section: Enter all MX records and click Add for each.

Note: To be realistic in that example, I should have an A record for the host "mx "

(33)

3

3

3

3....3

3

3

3....

DX

DX

DX

DX----GSLB / Customer

GSLB / Customer

GSLB / Customer

GSLB / Customer----DNS integration

DNS integration

DNS integration

DNS integration

The following figure shows the different steps for a DNS request received in the data center:

The DX-GSLB receives all DNS queries. For GSLB entries, it replies directly looking at its GSLB configuration. For static entries, it contacts the customer DNS server to know the response. The customer needs:

• To update the company upstream DNS servers with the new name servers (the DX-GSLB) • To set up all the GSLB entries in the DX-GSLB

Customer DNS configuration

Customer DNS configuration

Customer DNS configuration

Customer DNS configuration

Contact your DNS provider to update your domain name server information with DX-GSLB Resolver IP@. Otherwise, this integration doesn't require any change in the customer DNS server.

DX

DX

DX

DX----GSLB configuration

GSLB configuration

GSLB configuration

GSLB configuration

In this configuration, the DX-GSLB receives all DNS requests (GSLB and static entries).

Each site acting as Primary or Secondary name servers requires one DX-GSLB with the following configuration.

This configuration can be done via WebUI or CLI. This document covers only WebUI.

DX-GSLB Resolver

Same as section 3.1. The only add-ons are:

(34)

o Set up the resolver (red squares) then save it

Resolver Name: Resolver name.

Note: It can be any name, but for clarity we recommend the domain name.

Listen Address : Port : IP@ and udp/tcp port

Note: That's the IP@ the customer DNS server will contact Target IP:Port : In case the DNS request can't be resolved by the GSLB entries,

the DNS request is forwarded to the TargetIP:Port DNS server. LocalDNS means the DX-GSLB tries to its Local DNS entries. Note: In this integration case, this must be the customer DNS server.

Enable Resolver: Enable resolver

o Set up the Resolver Group "DNS" section

Host Name: DNS name

Note: Must be the fully qualified domain name Attention this host name is without a "." at the end

Time to Live: In case of Disaster Recovery GSLB implementation, where the customer DNS server has the recursion disabled (cf above Customer DNS configuration), change the value to 1sec. DNS TTL (default = 300 secs = 5mins)

Note: Attention LDNS can overwrite this value. And the client can overwrite it too. For instance Internet Explorer overwrites all TTL lower than 30 mins to 30 mins. Firefox does that same but the limit is at 15 mns.

Authoritative Domain: In "Customer-DNS / DX-GSLB integration", it's the sub-domain (cf section 3.1).

In "DX-GSLB only integration" and "DX-GSLB / Customer-DNS integration", it's the domain. Note: That's the domain.

Attention this domain name is with a "." at the end Authoritative DNS

Server:

In "Customer-DNS / DX-GSLB integration", it's with the sub-domain (cf section 3.1).

(35)

with a application, as DIG)

Attention this host name is with a "." at the end Answer Mode: "Single" or "Multiple" IP@.

The DX replies one IP@ or a list of IP@.

Note: It can be multiple if a client can start the application on site1 and then can transparently jump to site2. Since most of the time it's not the case, we recommend Answer Mode Single. Technical explanation: The LDNS, when they receive multiple IP@, shuffle the list of IP before replying the IP to the clients.

DX-GSLB Resolver Group

Same as section 3.1.

DX-GSLB Agent and Remote Nodes (optional – only with dynamic load balancing policy)

Same as section 3.1.

DX-GSLB Resolver Group with metric (optional – only with dynamic load balancing policy)

(36)

4.

DX-GSLB status and stats

This can be done via CLI only.

4

4

4

4....1

1

1

1....

DX

DX

DX

DX----GSLB status

GSLB status

GSLB status

GSLB status

As seen in the previous section, there are different components in a DX-GSLB implementation: • DX-GSLB Resolver • DX-Agent • DX-Remote Nodes • DX-LocalDNS

DX

DX

DX

DX----GSLB Resolver

GSLB Resolver

GSLB Resolver

GSLB Resolver

The DX-GSLB Resolver status is the DX DNS service status. In CLI: "show gslb resolver <resolver-name> status"

dx-107-7% show gslb resolver foo.com status

GSLB Resolver [foo.com] Status: enabled (failover: Master)

In case of DX failover, only the DX master runs the GSLB Resolver.

DX

DX

DX

DX----GSLB Resolver

GSLB Resolver

GSLB Resolver

GSLB Resolver GSLB entry member status

GSLB entry member status

GSLB entry member status

GSLB entry member status

The DX-GSLB Resolver GSLB entry member status is to see the different sites status for the GSLB entries. In CLI: "show gslb resolver <resolver-name> group <group -name> member all"

dx-107-7% show gslb resolver foo.com group www.foo.com member all GSLB Member [site2]

RemoteNode: 1 IP: 1.1.1.1 Weight: 1 IP Status: up GSLB Member [site1]

RemoteNode: 2 IP: 2.2.2.2 Weight: 1 IP Status: down

When a member is down, that means the DX-GSLB Resolver health check fails. As said in section 2.4, this healthcheck is a ping up to release 5.2.2 and can be a ping or TCP healthchecks from 5.2.3.

DX

DX

DX

DX----GSLB

GSLB

GSLB

GSLB Agent

Agent

Agent

Agent

The DX-GSLB Agent status is the status of the local DX agent processing the DX-GSLB Resolver probe requests.

In CLI: "show gslb agent"

dx-107-7% show gslb agent

GSLBAgent: enabled (failover: Master)

In case of DX failover, only the DX master runs the GSLB Resolver.

(37)

DX

DX

DX

DX----GSLB

GSLB

GSLB

GSLB Remote Nodes

Remote Nodes

Remote Nodes

Remote Nodes

The DX-GSLB Remote Node status is the status of the remote DX agent processing the DX-GSLB Resolver probe requests.

In CLI: "show gslb remotenode <node-name> stats"

dx-107-7% show gslb remotenode Site1 stats Remotenode [Site1]:

Status: Up

If the status is "Initializing", that's usually because this remote note is not used in a DX-GSLB Resolver with policy metric.

If the status is "Down", that's usually because this remote note cannot be contacted by the DX-GSLB Resolver.

Note: This command provides some extra information not related to the status.

DX

DX

DX

DX----GSLB

GSLB

GSLB

GSLB LocalDNS

LocalDNS

LocalDNS

LocalDNS

There is no status displayed for this service. This service is always running as soon as a DX-GSLB Resolver is configured to forward request to its Local DNS.

(38)

4

4

4

4....2

2

2

2....

DX

DX

DX

DX----GSLB stats

GSLB stats

GSLB stats

GSLB stats

As seen in the previous section, there are different components in a DX-GSLB implementation: • DX-GSLB Resolver • DX-Agent • DX-Remote Nodes • DX-LocalDNS

DX

DX

DX

DX----GSLB Resolver

GSLB Resolver

GSLB Resolver

GSLB Resolver

Global stats for a DX-GSLB Resolver:

In CLI: "show gslb resolver <resolver-name> stats"

dx-107-7% show gslb resolver foo.com stats GSLBUDP

---

Requests: 290

Replies: 85

Forwards: 205

Replies from DNS server: 205 Errors: 0 TCP --- Requests: 0 Replies: 0 Forwards: 0

Replies from DNS server: 0 Errors: 0 Total --- Requests: 290 Replies: 85 Forwards: 205

Replies from DNS server: 205 Errors: 0 Request Types --- A: 282 NS: 0 CNAME: 0 SOA: 0 PTR: 6 MX: 0 Other: 2

Specific stats for a DX-GSLB Resolver: In CLI: "show gslb resolver <resolver-name> group <group -name> stats " dx-107-7% dx-107-7% show gslb resolver foo.com stats Total Requests: 82 Pending Requests: 0 Total Replies: 82 Normal Replies: 82

(39)

DX

DX

DX

DX----GSLB Resolver

GSLB Resolver

GSLB Resolver

GSLB Resolver GSLB entry member stats

GSLB entry member stats

GSLB entry member stats

GSLB entry member stats

The DX-GSLB Resolver GSLB entry member stats is to see how many times the IP address of this site was replied.

In CLI: "show gslb resolver <resolver-name> group <group -name> member <member-name> stats"

dx-107-7% show gslb resolver foo.com group www.foo.com member site1 stats Times served: 14

Times served first: 14

Number of times the DX-GSLB Resolver replied the IP@ of this site first in the list. Number of times the DX-GSLB Resolver replied the IP@ of this site at any place in the list.

Note: Of course of the Answer Mode is single both values are the same. With the Answer Mode multiple they may be different.

DX

DX

DX

DX----GSLB

GSLB

GSLB

GSLB Agent

Agent

Agent

Agent

In CLI: "show gslb agent stats"

dx-107-7% show gslb agent stats Metrics Requests Received: 42409 Metrics Replies Sent: 42409 RTT Requests Received: 0 RTT Replies Sent: 0

DX

DX

DX

DX----GSLB

GSLB

GSLB

GSLB Remote Nodes

Remote Nodes

Remote Nodes

Remote Nodes

In CLI: "show gslb remotenode <node-name> stats"

dx-107-7% show gslb remotenode Site1 stats Remotenode [Site1]:

Status: Up RTT Requests Sent: 0 RTT Replies: 0 RTT Errors: 0 Metric Requests Sent: 42433 Metric Replies: 42433 Metric Errors: 0

connfree sessfree netavail memfree cpufree thavail 1) 100% 100% 100% 54% 99% 80% 14 0 2788 54 99 80 2) 100% 100% 100% 54% 99% 80% 14 0 2190 54 99 80 3) 100% 100% 100% 54% 99% 80% 14 0 3804 54 99 80 4) 100% 100% 100% 54% 99% 80% 14 0 3069 54 99 80 5) 100% 100% 100% 54% 99% 80% 14 0 2664 54 99 80 6) 100% 100% 100% 54% 99% 80% 14 0 3596 54 99 80 7) 100% 100% 100% 54% 99% 80% 14 0 2641 54 99 80 8) 100% 100% 100% 54% 100% 80% 14 0 3004 54 100 80

(40)

DX

DX

DX

DX----GSLB

GSLB

GSLB

GSLB LocalDNS

LocalDNS

LocalDNS

LocalDNS

(41)

5.

How to check GSLB configuration

The goal is to check the DNS response for a particular name from a particular location.

To see easily a DNS response, all operating systems (Windows, Unix, Linux) come with the application nslookup. This application runs on any shell.

Note: On Windows to start a shell: "Start" – "Run" – "cmd" then press OK.

Select the

Select the

Select the

Select the DNS

DNS

DNS

DNS server nslookup will use for its requests

server nslookup will use for its requests

server nslookup will use for its requests

server nslookup will use for its requests

• Start nslookup: "nslookup"

• Select the DNS server (DX-GSLB Resolver IP@): "server <IP@>"

Do your

Do your

Do your

Do your DNS

DNS

DNS

DNS queries

queries

queries

queries

• The fully qualified host name you want to resolver: "<Host>" With a screenshot done on Windows:

Note: Depending on the DX-GSLB Resolver Group configuration, the answer can be single (as displayed) or multiple.

References

Related documents

Considering the importance placed on schools promoting child health and wellbeing and the range of school-based interventions that are advocated, the aims of this study were to

FortiADC’s included Global Server Load Balancing (GSLB) makes your network reliable and available by scaling applications across multiple data centers for disaster recovery or

After creating the GSLB virtual server and selecting the appropriate load balancing method, bind services and domain(s) to complete the step. Go to Advanced Settings inside the

Citrix NetScaler, the leading application delivery solution, is best suited to provide load balancing and GSLB capabilities for Microsoft Exchange 2013. NetScaler and Exchange

Upon receiving the request, the NetScaler GSLB virtual server resolves the domain name to the public IP address of the Lync reverse proxy at site 1 on the basis of some

Create (or modify existing Default) GSLB Policy Create Sites, add SLB Devices and VIPs for the Site Create Zone and configure service. Enable the GSLB protocol for site

DNS-based Global Server Load Balancing (GSLB) works by improving this process, controlling which IP addresses are supplied to each user, just as our location-aware Global Phone