Global Server Load Balancing (GSLB) Concepts

(1)

Global Server Load Balancing

(GSLB) Concepts

(2)

2

©_{A10 Networks, Inc.}

GSLB Overview

GSLB Configuration Options GSLB Components

Server Mode Configuration

(3)

Global Server Load Balancing (GSLB)

DNS Proxy Technology

Continue to use existing DNS infrastructure without changing DNS server configuration No need to create or delegate sub domains, existing DNS maintains control

Key ACOS GSLB benefits

Provides data center failover and continuity

(4)

4

DNS-Based

Global Server Load Balancing (GSLB)Global Server Load Balancing enables AX to add intelligence to authoritative Domain Name System (DNS) servers

The GSLB controller evaluates the DNS replies and based on the results of that evaluation it directs traffic to the 'best' site by replacing the IP address in the DNS reply

IP-Based - Route Health Injection (RHI)

Routing based global server load balancing

RHI allows the ACOS to advertise the availability of a VIP throughout the network.

Inject static route for VIP and redistribute to routing protocol, support RIP, OSPF, IS-IS, BGP, RIPng, OSPFv3, IS-ISv6, BGP4+

Typical topology includes primary and backup site, with backup monitoring primary’s health, and inject VIP route in case of primary failure

Also supports 'IP Anycast'

(5)

DNS-based GSLB uses Domain Name Service (DNS) technology to extend load balancing to a global scale

Provides dynamic and flexible policies for selecting fairness and distribution to multiple sites

Operates in two main modes

Proxy mode

The ACOS device acts as a proxy for an external DNS server. In proxy mode, the ACOS device can update the A and AAAA records in its response to client requests, but it forwards requests for all other record types to the external DNS server.

Server mode

The ACOS device directly responds to queries for specific service IP addresses in the GSLB zone. In server mode, the ACOS device can reply with A, AAAA, MX, NS, PTR, SRV and SOA records. For all other records, the ACOS device will attempt proxy mode unless configured as fully authoritative.

(6)

6

Advantages

Can be implemented without impacting current DNS traffic Does not require change in DNS server IP address

Customer can be using external DNS service

Disadvantages

Requires changes to DNS server configuration

Add Sub-domain to existing DNS for ACOS Add ACOS “proxy ip” as NS records

Add ACOS “proxy ip” as A records CNAME existing records to sub-domain

Requires second DNS request by client

(7)

Advantages

Does not require changes to current DNS server configuration Single client request for domain resolution services

Can be implemented with DNS firewall, and provide SLB services to DNS servers

Disadvantages

Requires changes to DNS server IP address, or change in registered NS server IP address Can not be implemented without downtime

Customer has to own and run their own DNS servers

(8)

8

Sites

A server farm locally managed by an ACOS device that performs ADC services for the site

Services

An application such as HTTP or FTP. Each zone can be configured with one or more services. “www.xyz.com” is a service where “www” is the http service or an application in the “xyz.com” zone

Service IP

The virtual servers defined under service-ip are used for GSLB

GSLB Components

Controller

Receives client DNS requests, maintains GSLB configuration and health status among site devices. Can have multiple controllers for redundancy

Policy

Configurable parameters evaluated against a client request to select the best site to send the request to

Zones

(9)

Configuration steps

Configure SLB (if not already configured) Create DNS Server VIP

Configure Service IPs for VIPs

Create (or modify existing Default) GSLB Policy Create Sites, add SLB Devices and VIPs for the Site Create Zone and configure service

Enable the GSLB protocol for site device function (Controller or Device)

Note – To configure Proxy mode, follow standard SLB procedures (Servers, Service Groups, VIP, etc.) that utilize “external” DNS servers and enable it for GSLB when configuring the virtual port

Note 2 – GSLB Policies will be covered in another module

(10)

10

For Server Mode configurations

Create the Virtual Server

slb virtual-server dns1 100.0.0.53

Add the UDP port (usually 53)

port 53 dns-udp

Enable GSLB on the port

gslb-enable

To configure Proxy Mode, create Servers for the actual (external) DNS servers, place them in a Service Group and apply to the Virtual Port

(11)

The Service IPs are the addresses of Virtual Servers that will be part of the GSLB solution in a given zone

Add the name and ip, then the port hosting the service

gslb service-ip vip3 100.0.0.66 port 80 tcp

The Service IP can also have health checks assigned and, if needed, an External IP allowing a service IP that has an internal IP address to be reached from outside the internal network

(12)

12

Sites represent the server farm that is locally managed by the device that performing server load balancing for the site

Create the site, define the IP of the ACOS device for the site, then add the VIP servers configured earlier

gslb site newyork slb-dev A3 60.0.0.1 vip-server vip2

(13)

A zone is a DNS domain used by GSLB and acts as the start of authority for the name space and, when combined with the service name, creates the FQDN for client DNS queries

A service is an application such as HTTP or FTP and can be the well-known name of the application or by port number

gslb zone a10class.com service http www

In the above example, the zone name is “a10class.com”, the service is HTTP with the name “www.” Clients would then query www.a10class.com when connecting to the VIP

(14)

14

The dns-a-record command is used to create the A records for the zone, binding the service/zone name to the service IPs (VIPs) within the zone

gslb zone a10training.com

service http www

dns-a-record vip2 static dns-a-record vip1 static

At the Service level of the configuration, additional dns records such as C-NAME, mx, and NS can be created

(15)

Uses TCP port 4149

AX devices use the GSLB protocol for GSLB management traffic (between GSLB controller and sites)

The GSLB controller collects following information from the site AX load balancers

Virtual IP addresses & active servers aRDT (active-Round Delay Time) Site session capacity statistics Connection load

Number of active sessions

Update interval default is 30 seconds (ranges from 1 to 300 seconds)

VIP information is sent asynchronously

(16)

16

AX devices use the GSLB protocol for GSLB management traffic. The protocol must be enabled on the GSLB controller

gslb protocol enable controller

For redundancy, multiple controllers can be enabled and placed in a controller group which can automatically synchronize GSLB configurations and service IP status among multiple GSLB controllers for a GSLB zone

Enabling the protocol on devices in other sites in the GSLB configuration is optional, but is required for in order to take advantage of certain policy options and default health checks. A10 recommends enabling the GSLB protocol on all devices

gslb protocol enable device

Note - For more information on Controller Groups see the GSLB configuration guide

(17)

For redundancy, use Controller Groups with Controllers configured in multiple sites Use Controllers for both GSLB and SLB

Server Mode (authoritative) configurations can also have the customers existing DNS servers in a service group under the DNS VIP. These servers hold records or name space for which the Controller is not authoritative. Non-authoritative queries are

automatically forwarded to those servers . Enable the GSLB protocol on all devices

(18)

GSLB Policy

(19)

Policy Overview Policy Metrics Policy Settings

Policy Configuration

(20)

3

A list of metrics used to determine the best site to use for a given client’s request Health Check, Round Robin and Geographic enabled by default but can be disabled All other metrics must be enabled to be used

Applied to the zone or service level within a zone

Features a “Default” policy which is used for all GSLB zones and services unless an Admin created policy is applied to a zone or service

(21)

Each Site metric is evaluated in a (configurable) order and is marked when a match occurs

Evaluations continue only on marked sites until all configured parameters are checked Once each Site is evaluated, the user request is sent to the Site with the most matches In the event of a tie, requests are fulfilled in round robin

Four Site Example: Site A, Site B, Site C and Site D all could potentially handle a client request Site B fails Health Check, leaving A, C and D for the next metric

Site A and D match on Geographic, eliminating C

Site A has an assigned higher weight than D, eliminating D Request will be sent to Site A

(22)

5

Weighted Site (3)

Sites with higher assigned weights are used more often

Session Capacity (4)

Sites with more available sessions based on respective maximum Session-Capacity are preferred

Active-Servers (5)

Sites with most currently active servers are preferred

NOTE - Numbers in parentheses represent default metric order number which can be modified

* Enabled by default but can be disabled

GSLB Policy Settings 1 of 2

Health Check (1)

Services that pass health checks are preferred *

Round Robin (14)

Sites are selected in sequential order *

Geographic (7)

Services located within the client’s geographic region are preferred *

Weighted-IP (2)

(23)

Admin Preference (10)

The site with the highest admin set preference is selected

BW-Cost (11)

Selects sites based on bandwidth utilization on the site AX links

Least Response (12)

Service IP addresses with the fewest hits are preferred

Admin-IP (13)

IP addresses are preferred based on administratively assigned weight

GSLB Policy Settings 2 of 2

Active Round Delay Time (6)

Sites with faster round delay times for DNS queries and replies between a site and local GSLB are preferred

Connection Load (8)

Sites that are not exceeding their thresholds for new connections are preferred

Num-Session (9)

(24)

7

To create a Policy use the following

gslb policy [name]

Once in the policy’s context, enable and configure policy entries. Some metrics are enabled by entering the name of the metric

(config-gslb policy)#least-response

Other metrics are first configured at the site or zone level and then enabled by adding them to the policy

(config-gslb site-slb dev)#admin-preference ?

<0-255> Specify admin-preference value, default is 100

In the above example, a priority is set at the device level of a site, the metric will then be evaluated once enabled on the policy

(config-gslb policy)#admin-preference

(25)

Use the “metric order” command under the context of the policy followed by the metrics you wish to use:

(config-gslb policy)#metric-order least-response admin-preference

Using the above example, least-response and admin-preference are now 1 and 2 in the evaluation order. Heath-check, being the previous number 1 drops to 3

#show gslb policy pol1

---

least-response | 1 | | yes admin-preference | 2 | | yes

health-check | 3 | | yes

The above example is only partial output for the command

(26)

9

Config> GSLB> Policy. Select Policy, Drag and drop to modify metric order

Dragging metrics to the left will automatically enable them. Once enabled, these metrics can also be dragged up or down to put them in desired order.

(27)

At the zone level

(config)#gslb zone a10training.com (config-gslb zone)#policy pol-1

At the service level

(config)#gslb zone a10training.com (config-gslb zone)#service http www

(config-gslb zone-gslb service)#policy pol-2

(28)

11

Config> GSLB> Zone

Click zone name and choose a policy from dropdown for Zone level.

To apply at Service level, from the Zone page, select the service name and click edit. Choose policy from the dropdown.

(29)

For “Active Standby” data centers use Admin IP policy to always send traffic to primary site, unless it is unreachable

For “Active Active” scenarios, take advantage of geo-location, weighting, or RTT to determine best site to send client request