Glbal Server Lad Balancing Juniper Netwrks, Inc. 1194 Nrth Mathilda Avenue Sunnyvale, Califrnia 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net Page 1 --- Glbal Server Lad Balancing Nvember 2006
Table f Cntents 1. Applicatin Nte tpic GSLB...3 2. Hw the DX-GSLB technically wrks in the custmer envirnment...4 2.1. Hw the DNS reslutin wrks...4 2.2. Hw the DX-GSLB is integrated int the custmer DNS slutin...5 Custmer-DNS / DX-GSLB integratin...5 DX-GSLB nly integratin...6 DX-GSLB / Custmer-DNS integratin...7 2.3. Hw the DX-GSLB creates its DNS respnse...9 Static entries...9 GSLB entries...9 2.4. Hw the DX-GSLB checks the site availability...11 3. Hw t implement DX-GSLB...12 3.1. Custmer-DNS / DX-GSLB integratin...12 Custmer DNS cnfiguratin...13 DX-GSLB cnfiguratin...19 3.2. DX-GSLB nly integratin...28 Custmer DNS cnfiguratin...28 DX-GSLB cnfiguratin...28 DX-static cnfiguratin...30 3.3. DX-GSLB / Custmer-DNS integratin...33 Custmer DNS cnfiguratin...33 DX-GSLB cnfiguratin...33 4. DX-GSLB status and stats...36 4.1. DX-GSLB status...36 DX-GSLB Reslver...36 DX-GSLB Reslver GSLB entry member status...36 DX-GSLB Agent...36 DX-GSLB Remte Ndes...37 DX-GSLB LcalDNS...37 4.2. DX-GSLB stats...38 DX-GSLB Reslver...38 DX-GSLB Reslver GSLB entry member stats...39 DX-GSLB Agent...39 DX-GSLB Remte Ndes...39 DX-GSLB LcalDNS...40 5. Hw t check GSLB cnfiguratin...41 Select the DNS server nslkup will use fr its requests...41 D yur DNS queries...41 Page 2 --- Glbal Server Lad Balancing Nvember 2006
1. Applicatin Nte tpic GSLB Glbal server lad balancing (GSLB) allws custmers with applicatins in tw r multiple sites: t have a Disaster Recvery slutin When the applicatin n the main site is running, all the users accessing this applicatin transparently g t this main site. In case f applicatin failure n the main site r main site failure, all the users fr this applicatin transparently g t the backup site. t share the lad n the multiple sites The users are shared t all the different sites. t cntinue peratins when ne, r mre sites ges dwn In case f applicatin failure n a specific site r a specific site failure, the users accessing this applicatin transparently use all the sites but this ne. This Applicatin Nte describes: Hw the DX-GSLB technically wrks Hw t implement DX-GSLB DX GSLB status and stats Hw t check GSLB cnfiguratin Page 3 --- Glbal Server Lad Balancing Nvember 2006
2. Hw the DX-GSLB technically wrks in the custmer envirnment Imprtant Nte: GSLB is supprted n all DX appliances but requires a specific license. GSLB was implemented in the 4.1 release. Imprtant imprvements were added in the 5.1 release and the 5.2 release added WebUI cnfiguratin supprt (the status and statistics are currently CLI nly). This dcument is related t the DX 5.2 release. GSLB is based n DNS. When the users access an applicatin, they use a name such as "www.f.cm" r "smtp.f.cm". This name is cnverted t an IP address with a DNS request. Depending n the GSLB cnfiguratin, the user will receive a DNS respnse with the IP address f this r that site where the applicatin is available. 2.1. Hw the DNS reslutin wrks The fllwing figure shws the different steps: 1. The user sends a DNS request "www.f.cm" t its Lcal DNS server. 2. The LDNS cntacts a Rt DNS server t knw wh manages ".cm". This is generally already in the Lcal DNS cache, s the LDNS wuld g directly t step 4. 3. The Rt DNS server replies with the list f name servers managing ".cm". 4. The LDNS cntacts a ".cm" DNS server t knw wh manages "f.cm". 5. The ".cm" DNS server replies with the list f name servers managing "f.cm". In this case, there are 2 sites with DNS servers managing "f.cm", ne in the USA and ne in Eurpe. These DNS servers can be the DX-GSLB r the Enterprise "f" DNS servers, as seen further in the next sectin. Page 4 --- Glbal Server Lad Balancing Nvember 2006
6. The LDNS cntacts a "f.cm" DNS server t knw what is the IP address f "www.f.cm" In this example, the first name server in the list is the custmer DNS server lcated in the US. 7. The "f.cm" DNS server replies with the IP address r the list f IP addresses fr "www.f.cm" t the LDNS. 8. The LDNS replies with the IP address r the list f IP addresses fr "www.f.cm" t the user. 2.2. Hw the DX-GSLB is integrated int the custmer DNS slutin Three different DX-GSLB integratins are available. Glssary: DNS Static entry An entry where the DNS respnse is always the same IP address. In ther wrds, an entry fr a service which is lcated in ne unique site. Even if the service n this IP address is n lnger available, the DNS server always replies with this IP address. DNS GSLB entry An entry where the DNS respnse may vary. In ther wrds, an entry fr a service lcated in multiple sites. In additin, if the service n a specific site is n lnger available, the DNS server remves this IP address frm it s respnses. Custmer-DNS / DX-GSLB integratin The custmer DNS server receives all DNS queries. Fr static entries, it replies directly lking at its internal DNS entries. Fr GLSB entries, it directs the LDNS t the DX-GSLB t reslve the query. This slutin is the easiest way t test r t migrate t a DX-GSLB slutin. The custmer needs: T create a new sub-dmain fr each GSLB entry in the custmer DNS server T set up all the GSLB entries in the DX-GSLB These 2 pints are detailed in sectin 3.1. This slutin assumes: the custmer has DNS servers in different sites If nt, the slutin is nt highly available. In the case f a site failure where the custmer s DNS server is lcated r in the case f custmer DNS server failure, the services are n lnger accessible. these custmer DNS servers are primary and/r secndary name servers fr its cmpany dmain ("f.cm") Page 5 --- Glbal Server Lad Balancing Nvember 2006
The fllwing figure shws the different steps fr a DNS request received in the data center: 1. The ".cm" DNS server replies with the list f name servers managing "f.cm". In this example, the first name server in the list is the custmer DNS server lcated in the US. 2. The LDNS cntacts the "f.cm" DNS server t knw what is the IP address f "www.f.cm" r "static.f.cm". 3. In the case f static entry, the custmer DNS server replies directly with the IP address t the LDNS. In the case f GSLB entry, the custmer DNS server replies with the list f IP addresses f the DX-GSLBs. 4. In the case f GSLB entry, the LDNS cntacts a DX-GSLB frm the list, querying fr www.f.cm. 5. In the case f GSLB entry, the DX-GSLB replies with the IP address r list f IP addresses fr "www.f.cm" t the LDNS. The way the DX-GSLB respnse is created is detailed in sectin 2.3. DX-GSLB nly integratin The custmer fully replaces its DNS server with the DX-GSLB. With this slutin, the DX-GSLB manages all the DNS entries (GSLB and static entries). The custmer needs: T update the upstream DNS servers with the new name servers (the DX-GSLB) T set up all the entries (static and GSLB) in the DX Nte: On static entries, the DX-GSLB supprts all significant recrd types and zne transfers but it desn't supprt all advanced DNS cnfiguratin, such as split DNS, rndc-keys and advanced frwarding. These 2 pints are detailed in sectin 3.2. Page 6 --- Glbal Server Lad Balancing Nvember 2006
The fllwing figure shws the different steps fr a DNS request received in the data center: 1. The ".cm" DNS server replies the list f name servers managing "f.cm" In this example, the first name server in the list is the DX-GSLB lcated in the US. 2. The LDNS cntacts the "f.cm" DX-GSLB t knw what is the IP address f "www.f.cm" r "static.f.cm" 3. In the case f a static entry, the DX-GSLB replies directly with the IP address t the LDNS. In the case f a GSLB entry, the DX-GSLB replies with the IP address r list f IP addresses fr "www.f.cm" t the LDNS. The way the DX-GSLB respnse is created is detailed in sectin 2.3. DX-GSLB / Custmer-DNS integratin The DX-GSLB receives all DNS queries. Fr GSLB entries, it replies directly lking at its GSLB cnfiguratin. Fr static entries, it cntacts the custmer DNS server t knw the respnse. The custmer needs: T update the upstream DNS servers with the new name servers (the DX-GSLB) T set up all the GSLB entries in the DX-GSLB These 2 pints are detailed in sectin 3.3. Page 7 --- Glbal Server Lad Balancing Nvember 2006
The fllwing figure shws the different steps fr a DNS request received in the data center: 1. The ".cm" DNS server replies with the list f name servers managing "f.cm" In this example, the first name server in the list is the DX-GSLB lcated in the US. 2. The LDNS cntacts the "f.cm" DX-GSLB t knw what is the IP address f "www.f.cm" r "static.f.cm" 3. In case f the GSLB entry "www.f.cm", the DX-GSLB replies directly with the IP address r list f IP addresses fr "www.f.cm" t the LDNS. The way the DX-GSLB respnse is created is detailed in sectin 2.3. In case f a static entry, the DX-GSLB cntacts the custmer DNS server t knw what is the IP address f "static.f.cm" a. custmer DNS server replies with the IP address fr "static.f.cm" t the DX-GSLB b. The DX-GSLB replies with the IP fr "static.f.cm" t the LDNS Page 8 --- Glbal Server Lad Balancing Nvember 2006
2.3. Hw the DX-GSLB creates its DNS respnse Depending n the implementatin selected, the DX-GSLB can reply t DNS requests with: static entries GSLB entries Static entries These entries are defined in GSLB Lcal DNS. The static entries in DX-GSLB are used in "DX-GSLB nly integratin". They can be used in the tw ther integratin cases, but it's unusual and nt cvered in this dcument. Nte: On static entries, the DX-GSLB supprts all significant recrd types and zne transfers but it desn't supprt all advanced DNS cnfiguratin, such as split DNS, rndc-keys and advanced frwarding. GSLB entries These entries are defined in GSLB Reslver Grups. Depending n the custmer needs, multiple ptins are available. Disaster Recvery When the applicatin n the main site is available, all the users accessing this applicatin transparently g t this main site. In case f applicatin failure n the main site r main site failure, all the users fr this applicatin transparently g t the backup site. The plicy t select is "Fixed". The DX-GSLB always replies the first IP address available (up) in the list f sites. Share the lad n the sites with static lad balancing plicy The users are shared t all the different sites available. The DX-GSLB supprts many static ptins t share the users n the multiple sites:. "Randm" The DX-GSLB replies the IP address available (up) in randm rder. "Rundrbin" The DX-GSLB replies the IP address available (up) in rund rbin rder. "Weightedrundrbin" The DX-GSLB replies the IP address available (up) in rund rbin with weight Share the lad n the sites with dynamic lad balancing plicy The users are shared t all the different sites available. The plicy t select is "Metric". The DX-GSLB replies the IP address available (up) depending n the site s DX (member) infrmatin:. byterate: Netwrk interface usage. cnnectins DX-Clusters/DX-Frwarders cnnectins. cpuusage DX CPU usage. memusage DX RAM usage. rtt This case is detailed next (client prximity) Page 9 --- Glbal Server Lad Balancing Nvember 2006
. sessins DX-SLB sessins. targethstavailability DX-Clusters/DX-Frwarders/DX-SLB target servers availability Nte: The DX-GSLB pulls this infrmatin frm different sites. Each site needs t have a DX with the GSLB license. Share the lad n the sites with client prximity The users are shared t their fastest available site. The plicy t select is "Metric" with "rtt". The DX-GSLB replies with the fastest IP address available (up) t the user. T select the fastest site, the DX-GSLB asks a licensed DX in each site t ping (icmp) the LDNS and t reprt the time. The site with the fastest respnse time is selected. Imprtant Ntes:. Sme LDNS can blck ping (icmp) frm Internet. In that case the DX-GSLB wn't be able t make it s decisin and the respnse will be based n ther selected metrics. If n ther metric ther than rtt is selected, the respnse will be the first entry up.. We recmmend changing the rtt default values (detailed in sectin "3.1 DX-GSLB Reslver Grup with metric (ptinal nly with dynamic lad balancing plicy") Let anther DNS server make the respnse r d the respnse frm the DX static entries This entry is nt a GSLB entry but a static entry managed by an external DNS server r the DX static entries. The plicy t select is "Frward". The DX-GSLB frwards the DNS request received t an external DNS server r t its DX static entries. The DNS request is frwarded t the "Target IP:Prt" under the DX-GSLB-Reslver. Page 10 --- Glbal Server Lad Balancing Nvember 2006
2.4. Hw the DX-GSLB checks the site availability The DX-GSLB checks the availability f each site fr each service. The gal is t be sure the DX-GSLB will reslve the DNS request with an IP address that is accessible and available. Up t release 5.2.2, the availability test is that fr each GSLB reslver grup the DX-GSLB des a ping test t each member IP every secnd. Frm release 5.2.3, the availability test is that fr each GSLB reslver grup the DX-GSLB des a ping r TCP check t each member IP every secnd. After tw successive failed tests, the member IP is detected dwn. After ne successful test, the member IP is detected up. Nte: Befre the release 5.2.3 the specific failure case "Applicatin failure n a specific site" was nt cvered. T be cvered, TCP healthcheck has t be selected. Page 11 --- Glbal Server Lad Balancing Nvember 2006
3. Hw t implement DX-GSLB As seen in the previus sectin, there are three pssible DX-GSLB integratins. Depending n the integratin selected the DX-GSLB cnfiguratin varies. The cnfiguratin can be dne in WebUI and CLI. This dcument cvers nly WebUI. 3.1. Custmer-DNS / DX-GSLB integratin The fllwing figure shws the different steps fr a DNS request received in the data center: The custmer DNS server receives all DNS queries. Fr static entries, it replies directly lking at its internal DNS entries. Fr GLSB entries, it cntacts the DX-GSLB t knw the respnse. The custmer needs: T create a new sub-dmain fr each GSLB entries in the custmer DNS server T set up all the GSLB entries in the DX-GSLB These 2 pints are detailed in sectin 3.1. This slutin assumes: the custmer has DNS servers in different sites If nt, the slutin is nt highly available. In case f site failure where the custmer DNS server is r in case f custmer DNS server failure, the services are nt mre accessible. these custmer DNS servers are primary and/r secndary name servers fr its cmpany dmain ("f.cm") Page 12 --- Glbal Server Lad Balancing Nvember 2006
Custmer DNS cnfiguratin This example shws hw t change the DNS server cnfiguratin t frward the GSLB entry (www.f.cm) t the DX. Windws DNS server: Start Windws DNS management (dnsmgmt.msc) Validate the DNS server have the recursin mde enabled Select the DNS server, then "Actin Prperties" and select the Advanced Tab. The "Disable recursin (als disabled frwarders)" has t be unchecked (nt default value). Imprtant Nte: In case f Disaster Recvery GSLB implementatin, yu dn't have t enable the recursin; s yu can keep the default value. In that case the different steps fr a DNS request are: Page 13 --- Glbal Server Lad Balancing Nvember 2006
Delete the "www" recrd Select the Frward Lkup Znes And select the recrd "www", then "Actin Delete" and cnfirm yu want t delete it. Create the "www" sub-dmain new delegatin Select the dmain "f.cm", then "Actin New Delegatin" Fllw the wizard Click "Next" Page 14 --- Glbal Server Lad Balancing Nvember 2006
Select the Delegated Dmain Delegated dmain "www", then "Next". Add the Delegated DNS server Click "Add". Page 15 --- Glbal Server Lad Balancing Nvember 2006
Enter the DX Reslver IP address infrmatin Enter the FQDN name and IP address, then click OK. Fllw the wizard Click "Next" Page 16 --- Glbal Server Lad Balancing Nvember 2006
Fllw the wizard Click "Finish" Unix/Linux DNS server: Validate the DNS server have recursin mde In the "named.cnf" file On BIND 8.x: Cmment the line "recursin n" if present ;recursin n On BIND 9.x: Cmment the line " allw-recursin { nne; };" if present ; allw-recursin { nne; }; Imprtant Nte: In case f Disaster Recvery GSLB implementatin, yu can disable the recursin mde. In that case the different steps fr a DNS request are: Delete the "www" recrd In the zne "f.cm" file Cmment the www A recrd ; www A 10.80.80.11 In the reverse zne fr "f.cm" file Cmment the www PTR recrd ; 11 PTR www.f.cm. Page 17 --- Glbal Server Lad Balancing Nvember 2006
Create the "www" sub-dmain Create a new recrd fr the DX dx-reslver-site1 A 10.80.80.33 dx-reslver-site2 A 20.80.80.33 Create a new NS recrd fr the sub-dmain www.f.cm. www NS dx-reslver-site1.f.cm. www NS dx-reslver-site2.f.cm. Update the serial number in the SOA and relad the zne Page 18 --- Glbal Server Lad Balancing Nvember 2006
DX-GSLB cnfiguratin In this implementatin, the DX-GSLB receives DNS requests nly fr GSLB entries. Each site with ne custmer DNS server requires ne DX-GSLB with fllwing cnfiguratin. This cnfiguratin can be dne via WebUI r CLI. This dcument cvers nly WebUI. DX-GSLB Reslver T set up the DX-GSLB listening IP@ and prt. That's the IP@-prt the custmer DNS server cntacts fr the GSLB entries. In "Services" "Glbal Server LadBalancer" "GSLB Reslvers": Create a new reslver: Set up the reslver then save it: Reslver Name: Listen Address : Prt : Target IP:Prt : Enable Reslver: Reslver name. Nte: It can be any name, but fr clarity we recmmend the dmain name. IP@ and udp/tcp prt Nte: That's the IP@ the custmer DNS server will cntact In case the DNS request can't be reslved by the GSLB entries r the GSLB entry is cnfigured with the plicy Frward, the DNS request is frwarded t the TargetIP:Prt DNS server. LcalDNS means the DX-GSLB tries t its Lcal DNS entries. Nte: In this integratin case, that ptin is useless Enable reslver Page 19 --- Glbal Server Lad Balancing Nvember 2006
DX-GSLB Reslver Grup T set up the GSLB entries.. Add a Grup in "Services" "Glbal Server LadBalancer" "GSLB Reslvers" "Reslver": Set up the Reslver Grup "General" sectin Grup Name: Fail IP: Lad Balancing Plicy: Grup Name Nte: It can be any name, but fr clarity we recmmend the DNS name. IP@ used fr DNS respnse if all member IP@ are dwn GSLB plicy: Frward, Fixed, Randm, RundRbin, WeightedRundRbin, Metric. (default = RundRbin) Nte: Fr explanatin between each plicy, refer t sectin 2.3 Set up the Reslver Grup "Sticky" sectin Enable Sticky: Sticky Timeut: Enable sticky (default = disabled). Fr the DNS requests frm the same LDNS fr that GSLB entry, the DX-GSLB replies always the same IP@. Nte: It is nt required if a client can start the applicatin n site1 and then transparently jump t site2. Since mst f the time it's nt the case, we recmmend sticky enabled. Sticky entry timeut (default = 86400 secs = 1 day) If this LDNS desn't d new DNS request fr that GSLB entry fr the "Sticky Timeut" perid f time; its next request will be lad balanced with the plicy algrithm. Page 20 --- Glbal Server Lad Balancing Nvember 2006
Sticky Netmask: Sticky Netmask (default = 255.255.255.255) LDNS cming frm the same netmask will be stuck t the same site. Nte: Reducing the netmask reduce the number f sticky entries Sticky Max: Sticky Max (default = 16384) Maximum number f sticky entries. Nte: If the DX-GSLB reaches the limit, the lder entry will be remved. Set up the Reslver Grup "DNS" sectin Hst Name: Time t Live: Authritative Dmain: Authritative DNS Server: Answer Mde: DNS name Nte: Must be the fully qualified dmain name Attentin this hst name is withut a "." at the end In case f Disaster Recvery GSLB implementatin, where the custmer DNS server has the recursin disabled (cf abve Custmer DNS cnfiguratin), change the value t 1sec. DNS TTL (default = 300 secs = 5mins) Nte: Attentin LDNS can verwrite this value. And the client can verwrite it t. Fr instance Internet Explrer verwrites all TTL lwer than 30 mins t 30 mins. Firefx des that same but the limit is at 15 mns. In "Custmer-DNS / DX-GSLB integratin", it's the subdmain. In "DX-GSLB nly integratin" and "DX-GSLB / Custmer-DNS integratin", it's the dmain (cf sectin 3.2 r 3.3). Nte: That's the dmain. Attentin this dmain name is with a "." at the end In "Custmer-DNS / DX-GSLB integratin", it's with the sub-dmain. In "DX-GSLB nly integratin" and "DX-GSLB / Custmer-DNS integratin", it's with the dmain (cf sectin 3.2 r 3.3). Nte: That's the authritative name server fr this dmain. (This infrmatin has t be asked t the custmer r retrieved with a applicatin, as DIG) Attentin this hst name is with a "." at the end "Single" r "Multiple" IP@. The DX replies ne IP@ r a list f IP@. Nte: It can be multiple if a client can start the applicatin n site1 and then can transparently jump t site2. Since mst f the time it's nt the case, we recmmend Answer Mde Single. Page 21 --- Glbal Server Lad Balancing Nvember 2006
Technical explanatin: The LDNS, when they receive multiple IP@, shuffle the list f IP befre replying the IP t the clients. Set up the Reslver Grup "Members" sectin Name: Remte Nde: IP: Site name. Nte: Can be any name, but fr clarity we recmmend the site name. GSLB Remte Nde. This is used nly with the dynamic lad balancing plicy (plicy "Metric" selected in "General" sectin) therwise it's useless. Nte: The dynamic lad balancing plicy cases are described further. Site IP@. That's the IP@ fr the applicatin n the site. Weight: Weight (default = 1). Nte: This is used nly with the plicy "WeightedRundRbin" Set up the Reslver Grup "Service Checking" sectin Enable Service Checking: Service Check Mde: Service Check Prts: Service check status By default: enabled. Can be ICMP r TCP. By default: ICMP Can be 1 r a list r TCP prts. Used nly if TCP Service Check Mde is selected. All f them have t be up t have the site cnsidered up. By default, n TCP prts are cnfigured. Set up the Reslver Grup "Metric" sectin This sectin is needed nly in case f dynamic lad balancing plicy (plicy "Metric" is selected in the "General" sectin). Tw extra steps need t be set up first in the case f dynamic lad balancing plicy: DX-GSLB Remte Ndes DX-GSLB Agent The next page describes the dynamic lad balancing plicy cnfiguratin. If yu dn't use dynamic lad balancing plicy, finish with the last pint belw. Page 22 --- Glbal Server Lad Balancing Nvember 2006
Click OK and Save Page 23 --- Glbal Server Lad Balancing Nvember 2006
DX-GSLB Agent and Remte Ndes (ptinal nly with metric lad balancing plicy) T set up the DX-GSLB prbing t the DX at the different sites. This cmmunicatin will be used nly if the GSLB Lad Balancing Plicy "metric" is selected in ne f the DX-GSLB Reslver Grup. Set up the DX-GSLB Agent The DX-GSLB Agent is the prcess listening t the DX-GSLB Reslver prbes requests. This has t be set up in all the DX in different sites with DX-Clusters/DX-Frwarders/DX- SLB VIP fr GSLB entries (including the DX-GSLB Reslver themselves if they are managing DX-Clusters/DX-Frwarders/DX-SLB VIP fr GSLB entries t) In "Services" "Glbal Server Lad Balancer" "GSLB Agent": Set up the DX-GSLB Agent Enable Agent: Prcess status: Listen Address : Prt: Enable Encryptin: Key: Save the cnfiguratin Enable DX-GSLB Agent Display the DX-GSLB Agent status IP@ and TCP prt This IP has t be unique but can be n any DX interface. Nte: The DX-GSLB Reslvers must be able t cmmunicate t that IP:prt. Enable Encryptin Key Nte: Multiple keys can be defined in case each DX-GSLB Reslvers uses a specific ne Page 24 --- Glbal Server Lad Balancing Nvember 2006
Set up the DX-GSLB Remte Ndes The DX-GSLB Remte Ndes are the DX-GSLB Agent in different sites managing the DX- Clusters/DX-Frwarders/DX-SLB VIP fr GSLB entries. This has t be set up in the DX-GSLB Reslver sites. In "Services" "Glbal Server Lad Balancer" "GSLB Remte Ndes": Create as many New Remtendes as sites with DX Create as many New Remtendes as sites with DX Name: IP Address : Prt: Interval: Timeut: Enable Encryptin: Encryptin Key: Name Nte: It can be any name, but fr clarity we recmmend the site name. IP@ and TCP prt That's the site DX-GSLB agent IP@ and TCP prt Prbe interval (default = 3 sec) Timeut (default = 3 sec) Enable Encryptin Encryptin Key Save the cnfiguratin Page 25 --- Glbal Server Lad Balancing Nvember 2006
DX-GSLB Reslver Grup with metric (ptinal nly with dynamic lad balancing plicy) DX-GSLB Agent and Remte Ndes have t be set up first. Set up the Reslver Grup "Members" sectin with the Remte Nde Set up the Reslver Grup "Metric" sectin Smthing: Any Max Any Weight Rund Trip Time Rund Trip Time Max: Rund Trip Time Time Out: Rund Trip Time Cunt: Rund Trip Time Net Mask: Cnnectins: Sessins: Byte Rate: Memry Usage Hw fast metric fluctuatins are imprtant in the decisin. Values are Lw, Medium and High. Maximum where when reached the site is remved frm the balancing Imprtance dedicated t that field. Nte: Range between 0 (n cnsidered) t 100 (highest pririty) Nte: At least ne field must have a weight greater than 0 DX-LDNS ping respnse time DX-LDNS ping maximum respnse time Nte: Change the default value t 200 DX-LDNS ping time ut Nte: Change the default value t 200 Number f RTT tries: Nte: Change the default value t 3 RTT netmask: Nte: rtt is nt supprted in this DX-GSLB implementatin DX-Clusters / DX-Frwarders cnnectins Nte: It's fr all DX-Clusters / DX-Frwarders and nt fr a specific ne. DX-SLB sessins Nte: It's fr all DX-SLB and nt fr a specific ne. Netwrk interface usage Nte: That's the Bytes In/Out f the interface with the highest rate DX RAM usage Page 26 --- Glbal Server Lad Balancing Nvember 2006
CPU Usage: Hst Available Min.(%): DX CPU usage Minimum DX-Clusters / DX-Frwarders / DX-SLB target servers availability Nte: It's fr all VIP and nt fr a specific ne. Click OK and Save Page 27 --- Glbal Server Lad Balancing Nvember 2006
3.2. DX-GSLB nly integratin The fllwing figure shws the different steps fr a DNS request received in the data center: The custmer fully replaces its DNS server with the DX-GSLB. With this slutin, the DX-GSLB manages all the DNS entries (GSLB and static entries). The custmer needs: T update the cmpany upstream DNS servers with the new name servers (the DX-GSLB) T set up all the entries (static and GSLB) in the DX Nte: On static entries, the DX-GSLB supprts all significant recrd types and zne transfers but it desn't supprt all advanced DNS cnfiguratin, such as split DNS, rndc-keys and advanced frwarding. Custmer DNS cnfiguratin Cntact yur DNS prvider t update yur dmain name server infrmatin with DX-GSLB Reslver IP@. DX-GSLB cnfiguratin In this cnfiguratin, the DX-GSLB receives all DNS requests (GSLB and static entries). Each site acting as Primary r Secndary name servers requires ne DX-GSLB with the fllwing cnfiguratin. This cnfiguratin can be dne via WebUI r CLI. This dcument cvers nly WebUI. DX-GSLB Reslver Same as sectin 3.1. The nly add-ns are: Page 28 --- Glbal Server Lad Balancing Nvember 2006
Set up the reslver (red squares) then save it Reslver Name: Listen Address : Prt : Target IP:Prt : Enable Reslver: Reslver name. Nte: It can be any name, but fr clarity we recmmend the dmain name. IP@ and udp/tcp prt Nte: That's the IP@ the custmer DNS server will cntact In case the DNS request can't be reslved by the GSLB entries r the GSLB entry is cnfigured with the plicy Frward, the DNS request is frwarded t the TargetIP:Prt DNS server. LcalDNS means the DX-GSLB tries t its Lcal DNS entries. Enable reslver Set up the Reslver Grup "DNS" sectin Hst Name: Time t Live: Authritative Dmain: Authritative DNS Server: DNS name Nte: Must be the fully qualified dmain name Attentin this hst name is withut a "." at the end In case f Disaster Recvery GSLB implementatin, where the custmer DNS server has the recursin disabled (cf abve Custmer DNS cnfiguratin), change the value t 1sec. DNS TTL (default = 300 secs = 5mins) Nte: Attentin LDNS can verwrite this value. And the client can verwrite it t. Fr instance Internet Explrer verwrites all TTL lwer than 30 mins t 30 mins. Firefx des that same but the limit is at 15 mns. In "Custmer-DNS / DX-GSLB integratin", it's the subdmain (cf sectin 3.1). In "DX-GSLB nly integratin" and "DX-GSLB / Custmer-DNS integratin", it's the dmain. Nte: That's the dmain. Attentin this dmain name is with a "." at the end In "Custmer-DNS / DX-GSLB integratin", it's with the sub-dmain (cf sectin 3.1). In "DX-GSLB nly integratin" and "DX-GSLB / Custmer-DNS integratin", it's with the dmain. Nte: That's the authritative name server fr this dmain. (This infrmatin has t be asked t the custmer r retrieved with a applicatin, as DIG) Page 29 --- Glbal Server Lad Balancing Nvember 2006
Answer Mde: Attentin this hst name is with a "." at the end "Single" r "Multiple" IP@. The DX replies ne IP@ r a list f IP@. Nte: It can be multiple if a client can start the applicatin n site1 and then can transparently jump t site2. Since mst f the time it's nt the case, we recmmend Answer Mde Single. Technical explanatin: The LDNS, when they receive multiple IP@, shuffle the list f IP befre replying the IP t the clients. DX-GSLB Reslver Grup Same as sectin 3.1. DX-GSLB Agent and Remte Ndes (ptinal nly with dynamic lad balancing plicy) Same as sectin 3.1. DX-GSLB Reslver Grup with metric (ptinal nly with dynamic lad balancing plicy) Same as sectin 3.1. DX-static cnfiguratin In this cnfiguratin, the DX-GSLB receives all DNS requests (GSLB and static entries). Each site acting as Primary r Secndary name servers requires ne DX-GSLB with the fllwing cnfiguratin. This cnfiguratin can be dne via WebUI r CLI. This dcument cvers nly WebUI. DX-GSLB LcalDNS T set up the static entries fr a dmain. In "Services" "Glbal Server LadBalancer" "GSLB Lcal DNS": Create a new Lcal DNS: Page 30 --- Glbal Server Lad Balancing Nvember 2006
Set up the new Lcal DNS "General" sectin: Dmain Name: Time t Live: Cntact Email: Sequence Number: Enable Aut Increment: Dmain name Attentin this dmain name is with a "." at the end DNS entry TTL (default = 300 sec = 5 min) Cntact Email Nte: DNS administratr email Attentin this dmain name is with a "." at the end Sequence number Sequence number aut incremented Set up the new Lcal DNS "A" sectin: Enter all static A recrds and click Add fr each. Hst: IP Address: Hst name Attentin this is the hst withut the dmain infrmatin Static IP@ fr that hst name Set up the new Lcal DNS "CNAME" sectin: Enter all CNAME recrds and click Add fr each. Hst: Alias: Hst name Attentin this is the hst withut the dmain infrmatin Alias fr that hst name Set up the new Lcal DNS "PTR" sectin: PTR shuld be supprted in 5.2.5. Set up the new Lcal DNS "NS" sectin: Enter all NS recrds and click Add fr each. This recrd is required t get DX LcalDNS wrking. Nte: T be realistic in that example, I shuld have an A recrd fr the hst "ns" Page 31 --- Glbal Server Lad Balancing Nvember 2006
Set up the new Lcal DNS "MX" sectin: Enter all MX recrds and click Add fr each. Nte: T be realistic in that example, I shuld have an A recrd fr the hst "mx " Click Save: Page 32 --- Glbal Server Lad Balancing Nvember 2006
3.3. DX-GSLB / Custmer-DNS integratin The fllwing figure shws the different steps fr a DNS request received in the data center: The DX-GSLB receives all DNS queries. Fr GSLB entries, it replies directly lking at its GSLB cnfiguratin. Fr static entries, it cntacts the custmer DNS server t knw the respnse. The custmer needs: T update the cmpany upstream DNS servers with the new name servers (the DX-GSLB) T set up all the GSLB entries in the DX-GSLB Custmer DNS cnfiguratin Cntact yur DNS prvider t update yur dmain name server infrmatin with DX-GSLB Reslver IP@. Otherwise, this integratin desn't require any change in the custmer DNS server. DX-GSLB cnfiguratin In this cnfiguratin, the DX-GSLB receives all DNS requests (GSLB and static entries). Each site acting as Primary r Secndary name servers requires ne DX-GSLB with the fllwing cnfiguratin. This cnfiguratin can be dne via WebUI r CLI. This dcument cvers nly WebUI. DX-GSLB Reslver Same as sectin 3.1. The nly add-ns are: Page 33 --- Glbal Server Lad Balancing Nvember 2006
Set up the reslver (red squares) then save it Reslver Name: Listen Address : Prt : Target IP:Prt : Enable Reslver: Reslver name. Nte: It can be any name, but fr clarity we recmmend the dmain name. IP@ and udp/tcp prt Nte: That's the IP@ the custmer DNS server will cntact In case the DNS request can't be reslved by the GSLB entries, the DNS request is frwarded t the TargetIP:Prt DNS server. LcalDNS means the DX-GSLB tries t its Lcal DNS entries. Nte: In this integratin case, this must be the custmer DNS server. Enable reslver Set up the Reslver Grup "DNS" sectin Hst Name: Time t Live: Authritative Dmain: Authritative DNS Server: DNS name Nte: Must be the fully qualified dmain name Attentin this hst name is withut a "." at the end In case f Disaster Recvery GSLB implementatin, where the custmer DNS server has the recursin disabled (cf abve Custmer DNS cnfiguratin), change the value t 1sec. DNS TTL (default = 300 secs = 5mins) Nte: Attentin LDNS can verwrite this value. And the client can verwrite it t. Fr instance Internet Explrer verwrites all TTL lwer than 30 mins t 30 mins. Firefx des that same but the limit is at 15 mns. In "Custmer-DNS / DX-GSLB integratin", it's the subdmain (cf sectin 3.1). In "DX-GSLB nly integratin" and "DX-GSLB / Custmer-DNS integratin", it's the dmain. Nte: That's the dmain. Attentin this dmain name is with a "." at the end In "Custmer-DNS / DX-GSLB integratin", it's with the sub-dmain (cf sectin 3.1). In "DX-GSLB nly integratin" and "DX-GSLB / Custmer-DNS integratin", it's with the dmain. Nte: That's the authritative name server fr this dmain. (This infrmatin has t be asked t the custmer r retrieved Page 34 --- Glbal Server Lad Balancing Nvember 2006
Answer Mde: with a applicatin, as DIG) Attentin this hst name is with a "." at the end "Single" r "Multiple" IP@. The DX replies ne IP@ r a list f IP@. Nte: It can be multiple if a client can start the applicatin n site1 and then can transparently jump t site2. Since mst f the time it's nt the case, we recmmend Answer Mde Single. Technical explanatin: The LDNS, when they receive multiple IP@, shuffle the list f IP befre replying the IP t the clients. DX-GSLB Reslver Grup Same as sectin 3.1. DX-GSLB Agent and Remte Ndes (ptinal nly with dynamic lad balancing plicy) Same as sectin 3.1. DX-GSLB Reslver Grup with metric (ptinal nly with dynamic lad balancing plicy) Same as sectin 3.1. Page 35 --- Glbal Server Lad Balancing Nvember 2006
4. DX-GSLB status and stats This can be dne via CLI nly. 4.1. DX-GSLB status As seen in the previus sectin, there are different cmpnents in a DX-GSLB implementatin: DX-GSLB Reslver DX-Agent DX-Remte Ndes DX-LcalDNS DX-GSLB Reslver The DX-GSLB Reslver status is the DX DNS service status. In CLI: "shw gslb reslver <reslver-name> status" dx-107-7% shw gslb reslver f.cm status GSLB Reslver [f.cm] Status: enabled (failver: Master) In case f DX failver, nly the DX master runs the GSLB Reslver. DX-GSLB Reslver GSLB entry member status The DX-GSLB Reslver GSLB entry member status is t see the different sites status fr the GSLB entries. In CLI: "shw gslb reslver <reslver-name> grup <grup -name> member all" dx-107-7% shw gslb reslver f.cm grup www.f.cm member all GSLB Member [site2] RemteNde: 1 IP: 1.1.1.1 Weight: 1 IP Status: up GSLB Member [site1] RemteNde: 2 IP: 2.2.2.2 Weight: 1 IP Status: dwn When a member is dwn, that means the DX-GSLB Reslver health check fails. As said in sectin 2.4, this healthcheck is a ping up t release 5.2.2 and can be a ping r TCP healthchecks frm 5.2.3. DX-GSLB Agent The DX-GSLB Agent status is the status f the lcal DX agent prcessing the DX-GSLB Reslver prbe requests. In CLI: "shw gslb agent" dx-107-7% shw gslb agent GSLBAgent: enabled (failver: Master) In case f DX failver, nly the DX master runs the GSLB Reslver. Nte: This cmmand prvides sme extra infrmatin nt related t the status. Page 36 --- Glbal Server Lad Balancing Nvember 2006
DX-GSLB Remte Ndes The DX-GSLB Remte Nde status is the status f the remte DX agent prcessing the DX-GSLB Reslver prbe requests. In CLI: "shw gslb remtende <nde-name> stats" dx-107-7% shw gslb remtende Site1 stats Remtende [Site1]: Status: Up If the status is "Initializing", that's usually because this remte nte is nt used in a DX-GSLB Reslver with plicy metric. If the status is "Dwn", that's usually because this remte nte cannt be cntacted by the DX-GSLB Reslver. Nte: This cmmand prvides sme extra infrmatin nt related t the status. DX-GSLB LcalDNS There is n status displayed fr this service. This service is always running as sn as a DX-GSLB Reslver is cnfigured t frward request t its Lcal DNS. Page 37 --- Glbal Server Lad Balancing Nvember 2006
4.2. DX-GSLB stats As seen in the previus sectin, there are different cmpnents in a DX-GSLB implementatin: DX-GSLB Reslver DX-Agent DX-Remte Ndes DX-LcalDNS DX-GSLB Reslver Glbal stats fr a DX-GSLB Reslver: In CLI: "shw gslb reslver <reslver-name> stats" dx-107-7% shw gslb reslver f.cm stats GSLB UDP --- Requests: 290 Replies: 85 Frwards: 205 Replies frm DNS server: 205 Errrs: 0 TCP --- Requests: 0 Replies: 0 Frwards: 0 Replies frm DNS server: 0 Errrs: 0 Ttal ----- Requests: 290 Replies: 85 Frwards: 205 Replies frm DNS server: 205 Errrs: 0 Request Types ------------- A: 282 NS: 0 CNAME: 0 SOA: 0 PTR: 6 MX: 0 Other: 2 Specific stats fr a DX-GSLB Reslver: In CLI: "shw gslb reslver <reslver-name> grup <grup -name> stats " dx-107-7% dx-107-7% shw gslb reslver f.cm stats Ttal Requests: 82 Pending Requests: 0 Ttal Replies: 82 Nrmal Replies: 82 FailIP Replies: 0 Empty Replies: 0 Errrs: 0 Sticky Entries: 0 Page 38 --- Glbal Server Lad Balancing Nvember 2006
DX-GSLB Reslver GSLB entry member stats The DX-GSLB Reslver GSLB entry member stats is t see hw many times the IP address f this site was replied. In CLI: "shw gslb reslver <reslver-name> grup <grup -name> member <member-name> stats" dx-107-7% shw gslb reslver f.cm grup www.f.cm member site1 stats Times served: 14 Times served first: 14 Number f times the DX-GSLB Reslver replied the IP@ f this site first in the list. Number f times the DX-GSLB Reslver replied the IP@ f this site at any place in the list. Nte: Of curse f the Answer Mde is single bth values are the same. With the Answer Mde multiple they may be different. DX-GSLB Agent In CLI: "shw gslb agent stats" dx-107-7% shw gslb agent stats Metrics Requests Received: 42409 Metrics Replies Sent: 42409 RTT Requests Received: 0 RTT Replies Sent: 0 DX-GSLB Remte Ndes In CLI: "shw gslb remtende <nde-name> stats" dx-107-7% shw gslb remtende Site1 stats Remtende [Site1]: Status: Up RTT Requests Sent: 0 RTT Replies: 0 RTT Errrs: 0 Metric Requests Sent: 42433 Metric Replies: 42433 Metric Errrs: 0 cnnfree sessfree netavail memfree cpufree thavail 1) 100% 100% 100% 54% 99% 80% 14 0 2788 54 99 80 2) 100% 100% 100% 54% 99% 80% 14 0 2190 54 99 80 3) 100% 100% 100% 54% 99% 80% 14 0 3804 54 99 80 4) 100% 100% 100% 54% 99% 80% 14 0 3069 54 99 80 5) 100% 100% 100% 54% 99% 80% 14 0 2664 54 99 80 6) 100% 100% 100% 54% 99% 80% 14 0 3596 54 99 80 7) 100% 100% 100% 54% 99% 80% 14 0 2641 54 99 80 8) 100% 100% 100% 54% 100% 80% 14 0 3004 54 100 80 9) 100% 100% 100% 54% 99% 80% 14 0 1882 54 99 80 10) 100% 100% 100% 54% 99% 80% 14 0 3685 54 99 80 If all the stats are at zer, that's usually because this remte nte is nt used in a DX-GSLB Reslver with plicy metric r because this remte nte cannt be cntacted by the DX-GSLB Reslver. Page 39 --- Glbal Server Lad Balancing Nvember 2006
DX-GSLB LcalDNS There is n statistic fr this service. Page 40 --- Glbal Server Lad Balancing Nvember 2006
5. Hw t check GSLB cnfiguratin The gal is t check the DNS respnse fr a particular name frm a particular lcatin. T see easily a DNS respnse, all perating systems (Windws, Unix, Linux) cme with the applicatin nslkup. This applicatin runs n any shell. Nte: On Windws t start a shell: "Start" "Run" "cmd" then press OK. Select the DNS server nslkup will use fr its requests Start nslkup: "nslkup" Select the DNS server (DX-GSLB Reslver IP@): "server <IP@>" D yur DNS queries The fully qualified hst name yu want t reslver: "<Hst>" With a screensht dne n Windws: Nte: Depending n the DX-GSLB Reslver Grup cnfiguratin, the answer can be single (as displayed) r multiple. Page 41 --- Glbal Server Lad Balancing Nvember 2006