Global Server Load Balancing (GSLB) Concepts Section
Section Objectives GSLB Overview GSLB Configuration Options GSLB Components Server Mode Configuration 2
Global Server Load Balancing (GSLB) Key ACOS GSLB benefits Provides data center failover and continuity Optimizes multi-site deployments Ensures users' Web experience is the fastest DNS Proxy Technology Continue to use existing DNS infrastructure without changing DNS server configuration No need to create or delegate sub domains, existing DNS maintains control 3
Types of Global Server Load Balancing DNS-Based Global Server Load Balancing (GSLB)Global Server Load Balancing enables AX to add intelligence to authoritative Domain Name System (DNS) servers The GSLB controller evaluates the DNS replies and based on the results of that evaluation it directs traffic to the 'best' site by replacing the IP address in the DNS reply IP-Based - Route Health Injection (RHI) Routing based global server load balancing RHI allows the ACOS to advertise the availability of a VIP throughout the network. Inject static route for VIP and redistribute to routing protocol, support RIP, OSPF, IS-IS, BGP, RIPng, OSPFv3, IS-ISv6, BGP4+ Typical topology includes primary and backup site, with backup monitoring primary s health, and inject VIP route in case of primary failure Also supports 'IP Anycast' 4
AX DNS-based GSLB Overview DNS-based GSLB uses Domain Name Service (DNS) technology to extend load balancing to a global scale Provides dynamic and flexible policies for selecting fairness and distribution to multiple sites Operates in two main modes Proxy mode The ACOS device acts as a proxy for an external DNS server. In proxy mode, the ACOS device can update the A and AAAA records in its response to client requests, but it forwards requests for all other record types to the external DNS server. Server mode The ACOS device directly responds to queries for specific service IP addresses in the GSLB zone. In server mode, the ACOS device can reply with A, AAAA, MX, NS, PTR, SRV and SOA records. For all other records, the ACOS device will attempt proxy mode unless configured as fully authoritative. 5
ACOS GSLB Proxy Mode Advantages Can be implemented without impacting current DNS traffic Does not require change in DNS server IP address Customer can be using external DNS service Disadvantages Requires changes to DNS server configuration Add Sub-domain to existing DNS for ACOS Add ACOS proxy ip as NS records Add ACOS proxy ip as A records CNAME existing records to sub-domain Requires second DNS request by client 6
ACOS GSLB Server Mode (Authoritative) Advantages Does not require changes to current DNS server configuration Single client request for domain resolution services Can be implemented with DNS firewall, and provide SLB services to DNS servers Disadvantages Requires changes to DNS server IP address, or change in registered NS server IP address Can not be implemented without downtime Customer has to own and run their own DNS servers 7
GSLB Components Controller Receives client DNS requests, maintains GSLB configuration and health status among site devices. Can have multiple controllers for redundancy Policy Configurable parameters evaluated against a client request to select the best site to send the request to Zones A DNS domain for GSLB. A device can be configured with one or more GSLB zones. Each zone can contain one or more GSLB sites. xyz.com is a domain. Sites A server farm locally managed by an ACOS device that performs ADC services for the site Services An application such as HTTP or FTP. Each zone can be configured with one or more services. www.xyz.com is a service where www is the http service or an application in the xyz.com zone Service IP The virtual servers defined under service-ip are used for GSLB 8
GSLB Server Mode Configuration Configuration steps Configure SLB (if not already configured) Create DNS Server VIP Configure Service IPs for VIPs Create (or modify existing Default) GSLB Policy Create Sites, add SLB Devices and VIPs for the Site Create Zone and configure service Enable the GSLB protocol for site device function (Controller or Device) Note To configure Proxy mode, follow standard SLB procedures (Servers, Service Groups, VIP, etc.) that utilize external DNS servers and enable it for GSLB when configuring the virtual port Note 2 GSLB Policies will be covered in another module 9
Configuring the DNS VIP For Server Mode configurations Create the Virtual Server slb virtual-server dns1 100.0.0.53 Add the UDP port (usually 53) port 53 dns-udp Enable GSLB on the port gslb-enable To configure Proxy Mode, create Servers for the actual (external) DNS servers, place them in a Service Group and apply to the Virtual Port 10
Configuring Service IPs The Service IPs are the addresses of Virtual Servers that will be part of the GSLB solution in a given zone Add the name and ip, then the port hosting the service gslb service-ip vip3 100.0.0.66 port 80 tcp The Service IP can also have health checks assigned and, if needed, an External IP allowing a service IP that has an internal IP address to be reached from outside the internal network 11
GSLB Site configuration Sites represent the server farm that is locally managed by the device that performing server load balancing for the site Create the site, define the IP of the ACOS device for the site, then add the VIP servers configured earlier gslb site newyork slb-dev A3 60.0.0.1 vip-server vip2 12
Configuring GSLB Zones and Services P 1 A zone is a DNS domain used by GSLB and acts as the start of authority for the name space and, when combined with the service name, creates the FQDN for client DNS queries A service is an application such as HTTP or FTP and can be the well-known name of the application or by port number gslb zone a10class.com service http www In the above example, the zone name is a10class.com, the service is HTTP with the name www. Clients would then query www.a10class.com when connecting to the VIP 13
Configuring GSLB Zones and Services P 2 The dns-a-record command is used to create the A records for the zone, binding the service/zone name to the service IPs (VIPs) within the zone gslb zone a10training.com service http www dns-a-record vip2 static dns-a-record vip1 static At the Service level of the configuration, additional dns records such as C-NAME, mx, and NS can be created 14
The GSLB Protocol Uses TCP port 4149 AX devices use the GSLB protocol for GSLB management traffic (between GSLB controller and sites) The GSLB controller collects following information from the site AX load balancers Virtual IP addresses & active servers ardt (active-round Delay Time) Site session capacity statistics Connection load Number of active sessions Update interval default is 30 seconds (ranges from 1 to 300 seconds) VIP information is sent asynchronously 15
Enabling the GSLB Protocol AX devices use the GSLB protocol for GSLB management traffic. The protocol must be enabled on the GSLB controller gslb protocol enable controller For redundancy, multiple controllers can be enabled and placed in a controller group which can automatically synchronize GSLB configurations and service IP status among multiple GSLB controllers for a GSLB zone Enabling the protocol on devices in other sites in the GSLB configuration is optional, but is required for in order to take advantage of certain policy options and default health checks. A10 recommends enabling the GSLB protocol on all devices gslb protocol enable device Note - For more information on Controller Groups see the GSLB configuration guide 16
GSLB Configuration Best Practices For redundancy, use Controller Groups with Controllers configured in multiple sites Use Controllers for both GSLB and SLB Server Mode (authoritative) configurations can also have the customers existing DNS servers in a service group under the DNS VIP. These servers hold records or name space for which the Controller is not authoritative. Non-authoritative queries are automatically forwarded to those servers. Enable the GSLB protocol on all devices 17
GSLB Policy Section
Section Objectives Policy Overview Policy Metrics Policy Settings Policy Configuration 2
GSLB Policy A list of metrics used to determine the best site to use for a given client s request Health Check, Round Robin and Geographic enabled by default but can be disabled All other metrics must be enabled to be used Applied to the zone or service level within a zone Features a Default policy which is used for all GSLB zones and services unless an Admin created policy is applied to a zone or service 3
GSLB Policy Metric Evaluation Each Site metric is evaluated in a (configurable) order and is marked when a match occurs Evaluations continue only on marked sites until all configured parameters are checked Once each Site is evaluated, the user request is sent to the Site with the most matches In the event of a tie, requests are fulfilled in round robin Four Site Example: Site A, Site B, Site C and Site D all could potentially handle a client request Site B fails Health Check, leaving A, C and D for the next metric Site A and D match on Geographic, eliminating C Site A has an assigned higher weight than D, eliminating D Request will be sent to Site A 4
GSLB Policy Settings 1 of 2 Health Check (1) Services that pass health checks are preferred * Round Robin (14) Sites are selected in sequential order * Geographic (7) Services located within the client s geographic region are preferred * Weighted-IP (2) Service IP with higher assigned weight are used more often than the service-ip with lower weights Weighted Site (3) Sites with higher assigned weights are used more often Session Capacity (4) Sites with more available sessions based on respective maximum Session-Capacity are preferred Active-Servers (5) Sites with most currently active servers are preferred NOTE - Numbers in parentheses represent default metric order number which can be modified * Enabled by default but can be disabled 5
GSLB Policy Settings 2 of 2 Active Round Delay Time (6) Sites with faster round delay times for DNS queries and replies between a site and local GSLB are preferred Connection Load (8) Sites that are not exceeding their thresholds for new connections are preferred Num-Session (9) Sites that are not exceeding available session capacity threshold compared to other sites are treated as having the same preference Admin Preference (10) The site with the highest admin set preference is selected BW-Cost (11) Selects sites based on bandwidth utilization on the site AX links Least Response (12) Service IP addresses with the fewest hits are preferred Admin-IP (13) IP addresses are preferred based on administratively assigned weight 6
Policy Configuration To create a Policy use the following gslb policy [name] Once in the policy s context, enable and configure policy entries. Some metrics are enabled by entering the name of the metric (config-gslb policy)#least-response Other metrics are first configured at the site or zone level and then enabled by adding them to the policy (config-gslb site-slb dev)#admin-preference? <0-255> Specify admin-preference value, default is 100 In the above example, a priority is set at the device level of a site, the metric will then be evaluated once enabled on the policy (config-gslb policy)#admin-preference 7
Modifying Metric Order CLI Use the metric order command under the context of the policy followed by the metrics you wish to use: (config-gslb policy)#metric-order least-response admin-preference Using the above example, least-response and admin-preference are now 1 and 2 in the evaluation order. Heath-check, being the previous number 1 drops to 3 #show gslb policy pol1 ------------------------------------ least-response 1 yes admin-preference 2 yes health-check 3 yes The above example is only partial output for the command 8
Modifying Metric Order GUI Config> GSLB> Policy. Select Policy, Drag and drop to modify metric order Dragging metrics to the left will automatically enable them. Once enabled, these metrics can also be dragged up or down to put them in desired order. 9
Applying GSLB Policies CLI At the zone level (config)#gslb zone a10training.com (config-gslb zone)#policy pol-1 At the service level (config)#gslb zone a10training.com (config-gslb zone)#service http www (config-gslb zone-gslb service)#policy pol-2 10
Applying GSLB Policies GUI Config> GSLB> Zone Click zone name and choose a policy from dropdown for Zone level. To apply at Service level, from the Zone page, select the service name and click edit. Choose policy from the dropdown. 11
GSLB Policy Best Practices For Active Standby data centers use Admin IP policy to always send traffic to primary site, unless it is unreachable For Active Active scenarios, take advantage of geo-location, weighting, or RTT to determine best site to send client request 12