Brocade Communications Systems ADX 12.4.00 User Manual
53-1002437-01
®
January 2012
ServerIron ADX
Global Server Load Balancing Guide
Supporting Brocade ServerIron ADX version 12.4.00
© 2012 Brocade Communications Systems, Inc. All Rights Reserved.
Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, TurboIron, and
ngspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary Networks,
Wi
MyBrocade, VCS, and VDX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other
countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective
owners.
Notice: This document is for informational purposes only and does not set f
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to
this document at any time, without notice, and assumes no responsibility for its use. This informational document describes
features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United States government.
orth any warranty, expressed or implied, concerning
Brocade Communications Systems, Incorporated
Corporate and Latin American Headquarters
Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
Tel: 1-408-333-8000
Fax: 1-408-333-8101
E-mail: info@brocade.com
European Headquarters
Brocade Communications Switzerland Sàrl
Centre Swissair
Tour B - 4ème étage
29, Route de l'Aéroport
Case Postale 105
CH-1215 Genève 15
Switzerland
Tel: +41 22 799 5640
Fax: +41 22 799 5641
E-mail: emea-info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Systems China HK, Ltd.
No. 1 Guanghua Road
Chao Yang District
Units 2718 and 2818
Beijing 100020, China
Tel: +8610 6588 8888
Fax: +8610 6588 9999
E-mail: china-info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Systems Co., Ltd. (Shenzhen WFOE)
Citic Plaza
No. 233 Tian He Road North
Unit 1308 – 13th Floor
Guangzhou, China
Tel: +8620 3891 2000
Fax: +8620 3891 2111
E-mail: china-info@brocade.com
Document History
Title Publication number Summary of changes Date
ServerIron ADX Global Server Load
Balancing Guide
53-1002437-01 New document January 2012
Contents
About This Document
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Notes, cautions, and danger notices . . . . . . . . . . . . . . . . . . . . . . x
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Getting technical help or reporting errors . . . . . . . . . . . . . . . . . . . . . . xi
Web access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xi
E-mail and telephone access . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Chapter 1 Global Server Load Balancing
Global Server Load Balancing overview . . . . . . . . . . . . . . . . . . . . . . . 1
Basic concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
GSLB example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
GSLB policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Minimum required configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Configuring GSLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Proxy for DNS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Adding a source IP address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring real server and virtual server for the DNS server .18
Enabling the GSLB protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Configuring a site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Specifying site locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Specifying GSLB controller locations . . . . . . . . . . . . . . . . . . . . .21
Configuring a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Private VIPs for GSLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Configuring a public IP address for a VIP . . . . . . . . . . . . . . . . . .27
Private VIP display information . . . . . . . . . . . . . . . . . . . . . . . . . .28
Configuring GSLB protocol parameters . . . . . . . . . . . . . . . . . . . . . . .29
Secure GSLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Initial session key generation . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
RSA challenge dialogue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
GSLB message content randomization . . . . . . . . . . . . . . . . . . . 58
Configuring secure GSLB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Regenerating the session keys . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Minimum GSLB configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
ServerIron ADX Global Server Load Balancing Guide iii
53-1002437-01
Site persistence in GSLB using stickiness. . . . . . . . . . . . . . . . . . . . .64
Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Enabling sticky GSLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Allowing sticky sessions for a specific prefix length . . . . . . . . .67
Configuring the sticky GSLB session life time . . . . . . . . . . . . . .67
Displaying current sticky GSLB sessions . . . . . . . . . . . . . . . . . .68
Sticky GSLB counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Deleting sticky GSLB session for a specific client . . . . . . . . . . .70
Deleting all sticky GSLB sessions . . . . . . . . . . . . . . . . . . . . . . . . 70
Site persistence in GSLB using hashing . . . . . . . . . . . . . . . . . . . . . .70
Enabling hash-based GSLB persistence . . . . . . . . . . . . . . . . . .70
Displaying the hash table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Hashing scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
IP address allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
IP address failure or removal from domain . . . . . . . . . . . . . . . .72
Rehash: new IP address for a domain or change of state . . . . 72
Disabling rehash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Hash-persist hold-down: boot up considerations if rehash disabled
74
Manually forcing rehash for a domain . . . . . . . . . . . . . . . . . . . . 74
Show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Weighted distribution of sites with hash-based persistence . . . . . . 76
Overview of distribution of sites with hash-based persistence. 76
Configuring distribution of sites with hash-based persistence. 79
Configuring weights for domain IP addresses . . . . . . . . . . . . . . 81
Disabling rehash on introduction of new IP addresses or state
change from down to healthy . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Disable rehash when weight for an IP is changed. . . . . . . . . . .81
Displaying the contents of active RTT cache entries . . . . . . . . . . . .84
Affinity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Defining the affinity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Displaying RTT prefix cache entries . . . . . . . . . . . . . . . . . . . . . . 87
Displaying affinity selection counters. . . . . . . . . . . . . . . . . . . . .88
GSLB domain-level affinity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Overview of GSLB domain-level affinity . . . . . . . . . . . . . . . . . . .88
Command line interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
DNS cache proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Enabling DNS cache proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
Displaying DNS cache proxy state . . . . . . . . . . . . . . . . . . . . . . . 92
Displaying DNS cache proxy statistics . . . . . . . . . . . . . . . . . . . .93
Combining the DNS cache proxy and DNS override features . . 94
GSLB DNS type any query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Transparent DNS query intercept. . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Redirecting queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Redirecting queries and perform GSLB . . . . . . . . . . . . . . . . . . .99
Responding to queries directly . . . . . . . . . . . . . . . . . . . . . . . . .100
Displaying transparent DNS query intercept statistics . . . . . .101
Enabling DNS request logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Distributed health checks for GSLB . . . . . . . . . . . . . . . . . . . . .104
iv ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Verification with DIG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
DNSSEC GSLB in DNS proxy mode. . . . . . . . . . . . . . . . . . . . . .114
Configuring DNSSEC for GSLB . . . . . . . . . . . . . . . . . . . . . . . . .115
Displaying DNSSEC configuration. . . . . . . . . . . . . . . . . . . . . . .116
Displaying DNSSEC statistics . . . . . . . . . . . . . . . . . . . . . . . . . .116
Host-level policies for site selection. . . . . . . . . . . . . . . . . . . . . . . . .117
Global vs host-level policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Configuring host-level policies . . . . . . . . . . . . . . . . . . . . . . . . .117
Displaying host-level policy information . . . . . . . . . . . . . . . . . .125
Deleting GSLB host-level policies . . . . . . . . . . . . . . . . . . . . . . .128
Configuration example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Geographic region for a prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
How geographic location is determined. . . . . . . . . . . . . . . . . .129
Configuring a geographic prefix . . . . . . . . . . . . . . . . . . . . . . . .130
Displaying the number of geographic prefixes. . . . . . . . . . . . .131
Displaying information about geographic prefix . . . . . . . . . . .131
Example configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Smoothing mechanism for RTT measurements . . . . . . . . . . . . . . .133
Configuring enhanced RTT smoothing . . . . . . . . . . . . . . . . . . .134
Determining if the new RTT smoothing mechanism is enabled141
Round-trip times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Passive RTT gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Active RTT gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Support for both active and passive RTT . . . . . . . . . . . . . . . . .143
Active RTT gathering issues and trade-offs . . . . . . . . . . . . . . .144
Enabling active RTT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Discarding passive RTT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Disabling passive RTT gathering. . . . . . . . . . . . . . . . . . . . . . . .145
Configuring active RTT parameters. . . . . . . . . . . . . . . . . . . . . .146
Probes for RTT gathering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Active RTT gathering and high availability support . . . . . . . . .151
Displaying RTT information . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
GSLB affinity for high availability . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Configuring an HA group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Enabling dynamic detection . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Displaying HA information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
GSLB optimization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Optimized VIP list processing . . . . . . . . . . . . . . . . . . . . . . . . . .162
Increased VIP support per site and reduced CPU usage on GSLB
controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Configuration example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Guidelines and recommendations for using this feature . . . .165
ServerIron ADX Global Server Load Balancing Guide v
53-1002437-01
Displaying GSLB information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
Displaying site information . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
Displaying real server information . . . . . . . . . . . . . . . . . . . . . .168
Displaying DNS zone and hosts . . . . . . . . . . . . . . . . . . . . . . . .170
Displaying metric information . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Displaying the default GSLB policy . . . . . . . . . . . . . . . . . . . . . .175
Displaying the user-configured GSLB policy. . . . . . . . . . . . . . .177
Displaying RTT information . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Displaying GSLB resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Displaying dynamic server information . . . . . . . . . . . . . . . . . .181
Specifying the source IP of probes . . . . . . . . . . . . . . . . . . . . . .184
Displaying information in the prefix cache. . . . . . . . . . . . . . . .184
SNMP traps and syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . .186
Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Disabling and re-enabling traps . . . . . . . . . . . . . . . . . . . . . . . .188
GSLB error handling for unsupported DNS requests . . . . . . . . . . .188
Default settings for GSLB error handling . . . . . . . . . . . . . . . . .189
Error handling response format . . . . . . . . . . . . . . . . . . . . . . . .190
Disable or re-enabling GSLB error handling. . . . . . . . . . . . . . .190
Configuring the return code . . . . . . . . . . . . . . . . . . . . . . . . . . .190
Viewing error handling statistics. . . . . . . . . . . . . . . . . . . . . . . .191
Clearing the error handling statistics . . . . . . . . . . . . . . . . . . . .191
Chapter 2 Global Server Load Balancing for IPv6
Global server load balancing for IPv6 overview . . . . . . . . . . . . . . .193
GSLB for IPv6 feature support . . . . . . . . . . . . . . . . . . . . . . . . .194
GSLB for IPv6 example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Basic GSLB for IPv6 configuration. . . . . . . . . . . . . . . . . . . . . . . . . .196
Configuring the GSLB controller . . . . . . . . . . . . . . . . . . . . . . . .197
Site ServerIron ADX configuration. . . . . . . . . . . . . . . . . . . . . . .201
Basic configuration example. . . . . . . . . . . . . . . . . . . . . . . . . . .201
Advanced GSLB configuration for IPv6 . . . . . . . . . . . . . . . . . . . . . .203
Configuring GSLB policy metrics for IPv6. . . . . . . . . . . . . . . . .204
Server (host) health metric . . . . . . . . . . . . . . . . . . . . . . . . . . . .208
Weighted IP metric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Weighted site metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
Session capacity threshold metric . . . . . . . . . . . . . . . . . . . . . .213
Active bindings metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
Geographic location metric . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
Available session capacity metric. . . . . . . . . . . . . . . . . . . . . . .218
FlashBack speed metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219
Administrative preference metric . . . . . . . . . . . . . . . . . . . . . . .220
Least response selection metric. . . . . . . . . . . . . . . . . . . . . . . .221
Round robin selection metric . . . . . . . . . . . . . . . . . . . . . . . . . .221
Sticky persistence for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Hash-based persistence for IPv6 . . . . . . . . . . . . . . . . . . . . . . .225
Weighted hash-based persistence for IPv6 . . . . . . . . . . . . . . .226
Configuring DNS response parameters . . . . . . . . . . . . . . . . . .229
GSLB of ANY queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
vi ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Displaying GSLB for IPv6 configurations . . . . . . . . . . . . . . . . . . . . .231
Show commands for basic GSLB configurations. . . . . . . . . . .231
Show commands for advanced features . . . . . . . . . . . . . . . . .245
Troubleshooting GSLB for IPv6 configurations . . . . . . . . . . . . . . . .246
Appendix A Reference Materials
RFC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
IPv6 address assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
ServerIron ADX Global Server Load Balancing Guide vii
53-1002437-01
viii ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
About This Document
Audience
This document is designed for system administrators with a working knowledge of Layer 2 and
Layer 3 switching and routing.
If you are using a Brocade Layer 3 Switch, you should be familiar with the following protocols if
applicable to your network – IP, RIP, OSPF, BGP, ISIS, IGMP, PIM, DVMRP, and VRRP.
Supported hardware and software
Although many different software and hardware configurations are tested and supported by
Brocade Communications Systems, Inc. for 12.3.00 documenting all possible configurations and
scenarios is beyond the scope of this document.
The following hardware platforms are supported by this release of this guide:
• ServerIron ADX 1000
• ServerIron ADX 4000
• ServerIron ADX 8000
• ServerIron ADX 10K
Document conventions
This section describes text formatting conventions and important notice formats used in this
document.
Text formatting
The narrative-text formatting conventions that are used are as follows:
ServerIron ADX Global Server Load Balancing Guide ix
53-1002437-01
NOTE
CAUTION
DANGER
bold text Identifies command names
Identifies the names of user-manipulated GUI elements
Identifies keywords
Identifies text to enter at the GUI or CLI
italic text Provides emphasis
Identifies variables
Identifies document titles
code text Identifies CLI output
For readability, command names in the narrative portions of this guide are presented in bold: for
example, show version.
Notes, cautions, and danger notices
The following notices and statements are used in this manual. They are listed below in order of
increasing severity of potential hazards.
A note provides a tip, guidance or advice, emphasizes important information, or provides a reference
to related information.
A Caution statement alerts you to situations that can be potentially hazardous to you or cause
damage to hardware, firmware, software, or data.
A Danger statement indicates conditions or situations that can be potentially lethal or extremely
hazardous to you. Safety labels are also attached directly to products to warn of these conditions
or situations.
Notice to the reader
This document may contain references to the trademarks of the following corporations. These
trademarks are the properties of their respective companies and corporations.
These references are made for informational purposes only.
Corporation Referenced Trademarks and Products
Sun Microsystems Solaris
x ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Corporation Referenced Trademarks and Products
Microsoft Corporation Windows NT, Windows 2000
The Open Group Linux
Related publications
The following Brocade documents supplement the information in this guide:
• Release Notes for ServerIron Switch and Router Software TrafficWorks 12.2.00
• ServerIron ADX Graphical User Interface
• ServerIron ADX Server Load Balancing Guide
• ServerIron ADX Advanced Server Load Balancing Guide
• ServerIron ADX Global Server Load Balancing Guide
• ServerIron ADX Security Guide
• ServerIron ADX Administration Guide
• ServerIron ADX Switch and Router Guide
• ServerIron ADX Firewall Load Balancing Guide
• ServerIron ADX Hardware Installation Guide
• IronWare MIB Reference
Getting technical help or reporting errors
Brocade is committed to ensuring that your investment in our products remains cost-effective. If
you need assistance, or find errors in the manuals, contact Brocade using one of the following
options:
Web access
The Knowledge Portal (KP) contains the latest version of this guide and other user guides for the
product. You can also report errors on the KP.
Log in to my.Brocade.com, click the Product Documentation tab, then click on the link to the
Knowledge Portal (KP). Then click on Cases > Create a New Ticket to report an error. Make sure you
specify the document title in the ticket description.
E-mail and telephone access
Go to http://www.brocade.com/services-support/index.page for the latest e-mail and telephone
contact information.
ServerIron ADX Global Server Load Balancing Guide xi
53-1002437-01
xii ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Chapter
NOTE
NOTE
Global Server Load Balancing
Global Server Load Balancing overview
Global Server Load Balancing (GSLB) enables a ServerIron ADX to add intelligence to authoritative
Domain Name System (DNS) servers by serving as a proxy to these servers and providing optimal IP
addresses to the querying clients. As a DNS proxy, the GSLB ServerIron ADX evaluates the IP
addresses in the DNS replies from the authoritative DNS server for which the ServerIron ADX is a
proxy and places the “best” host address for the client at the top of the DNS response.
The server no-remote-l3-check command disables Layer3 health checks of IPs learned through
GSLB.
You need to increase max virtual servers to 1024, max real servers to 2048 and max ports to 4096
to use the max hosts/zone feature.
Do not increase following when use max zone/host feature, or you will run out of memory.
system-max ip-static-arp 4096
system-max l3-vlan 4095
system-max mac 64000
system-max ip-route 400000
system-max ip-static-route 4096
system-max vlan 4095
system-max spanning-tree 128
system-max session-limit 1000000
system-max virtual-interface 4095
1
GSLB provides the following advantages:
• No connection delay
• Client geographic awareness based on DNS request origination
• Distributed site performance awareness
• Fair site selection
• Statistical site performance measurements that minimize impact of traffic spikes
• Best performing sites get fair proportion of traffic but are not overwhelmed
• Protection against "best" site failure
• Straight-forward configuration
• All IP protocols are supported
In standard DNS, when a client wants to connect to a host and has the host name but not the IP
address, the client can send a lookup request to its local DNS server. The DNS server checks its
local database and, if the database contains an Address record for the requested host name, the
DNS server sends the IP address for the host name back to the client. The client can then access
the host.
ServerIron ADX Global Server Load Balancing Guide 1
53-1002437-01
Global Server Load Balancing overview
1
If the local DNS server does not have an address record for the requested server, the local DNS
server makes a recursive query. When a request reaches an authoritative DNS server, that DNS
server responds to this DNS query. The client’s local DNS server then sends the reply to the client.
The client now can access the requested host.
With the introduction of redundant servers, a domain name can reside at multiple sites, with
different IP addresses. When this is the case, the authoritative DNS server for the domain sends
multiple IP addresses in its replies to DNS queries. To provide rudimentary load sharing for the IP
addresses for domains, many DNS servers use a simple round robin algorithm to rotate the list of
addresses in a given domain for each DNS query. Thus, the address that was first in the list in the
last reply sent by the DNS server is the last in the list in the next reply sent by the DNS server.
This mechanism can help ensure that a single site for the host does not receive all the requests for
the host. However, this mechanism does not provide the host address that is “best” for the client.
The best address for the client is the one that has the highest proximity to the client, in terms of
being the closest topologically, or responding the most quickly, and so on. Moreover, if a site is
down, the simple round robin mechanism used by the DNS server cannot tell that the site is down
and still sends that site’s host address on the top of the list. Thus, the client receives an address
for a site that is not available and cannot access the requested host.
The ServerIron ADX GSLB feature solves this problem by intelligently using health checks and other
methods to assess the availability and responsiveness of the host sites in the DNS reply, and if
necessary exchanging the address at the top of the list with another address selected from the list.
GSLB ensures that a client always receives a DNS reply for a host site that is available and is the
best choice among the available hosts.
Basic concepts
The GSLB protocol is disabled by default. You must enable the GSLB protocol on each site
ServerIron ADX. After you enable the GSLB protocol, the GSLB ServerIron ADX finds the site
ServerIron ADXs using their IP management addresses, which you specify when you configure the
remote site information. The GSLB controller ServerIron ADX front-ends the authoritative DNS
server and provides the optimal IP address for the querying clients. Some or all of the IP addresses
in the DNS response reside on site ServerIron ADX switches. The GSLB controller communicates
with these ServerIron ADX switches designated as "site ServerIron ADX switches" in order to
exchange and obtain information needed to evaluate IP addresses contained in the DNS
responses.
The GSLB protocol is disabled by default on site ServerIron ADX switches. After you enable the
GSLB protocol on site ServerIron ADX switches and configure the IP addresses of the site
ServerIron ADX switches on the GSLB ServerIron ADX, then the GSLB ServerIron ADX establishes
communication with the site ServerIron ADX switches.
The GSLB ServerIron ADX uses the GSLB protocol to learn the following information from the site
ServerIron ADXs:
• The VIPs configured on the site ServerIron ADXs and the health of the VIPs —The site
ServerIron ADXs report VIP additions and deletions asynchronously. Each time a VIP is added
to a site ServerIron ADX, the ServerIron ADX sends a message to the GSLB ServerIron ADX to
inform the GSLB ServerIron ADX of the change.
2 ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Global Server Load Balancing overview
NOTE
1
• Session table statistics and CPU load information — The site ServerIron ADXs report this
information to the GSLB ServerIron ADX at regular intervals. By default, each remote ServerIron
ADX sends the status information to the GSLB ServerIron ADX every 30 seconds. You can
change the update period for all the remote ServerIron ADXs by specifying a new period on the
GSLB ServerIron ADX if needed.
• RTT — Round Trip Time (RTT) is the amount of time that passes between when the remote site
receives a TCP connection (TCP SYN) from the client and when the remote site receives the
client’s acknowledgment of the connection request (TCP ACK). The GSLB ServerIron ADX
learns the RTT information from the site ServerIron ADXs through the GSLB protocol and uses
the information as a metric when comparing site IP addresses.
RTT information reported by site ServerIron ADXs is stored within prefix entries. In particular,
the prefix entry holds the Client IP and prefix length. RTT entries are associated with this prefix
entry and hold the site ServerIron ADX information and the corresponding RTT reported by this
site ServerIron ADX for this prefix.
• Connection load — (Optional) A GSLB site’s connection load is the average number of new
connections per second on the site, over a given number of intervals. When you enable this
GSLB metric, all potential candidates are compared against a predefined load limit. All sites
that have fewer average connections than the threshold are selected and passed to the next
comparison metric. The connection load metric is disabled by default but is enabled (added to
the GSLB policy) when you configure the metric.
All the ServerIron ADXs in the GSLB configuration (the GSLB ServerIron ADX and the remote site
ServerIron ADX) must be running the same software release.
The GSLB ServerIron ADX uses the information supplied by the GSLB protocol when comparing the
sites and may re-order the IP addresses in the authoritative DNS server’s reply based on the results
of the comparison. If you have enabled the GSLB protocol on the site ServerIron ADXs, the GSLB
ServerIron ADX begins communicating with the site ServerIron ADXs using the GSLB protocol as
soon as you add the site definitions to the GSLB ServerIron ADX.
When you configure the GSLB ServerIron ADX, you also specify the zones for which you want the
ServerIron ADX to provide global SLB. These are the zones for which the DNS server (the one the
ServerIron ADX is a proxy for) is the authority. In this example, the DNS server is an authority for
brocade.com. Only the zones and host names you specify receive global SLB. The DNS server can
contain other host names that are not globally load balanced or otherwise managed by the GSLB
ServerIron ADX.
You also must specify the host names and applications that you want to provide global SLB for. For
example, assume that brocade.com contains the following host names and applications.
www.brocade.com (HTTP)
ftp.brocade.com (FTP)
The application specifies the type of health check the GSLB ServerIron ADX applies to IP addresses
for the host. A host name can be associated with more than one application. In this case, the GSLB
ServerIron ADX considers a host name’s IP address to be healthy only if the address passes all the
health checks. The ServerIron ADX has Layer
7 health checks for the following applications:
• FTP: the well-known name for port 21. (Ports 20 and 21 both are FTP ports but on the
ServerIron ADX, the name corresponds to port 21.)
• TFTP: the well-known name for port 69
• HTTP: the well-known name for port 80
ServerIron ADX Global Server Load Balancing Guide 3
53-1002437-01
Global Server Load Balancing overview
NOTE
1
• IMAP4: the well-known name for port 143
• LDAP: the well-known name for port 389
• NNTP: the well-known name for port 119
• POP3: the well-known name for port 110
• SMTP: the well-known name for port 25
• TELNET: the well-known name for port 23
To display the list when configuring zone information, enter the host-info <host-name> ? command,
where <host-name> is a string specifying a host name.
For other applications (applications not listed above), the ServerIron ADX does not perform a
Layer
7 heath check but still performs a Layer 3 or Layer 4 TCP or UDP health check.
You can customize the HTTP health check on an individual host basis by changing the URL string
the ServerIron ADX requests in the health check and the list of HTTP status codes the ServerIron
ADX accepts as valid responses to the health check.
GSLB example
Figure 1 shows an example of a GSLB configuration. In this example, the GSLB ServerIron ADX (a
ServerIron ADX configured for global SLB) is connected to the authoritative DNS server for a
specific domain. (You can configure the ServerIron ADX for more than one domain; this example
uses only one for simplicity.) The authoritative DNS server for brocade.com is known to other
devices as 209.157.23.87. This is a VIP configured on the GSLB ServerIron ADX for the DNS server.
FIGURE 1 Global Server Load Balancing configuration
4 ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Global Server Load Balancing overview
NOTE
1. The client’s local DNS
server sends a recursive
query for brocade.com.
DNS
2. The GSLB ServerIron, as proxy for the
authoritative DNS server, forwards the
lookup request from the client’s local DNS
server to the authoritative DNS server.
Other DNS servers know the authoritatitve
DNS server by the virtual IP address
configured on the GSLB ServerIron,
instead of its real IP address.
4. The GSLB ServerIron assesses each
IP address in the DNS reply to
determine the optimal site for the client,
and moves the address for that site to
the top of the list.
DNS
3. The authoritative DNS server for
brocade.com answers the client’s query
(forwarded by the GSLB ServerIron) by
sending a list of IP addresses for the sites
that correspond to the requested host.
SI
5. The client receives a reordered list
of IP addresses. Typical clients use
the first address in the list. Since the
ServerIron has optimized the list for
the client, the first address is the
best address.
Authoritative DNS server
for domain brocade.com
209.157.23.46
GSLB ServerIron, proxy
for the authoritative DNS
server for brocade.com
209.157.23.87
Router
SI
SI
slb2: 209.157.22.210
slb1: 209.157.22.209
GSLB Site 1
Sunnyvale
SI
SI
Router
slb2: 192.108.22.112
slb1: 192.108.22.111
GSLB Site 2
Atlanta
1
This example shows a ServerIron ADX configured as a DNS proxy. The ServerIron ADX is configured
as a DNS proxy for the DNS server that is authoritative for the domain brocade.com. To configure
the ServerIron ADX as a DNS proxy, you identify the DNS name and configure a virtual IP address
(VIP) for the DNS. Requests from clients or other DNS servers go to the VIP on the ServerIron ADX,
not directly to the DNS server. The ServerIron ADX then sends the requests to the DNS server,
transparently to the clients or other DNS servers.
As an alternative to configuring the GSLB ServerIron ADX as a proxy, you can configure it to intercept
and either redirect or directly respond to DNS queries. Refer to “DNS cache proxy” on page 91 and
“Transparent DNS query intercept” on page 95.
The client’s local DNS server might cache DNS replies from the authoritative server. Normally,
these cached responses would prevent the global SLB from taking place, since the local DNS
server would respond directly to the client without sending a recursive query to the authoritative
DNS server. However, the GSLB ServerIron ADX, as a proxy for the authoritative DNS server,
automatically resets the Time-to-Live (TTL) parameter in each DNS record from the authoritative
server. By default, the GSLB ServerIron ADX sets the TTL to 10 seconds. As a result, other DNS
ServerIron ADX Global Server Load Balancing Guide 5
53-1002437-01
Global Server Load Balancing overview
NOTE
NOTE
1
servers that receive the records retain them in their databases for only 10 seconds. After the ten
seconds expire, subsequent requests from the client initiate another query to the authoritative DNS
server. As a result, the client always receives fresh information and the address of the site that is
truly the best site for the client.
You also can change the TTL if needed. However, Brocade recommends that you do not change the
TTL to 0, because this can be interpreted as an error by some older DNS servers.
You identify each ServerIron ADX by its management IP address, not by any VIPs configured on the
ServerIron ADX. Optionally, you also can specify a name for each ServerIron ADX at the site.
If a remote site is managed by one or more ServerIron ADXs, the GSLB ServerIron ADX gathers
additional information from the site ServerIron ADXs using GSLB protocol with the remote
ServerIron ADXs. The protocol uses TCP port 182. To initiate the GSLB protocol between the GSLB
ServerIron ADX and the ServerIron ADXs at the remote sites, you must first enable the GSLB
protocol on those remote ServerIron ADXs, then identify the sites and the ServerIron ADXs. In this
example, the GSLB ServerIron ADX is configured with site information for Site 1 in Sunnyvale and
Site 2 in Atlanta. Each site has servers containing the content for domain names within the domain
brocade.com. The servers are load balanced by the ServerIron ADXs.
GSLB policy
The ServerIron ADX can use the following metrics to evaluate the server IP addresses in a DNS
reply:
• The server’s health
• The weighted IP value assigned to an IP address
• The weighted site value assigned to a site
• The site ServerIron ADX’s remote SI session capacity threshold
• The IP address with the highest number of active bindings
• The round-trip time between the remote ServerIron ADX and the DNS client’s subnet
• The geographic location of the server
• The connection load
• The site ServerIron ADX’s available session capacity
• The site ServerIron ADX’s FlashBack speed (how quickly the GSLB receives the health check
results)
• The site ServerIron ADX’s administrative preference (a numeric preference value you assign to
influence the GSLB policy if other policy metrics are equal)
• The Least Response selection (the site ServerIron ADX that has been selected less often than
others)
• Round robin selection (an alternative to the Least Response metric)
The default order for the metrics is the order shown above.
The GSLB ServerIron ADX evaluates each IP address in the DNS reply based on these metrics.
Based on the results, the GSLB ServerIron ADX can reorder the list to place the IP address for the
“best” site on the top of the list.
6 ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Global Server Load Balancing overview
NOTE
NOTE
If the GSLB policy rejects all of the sites, the GSLB ServerIron ADX sends the DNS reply unchanged
to the client.
All of these metrics have default values but you can change the values if needed. In addition, you
can disable individual metrics or reorder them. Refer to
page 34.
You also can configure the GSLB ServerIron ADX to directly respond to DNS queries instead of
forwarding the queries to the authoritative DNS server and modifying the replies. Refer to
cache proxy” on page 91.
The following sections describe each of these metrics in detail.
“Changing the GSLB policy metrics” on
1
“DNS
Server health
The GSLB ServerIron ADX sends a Layer 3, Layer 4 TCP or UDP health check and Layer 7
application health check to the server to determine the health of the server and the host
application on the server. If the server fails either health check, the GSLB ServerIron ADX
immediately disqualifies the server’s IP address from being the “best” site.
When you configure a ServerIron ADX for GSLB, it learns a series of IP addresses from its
configured DNS real servers. Then it performs Layer 3, Layer 4, and if possible, Layer 7 health
checks against those IP addresses.
The GSLB ServerIron ADX determines which health checks to use based on the host applications
you specify. For example, if a host name is associated with both HTTP and FTP applications, the
ServerIron ADX sends the site Layer 4 TCP health checks (one for HTTP and one for FTP) and also
sends a separate Layer 7 HTTP health check and a separate Layer 7 FTP health check. The site
must pass all the health checks or it is disqualified from being the best site.
If a host application uses a port number that is not known to the ServerIron ADX and supported by
GSLB, the ServerIron ADX cannot perform a Layer
performs a Layer 4 TCP or UDP health check on the port. Health check parameters such as retry
interval, number of retries, and so on are global parameters.
You can change the order in which the GSLB policy applies the metrics. However, Brocade
recommends that you always use the health check as the first metric. Otherwise, it is possible that
the GSLB policy will not select a “best” choice, and thus send the DNS reply unchanged. For
example, if the first metric is geographic location, and the DNS reply contains two sites, one in North
America and the other in South America, the GSLB policy favors the South American site after the
first comparison. However, if that site is down, the GSLB policy will find that none of the sites in the
reply is the “best” one, and thus send the reply unchanged.
If all the sites fail their health checks, resulting in all the sites being rejected by the GSLB ServerIron
ADX, the ServerIron ADX sends the DNS reply unchanged to the client.
7 health check on the application but still
Weighted IP metric
Beginning with software release 08.1.00R, you can configure the ServerIron ADX to distribute GSLB
traffic among IP addresses in a DNS reply, based on weights assigned to the IP addresses. The
weights determine the percentage of traffic each IP address receives in comparison with other
candidate IP addresses, which may or may not have assigned weights.
ServerIron ADX Global Server Load Balancing Guide 7
53-1002437-01
Global Server Load Balancing overview
NOTE
NOTE
1
You cannot use the weighted IP metric if the weighted site metric is enabled.
The GSLB ServerIron ADX uses relative percentages in order to achieve 100% total weight
distribution.
To configure weighted IP metrics, refer to “Implementing the weighted IP metric” on page 40.
Weighted site metric
You can configure the ServerIron ADX to distribute SLB traffic among GSLB sites based on weights
configured for the sites. The weights determine the percentage of traffic each site will receive in
comparison with other sites, which may or may not have weights.
You cannot use the weighted site metric if the weighted IP metric is enabled.
You assign weights to GSLB sites. Each GSLB site may consist of one or more ServerIron ADXs, but
the weight is applicable to the site as a whole.
The GSLB ServerIron ADX uses relative percentages in order to achieve 100% total weight
distribution.
Site ServerIron ADX’s session capacity threshold
The GSLB protocol supplies statistics for the session tables on each site ServerIron ADX. The
session table contains an entry for each open TCP or UDP session on the site ServerIron ADX. Each
ServerIron ADX has a maximum number of sessions that it can hold in its session table. Through
the GSLB protocol, the GSLB ServerIron ADX learns from each remote ServerIron ADX the maximum
number of sessions and the number of available sessions on that ServerIron ADX.
The capacity threshold specifies how close to the maximum session capacity the site ServerIron
ADX (remote ServerIron ADX) can be and still be eligible as the best site for the client. This
mechanism provides a way to shift load away from a site before the site becomes congested.
The default value for the threshold is 90%. Thus a site ServerIron ADX is eligible to be the best site
only if its session utilization is below 90%. refer to
commands to display a site’s utilization and the capacity threshold.
“Displaying GSLB information” on page 165 for
Active bindings metric
You can configure the ServerIron ADX to prefer an IP address with the highest number of active
bindings.
Active bindings are a measure of the number of active real servers bound to a Virtual IP address
(VIP) residing on a GSLB site. The GSLB ServerIron ADX uses the active bindings metric to select
the best IP address for the client. The VIP with the highest number of active bindings is the IP
address preferred by the active bindings metric.
To configure active bindings metrics, refer to “Enabling the active bindings metric” on page 118.
8 ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Global Server Load Balancing overview
NOTE
1
Round-trip time between the remote ServerIron ADX and the client
The Round-trip time (RTT) is the amount of time that passes between when the remote site
receives a TCP connection (TCP SYN) from the client and when the remote site receives the client’s
acknowledgment of the connection request (TCP ACK). The GSLB ServerIron ADX learns the RTT
information from the site ServerIron ADXs through the GSLB protocol and uses the information as a
metric when comparing site IP addresses.
The GSLB ServerIron ADX maintains a database of cache entries, which contains the information
about past DNS queries. The information is aggregated on a network-address prefix basis. When
the GSLB ServerIron ADX receives a DNS query, it creates or updates a cache entry. RTT
measurements reported by remote ServerIron ADXs are then sorted into the cache. The GSLB
ServerIron ADX uses this information for decisions on subsequent DNS queries. If a cache entry is
not refreshed for a while (there are no subsequent queries from the same address prefix), the
ServerIron ADX clears the entry from the RTT database.
When the GSLB ServerIron ADX compares two site IP addresses based on RTT, the GSLB ServerIron
ADX favors one site over the other only if the difference between the RTT values is greater than the
specified percentage. This percentage is the RTT tolerance. You can set the RTT tolerance to a
value from 0-100. The default is 10%.
Site ServerIron ADXs send RTT information only for the sessions that clients open with them. To
prevent the GSLB ServerIron ADX from biasing its selection toward the first site ServerIron ADX that
sent RTT information, the GSLB ServerIron ADX intentionally ignores the RTT metric for a specified
percentage of the requests from a given client network. You can specify an RTT explore percentage
from 0-100. The default is 5. By default, the GSLB ServerIron ADX ignores the RTT for 5% of the
client requests from a given network.
To configure RTT parameters, refer to “Modifying round-trip time values” on page 53.
Geographic location of the server
For each client query, the GSLB ServerIron ADX can determine the geographic location from which
the client query came based on its IP address. The GSLB can determine whether the query came
from North America, Asia, Europe, South America, or Africa.
If multiple sites compare equally based on the metrics above, the GSLB ServerIron ADX prefers
sites within the same geographic region as the client query.
The GSLB ServerIron ADX deduces the geographic region of the client’s local DNS server from the
destination IP address in the DNS reply, which is the address of the client’s local DNS server.
The GSLB ServerIron ADX determines the geographic region of a server IP address in its DNS
database in the following ways:
• For real IP addresses (as opposed to VIPs, which are logical IP addresses configured on the
site ServerIron ADXs), the geographic region is based on the IP address itself.
• For VIPs, the geographic region is based on the management IP address of the site ServerIron
ADX on which the VIP is configured.
• You can explicitly specify the region if the management IP address of the remote ServerIron
ADX is not indicative of the geographic location. For example, if the management IP address is
in a private subnet, the address does not indicate the ServerIron ADX’s geographic location. If
you specify the region, the ServerIron ADX uses the region you specify instead of the region of
the ServerIron ADX’s management IP address.
ServerIron ADX Global Server Load Balancing Guide 9
53-1002437-01
Global Server Load Balancing overview
1
Site ServerIron ADX’s connection load
A GSLB site’s connection load is the average number of new connections per second on the site,
over a given number of intervals. When you enable this GSLB metric, all potential candidates are
compared against a predefined load limit. All sites that have fewer average connections than the
threshold are selected and passed to the next comparison metric. The connection limit metric is
disabled by default but is enabled (added to the GSLB policy) when you configure the metric.
Site ServerIron ADX’s available session capacity tolerance
If multiple sites are equal after the above comparisons, the GSLB ServerIron ADX prefers the site
ServerIron ADX (remote ServerIron ADX) whose session table has the most unused entries.
When comparing sites based on the session table utilization, the GSLB ServerIron ADX considers
the sites to be equal if the difference in session table utilization does not exceed the tolerance
percentage. The tolerance percentage ensures that minor differences in utilization do not cause
frequent, and unnecessary, changes in site preference.
For example, suppose one ServerIron ADX has 1 million sessions available, and another has
800,000 sessions available. Also assume that the tolerance is 10% (the default). In this case the
first ServerIron ADX (with 1 million sessions available) is preferred over the second ServerIron ADX
because the difference (200,000) is greater than 10% of 1
950,000 sessions available, that ServerIron ADX is equally preferable with the first ServerIron ADX
(with 1 million sessions available), because the difference in percentage between the available
sessions on the two ServerIron ADXs is only 5%, which is less than the tolerance threshold.
million. If a third ServerIron ADX has
Site ServerIron ADX’s FlashBack speed
If multiple sites compare equally based on all the metrics above, the ServerIron ADX chooses a site
as the best one based on how quickly the GSLB ServerIron ADX received responses to health
checks to the site ServerIron ADX.
The GSLB ServerIron ADX uses a tolerance value when comparing the FlashBack speeds of
different sites. The tolerance value specifies the percentage by which the FlashBack speeds of the
two sites must differ in order for the ServerIron ADX to choose one over the other. The default
FlashBack tolerance is 10%. Thus, if the FlashBack speeds of two sites are within 10% of one
another, the ServerIron ADX considers the sites to be equal. However, if the speeds differ by more
than 10%, the ServerIron ADX prefers the site with the lower FlashBack speed.
FlashBack speeds are measured at Layer 4 for all TCP/UDP ports. For the application ports known
to the ServerIron ADX, the FlashBack speed of the application is also measured.
When the ServerIron ADX compares the FlashBack speeds, it compares the Layer 7
(application-level) FlashBack speeds first, if applicable. If the application has a Layer 7 health
check and if the FlashBack speeds are not equal, the ServerIron ADX is through comparing the
FlashBack speeds. If a host is associated with multiple applications, the GSLB ServerIron ADX uses
the slowest response time among the applications for the comparison. However, if only the Layer 4
health check applies to the application, or if further tie-breaking is needed, the ServerIron ADX then
compares the Layer 4 FlashBack speeds.
10 ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Global Server Load Balancing overview
1
Site ServerIron ADX’s administrative preference
The administrative preference is an optional metric. This metric is a numeric preference value from
0-255 that you assign to each site ServerIron ADX, to select that ServerIron ADX if the previous
metrics do not result in selection of a best site. The GSLB policy prefers the site ServerIron ADX with
the highest administrative preference.
The administrative preference allows you to do the following:
• You can temporarily change the preference of a site to accommodate changing network
conditions. For example, if sites are offering proxy content service, the link between a site proxy
server farm and the content origin may be highly congested, making that site less desirable.
This factor is not visible to the ServerIron ADXs and thus cannot be reflected in the other GSLB
metrics.
• You can temporarily disqualify a site ServerIron ADX from being selected, without otherwise
changing the site’s configuration or the GSLB ServerIron ADX’s configuration. For example, you
can perform maintenance on the site ServerIron ADX without making network changes. In this
case, set the administrative preference to 0.
• You can bias a GSLB ServerIron ADX that is also configured as a site ServerIron ADX (for locally
configured VIPs) to always favor itself as the best site. In this case, assign an administrative
preference of 255 to the site for the GSLB ServerIron ADX itself, and assign a lower
administrative distance to the other site ServerIron ADXs, or use the default (128) for those
sites.
The administrative preference is disabled by default, which means it is not included as one of the
GSLB metrics. When you enable this metric, the default administrative preference for sites is 128.
You can change the preference on an individual site basis. To change a site’s preference, refer to
“Configuring a site” on page 19.
The least response selection
If multiple sites still compare equally based on all the metrics above, the GSLB ServerIron ADX
selects the site that it has selected least often before. For example, if the GSLB ServerIron ADX has
selected Site 1 and placed its IP address on top in 40% of the DNS replies, but has selected Site 2
60% of the time, then in this instance the GSLB ServerIron ADX selects Site 1. To display the
response selection percentages for the sites you have configured, use the show gslb dns zone
command. Refer to
This metric is a tie-breaker in case multiple addresses pass through all the above comparisons
without one address emerging as the best choice. If this occurs, the address of the site that has
been selected least often in previous DNS responses is selected.
Least response selection is enabled by default. You can disable the metric only by enabling the
round robin selection metric to act as the tie breaker instead. See the following section.
“Displaying DNS zone and hosts” on page 170 .
Round robin selection
The round robin selection metric is an alternative to the least response selection metric as the final
tie breaker. When you enable round robin selection, the GSLB ServerIron ADX automatically
disables the least response selection metric, and instead uses the round robin algorithm to select
a site. round robin selection chooses the first IP address in the DNS response for the first client
request, then selects the next address for the next client request, and so on.
ServerIron ADX Global Server Load Balancing Guide 11
53-1002437-01
Global Server Load Balancing overview
ServerIronADX# show gslb resources
GSLB resource usage:
Current Maximum
sites 0 128
SIs 0 200
SIs' VIPs 0 2048
dns zones 0 1000
dns hosts 0 1000
health-checks app. 0 1000
dns IP addrs. 0 2048
affinities 0 1024
affinity groups 0 128
static prefixes 0 250
user geo prefixes 0 512
prefix cache 0 11786
RTT entries 0 10000
GSLB host policies 0 100
1
Use the round robin selection metric instead of the least response selection metric when you want
to prevent the GSLB ServerIron ADX from favoring new or recently recovered sites over previously
configured active sites. The Least Response metric can cause the GSLB ServerIron ADX to select a
new site or a previously unavailable site that has come up again instead of previously configured
sites for a given VIP. This occurs because the GSLB ServerIron ADX has selected the new site fewer
times than previously configured sites for the VIP.
In some cases, the least response selection metric can cause the GSLB ServerIron ADX to send
client requests to a new or recovered site faster than the site can handle while it is coming up. To
avoid this situation, you can configure the GSLB ServerIron ADX to use the round robin selection
metric instead of the least response selection metric as the final tie breaker.
The round robin selection metric is disabled by default.
Check the current and maximum values for GSLB resources using the show gslb resource CLI
command.
If you are configuring more than 256 zones or configuring more than 600 hosts, perform the
following tasks.
1. Change the maximum virtual server system parameter to the maximum value supported in the
current release. Use the l4-virtual-server command.
For the current maximum virtual server value supported, see the table named "The Number of
Supported Real Servers, Virtual Servers and Ports" in the ServerIron ADX Server Load
Balancing Guide.
2. Change the maximum real server system parameter to the maximum value supported in the
current release. Use the l4-real-server command.
12 ServerIron ADX Global Server Load Balancing Guide
For the current maximum real server value supported, see the table named "The Number of
Supported Real Servers, Virtual Servers and Ports" in the ServerIron ADX Server Load
Balancing Guide.
3. Change the maximum server port parameter to the maximum value supported in the current
release. Use the l4-server-port command.
For the current maximum server port value supported, see the table named "The Number of
Supported Real Servers, Virtual Servers and Ports" in the ServerIron ADX Server Load
Balancing Guide.
4. Check your system parameter values using the show default value CLI command.
53-1002437-01
NOTE
The sum of number of VIPs configured and the number of GSLB hosts configured on the GSLB
!
server real <dns-rs-name> <dns-ip-addr>
port dns
port dns zone "<domain-name>"
port dns proxy
port http
port http url "HEAD /"
!
!
server virtual <dns-vs-name> <vip-ip-addr>
port dns
port http
bind dns dns-rs dns
bind http dns-rs http
!
gslb dns zone <domain-name>
host-info www http
DNS
Controller SI Site SI
!
gslb protocol
gslb site <name>
si <site-ip-addr>
!
!
gslb protocol
!
ip address <site-ip-addr>
!
ServerIron ADX should not exceed 1024. Similarly, the sum of real servers configured and the
number of DNS IP addresses should not exceed 4096.
Minimum required configuration
FIGURE 2 Basic controller and site communication
Minimum required configuration
1
To add a DNS policy, you must also define the DNS real server and VIP on the ServerIron ADX as
shown in the following example.
ServerIron ADX Global Server Load Balancing Guide 13
53-1002437-01
Use server real <dns-rs-name> <dns-ip-addr> for a local DNS server. Use server remote-name
<dns-rs-name> <dns-ip-addr> for a remote DNS server. The host-info defines an enabled
application in the DNS zone. For example, you can also specify host-info ftp ftp.
Minimum required configuration
SLB-chassis(config)# show gslb site
SITE: brocade
Enhanced RTT smoothing: OFF
SI: 1.1.1.1:
state: ATTEPTING CONNECTION
Protocol Version: 1
Active RTT gathering: NO
Secure Authenticate/Encrypt: NO
Default metric order: ENABLE
Metric processing order:
1-Server health check
2-Remote SI's session capacity threshold
3-Round trip time between remote SI and client
4-Geographic location
5-Remote SI's available session capacity
6-Least response selection
DNS active-only: DISABLE DNS best-only: DISABLE DNS override: DISABLE
DNS cache-proxy: DISABLE DNS transparent-intercept: DISABLE
DNS cname-detect: DISABLE Modify DNS response TTL: ENABLE
DNS TTL: 10 (sec), DNS check interval: 30 (sec)
Remote SI status update period: 30 (sec)
Remote SI health-status update period: 5 (sec)
Session capacity threshold: 90% Session availability tolerance: 10%
Round trip time tolerance: 10%, round trip time explore percentage: 5%
Round trip time cache prefix: 20, round trip time cache interval: 120 (sec)
Round trip time cache age refresh: DISABLE
Round trip time algorithm selection: USE PASSIVE ONLY
Connection load: DISABLE
Weighted Site Metric: DISABLE Weighted IP Metric: DISABLE
Active Bindings Metric: DISABLE
1
Issue show gslb site on the controller to display site communication information. The state displays
“CONNECTION ESTABLISHED” when communication is successful. A protocol version of 1
corresponds to “ATTEMPTING CONNECTION”. Established connections use protocol versions 4 or 5.
To display the default settings, enter the following command (Note the default metric processing
order).
14 ServerIron ADX Global Server Load Balancing Guide
Syntax: show gslb policy
53-1002437-01
Configuring GSLB
The examples in the procedures in this section are based on the configuration shown in Figure 1 on
page 4.
TABLE 1 Configuration tasks: Global SLB
Feature See page...
DNS proxy parameters
Configure a source IP address. The source IP address is required so that the GSLB ServerIron ADX
can perform the health checks on remote devices.
Add a real-server definition for the DNS server.
Add a VIP for the DNS server and bind the real server and virtual server.
Site parameters
Enable the GSLB protocol on each remote ServerIron ADX. page 19
Specify the sites and the ServerIron ADXs within the sites. page 19
Zone parameters
Specify the zones and the host names within the zones. page 21
Private Virtual IPs (VIPs) (optional)
Enable a site ServerIron ADX to communicate public VIP addresses to a GSLB ServerIron ADX.
GSLB parameters (optional)
Change the GSLB protocol port number (optional). page 29
Change the GSLB protocol update period (optional). page 30
Modify the GSLB parameters related to DNS responses. page 30
GSLB Policy Metrics
Change the order of GSLB policy metrics page 37
Disable or enable GSLB policy metrics page 38
Clear the DNS selection counters for GSLB metrics
Configure the weighted IP metric
Configure the weighted site metric
Configure the active bindings metric
Modify connection load parameters page 49
Modify Session Table capacity and Threshold Tolerance values page 51
Modify Flashback tolerance values page 52
Modify round-trip time (RTT) values page 53
Affinity (optional)
Configure the ServerIron ADX to always favor a specific site based on client IP address page 85
DNS cache proxy (optional)
Configure the ServerIron ADX to directly respond to DNS queries page 91
Transparent DNS query intercept (optional)
Configure the ServerIron ADX to intercept and redirect DNS queries page 95
Configuring GSLB
1
page 17
ServerIron ADX Global Server Load Balancing Guide 15
53-1002437-01
Configuring GSLB
NOTE
NOTE
1
TABLE 1 Configuration tasks: Global SLB (Continued)
Feature See page...
Disable or re-enable GSLB Traps (optional)
Disable or re-enable GSLB SNMP traps and syslog messages page 186
GSLB Error Handling for Unsupported DNS Requests (optional)
Configure the ServerIron ADX to send error messages in response to client requests for
unsupported DNS record types.
You can configure the GSLB ServerIron ADX to be a proxy for more than one DNS server.
As shown in the example in Figure 1 on page 4, you implement GSLB by connecting a ServerIron
ADX to an authoritative DNS server. To configure the ServerIron ADX for GSLB, perform the following
steps:
page 188
• Add the proxy information for the DNS server. To configure the GSLB ServerIron ADX as a proxy
for the DNS server, add real server definition for the DNS server, then add a virtual server (VIP)
for the DNS server and bind the real and virtual servers.
The virtual server IP address (VIP) will be the Authoritative DNS server for the GSLB Domain.
• If a site contains ServerIron ADXs, identify the server sites. A server site is a data center or
server farm connected to the Internet by a router. This example shows two GSLB sites. Each of
the sites is connected to the Internet by a router.
• If a site contains ServerIron ADXs, identify the ServerIron ADXs within the server sites. This
initiates the GSLB protocol between the ServerIron ADX acting as a DNS proxy and the remote
ServerIron ADXs in the GSLB sites. The DNS proxy uses information supplied by the remote
ServerIron ADXs to assess the preferability of IP addresses in the DNS replies.
You can use the GSLB ServerIron ADX for standard SLB. In this case, identify the local site and
the GSLB ServerIron ADX in the same way as you identify the other sites and ServerIron ADXs.
The configuration steps are the same.
• Identify the DNS zones and the hosts within those zones for which you want the GSLB
ServerIron ADX to perform GSLB. You must specify the zones and hosts. There are no defaults.
• Identify the host applications with each host. The GSLB ServerIron ADX performs GSLB for the
applications you specify. You can specify applications known to the ServerIron ADX as well as
the TCP or UDP port numbers of applications that are not known to the ServerIron ADX. The
ServerIron ADX performs Layer 7 and Layer 4 health checks for the applications known to the
ServerIron ADX, but performs only Layer 4 health checks for applications that are not know to
it. Refer to
“Server health” on page 7.
16 ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Proxy for DNS server
NOTE
NOTE
NOTE
The following scenario is for switch software. If you are using router software, then all you need is an
interface IP on the ServerIron ADX that can reach the DNS server.
To configure the GSLB ServerIron ADX as a proxy for a DNS server, complete the following steps.
1. If the GSLB ServerIron ADX and site ServerIron ADXs are in different subnets, add a source IP
address. In this case, the source IP address is required so that the GSLB ServerIron ADX
perform the health checks on the IP addresses the GSLB ServerIron ADX learns from the DNS
server for which it is the proxy. The source IP address must be in the same subnet as the GSLB
ServerIron ADX’s management IP address.
You can specify as many DNS servers as the GSLB ServerIron ADX’s system memory allows.
However, the ServerIron ADX sends periodic DNS queries to only the first four DNS servers you
configure with the DNS proxy.
If you configure the ServerIron ADX as a proxy for multiple DNS servers, make sure they have
identical content for the zones that you configure the GSLB ServerIron ADX to provide GSLB
services for.
Proxy for DNS server
1
2. Add a real server for the DNS server.
3. Add a virtual server for the DNS server and bind the real DNS server and virtual server
together.
Adding a source IP address
To enable the GSLB ServerIron ADX to perform health checks on remote sites that are in a subnet
other than the GSLB ServerIron ADX’s subnet, you must add a source IP address to the GSLB
ServerIron ADX. The source IP address must be in the same subnet as the GSLB ServerIron ADX’s
management IP address.
If the DNS server for which the GSLB ServerIron ADX is a proxy is in a different subnet than the GSLB
ServerIron ADX’s management IP address, you can use the same source IP address that you add for
the site ServerIron ADXs. However, you also need to enable the Source NAT feature for the DNS real
server.
The source IP address and source NAT feature allow the ServerIron ADX to send a Layer 4 or Layer
7 health check to the remote site and receive the response. Notice that the source IP address
added to the ServerIron ADX is not in the subnet of the remote ServerIron ADX. Instead, the source
IP address is in the subnet that connects the ServerIron ADX’s local router to the Internet. The
purpose of the source IP address in this configuration is to ensure that the responses from remote
sites come back to the ServerIron ADX. The health check packets use the address you configure as
their source IP address. Without the source IP address in the ServerIron ADX’s subnet and the
source feature, the responses to the health checks sent to remote sites in different subnets cannot
reach the ServerIron ADX.
ServerIron ADX Global Server Load Balancing Guide 17
53-1002437-01
Proxy for DNS server
NOTE
1
For example, the GSLB ServerIron ADX shown in Figure 1 on page 4 needs a source IP address in
the subnet 209.157.23.x. Without this source IP address, Layer 4 and Layer 7 health checks to the
ServerIron ADXs at the Sunnyvale site (209.157.22.x) and the Atlanta site (192.108.22.x) cannot
reach the GSLB ServerIron ADX.
To add a source IP address, enter a command such as the following:
ServerIronADX(config)# server source-ip 209.157.23.225 255.255.255.0 0.0.0.0
Syntax: [no] server source-ip <ip-addr> <ip-mask> <default-gateway>
The <ip-addr> parameter specifies the IP address. Specify an address that is in the same subnet
as the GSLB ServerIron ADX’s management IP address. Do not specify an address that is already in
use.
The <ip-mask> parameter specifies the network mask.
The <default-gateway> parameter specifies the default gateway. This parameter is required, but if
you do not want to specify a gateway, enter “0.0.0.0”.
Configuring real server and virtual server for the DNS server
The virtual server IP address (VIP) will be the Authoritative DNS server for the GSLB Domain.
To configure a real server and virtual server and bind them together for a proxy DNS server, enter
commands such as the following:
ServerIronADX(config)# server real-name dns_ns 209.157.23.46
ServerIronADX(config-rs-dns_ns)# port dns proxy
ServerIronADX(config-rs-dns_ns)# exit
ServerIronADX(config)# server virtual-name-or-ip dns-proxy 209.157.23.87
ServerIronADX(config-vs-dns-proxy)# port dns
ServerIronADX(config-vs-dns-proxy)# bind dns dns_ns dns
The commands in this example add a real server called “dns_ns”. The DNS server has IP address
209.157.23.46. When you add the real server, the CLI changes to the Real Server configuration
level. At this level, you can add TCP or UDP ports and, optionally, modify health check parameters.
In this example, the DNS port is added. Notice that the proxy option is specified following the dns
option. The proxy option is required to indicate that this real server is part of a proxy DNS server
configuration.
If the DNS server is in a different subnet than the GSLB ServerIron ADX, you must configure a
source IP address on the ServerIron ADX for use by the health checks. If the GSLB ServerIron ADX is
in a one-armed configuration or the DNS server is at least one hop away, you must configure a
source IP address and also enable source NAT. (You do not need to add another source IP address
if you have already added one for the remote sites. The GSLB ServerIron ADX can use the same
source IP address for reaching the remote sites and for reaching the DNS server.)
ServerIronADX(config)# server real-name dns_ns 209.157.23.46
ServerIronADX(config-rs-dns_ns)# port dns proxy
ServerIronADX(config-rs-dns_ns)# exit
The server virtual-name-or-ip command adds a virtual server called “dns-proxy”. This command
changes the CLI to the Virtual Server configuration level. At this level, the port dns command adds
the DNS port to the virtual server. The bind command binds the DNS port on the real server to the
DNS port on the virtual server.
18 ServerIron ADX Global Server Load Balancing Guide
53-1002437-01
Loading...