Page 1 53-1002437-01 ® January 2012 ServerIron ADX Global Server Load Balancing Guide Supporting Brocade ServerIron ADX version 12.4.00...
Page 2 Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary Networks, MyBrocade, VCS, and VDX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners.
Page 3: Table Of Contents
Contents About This Document Audience ..........ix Supported hardware and software .
Page 4 Site persistence in GSLB using stickiness.....64 Algorithm ......... . . 65 Enabling sticky GSLB .
Page 5 DNSSEC ..........112 Verification with DIG .
Page 6 Displaying GSLB information ......165 Displaying site information ......165 Displaying real server information .
Page 7 Displaying GSLB for IPv6 configurations .....231 Show commands for basic GSLB configurations...231 Show commands for advanced features .
Page 8 viii ServerIron ADX Global Server Load Balancing Guide 53-1002437-01...
Page 9: About This Document
Supported hardware and software Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for 12.3.00 documenting all possible configurations and scenarios is beyond the scope of this document. The following hardware platforms are supported by this release of this guide: •...
Page 10: Notes, Cautions, And Danger Notices
bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords Identifies text to enter at the GUI or CLI italic text Provides emphasis Identifies variables Identifies document titles text Identifies CLI output code For readability, command names in the narrative portions of this guide are presented in bold: for example, show version.
Page 11: Related Publications
Corporation Referenced Trademarks and Products Microsoft Corporation Windows NT, Windows 2000 The Open Group Linux Related publications The following Brocade documents supplement the information in this guide: • Release Notes for ServerIron Switch and Router Software TrafficWorks 12.2.00 • ServerIron ADX Graphical User Interface •...
Page 12 ServerIron ADX Global Server Load Balancing Guide 53-1002437-01...
Page 13: Global Server Load Balancing
Chapter Global Server Load Balancing Global Server Load Balancing overview Global Server Load Balancing (GSLB) enables a ServerIron ADX to add intelligence to authoritative Domain Name System (DNS) servers by serving as a proxy to these servers and providing optimal IP addresses to the querying clients.
Page 14: Basic Concepts
Global Server Load Balancing overview If the local DNS server does not have an address record for the requested server, the local DNS server makes a recursive query. When a request reaches an authoritative DNS server, that DNS server responds to this DNS query. The client’s local DNS server then sends the reply to the client. The client now can access the requested host.
Page 15 Global Server Load Balancing overview • Session table statistics and CPU load information — The site ServerIron ADXs report this information to the GSLB ServerIron ADX at regular intervals. By default, each remote ServerIron ADX sends the status information to the GSLB ServerIron ADX every 30 seconds. You can change the update period for all the remote ServerIron ADXs by specifying a new period on the GSLB ServerIron ADX if needed.
Page 16: Gslb Example
Global Server Load Balancing overview • IMAP4: the well-known name for port 143 • LDAP: the well-known name for port 389 • NNTP: the well-known name for port 119 • POP3: the well-known name for port 110 • SMTP: the well-known name for port 25 •...
Page 17 Global Server Load Balancing overview 3. The authoritative DNS server for brocade.com answers the client’s query (forwarded by the GSLB ServerIron) by sending a list of IP addresses for the sites that correspond to the requested host. GSLB Site 1 Authoritative DNS server Sunnyvale 4.
Page 18: Gslb Policy
Global Server Load Balancing overview servers that receive the records retain them in their databases for only 10 seconds. After the ten seconds expire, subsequent requests from the client initiate another query to the authoritative DNS server. As a result, the client always receives fresh information and the address of the site that is truly the best site for the client.
Page 19 Global Server Load Balancing overview If the GSLB policy rejects all of the sites, the GSLB ServerIron ADX sends the DNS reply unchanged to the client. All of these metrics have default values but you can change the values if needed. In addition, you can disable individual metrics or reorder them.
Page 20: Active Bindings Metric
Global Server Load Balancing overview NOTE You cannot use the weighted IP metric if the weighted site metric is enabled. The GSLB ServerIron ADX uses relative percentages in order to achieve 100% total weight distribution. To configure weighted IP metrics, refer to “Implementing the weighted IP metric”...
Page 21 Global Server Load Balancing overview Round-trip time between the remote ServerIron ADX and the client The Round-trip time (RTT) is the amount of time that passes between when the remote site receives a TCP connection (TCP SYN) from the client and when the remote site receives the client’s acknowledgment of the connection request (TCP ACK).
Page 22 Global Server Load Balancing overview Site ServerIron ADX’s connection load A GSLB site’s connection load is the average number of new connections per second on the site, over a given number of intervals. When you enable this GSLB metric, all potential candidates are compared against a predefined load limit.
Page 23 Global Server Load Balancing overview Site ServerIron ADX’s administrative preference The administrative preference is an optional metric. This metric is a numeric preference value from 0-255 that you assign to each site ServerIron ADX, to select that ServerIron ADX if the previous metrics do not result in selection of a best site.
Page 24 Global Server Load Balancing overview Use the round robin selection metric instead of the least response selection metric when you want to prevent the GSLB ServerIron ADX from favoring new or recently recovered sites over previously configured active sites. The Least Response metric can cause the GSLB ServerIron ADX to select a new site or a previously unavailable site that has come up again instead of previously configured sites for a given VIP.
Page 25: Minimum Required Configuration
Minimum required configuration NOTE The sum of number of VIPs configured and the number of GSLB hosts configured on the GSLB ServerIron ADX should not exceed 1024. Similarly, the sum of real servers configured and the number of DNS IP addresses should not exceed 4096. Minimum required configuration FIGURE 2 Basic controller and site communication...
Page 26 Minimum required configuration Issue show gslb site on the controller to display site communication information. The state displays “CONNECTION ESTABLISHED” when communication is successful. A protocol version of 1 corresponds to “ATTEMPTING CONNECTION”. Established connections use protocol versions 4 or 5. SLB-chassis(config)# show gslb site...
Page 27: Configuring Gslb
Configuring GSLB Configuring GSLB The examples in the procedures in this section are based on the configuration shown in Figure 1 page 4. TABLE 1 Configuration tasks: Global SLB Feature See page... DNS proxy parameters Configure a source IP address. The source IP address is required so that the GSLB ServerIron ADX page 17 can perform the health checks on remote devices.
Page 28 Configuring GSLB TABLE 1 Configuration tasks: Global SLB (Continued) Feature See page... Disable or re-enable GSLB Traps (optional) Disable or re-enable GSLB SNMP traps and syslog messages page 186 GSLB Error Handling for Unsupported DNS Requests (optional) Configure the ServerIron ADX to send error messages in response to client requests for page 188 unsupported DNS record types.
Page 29: Proxy For Dns Server
Proxy for DNS server Proxy for DNS server NOTE The following scenario is for switch software. If you are using router software, then all you need is an interface IP on the ServerIron ADX that can reach the DNS server. To configure the GSLB ServerIron ADX as a proxy for a DNS server, complete the following steps.
Page 30: Configuring Real Server And Virtual Server For The Dns Server
Proxy for DNS server For example, the GSLB ServerIron ADX shown in Figure 1 on page 4 needs a source IP address in the subnet 209.157.23.x. Without this source IP address, Layer 4 and Layer 7 health checks to the ServerIron ADXs at the Sunnyvale site (209.157.22.x) and the Atlanta site (192.108.22.x) cannot reach the GSLB ServerIron ADX.
Page 31: Enabling The Gslb Protocol
Proxy for DNS server Syntax: [no] server real-name <text> <ip-addr> Syntax: [no] port dns proxy Syntax: [no] port <port> [disable | enable] Syntax: [no] port <port> [keepalive] Syntax: [no] server virtual-name-or-ip <text> [<ip-addr>] Syntax: [no] bind <port> <real-server-name> <port> Enabling the GSLB protocol For security, remote ServerIron ADXs do not listen to TCP port 182 (the GSLB protocol port) by default.
Page 32: Specifying Site Locations
Proxy for DNS server ServerIronADX(config-gslb-site-sunnyvale)# si-name slb-2 209.157.22.210 200 NOTE The administrative preference metric is disabled by default, which means it is not used by the GSLB policy. The GSLB policy uses the preference values only if you enable this metric. Refer to “Disabling or re-enabling individual GSLB policy metrics”...
Page 33: Specifying Gslb Controller Locations
Proxy for DNS server Specifying GSLB controller locations By default, the GSLB controller is assigned to the North America geographic. Specify the GSLB controller location by entering the following command at the global configuration level. ServerIronADX(config)# gslb default-location asia ServerIronADX(config)# write memory Syntax: [no] gslb default-location asia | europe | n-america | s-america | africa If GSLB default location is not specified and if the requesting client prefix is from an unknown geography, then the GSLB controller assigns "north-america"...
Page 34 Proxy for DNS server • IMAP4: the well-known name for port 143 • LDAP: the well-known name for port 389 • NNTP: the well-known name for port 119 • POP3: the well-known name for port 110 • SMTP: the well-known name for port 25 •...
Page 35 Proxy for DNS server To display the status of CNAME, enter the following command. ServerIronADX(config-gslb-policy)# show gslb policy  Default metric order: ENABLE Metric processing order: 1-Remote ServerIronADX's session capacity threshold 2-Round trip time between remote ServerIronADX and client 3-Geographic location 4-Remote ServerIronADX's available session capacity...
Page 36 Proxy for DNS server Syntax: host-info <host-name> http | <TCP-portnum> status-code <range> [<range> [<range> [<range>]]] You can specify up to four ranges (total of eight values). To specify a single message code for a range, enter the code twice. For example to specify 200 only, enter the following command: port http status-code 200 200.
Page 37 Proxy for DNS server Syntax: host-info <host-name> alias <alias-name> NOTE Make sure you configure the alias only after configuring the zone and the host application the alias is for, as shown in the example above. In addition, make sure you specify the fully-qualified name for the alias (for example, “www.gslb.brocade.com”...
Page 38: Private Vips For Gslb
Private VIPs for GSLB ServerIronADX(config)# gslb dns zone brocade.com ServerIronADX(config-gslb-dns-brocade.com)# host-info www http ServerIronADX(config-gslb-dns-brocade.com)# host-info www ip-list 209.157.23.59 When the ServerIron ADX receives a reply from the client’s DNS server for brocade.com, the ServerIron ADX replaces the IP address in the reply with 209.157.23.59, the IP address of a proxy server.
Page 39: Configuring A Public Ip Address For A Vip
Private VIPs for GSLB FIGURE 3 GSLB and private VIPs GSLB ServerIron A Site ServerIron B Firewall Firewall Private IP of VIP: 192.168.10.1 Public IP of VIP: 207.95.55.23 Internet Using the example in Figure 3, suppose the configuration specifies that the public IP address will be used by both the peer GSLB ServerIron ADX A and the site ServerIron ADX B.
Page 40: Private Vip Display Information
Private VIPs for GSLB Private VIP display information To obtain more information about the public and private IP addresses configured for a VIP on a ServerIron ADX, use the following commands: • show gslb dns zone (see “Displaying the results of traffic distribution for Weighted IPs” page 42 for an example screen display) •...
Page 41: Configuring Gslb Protocol Parameters
Configuring GSLB protocol parameters The display shows that the public IP address, 207.95.55.23, is used by both the local and peer GSLB ServerIron ADXs. Syntax: show server virtual-name-or-ip NOTE For a complete description of the fields shown in this screen display, refer to the ServerIron ADX. To display the IP address used for a VIP at a given GSLB site, enter the following command.
Page 42 Configuring GSLB protocol parameters The <tcp-portnum> parameter specifies the TCP port number you want the ServerIron ADX to use for exchanging GSLB information with other ServerIron ADXs. If you change the GSLB protocol port number, you must write memory and reload the software to place the change into effect.
Page 43 Configuring GSLB protocol parameters Removing IP addresses for sites that fail a health check By default, the ServerIron ADX does not remove an IP address from a DNS reply even if the address fails a health check. You can configure the ServerIron ADX to remove IP addresses from DNS replies when those addresses fail a health check.
Page 44 Configuring GSLB protocol parameters To display the state of this feature, enter the show gslb policy command. The DNS best-only field indicates whether the feature is enabled or disabled. Refer to “Displaying the default GSLB policy” on page 175. Changing the query interval Frequency with which the ServerIron ADX verifies its current DNS records with DNS servers.
Page 45 Configuring GSLB protocol parameters ServerIronADX(config-gslb-policy)# no dns ttl Syntax: [no] dns ttl Enabling DNS override By default, the GSLB ServerIron ADX selects the best site IP address from among the addresses contained in the DNS reply. You can override the DNS reply for an individual domain (zone plus a host) by specifying a list of IP addresses, then enabling DNS override.
Page 46 Configuring GSLB protocol parameters When you enable DNS override, the GSLB ServerIron ADX replaces the IP addresses in the DNS reply with the “best” of the proxy server addresses you specify. The GSLB ServerIron ADX determines which proxy server IP address is the best using the GSLB policy metrics. For information about the metrics, refer to “GSLB policy”...
Page 47 Configuring GSLB protocol parameters TABLE 2 GSLB policy metrics Metric Default Configuration options Server (host) health Enabled. You can disable this metric. The GSLB ServerIron ADX performs NOTE: When both the health check Layer 4 health checks on the TCP or metric and the Flashback UDP port and Layer 7 health checks metric are disabled, the...
Page 48 Configuring GSLB protocol parameters TABLE 2 GSLB policy metrics (Continued) Metric Default Configuration options Connection load Disabled. You can enable this metric. You also can change the data collection interval, the number of intervals used to calculate the connection load average, and the relative weights of the intervals.
Page 49 Configuring GSLB protocol parameters After changing policy values, you can display the new values using the show gslb policy command. If you decide you want to change a value back to its default (using “no” in front of the command you used to change it), you can display all the default policy values by entering the show gslb default command.
Page 50 Configuring GSLB protocol parameters • active bindings: The ServerIron ADX’s preference for the IP address with the highest number of active bindings. • capacity: The remote ServerIron ADX’s session capacity threshold. • connection-load: The site ServerIron ADX’s average number of new connections per second •...
Page 51 Configuring GSLB protocol parameters ServerIronADX(config)# gslb policy  ServerIronADX(config-gslb-policy)# health-check ServerIronADX(config-gslb-policy)# geographic To enable the administrative preference metric, which is disabled by default, enter the following commands. ServerIronADX(config)# gslb policy  ServerIronADX(config-gslb-policy)# preference To specify the site connection limit and enable the connection limit metric, enter commands such as the following: ServerIronADX(config)# gslb policy ...
Page 52 Configuring GSLB protocol parameters Implementing the weighted IP metric Beginning with router software release 08.1.00R, you can configure the ServerIron ADX to distribute GSLB traffic among IP addresses in a DNS reply, based on weights assigned to the IP addresses. The weights determine the percentage of traffic each IP address receives in comparison with other candidate IP addresses, which may or may not have assigned weights.
Page 53 Configuring GSLB protocol parameters • The number of eligible IP addresses to be evaluated by the weighted IP metric and their weights • The weight assigned to the IP address If an IP address has a relative weight of zero, or if it does not have a weight assigned to it, the IP address is not selected as the best IP address for a client.
Page 54 Configuring GSLB protocol parameters <IP address> is the IP address for which you are assigning a weight. <weight> is a value from 0 to 100. The default value is 0. However, this command will result in an error if the IP argument for ip-weight has not been previously entered as an argument for ip-list.
Page 55 Configuring GSLB protocol parameters TABLE 5 Example weighted site metric configuration GSLB site Configured weighted site metric Relative weighted site metric San Jose New York London Total 100% Now consider the example in Table 6. In this example, the total of the Configured weighted site metrics (second column) does not equal 100.
Page 56 Configuring GSLB protocol parameters Traffic distribution specifications In general, DNS response selection counters are maintained per IP address, per domain name. For example, suppose you configure three GSLB sites with assigned weights. All three sites host the application www.gslb.com and sites New York and London also host ftp.gslb.com, as illustrated below.
Page 57 Configuring GSLB protocol parameters Displaying results of traffic distribution for Weighted Sites To view the results of traffic distribution after configuring weighted site metrics, enter the following command. ServerIronADX(config)# show gslb traffic site SITE: local Weight: 50 * a.b.c DNS Requests: 36 ServerIronADX VIP Selection (%)...
Page 58 Configuring GSLB protocol parameters The second example shows the third site.  SITE: THREE  * a.b.c DNS Requests: 36  ServerIronADX VIP Selection (%) ============= 1.1.1.3 1.1.1.183 0 (0 %) Site Selection for Domain: 0 (0 %)  * b.b.c DNS Requests: 0...
Page 59 Configuring GSLB protocol parameters For each VIP of interest, the GSLB ServerIron ADX stores the number of active bindings for the respective application port. If the agent is running a software image that does not support the active bindings metric, it does not report any information specific to the active bindings metric.
Page 60 Configuring GSLB protocol parameters GSLB active bindings enhancements The following features have been added to GSLB active bindings: • Weighed active bindings • Minimum active bindings • Tracking an application port for active bindings Configuring weighted active bindings Weighted Active Bindings allows you to configure the GSLB ServerIron ADX to direct requests to domain VIPs in proportion to their active bindings.
Page 61 Configuring GSLB protocol parameters ServerIronADX# configure terminal ServerIronADX(config)# gslb dns zone company.com ServerIronADX(config-gslb-dns-company.com)# host-info www http ServerIronADX(config-gslb-dns-company.com)# host-info www ssl ServerIronADX(config-gslb-dns-company.com)# host-info www http track-port ServerIronADX(config-gslb-dns-company.com)# end Configuring connection load parameters A GSLB site’s connection load is the average number of new connections per second on the site, over a given number of intervals.
Page 62 Configuring GSLB protocol parameters ServerIronADX(config)# gslb policy  ServerIronADX(config-gslb-policy)# connection-load limit 500 This command sets the site connection limit to 500 connections. During site comparison, the GSLB policy discards sites that have an average load of new connections that is higher than the amount you specify.
Page 63 Configuring GSLB protocol parameters Changing the sample interval weight The interval weights are the relative weights of each data sample within a set of sampling intervals. When the data samples are averaged together, the relative weights of the samples can affect the outcome.
Page 64 Configuring GSLB protocol parameters You can change these parameters on an individual basis. To change the session-table capacity metric, enter commands such as the following: ServerIronADX(config)# gslb policy  ServerIronADX(config-gslb-policy)# capacity threshold 99 Syntax: [no] capacity threshold <num> The <num> parameter specifies the maximum percentage of a site ServerIron ADX’s session table that can be in use.
Page 65 Configuring GSLB protocol parameters Modifying round-trip time values The Round-trip time (RTT) is the amount of time that passes between when the remote site receives a TCP connection (sends a TCP SYN) from the client and when the remote site receives the client’s acknowledgment of the connection request (sends a TCP ACK).
Page 66 Configuring GSLB protocol parameters Syntax: [no] round-trip-time cache-interval <num> The <num> parameter specifies the aging interval and can be from 10-1,000,000 seconds (about 11-1/2 days). The default is 120 seconds. Changing the RTT cache prefix You can change the RTT cache prefix, which specifies the level of aggregation that occurs in the GSLB ServerIron ADX’s RTT cache.
Page 67 Configuring GSLB protocol parameters ServerIronADX(config)# gslb policy  ServerIronADX(config-gslb-policy)# round-trip-time explore-percentage 10 The command in this example changes the RTT explore percentage from 5% to 10%. Syntax: [no] round-trip-time explore-percentage <num> The <num> parameter specifies the explore percentage and can be from 0-100. The default is 5. Adding static prefix cache entries The GSLB ServerIron ADX maintains a cache of round-trip time (RTT) information received from the site ServerIron ADXs through the GSLB protocol.
Page 68: Secure Gslb
Secure GSLB The <ip-addr> specifies the address of the cache entry. This is not necessarily the address of a remote site. The address you specify here is combined with the prefix length to result in a network prefix (network portion of an IP address). The prefix length can be from 1-31. NOTE The prefix length 0 is not applicable to this feature and is ignored by the software.
Page 69: Initial Session Key Generation
Secure GSLB • Peer authentication — Each network device must be authenticated before it can connect to the GSLB network. This check ensures that any peer a GSLB device communicates with is the legitimate peer. Peer authentication is provided by using the Rivest-Shamir-Adleman (RSA) public key technology.
Page 70: Rsa Challenge Dialogue
Secure GSLB RSA challenge dialogue Once the initial peer authentication is complete, there is a challenge response dialogue between the two ServerIron ADXs as follows. From GSLB controller to site ServerIron ADX: • GSLB controller uses the site ServerIron ADX public key to encrypt a random sequence of bytes.
Page 71 Secure GSLB Configuring secure-communication on the controller On the GSLB controller, to enable the secure protocol instead of the standard one, enter commands such as the following: SLB-Ctrl-ServerIronADX(config)# gslb site sfo SLB-Ctrl-ServerIronADX(config-gslb-site-sfo)# si slb-1 100.1.1.3 secure-communication Syntax: si <si-name> <si-ip-address> secure-communication The GSLB site ServerIron ADX will automatically understand the secure protocol.
Page 72 Secure GSLB ServerIron(config)#wr mem .Write startup-config in progress. ..Write startup-config done. ServerIron(config)#Saving SSH host keys process is ongoing. Please wait ..................Writing SSH host keys is done! SLB-Ctrl-ServerIronADX(config)#^Z SLB-Ctrl-ServerIronADX#reload A write mem followed by a reload is required. Next, enter the crypto key generate rsa command on the site ServerIron ADX and reload.
Page 73 Secure GSLB NOTE When you specify a TCP port for the key exchange communication, DO NOT use port 182, or the port that you configured for GSLB communication traffic. The default destination TCP port for key exchange is 56895. To change default TCP port when doing public key exchange, enter a command such as the following: ServerIronADX(config)# crypto key-exchange passive 111 3.
Page 74 Secure GSLB 9. After the key-exchange (fingerprint) takes place, the key must be saved on both the controller and site ServerIron ADX using the crypto key-exchange save-peer-key command. Notice there is an erase-peer-key option also. SLB-Ctrl-ServerIronADX(config)#crypto key-exchange ? A.B.C.D IP address of peer erase-peer-key Erase peer public key in flash...
Page 75: Regenerating The Session Keys
Secure GSLB The one-time option configures the peer public keys for a one-time usage, which is the highest level of security. They expire after each TCP session to the peer device is disconnected. To set up a new connection between the devices to forward GSLB messages, you must redo the key exchange steps detailed previously.
Page 76: Minimum Gslb Configuration
Site persistence in GSLB using stickiness The <si-name> parameter specifies the name of the peer site ServerIron ADX to regenerate the session keys for. The <si-ip-address> parameter specifies the IP address of the peer site ServerIron ADX. The regenerate-key-interval <duration> parameter configures the ServerIron ADX to periodically regenerate session keys for the peer site ServerIron ADX.
Page 77: Algorithm
Site persistence in GSLB using stickiness • Client IP address/prefix • Domain name the client requested • Selected IP address for the request This information is saved in a session table when the Sticky GSLB feature is enabled, and the GSLB controller creates a sticky session for each client within the session table.
Page 78: Enabling Sticky Gslb
Site persistence in GSLB using stickiness Enabling sticky GSLB Enabling sticky GSLB is the minimum required configuration. On the GSLB controller, to enable Sticky GSLB globally for all the domains, enter commands such as the following: SLB-Ctrl-ServerIronADX(config)#gslb policy SLB-Ctrl-ServerIronADX(config-gslb-policy)#sticky On the GSLB controller, to enable Sticky GSLB for a specific host, enter commands such as the following: SLB-Ctrl-ServerIronADX(config)#gslb-host-policy test...
Page 79: Allowing Sticky Sessions For A Specific Prefix Length
Site persistence in GSLB using stickiness Syntax: [no] sticky NOTE No special CLI commands need to be issued on the site ServerIron ADX. Allowing sticky sessions for a specific prefix length You can allow sticky sessions for a specific prefix length (not all hosts). For added granularity of the sessions, specify the prefix length for the client IPs.
Page 80: Displaying Current Sticky Gslb Sessions
Site persistence in GSLB using stickiness Displaying current sticky GSLB sessions To display current Sticky GSLB sessions, rconsole into a barrel processor (BP) and enter the following command. 2/3 #show session all 0 Session Info: Flags - 0:UDP, 1:TCP, 2:IP, 3:INT, 4:INVD, H: sessInHash, N: sessInNextEntry Index Src-IP Dst-IP S-port D-port Age...
Page 81: Sticky Gslb Counters
Site persistence in GSLB using stickiness Sticky GSLB counters To display how many times an IP address was selected as the best candidate for a client request, enter the following command. 2/3 #show gslb dns detail ZONE: gslb.com HOST: www: (GSLB policy: test) Flashback DNS resp.
Page 82: Deleting Sticky Gslb Session For A Specific Client
Site persistence in GSLB using hashing Deleting sticky GSLB session for a specific client To delete Sticky GSLB sessions for a specific client, enter a command such as the following: ServerIronADX#clear gslb sticky-session client-ip 100.1.1.101 Syntax: clear gslb sticky-session client-ip <client-ip> The <client-ip>...
Page 83: Hashing Scheme
Site persistence in GSLB using hashing To display the hash table for all domains or a specific zone-name, enter a command on the BP, such as the following: ServerIronADX# rconsole 1 1 ServerIronADX1/1#show gslb phash table all Syntax: show gslb phash table This command displays different results depending on which CPU you're looking at.
Page 84: Ip Address Allocation
Site persistence in GSLB using hashing Example 1.1.1.42 yields hash index 45 {(1+1+1+42 %256) = 45} 172.168.10.1 yields hash index 95 {(172+168+10+1 %256) = 95} After the Client IP address is hashed to an index in the hash table, the IP address associated with the hash index in the hash table is selected as the best IP address for the client.
Page 85: Disabling Rehash
Site persistence in GSLB using hashing The hash table allocation looks like the following: .42 .44 Now the new IP address 1.1.1.43 is configured for domain www.foo.com. The ServerIron ADX sorts the IP addresses for domain www.foo.com as follows. 1.1.1.42 (rank 1) 1.1.1.43 (rank 2)...
Page 86: Hash-Persist Hold-Down: Boot Up Considerations If Rehash Disabled
Site persistence in GSLB using hashing SLB-ServerIronADX(config)#gslb policy SLB-ServerIronADX(config-gslb-policy)#hash-persist persist-rehash-disable The second command disables the behavior described in the section “Rehash: new IP address for a domain or change of state” on page 72. Syntax: hash-persist persist-rehash-disable <time-out> The <time-out> parameter specifies the number of seconds before an IP address is removed from the hash table when that IP becomes down.
Page 87: Show Commands
Site persistence in GSLB using hashing SLB-ServerIronADX#clear gslb phash table zone-name gslb.com host-name www Syntax: clear gslb phash zone-name <zone-name> host-name <host-name> Show commands Many existing show commands for GSLB global and host-level policy have been enhanced for hash-based persistence. Take note of the bold fields. SLB-ServerIronADX#show gslb policy Default metric order: ENABLE SLB-ServerIronADX#show gslb policy...
Page 88: Weighted Distribution Of Sites With Hash-Based Persistence
Weighted distribution of sites with hash-based persistence SLB-ServerIronADX#show gslb dns detail ZONE: gslb.com HOST: www: (Global GSLB policy) Flashback DNS resp. delay selection (x100us) counters SLB-ServerIronADX#show gslb dns detail Count (%) 100.1.1.163: dns v-ip ACTIVE N-AM 7 (100%) ZONE: gslb.com Active Bindings: 1 HOST: www: site: local, weight:...
Page 89 Weighted distribution of sites with hash-based persistence • “Disabling rehash on change in hash weight configuration” on page 79 GSLB hash-based persistence GSLB provides two methods for persistence- Sticky method and Hash-based persistence. Sticky GSLB is suitable for single-box and HA (hot standby, symmetric, sym-active) topologies. However, if there are two GSLB controllers across a network providing GSLB for the same domain but are not in an HA configuration, and if persistence is desired when the same client is directed to either of these two GSLB controllers, then hash-based GSLB persistence should be used.
Page 90 Weighted distribution of sites with hash-based persistence In our example, Hash bucket 0 will be assigned to 1.1.1.42 Hash bucket 1 will be assigned to 1.1.1.43 Hash bucket 2 will be assigned to 1.1.1.44 Hash bucket 3 will be assigned to 1.1.1.44 Hash bucket 4 will be assigned to 1.1.1.42 Hash bucket 5 will be assigned to 1.1.1.43 Hash bucket 6 will be assigned to 1.1.1.44...
Page 91: Configuring Distribution Of Sites With Hash-Based Persistence
Weighted distribution of sites with hash-based persistence The ServerIron ADX sorts the IP addresses for domain www.foo.com in ascending order of the addresses as follows. 1.1.1.42 (rank 1)Hash Weight: 1 1.1.1.43 (rank 2)Hash Weight: 1 1.1.1.44 (rank 3) Hash Weight: 2 The hash table for domain is rehashed using the algorithm described in Section 1.3.
Page 92 Weighted distribution of sites with hash-based persistence NOTE All the existing CLI for old hash-based persistence is applicable to weighted hash based persistence also. It is not described in this document for the sake of brevity. For further details on existing CLI for hash-based persistence, please refer to the online GSLB documentation.
Page 93: Configuring Weights For Domain Ip Addresses
Weighted distribution of sites with hash-based persistence Configuring weights for domain IP addresses Weighted Hash-based GSLB persistence enables the user to distribute the hash buckets for the domain in proportion to the weights configured for the domain IP addresses. Use the following command line interface to configure weights for the domain IP addresses.
Page 94 Weighted distribution of sites with hash-based persistence ServerIronADX(config-gslb-policy)# hash-persist disable-weight-rehash Use the following command line interface to disable rehashing on weight change for host-level GSLB policy. ServerIronADX# config t ServerIronADX(config)# gslb-host-policy test ServerIronADX(config-gslb-host-policy-test)# hash-persist disable-weight-rehash Syntax: [no] hash-persist disable-weight-rehash If the weight of an IP for a domain is changed and this command is configured, then a message, stating that the ServerIron ADX needs to be rehashed at a later time, will be displayed.
Page 95 Weighted distribution of sites with hash-based persistence Manually forcing rehash for a domain Consider the case where user disables rehashing on introduction of a new IP address or change of IP address state from down to healthy or on change in the IP weight configuration, as described earlier.
Page 96: Displaying The Contents Of Active Rtt Cache Entries
Displaying the contents of active RTT cache entries ******************************************************** Client IP address: 30.30.1.2 Domain : www.l47qa.com Number of hashed IPs for domain : 3 Number of active IPs for domain : 3 Client IP hashes to bucket number: 63 IP associated with hash bucket 63: 20.20.1.100 Your Client IP 30.30.1.2 will be serviced by domain IP 20.20.1.100 Displaying weighted hash-based GSLB persistence The following command will show the list of active DNS domain IPs of a zone, weight value...
Page 97: Affinity
Affinity Affinity The GSLB affinity feature configures the GSLB ServerIron ADX to always prefer a specific site ServerIron ADX for queries from clients whose addresses are within a given IP prefix. This feature is useful in the following situations: • When you want to use a primary site for all queries and use other sites only as backups.
Page 98: Defining The Affinity
Affinity • If the reply contains a VIP on the ServerIron ADX associated with the prefix that the client’s IP address is in, the ServerIron ADX places the VIP at the top of the address list in the reply. (This assumes that the VIP passes the applicable health checks if they are enabled.) •...
Page 99: Displaying Rtt Prefix Cache Entries
Affinity The <si-ip-addr> parameter specifies the site ServerIron ADX’s management IP address. NOTE In either case, the running-config and the startup-config file refer to the ServerIron ADX by its IP address. The <ip-addr> <ip-mask> or <ip-addr>/<prefix-length> parameter specifies the prefix. You can specify a mask from 0.0.0.0-255.255.255.254.
Page 100: Displaying Affinity Selection Counters
GSLB domain-level affinity Displaying affinity selection counters You can display the number of times an IP address is selected based on affinity. To display the information, enter the following command. ServerIronADX(config)# show gslb dns detail ZONE: gslb.com HOST: www: Flashback DNS resp....
Page 101: Command Line Interface
GSLB domain-level affinity Command line interface Users will now be able to configure domain-level affinity groups in addition to the global affinity definitions. The new command line interface for the domain-level affinity feature is described below. Creating a domain-level affinity group To create a domain-level affinity group, use the following commands.
Page 102 GSLB domain-level affinity Show commands • “show gslb affinity-group <group-number>” • “show gslb resources” • “show gslb dns zone” • “show gslb dns detail” show gslb affinity-group <group-number> Use this command to display the affinity group, associated affinity definitions, and other related information.
Page 103: Dns Cache Proxy
DNS cache proxy Count (%) 1.1.1.16: cfg real-ip ACTIVE N-AM 0 (0%) 1.1.1.108: cfg v-ip ACTIVE N-AM 5 (100%) show gslb dns detail Use this command to display the affinity group associated with the domain and the number of selections based on affinity. Syntax: show gslb dns detail [<zone-name>] ServerIronADX# show gslb dns detail ZONE: foo.com...
Page 104: Enabling Dns Cache Proxy
DNS cache proxy In configurations where the ServerIron ADX and DNS server are co-located, the additional round trip time between the ServerIron ADX and DNS server is usually negligible. However, if the ServerIron ADX and DNS server are in different networks, the delay can become significant. In this case, the DNS cache proxy can help enhance performance by eliminating the exchange between the ServerIron ADX and DNS server for responses to client queries.
Page 105: Displaying Dns Cache Proxy Statistics
DNS cache proxy • DISABLE (the default) • ENABLE Displaying DNS cache proxy statistics The GSLB ServerIron ADX maintains statistics for the transparent DNS as well as DNS proxy mode query intercept and DNS cache proxy features. The following statistics are displayed for DNS cache proxy: •...
Page 106: Combining The Dns Cache Proxy And Dns Override Features
DNS cache proxy The Direct response field, under “DNS cache proxy stat”, lists how many DNS queries the GSLB ServerIron ADX has responded to using the DNS cache proxy feature instead of forwarding the queries to the DNS server. In this example, the GSLB ServerIron ADX has responded directly to client queries ten times with the best site address among those cached on the ServerIron ADX itself, instead of forwarding the request to the DNS server.
Page 107: Transparent Dns Query Intercept
Transparent DNS query intercept GSLB ServerIron ADX performs GSLB on client queries for IPv4 address records (A records). In GSLB topologies, when the client query comes in for any of the other record types, the GSLB ServerIron forwards the query to the backend DNS server and sends the DNS response unaltered to the client.
Page 108 Transparent DNS query intercept • Redirect the client queries to a proxy DNS server and send the reply unchanged. The ServerIron ADX redirects the client request to the alternate DNS server and sends the response, as is, to the client. The alternate DNS server could be a ServerIron ADX configured for GSLB, in which case the reply has the best address(es) for the client.
Page 109: Redirecting Queries
Transparent DNS query intercept Authoritative DNS server for domain brocade.com 209.157.23.130 4. ServerIron changes the source address in the reply to the authoritative DNS server. If the reply is from a proxy DNS server, the ServerIron also changes the destination address from the ServerIron configured to ServerIron’s source IP address to the intercept DNS queries to...
Page 110 Transparent DNS query intercept Use the following CLI method to configure this feature. To configure the ServerIron ADX to redirect queries to an alternative DNS server, enter commands such as the following: ServerIronADX(config)# source-ip 209.157.23.100 255.255.255.0 0.0.0.0 ServerIronADX(config)# server remote-name dns-redirect 209.200.22.100 ServerIronADX(config-rs-dns-redirect)# source-nat...
Page 111: Redirecting Queries And Perform Gslb
Transparent DNS query intercept This command configures a virtual server that has the DNS server’s actual IP address. When the ServerIron ADX receives a DNS query addressed to the DNS server IP address, the ServerIron ADX intercepts the packet instead of forwarding it to the DNS server. The intercept parameter is required and indicates that you want to use the virtual server for intercepting DNS queries.
Page 112: Responding To Queries Directly
Transparent DNS query intercept ServerIronADX(config)# server virtual-name-or-ip dns-intercept 209.157.23.130 intercept ServerIronADX(config-vs-dns-intercept)# port dns ServerIronADX(config-vs-dns-intercept)# bind dns dns-redirect dns ServerIronADX(config-vs-dns-intercept)# exit ServerIronADX(config)# gslb dns zone brocade.com ServerIronADX(config-gslb-dns-brocade.com)# host-info www http ServerIronADX(config-gslb-dns-brocade.com)# exit The commands are the same as the ones for configuring the ServerIron ADX to redirect queries directly to another DNS server, with one difference.
Page 113: Displaying Transparent Dns Query Intercept Statistics
Transparent DNS query intercept NOTE For non-direct respond transparent intercept, you should not enable dns transparent-intercept in the gslb policy. Notice that unlike the types of transparent DNS query intercept shown in “Redirecting queries” page 97, the type shown here does not require configuration of a real server. Since the ServerIron ADX in this case is responding directly to the query instead of redirecting the query to another device, only the virtual server for intercepting the queries is required.
Page 114: Enabling Dns Request Logging
Enabling DNS request logging TABLE 7 Transparent DNS query intercept statistics This field... Displays... Redirect The number of queries the ServerIron ADX has redirected to an alternative (proxy) DNS server or another ServerIron ADX. Direct response The number of queries to which the ServerIron ADX has directly responded using an IP address configured for the domain.
Page 115 Enabling DNS request logging TABLE 8 GSLB request information This field... Displays... User.Info The management IP address of the GSLB ServerIron ADX. src-ip The IP address of the client that sent the DNS request. best-ip The IP address selected by the GSLB ServerIron ADX as the best site. Host The host application requested by the client.
Page 116: Distributed Health Checks For Gslb
Enabling DNS request logging BP support as GSLB agent If the ServerIron ADX is used as a GSLB agent, the BP synchronizes RTT information collected from clients that make TCP SLB connections to the ServerIron ADX, to the MP. The MP communicates this RTT information to all collectors with which it opened TCP port 182 connections.
Page 117 Enabling DNS request logging The configuration required for the GSLB distributed health check feature depends on whether the GSLB ServerIron ADX and the site ServerIron ADX support the distributed health check feature or not. Refer to the table below for more information on the configuration available and mandated by the GSLB distributed health check feature.
Page 118 Enabling DNS request logging Enabling the distributed health check feature for an individual site ServerIron ADX You can enable the distributed health check feature for an individual site ServerIron ADX. Enter the commands such as the following on the GSLB ServerIron ADX, not on the site ServerIron ADX. GSLB-ServerIronADX(config)# gslb site sunnyvale...
Page 119 Enabling DNS request logging To globally configure the health status reporting interval, enter commands such as the following on the GSLB ServerIron ADX. GSLB-ServerIronADX(config)# gslb policy GSLB-ServerIronADX(config-gslb-policy)# health-status-interval 3 Syntax: [no] health-status-interval <secs> The <secs> parameter specifies the interval. Range is 2-120 seconds. Configuring the agent health report interval If both the GSLB ServerIron ADX and the site ServerIron ADX support the distributed health check feature, you can configure the interval at which the site ServerIron ADX reports the health check...
Page 120 Enabling DNS request logging SITE-ServerIronADX# debug distributed-hcheck sent-add-list GSLB: sent-add-list debugging is on SITE-ServerIronADX# Sending Address List msg: VIP = 192.9.2.16, Active = 1, Host Range = 1, Num Ports = 2 Sending Address List msg: VIP = 192.9.2.17, Active = 0, Host Range = 1, Num Ports = 3...
Page 121: Configuration Examples
Enabling DNS request logging Configuration examples FIGURE 7 Topology GSLB ServerIron Site SI 1.1.1.105 Site SI 1.1.1.106 Site SI 1.1.1.107 Site SI 1.1.1.108 Example 1 In this example: • The GSLB ServerIron ADX supports the distributed health check feature. • Site ServerIron ADXs 1.1.1.105, 1.1.1.106 and ServerIron ADX 1.1.1.107 all belong to site “sunnyvale”...
Page 122 Enabling DNS request logging In order to globally configure the health status interval to 7 seconds, configure the following on the GSLB ServerIron ADX. GSLB-ServerIronADX(config)# gslb policy GSLB-ServerIronADX(config-gslb-policy)# health-status-interval 7 GSLB-ServerIronADX(config-gslb-policy)# end The distributed health check ServerIron ADX 1.1.1.108 now starts sending the health check status information to the GSLB ServerIron ADX every 7 seconds.
Page 123 Enabling DNS request logging The GSLB ServerIron ADX does not support the distributed health check feature, so the distributed health check configuration is neither supported nor applicable to the GSLB ServerIron ADX. The non-distributed health check GSLB ServerIron ADX and the distributed health check site ServerIron ADXs inter-operate without any special configuration;...
Page 124: Dnssec
DNSSEC DNSSEC DNSSEC (Domain Name System Security Extensions) is a set of extensions that provide DNS resolvers origin authentication of DNS data, data integrity and authenticated denial of existence. It protects DNS resolvers from forged DNS data (from cache poisoning, etc.). DNSSEC does not provide confidentiality.
Page 125 DNSSEC 1. LDNS sends a normal type A request with the DO bit set to the mydnssec.com ADNS 2. If the ADNS supports DNSSEC, the response has the DO bit set and a RRSIG record for the response RRset in the answer section 3.
Page 126: Verification With Dig
DNSSEC Verification with DIG The following example shows dig being used to validate a DNSSEC response. [16:31:54 root@rhl-236 ~]# dig +dnssec mydnssec.com +multiline +sigchase +trusted-key=/root/dnssec/Kmydnssec.com.+005+08340.key ;; RRset to chase: mydnssec.com. 86400 IN A 10.35.62.235 ;; RRSIG of the RRset to chase: mydnssec.com.
Page 127: Configuring Dnssec For Gslb
DNSSEC (IP address) are used in the signature. The TTLs of individual resource records are not part of the data used in signing to allow for aging. Since the TTL of the RRSIG record is part of the signed data, a caching resolver is expected to cache a response up to the minimum (smallest RR TTL in RRset, RRSIG record TTL).
Page 128: Displaying Dnssec Configuration
DNSSEC Configuring load balancing of plain DNS request across all servers If zones and real servers are configured for DNSSEC, then non-dnssec servers are used for requests on non-dnssec zones. To load-balance non-dnssec (plain DNS) requests across all servers, use one of the following commands.- ServerIron(config)# server virtual dns_vip 209.157.23.46 ServerIron(config-vs-dns_vip)# port dns ServerIron(config-vs-dns_vip)# port dns use-dnssec-servers-for-dns-queries...
Page 129: Host-Level Policies For Site Selection
Host-level policies for site selection ServerIronADX# show gslb global-statistics DNS proxy statistics: TCP response 4 UDP response Query type A 8 Query type ANY DNSSEC response DNS cache proxy stat: Direct response DNS query intercept stat: Redirect Direct response Unsupported query types stat: Error handling cnt Syntax: show gslb global-statistics Host-level policies for site selection...
Page 130 Host-level policies for site selection 1. Define a name for the host-level GSLB policy. Refer to page 118. 2. Configure the parameters for the policy. Refer to page 118. 3. Apply the policy to a host or multiple hosts. Refer to page 125.
Page 131 Host-level policies for site selection You must specify a connection limit to enable the Connection Load metric. You can specify a value from 1 to as high a value as you need. There is no default. However, the actual value of the Connection Load limit, and other connection load parameters, will be obtained from the global GSLB policy.
Page 132 Host-level policies for site selection Some of the DNS parameters are not configurable in the host-level GSLB policy. These parameters include: • dns cache-proxy: Enables the ServerIron ADX to act as a proxy for a DNS server, by responding directly to the client queries without forwarding them to the DNS server •...
Page 133 Host-level policies for site selection When the ServerIron ADX compares the Flashback speeds, it compares the Layer 7 (application-level) Flashback speeds first, if applicable. If the application has a Layer 7 health check and if the Flashback speeds are not equal, the ServerIron ADX is through comparing the Flashback speeds.
Page 134 Host-level policies for site selection GSLB-ServerIronADX(config)# gslb-host-policy abc GSLB-ServerIronADX(config-gslb-host-policy-abc)# metric-order set health-check round-trip-time capacity num-session flashback Syntax: [no] metric-order set <list> The <list> parameter is a list of the metrics you want to use, in the order you want the GSLB ServerIron ADX to use them for the host-level policy.
Page 135 Host-level policies for site selection Enabling the Num-session metric The capacity threshold specifies how close to the maximum session capacity the site ServerIronADX (remote ServerIron ADX) can be and still be eligible as the best site for the client. This mechanism provides a way to shift load away from a site before the site becomes congested. The GSLB ServerIron ADX uses this metric when evaluating the sites in a DNS reply to choose the best site.
Page 136 Host-level policies for site selection Syntax: [no] round-robin Enabling the Round-Trip-Time metric You can enable the GSLB metric for the round-trip time between the remote ServerIron ADX and the DNS client. The Round-trip time (RTT) is the amount of time that passes between when the remote site initiates a TCP connection (sends a TCP SYN) to the client and when the remote site receives the client’s acknowledgment of the connection request (sends a TCP ACK).
Page 137: Displaying Host-Level Policy Information
Host-level policies for site selection GSLB-ServerIronADX(config)# gslb-host-policy abc GSLB-ServerIronADX(config-gslb-host-policy-abc)# weighted-site Syntax: [no] weighted-site Use the no form of the command to disable the weighted IP metric for the host-level policy. Applying a host-level policy to a GSLB host To apply a configured host-level policy to a GSLB host, enter commands such as the following: GSLB-ServerIronADX(config)# gslb dns zone gslb1.com...
Page 138 Host-level policies for site selection Displaying all GSLB policies To view all defined host-level policies, enter the following command. GSLB-ServerIronADX# show gslb policy host-policy-all GSLB POLICY: abc Default metric order: ENABLE Metric processing order: 1-Server health check 2-Remote ServerIron's session capacity threshold 3-Round trip time between remote ServerIron and client 4-Geographic location 5-Site connection load...
Page 139 Host-level policies for site selection Displaying the policy used for hosts To view which GSLB policy is being used for hosts, enter the following command. ServerIronADX# show gslb dns zone ZONE: gslb1.com HOST: www: (GSLB policy: test) Flashback DNS resp. delay selection (x100us)
Page 140: Deleting Gslb Host-Level Policies
Host-level policies for site selection Deleting GSLB host-level policies Deleting a policy that is not applied to a host You can delete a host-level GSLB policy directly using the no gslb host-policy-name <policy-name> command as long as the policy is not applied to a host. If the policy is bound to a host, the GSLB ServerIron ADX will not allow you to delete the policy.
Page 141: Geographic Region For A Prefix
Geographic region for a prefix GSLB-ServerIronADX(config-gslb-dns-gslb1.com)# exit GSLB-ServerIronADX(config)# gslb dns zone foo.com GSLB-ServerIronADX(config-gslb-dns-foo.com)# host-info ftp ftp GSLB-ServerIronADX(config-gslb-dns-foo.com)# host-info ftp gslb-policy test In the above example, with host policy “test” applied to host “www” for gslb1.com, when the ServerIron ADX receives client queries for www.gslb1.com, the GSLB ServerIron ADX returns only the healthy IP addresses with the best IP address at the top of the list (i.e., 1.1.1.101 only).
Page 142: Configuring A Geographic Prefix
Geographic region for a prefix management IP address.  If you configure a geographic prefix entry that matches the management IP address of the remote ServerIron ADX and also specify a geographic location for the GSLB site where the remote ServerIron ADX resides, then the geographic location configured for the GSLB site takes precedence over the one defined in the user-configured geographic prefix entry.
Page 143: Displaying The Number Of Geographic Prefixes
Geographic region for a prefix Syntax: [no] geo-prefix { <ipv4-prefix> | <ipv6-prefix>} [asia | europe | n-america | s-america | africa] The command configures an association between a prefix and a geographic location. The <ipv4-prefix> and <ipv6-prefix> variables identify the respective networks. Five operands serve as location tags for the network: asia, europe, n-america, s-america, and africa.
Page 144: Example Configuration
Geographic region for a prefix To view all geographic prefixes on the GSLB ServerIron ADX, enter the following command. GSLB-ServerIronADX# show gslb cache all geographic user-configured prefix length = 24, prefix = 1.1.1.0, region = EUROPE prefix source = geographic (user-configured), prefix length = 24, prefix = 10.10.10.0, region = ASIA...
Page 145: Smoothing Mechanism For Rtt Measurements
Smoothing mechanism for RTT measurements ServerIronADX# show gslb dns detail  ZONE: gslb1.com HOST: www: (Global GSLB policy) Flashback DNS resp. delay selection (x100us) counters Count (%) 1.1.1.22: dns real-ip ACTIVE ASIA --- 10.10.10.200: dns real-ip DOWN N-AM --- 1.1.1.76: dns v-ip DOWN ASIA ---...
Page 146: Configuring Enhanced Rtt Smoothing
Smoothing mechanism for RTT measurements This release introduces a new smoothing mechanism along with a proprietary smoothing algorithm for GSLB RTT measurements to effectively deal with variances in RTT measurements. These mechanisms allow you to define what is a very high or a very low value for an RTT sample on the GSLB ServerIron ADX.
Page 147 Smoothing mechanism for RTT measurements Each successively high RTT sample will be gradually factored into the existing RTT value using an additive increase. The ramp up factor specifies the step for the additive increase. For example, if the ramp up factor is 2 and the normal ramp factor is 10, then the percent usage of the new RTT sample will increase in increments of 2 until it reaches 10, as follows: 1,3,5,7, 9,10.
Page 148 Smoothing mechanism for RTT measurements Syntax: enable-site-rtt-smoothing Disabling enhanced RTT smoothing To disable enhanced RTT smoothing for a GSLB Site, enter commands such as the following: GSLB-ServerIronADX# configure terminal GSLB-ServerIronADX(config)# gslb site sanjose GSLB-ServerIronADX(config-gslb-site-sanjose)# disable-site-rtt-smoothing Syntax: disable-site-rtt-smoothing This command disables enhanced RTT smoothing for the specified site. If the feature is enabled globally, you can disable it for a particular site using this command.
Page 149 Smoothing mechanism for RTT measurements Specifying the ramp-up-factor The ramp-up factor specifies the increments in which successively new high RTT samples should be factored into the existing RTT value. If you want to specify the ramp-up factor, enter commands such as the following on the GSLB ServerIron ADX. GSLB-ServerIronADX# configure terminal...
Page 150 Smoothing mechanism for RTT measurements Syntax: enable-sim-new-rtt-smooth This command enables enhanced RTT smoothing only for simulation purposes. To disable the enhanced smoothing mechanism during simulation, configure the following: GSLB-ServerIronADX(config-gslb-rtt-sim-test)# disable-sim-new-rtt-smooth Syntax: disable-sim-new-rtt-smooth This command disables enhanced RTT smoothing only for simulation purposes. You can now input the RTT values and the simulator will display the result of RTT smoothing of the RTT value.
Page 151 Smoothing mechanism for RTT measurements RTT state before application of RTT smoothing mechanism: ------------------------------------------------------------------ RTT val = 114, RTT decimal val = 0.0 Applied RTT smoothing algorithm for new RTT sample 30 RTT state after application of RTT smoothing mechanism: ----------------------------------------------------------------...
Page 152 Smoothing mechanism for RTT measurements ---------------------------------------------------------------- RTT value after smoothing = 27, RTT decimal val = 0.100 ignore-larger-rtt-count = 1 ignore-smaller-rtt-count = 0, increment-rtt-factor = 1 GSLB-ServerIronADX(config-gslb-rtt-sim-test)# rtt-val 30 SIMULATOR: Enhanced RTT smoothing is ON RTT sample value 30 is acceptable RTT state before application of enhanced RTT smoothing mechanism:...
Page 153: Determining If The New Rtt Smoothing Mechanism Is Enabled141
Round-trip times GSLB-ServerIronADX(config-gslb-rtt-sim-test)# exit Note that the resulting RTT value obtained after smoothing the following set of RTT samples (30,1,1000,30,30,30,30) using the old smoothing mechanism is 90.0. The result and is 28.96 with the enhanced smoothing mechanism. Determining if the new RTT smoothing mechanism is enabled To determine if the new RTT smoothing mechanism is enabled or disabled for a GSLB Site, enter the following command.
Page 154: Active Rtt Gathering
Round-trip times configured on the remote site ServerIron ADX, the passive RTT information is also gathered and sent out to the GSLB controller. You can check the features on a ServerIron ADX using show feature command on a BP console. If "SLB only" is display as “ON,” that means that the ServerIron ADX will only process basic load balance traffic.
Page 155: Support For Both Active And Passive Rtt
Round-trip times Active RTT is always measured between the Site ServerIron ADX and the client LDNS. This method of measuring RTT enables the GSLB ServerIron ADX to use this actively gathered RTT even if the client and its LDNS do not share the same network prefix. FIGURE 10 Active RTT gathering GSLB ServerIron...
Page 156: Active Rtt Gathering Issues And Trade-Offs
Round-trip times GSLB ServerIron ADXs on which active RTT gathering is enabled is compatible with Site ServerIron ADXs that are running passive RTT gathering, and vice versa. You can have an active RTT gathering GSLB ServerIron ADX with some Site ServerIron ADXs running active RTT gathering and others that are running passive RTT gathering.
Page 157: Discarding Passive Rtt
Round-trip times Syntax: [no] gslb active-rtt-gathering Once you enter this command on the GSLB ServerIron ADX, the GSLB ServerIron ADX performs a message exchange with each Site ServerIron ADX to determine if it is running a version that supports active RTT gathering. If it does, then the GSLB ServerIron ADX instructs the Site ServerIron ADX to enable active RTT gathering.
Page 158: Configuring Active Rtt Parameters
Round-trip times Configuring active RTT parameters Configuring active RTT query message interval The active RTT query message interval refers to the time intervals at which the GSLB ServerIron ADX sends the list of LDNS addresses to the Site ServerIron ADXs. These are the LDNS hosts for which the Site ServerIron ADXs need to actively gather the RTT.
Page 159 Round-trip times Configuring the active RTT refresh interval The Site ServerIron ADX maintains a timestamp for each of the LDNS prefixes in its active RTT cache. The time stamp indicates the last time RTT was probed. If the time that has elapsed since the last probe is greater than the RTT refresh interval on the Site ServerIron ADX, then the Site ServerIron ADX initiates a new RTT measurement probe to the LDNS host for that prefix.
Page 160 Round-trip times In the example above, assume that the GSLB ServerIron ADX is configured as Mode 2. Also assume that this GSLB ServerIron ADX is providing GSLB for www.foo.com where the IP addresses for this domain are IP-1, IP-2, and IP-3. IP-1 is a VIP on ServerIron ADX-1. IP-2 is a VIP on ServerIron ADX-2. IP-3 is a VIP on ServerIron ADX-3.
Page 161: Probes For Rtt Gathering
Round-trip times GSLB-ServerIronADX# configure terminal GSLB-ServerIronADX(config)# gslb policy GSLB-ServerIronADX(config-gslb-policy)# round-trip-time active-rtt use-active-and-passive-rtts To configure a host-level GSLB policy to use both passive and active RTT values for RTT algorithm (Mode 3), enter commands such as the following GSLB-ServerIronADX# configure terminal GSLB-ServerIronADX(config)# gslb-host-policy test...
Page 162 Round-trip times If neither of these commands is configured, then the GSLB ServerIron ADX will not use any DNS probe measurement reported by the Site ServerIron ADXs and will use only the RTT values reported by the ICMP probe for the best IP address selection. Enabling the DNS prober To enable the DNS prober on the Site ServerIron ADX, enter the following on the Site ServerIron ADX.
Page 163: Active Rtt Gathering And High Availability Support
Round-trip times If both the ICMP and DNS fast-aging commands are enabled on the Site ServerIron ADX, then failure of either ICMP or DNS probes will quickly age out LDNS prefixes from the active RTT cache. Typically you should enable only one of these commands. Follow the guidelines below to determine which command to enable: •...
Page 164: Displaying Rtt Information
Round-trip times Displaying RTT information Displaying the RTT gathering mechanism To view the RTT gathering mechanism for a Site ServerIron ADX, enter the following command on the GSLB ServerIron ADX. ServerIronADX# show gslb site SITE: local Enhanced RTT smoothing: OFF ServerIronADX: 1.1.1.102:...
Page 165 Round-trip times Displaying the active RTT gathering configuration To view the active RTT gathering configuration parameters, enter the following command. ServerIronADX# show gslb active-rtt-info Controller Information: ----------------------- Active RTT gathering: ENABLE Discard Passive RTT recvd. from agent: DISABLE Interval to send active rtt query buffer to agent = 60 sec DNS probe = Disable, Fallback=Disable Agent Information:...
Page 166 Round-trip times TABLE 9 Show GSLB active RTT information (Continued) This field... Displays... Num passive RTT peers Number of active RTT GSLB ServerIron ADXs for which this ServerIron ADX is a Site ServerIron ADX. Agent active rtt cache interval The cache interval for a prefix in the Site ServerIron ADX’s active RTT cache.
Page 167 Round-trip times This output shows that the prefix 1.1.0.0, prefix length = 20 was created due to an active RTT update from the Site ServerIron ADX. The primary RTT reported for this prefix by Site ServerIron ADX 1.1.1.115 is 2000 usec, the source is active RTT gathering and the probe method is DNS. The backup RTT is 1600usec and the method is ICMP probes.
Page 168 Round-trip times Displaying the RTT algorithm mode To display the RTT algorithm mode, enter the following command. GSLB-ServerIronADX#show gslb policy Default metric order: DISABLE Metric processing order: 1-Round trip time between remote ServerIronADX and client 2-Least response selection DNS active-only: ENABLE DNS best-only: ENABLE DNS override: DISABLE...
Page 169: Gslb Affinity For High Availability
GSLB affinity for high availability GSLB affinity for high availability The GSLB Affinity feature configures the GSLB ServerIron ADX to always prefer a specific Site ServerIron ADX for queries from clients (or client LDNS servers) whose addresses are within a configured IP prefix.
Page 170: Enabling Dynamic Detection
GSLB affinity for high availability Syntax: [no] gslb ha-group <ServerIron ADX-IP-address-1> <ServerIron ADX-IP-address-2> Enter the IP address of the two Site ServerIron ADXs in a HA group for <ServerIron ADX-IP-address-1> and <ServerIron ADX-IP-address-2>. Currently, you can specify only two Site ServerIron ADXs in a HA group.
Page 171: Displaying Ha Information
GSLB affinity for high availability 1. Make sure you configure HA groups for the ServerIron ADX. (Refer to “Configuring an HA group” on page 157.) 2. Enable dynamic detection as a backup mechanism by entering commands such as the following on the GSLB ServerIron ADX. ServerIronADX# configure terminal...
Page 172 GSLB affinity for high availability Syntax: show gslb site <site-name> The field "Cfg HA peer" shows the configured HA peer Site ServerIron ADX for this Site ServerIron ADX. Displaying the dynamically detected HA pairs To view the dynamically detected ServerIron ADX HA pairs, use the following command on the GSLB ServerIron ADX.
Page 173 GSLB affinity for high availability FIGURE 11 GSLB affinity for HA GSLB SI 1.1.1.102 LDNS 2.1.1.53 Clients SI 2.1.1.104 SI 2.1.1.103 VIP 2.1.1.23 (S) VIP 2.1.1.23 (A) High Availability ServerIron ADX 1.1.1.102 is a GSLB ServerIron ADX that is providing GSLB for domain www.foo.com.
Page 174: Gslb Optimization
GSLB optimization Client LDNS 2.1.1.53 sends a DNS request to GSLB ServerIron ADX for www.foo.com. GSLB ServerIron ADX rearranges the DNS reply as follows. 1. It checks if there is any affinity definition associated with the client LDNS network. In this example, it finds that there is a definition associating network 2.1.1.0/24 with ServerIron ADX 2.1.1.104.
Page 175 GSLB optimization 1. On controller, enable VIP list process optimization by issuing the following command at global config level. ServerIronADX(config)# gslb process-vip-list-optimize ServerIronADX(config)# write memory ServerIronADX(config)# reload NOTE A system reload is required after enabling the gslb process-vip-list-optimize command. 2. Under a site definition on the controller, add the si <si-ip-address> optimized-dist-hcheck command.
Page 176: Configuration Example
GSLB optimization ServerIronADX# show gslb site SITE: site-1 Enhanced RTT smoothing: OFF 68.87.24.37: state: CONNECTION ESTABLISHED Protocol Version: 1 distributed health-chk Active RTT gathering: NO Secure Authenticate/Encrypt: NO, Optimized dist hcheck: YES, Current num. Session CPU load Preference Location Connection sessions util(%) (0-255)
Page 177: Guidelines And Recommendations For Using This Feature
Displaying GSLB information Guidelines and recommendations for using this feature We recommend that you observe the following guidelines when using this feature: • The GSLB controller and ServerIron ADX Side functionality (remote or local) should not be configured on the same ServerIron ADX. •...
Page 178 Displaying GSLB information To display information for all the configured sites, enter the following command at any level of the CLI. ServerIronADX(config)# show gslb site SITE: sunnyvale ServerIronADX: slb-1 209.157.22.209: state: CONNECTION ESTABLISHED Current num. Session CPU load Preference Location sessions util(%) (%)...
Page 179 Displaying GSLB information To display information about the GSLB site called “sunnyvale” and the ServerIron ADXs providing SLB within those sites, enter the following command. ServerIronADX(config)# show gslb site sunnyvale ServerIronADX: slb-1 209.157.22.209: state: CONNECTION ESTABLISHED Current num. Session CPU load Preference Location...
Page 180: Displaying Real Server Information
Displaying GSLB information TABLE 10 Global SLB site information (Continued) This field... Displays... Preference The numeric preference value for this site ServerIron ADX. The preference can be used by the GSLB policy to select a site. Refer to “Site ServerIron ADX’s administrative preference” on page 11.
Page 181 Displaying GSLB information The GSLB protocol allows you to query the site ServerIron ADXs for configuration information as well as the session and CPU information used by the GSLB policy. You can view detailed configuration information and statistics for the site ServerIron ADX, from the GSLB management console.
Page 182: Displaying Dns Zone And Hosts
Displaying GSLB information Displaying DNS zone and hosts To display information about the DNS zones and host names that you have configured the GSLB ServerIron ADX to globally load balance, use either of the following methods. NOTE There are two examples of this command line output shown below. The output differs depending on the ServerIron ADX device you are using and the software release installed on the ServerIron ADX.
Page 183 Displaying GSLB information TABLE 11 GSLB zone and host application information This field... Displays... ZONE The zone name. The name that appears here is the name you specified when you configured the zone information. NOTE: This field appears only if you do not specify the zone name when you display the information.
Page 184 Displaying GSLB information TABLE 11 GSLB zone and host application information (Continued) This field... Displays... Location The geographic location of the server. The location is based on the IP address and can be one of the following: • ASIA • EUROPE •...
Page 185 Displaying GSLB information In this example, ServerIron ADX slb-1 is the active ServerIron ADX for VIPs 209.157.22.100 and 109.157.22.101 and ServerIron ADX slb-2 is the default active ServerIron ADX for VIPs 209.157.22.103 and 209.157.22.104. Although this example has both VIPs for a host active on the same ServerIron ADX, you can just as easily configure the VIPs so that both ServerIron ADXs have active VIPs for the same host.
Page 186: Displaying Metric Information
Displaying GSLB information Displaying metric information You can show the following information: • The metrics that were used to select a given site as the best site. • For each of the GSLB metrics that have been used to select the site, the number of times that metric was the deciding factor in selection of the site.
Page 187: Displaying The Default Gslb Policy
Displaying GSLB information Displaying the default GSLB policy To display the default GSLB policy, enter the following command. ServerIronADX(config)# show gslb default Default metric order: ENABLE Metric processing order: 1-Server health check 2-Remote ServerIronADX's session capacity threshold 3-Round trip time between remote ServerIronADX and client 4-Geographic location...
Page 188 Displaying GSLB information TABLE 13 GSLB policy information (Continued) This field... Displays... DNS override Indicates whether DNS override is enabled. DNS override replaces the addresses in a DNS reply with the “best” address from a list of addresses you configure. This field can have one of the following values: •...
Page 189: Displaying The User-Configured Gslb Policy
Displaying GSLB information TABLE 13 GSLB policy information (Continued) This field... Displays... Flashback appl-level delay Indicates the percentage of difference that can exist between application level tolerance FlashBack response times for two sites, without the ServerIron ADX preferring one site over the other based on this metric. TCP-level delay tolerance Indicates the percentage of difference that can exist between Layer 4 FlashBack response times for two sites, without the ServerIron ADX preferring...
Page 190: Displaying Rtt Information
Displaying GSLB information ServerIronADX(config)# show gslb policy Default metric order: DISABLE Metric processing order: 1-Round trip time between remote ServerIronADX and client 2-Remote ServerIronADX's session capacity threshold 3-Remote ServerIronADX's available session capacity 4-Server flashback speed 5-Remote ServerIronADX's preference value 6-Least response selection ...
Page 191 Displaying GSLB information This example shows the RTT prefix cache entry that contains site IP address 192.1678.2.1. The prefix source line indicates that the prefix cache entry that matches the site address was added statically. Notice that a prefix cache entry can have more than one source. In this case, the prefix was statically configured but a specific entry (listed below under the domain name “www.brocade.com”) was created when the GSLB ServerIron ADX received RTT information from the site ServerIron ADX for a site address within the prefix.
Page 192: Displaying Gslb Resources
Displaying GSLB information Displaying GSLB resources For GSLB parameters, you can display the number of currently configured items and the maximum number of items you can configure on the ServerIron ADX. To display this information, use the following CLI method. To display GSLB resource information, enter the following command at any level of the CLI.
Page 193: Displaying Dynamic Server Information
Displaying GSLB information TABLE 15 GSLB resources (Continued) This field... Displays... dns IP addrs. The number of IP addresses the GSLB ServerIron ADX has learned from the DNS server, and the maximum number of DNS records the GSLB ServerIron ADX can store in memory. affinities The number of affinity definitions currently configured on the GSLB ServerIron ADX and the maximum number that can be configured.
Page 194 Displaying GSLB information To display dynamic server information, enter the commands shown in the following examples. The portions of the output that are shown in bold type are those of interest. Displaying dynamic real server information To display the real servers that the ServerIron ADX dynamically has created for the site addresses from DNS replies, enter the following information.
Page 195 Displaying GSLB information Virtual Servers Info Server Name: 10.10.10.10 IP : 10.10.10.10 1 Status: enabled Predictor: round-robin TotConn: 0 Dynamic: Yes HTTP redirect: disabled ACL: id = 0 Sym: group = 1 state = 5 priority = 0 keep = 0...
Page 196: Specifying The Source Ip Of Probes
Displaying GSLB information The show server dynamic sessions command provides a simple way to list the real servers. The output is based on the output for the show server sessions command. However, in the case of dynamically created servers, there are no meaningful session statistics in this display. Specifying the source IP of probes In previous GSLB implementations, both the ICMP and DNS RTT probes sent out for the active RTT gathering feature used the IP address of the outgoing interface to the LDNS server as the source IP.
Page 197 Displaying GSLB information ServerIronADX# show gslb cache all affinity prefix length = 24, prefix = 28.1.1.0, region = N-AM prefix source = affinity, affinity = site: local, ServerIronADX: 1.1.1.102 Syntax: show gslb cache all affinity To display the statically generated geographic cache entries on the GSLB ServerIron ADX, enter the following command.
Page 198: Snmp Traps And Syslog Messages
SNMP traps and syslog messages ServerIronADX# show gslb cache 1.1.0.0 smaller-than 24 prefix length = 20, prefix = 1.1.0.0, region = ASIA prefix source = geographic (user-configured), rtt-update,  site = local, ServerIronADX = (1.1.1.102), rtt = 7 (x100 usec) Syntax: show gslb cache <ip-addr>...
Page 199: Syslog Messages
SNMP traps and syslog messages A given domain name can be associated with multiple health check TCP or UDP ports. In that case, the GSLB ServerIron ADX considers an IP address to be active only if all its associated TCP and UDP ports pass their health checks.
Page 200: Disabling And Re-Enabling Traps
GSLB error handling for unsupported DNS requests • The final two GSLB messages in this example (the ones nearest the top of the log) indicate that the site ServerIron ADXs responded to the Layer 3 health check (IP ping). Disabling and re-enabling traps All traps, including GSLB traps, are enabled by default.
Page 201: Default Settings For Gslb Error Handling
GSLB error handling for unsupported DNS requests This process works in topologies where the GSLB ServerIron ADX front-ends a DNS server. However, not all GSLB topologies require a DNS server. For example, when the GSLB ServerIron ADX is configured as a DNS cache proxy with DNS override and IP lists. In this case, when the GSLB ServerIron ADX receives a client query for an unsupported DNS record type, the GSLB ServerIron ADX cannot forward the client request to a DNS server, so it drops the query without sending a response to the client, subsequently causing the client to time out.
Page 202: Error Handling Response Format
GSLB error handling for unsupported DNS requests Error handling response format The GSLB error handling response format complies with RFC 2308, NODATA type 3 response. By default, the return code (rcode) is noerror. The RFC 2308 format is as follows. NO DATA RESPONSE: TYPE 3 Header:...
Page 203: Viewing Error Handling Statistics
GSLB error handling for unsupported DNS requests refused = query refused servfail = server failure NOTE Do not change the error code unless you are absolutely certain of the effect of the configuration. For example, if you configure nxdomain as the return code, the GSLB ServerIron ADX responds to an unsupported query type with this error code.
Page 204 GSLB error handling for unsupported DNS requests ServerIron ADX Global Server Load Balancing Guide 53-1002437-01...
Page 205: Global Server Load Balancing For Ipv6
Chapter Global Server Load Balancing for IPv6 Global server load balancing for IPv6 overview Global Server Load Balancing (GSLB) enables a ServerIron ADX to add intelligence to authoritative Domain Name System (ADNS) servers by serving as a proxy to these servers and providing optimal IP addresses to the querying clients.
Page 206: Gslb For Ipv6 Feature Support
Global server load balancing for IPv6 overview GSLB for IPv6 feature support In the initial release of GSLB for IPv6, a subset of modes, GSLB policy metrics, and other features and modules are supported. Modes In the current implementation, GSLB ServerIron ADX performs GSLB for IPv6 domain IP addresses only in the DNS cache proxy with Override mode.
Page 207: Gslb For Ipv6 Example
Global server load balancing for IPv6 overview • If the client does not advertise EDNS0 header with a buffer larger than 512 bytes, eight IPv6 addresses per host are supported in the response. • If the client advertises EDNS0 header with a buffer smaller than 512 bytes, forty IPv6 addresses per host are supported in the response.
Page 208: Basic Gslb For Ipv6 Configuration
Basic GSLB for IPv6 configuration The GSLB controller makes decisions based on the GSLB policy. In the example above, both the IPv6 VIPs were healthy, so client was directed to the IPv6 VIP that was geographically closer based on the configured policy. If the VIP at the geographically closer site (the US site) was down, the GSLB controller would direct traffic to the EU site.
Page 209: Configuring The Gslb Controller
Basic GSLB for IPv6 configuration Configuring the GSLB controller The GSLB ServerIron ADX supports global server load balancing in DNS cache proxy with DNS override mode. In this mode, the GSLB controller responds directly to DNS queries with the “best” address, from a configured list of addresses, at the top of the DNS response.
Page 210: Configuring Zones
Basic GSLB for IPv6 configuration Enabling DNS override DNS override enables you to configure the GSLB ServerIron ADX to "override" the DNS reply for a domain and specify the IP addresses for the domains configured on it. DNS override (when configured in conjunction with DNS cache-proxy) allows the GSLB ServerIron ADX to respond directly to DNS queries using the configured IP lists, without the need for a backend DNS server.
Page 211 Basic GSLB for IPv6 configuration • FTP: the well-known name for port 21. (Ports 20 and 21 both are FTP ports but on the ServerIron ADX, the name “FTP” corresponds to port 21.) • TFTP: the well-known name for port 69 •...
Page 212 Basic GSLB for IPv6 configuration The ip-list <ipv6-address> variable specifIes the proxy IPv6 address(es). You can specify as many proxy IP addresses as you need. If you specify multiple addresses, separate each address with a space. Here is an example: host-info www ip-list 2001:db8::56 2001:db8::ab 2001:db8::cd Configuring sites The GSLB protocol is disabled by default.
Page 213: Site Serveriron Adx Configuration
Basic GSLB for IPv6 configuration Site ServerIron ADX configuration Enabling the GSLB protocol The GSLB protocol is disabled by default on site ServerIron ADX switches. You must enable the GSLB protocol on each site ServerIron ADX switch and configure the IP addresses of the site ServerIron ADX switches on the GSLB ServerIron ADX to enable the GSLB ServerIron ADX to establish communication with the site ServerIron ADX switches.
Page 214 Basic GSLB for IPv6 configuration DNS override allows the ServerIron ADX to replace the IP address in the DNS reply with the IP addresses you configure for the DNS cache proxy. These addresses are defined in the IP list. Before specifying the IP list, you must define the hosts and their associated health checks (if applicable).
Page 215: Advanced Gslb Configuration For Ipv6
Advanced GSLB configuration for IPv6 If you have enabled the GSLB protocol on the site ServerIron ADXs, the GSLB ServerIron ADX begins communicating with the site ServerIron ADXs using the GSLB protocol as soon as you add the site definitions to the GSLB ServerIron ADX. Advanced GSLB configuration for IPv6 Advanced configuration tasks include the configuration of GSLB policies and site persistence for IPv6 addresses.
Page 216: Configuring Gslb Policy Metrics For Ipv6
Advanced GSLB configuration for IPv6 TABLE 17 Advanced GSLB for IPv6 configuration tasks Feature See page... Configuring hash-based persistence for IPv6 page 225 Configuring weighted hash-based persistence for IPv6 page 226 DNS response parameters Configuring an active-only policy (optional) page 229 Configuring an best-only policy (optional) page 230 Configuring GSLB policy metrics for IPv6...
Page 217 Advanced GSLB configuration for IPv6 TABLE 18 GSLB policy metrics (Continued)for IPv6 Metric Default Configuration options Weighted site metric Disabled. You can disable this metric. When the weighted IP metric is You can enable this metric and enabled, the weighted site metric is assign weights to individual sites.
Page 218 Advanced GSLB configuration for IPv6 TABLE 18 GSLB policy metrics (Continued)for IPv6 Metric Default Configuration options FlashBack speed Disabled. You also can disable this metric. The default tolerance is 10%. This You can change the TCP and applies to the TCP health check and application tolerances individually.
Page 219 Advanced GSLB configuration for IPv6 NOTE Brocade recommends that you always use the health check as the first metric. Otherwise, it is possible that the GSLB policy will not select a “best” choice, and thus send the DNS reply unchanged. For example, if the first metric is geographic location, and the DNS reply contains two sites, one in North America and the other in South America, for clients in South America the GSLB policy favors the South American site after the first comparison.
Page 220: Server (Host) Health Metric
Advanced GSLB configuration for IPv6 There are no parameters for the least response selection or round robin selection metrics. These metrics are tie-breakers. Only one of them is enabled at a time and the one that is enabled is always the last metric in the policy. Resetting GSLB policy metrics To reset the order of the GSLB policy metrics to the default (and also re-enable all disabled metrics), enter the following command.
Page 221: Weighted Ip Metric
Advanced GSLB configuration for IPv6 When you configure a ServerIron ADX for GSLB, it learns a series of IP addresses from its configured DNS real servers. Then it performs Layer 3, Layer 4, and if possible, Layer 7 health checks against those IP addresses. The GSLB ServerIron ADX determines which health checks to use based on the host applications you specify.
Page 222 Advanced GSLB configuration for IPv6 For example, you could add the zone gslb.com, add the host www within the gslb.com zone, and assign a weight of 50 to the IP address 2001:DB8::56 by entering commands such as the following: SLB-ServerIronADX(config-gslb-policy)# weighted-ip SLB-ServerIronADX(config-gslb-policy)# gslb dns zone gslb.com...
Page 223: Weighted Site Metric
Advanced GSLB configuration for IPv6 The command results in an “IP-address not found for host-name” error if the IPv6 address specified for the ip-weight parameter was not used as an argument when you defined the IP list. For information about specifying IP lists, see “Specifying DNS override IP lists”...
Page 224 Advanced GSLB configuration for IPv6 TABLE 20 Example weighted site metric configuration IP address Configured weighted site metric Relative weighted site metric San Jose 33% (15/45 * 100) New York 44% (20/45 * 100) London 22% (10/45 * 100) Total 100% By default, the weighted site metric is disabled.
Page 225: Session Capacity Threshold Metric
Advanced GSLB configuration for IPv6 ftp.gslb.com VIP 2001:DB8::2 belongs to New York with a weight of 30 VIP 2001:DB8::3 belongs to London with a weight of 20 Suppose that ten DNS requests are made to www.gslb.com. By viewing the selection counters (using the show gslb dns zone command), you would see that San Jose is selected five times (50%), New York is selected three times (30%), and London is selected two times (20%).
Page 226: Active Bindings Metric
Advanced GSLB configuration for IPv6 The default value for the threshold is 90%. Thus a site ServerIron ADX is eligible to be the best site only if its session utilization is below 90%. Refer to “Displaying DNS zone and hosts” on page 237 for commands to display a site’s utilization and the capacity threshold.
Page 227 Advanced GSLB configuration for IPv6 Use the show gslb dns detail command to view the active bindings for each IP address. Refer to “Displaying DNS zone and hosts” on page 237 for sample output. Configuring weighted active bindings Weighted active bindings allows you to configure the GSLB ServerIron ADX to direct requests to domain VIPs in proportion to their active bindings.
Page 228: Geographic Location Metric
Advanced GSLB configuration for IPv6 ServerIronADX# configure terminal ServerIronADX(config)# gslb dns zone company.com ServerIronADX(config-gslb-dns-company.com)# host-info www http ServerIronADX(config-gslb-dns-company.com)# host-info www ssl ServerIronADX(config-gslb-dns-company.com)# host-info www http track-port ServerIronADX(config-gslb-dns-company.com)# end Geographic location metric ServerIron ADX GSLB policies use a number of metrics, including the geographic location of a server, to evaluate the server IP addresses in an IP list.
Page 229 Advanced GSLB configuration for IPv6 Configuring a geographic prefix Using the geo-prefix command, you can configure the geographic location of an IP address prefix, or override an existing geographic region for an IP address prefix by configuring a new one. You can assign one of the following geographic locations to an IP address prefix: •...
Page 230: Available Session Capacity Metric
Advanced GSLB configuration for IPv6 If GSLB default location is not specified and if the requesting client prefix is from an unknown geography, then the GSLB controller assigns "north-america" as its geography. However, if the default location is specified, the GSLB controller assigns the configured geography to unknown client prefixes.
Page 231: Flashback Speed Metric
Advanced GSLB configuration for IPv6 • Session capacity threshold: Specifies how close to the maximum session capacity the site ServerIron ADX (remote ServerIron ADX) can be and still be eligible as the best site for the client. This mechanism provides a way to shift load away from a site before the site becomes congested.
Page 232: Administrative Preference Metric
Advanced GSLB configuration for IPv6 You can modify the following FlashBack parameters: • Application tolerance • TCP tolerance The GSLB ServerIron ADX uses a tolerance value when comparing the FlashBack speeds of different sites. The tolerance value specifies the percentage by which the FlashBack speeds of the two sites must differ in order for the ServerIron ADX to choose one over the other.
Page 233: Least Response Selection Metric
Advanced GSLB configuration for IPv6 • You can bias a GSLB ServerIron ADX that is also configured as a site ServerIron ADX (for locally configured VIPs) to always favor itself as the best site. In this case, assign an administrative preference of 255 to the site for the GSLB ServerIron ADX itself, and assign a lower administrative distance to the other site ServerIron ADXs, or use the default (128) for those sites.
Page 234: Sticky Persistence For Ipv6
Advanced GSLB configuration for IPv6 Use the round robin selection metric instead of the least response selection metric when you want to prevent the GSLB ServerIron ADX from favoring new or recently recovered sites over previously configured active sites. The least response selection metric can cause the GSLB ServerIron ADX to select a new site or a previously unavailable site that has come up again instead of previously configured sites for a given VIP.
Page 235 Advanced GSLB configuration for IPv6 NOTE Hash-based persistence is a better choice for GSLB configurations that utilize two GSLB controllers (that are not in an HA configuration) for the same domain and where site persistence is needed for a single client that is directed to two GSLB controllers. For more information, see “Hash-based persistence for IPv6”...
Page 236 Advanced GSLB configuration for IPv6 No special CLI commands need to be issued on the site ServerIron ADX. Specifying sticky session prefix lengths To create sticky for a specific group (subnet) of clients, configure a different prefix length for that group.
Page 237: Hash-Based Persistence For Ipv6
Advanced GSLB configuration for IPv6 High availability considerations for IPv6 sticky persistence Sticky GSLB enables the GSLB controller to return the same IP address if a client sends multiple DNS requests within a configurable period of time. Controllers, when configured in HA scenarios, will need to sync their sticky sessions in order to maintain persistence across the controllers.
Page 238: Weighted Hash-Based Persistence For Ipv6
Advanced GSLB configuration for IPv6 To create site persistence for a specific group (subnet) of clients, configure a different hash-based persistence prefix length for that group. Once configured, the GSLB controller will ensure that DNS clients within the same subnet will be served the same IP address in the GSLB response so long as the IP address belongs to the domain and is active.
Page 239 Advanced GSLB configuration for IPv6 ServerIronADX(config)# gslb policy ServerIronADX(config-gslb-policy)# hash-persist weighted To enable weighted hash-based GSLB persistence for a host-level policy, enter commands on the GSLB controller, such as the following: ServerIronADX# config t ServerIronADX(config)# gslb-host-policy test ServerIronADX(config-gslb-host-policy-test)# hash-persist weighted Syntax: [no] hash-persist [weighted] NOTE Note that weighted is an optional parameter.
Page 240 Advanced GSLB configuration for IPv6 • <weight> is a value from 0 to 100. The default value is 1. A weight of 0 implies that the client IP will not be allocated any hash buckets. A weight of 0 can be used to designate a domain IP as backup.
Page 241: Configuring Dns Response Parameters
Advanced GSLB configuration for IPv6 If user configures this command, he or she will have to manually rehash at a later convenient time. This command can be used when user does not want to break the persistence for the existing IP addresses due to a change in weight configuration.
Page 242: Gslb Of Any Queries
Advanced GSLB configuration for IPv6 A site must pass all applicable Layer 4 and Layer 7 health checks to avoid being removed. NOTE If all the sites fail their health checks, resulting in all the sites being rejected by the GSLB ServerIron ADX, the ServerIron ADX sends the DNS reply unchanged to the client.
Page 243: Displaying Gslb For Ipv6 Configurations
Displaying GSLB for IPv6 configurations • If the host has an IPv6 IP list configured, the ServerIron ADX applies GSLB policy to the addresses on the list and responds with AAAA records. • If the host has an IPv4 IP list configured, the ServerIron ADX applies GSLB policy to the addresses on the list and responds with A records.
Page 244 Displaying GSLB for IPv6 configurations Direct response 0 Query type ANY Query type A 56 Query type AAAA = 87 The command returns information about the number of requests for three query types: queries for IPv4 addresses (A records), queries for IPv6 addresses (AAAA records), and ANY queries. The Direct Response field shows the total number of DNS queries that the GSLB ServerIron ADX has responded to directly.
Page 245 Displaying GSLB for IPv6 configurations TABLE 22 GSLB policy information (Continued) This field... Displays... DNS active-only Indicates whether the GSLB ServerIron ADX removes IP addresses from the DNS response if those addresses fail a health check. This field can have one of the following values: •...
Page 246 Displaying GSLB for IPv6 configurations TABLE 22 GSLB policy information (Continued) This field... Displays... Round trip time tolerance Specifies the percentage by which the RTT for one site can differ from the RTT for another site without this metric resulting in selection of one site over the other.
Page 247 Displaying GSLB for IPv6 configurations In the following example, the order has been changed, two of the metrics have been disabled, and the administrative preference has been enabled. ServerIronADX(config)# show gslb policy Default metric order: DISABLE Metric processing order: 1-Round trip time between remote ServerIronADX and client 2-Remote ServerIronADX's session capacity threshold...
Page 248 Displaying GSLB for IPv6 configurations To view the results of traffic distribution after configuring weighted site metrics, enter the following command: ServerIronADX(config)# show gslb traffic site SITE: local Weight: 50 * a.b.c DNS Requests: 36 ServerIronADX VIP Selection (%) ============= 2001:db8::1 2001:db8::181 9 (25 %)...
Page 249 Displaying GSLB for IPv6 configurations • Local (weight: 50; ServerIron ADX: 2001:db8::1; VIPs: 2001:db8::180 (HTTP), 2001:db8::181 (HTTP), 2001:db8::121 (FTP) • TWO (weight: 50; ServerIron ADX: 2001:db8::2; VIPs: 2001:db8::182 (HTTP), 2001:db8::122 (FTP)) • THREE (weight: 0; ServerIron ADX: 2001:db8::3; VIPs: 2001:db8::183 (HTTP), 2001:db8::123 (FTP)) The IP resolution for the domain names is as follows: •...
Page 250 Displaying GSLB for IPv6 configurations Output differs depending on the ServerIron ADX device used and the software release installed on the ServerIron ADX. TABLE 23 GSLB zone and host application information This field... Displays... ZONE The zone name. The name that appears here is the name you specified when you configured the zone information.
Page 251 Displaying GSLB for IPv6 configurations TABLE 23 GSLB zone and host application information (Continued) This field... Displays... State The state of the server. The ServerIron ADX determines the state based on the results of the Layer 7 health checks sent to the server. The ServerIron ADX sends Layer 7 health checks for each host application you associate with the zone.
Page 252 Displaying GSLB for IPv6 configurations The command can be used with or without the <zone-name> variable, which specifies a single zone. If this variable is omitted, all zones are displayed. ServerIronADX(config)# show gslb dns zone brocade.com ZONE: brocade.com HOST: www: (Global GSLB policy) GSLB affinity group: global Flashback...
Page 253 Displaying GSLB for IPv6 configurations Syntax: clear gslb dns zone-name [<name>] Replace <zone-name> with the zone for which you want to clear the DNS selection counters. To clear the counters globally (for all zones), do not enter a <zone-name>. Displaying detailed DNS information Use the show gslb dns detail command to view detailed information about the DNS zones and host names on GSLB controllers.
Page 254 Displaying GSLB for IPv6 configurations TABLE 24 Global SLB zone and host application information This field... Displays... Active bindings Active bindings are a measure of the number of active real servers bound to a Virtual IP address (VIP) residing on a GSLB site. The GSLB ServerIron ADX uses the active bindings metric to select the best IP address for the client.
Page 255 Displaying GSLB for IPv6 configurations To display information for all configured sites, enter the following command at any level of the CLI: ServerIronADX(config)# show gslb site SITE: sunnyvale ServerIronADX: slb-1 209.157.22.209: state: CONNECTION ESTABLISHED Current num. Session CPU load Preference Location...
Page 256 Displaying GSLB for IPv6 configurations TABLE 25 Global SLB site information This field... Displays... ServerIron ADX name and IP address For each ServerIron ADX, the first item of information listed is the name and management IP address. This is the information you specified when you added the ServerIron ADX to the site.
Page 257: Show Commands For Advanced Features
Displaying GSLB for IPv6 configurations TABLE 25 Global SLB site information (Continued) This field... Displays... Location The geographic location of the ServerIron ADX. The location is based on the ServerIron ADX’s management IP address and can be one of the following: •...
Page 258: Troubleshooting Gslb For Ipv6 Configurations
Troubleshooting GSLB for IPv6 configurations bucket 2: ipv6 2001:db8::150, hit count 0 bucket 3: ipv6 2001:db8::150, hit count 0 Syntax: show gslb ipv6 phash (active-ip | allocation | table) The optional active-ip | allocation | table parameter specifies the information that you want to see. •...
Page 259 Troubleshooting GSLB for IPv6 configurations ********************************************* PAX Mem dynamic real virtual debug information: *********************************************** Num MP dyn VIP pax mem alloc: 255466 Num MP dyn VIP pax mem alloc del err: 0 Num MP dyn VIP pax mem delete: 255462 Num MP dyn VIP port pax mem alloc: 255466 Num MP dyn VIP port pax mem delete: 255462 Num MP dyn real svr pax mem alloc: 305324...
Page 260 Troubleshooting GSLB for IPv6 configurations ********************************************* GSLB backend DNS debug information: *********************************************** g_gslb_dnssec_backend_not_found g_gslb_dns_backend_not_found 42409 ********************************************* GSLB Agent health check debug information: *********************************************** Number of hcheck msgs sent to local controller: 51088 Number of dist hcheck msgs sent to remote controllers: 156630 Number of non-dist vip lists sent to remote controllers: 0 Number of no buf avl: 0 Number of times vip port reported down: 2012412...
Page 261 Troubleshooting GSLB for IPv6 configurations 1/1 #sh debug trace summary Count of log entries in the buffer: 2 1/1 #show debug trace DECIMAL 50 entries will be displayed from this starting index config Show the configured debug-trace settings summary Show the captured log entry count 1/1 #sh debug trace 50 Displaying 2 entries ...
Page 262 Troubleshooting GSLB for IPv6 configurations ServerIron ADX Global Server Load Balancing Guide 53-1002437-01...
Page 263: Reference Materials
Appendix Reference Materials IPv4 IPv4 RFC 791 IPv6 IPv6 RFC 2460 The GSLB ServerIron uses the Internet Assigned Numbers Authority’s (IANA’s) IP address prefixes (IPv4 or IPv6) to generate an initial static database of geographic prefixes. This database consists of IP address prefixes (IP address/prefix length) and their corresponding geographic locations (such as, the continent for each IP address prefix).
Page 264 TABLE 27 IPv4 address assignment Address Designation 145.248.0.0/14 EUROPE 145.252.0.0/15 EUROPE 145.254.0.0/16 EUROPE 149.202.0.0/15 EUROPE 149.204.0.0/16 EUROPE 149.206.0.0/15 EUROPE 149.208.0.0/12 EUROPE 149.224.0.0/12 EUROPE 149.240.0.0/13 EUROPE 149.248.0.0/14 EUROPE 15.0.0.0/8 NORTH AMERICA 150.254.0.0/16 EUROPE 151.13.0.0/16 EUROPE 151.14.0.0/15 EUROPE 151.16.0.0/12 EUROPE 151.3.0.0/16 EUROPE 151.32.0.0/11 EUROPE 151.4.0.0/15...
Page 265 TABLE 27 IPv4 address assignment Address Designation 17.0.0.0/8 NORTH AMERICA 171.16.0.0/12 EUROPE 171.32.0.0/15 EUROPE 18.0.0.0/8 NORTH AMERICA 19.0.0.0/8 NORTH AMERICA 192.106.196.0/23 EUROPE 192.162.0.0/16 EUROPE 192.164.0.0/14 EUROPE 192.71.0.0/16 EUROPE 193.0.0.0/8 EUROPE 194.0.0.0/8 EUROPE 195.0.0.0/8 EUROPE 196.0.0.0/8 NORTH AMERICA 198.0.0.0/7 NORTH AMERICA 198.17.117.0/24 EUROPE 199.0.0.0/8...
Page 266: Ipv6 Address Assignment
TABLE 27 IPv4 address assignment Address Designation 29.0.0.0/8 NORTH AMERICA 3.0.0.0/8 NORTH AMERICA 30.0.0.0/8 NORTH AMERICA 33.0.0.0/8 NORTH AMERICA 35.0.0.0/8 NORTH AMERICA 38.0.0.0/8 NORTH AMERICA 4.0.0.0/8 NORTH AMERICA 44.0.0.0/8 NORTH AMERICA 45.0.0.0/8 NORTH AMERICA 46.0.0.0/8 NORTH AMERICA 47.0.0.0/8 NORTH AMERICA 48.0.0.0/8 NORTH AMERICA 55.0.0.0/8...
Page 267 TABLE 28 IANA IPv6 address assignment (Continued) Address Designation 2001:0A00::/23 RIPE NCC 2001:0C00::/23 APNIC 2001:0E00::/23 APNIC 2001:1200::/23 LACNIC 2001:1400::/23 RIPE NCC 2001:1600::/23 RIPE NCC 2001:1800::/23 ARIN 2001:1A00::/23 RIPE NCC 2001:1C00::/23 RIPE NCC 2001:2000::/23 RIPE NCC 2001:3000::/23 RIPE NCC 2001:3800::/23 RIPE NCC 2001:4000::/23 RIPE NCC 2001:4200::/23...

This manual is also suitable for:

Serveriron adx

Brocade Communications Systems ServerIron ADX 12.4.00 Manual Manual

Chapter 1 Global Server Load Balancing

Chapter 2 Global Server Load Balancing for Ipv6

Appendix A Reference Materials

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Brocade Communications Systems ServerIron ADX 12.4.00

Summary of Contents for Brocade Communications Systems ServerIron ADX 12.4.00

This manual is also suitable for:

Table of Contents