Global Server Load Balancing

(GSLB) Concepts
Section

A10

Networks, Inc.

Section Objectives
GSLB Overview
GSLB Configuration Options
GSLB Components
Server Mode Configuration

A10

Networks, Inc.

Global Server Load Balancing (GSLB)

Key ACOS GSLB benefits
Provides data center failover and
continuity
Optimizes multi-site deployments
Ensures users' Web experience is
the fastest

DNS Proxy Technology

Continue to use existing DNS infrastructure without changing DNS server configuration
No need to create or delegate sub domains, existing DNS maintains control

A10

Networks, Inc.

Types of Global Server Load Balancing

DNS-Based
Global Server Load Balancing (GSLB)Global Server Load Balancing enables AX to add intelligence
to authoritative Domain Name System (DNS) servers
The GSLB controller evaluates the DNS replies and based on the results of that evaluation it
directs traffic to the 'best' site by replacing the IP address in the DNS reply

IP-Based - Route Health Injection (RHI)

Routing based global server load balancing
RHI allows the ACOS to advertise the availability of a VIP throughout the network.
Inject static route for VIP and redistribute to routing protocol, support RIP, OSPF, IS-IS, BGP, RIPng,
OSPFv3, IS-ISv6, BGP4+
Typical topology includes primary and backup site, with backup monitoring primarys health, and
inject VIP route in case of primary failure
Also supports 'IP Anycast'
A10

Networks, Inc.

AX DNS-based GSLB Overview

DNS-based GSLB uses Domain Name Service (DNS) technology to extend load balancing
to a global scale
Provides dynamic and flexible policies for selecting fairness and distribution to multiple
sites
Operates in two main modes
Proxy mode
The ACOS device acts as a proxy for an external DNS server. In proxy mode, the ACOS device can update the
A and AAAA records in its response to client requests, but it forwards requests for all other record types to
the external DNS server.

Server mode
The ACOS device directly responds to queries for specific service IP addresses in the GSLB zone. In server
mode, the ACOS device can reply with A, AAAA, MX, NS, PTR, SRV and SOA records. For all other records, the
ACOS device will attempt proxy mode unless configured as fully authoritative.
A10

Networks, Inc.

ACOS GSLB Proxy Mode

Advantages
Can be implemented without impacting current DNS traffic
Does not require change in DNS server IP address
Customer can be using external DNS service

Disadvantages
Requires changes to DNS server configuration
Add Sub-domain to existing DNS for ACOS
Add ACOS proxy ip as NS records
Add ACOS proxy ip as A records
CNAME existing records to sub-domain

Requires second DNS request by client

A10

Networks, Inc.

ACOS GSLB Server Mode (Authoritative)

Advantages
Does not require changes to current DNS server configuration
Single client request for domain resolution services
Can be implemented with DNS firewall, and provide SLB services to DNS servers

Disadvantages
Requires changes to DNS server IP address, or change in registered NS server IP address
Can not be implemented without downtime
Customer has to own and run their own DNS servers

A10

Networks, Inc.

GSLB Components
Controller

Sites

Receives client DNS requests, maintains

GSLB configuration and health status among
site devices. Can have multiple controllers
for redundancy

Policy
Configurable parameters evaluated against a
client request to select the best site to send
the request to

Zones
A DNS domain for GSLB. A device can be
configured with one or more GSLB zones.
Each zone can contain one or more GSLB
sites. xyz.com is a domain.
A10

A server farm locally managed by an ACOS

device that performs ADC services for the
site

Services
An application such as HTTP or FTP. Each
zone can be configured with one or more
services. www.xyz.com is a service where
www is the http service or an application
in the xyz.com zone

Service IP
The virtual servers defined under service-ip
are used for GSLB
Networks, Inc.

GSLB Server Mode Configuration

Configuration steps
Configure SLB (if not already configured)
Create DNS Server VIP
Configure Service IPs for VIPs
Create (or modify existing Default) GSLB Policy
Create Sites, add SLB Devices and VIPs for the Site
Create Zone and configure service
Enable the GSLB protocol for site device function (Controller or Device)

Note To configure Proxy mode, follow standard SLB procedures (Servers, Service
Groups, VIP, etc.) that utilize external DNS servers and enable it for GSLB when
configuring the virtual port
Note 2 GSLB Policies will be covered in another module
A10

Networks, Inc.

Configuring the DNS VIP

For Server Mode configurations
Create the Virtual Server
slb virtual-server dns1 100.0.0.53

Add the UDP port (usually 53)

port 53 dns-udp

Enable GSLB on the port

gslb-enable

To configure Proxy Mode, create Servers for the actual (external) DNS servers, place
them in a Service Group and apply to the Virtual Port

A10

Networks, Inc.

10

Configuring Service IPs

The Service IPs are the addresses of Virtual Servers that will be part of the GSLB solution
in a given zone
Add the name and ip, then the port hosting the service
gslb service-ip vip3 100.0.0.66
port 80 tcp

The Service IP can also have health checks assigned and, if needed, an External IP
allowing a service IP that has an internal IP address to be reached from outside the
internal network

A10

Networks, Inc.

11

GSLB Site configuration

Sites represent the server farm that is locally managed by the device that performing
server load balancing for the site
Create the site, define the IP of the ACOS device for the site, then add the VIP servers
configured earlier
gslb site newyork
slb-dev A3 60.0.0.1
vip-server vip2

A10

Networks, Inc.

12

Configuring GSLB Zones and Services P 1

A zone is a DNS domain used by GSLB and acts as the start of authority for the name
space and, when combined with the service name, creates the FQDN for client DNS
queries
A service is an application such as HTTP or FTP and can be the well-known name of the
application or by port number
gslb zone a10class.com
service http www

In the above example, the zone name is a10class.com, the service is HTTP with the
name www. Clients would then query www.a10class.com when connecting to the VIP

A10

Networks, Inc.

13

Configuring GSLB Zones and Services P 2

The dns-a-record command is used to create the A records for the zone, binding the
service/zone name to the service IPs (VIPs) within the zone
gslb zone a10training.com
service http www
dns-a-record vip2 static
dns-a-record vip1 static

At the Service level of the configuration, additional dns records such as C-NAME, mx,
and NS can be created

A10

Networks, Inc.

14

The GSLB Protocol

Uses TCP port 4149
AX devices use the GSLB protocol for GSLB management traffic (between GSLB controller and
sites)

The GSLB controller collects following information from the site AX load balancers
Virtual IP addresses & active servers
aRDT (active-Round Delay Time)
Site session capacity statistics
Connection load
Number of active sessions

Update interval default is 30 seconds (ranges from 1 to 300 seconds)

VIP information is sent asynchronously
A10

Networks, Inc.

15

Enabling the GSLB Protocol

AX devices use the GSLB protocol for GSLB management traffic. The protocol must be
enabled on the GSLB controller
gslb protocol enable controller

For redundancy, multiple controllers can be enabled and placed in a controller group
which can automatically synchronize GSLB configurations and service IP status among
multiple GSLB controllers for a GSLB zone
Enabling the protocol on devices in other sites in the GSLB configuration is optional, but
is required for in order to take advantage of certain policy options and default health
checks. A10 recommends enabling the GSLB protocol on all devices
gslb protocol enable device

Note - For more information on Controller Groups see the GSLB configuration guide
A10

Networks, Inc.

16

GSLB Configuration Best Practices

For redundancy, use Controller Groups with Controllers configured in multiple sites
Use Controllers for both GSLB and SLB
Server Mode (authoritative) configurations can also have the customers existing DNS
servers in a service group under the DNS VIP. These servers hold records or name space
for which the Controller is not authoritative. Non-authoritative queries are
automatically forwarded to those servers .
Enable the GSLB protocol on all devices

A10

Networks, Inc.

17

GSLB Policy
Section

A10

Networks, Inc.

Section Objectives
Policy Overview
Policy Metrics
Policy Settings
Policy Configuration

A10

Networks, Inc.

GSLB Policy
A list of metrics used to determine the best site to use for a given clients request
Health Check, Round Robin and Geographic enabled by default but can be disabled
All other metrics must be enabled to be used
Applied to the zone or service level within a zone
Features a Default policy which is used for all GSLB zones and services unless an
Admin created policy is applied to a zone or service

A10

Networks, Inc.

GSLB Policy Metric Evaluation

Each Site metric is evaluated in a (configurable) order and is marked when a match
occurs
Evaluations continue only on marked sites until all configured parameters are checked
Once each Site is evaluated, the user request is sent to the Site with the most matches
In the event of a tie, requests are fulfilled in round robin
Four Site Example: Site A, Site B, Site C and Site D all could potentially handle a client request
Site B fails Health Check, leaving A, C and D for the next metric
Site A and D match on Geographic, eliminating C
Site A has an assigned higher weight than D, eliminating D
Request will be sent to Site A

A10

Networks, Inc.

GSLB Policy Settings 1 of 2

Health Check (1)

Weighted Site (3)

Services that pass health checks are

preferred *

Sites with higher assigned weights are used

more often

Round Robin (14)

Session Capacity (4)

Sites are selected in sequential order *

Sites with more available sessions based on

respective maximum Session-Capacity are
preferred

Geographic (7)
Services located within the clients
geographic region are preferred *

Active-Servers (5)
Sites with most currently active servers are
preferred

Weighted-IP (2)
Service IP with higher assigned weight are
used more often than the service-IP with
lower weights
A10

NOTE - Numbers in parentheses represent default

metric order number which can be modified
* Enabled by default but can be disabled
Networks, Inc.

GSLB Policy Settings 2 of 2

Active Round Delay Time (6)

Admin Preference (10)

Sites with faster round delay times for DNS

queries and replies between a site and local
GSLB are preferred

The site with the highest admin set

preference is selected

BW-Cost (11)

Connection Load (8)

Sites that are not exceeding their thresholds
for new connections are preferred

Num-Session (9)
Sites that are not exceeding available session
capacity threshold compared to other sites
are treated as having the same preference

Selects sites based on bandwidth utilization

on the site AX links

Least Response (12)

Service IP addresses with the fewest hits are
preferred

Admin-IP (13)
IP addresses are preferred based on
administratively assigned weight

A10

Networks, Inc.

Policy Configuration
To create a Policy use the following
gslb policy [name]

Once in the policys context, enable and configure policy entries. Some metrics are
enabled by entering the name of the metric
(config-gslb policy)#least-response

Other metrics are first configured at the site or zone level and then enabled by adding
them to the policy
(config-gslb site-slb dev)#admin-preference ?
<0-255>

Specify admin-preference value, default is 100

In the above example, a priority is set at the device level of a site, the metric will then be
evaluated once enabled on the policy
(config-gslb policy)#admin-preference
A10

Networks, Inc.

Modifying Metric Order CLI

Use the metric order command under the context of the policy followed by the
metrics you wish to use:
(config-gslb policy)#metric-order least-response admin-preference

Using the above example, least-response and admin-preference are now 1 and 2 in the
evaluation order. Heath-check, being the previous number 1 drops to 3
#show gslb policy pol1
-----------------------------------least-response

| 1 |

| yes

admin-preference | 2 |

| yes

health-check

| yes

| 3 |

The above example is only partial output for the command

A10

Networks, Inc.

Modifying Metric Order GUI

Config> GSLB> Policy. Select Policy, Drag and drop to modify metric order

Dragging metrics to the left will automatically enable them. Once enabled, these metrics
can also be dragged up or down to put them in desired order.
A10

Networks, Inc.

Applying GSLB Policies CLI

At the zone level
(config)#gslb zone a10training.com
(config-gslb zone)#policy pol-1

At the service level

(config)#gslb zone a10training.com
(config-gslb zone)#service http www
(config-gslb zone-gslb service)#policy pol-2

A10

Networks, Inc.

10

Applying GSLB Policies GUI

Config> GSLB> Zone
Click zone name and choose a policy from dropdown for Zone level.

To apply at Service level, from the Zone page, select the service name and click edit.
Choose policy from the dropdown.
A10

Networks, Inc.

11

GSLB Policy Best Practices

For Active Standby data centers use Admin IP policy to always send traffic to primary
site, unless it is unreachable
For Active Active scenarios, take advantage of geo-location, weighting, or RTT to
determine best site to send client request

A10

Networks, Inc.

12