AX_GSLB_Guide_v2_7_0-20121010

GlobalServerLoadBalancingGuide

AX Series Advanced Traffic ManagerDocument No.: D-030-01-00-0029

Ver. 2.7.0 10/10/2012

A10 Networks, Inc. 10/10/2012 - All Rights ReservedInformation in this document is subject to change without notice.

TrademarksA10 Networks, the A10 logo, aACI, aCloud, ACOS, aDCS, aDNS, aELB, aFleX, aFlow, aGalaxy, aPlatform, aUSG, aVCS,aWAF, aXAPI, IDAccess, IDSENTRIE, IP to ID, SmartFlow, SoftAX, Unified Service Gateway, Virtual Chassis, Virtual-ADC, and VirtualN are trademarks or registered trademarks of A10 Networks, Inc. All other trademarks are property oftheir respective owners.

Patents ProtectionA10 Networks products including all AX Series products are protected by one or more of the following US patents and pat-ents pending: 8291487, 8266235, 8151322, 8079077, 7979585, 7716378, 7675854, 7647635, 7552126, 20120216266,20120204236, 20120179770, 20120144015, 20120084419, 20110239289, 20110093522, 20100235880, 20100217819,20090049537, 20080229418, 20080148357, 20080109887, 20080040789, 20070283429, 20070282855, 20070271598,20070195792, 20070180101

ConfidentialityThis document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideasherein may not be disclosed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior writtenconsent of A10 Networks, Inc. This information may contain forward looking statements and therefore is subject to change.

A10 Networks Inc. Software License and End User AgreementSoftware for all AX Series products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees totreat Software as confidential information. Anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not:

1) reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means2) sublicense, rent or lease the Software.

DisclaimerThe information presented in this document describes the specific products noted and does not imply nor grant a guaranteeof any technical performance nor does it provide cause for any eventual claims resulting from the use or misuse of the prod-ucts described herein or errors and/or omissions. A10 Networks, Inc. reserves the right to make technical and other changesto their products and documents at any time and without prior notification.

No warranty is expressed or implied; including and not limited to warranties of non-infringement, regarding programs, cir-cuitry, descriptions and illustrations herein.

Environmental ConsiderationsSome electronic components may possibly contain dangerous substances. For information on specific component types,please contact the manufacturer of that component. Always consult local authorities for regulations regarding proper dis-posal of electronic components in your area.

Further InformationFor additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10Networks location, which can be found by visiting www.a10networks.com.

Performance by Design 3 of 260Document No.: D-030-01-00-0029 - Ver. 2.7.0 10/10/2012

AX Series - GSLB Configuration GuideEnd User License Agreement

End User License Agreement

IMPORTANT: PLEASE READ THIS END USER LICENSE AGREEMENT CARE-FULLY. DOWNLOADING, INSTALLING OR USING A10 NETWORKS OR A10NETWORKS PRODUCTS, OR SUPPLIED SOFTWARE CONSTITUTES ACCEP-TANCE OF THIS AGREEMENT.

A10 NETWORKS IS WILLING TO LICENSE THE PRODUCT (AX Series) TO YOUONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CON-TAINED IN THIS LICENSE AGREEMENT. BY DOWNLOADING OR INSTALLINGTHE SOFTWARE, OR USING THE EQUIPMENT THAT CONTAINS THIS SOFT-WARE, YOU ARE BINDING YOURSELF AND THE BUSINESS ENTITY THAT YOUREPRESENT (COLLECTIVELY, "CUSTOMER") TO THIS AGREEMENT. IF YOUDO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THEN A10NETWORKS IS UNWILLING TO LICENSE THE SOFTWARE TO YOU AND DONOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

The following terms of this End User License Agreement ("Agreement") govern Cus-tomer's access and use of the Software, except to the extent there is a separatesigned agreement between Customer and A10 Networks governing Customer's useof the Software

License. Conditioned upon compliance with the terms and conditions of this Agree-ment, A10 Networks Inc. or its subsidiary licensing the Software instead of A10 Net-works Inc. ("A10 Networks"), grants to Customer a nonexclusive andnontransferable license to use for Customer's business purposes the Software andthe Documentation for which Customer has paid all required fees. "Documentation"means written information (whether contained in user or technical manuals, trainingmaterials, specifications or otherwise) specifically pertaining to the product or prod-ucts and made available by A10 Networks in any manner (including on CD-Rom, oron-line).

Unless otherwise expressly provided in the Documentation, Customer shall use theSoftware solely as embedded in or for execution on A10 Networks equipment ownedor leased by Customer and used for Customer's business purposes.

General Limitations. This is a license, not a transfer of title, to the Software andDocumentation, and A10 Networks retains ownership of all copies of the Softwareand Documentation. Customer acknowledges that the Software and Documentationcontain trade secrets of A10 Networks, its suppliers or licensors, including but notlimited to the specific internal design and structure of individual programs and asso-ciated interface information. Accordingly, except as otherwise expressly providedunder this Agreement, Customer shall have no right, and Customer specificallyagrees not to:

a. transfer, assign or sublicense its license rights to any other person or entity, or use the Software on unauthorized or secondhand A10 Networks equip-ment

b. make error corrections to or otherwise modify or adapt the Software or cre-ate derivative works based upon the Software, or permit third parties to do the same

4 of 260 Performance by DesignDocument No.: D-030-01-00-0029 - Ver. 2.7.0 10/10/2012


c. reverse engineer or decompile, decrypt, disassemble or otherwise reduce the Software to human readable form, except to the extent otherwise expressly permitted under applicable law notwithstanding this restriction

d. disclose, provide, or otherwise make available trade secrets contained within the Software and Documentation in any form to any third party with-out the prior written consent of A10 Networks. Customer shall implement reasonable security measures to protect such trade secrets.

Software, Upgrades and Additional Products or Copies. For purposes of thisAgreement, "Software" and Products shall include (and the terms and conditions ofthis Agreement shall apply to) computer programs, including firmware and hard-ware, as provided to Customer by A10 Networks or an authorized A10 Networksreseller, and any upgrades, updates, bug fixes or modified versions thereto (collec-tively, "Upgrades") or backup copies of the Software licensed or provided to Cus-tomer by A10 Networks or an authorized A10 Networks reseller.

OTHER PROVISIONS OF THIS AGREEMENT:

a. CUSTOMER HAS NO LICENSE OR RIGHT TO USE ANY ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER, AT THE TIME OF ACQUIRING SUCH COPY OR UPGRADE, ALREADY HOLDS A VALID LICENSE TO THE ORIGINAL SOFTWARE AND HAS PAID THE APPLI-CABLE FEE FOR THE UPGRADE OR ADDITIONAL COPIES

b. USE OF UPGRADES IS LIMITED TO A10 NETWORKS EQUIPMENT FOR WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR LEASEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE SOFTWARE WHICH IS BEING UPGRADED

c. THE MAKING AND USE OF ADDITIONAL COPIES IS LIMITED TO NEC-ESSARY BACKUP PURPOSES ONLY.

Term and Termination. This Agreement and the license granted herein shall remaineffective until terminated. All confidentiality obligations of Customer and all limita-tions of liability and disclaimers and restrictions of warranty shall survive terminationof this Agreement.

Export. Software and Documentation, including technical data, may be subject toU.S. export control laws, including the U.S. Export Administration Act and its associ-ated regulations, and may be subject to export or import regulations in other coun-tries. Customer agrees to comply strictly with all such regulations and acknowledgesthat it has the responsibility to obtain licenses to export, re-export, or import Soft-ware and Documentation.

TrademarksA10 Networks, the A10 logo, aACI, aCloud, ACOS, aDCS, aDNS, aELB, aFleX, aFlow, aGalaxy,aPlatform, aUSG, aVCS, aWAF, aXAPI, IDAccess, IDSENTRIE, IP to ID, SmartFlow, SoftAX,Unified Service Gateway, Virtual Chassis, VirtualADC, and VirtualN are trademarks or registeredtrademarks of A10 Networks, Inc. All other trademarks are property of their respective owners.

Patents ProtectionA10 Networks products including all AX Series products are protected by one or more of the fol-lowing US patents and patents pending: 8291487, 8266235, 8151322, 8079077, 7979585,7716378, 7675854, 7647635, 7552126, 20120216266, 20120204236, 20120179770,20120144015, 20120084419, 20110239289, 20110093522, 20100235880, 20100217819,20090049537, 20080229418, 20080148357, 20080109887, 20080040789, 20070283429,20070282855, 20070271598, 20070195792, 20070180101



Limited Warranty

Disclaimer of Liabilities. REGARDLESS OF ANY REMEDY SET FORTH FAILSOF ITS ESSENTIAL PURPOSE OR OTHERWISE, IN NO EVENT WILL A10 NET-WORKS OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT,OR LOST OR DAMAGED DATA, BUSINESS INTERRUPTION, LOSS OF CAPITAL,OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVEDAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIA-BILITY OR WHETHER ARISING OUT OF THE USE OF OR INABILITY TO USEPRODUCT OR OTHERWISE AND EVEN IF A10 NETWORKS OR ITS SUPPLIERSOR LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAM-AGES.

In no event shall A10 Networks or its suppliers' or licensors' liability to Customer,whether in contract, (including negligence), breach of warranty, or otherwise, exceedthe price paid by Customer for the Software that gave rise to the claim or if the Soft-ware is part of another Product, the price paid for such other Product.

Customer agrees that the limitations of liability and disclaimers set forth herein willapply regardless of whetherCustomer has accepted the Software or any other prod-uct or service delivered by A10 Networks. Customer acknowledges and agrees thatA10 Networks has set its prices and entered into this Agreement in reliance upon thedisclaimers of warranty and the limitations of liability set forth herein, that the samereflect an allocation of risk between the parties (including the risk that a contractremedy may fail of its essential purpose and cause consequential loss), and that thesame form an essential basis of the bargain between the parties.

The Warranty and the End User License shall be governed by and construed inaccordance with the laws of the State of California, without reference to or applica-tion of choice of law rules or principles. If any portion hereof is found to be void orunenforceable, the remaining provisions of the Agreement shall remain in full forceand effect. This Agreement constitutes the entire and sole agreement between theparties with respect to the license of the use of A10 Networks Products unless other-wise supersedes by a written signed agreement.


AX Series - GSLB Configuration GuideObtaining Technical Assistance

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid A10Networks Regular and Technical Support service contracts, the A10 Net-works Technical Assistance Center provides support services online andover the phone.

Corporate Headquarters

A10 Networks, Inc.3 West Plumeria DrSan Jose, CA 95134 USA

Tel: +1-408-325-8668 (main) Tel: +1-888-822-7210 (support toll-free in USA)Tel: +1-408-325-8676 (support direct dial)Fax: +1-408-325-8666

www.a10networks.com

Collecting System InformationThe AX device provides a simple method to collect configuration and statusinformation for Technical Support to use when diagnosing system issues.

To collect system information, use either of the following methods.

USING THE GUI (RECOMMENDED)1. Log into the GUI.2. On the main page (Monitor Mode > Overview > Summary),

click . This option downloads a text log file.

3. Email the file as an attachment to [email protected].

USING THE CLI1. Log into the CLI.2. Enable logging in your terminal emulation application, to capture out-

put generated by the CLI.3. Enter the enable command to access the Privileged EXEC mode of the

CLI. Enter your enable password at the Password prompt.


AX Series - GSLB Configuration GuideObtaining Technical Assistance

4. Enter the show techsupport command.5. After the command output finishes, save the output in a text file.6. Email the file as an attachment to [email protected].

Note: As an alternative to saving the output in a log file captured by your termi-nal emulation application, you can export the output from the CLI usingthe following command:

show techsupport export [use-mgmt-port] url(For syntax information, see the AX Series CLI Reference.)


AX Series - GSLB Configuration GuideAbout This Document

About This Document

This document describes features of the A10 Networks AX Series /Application Delivery Controller.

FIGURE 1 AX 5630 (front panel view)

Information is available for AX Series products in the following documents.These documents are included on the documentation CD shipped with yourAX Series product, and also are available on the A10 Networks support site:

AX Series Installation Guides AX Series LOM Reference AX Series System Configuration and Administration Guide AX Series Application Delivery and Server Load Balancing Guide AX Series Global Server Load Balancing Guide AX Series GUI Reference AX Series CLI Reference AX Series aRule Reference AX Series MIB Reference AX Series aXAPI Reference

Make sure to use the basic deployment instructions in the AX Series Instal-lation Guide for your AX model, and in the AX Series System Configurationand Administration Guide. Also make sure to set up your devices LightsOut Management (LOM) interface, if applicable.


AX Series - GSLB Configuration GuideAbout This Document

Note: Some guides include GUI configuration examples. In these examples,some GUI pages may have new options that are not shown in the examplescreen images. In these cases, the new options are not applicable to theexamples. For information about any option in the GUI, see the AX SeriesGUI Reference or the GUI online help.

AudienceThis document is intended for use by network architects for determiningapplicability and planning implementation, and for system administratorsfor provision and maintenance of A10 Networks AX Series products.

Documentation UpdatesUpdates to these documents are published periodically to the A10 Networkssupport site, on an updated documentation CD (posted as a zip archive). Toaccess the latest version, please log onto your A10 support account and nav-igate to the following page: Support > AX Series > Technical Library.

http://www.a10networks.com

A10 Virtual Application Delivery CommunityYou can use your A10 support login to access the A10 Virtual ApplicationDelivery Community (VirtualADC). The VirtualADC is an interactiveforum where you can find detailed information from product specialists.You also can ask questions and leave comments. To access the VirtualADC,navigate here:

http://www.a10networks.com/adc/


AX Series - GSLB Configuration GuideContents

End User License Agreement 3

Obtaining Technical Assistance 7Collecting System Information.............................................................................................................. 7

About This Document 9Audience................................................................................................................................................ 10Documentation Updates ...................................................................................................................... 10A10 Virtual Application Delivery Community..................................................................................... 10

GSLB Overview 17GSLB Deployment Modes.................................................................................................................... 18Zones, Services, and Sites .................................................................................................................. 18GSLB Policy .......................................................................................................................................... 18

Policy Metrics .................................................................................................................................. 19Health Checks ............................................................................................................................. 21Geo-Location ............................................................................................................................... 22DNS Options ............................................................................................................................... 23Metrics That Require the GSLB Protocol on Site AX Devices .................................................... 26

GSLB Configuration 27Overview................................................................................................................................................ 27Configure Health Monitors................................................................................................................... 28Configure the DNS Proxy..................................................................................................................... 29Configure a GSLB Policy ..................................................................................................................... 31

Enabling / Disabling Metrics ........................................................................................................... 32Changing the Metric Order .................................................................................................................. 34

Configuring Active-Round Delay Time ............................................................................................ 35Configuring BW-Cost Settings ........................................................................................................ 42

How Bandwidth Cost Is Measured .............................................................................................. 42Configuration Requirements ........................................................................................................ 42Configuring Bandwidth Cost ........................................................................................................ 43

Configuring Alias Admin Preference ............................................................................................... 47Configuring Weighted Alias ............................................................................................................ 48Loading or Configuring Geo-Location Mappings ............................................................................ 49

Geo-location Overlap .................................................................................................................. 57



Configure Services................................................................................................................................61Gateway Health Monitoring ............................................................................................................ 62CLI ExampleSite with Single Gateway Link ................................................................................ 65CLI ExampleSite with Multiple Gateway Links ............................................................................ 65Multiple-Port Health Monitoring ...................................................................................................... 66

Configure Sites......................................................................................................................................67Configure a Zone...................................................................................................................................69Enable the GSLB Protocol....................................................................................................................70Resetting or Clearing GSLB .................................................................................................................70

Auto-mapping 73Configuration ............................................................................................................................... 74

Advanced DNS Options 77DNS Active-only ....................................................................................................................................78Support for DNS TXT Records .............................................................................................................80Append All NS Records in DNS Authority Section ............................................................................82Hints in DNS Responses ......................................................................................................................83DNS Sub-zone Delegation ....................................................................................................................85DNS Proxy Block ...................................................................................................................................91

Partition-specific Group Management 97Implementation Details .........................................................................................................................97

GSLB Configuration Examples 99CLI Example...........................................................................................................................................99

Configuration on the GSLB AX Device (GSLB Controller) ............................................................. 99Configuration on Site AX Device AX-A ......................................................................................... 101Configuration on Site AX Device AX-B ......................................................................................... 101

GUI Example ........................................................................................................................................102Configuration on the GSLB AX Device (GSLB Controller) ........................................................... 102Configuration on Site AX Devices ................................................................................................ 112

GSLB Configuration Synchronization 113Overview ..............................................................................................................................................113GSLB Group Parameters ....................................................................................................................116Configuration.......................................................................................................................................117



Geo-location-based Access Control 121Using a Class List............................................................................................................................... 121Using a Black/White List .................................................................................................................... 123

Configuring the Black/White List ................................................................................................... 123Full-Domain Checking........................................................................................................................ 128

Full-Domain Checking .................................................................................................................. 129Enabling PBSLB Statistics Counter Sharing ................................................................................. 129

Cloud-based Computing Solution 131

DNSSEC Support 133Overview.............................................................................................................................................. 133

DNS without Security .................................................................................................................... 134DNSSEC (DNS with Security) ...................................................................................................... 137Building the Chain of Trust ........................................................................................................... 140Performing Key Rollovers ............................................................................................................. 142

ZSK Key Rollovers .................................................................................................................... 143KSK Key Rollovers .................................................................................................................... 144

Importing and Exporting the Delegation Signature Keyset ........................................................... 145DNSSEC Templates .................................................................................................................. 146

Configuration ...................................................................................................................................... 148Configuration Examples .................................................................................................................... 151

CLI Example #1 ............................................................................................................................ 151CLI Example #2 ............................................................................................................................ 151CLI Example #3 ............................................................................................................................ 152CLI Example #4 ............................................................................................................................ 152

CLI Command Reference 153Main Configuration Commands ........................................................................................................ 153

gslb active-rdt ....................................................................................................................................... 153gslb dns action ..................................................................................................................................... 155gslb dns logging ................................................................................................................................... 155gslb geo-location .................................................................................................................................. 156gslb geo-location delete ....................................................................................................................... 157gslb geo-location load .......................................................................................................................... 158gslb group ............................................................................................................................................ 159gslb ip-list ............................................................................................................................................. 161gslb ping .............................................................................................................................................. 162gslb policy ............................................................................................................................................ 163gslb protocol ........................................................................................................................................ 163



gslb protocol limit ................................................................................................................................. 165gslb service-ip ...................................................................................................................................... 166gslb site ............................................................................................................................................... 168gslb system auto-map module ............................................................................................................. 173gslb system auto-map ttl ...................................................................................................................... 173gslb system ip-ttl .................................................................................................................................. 174gslb system prompt ............................................................................................................................. 174gslb system reset ................................................................................................................................. 175gslb system wait .................................................................................................................................. 175gslb template csv ................................................................................................................................. 175gslb template snmp ............................................................................................................................. 177gslb zone ............................................................................................................................................. 180no gslb all ............................................................................................................................................ 187

Policy Configuration Commands.......................................................................................................188active-rdt .............................................................................................................................................. 188active-servers ...................................................................................................................................... 191admin-ip ............................................................................................................................................... 192admin-preference ................................................................................................................................ 192alias-admin-preference ........................................................................................................................ 193bw-cost ................................................................................................................................................ 193capacity ............................................................................................................................................... 194connection-load ................................................................................................................................... 195dns ....................................................................................................................................................... 197dnssec key-generate ........................................................................................................................... 207export dnssec-dnskey .......................................................................................................................... 208geo-location ......................................................................................................................................... 209geo-location match-first ....................................................................................................................... 209geo-location overlap ............................................................................................................................ 210geographic ........................................................................................................................................... 211health-check ........................................................................................................................................ 211import dnssec-dnskey .......................................................................................................................... 212import dnssec-ds ................................................................................................................................. 213ip-list .................................................................................................................................................... 214least-response ..................................................................................................................................... 214metric-fail-break ................................................................................................................................... 215metric-force-check ............................................................................................................................... 215metric-order ......................................................................................................................................... 215num-session ........................................................................................................................................ 217round-robin .......................................................................................................................................... 218weighted-alias ...................................................................................................................................... 218weighted-ip .......................................................................................................................................... 219weighted-site ....................................................................................................................................... 220



Show Commands................................................................................................................................ 222show gslb cache .................................................................................................................................. 222show gslb config .................................................................................................................................. 223show gslb fqdn ..................................................................................................................................... 227show gslb geo-location ........................................................................................................................ 228show gslb group ................................................................................................................................... 231show gslb ip-list .................................................................................................................................... 234show gslb memory ............................................................................................................................... 234show gslb policy ................................................................................................................................... 234show gslb protocol ............................................................................................................................... 236show gslb rdt ........................................................................................................................................ 237show gslb samples conn ...................................................................................................................... 239show gslb samples conn-load .............................................................................................................. 240show gslb samples rdt ......................................................................................................................... 242show gslb service ................................................................................................................................. 243show gslb service-ip ............................................................................................................................. 244show gslb service-port ......................................................................................................................... 245show gslb session ................................................................................................................................ 245show gslb site ...................................................................................................................................... 246show gslb slb-device ............................................................................................................................ 248show gslb state .................................................................................................................................... 249show gslb statistics .............................................................................................................................. 249show gslb zone .................................................................................................................................... 250

Clear Command .................................................................................................................................. 254clear ..................................................................................................................................................... 254

DNSSEC Commands .......................................................................................................................... 255dnssec key-generate ............................................................................................................................ 255dnssec template ................................................................................................................................... 256dnssec sign-zone-now ......................................................................................................................... 257show dnssec template ......................................................................................................................... 258


AX Series - GSLB Configuration GuideGSLB Overview -

GSLB Overview

This chapter provides an overview of Global Server Load Balancing(GSLB).

Global Server Load Balancing (GSLB) uses Domain Name Service (DNS)technology and extends load balancing to global geographic scale.

AX Series GSLB provides the following key advantages:

Protects businesses from down time due to site failures Ensures business continuity and applications availability Provides faster performance and improved user experience by directing

users to the nearest site

Increases data center efficiency and provides a better return on invest-ment by distributing load to multiple sites

Provides flexible policies for selecting fairness and distribution to multi-ple sites

In AX Release 2.7.0, all AX models and software do not have any code for Pas-sive round trip time (RTT) for the time difference between receiving a TCP SYN and a TCP ACK for the TCP connection for GSLB. The code was completely removed starting from 2.7.0 because there was no single customer using this round trip time capability for GSLB.

In AX Release 2.7.0, the AX implementation of GSLB uses an array of fixed active IP addresses and the A10 site selection algorithm illustrated below in the figure, using an innovative method of iterative in-place marking. All AX models and software do not order the multiple network addresses based upon a first set of performance metrics from the stored performance metrics nor do any form of ordering or re-ordering of the network addresses for GSLB. (See GSLB Policy on page 18.)


AX Series - GSLB Configuration GuideGSLB Overview - GSLB Deployment Modes

GSLB Deployment ModesYou can deploy GSLB in proxy mode or server mode.

Proxy mode The AX device acts as a proxy for an external DNS server. In proxy mode, the AX device can update the A and AAAA records in its response to client requests, but it forwards requests for all other record types to the external DNS server.

Server mode The AX device directly responds to queries for specific service IP addresses in the GSLB zone. (The AX device still forwards other types of queries to the DNS server.) In server mode, the AX device can reply with A, AAAA, MX, NS, PTR, SRV and SOA records. For all other records, the AX device will attempt proxy mode.

Note: An AX device becomes a GSLB AX device when you configure GSLBon the device and enable the GSLB protocol, for the controller function.The A10 Networks GSLB protocol uses port 4149. The protocol is regis-tered on this port for both TCP and UDP.

Zones, Services, and SitesGSLB operates on zones, services, and sites.

Zones A zone is a DNS domain for GSLB and is called a GSLB zone. An AX device can be configured with one or more GSLB zones. Each zone can contain one or more GSLB sites. For example, mydomain.com is a domain.

Services A service is an application; for example, HTTP or FTP. Each zone can be configured with one or more services. For example: www.mydomain.com is a service where www is the http service or an application.

Sites A site is a server farm that is locally managed by an AX device that performs Server Load Balancing (SLB) for the site.

GSLB PolicyGSLB by default is not enabled. Use of the feature requires proper configu-ration. GSLB deals with multiple sites, and each site has unique IP addressor IP addresses.

GSLB uses an array of fixed site IP addresses and the new site selectionalgorithm is illustrated below using an innovative method of interactive in-


AX Series - GSLB Configuration GuideGSLB Overview - GSLB Policy

place marking for selecting sites. GSLB does not order the multiple IP net-work addresses based on any set of performance metrics, and does not per-form any form of ordering/reordering of the IP network addresses.

The following figure illustrates the AX implementation. Each IP address isassociated with a set of parameters. A site selection policy is based on theevaluation of the policy parameters.

Each site IP is tagged with Marked (M) or Un-marked for each evaluatedparameter. The subsequent evaluation of the parameters is performed onlyon the previously marked sites and continues until the end of all the param-eters in the metric policy regardless of how many sites are remaining asMarked. In other words, the AX device does not stop the evaluation even ifthere is one single site left, and continues with the evaluation until the endof the user configured metric parameters.

At the end of the evaluation, the responses corresponding to the markedsites are sent back in a round-robin manner and there is no determination ofany single best network address.

Policy MetricsA GSLB policy consists of one or more of the following metrics:

1. Health-Check Services that pass health checks are preferred.2. Weighted-IP Service IP addresses with higher administratively

assigned weights are used more often than service IP addresses with lower weights. (See Weighted-IP and Weighted-Site on page 21.)

3. Weighted-Site Sites with higher administratively assigned weights are used more often than sites with lower weights. (See Weighted-IP and Weighted-Site on page 21.)

4. Session-Capacity Sites with more available sessions based on respec-tive maximum Session-Capacity are preferred.

TABLE 1 GSLB site marking sampleSite IP Site1-IP Site2-IP Site3-IP Site4-IP Site5-IP Site6-IPMetricHealth-check M M M MGeo-location M M MAdmin-prefer-ence

M M

Response back in round robin

As Site4-IP and Site6-IP are marked at the end of evaluation, these the two addresses will be selected in round robin manner and that means there is no determination of any single best net-work address.



5. Active-Servers Sites with the most currently active servers are pre-ferred.

6. Active-Round Delay Time (aRDT) Sites with faster round-delay-times for DNS queries and replies between a site AX device and the GSLB local DNS are preferred.

7. Geographic Services located within the clients geographic region are preferred.

8. Connection-Load Sites that are not exceeding their thresholds for new connections are preferred.

9. Num-Session Sites that are not exceeding available Session-Capacity threshold compared to other sites are treated as having the same prefer-ence.

10. Admin-Preference The site with the highest administratively set pref-erence is selected.

11. BW-Cost Selects sites based on bandwidth utilization on the site AX links.

12. Least-Response Service IP addresses with the fewest hits are pre-ferred.

13. Admin-IP Sites are preferred based on administratively assigned weight.

14. Round-Robin Sites are selected in sequential order. (See Tie-Breaker on page 21.)

15. Alias-Admin-Preference Selects the DNS CNAME record with the highest administratively set preference. This metric is similar to the Admin-Preference metric, but applies only to DNS CNAME records.

16. Weighted-Alias Prefers CNAME records with higher weight values over CNAME records with lower weight values. This metric is similar to Weighted-IP, but applies only to DNS CNAME records.

The Health-Check, Geographic, and Round-Robin metrics are enabled bydefault. All other metrics are disabled by default.

The metric order and the configuration of each metric are specified in aGSLB policy. Policies can be applied to GSLB zones and to individual ser-vices. The GSLB AX device has a default GSLB policy, named default,which is automatically applied to a zone or service.

Note: Metric order does not apply to the Alias-Admin-Preference andWeighted-Alias metrics. When enabled, Alias-Admin-Preference alwayshas high priority.

Note: In AX Release 2.6.0, the ability to configure the passive round-trip timemetric (Passive-RTT) was removed. If a configuration were to containany commands related to this deprecated metric, they would never takeeffect since there is no way to enable it. In the current release, all refer-



ences to the deprecated Passive-RTT metric have been removed from thesoftware.

Weighted-IP and Weighted-SiteThe Weighted-IP and Weighted-Site metrics allow you to bias selectiontoward specific sites or IP addresses. GSLB selects higher-weighted IPaddresses or sites more often than lower-weighted IP addresses or sites.

For example, if there are two sites (A and B), and A has weight 2 whereas Bhas weight 4, GSLB will select site B twice as often as site A. Specifically,GSLB will select site B the first 4 times, and will then select site A the next2 times. This cycle then repeats: B is chosen 4 times, then A is chosen thenext 2 times, then B is chosen the next 4 times, and so on.

Note: If DNS caching is used, the cycle starts over if the cache aging timerexpires.

Tie-BreakerThe AX device uses Round-Robin as a tie-breaker to select a site. This istrue even if the Round-Robin metric is disabled in the GSLB policy. (SeeConfigure a GSLB Policy on page 31.)

Health Checks

The Health-Check metric checks the availability (health) of the real serversand service ports. Sites whose real servers and service ports respond to thehealth checks are preferred over sites in which servers or service ports areunresponsive to the health checks.

GSLB supports health check methods for the following services:

ICMP (Layer 3 health check), TCP, UDP, HTTP, HTTPS, FTP, SMTP,POP3, SNMP, DNS, RADIUS, LDAP, RTSP, SIP

You can use the default health methods or configure new methods for any ofthese services.

Note: By default, the GSLB protocol generates its own packets when sending ahealth check to a service. If the GSLB protocol cannot reach the service,then another health check is performed using standard network traffic.

Health-Check PrecedenceHealth monitoring for a GSLB service can be performed at the followinglevels and in the following order:

1. Gateway health check



2. Port health check

3. IP health check (Layer 3 health check of service IP)

Geo-Location

You can configure GSLB to prefer site VIPs for DNS replies that are geo-graphically closer to the clients. For example, if a domain is served by sitesin both the USA and Asia, you can configure GSLB to favor the USA sitefor USA clients while preferring the Asian site for Asian clients.

To configure geo-location:

Leave the Geographic GSLB metric enabled; it is enabled by default. Load geo-location data. You can load geo-location data from a file or

manually configure individual geo-location mappings.

Loading geo-location data from a file is simpler than manually configuringgeo-location mappings, especially if you have more than a few GSLB sites.For more information, see Loading or Configuring Geo-Location Map-pings on page 49.

The AX software includes an Internet Assigned Numbers Authority (IANA)database. The IANA database contains the geographic locations of the IPaddress ranges and subnets assigned by the IANA. The IANA database isloaded on the AX device, and it is enabled by default.

CNAME SupportAs an extension to geo-location support, you can configure GSLB to send aCanonical Name (CNAME) record instead of an Address record in DNSreplies to clients. A CNAME record maps a domain name to an alias for thatdomain. For example, you can associate the following aliases with thedomain a10.com:

www.a10.co.cn www.1.a10.com ftp.a10.com

Each of the aliases in the list above can be associated with a different geo-location:

If a clients IP address is within the geo-location that is associated withwww.1.a10.com, then GSLB places a CNAME record for www.1.a10.comin the DNS reply to that client.



To configure CNAME support:

Configure geo-location as described above. In the GSLB policy, enable the following DNS options:

dns cname-detect (enabled by default) dns geoloc-alias

For individual services in the zone, configure the aliases and associate them with geo-locations.

Alias-Admin-preference and Weighted-aliasThe Alias Admin Preference metric, which selects the DNS CNAME recordwith the highest administratively set preference, can be used in DNS Proxyor DNS Server mode. Similarly, the Weighted Alias metric, which expressesa preference for higher-weighted CNAME records, can be used in DNSProxy or DNS Server mode.

Some additional policy options are required in either mode.

DNS proxy Enable the geoloc-alias option. After GSLB retrieves the DNS response from the DNS answer, GSLB selects a DNS A record using IP metrics, and then tries to insert the DNS CNAME record into the answer based on geo-location settings. While inserting the CNAME record, if the Alias metrics are enabled, GSLB may remove some CNAME records and related service IPs.

DNS server If applicable, enable the backup-alias option. If there is no DNS A record to return, GSLB tries to insert all backup DNS CNAME records. During insertion, if Alias metrics are enabled, GSLB may remove some CNAME records. No DNS A records are returned.

This option also requires the dns-cname-record as-backup option on the service.

DNS Options

DNS options provide additional control over the IP addresses that are listedin DNS replies to clients.

The following DNS options can be set in GSLB policies:

dns action Enable GSLB to perform DNS actions specified in the ser-vice configurations.

dns active-only Removes IP addresses for services that did not pass their health checks.



dns addition-mx Appends MX records in the Additional section in replies for A records, when the device is configured for DNS proxy or cache mode.

dns auto-map Enables creation of A and AAAA records for IP resources configured on the AX device. For example, this option is use-ful for auto-mapping VIP addresses to service-IP addresses.

dns backup-alias Returns the alias CNAME record configured for the service, if GSLB does not receive an answer to a query for the service and no active DNS server exists. This option is valid in server mode or proxy mode.

dns backup-server Designates one or more backup servers that can be returned to the client if the primaries should fail.

dns cache Caches DNS replies and uses them when replying to clients, instead of sending a new DNS request for every client query.

dns cname-detect Disabling this option skips the Cname response. If enabled, the GSLB-AX applies the zone and service policy to the Cname record instead of applying it to the address record.

dns delegation Enables sub-zone delegation. The feature allows you to delegate authority or responsibility for a portion of the DNS namespace from the parent domain to a separate sub-domain which may reside on one or more remote servers and may be managed by someone other than the network administrator who is responsible for the parent zone.

dns external-ip Returns the external IP address configured for a ser-vice IP. If this option is disabled, the internal address is returned instead.

dns external-soa Replaces the internal SOA record with an external SOA record to prevent external clients from gaining information that should only be available to internal clients. If this option is disabled, the internal address is returned instead.

dns geoloc-action Performs the DNS traffic handling action specified for the clients geo-location. The action is specified as part of service configuration in a zone.

dns geoloc-alias Replaces the IP address with its alias configured on the GSLB AX Series.

dns geoloc-policy Returns the alias name configured for the clients geo-location.

dns hint Enables hints, which appear in the Additional Section of the DNS response. Hints are A or AAAA records that are sent in the response to a clients DNS request. These records provide a mapping between the host names and IP addresses.



dns ip-replace Replaces the IP addresses with the set of addresses administratively assigned to the service in the zone configuration.

dns ipv6 Enables support for IPv6 AAAA records. dns logging Configures DNS logging. dns proxy block Blocks DNS t queries from being sent to an internal

DNS server. The AX device must be in GSLB proxy mode for the fea-ture to work.

dns selected-only Returns only the selected IP addresses. dns server Enables the GSLB AX device to act as a DNS server, for

specific service IPs in the GSLB zone.

dns sticky Sends the same service IP address to a client for all requests from that client for the service address.

dns ttl Overrides the TTL set in the DNS reply. (For more information about this option, see TTL Override on page 25.)

The cname-detect and external-ip options are enabled by default. All theother DNS options are disabled by default.

Order in Which Sticky, Server, Cache, and Proxy Options Are Used

If more than one of the following options are enabled, GSLB uses them inthe order listed, beginning with sticky:

1. sticky 2. server 3. cache 4. proxy

Note: GSLB does not have a separately configurable proxy option. The proxyoption is automatically enabled when you configure the DNS proxy aspart of GSLB configuration.

The site address selected by the first option that is applicable to the clientand requested service is used.

TTL OverrideGSLB ensures that DNS replies to clients contain the optimal set of IPaddresses based on current network conditions. However, if the DNS TTLvalue assigned to the Address records is long, the local DNS servers used byclients might cache the replies for a long time and send those stale replies toclients. Thus, even though the GSLB AX device has current information,clients might receive outdated information.



To ensure that the clients local DNS servers do not cache the DNS repliesfor too long, you can configure the GSLB AX device to override the TTLvalues of the Address records in the DNS replies before sending the repliesto clients.

The TTL of the DNS reply can be overridden in two different places in theGSLB configuration:

1. If a GSLB policy is assigned to the individual service, the TTL set in that policy is used.

2. If no policy is assigned to the individual service, but the TTL is set in the zone, then the zones TTL setting is used.

By default, the TTL override is not set in either of these places.

Note: In DNS server mode, the DNS response from the AX device includes anIP TTL (maximum number of Layer 3 hops), with a default value equal to255. This IP TTL can be configured using the following CLI command:gslb system ip-ttl.

More InformationSee Advanced DNS Options on page 77.

Metrics That Require the GSLB Protocol on Site AX Devices

AX devices use the GSLB protocol for GSLB management traffic. The pro-tocol must be enabled on the GSLB controller.

GSLB does not need to be enabled on the site AX devices, but enabling it isrecommended in order to collect site information that is needed for the fol-lowing metrics:

Session-capacity aRDT Connection-Load Num-Session

Note: Enabling the GSLB protocol is also required if you are using the defaulthealth-check methods. However, if you modify the default health checks,then the GSLB protocol does not need to be enabled. (See HealthChecks on page 21.)


AX Series - GSLB Configuration GuideGSLB Configuration - Overview

GSLB Configuration

This chapter describes the configuration of Global Server Load Balancing(GSLB).

OverviewConfiguration is required on the GSLB AX device (GSLB controller) andthe site AX devices.

Note: The AX device provides an optional mechanism to automatically syn-chronize GSLB configurations and service IP status among multipleGSLB controllers for a GSLB zone. If you plan to use automatic GSLBconfiguration synchronization among controllers, first see GSLB Con-figuration Synchronization on page 113.

Note: This chapter shows the GUI pages for detailed configuration. The GUIalso provides pages for simple GSLB configuration. Navigate to ConfigMode > Getting Started > GSLB Easy Config. See the online help orAX Series GUI Reference for information.

Configuration on GSLB ControllerTo configure GSLB on the GSLB AX device:

1. Configure health monitors for the DNS server to be proxied and for the GSLB services to be load balanced.

2. Configure a DNS proxy.

3. Configure a GSLB policy (unless you plan to use the default policy set-tings, described in GSLB Policy on page 18).

4. Configure services.

5. Configure sites.

6. Configure a zone.

7. Enable the GSLB protocol for the GSLB controller function.

Note: If you plan to run GSLB in server mode, the proxy DNS server does notrequire configuration of a real server or service group. Only the VIP isrequired. However, if you plan to run GSLB in proxy mode, the real


AX Series - GSLB Configuration GuideGSLB Configuration - Configure Health Monitors

server and service group are required along with the VIP. (Server andproxy mode are configured as DNS options. See DNS Options onpage 23.)

Configuration on Site AX Device

To configure GSLB on the site AX devices:

1. Configure SLB, if not already configured.

2. Enable the GSLB protocol for the GSLB site device function.

Configuration takes place at the following levels:

The following sections describe the GSLB configuration steps in the GUIand in the CLI. Required commands and commonly used options are listed.For advanced commands and options, see CLI Command Reference onpage 153.

Note: Each of the following sections shows the CLI and GUI configuration. Forcomplete configuration examples, see GSLB Configuration Exampleson page 99.

Configure Health MonitorsA10 Networks recommends that you configure health monitors for the localDNS server to be proxied and also for the GSLB services to be load bal-anced.

Use a DNS health monitor for the local DNS server. You also can use aLayer 3 health monitor to check the IP reachability of the server.

For the GSLB service, use health monitors for the application types of theservices. For example, for an HTTP service, use an HTTP health monitor. If

Global (system-wide on the GSLB AX device)

Zone

SLB device

Site

Service IP


AX Series - GSLB Configuration GuideGSLB Configuration - Configure the DNS Proxy

the Health-Check metric is enabled in the GSLB policy, the metric will usethe results of service health checks to select sites.

To monitor the health of the real servers providing the services, configurehealth monitors on the site SLB devices.

Configure the health monitors for the proxied DNS server and the GSLBservices on the GSLB AX device. Configure the health monitors for realservers and their services on the site AX devices.

Configuration of health monitors is the same as for standard SLB. There areno special health monitoring options or requirements for GSLB.

Configure the DNS ProxyThe DNS proxy is a DNS virtual service, and its configuration is thereforesimilar to the configuration of an SLB service.

To configure the GSLB DNS proxy, use one of the following procedures.

USING THE GUI1. Select Config Mode > Service > GSLB.

2. Click DNS Proxy, then click Add.

3. Enter a name for the DNS proxy.

4. Enter the IP address that will be advertised as the authoritative DNS server for the GSLB zone.

Note: The GUI will not accept the configuration if the IP address you enter hereis the same as the real DNS server IP address you enter when configuringthe service group for this proxy (below).

5. (Optional) To add this proxy configuration of the DNS server to a High Availability (HA) group, select the group.

6. In the GSLB Port section, click Add.

7. In the Port field, enter the DNS port number, if not already filled in.

8. In the Service Group field, select create. The Service Group and Server sections appear.

9. In the Name field, enter a name for the service group.


AX Series - GSLB Configuration GuideGSLB Configuration - Configure the DNS Proxy

10. In the Type drop-down list, select UDP.

11. In the Server section, in the Server drop-down list, enter the IP address of the DNS server. Enter the real IP address of the DNS server, not the IP address you are assigning to the DNS proxy.

12. Enter the DNS port number in the Port field and click Add. The server information appears.

13. Click OK. The GSLB Port section re-appears.

14. Click OK. The Proxy section re-appears.

15. Click OK. The DNS proxy appears in the DNS proxy table.

USING THE CLI1. To configure a real server for the DNS server to be proxied, use the fol-

lowing commands:slb server server-name ipaddrUse this command at the global configuration level of the CLI. The command creates the proxy and changes the CLI to the configuration level for it. To configure the DNS port on the server, use the following command to change the CLI to the configuration level for the port:port port-num udpTo enable health monitoring of the DNS service, use the following com-mand:health-check monitor-name(Layer 3 health monitoring using the default Layer 3 health monitor is already enabled by default.)

2. To configure a service group and add the DNS proxy (real server) to it, use the following commands:

slb service-group group-name udpUse this command at the global configuration level of the CLI. The command creates the service group and changes the CLI to the configu-ration level for it. To add the DNS server to the service group, use the following command:member server-name:port-num

3. To configure a virtual server for the DNS proxy and bind it to the real server and service group, use the following commands:

slb virtual-server name ipaddr


AX Series - GSLB Configuration GuideGSLB Configuration - Configure a GSLB Policy

Use this command at the global configuration level of the CLI. The command creates the virtual server changes the CLI to the configuration level for it. To add the DNS port, use the following command:port port-number udpThis command changes the CLI to the configuration level for the DNS port. To bind the DNS port to the DNS proxy service group and enable GSLB on the port, use the following commands:service-group group-namegslb-enable

Configure a GSLB PolicyThe GSLB policy contains the metrics used to evaluate each site.

For the evaluation of sites, A10 uses a fixed list of site addresses. This list isconstructed based on the original list when a site becomes active. This fixedmetric evaluation function does not do ordering or re-ordering of the origi-nal list.

In the default GSLB policy, the following metrics are enabled by default:

Health-Check Geographic Round-Robin

All other metrics are disabled. (For detailed information about policyparameters and their defaults, see Policy Configuration Commands onpage 188 or the AX Series GUI Reference or online help.)

Note: Although the Geographic metric is enabled by default, there are no defaultgeo-location mappings. To use the Geographic metric, you must load ormanually configure geo-location mappings. (See Loading or Configur-ing Geo-Location Mappings on page 49 later in this section.)

Note: Also see GSLB Policy on page 18.



Enabling / Disabling MetricsTo enable or disable a metric, use one of the following procedures.


2. On the menu bar, select Policy.

3. Click on the policy name or click Add to create a new policy.

4. If you are configuring a new policy, enter a name in the Name field in the General section.

5. In the Metrics section, drag-and-drop the metric from one column to the other. For example, to disable the Health-Check metric, drag-and-drop it from the In Use column to the Not In Use column.

If you are enabling a metric, drag it to the position you want it to be used in the processing order. For example, if you are enabling the Admin Preference metric and you want this metric to be used first, drag-and-drop the metric to the top of the In Use column.

6. In the DNS Options section, configure the DNS options, if applicable to your deployment. (For descriptions, see DNS Options on page 23.)

7. Click OK.

USING THE CLI

To enable a metric, enter the metric name at the configuration level for thepolicy. For example, to enable the Admin-Preference metric, enter the fol-lowing command:

AX(config gslb-policy)#admin-preference

To disable a GSLB metric, use the no form of the command for the met-ric, at the configuration level for the policy. For example, to disable theHealth-Check metric, enter the following command at the configurationlevel for the policy:

AX(config gslb-policy)#no health-check



To set DNS options, use the following command at the configuration levelfor the policy. (For descriptions, see DNS Options on page 23.)

[no] dns {action | active-only [fail-safe] | addition-mx | auto-map | backup-alias | backup-server | cache [aging-time {seconds | ttl}] | cname-detect | delegation | external-ip | external-soa | geoloc-action | geoloc-alias | geoloc-policy | hint | ip-replace | ipv6 options | logging {both | query | response | none} proxy block option | selected-only [num] | server

[addition-mx] [any] [authoritative options][mx] [ns [auto-ns]] [ptr [auto-ptr]] [srv] [txt] |

sticky [network-mask | /prefix-length] [aging-time minutes] [ipv6-mask mask-length] |

ttl num}


AX Series - GSLB Configuration GuideGSLB Configuration - Changing the Metric Order

Changing the Metric OrderTo change the metric order, use one of the following procedures.



3. Click on the policy name or click Add to create a new policy.

4. If you are configuring a new policy, enter a name in the Name field in the General section.

5. In the Parameters section, drag-and-drop the metric to the position in which you want it to be used in the processing order. For example, if you want the Admin-Preference metric to be used first, drop the metric to the top of the In Use column.

6. Click OK.

USING THE CLI

To change the positions of metrics in a GSLB policy, use the followingcommand at the configuration level for the policy:

[no] metric-order metric [metric ...]The metric option specifies a metric and can be one of the following:

active-rdt active-servers admin-ip admin-preference bw-cost capacity connection-load geographic health-check least-response



num-session weighted-ip weighted-site

Note: Metric order does not apply to the Alias-Admin-Preference or Weighted-Alias metrics.

Configuring Active-Round Delay TimeIf you are planning to use the active-Round Delay Time (aRDT) metric,read this section. Otherwise, you can skip the section. This metric is dis-abled by default.

aRDTaRDT measures the round-delay-time for a DNS query and reply between asite AX device and the GSLB local DNS.

You can configure aRDT to take a single sample or periodic samples.

Global aRDT ParametersThe aRDT metric uses the following options, which are configurable on aglobal basis:

Domain Specifies the query domain. To measure the active round-delay-time (aRDT) for a client, the site AX device sends queries for the domain name to a clients local DNS. An aRDT sample consists of the time between when the site AX device sends a query and when it receives the response.

Only one aRDT domain can be configured. It is recommended to use a domain name that is likely to be in the cache of each clients local DNS. The default domain name is google.com.

The AX device averages multiple aRDT samples together to calculate the aRDT measurement for a client. (See the description of Track below.)

Interval Specifies the number of seconds between queries. You can specify 1-16383 seconds. The default is 1.

Retry Specifies the number of times GSLB will resend a query if there is no response. You can specify 0-16. The default is 3.

Sleep Specifies the number of seconds GSLB stops tracking aRDT data for a client after a query fails. You can specify 1-300 seconds. The default is 3.



Timeout Specifies the number of milliseconds GSLB will wait for a reply before resending a query. You can specify 1-16383 milliseconds (ms). The default is 3000 ms.

Track Specifies the number of seconds during which the AX device collects samples for a client. The samples collected during the track time are averaged together, and the averaged value is used as the aRDT mea-surement for the client. You can specify 3-16383 seconds. The default is 60 seconds.

The averaged aRDT measurement is used until it ages out. The aging time for averaged aRDT measurements is 10 minutes by default and is configurable on individual sites, using the aRDT aging-time command.

To configure global aRDT options, use the following command at the globalconfiguration level of the CLI:

[no] gslb active-rdt {domain domain-name |interval seconds |retry num |sleep seconds |timeout ms |track seconds}

Default Settings

When you enable aRDT, a site AX device sends some DNS requests to theGSLB domains local DNS. The GSLB AX device then averages the aRDTtimes of 5 samples.

Single Sample (Single Shot)To take a single sample and use that sample indefinitely, use the single-shotoption. This option instructs each site AX device to send a single DNSquery to the GSLB local DNS.

The single-shot option is useful if you do not want to frequently update theaRDT measurements. For example, if the GSLB domain's clients tend toremain logged on for long periods of time, using the single-shot optionensures that clients are not frequently sent to differing sites based on aRDTmeasurements.



The single-shot has the following additional options:

timeout Specifies the number of seconds each site AX device should wait for the DNS reply. If the reply does not arrive within the specified timeout, the site becomes ineligible for selection, in cases where selec-tion is based on the aRDT metric. You can specify 1-255 seconds. The default is 3 seconds.

skip Specifies the number of site AX devices that can exceed their sin-gle-shot timeouts, without the aRDT metric itself being skipped by the GSLB AX device during site selection. You can skip from 1-31 sites. The default is 3.

Multiple SamplesTo periodically retake aRDT samples, do not use the single-shot option. Inthis case, the AX device uses the averaged aRDT value based on the numberof samples measured for the intervals.

For example, if you set aRDT to use 3 samples with an interval of 5 sec-onds, the aRDT is the average over the last 3 samples, collected in 5-secondintervals. If you configure single-shot instead, a single sample is taken.

The number of samples can be 1-8. The default is 5 samples.

Store-ByBy default, the GSLB AX device stores one aRDT measurement per siteSLB device. Optionally, you can configure the GSLB AX device to storeone measurement per geo-location instead. This option is configurable onindividual GSLB sites. (See Changing aRDT Settings for a Site onpage 39.)

ToleranceThe default measurement tolerance is 10 percent. If the aRDT measure-ments for more than one site are within 10 percent, the GSLB AX deviceconsiders the sites to be equal in terms of aRDT. You can adjust the toler-ance to any value from 0-100 percent.



Enabling aRDTTo enable aRDT, use one of the following procedures.



3. Click on the policy name or click Add to create a new one.

4. Drag-and-drop aRDT from the Not In Use column to the In Use column.

5. Click the plus sign to display the aRDT configuration fields.

6. To use single-shot aRDT, select the Single-shot checkbox. To collect multiple samples, do not select the Single-shot checkbox.

7. To change settings for single-shot, edit the values in the Timeout and Skip fields.

8. To change settings for multiple samples, edit the values in the Samples and Tolerance fields.

9. Click OK.

USING THE CLIEnter the following command at the configuration level for the GSLB pol-icy:

[no] active-rdt [difference num] [fail-break] [ignore-id group-id] [keep-tracking] [limit ms] [samples num-samples] [single-shot] [skip count] [timeout seconds][tolerance num-percentage]If you omit all the options, the site AX device send DNS requests to theGSLB domains local DNS. The GSLB AX device averages the aRDTtimes of the samples. The aRDT measurements are regularly updated. Youcan use the samples option to change the number of samples to 1-8.

To enable single-shot aRDT instead, use the single-shot option. For single-shot, you also can use the skip and timeout options. (See the descriptionsabove, in Single Sample (Single Shot) on page 36)



CLI ExamplesThe following commands access the configuration level for GSLB policygslbp2 and enable the aRDT metric, using all the default settings:

AX(config)#gslb policy gslbp2AX(config gslb-policy)#active-rdt

The following commands access the configuration level for GSLB policygslbp3 and enable the aRDT metric, using single-shot settings:

AX(config)#gslb policy gslbp3AX(config gslb-policy)#active-rdt single-shotAX(config gslb-policy)#active-rdt skip 3

In this example, each site AX device will send a single DNS query to theGSLB domains local DNS, and wait 3 seconds (the default) for a reply. Thesite AX devices will then send their aRDT measurements to the GSLB AXdevice. However, if more than 3 site AX devices fail to send their aRDTmeasurements to the GSLB AX device, the AX device will not use theaRDT metric.

Changing aRDT Settings for a SiteYou can adjust the following aRDT settings on individual sites:

aging-time Specifies the maximum amount of time a stored aRDT result can be used. You can specify 1-60 minutes. The default is 10 min-utes.

bind-geoloc Stores the aRDT measurements on a per geo-location basis. Without this option, the measurements are stored on a per site-SLB device basis.

ignore-count Specifies the ignore count if aRDT is out of range. You can specify 1-15. The default is 5.

ipv6-mask Specifies the client IPv6 mask length, 1-128. The default is 128.

limit Specifies the limit. You can specify 1-16383. The default is 16383 milliseconds.

mask Based on the subnet mask or mask length, the entry can be a host address or a subnet address. The default is 32.

range-factor Specifies the maximum percentage a new aRDT mea-surement can differ from the previous measurement. If the new mea-surement differs from the previous measurement by more than the allowed percentage, the new measurement is discarded and the previous measurement is used again.



For example, if the range-factor is set to 25 (the default), a new mea-surement that has a value from 75% to 125% of the previous value can be used. A measurement that is less than 75% or more than 125% of the previous measurement can not be used.

You can specify 1-1000. The default is 25.

smooth-factor Blends the new measurement with the previous one, to smoothen the measurements.

For example, if the smooth-factor is set to 10 (the default), 10% of the new measurement is used, along with 90% of the previous measure-ment. Similarly, if the smooth-factor is set to 50, 50% of the new mea-surement is used, along with 50% of the previous measurement.

You can specify 1-100. The default is 10.

USING THE GUI

Use the Options section of the GUI page for the site.

USING THE CLI

Use the following command at the configuration level for the site:

[no] active-rdt aging-time minutes | bind-geoloc | limit num | mask {/mask-length | mask-ipaddr} | range-factor num | smooth-factor num

Excluding a Set of IP Addresses from aRDT PollingYou can use an IP list to exclude a set of IP addresses from aRDT polling.You can configure an IP list in either of the following ways:

Use a text editor on a PC or use the AX GUI to configure a black/white list, then load the entries from the black/white list into an IP list.

Use this command to configure individual IP list entries.



USING THE CLI

To configure an IP list using the CLI, use the following command at theglobal configuration level of the CLI:

[no] gslb ip-list list-nameThe command changes the CLI to the configuration level for the list, wherethe following IP-list-related commands are available:

[no] ip ipaddr {subnet-mask | /mask-length} id group-idThis command creates an IP entry in the list. Based on the subnet mask ormask length, the entry can be a host address or a subnet address. The idoption adds the entry to a group. The group-id can be 0-31.

[no] load bwlist-nameThis command loads the entries from a black/white list into the IP list. Forinformation on configuring a black/white list, see the Policy-Based SLB(PBSLB) chapter in the AX Series System Configuration and Administra-tion Guide.

To use the IP list to specify the IP addresses to exclude from aRDT data col-lection, use the following command at the configuration level for the GSLBpolicy:

[no] active-rdt ignore-id group-id

USING THE GUI

Note: In the current release, IP lists can not be configured using the GUI.



Configuring BW-Cost SettingsIf you are planning to use the BW-Cost metric, read this section. Otherwise,you can skip the section. The BW-Cost metric is disabled by default.

The BW-Cost metric selects sites based on bandwidth utilization on the siteAX links.

How Bandwidth Cost Is Measured

To compare sites based on bandwidth utilization, the GSLB AX devicesends SNMP GET requests for a specified MIB interface object, such as ifInOctets, to each site.

If the SNMP object value is less than or equal to the bandwidth limit configured for the site, the site is eligible to be selected.

If the SNMP object value is greater than the bandwidth limit configured for the site, then the site is ineligible.

The GSLB AX device sends the SNMP requests at regular intervals. Once asite is ineligible, the site can become eligible again at the next interval if theutilization is below the configured limit minus the threshold percentage.(See below.)

Configuration Requirements

To use the BW-Cost metric, an SNMP template must be configured andbound to each site. The GSLB SNMP template specifies the SNMP versionand other information necessary to access the SNMP agent on the site AXdevice, and the Object Identifier (OID) of the MIB object to request.

In addition, the following BW-Cost parameters must be configured on eachsite:

Bandwidth limit The bandwidth limit specifies the maximum value of the requested MIB object for the site to be eligible for selection.

Bandwidth threshold For a site to regain eligibility when BW-Cost is being compared, the SNMP objects value must be below the threshold-percentage of the limit value.

For example, if the limit value is 80,000 and the threshold is 90 (per-cent), then the limit value must be 72,000 or less, for the site to become eligible again based on bandwidth cost. Once a site again becomes eligi-ble, the SNMP objects value is again allowed to increase up to the bandwidth limit value (80,000 in this example).

Performance by Design 43 of 260Document

Documents

AX_GSLB_Guide_v2_7_0-20121010