GSLB CONFIGURATION FOR
DISASTER RECOVERY
GSLB Configuration for Disaster Recovery
TABLE OF
CONTENTS
GSLB DR SOLUTION ............................................................................................. 1
GSLB DR DESIGN.................................................................................................. 1
CONFIGURATION OVERVIEW ............................................................................. 2
CLI example .............................................................................................................................................................. 3
Primary and DR site configurations .................................................................................................................... 4
ADDITIONAL COMMANDS AND WORKFLOWS ................................................ 6
Verify Configuration: ............................................................................................................................................... 6
CLI example to Force traffic to the DR Site........................................................................................................ 6
aXAPI example......................................................................................................................................................... 7
Verify DNS functionality ......................................................................................................................................... 8
SUMMARY ............................................................................................................. 9
HELPFUL LINKS .................................................................................................... 9
ABOUT A10 NETWORKS .................................................................................................................................... 10
i
GSLB Configuration for Disaster Recovery
GSLB DR SOLUTION
A10 Networks Global Server Load Balancing (GSLB) technology provides site failure protection. The GSLB
controller monitors each active site in the GSLB domain to verify the health of each site. If it determines that
the active site is down (for reasons not limited to power, circuit, or server failures), the GSLB controller will
shift application traffic to an alternate site dynamically. The failover is transparent to users connecting to a
fully-qualified domain name (FQDN) that the A10 GSLB controllers service. A manual GSLB site failover can
also be performed using a simple procedure. For example, the operator can force traffic to an alternate site
when an active site requires maintenance.
GSLB DR DESIGN
Following is an Active - Standby design in GSLB server mode. Each site has a GSLB controller and the GSLB
controllers are authoritative for the DNS zone that has been delegated.
Figure 1: GSLB Disaster Recovery design
Below is a high-level overview of Figure 1: GSLB Disaster Recovery design:
o Users connecting to www.a10example.com:
- Queries the local DNS server and the recursive lookup process continues to the root DNS servers.
1
GSLB Configuration for Disaster Recovery
- The A10 GSLB controllers communicate using the GLSB protocol for health check monitors to verify site
availability.
- CNAME is used for delegation of the FQDN to the A10 GSLB controllers.
- The Primary or the DR GSLB controller responds to the users with the Primary site HTTP VIP address if
the Primary site is up.
o If the A10 GSLB controllers determine the Primary site is down:
- The A10 GSLB controller responds with the HTTP VIP address of the DR site.
- User traffic is directed to the DR site.
o When the GSLB Protocol determines the Primary site is up:
- User traffic is directed to the Primary site.
CONFIGURATION OVERVIEW
To configure the GSLB active and standby sites based on Figure 1: GSLB Disaster Recovery design:
o Enable the GSLB controller process for the GSLB protocol to exchange site health information.
- Command: ACOS(config)# <gslb protocol enable controller>
o If SLB is also combined with GSLB, enable the GSLB device.
- Command: ACOS(config)# <gslb protocol enable device>
o Enable the DNS VIP for a standalone DNS server, configure the port, and enable GSLB.
- Command: ACOS(config)# <slb virtual-server <name> <IP address>>
- Command: ACOS(config-slb vserver)# <port <number> < udp>
- Command: ACOS (config-slb vserver-vport)# <gslb-enable>
o Configure the Service IP address for each site. This is the SLB VIP address or remote host IP address the
DNS VIP will respond with, to direct traffic to the site. Define the port and protocol.
- Command: ACOS(config)# <gslb service-ip <name> <IP address>>
- Command: ACOS(config-service-ip:PRI-GSLB-HTTP)# <port <number> <udp or tcp>>
o Configure the GSLB controller for each site. Configure the site parameters and set the administrative
preference to prefer Primary site for all traffic. The default administrative preference value is 100. Set the
active site to a higher administrative value than the default value to prefer traffic over the DR site. Add the
GSLB service VIP address to each site configuration.
- Command: ACOS(config)# <gslb site <name>>
- Command: ACOS(config-gslb site:name)# <slb-dev <name> <IP address>>
2
GSLB Configuration for Disaster Recovery
- Command: ACOS(config-gslb site:name-slb dev:name)# <admin-preference <0-255>>
- Command: ACOS(config-gslb site:name-slb dev:name)# <vip-server <GSLB VIP name>>.
o Configure the GSLB policy to determine how GSLB traffic will be distributed to each site. Enable the DNS
attributes to respond with a single IP and be authoritative for the zone. Enable administrative-preference
and disable round robin based on the active-standby design. Order the metrics for the desired GSLB
behavior.
- Command: ACOS(config)# <gslb policy <name>>
- Command: ACOS(config-policy:name)# <dns selected-only 1>
- Command: ACOS(config-policy:name)# <dns server authoritative>
- Command: ACOS(config-policy:name)# <admin-preference>
- Command: ACOS(config-policy:name)# <no round-robin>
- Command: ACOS(config-policy:name)# <metric-order admin-preference health-check>
o Enable the zone information for DNS query response for the FQDN zone. Bind the GSLB policy to the zone
configuration. Enter the CNAME if it was used for zone delegation on the A10 GSLB controllers or enter the
zone. Define the service prefix for the FQDN and associated service port. Configure the DNS A Record for
each GSLB VIP address of each site which will return the HTTP VIP address with the DNS response.
- Command: ACOS(config)# <gslb zone <zone name>
- Command: ACOS(config-zone:zone-name)# <policy <name>>
- Command: ACOS(config-zone:zone-name)# <service <port number> <service prefix for zone>>
- Command: ACOS(config-zone:zone-name.-service...)# <dns-a-record <GSLB VIP name> <static>>
CLI EXAMPLE
The following are the steps to configure GSLB using the CLI referencing Figure 1: GSLB Disaster Recovery
design. The CNAME, gslb.a10example.com, is used for the zone, www.a10example.com.
Primary Site Configuration:
ACOS-PRI(config)# gslb protocol enable controller
ACOS-PRI(config)# gslb protocol enable device
ACOS-PRI(config)# slb virtual-server DNS-VIP 192.168.20.53
ACOS-PRI(config-slb vserver)# port 53 udp
ACOS-PRI(config-slb vserver-vport)# gslb-enable
ACOS-PRI(config)# gslb service-ip PRI-GSLB-HTTP 192.168.20.200
ACOS-PRI(config-service-ip:PRI-GSLB-HTTP)# port 80 tcp
ACOS-PRI(config)# gslb service-ip DR-GSLB-HTTP 192.168.40.200
ACOS-PRI(config-service-ip:DR-GSLB-HTTP)# port 80 tcp
ACOS-PRI(config)# gslb site Primary
3
GSLB Configuration for Disaster Recovery
ACOS-PRI(config-gslb site:Primary)# slb-dev PRI 192.168.20.125
ACOS-PRI(config-gslb site:Primary-slb dev:PRI)# admin-preference 200
ACOS-PRI(config-gslb site:Primary-slb dev:PRI)#vip-server PRI-GSLB-HTTP
ACOS-PRI(config)# gslb site DRsite
ACOS-PRI(config-gslb site:DRsite)# slb-dev DR 192.168.40.125
ACOS-PRI(config-gslb site:DRsite-slb dev:DR)# vip-server DR-GSLB-HTTP
ACOS-PRI(config)# gslb policy A10health
ACOS-PRI(config-policy:a10health)# dns selected-only-1
ACOS-PRI(config-policy:a10health)# dns server authoritative
ACOS-PRI(config-policy:a10health)# admin-preference
ACOS-PRI(config-policy:a10health)# no round-robin
ACOS-PRI(config-policy:a10health)# metric-order health-check admin-preference
ACOS-PRI(config)# gslb zone gslb.a10example.com
ACOS-PRI(config-zone:gslb.a10example.)# policy A10health
ACOS-PRI(config-zone:gslb.a10example.)# service 80 www
ACOS-PRI(config-zone:gslb.a10example.-service...)# dns-a-record PRI-GSLB-HTTP static
ACOS-PRI(config-zone:gslb.a10example.-service...)# dns-a-record DR-GSLB-HTTP static
PRIMARY AND DR SITE CONFIGURATIONS
The GSLB configuration for both sites referencing Figure 1: GSLB Disaster Recovery design is shown below:
4
GSLB Configuration for Disaster Recovery
Primary Site:
DR Site:
ACOS-PRI#show running-configuration
!Current configuration: 508 bytes
!Configuration last updated at 00:28:05 GMT Sat Mar 24 2018
!Configuration last saved at 23:48:37 GMT Fri Mar 23 2018
!64-bit Advanced Core OS (ACOS) version 4.1.4, build 307 (Feb12-2018,06:47)
!
hostname ACOS-PRI
!
interface management
ip address 172.31.31.31 255.255.255.0
enable
!
interface ethernet 1
enable
ip address 192.168.20.125 255.255.255.0
!
interface ethernet 2
!
ip route 0.0.0.0 /0 192.168.20.154
!
slb server RS1 192.168.2.243
port 80 tcp
!
slb service-group SG1 tcp
member RS1 80
!
slb virtual-server DNS-VIP 192.168.20.53
port 53 udp
gslb-enable
!
slb virtual-server VS1 192.168.20.200
port 80 http
source-nat auto
service-group SG1
!
gslb service-ip PRI-GSLB-HTTP 192.168.20.200
port 80 tcp
!
gslb service-ip DR-GSLB-HTTP 192.168.40.200
port 80 tcp
!
gslb site Primary
slb-dev PRI 192.168.20.125
admin-preference 200
vip-server PRI-GSLB-HTTP
!
gslb site DRsite
slb-dev DR 192.168.40.125
vip-server DR-GSLB-HTTP
!
gslb policy A10health
no geographic
admin-preference
no round-robin
metric-order health-check admin-preference
dns selected-only 1
dns server authoritative
!
gslb zone gslb.a10example.com
policy A10health
service 80 www
policy A10health
dns-a-record DR-GSLB-HTTP static
dns-a-record PRI-GSLB-HTTP static
!
gslb protocol enable controller
!
gslb protocol enable device
!
end
ACOS-DR#show running-configuration
!Current configuration: 362 bytes
!Configuration last updated at 00:46:37 GMT Sat Mar 24 2018
!Configuration last saved at 00:41:10 GMT Sat Mar 24 2018
!64-bit Advanced Core OS (ACOS) version 4.1.4, build 307 (Feb12-2018,06:47)
!
hostname ACOS-DR
!
interface management
ip address 172.31.31.32 255.255.255.0
!
interface ethernet 1
enable
ip address 192.168.40.125 255.255.255.0
!
interface ethernet 2
!
ip route 0.0.0.0 /0 192.168.40.154
!
slb server RS1 192.168.40.250
port 80 tcp
!
slb service-group SG1 tcp
member RS1 80
!
slb virtual-server DNS-VIP 192.168.40.53
port 53 udp
gslb-enable
!
slb virtual-server VS1 192.168.40.200
port 80 http
source-nat auto
service-group SG1
!
gslb service-ip DR-GSLB-HTTP 192.168.40.200
port 80 tcp
!
gslb service-ip PRI-GSLB-HTTP 192.168.20.200
port 80 tcp
!
gslb site DRsite
slb-dev DR 192.168.40.125
vip-server DR-GSLB-HTTP
!
gslb site Primary
slb-dev PRI 192.168.20.125
admin-preference 200
vip-server PRI-GSLB-HTTP
!
gslb policy A10health
no geographic
admin-preference
no round-robin
metric-order health-check admin-preference
dns selected-only 1
dns server authoritative
!
gslb zone gslb.a10example.com
policy A10health
service 80 www
policy A10health
dns-a-record DR-GSLB-HTTP static
dns-a-record PRI-GSLB-HTTP static
!
gslb protocol enable controller
!
gslb protocol enable device
!
!
end
5
GSLB Configuration for Disaster Recovery
ADDITIONAL COMMANDS AND
WORKFLOWS
VERIFY CONFIGURATION:
Verify the Primary site and the DR site are communicating and exchanging HTTP VIP health information
indicated by the state being UP.
ACOS-PRI# show gslb service-ip
P-Cnt = Count of Service Ports, Attrs = Attributes
V = Is Virtual Server, D = Disabled
P = GSLB Protocol,
L = Local Protocol
M = Manually Health Check, * = Dynamic
Service-IP
IP/Desc
Attrs State P-Cnt Hits
-------------------------------------------------------------------------------:PRI:PRI-GSLB-HTTP
192.168.20.200 VL
UP
1
0
:DR:DR-GSLB-HTTP
192.168.40.200 VP
UP
1
0
CLI EXAMPLE TO FORCE TRAFFIC TO THE DR SITE
Change the administrative preference values for the Primary site configured, on each GSLB controller:
Configure the Primary Site:
Change the administrative preference for the Primary site configured at the Primary data center. For
example, a value of 90 is lower than the value of the default configured at the DR site (default = 100):
ACOS-PRI(config)# gslb site Primary
ACOS-PRI(config-gslb site:Primary)# slb-dev PRI 192.168.20.125
ACOS-PRI(config-gslb site:Primary-slb dev:PRI)# admin-preference 90
6
GSLB Configuration for Disaster Recovery
Configure the DR Site:
Change the administrative preference for the Primary site configured at the DR data center. For example, a
value of 100 is lower than the value of the default configured at the DR site (default = 150):
ACOS-DR(config)# gslb site Primary
ACOS-DR(config-gslb site:Primary)# slb-dev PRI 192.168.20.125
ACOS-DR(config-gslb site:Primary-slb dev:PRI)# admin-preference 90
AXAPI EXAMPLE
The A10 aXAPI is used to efficiently shift traffic to the DR site with a single command. Below is an example
of an API call to alter the administrative preference value to force a lower priority at the Primary site. The
GSLB controllers update the priorities of each site and either controller responds to users with the DR site
HTTP VIP address.
Send API call to the Primary GSLB Controller management IP address:
root@ubuntu:~# curl -k POST https://192.168.2.125/axapi/v3/gslb/site/Primary/slb-dev/PRI \
-H "Content-type: application/json" \
-H "Authorization:A10 6110a8f3a6b04ce64e0ab281b7f0aa" \
-d '{
"slb-dev": {
"admin-preference":50
}
}'
Send API call to the DR GSLB Controller:
root@ubuntu:~# curl -k POST https://192.168.40.125/axapi/v3/gslb/site/Primary/slb-dev/PRI \
-H "Content-type: application/json" \
7
GSLB Configuration for Disaster Recovery
-H "Authorization:A10 6110a8f3a6b04ce64e0ab281b7f0aa" \
-d '{
"slb-dev": {
"admin-preference":50
}
}'
For additional information see the link referencing the aXAPI Guide at the end of this article in Helpful Links
section.
VERIFY DNS FUNCTIONALITY
Below is an example dig command to verify the A10 GSLB controllers are responding with the correct site IP.
The GSLB controller is responding with Primary site Web site address:
Before the API command to change the administrative preference:
[root@localhost ~]# dig www.gslb.a10example.com
; <<>> DiG 9.2.4 <<>> www.gslb.a10example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22893
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.gslb.a10example.com.
IN
A
;; ANSWER SECTION:
www.gslb.a10example.com. 10
IN
A
192.168.20.200
;; Query time: 16 msec
;; SERVER: 192.168.40.53#53(192.168.40.53)
;; WHEN: Fri Mar 23 18:48:43 2018
;; MSG SIZE rcvd: 80
After the API command to change the administrative preference for both GSLB controllers:
8
GSLB Configuration for Disaster Recovery
; <<>> DiG 9.2.4 <<>> www.gslb.a10example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1992
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.gslb.a10example.com.
IN
A
;; ANSWER SECTION:
www.gslb.a10example.com. 10
IN
A
192.168.40.200
;; Query time: 59 msec
;; SERVER: 192.168.40.53#53(192.168.40.53)
;; WHEN: Fri Mar 23 19:20:58 2018
;; MSG SIZE rcvd: 80
SUMMARY
A10 Networks GSLB ensures site reliability and effective deployment for Disaster Recovery. Traffic can be
distributed regionally or globally based on geographic location, bandwidth at remote sites, weighted
distribution, round-robin, or proximity of site to the local DNS query.
HELPFUL LINKS
For the complete guide to configuring GSLB on A10 Thunder, see the following link:
https://documentation.a10networks.com/GSLB
For the complete guide to configuring SLB and other ADC functions on A10 Thunder, see the following links:
Layer 4 TCP/UDP Load Balancing:
https://documentation.a10networks.com/L4_SLB
9
GSLB Configuration for Disaster Recovery
Layer 7 Application Load Balancing:
https://documentation.a10networks.com/L7_App_LB
For the complete guide to the aXAPI Guide to automate configuration on A10 Thunder, see the following links:
https://documentation.a10networks.com/axAPI
10
ABOUT A10 NETWORKS
A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application
networking solutions that help organizations ensure that their data center applications and networks remain highly
available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers
globally with offices worldwide.
For more information, visit: a10networks.com or tweet @a10Networks
LEARN MORE
ABOUT A10 NETWORKS
CONTACT US
©2018 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo,
ACOS, A10 Thunder, A10 Lightning, A10 Harmony and SSL Insight are trademarks or
registered trademarks of A10 Networks, Inc. in the United States and other countries.
All other trademarks are property of their respective owners. A10 Networks assumes
no responsibility for any inaccuracies in this document. A10 Networks reserves the
right to change, modify, transfer, or otherwise revise this publication without notice.
For the full list of trademarks, visit: www.a10networks.com/a10-trademarks.
a10networks.com/contact
11