8/24/22, 3:10 PM
Global Server Load Balancing Guide
GSLB CLI Command Reference
This chapter lists the CLI commands for Global Server Load Balancing (GSLB). The commands are organized
into the following sections:
• Main Configuration Commands
• Policy Configuration Commands
• Show Commands
• Clear Command
Main Configuration Commands
The commands in this section configure GSLB parameters. In some cases, the commands create a GSLB
configuration item and change the CLI to the configuration level for that item.
• delete geo-location
• gslb active-rdt
• gslb dns action
• gslb dns logging
• gslb geo-location
• gslb group
• gslb ip-list
• gslb policy
• gslb protocol
• gslb protocol limit
• gslb service-group
• gslb service-ip
• gslb site
• gslb system age-interval
• gslb system auto-map module
• gslb system auto-map ttl
• gslb system geo-location load
• gslb system ip-ttl
• gslb system wait
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
1/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• gslb template csv
• gslb template snmp
• gslb zone
• import geo-location
delete geo-location
Description
Delete or replace a custom geo-location database from the ACOS device.
Syntax
delete geo-location {all | file-name}
Default
Parameter
Description
all
Deletes all manually configured geo-locations from the
configu­ration.
file-name
Delete the specified geo-location from the configuration.
N/A
Usage
This command is available only if you have already imported a geo-location
database file.
Mode
Global configuration mode
gslb active-rdt
Description
Syntax
Configure global aRDT settings.
[no] gslb active-rdt
{
domain domain-name |
icmp
interval seconds |
port portnum |
retry num |
sleep seconds |
timeout ms |
track seconds
}
Parameter
Description
domain
domain-name
Specifies the query domain. To measure the active-Round Delay Time (aRDT)
for a cli­ent, the site ACOS device sends queries for the domain name to a
client’s local DNS. An aRDT sample consists of the time between when the
site ACOS device sends a query and when it receives the response.
Only one aRDT domain can be configured. It is recommended to use a domain
name that is likely to be in the cache of each client’s local DNS.
The ACOS device averages multiple aRDT samples together to calculate the
aRDT measurement for a client. (See the description of track below.)
The default domain is google.com.
icmp
Programs the device to use ICMP packets, instead of DNS requests, to calculate
response delay time.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
2/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
interval
seconds
Specifies the number of seconds between queries. You can specify 1-16383
seconds.
The default interval is 1 second.
port
portnum
Specifies the port. You can specify ports 0-65535.
The default port is 0.
retry
num
Specifies the number of times GSLB will resend a query if there is no
response. You can specify 0-16.
The default is 3.
sleep seconds
Specifies the number of seconds GSLB stops tracking aRDT data for a client
after a query fails. You can specify 1-300 seconds.
The default is 3 seconds.
timeout ms
Specifies the number of milliseconds GSLB will wait for a reply before
resending a query. You can specify 1-16383 ms.
The default is 3000 ms.
track seconds
Specifies the number of seconds during which the ACOS device collects
samples for a client. The samples collected during the track time are averaged
together, and the averaged value is used as the aRDT measurement for the
client. You can specify 3-16383 seconds.
The default is 60 seconds.
The averaged aRDT measurement is used until it ages out. The aging time for
aver­aged aRDT measurements is 10 minutes by default and is configurable on
individual sites, using the active-rdt aging-time command in GSLB site
configuration mode.
Default
Mode
See descriptions.
Global configuration mode
gslb dns action
Description
Syntax
Globally drop or reject DNS queries from the local DNS server.
gslb dns action {drop | ignore | none | reject}
no gslb dns action
Parameter
Description
drop
Drops DNS queries that do not match any zone service.
ignore
Ignores DNS queries that do not match any zone service.
none
No action (default)
reject
Rejects DNS queries that do not match any zone service,
and returns the “Refused” message in replies.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
3/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Default
Mode
No action (gslb dns action none)
Global configuration mode
gslb dns logging
Description
Globally set DNS logging parameters. When this option is enabled, the GSLB
DNS log messages appear in the ACOS log.
For more information, see DNS Logging.
Syntax
gslb dns logging {
both [template template-name] |
query [template template-name] |
response [template template-name] |
none
}
no gslb dns logging
Parameter
Description
both [template template-name]
Log both the DNS query and response.
query [template template-name]
Log only the DNS query.
response [template template-name]
Log only the DNS response.
none
Do not log any DNS messages.
Default
Mode
Disabled ( gslb dns logging none)
Global configuration mode
gslb geo-location
Description
Syntax
Configure a global geographic location by assigning a location name to a cli­ent IP
address range. GSLB forwards client requests from addresses within the specified IP
address range to the GSLB site that serves the location.
[no] gslb geo-location location-name
Parameter
Description
location-name
Name of location. Use a period between string labels (ranges). Each range can
con­tain up to 15 alphanumeric characters. Entire name can contain up to 127
charac­ters.
Example: Asia.japan.123456789.xyz
ACOS device can perform a partial match on geo-locations. Example: if IP
1.1.1.1 belongs to “Asia.japan”, but only “Asia” is configured, the ACOS
device still selects the proper site.
The command changes the CLI to the configuration level for the location, where the
following location-related commands are available:
Command
Description
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
4/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
[no] ip start-ip-addr
{mask ip-mask | end-ip-addr}
Beginning IPv4 address for the range.
• mask ip-mask - Network mask
• end-ip-addr - Ending IP address of the range
[no] ipv6 start-ipv6-addr
{mask ipv6-mask | end-ipv6-addr}
Beginning IPv6 address for the range.
• mask ipv6-mask - Network mask
• end-ipv6-addr - Ending IP address of range
Default
N/A
Mode
Global configuration mode
Usage
Geographic location can be configured in a GSLB policy, which specifies using
either the globally configured geographic location or the policy-config­ured location.
(See geo-location and geo-location-match.)
Use manually configured geo-location mappings or load a mappings database, as
described in gslb system geo-location load.
• If you manually map a geo-location to an GSLB site, GSLB uses the map­ping.
• If no geo-location is configured for a GSLB site, GSLB automatically maps the
service-ip to a geo-location in the loaded geo-location data­base.
• If a service-ip cannot be mapped to a geo-location, GSLB maps the site ACOS
device to a geo-location.
Example
This example configures geographic location “US.CA.SanJose” for IP address range
100.1.1.1 through 100.1.1.125:
ACOS(config)# gslb geo-location US.CA.SanJose
ACOS(config-geo-location:US.CA.SanJose)# ip 100.1.1.1 100.1.1.125
ACOS(config-geo-location:US.CA.SanJose)#
gslb group
Description
Syntax
Configure GSLB group settings. GSLB controllers within a GSLB group auto­matically synchronize GSLB configuration information and data.
[no] gslb group {default | group-name}
The command changes the CLI to the configuration level for the group, where the
following group-related commands are available:
Other available commands are common to all CLI configuration levels. See the CLI
Reference.
Command
Description
[no] auto-map
[option]
Automatically creates IP-to-name mappings for resources within the zone.
The option can be one of the following:
• data-interface
• learn
• mgmt-interface
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
5/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• primary
• smart
This is disabled by default.
This option is applicable only to GSLB zones that use wildcard service
names
[no] config-anywhere
Allows GSLB to be configured on any group member, without restricting
the changes to the master controller.
This is disabled by default.
[no] config-merge
If this option is used and the current GSLB controller has the highest
priority of all group members, then this current controller will attempt to
retrieve the config file from the master GSLB controller before assuming
control.
This is disabled by default.
[no] config-save
Enables automatic configuration save on this GSLB group member when
the configuration is saved on the group master.
This is enabled by defaul.t
[no] dns-discover
Discover member via DNS protocol. When this option is used, you do not
need to configure a primary IP address, because GSLB will send a DNS
query (based on the group name) to discover other group members.
For example, if group name is “group.example.com” then GSLB will send
the DNS discover query with domain name “group.example.com”.
This is disabled by defaul.t
[no] enable
Activates the ACOS device’s membership in the GSLB controller group.
This is disabled by defaul.t
[no] learn
Enables the ACOS device to learn the IP addresses of other group
members from the group’s primary controllers.
This is enabled by defaul.t
[no] primary ipaddr
Specifies the IP address of another group member, to be a primary
member. After the GSLB process starts on an ACOS device, the device
joins the controller group by connecting to the primary group members to
exchange group manage­ment traffic.
You can specify up to 15 primary members. Enter the command separately
for each member.
This is not set by default.
[no] priority num
Specifies the priority of the ACOS device to become the master for the
group. You can specify 1-255.
The default is 100.
[no] standalone
Run GSLB Group in standalone mode.
This is disabled by default.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
6/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
[no] suffix name
This option allows you to configure the DNS suffix that will be used for
dns-dis­covery. You can specify the suffix (or name) that GSLB will append
to the domain name when sending the dns-discover query. For example, if
the group name is “group” and the suffix is “example.com”, then the
concatenated strings are sent in the DNS discovery query as
“group.example.com”.
This is not set by default.
Default
Mode
See descriptions.
Global configuration mode
gslb health monitor
Description
Configure a health check that is synchronized across all GSLB group mem­bers.
See the “health monitor” command in Command Line Interface Refer­ence.
Syntax
[no] gslb health monitor monitor-name
[interval seconds]
[retry number]
[timeout seconds]
[up-retry number]
Mode
Except for the gslb keyword in front of the command, the syntax is the same as
the health monitor command at the global configuration level for the CLI. For
information about the options, see the CLI Reference.
gslb ip-list
Description
Syntax
Configure a list of IP addresses and group IDs to use as input to other GSLB
commands.
[no] gslb ip-list list-name
The command changes the CLI to the configuration level for the list, where the
following IP-list-related commands are available:
(The other commands are common to all CLI configuration levels. See the CLI
Reference.)
Parameter
Description
[no] ip ipaddr
[subnet-mask | /mask-length]
id group-id
Creates an IP entry in the list. Based on the subnet mask or mask
length, the entry can be a host address or a subnet address. The
id option adds the entry to a group. The group-id can be 0-31.
[no] load bwlist-name
Loads the entries from a black/white list into the IP list.
Default
None
Mode
Global configuration mode
Usage
You can configure an IP list in either of the following ways:
• Use a text editor on a PC or use the ACOS GUI to configure a black/white
list, then load the entries from the black/white list into an IP list.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
7/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• Use this command to configure individual IP list entries.
Example
The following commands configure a GSLB IP list and use the list to exclude IP
addresses from aRDT data collection:
ACOS(config)# gslb ip-list iplist1
ACOS(config-gslb ip-list)# ip 192.168.1.0 /24 id 3
ACOS(config-gslb ip-list)# ip 10.10.10.10 /32 id 3
ACOS(config-gslb ip-list)# ip 10.10.10.20 /32 id 3
ACOS(config-gslb ip-list)# ip 10.10.10.30 /32 id 3
ACOS(config-gslb ip-list)# exit
ACOS(config)# gslb policy pol1
ACOS(config-gslb policy)# ip-list iplist1
ACOS(config-gslb policy)# active-rdt ignore-id 3
gslb policy
Description
Configure a GSLB policy.
Syntax
[no] gslb policy {default | policy-name}
Parameter
Description
default
The default GSLB policy included in the software.
policy-name
Name of the policy, up to 63 alphanumeric characters.
This command changes the CLI to the configuration level for the specified GSLB
policy. For information about the commands available at the GSLB policy level, see
Policy Configuration Commands.
Default
Mode
Example
N/A
Global configuration mode
The following example creates a GSLB policy called “gslb-policy2”:
ACOS(config)# gslb policy gslb-policy2
ACOS(config-policy:gslb-policy2)#
gslb protocol
Description
Syntax
Enable the GSLB protocol or set protocol options.
[no] gslb protocol
{
auto-detect |
enable {controller | device} |
limit option |
ping [site | ip-addr] |
status-interval seconds |
use-mgmt-port
}
Parameter
Description
auto-detect
Enables auto-detection.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
8/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
This is disabled by default.
enable
{controller | device}
Enables the GSLB protocol:
• controller – Use this option on the ACOS device on which GSLB
is config­ured.
• device – Use this option on the ACOS devices that are SLB
devices at the GSLB sites.
limit option
See gslb protocol limit.
ping
[site | ip-addr]
Test GSLB connectivity from the GSLB ACOS device to a site
ACOS device.
• site - GSLB site name of the site ACOS device.
• ip-addr - The IP address of the site ACOS device.
status-interval seconds
Changes the number of seconds between GSLB status messages. You
can specify 1-1800 seconds.
The default is 30 seconds.
use-mgmt-port
Use the management route table instead of the data route table.
This is disabled by default.
NOTE:
For the limit options, see gslb protocol limit.
Default
See descriptions.
Mode
Global configuration mode
Usage
The GSLB protocol uses port 4149 and is registered on this port for both TCP and
UDP.
ACOS devices use the GSLB protocol for GSLB management traffic. The protocol
must be enabled on the GSLB controller, and it is recommended (but not required)
that you enable the protocol on the site ACOS devices.
The following GSLB policy metrics require the protocol to be enabled on both the
site ACOS devices as well as the GSLB controller:
• Session-Capacity
• aRDT
• Connection-Load
• Num-Session
The GSLB protocol is also required for the Health-Check metric, if the default
health checks are used. If you modify the health checks, the GSLB protocol is not
required.
Example
The following command enables the GSLB protocol on a GSLB device:
ACOS(config)# gslb protocol enable controller
Example
The following command enables the GSLB protocol on a site device:
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
9/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
ACOS(config)# gslb protocol enable device
gslb protocol limit
Description
Syntax
Change aRDT message limits.
[no] gslb protocol limit
{
ardt-query num-msgs |
ardt-response num-msgs |
ardt-session num-sessions |
conn-response num-msgs |
message num-msgs |
response num-msgs
}
Parameter
Description
ardt-query
Limits the number of aRDT Query messages (01000000).
The default is 200 query messages.
ardt-response
Limits the number of aRDT Response Messages (01000000).
The default is 1000 response messages.
ardt-session
Limits the number of aRDT sessions (0-1000000)
The default is 32768 sessions.
conn-response
Limits the number Connection Load Response
Messages (0-1000000).
By default no limit is set.
message
Limits the number of messages (0-1000000).
The default is 10000 (ten thousand) messages.
response
Limits the number of Response Messages (0-1000000).
The default is 3600 response messages.
Default
Mode
See descriptions.
Global configuration mode
gslb service-group
Description
Configure an FQDN group.
Syntax
[no] gslb service-group group-name
This command creates the group and changes the CLI to the configuration level for
it. At this level, the following commands are available:.
Parameter
Description
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
10/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
[no] dependency site
All services become unavailable on the site when one
service goes down. Facilitates traffic redirection to a site
that can maintain persistence for all services. Default
setting is dis­abled.
Only valid when persistent site is enabled.
[no] disable
Disables all FQDN members.
[no] disable-site site-name
Disables the given site name in the service-group.
[no] persistent site [AGE][V4][V6]
Enables site persistence for the configuration mode service
group. Parameter options include:
• AGE – Specifies enforcement period. Valid options
include:
• <no parameter> – default period of five minutes.
• aging-time <1-65535> – specifies period (minutes)
• V4 – Specifies IPv4 mask. Valid formats include:
• <no parameter> – IPv4 mask of /32.
• /nn – specifes IPv4 mask length
• A.B.C.D – must specify valid IPv4 mask
• V6 – Specifies IPv6 mask length. Valid formats include:
• <no parameter> – default IPv6 mask of 128.
• ipv6-mask <1-128> – specifies IPv6 mask length
[no] member service-name.zone-name
Example
Adds the specified service, in FQDN format.
These commands 1) create an FQDN; 2) create an FQDN group called “examplegroup”; and 3) adds the FQDN for GSLB services to the group:
ACOS(config)# gslb zone example.com
ACOS(config-zone:example.com)# service 80 www
ACOS(config-zone:example.com-service:www)# exit
ACOS(config-zone:example.com)# exit
ACOS(config)# gslb service-group example-group
ACOS(config-svc group:example-group)# member www.example.com
ACOS(config-svc group:example-group)# member www1.example.com
ACOS(config-svc group:example-group)#
gslb service-ip
Description
Configure a service IP, which can be a virtual server’s or real server’s IP address.
Syntax
[no] gslb service-ip service-name [ipaddr]
Parameter
Description
service-name
Name of the service, up to 63 alphanumeric characters.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
11/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
ipaddr
IP address of the virtual server or real server. You can specify an IPv4 or
IPv6 address.
(If you are changing the configuration of a GSLB service that is already
config­ured, this parameter is not required.)
This command changes the CLI to the configuration level for the specified service,
where the following GSLB-related commands are available:
Command
Description
disable
Disables GSLB for the service IP address.
enable
Enables GSLB for the service IP address.
[no] external-ip ipaddr
Assigns an external IP address to the service IP. The
external IP address allows a service IP that has an internal
IP address to be reached from outside the internal network.
[no] health-check monitor-name
Configures service IP monitoring. If you enter the command
with no options, the default Layer 3 health monitor (ICMP
ping) is used.
• monitor-name – The service is checked using the
specified Layer 3, 4 or 7 health monitor.
[no] health-check-disable
Disables the health-check monitor.
[no] health-check-protocol-
Disables the GSLB protocol health monitor.
disable
[no] ipv6 ipv6-addr
[no] port num
{tcp | udp}
Maps the specified IPv6 address to an IPv4 service IP. This
option also requires IPv6 DNS AAAA support to be enabled
in the GSLB policy. (See the ipv6-mapping option in DNS
IPv6.)
Adds service port to service IP. Changes CLI to
configuration level for specified service port, where these
commands are available:
• disable – Disables GSLB for service port.
• enable – Enables GSLB for service port.
• [no] health-check [monitor-name] – Enables health
monitoring for the service port. If you do not specify a
health monitor, the default health monitor is used. (See
“Usage” below.)
• [no] health-check-disable – Enables or disables
health monitoring for service port.
• [no] health-check-follow-port – Specify the port to
fol­low for health status. The port cannot follow itself or
use port 0.
• [no] health-check-protocol-disable – Disable the
GSLB protocol health monitor for the port.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
12/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Default
No services are configured by default. When you configure a service, the ser­vice is
enabled by default, and the default port is 80. The default health mon­itor for a
service is the default Layer 3 health monitor (ICMP ping). The default health
monitor for a service port is the default TCP or UDP monitor, depending on the
transport protocol. (For more on health checking, see “Usage” below.)
Mode
Global configuration mode
Usage
If you leave the health monitor for a service left at its default setting (the default
ICMP ping health check), health checks are performed within the GSLB protocol.
If you use a custom health monitor, or explicitly apply the default Layer 3 health
monitor to the service, the GSLB protocol is not used for any of the health checks.
If you use a custom health monitor for a service port, the port number specified in
the service configuration is used instead of the port number specified in the health
monitor configuration.
The following policy metric options are not supported for IPv6 service IPs:
• active-rdt
• ip-list
• dns external-ip
• dns ipv6 mapping
• geo-location
Example
The following example creates a GSLB service IP address named “gslb-srvc2” with
IP address 192.160.20.99:
ACOS(config)# gslb service-ip gslb-srvc2 192.168.20.99
ACOS(config-service-ip:gslb-srvc2)#
gslb site
Description
Configure a GSLB site.
Syntax
[no] gslb site site-name
Replace site-name with the name for the site (1-63 characters).
This command changes the CLI to the configuration level for the specified site,
where the following site-related commands are available:
Command
Description
[no] active-rdt
option
Configures options for the aRDT metric:
• aging-time minutes –Specifies the maximum amount of time a stored
aRDT result can be used. You can specify 1-15360 minutes. The default
is 10 minutes.
(“No” form of command is not available).
• bind-geoloc – Stores the aRDT measurements on a per geo-location
basis. Without this option, the measurements are stored on a per siteSLB device basis.
• ignore-count num – Specifies the ignore count if aRDT is out of
range. You can specify 1-15. The default is 5.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
13/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• limit num – Specifies the maximum aRDT allowed for the site. If the
aRDT measurement for a site exceeds the configured limit, GSLB does
not eliminate the site. Instead, GSLB moves to the next metric in the
policy. You can specify 1-16383 milliseconds (ms). The default is 16383.
(“No” form of command is not available).
• mask {/mask-length | mask-ipaddr} – Specifies the IPv4 client
subnet mask length. The default mask length is 32. (“No” form of
command is not available).
• range-factor num – Specifies the maximum percentage a new aRDT
mea­surement can differ from the previous measurement. If the new
measurement differs from the previous measurement by more than the
allowed percentage, the new measurement is discarded and the previous
measurement is used again.
For example, if the range-factor is set to 25 (the default), a new
measurement that has a value from 75% to 125% of the previous value
can be used. Mea­surements is less than 75% or more than 125% of the
previous measurement can not be used.
You can specify 0-1000. The default is 25.
• smooth-factor num – Blends the new measurement with the previous
one, to smoothen the measurements.
For example, if the smooth-factor is set to 10 (the default), 10% of the
new measurement is used, along with 90% of the previous measurement.
Similarly, if the smooth-factor is set to 50, 50% of the new measurement
is used, along with 50% of the previous measurement.
You can specify 1-100. The default is 10. (“No” form of command is
not avail­able).
(For information about the aRDT metric, see active-rdt.)
[no] auto-map
Enables DNS auto-mapping for site resources.
[no] bw-cost options
Configures options for the BW-Cost metric:
• limit num– Specifies the maximum amount the SNMP object queried
by the GSLB ACOS device can increase since the previous query, in
order for the site to remain eligible for selection. You can specify 02147483647. There is no default.
If a site becomes ineligible due to being over the limit, the percentage
parame­ter is used. In order to become eligible for selection again, the
site’s limit value must not exceed
limit*threshold-percentage.
threshold percentage – For a site to regain eligibility when BW-
Cost is being compared, the SNMP object’s value must be below the
threshold-per­centage of the limit value. You can specify 0-100. There is
no default.
For example, if the limit value is 80,000 and the threshold is 90
percent, then the limit value must be 72,000 or less, in order for the
site to become eligible again based. Once a site again becomes eligible,
the SNMP object’s value is again allowed to increase up to the
bandwidth limit (80,000 in this example).
(For information about the BW-Cost metric, see bw-cost.)
[no] controller
This command binds the specified controller to the configuration mode
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
14/97
8/24/22, 3:10 PM
domain-name
Global Server Load Balancing Guide
GSLB site in support of GSLB controller-based metrics.
• domain-name – ACOS hostname of local controller for the GSLB site.
There is no default.
[no] disable
Disables all servers in the GSLB site.
[no] geo-location
location-name
Associates this site with a specific geographic location. (To configure a
location, use the gslb geo-location command.)
[no] ip-server
service-ip
Associates a real server with this site.
• service-ip –Specify the real server name.
Generally, virtual servers rather than real servers are associated with a site.
To associate a virtual server with a site, use vip-server option of the
slb-dev command.
[no] slb-dev
device-name
[ip-addr]
Specifies the device that provides SLB for the site. The IP address must be
reachable by the GSLB controller when GSLB protocol is enabled. This
com­mand changes the CLI to the slb-dev configuration level where the
following commands are available:
• admin-preference num – Assigns a preference value to the SLB
device. If the Admin-Preference metric is enabled in the policy and all
metrics before this one result in a tie, the SLB device with the highest
Admin-Preference value is preferred. You can specify from 0 – 255. The
default is 100.
• auto-detect {ip | port | ip-and-port | disabled} –
Enables DNS auto detect at service IP level, port level, or both. You
can also disable auto-detect.
• [no] auto-map – Enables DNS auto-mapping for this site.
• [no] gateway ipaddr – Specifies the gateway the SLB device will
use to reach the GSLB local DNS for collecting aRDT measurements.
• gateway health-check – Enables gateway health checking. A
gateway health check is a Layer 3 health check (ping) sent to the
gateway router for an SLB site. This option is enabled by default.
• gateway health-check-disable – Disables gateway health checking.
Gate­way health check is enabled by default.
• max-client num – Specifies the maximum number of clients for which
the GSLB ACOS device (controller) saves data such as
aRDT measurements for each of the clients. You can specify 12147483647. The default is 32768.
• [no] proto-aging-fast – This option enables a quick refresh of data
sent from a site ACOS device to the ACOS controller by “aging out”
data from a site ACOS device. This can be used to obtain fresh health
status information from a site ACOS. For example, when a virtual server
is deleted from a site-ACOS device, but this information could not be
sent to the ACOS controller, then the status in the controller will
continue to appear as "UP" for a long time until it is aged out. The
"proto-aging-fast" command forces the GSLB controller to start aging the
health status immediately after receiving updated information from a site
ACOS.
• proto-aging-time seconds – If communication between a site ACOS
device and the GSLB controller is interrupted, then the data for that site
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
15/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
will become stale. The GSLB controller can continue to rely upon this
old informa­tion, but after some time, the old data for the site must be
purged. The lifespan of this old data is the sum of the time set using
the gslb protocol status-inter­val command, plus the time you set using
this proto-aging-time option. The default value is 60 seconds. You can
specify from 1 to 65535 seconds.
• [no] proto-compatible – Enables GSLB protocol compatibility
between a controller running 2.6.1 or later and a site ACOS
device running 2.4.x. This option is disabled by default.
• [no] vip-server {name | ipaddr} – Maps this SLB site to a
globally con­figured GSLB service IP address. If you use the
name option, the name must be the name of a configured service IP. (To
configure the service IP, use the gslb service-ip command. See gslb
service-ip.)
[no] template
template-name
[no] weight num
Default
Binds a template to the site. To use the BW-Cost metric, use this option
to bind a GSLB SNMP template to the site.
Assigns a weight to the site. If the Weighted-Site metric is enabled in the
policy and all metrics before Weighted-Site result in a tie, the site with the
highest weight is preferred. The weight can be from 1 – 100. The default
is 1.
See descriptions.
Mode
Global configuration mode
Example
The following example creates a site named “NY-site” and adds SLB ACOS device
“site-acos-1” with IP address 10.10.10.10 to the site:
ACOS(config)# gslb site NY-site
ACOS(config-gslb site:NY-site)# slb-dev site-acos-1 10.10.10.10
ACOS(config-gslb site:NY-site-slb dev:sit...)#
gslb system age-interval
Description
Syntax
Set the age interval for runtime GSLB statistics.
gslb system age-interval seconds
no gslb system age-interval
Replace seconds with the desired age interval (0-120 seconds).
Default
Mode
10 seconds
Global configuration mode
gslb system auto-map module
Description
Syntax
Enable auto-mapping of IP address to resource name.
gslb system auto-map module resource-type
no gslb system auto-map module
Parameter
Description
resource-type
Enables DNS auto-mapping for the specified resource type. When auto-mapping is
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
16/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
enabled, ACOS can respond to DNS queries for resources of the specified type
that are within the GSLB zone. The resource-type option can be one of the
following:
• gslb-group – Enables auto-mapping for GSLB groups.
• gslb-service-ip – Enables auto-mapping for service-IPs.
• gslb-site – Enables auto-mapping for GSLB sites.
• hostname – Enables auto-mapping for the ACOS device hostname.
• slb-device – Enables auto-mapping for SLB devices.
• slb-server – Enables auto-mapping for real server names.
• slb-virtual-server – Enables auto-mapping for virtual server names.
Default
Disabled
Mode
Global configuration mode
Usage
See Configuring Auto-Mapping (CLI Procedure).
gslb system auto-map ttl
Description
Configure the TTL for DNS A or AAAA records created by the auto-mapping
feature.
Syntax
gslb system auto-map ttl seconds
no gslb system auto-map ttl
Replace seconds with the maximum number of seconds for which an A or AAAA
record created by auto-mapping is valid. You can specify 1-65535 seconds.
Default
Mode
300 seconds
Global configuration mode
gslb system geo-location load
Description
Load a geo-location database into GSLB. Using a geo-location database is an
alternative to manually configuring each geo-location separately.
Syntax
[no] gslb system geo-location load
{iana | file-name csv-template-name}
Parameter
Description
iana
Loads the Internet Assigned Numbers Authority (IANA) database.
The IANA database contains the geographic locations of the IP
address ranges and subnets assigned by the IANA. The IANA
database is included in the ACOS system software. The IANA
geo-location data­base is loaded by default.
file-name csv-template-name
Loads a custom database. You can load a custom geo-location
data­base from a file in comma-separated-values (CSV) format. This
option requires configuration of a CSV template on the ACOS
device. When you load the CSV file, the data is formatted based
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
17/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
on the template. (To configure a CSV template, see gslb template
csv.).
Mode
Global configuration mode
Usage
You can load more than one database. The geo-location match command
determines the IP address used when databases contain overlapping addresses.
Example
The following command loads the IANA database:
ACOS(config)# gslb system geo-location load iana
Example
The following command loads geo-location data from a CSV file:
ACOS(config)# gslb system geo-location load test1.csv test1-template
gslb system ip-ttl
Description
Syntax
Change the IP Time-to-Live (TTL) in DNS replies to clients.
gslb system ip-ttl num
no gslb system ip-ttl
Replace num with the desired TTL value (0-255).
Default
0
Mode
Global configuration mode
Usage
This option applies only to DNS server mode. The option does not apply to DNS
proxy mode.
The TTL value is used in all replies, regardless of the client’s original TTL.
gslb system wait
Description
Syntax
Delay startup of GSLB following startup of the ACOS device.
gslb system wait seconds
no gslb system wait
Replace seconds with the desired startup delay interval (0-16384 seconds).
Default
Mode
0 seconds (no delay)
Global configuration mode
gslb template csv
Description
Configure a template for extracting geo-location data from an imported CSV file.
Syntax
[no] gslb template csv template-name
Replace template-name with the name of the template (1-63 characters).
This command changes the CLI to the configuration level for the specified template,
where the following commands are available.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
18/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
(The other commands are common to all CLI configuration levels. See the CLI
Reference.)
Parameter
Description
[no] delimiter
{character | ASCII-code}
Specifies the character used in the file to delimit fields. You can
type the character or enter its decimal ASCII code (0-255).
[no] field num type-of-data
The num option specifies the field position within the CSV file. You
can specify from 1-64. The following options specify the type of
geo-location that is located in the field position:
• ip-from – Specifies beginning IP address in range or subnet.
• ip-to-mask – Specifies ending IP address in range or subnet
mask.
• continent – Specifies continent location of IP address range or
sub­net.
• country – Specifies country location of IP address range or
subnet.
• state – Specifies state location of IP address range or subnet.
• city – Specifies city location of IP address range or subnet.
[no] ipv6-enable
Support IPv6 IP ranges.
Default
There is no default CSV template. When you configure one, the field loca­tions are
not set. The default delimiter character is a comma ( , ).
Mode
Global configuration mode
Usage
To load a geo-location data file and use the CSV template to extract the data, see
gslb system geo-location load.
Example
The following commands configure a CSV template called “test1-tmplte”:
ACOS(config)# gslb template csv test1-tmplte
ACOS(config-csv:test1-tmplte)# field 1 ip-from
ACOS(config-csv:test1-tmplte)# field 2 ip-to-mask
ACOS(config-csv:test1-tmplte)# field 5 continent
ACOS(config-csv:test1-tmplte)# field 3 country
gslb template snmp
Description
Configure an SNMP template to query data for use by the BW-Cost metric.
Syntax
[no] gslb template snmp template-name
Replace template-name with the name of the template (1-63 characters).
This command changes the CLI to the configuration level for the specified template,
where the following commands are available.
(The other commands are common to all CLI configuration levels. See the CLI Reference.)
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
19/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Parameter
Description
[no] auth-key string
Specifies the authentication key. The key string can be 1-127
characters long. This command is applicable if the security level is
auth-no-priv or auth-priv.
[no] auth-proto {sha | md5}
Specifies the authentication protocol. This command is applicable if
the security level is auth-no-priv or auth-priv.
[no] community communitystring
For SNMPv1 or v2c, specifies the community string required for
authen­tication.
[no] context-engine-id id
Specifies the ID of the SNMPv3 protocol engine running on the
site ACOS device.
[no] context-name id
Specifies an SNMPv3 collection of management information objects
accessible by an SNMP entity.
[no] host {name | ipaddr}
Specifies the IP address of the site ACOS device.
[no] interface id
Specifies the SNMP interface ID. 0-2147483647
[no] interval seconds
Specifies the amount of time between each SNMP GET to the site
ACOS devices. You can specify 1-999 seconds. The default is 3.
[no] oid oid-value
Specifies the interface MIB object to query on the site ACOS
device.
If the object is part of a table, make sure to append the table
index to the end of the OID. Otherwise, the ACOS device will
return an error.
[no] port portnum
Specifies the protocol port on which the site ACOS devices listen
for the SNMP requests from the GSLB ACOS device. You can
specify 1-65535. The default is 161.
[no] priv-key string
Specifies the encryption key. The key string can be 1-127
characters long. This command is applicable only if the security
level is auth-priv.
[no] priv-proto {aes | des}
Specifies the privacy protocol used for encryption. This command
is applicable only if the security level is auth-priv.
[no] security-engine-id id
Specifies the ID of the SNMPv3 security engine running on the
site ACOS device. For each command, the ID is a string 1-127
characters long.
[no] security-level
{no-auth |
auth-no-priv |
auth-priv}
Specifies the SNMPv3 security level:
• no-auth – Authentication is not used and encryption (privacy)
is not used. This is the default.
• auth-no-priv – Authentication is used but encryption is not
used.
• auth-priv – Both authentication and encryption are used.
[no] username name
Specifies the SNMPv3 username required for access to the SNMP
agent on the site ACOS device.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
20/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
[no] version {v1 | v2c |
v3}
Default
Specifies the SNMP version running on the site ACOS device.
See above.
Mode
Global configuration mode
Usage
The community command applies only to SNMPv1 or v2c. Most of the other
commands, with the exception of the version, interval, port, and
interface commands, apply to SNMPv3.
You can not delete an SNMP template if the template is in use by a site. To delete
a template, first remove it from all site configurations that are using it.
Example
The following commands configure a GSLB SNMP template for SNMPv2c:
ACOS(config)# gslb template snmp snmp-1
ACOS(config-snmp:snmp-1)# version v2c
ACOS(config-snmp:snmp-1)# host 192.168.214.124
ACOS(config-snmp:snmp-1)# oid .1.3.6.1.2.1.2.2.1.16.12
ACOS(config-snmp:snmp-1)# community public
ACOS(config-snmp:snmp-1)# exit
Example
The following commands configure a GSLB SNMP template for SNMPv3. In this
example, authentication and encryption are both used.
ACOS(config)# gslb template snmp snmp-2
ACOS(config-snmp:snmp-2)# security-level auth-priv
ACOS(config-snmp:snmp-2)# host 192.168.214.124
ACOS(config-snmp:snmp-2)# username read
ACOS(config-snmp:snmp-2)# oid .1.3.6.1.2.1.2.2.1.16.12
ACOS(config-snmp:snmp-2)# priv-proto des
ACOS(config-snmp:snmp-2)# auth-key 12345678
ACOS(config-snmp:snmp-2)# priv-key 12345678
gslb zone
Description
Syntax
Configure a GSLB zone, which identifies the top-level name for the services load
balanced by GSLB.
[no] gslb zone zone-name
Replace zone-name with the name of the zone, up to 127 alphanumeric characters,
or * (wildcard character matching on all zone names).
You can use lower case characters and upper case characters. However, since
Internet domain names are case-insensitive, the ACOS device internally converts all
upper case characters in GSLB zone names to lower case.
NOTE:
DNSSEC is not supported for GSLB wildcard zones.
This command changes the CLI to the configuration level for the specified zone,
where the following zone-related commands are available:
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
21/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Command
Description
[no] disable
Disables all services in the GSLB zone.
[no] dns-mx-record name
priority [ttl num]
Configures a DNS Mail Exchange (MX) record for the zone. The
name is the fully-qualified domain name of the mail server for the zone.
If more than one MX record is configured for the same zone, the
priority speci­fies the order in which the mail server should attempt to
deliver mail to the MX hosts. The MX with the lowest priority value
has the highest priority and is tried first. The priority can be 0-65535.
There is no default.
MX records configured on a zone are used only for services on which
MX records are not configured.
NOTES:
If you want the GSLB ACOS device to return the IP address of the
mail service in response to MX requests, you must configure Address
records for the mail service.
Optionally, you can configure the Time-to-Live in seconds. The range is
from 0-2147483647 seconds.
[no] dns-nsrecord domainname [ttl num]
Configures a DNS name server record for the specified domain.
[no] dns-soa-record
[external]
Configures a DNS start of authority (SOA) record for the GSLB zone.
dns-server-name
mailbox-name
[expire seconds]
[refresh seconds]
[retry seconds]
[serial num]
[ttl seconds]
Optionally, you can configure the Time-to-Live in seconds. The range is
from 0-2147483647 seconds.
• external - causes the ACOS device to replace the internal SOA
record with an external SOA record when a request is received from
an external client. This prevents external clients from gaining access to
internal information. The feature must also be enabled in the GSLB
policy.
• refresh - specifies the number of seconds other DNS servers wait
before requesting updated information for the GSLB zone. The retry
option speci­fies how many seconds other DNS servers wait before
resending a refresh request, if GSLB does not respond to the previous
request. The expire option specifies how many seconds GSLB can
remain unresponsive to a refresh request before the other DNS server
drops responding to queries for the zone.
• serial - specifies the initial serial number of the SOA record. This
number is automatically incremented each time a change occurs to any
records in the zone file. You can specify a serial number from 02147483647. The default is based on the current system time on the
GSLB ACOS device when you create the SOA record.
• ttl - specifies the number of seconds GSLB will cache and reuse
negative replies (NXDOMAIN messages). A negative reply is an error
message indi­cating that a requested domain does not exist.
NOTES:
The ttl option is equivalent to the “minimum” option in BIND 9.
[no] policy policyname
Applies the specified GSLB policy to the zone. You can specify
“default” for the GSLB policy name, if you have not configured another
policy and applied it to the zone. The GSLB policy applied to the zone
is also applied to the services in that zone.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
22/97
8/24/22, 3:10 PM
[no] service port
[service-name]
Global Server Load Balancing Guide
Adds a service to the zone. The port option specifies the service port
and can be a port number from 0 to 65534. The service-name can be
1-63 alphanu­meric characters or * (wildcard character matching on all
service names).
For the same reason described for zone names, the ACOS
device converts all upper case characters in GSLB service names to
lower case.
This command changes the CLI to the configuration level for the
service, where the following GSLB-related commands are available:
• action action-type – Specifies the action to perform for DNS
traffic:
• drop – Drops DNS queries from the local DNS server.
• forward {both | query | response} – Forwards requests or
queries, as follows:
• forward both – Forwards queries to the Authoritative DNS server,
and forwards responses to the local DNS server.
• forward query – Forwards queries to the Authoritative DNS
server, but does not forward responses to the local DNS server.
• forward response – Forwards responses to the local DNS server,
but does not forward queries to the Authoritative DNS server.
• ignore – Ignores the request.
• reject – Rejects DNS queries from the local DNS server and
returns the “Refused” message in replies.
NOTE: Use of the actions configured for services also must be enabled
in the GSLB policy, using the dns action command at the
configuration level for the policy. See DNS Action.
[no] service port
[service-name]
(cont.)
GSLB-related commands are available:
• disable – Disables all services in the GSLB zone.
• dns-a-record {service-name | ip service-ipaddr}
{as-backup | as-replace | no-resp | static |
ttl num |
weight num} – Configures a DNS Address (A) record for the
service, for use with the DNS replace-ip option in the GSLB policy.
(See DNS IP-Replace.)
• as-backup – This option is used to specify the backup servers in
the dns-a-record within the GSLB zone. These are the servers that
will be returned to the client if the primary servers fail and backup
server mode is enabled.
• as-replace – This option is used with the ip-replace option in
the pol­icy. When both options are set (as-replace here and ipreplace in the policy), the client receives only the IP address set
here by service-ip.
• disable – Disables DNS records for this service in the zone.
• no-resp – Prevents the IP address for this site from being included
in DNS replies to clients.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
23/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• static – This option is used with the dns server option in the
policy. When both options are set (static here and dns
server in the policy), the GSLB ACOS device acts as the DNS
server for the IP address set here by service-ip.
• ttl num – Assigns a TTL to the service, 0-2147483647. By
default, the TTL of the zone is used. This option can be used with
the dns server option in the policy, or with DNS proxy mode
enabled in the policy. The default TTL is 0 seconds.
• weight num – Assigns a weight to the service. If the Weighted-IP
metric is enabled in the policy and all metrics before Weighted-IP
result in a tie, the service on the site with the highest weight is
selected. The weight can be 1-100. By default, the weight is not
set.
NOTE: The no-resp option is not valid with the static or asreplace option. If you use no-resp, you cannot use static or asreplace.
[no] service port
[service-name]
(cont.)
• dns-cname-record alias [alias ...] [as-backup]
[admin-preference num] [weight num]
Canonical Name (CNAME) records for the service.
– Configures DNS
• as-backup – Specifies that the record is a backup record.
• admin-preference num – Specify the administrative preference. If
using the Alias Admin Preference metric, then the DNS CNAME
record with the highest administratively set preference is selected.
Default is 100.
• weight num – Specify the weight. If using the Weighted Alias
metric, then the DNS CNAME record with the highest weight is
selected. Default is 1.
• dns-mx-record name priority [ttl num] – Configures a
DNS Mail Exchange (MX) record for the service. The name is the
fully-qualified domain name of the mail server for the service. If
more than MX record is configured for the same service, the
priority specifies the order in which the mail server should
attempt to deliver mail to the MX hosts. The MX record with the
lowest priority number has the highest priority and is tried first. The
priority can be 0-65535. There is no default. The default TTL is
0 seconds.
NOTE: If you want the GSLB ACOS device to return the IP address
of the mail service in response to MX requests, you must configure A
records for the mail service.
• dns-ns-record domain-name [ttl num] – Configures a DNS
name server record. To use the as-backup option, you also must
use the dns backup-alias command in the policy. (See DNS
Backup Alias.) The default TTL is 0 seconds.
• dns-ptr-record domain-name [ttl num] – Configures a DNS
pointer record. The default TTL is 0 seconds.
• dns-srv-record domain-name port portnum priority
[weight num] [ttl num] – Configures a DNS service record.
The port portnum specifies the protocol port to return to the
client, and can be 0-65534. There is no default. You must specify
a port.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
24/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
The priority can be 0-65535. There is no default.
The weight num specifies the weight and can be 0-65535. The
default is 10.
The ttl specifies the time-to-live for the DNS record in second.
Typically DNS records take 24-48 hours to propagate. The default
TTL is 0 sec­onds.
[no] service port
[service-name]
(cont).
• dns-txt-record obj-name txt-data [ttl num] – Enables
use of DNS TXT resource records to carry multiple pieces of DNS
TXT data within one TXT record.
The obj-name specifies the text data’s object name, in order to
avoid long URLs of aXPAPI.
The txt-data is the DNS TXXT data that you want inputted in
the TXT record.
The ttl specifies the time-to-live for the DNS record in second.
Typically DNS records take 24-48 hours to propagate. The default
TTL is 0 sec­onds.
NOTE: The ACOS device has a special handler that enables you
to enter non-printable characters that the CLI does not support.
NOTE: This option also requires the dns server txt command
at the configuration level for the GSLB policy.
• geo-location location-name - Configures geo-location settings.
The loca­tion must already be configured. (See gslb geo-location.)
Entering this command takes you to the GSLB Zone Service Geolocation config­uration level, where the following commands are
available:
• action action – Specifies the action to perform for DNS traffic.
The action options are the same as those for the
action command described above. Another action possible is
allow, which allows que­ries from this geo-location.
• alias url – Maps an alias configured with the alias option (see
above) to the specified location for this service.
• policy policy-name – Applies the specified GSLB to clients
from the geo-location.
• health-check-gateway enable – Enable service’s health-check
gate­way.
• health-check-gateway disable – Disable service’s health-check
gateway.
• health-check-port portnum – Specify the port for the health
check for the service. Use multiple statements to configure more
than one port.
• policy policy-name – Applies the specified GSLB policy to the
service. If the service policy is the default policy, then the service
will automati­cally inherit the policy configured for the overall GSLB
Zone. Any non-default policy configured for the service specifically
will be honored over the GSLB Zone policy.
[no] template dnssec
Binds a DNSSEC template to the zone.
template-name
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
25/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
[no] ttl seconds
Changes the TTL of each DNS record contained in DNS replies received
from the DNS for which the ACOS Series is a proxy, for this zone.
You can specify from 0 to 1000000000 (one billion) seconds. This TTL
setting overrides the TTL setting in the GSLB policy. The default is 10.
The TTL of the DNS reply can be overridden in two different places in
the GSLB configuration: (1) If a GSLB policy is assigned to the
individual service, then the TTL from that policy is used. (2) If no
policy is assigned to the individ­ual service, but the TTL is set in the
zone, then the zone’s TTL setting is used. (This is the level set by the
ttl command shown earlier this section.)
[no] use-server-ttl
Default
Mode
Example
Use the configured service Time-to-Live.
Default settings are described above, where applicable.
Global configuration mode
The following example creates a zone named “acos-gslb-zone”:
ACOS(config)# gslb zone acos-gslb-zone
ACOS(config-zone:acos-gslb-zone)#
Example
The following example uses the wildcard character at the end of the gslb
command. This has the result of identifying all GSLB zones so that the next
line of the configuration creates a positive match on all DNS domains that have the
prefix of “www”.
zone
ACOS(config)# gslb zone *
ACOS(config-zone *)# service 80 www
Example
The following commands create a default GSLB policy and then specify that a
backup server at IP 10.10.2.1 will be returned to the client if the primary servers
fail.
ACOS(config)# gslb policy default
ACOS(config-policy:default)# dns backup-server
ACOS(config-policy:default)# exit
ACOS(config)# gslb zone z1
ACOS(config-zone:z1)# service 80 http
ACOS(config-zone:z1-service:http)# dns-a-record 10.10.2.1 as-backup
ACOS(config-zone:z1-service:http)# exit
ACOS(config-zone:z1)# exit
ACOS(config)#
import geo-location
Description
Imports new geo-location database CSV files into an ACOS device.
Syntax
import geo-location file-name [overwrite] [use-mgmt-port] url
The overwrite option overwrite the existing geo-location file under that name with
the new geo-location file that is being imported.
Default
If no database is loaded, the default is a pre-loaded IANA database.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
26/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Mode
Global configuration mode.
Usage
This command imports a geo-location database, saved as a CSV file, into an ACOS
device and allows for periodic synchronization of the database across all GSLB
group members. This command only imports a database; it does not load the
database into the ACOS starting configuration. To load the data­base file, see gslb
system geo-location load.
Example
The following command imports a geo-location database CSV file and con­figures
ACOS to periodically check for updates once a day:
ACOS(config)# import geo-location test1.csv ftp://192.168.1.100
User name []?admin2
Password []?*********
File name [/]?test1.csv
Policy Configuration Commands
The commands in this section configure GSLB policies. The CLI changes to this level when you enter the
gslb policy policy-name command from the global Config level:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)#
The following commands are available:
• active-rdt
• active-servers
• active-servers-enable
• admin-ip
• admin-ip-enable
• admin-preference
• alias-admin-preference
• auto-map
• bw-cost
• bw-cost-enable
• capacity
• connection-load
• dns action
• dns active-only
• dns addition-mx
• dns auto-map
• dns backup-alias
• dns backup-server
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
27/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• dns cache
• dns cname-detect
• dns delegation
• dns external-ip
• dns external-soa
• dns geoloc-action
• dns geoloc-alias
• dns geoloc-policy
• dns hint
• dns ip-replace
• dns ipv6 mapping
• dns ipv6 mix
• dns ipv6 smart
• dns logging
• dns proxy block <query>
• dns proxy block <type>
• dns proxy block action
• dns selected-only
• dns server
• dns sticky
• dns ttl
• edns client-subnet geographic
• geo-location
• geo-location-match
• geographic
• health-check
• ip-list
• least-response
• metric-fail-break
• metric-force-check
• metric-order
• num-session
• num-session-enable
• round-robin
• weighted-alias
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
28/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• weighted-ip
• weighted-ip-enable
• weighted-site
• weighted-site-enable
active-rdt
Description
Configure the active-Round Delay Time (aRDT) metric.
aRDT measures the round-delay-time for a DNS query and reply between a site
ACOS device and the GSLB local DNS.
Syntax
[no] active-rdt
{
controller |
difference num |
enable |
fail-break |
ignore-id group-id |
keep-tracking |
limit ms |
proto-rdt-enable |
samples num-samples |
single-shot |
skip count |
timeout seconds |
tolerance num-percentage
}
Parameter
Description
controller
This command enables GSLB Controller-based metrics on the device.
GSLB Controller based metrics are not supported in IPv6 or L3V partition
config­urations.
This is disabled by default.
difference num
Number from 0 to 16383 specifying the round-delay-time difference.
The default is 0.
enable
Enable active-Round Delay Time for the given policy.
This is disabled by default.
fail-break
Enables GSLB to stop if the configured aRDT limit in a policy is reached.
The fail-break action depends on whether the GSLB controller is running
in server mode or proxy mode:
• Server mode: If a backup-alias is configured, the GSLB controller returns
the backup-alias to the client; otherwise, the controller returns a blank
response error to the client.
• Proxy mode: If a backup-alias is configured, the GSLB controller returns
the backup-alias to the client; otherwise, the controller returns the
response from the back-end DNS server.
Notes:
• To configure the aRDT limit, use the limit option (describe below).
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
29/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• To configure GSLB to return a CNAME record as
backup-alias option using the dns backup-alias
configuration level for the policy. To configure the
service within a zone, use the following command
level for the service:
a backup, enable the
command at the
backup alias for a
at the configuration
dns-cname-record alias-name as-backup
This is disabled by default.
ignore-id group-id
Excludes the IP addresses in the specified IP list from aRDT data
collection. Specify an ID from 0-31. (To configure an IP list, see gslb iplist.)
This is not set by default.
keep-tracking
Continues tracking of aRDT for clients after the track time expires. By
default, GSLB stops collecting aRDT samples for a client (stops tracking
the client) after the time has exceeded the number of seconds specified by
the global aRDT track setting.
This is disabled by default.
limit ms
Specifies the aRDT limit for the policy. This option is useful for applying
site selection based on aRDT limits and geo-location. This option is
required if you plan to use the DNS geoloc-policy option. You can specify
1-16383 ms.
To configure aRDT limit by geo-location:
• 1. Enable the active-rdt bind-geoloc option on each GSLB site.
• 2. Enable the dns geoloc-policy option in the default GSLB policy, and
enable the active-rdt option in the policies for geo-locations. If
applicable, config­ure the aRDT limit.
• 3. On the service within the zone, enable the geo-location option and
specify the GSLB policy to use for that location.
The default limit is 16383 ms.
proto-rdt-enable
his command configures GSLB controller-based metrics to includes both
response times between 1) the controller and the originating LDNS server;
and 2) the controller and the site device. When this option is disabled, the
metric includes only the response time between the controller and the
originating LDNS server.
This is disabled by default.
samples
num-samples
Number from 1 to 8 specifying the number of samples to collect.
The default is 5.
single-shot
Collects a single sample only.
skip count
When single-shot is configured, this option determines the number of site
ACOS devices that can exceed their single-shot timeouts, without the
aRDT metric itself being skipped by the GSLB ACOS device during site
selection. You can skip from 1-31 sites.
This is disabled by default; multiple samples are taken at regular intervals.
When enabled, the default skip is 3.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
30/97
8/24/22, 3:10 PM
timeout
Global Server Load Balancing Guide
seconds
When single-shot is configured, this option determines the number of
seconds each site ACOS device should wait for the DNS reply. If the
reply does not arrive within the specified timeout, the site becomes
ineligible for selection, in cases where selection is based on the aRDT
metric. You can specify 1-255 seconds.
The default timeout is 3 seconds.
tolerance percentage
Specifies how much the aRDT values must differ in order for GSLB to
prefer one geo-location or site over another based on aRDT.
The default is 10 percent.
Default
Disabled. When you enable the aRDT metric, it has the default settings described
in the table above.
Mode
GSLB Policy
Usage
This metric requires the GSLB protocol to be enabled both on the GSLB con­troller
and on the site ACOS devices.
active-servers
Description
Configure the Active-Servers metric, which prefers the VIP with the highest
number of active servers.
Active-servers is a measure of the number of active real servers bound to a virtual
port residing on a GSLB site.
Syntax
[no] active-servers fail-break
Parameter
Description
fail-break
Enables GSLB to stop if the number of active servers for
all ser­vices is 0. The fail-break action depends on whether
the GSLB controller is running in proxy mode or server
mode:
• Server mode: If a backup-alias is configured, the GSLB
con­troller returns the backup-alias to the client;
otherwise, the controller returns a SERVFAIL error to
the client.
• Proxy mode: If a backup-alias is configured, the GSLB
con­troller returns the backup-alias to the client;
otherwise, the controller returns the response from the
back-end DNS server.
NOTE:
Default
Use the active-servers-enable command to enable or disable select­ing the
service-IP with the highest number of active servers.
Disabled
Mode
GSLB Policy
Usage
Use this command to eliminate inactive real servers from being eligible for
selection.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
31/97
8/24/22, 3:10 PM
Example
Global Server Load Balancing Guide
The following example enables the Active-Servers metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# active-servers-enable
ACOS(config-policy:pol1)# active-servers fail-break
ACOS(config-policy:pol1)#
active-servers-enable
Description
Enable or disable selecting the service-IP with the highest number of active
servers:
Syntax
[no] active-servers-enable
Default
Disabled by default
Mode
Example
GSLB Policy
The following example enables the Active-Servers metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# active-servers-enable
ACOS(config-policy:pol1)# active-servers fail-break
ACOS(config-policy:pol1)#
admin-ip
Description
Allows you to assign administrative weights to IP addresses.
Syntax
[no] admin-ip top-only
The top-only parameter selects only the top prioritized record.
NOTE:
To configure GSLB to return only the top prioritized IP address in query
responses, also enable the dns selected-only option.
Use admin-ip-enable command to enable or disable admin IP prioriti­zation.
Default
Disabled
Mode
GSLB Policy
Usage
The prioritized list is sent to the next metric for further evaluation. If admin-ip is
the last metric, the prioritized list is sent to the client. To configure the list of
admin-preferred addresses for a service, use the admin-ip command at the service
configuration level for the GSLB zone. See gslb zone.
admin-ip-enable
Description
Enable or disable admin IP prioritization.
Syntax
[no] admin-ip-enable
Default
Disabled.
Mode
GSLB Policy
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
32/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
admin-preference
Description
Enable or disable the Admin-Preference metric, which prefers the site whose SLB
device has the highest administratively set weight.
Syntax
[no] admin-preference
Default
Disabled
Mode
GSLB Policy
Usage
To set the GSLB Admin-Preference value for a site, use the adminpreference command at the configuration level for the SLB device within the site.
(See gslb site.)
Example
The following command enables the Admin-Preference metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# admin-preference
ACOS(config-policy:pol1)#
alias-admin-preference
Description
Enable or disable the Alias Admin Preference metric, which selects the DNS
CNAME record with the highest administratively set preference. This metric is
similar to the Admin Preference metric, but applies only to DNS CNAME records.
Syntax
[no] alias-admin-preference
Default
Disabled
Mode
GSLB Policy
Usage
Metric order does not apply to this metric. When enabled, this metric always has
high priority.
To configure the Alias Admin Preference metric:
1. At the configuration level for the GSLB service, use the admin-prefer­
ence
command to assign an administrative preference to the DNS
CNAME record for the service. (See gslb service-ip.)
preference
2. At the configuration level for the GSLB policy:
• Use the alias-admin-preference command to enable the Alias Admin
Preference metric.
• Enable one or both of the following DNS options, as applicable to your
deployment (See Alias-Admin-Preference):
• DNS backup-alias
• DNS geoloc-alias
3. If using the backup-alias option, use the dns-cname-record as-backup option
on the service. (See gslb service-ip.)
auto-map
Description
Enable auto-mapping of the specified resource type within the policy.
Syntax
[no] auto-map [module-disable resource-type | ttl num]
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
33/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Parameter
Description
module-disable
resource-type
Specify what resource-types you want to disable automap­ping for. For more information, see gslb system
auto-map module.
By default, all modules have Auto Map M.
ttl
num
Specify a Time-to-Live for auto-mapping. The default
is 300 seconds. You can specify from 1-65535
seconds. For more information, see gslb system automap ttl.
The default TTL is 300 seconds.
Default
Mode
See descriptions.
GSLB Policy
bw-cost
Description
Configure the BW-Cost metric. This mechanism queries the bandwidth utili­zation of
each site, and selects the site(s) whose bandwidth utilization has not exceeded a
configured threshold during the most recent query interval.
[no] bw-cost fail-break
The bandwidth cost fail-break enables GSLB to stop if the current BW-Cost value
is over the limit. The fail-break action depends on whether the GSLB controller is
running in proxy mode or server mode:
• Server mode: If a backup-alias is configured, the GSLB controller returns the
backup-alias to the client; otherwise, the controller returns a SERV­FAIL error to
the client.
• Proxy mode: If a backup-alias is configured, the GSLB controller returns the
backup-alias to the client; otherwise, the controller returns the response from the
back-end DNS server.
NOTE:
Default
Mode
Example
Use the bw-cost-enable command to enable selection of the site with the
smallest bandwidth cost.
Disabled
GSLB Policy
The following command enables the BW-Cost metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# bw-cost-enable
ACOS(config-policy:pol1)# bw-cost fail-break
ACOS(config-policy:pol1)#
bw-cost-enable
Description
Enable selection of the site with the smallest bandwidth cost.
Syntax
[no] bw-cost-enable
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
34/97
8/24/22, 3:10 PM
Default
Mode
Example
Global Server Load Balancing Guide
Disabled.
GSLB Policy
The following command enables the BW-Cost metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# bw-cost-enable
ACOS(config-policy:pol1)# bw-cost fail-break
ACOS(config-policy:pol1)#
capacity
Description
Configure the TCP/UDP Session-Capacity metric. This mechanism provides a way
to shift load away from a site before the site becomes congested.
Example:
Site A’s maximum session capacity is 800,000 and Site B’s maximum session
capacity is 500,000. If the Session-Capacity threshold is set to 90, then for Site A
the capacity threshold is 90% of 800,000, which is 720,000. Likewise, the capacity
threshold for Site B is 90% of 500,000, which is 450,000.
Syntax
[no] capacity {enable | fail-break | threshold percentage}
Parameter
Description
enable
Enables selection of the service-IP with the
highest available connection capacity.
fail-break
Enables GSLB to stop if the session
utilization on all site SLB devices is over the
threshold. The fail-break action depends on
whether the GSLB control­ler is running in
proxy mode or server mode:
• Server mode: If a backup-alias is
configured, the GSLB controller returns the
backup-alias to the client; otherwise, the
controller returns a SERV­FAIL error to the
client.
• Proxy mode: If a backup-alias is configured,
the GSLB controller returns the backup-alias
to the client; otherwise, the controller
returns the response from the back-end
DNS server.
threshold percentage
Number from 0 to 100 specifying the
maximum percentage of a site ACOS
device session table that can be used. If the
session table utilization is greater than the
specified percentage, the GSLB controller
prefers other sites over this site.
The default threshold is 90 percent.
Default
Mode
Disabled. See descriptions for default values when the capacity metric is enabled.
GSLB Policy
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
35/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Usage
This metric requires the GSLB protocol to be enabled both on the GSLB con­troller
and on the site ACOS devices.
Example
The following command enables the capacity metric at the default value of 90%
utilization of TCP/UDP session capacity:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# capacity enable
ACOS(config-policy:pol1)#
connection-load
Description
Configure the Connection-Load metric, which prefers sites that have not exceeded
their thresholds for new connections.
Syntax
[no] connection-load
{
enable |
fail-break |
limit number-of-connections |
samples number-of-samples interval seconds
}
Parameter
Description
enable
Enables the Connection-Load metric.
fail-break
Enables GSLB to stop if the connection load for all sites is over the
limit. Fail-break action depends on whether the GSLB controller runs in
proxy mode or server mode:
• Server mode: If a backup-alias is configured, the GSLB controller
returns the backup-alias to the client; otherwise, the controller returns a
SERVFAIL error.
• Proxy mode: If a backup-alias is configured, the GSLB controller returns
the backup-alias to the client; otherwise, the controller returns the
response from the back-end DNS server.
Number that specifies the maximum average number of new connections
per second the site ACOS device can have. You can specify from 1 to
999999999 (999,999,999).
limit number-of-con­
nections
The default limit is not set (unlimited).
samples
samples
onds
number-ofinterval sec­
-
Number of samples for the SLB device (the site ACOS device) to collect,
and the number of seconds between each sample. You can specify 1-8
samples and an interval of 1-60 seconds.
The default number of samples is 5, and the default interval is 5 seconds.
Default
Disabled. See descriptions for default values when the Connection-Load metric is
enabled.
Mode
GSLB Policy
Usage
This command applies only to GSLB selection of a site. The command does not
affect the number of connections the site ACOS device itself allows.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
36/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
This metric requires the GSLB protocol to be enabled both on the GSLB controller
and on the site ACOS devices.
Example
The following command sets the connection load limit to 1000 new connec­tions:
ACOS(config-policy:pol1)# gslb policy pol1
ACOS(config-policy:pol1)# connection-load limit 1000
ACOS(config-policy:pol1)#
dns action
Description
The dns action command enables GSLB to perform the DNS actions speci­fied
in the service configurations.
To configure the DNS action for a service, use the action action-type command
at the configuration level for the service. See gslb zone.
The no dns action command restores the default value
Syntax
Default
dns action
no dns action
Disabled
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
This command enables GSLB to perform the DNS actions specified in ser­vice
configurations.
ACOS(config)# gslb policy oxygen
ACOS(config-policy:oxygen)# dns action
ACOS(config-policy:oxygen)# show run | sec gslb
gslb policy oxygen
dns action
ACOS(config-policy:oxygen)#
dns active-only
Description
The dns active-only command removes IP addresses from DNS replies when
those addresses fail health checks. If none of the IP addresses in the DNS reply
pass the health check, the ACOS device does not use this metric, because it results
in an empty address list.
The fail-safe option returns a list of server IP addresses for failed servers to the
client. Without this option, IP addresses of failed servers are omitted from the reply.
The no dns active-only command restores the default mode of disabling the
removal of IP addresses that fail health checks from DNS replies.
Syntax
dns active-only [MODE]
no dns active-only [MODE]
Parameter
Description
MODE
Specifies the information returned to the client. Valid options
include:
• <no parameter>
from reply
omits IP addresses of failed servers
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
37/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• fail-safe
client reply.
Default
includes IP addresses of failed servers in
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
This command programs the ACOS device to remove IP address from DNS of
device that fail health check. The address of failed devices are not returned to the
client.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns active-only
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns active-only
ACOS(config-policy:OXYGEN)#
Example
This command programs the ACOS device to remove IP address from DNS of
device that fail health check and returns the address list of failed devices to the
client.
ACOS(config-policy:OXYGEN)# dns active-only fail-safe
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns active-only fail-safe
ACOS(config-policy:OXYGEN)#
Example
This command sets the ACOS device to ignore health check failure in its DNS
replies.
ACOS(config-policy:OXYGEN)# no dns active-only fail-safe
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns addition-mx
Description
The dns addition-mx command programs the ACOS device to append MX
records in the additional section of replies for A records when the device is
configured for DNS proxy or cache mode.
The no dns addition-mx command restores the default behavior of not
appending the MX records.
Syntax
Default
dns addition-mx
no dns addition-mx
Disabled
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
This command programs the ACOS device to append MX records to the additional
section of replies for A records.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns addition-mx
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
38/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns addition-mx
ACOS(config-policy:OXYGEN)#
Example
The command resets the ACOS device default of not appending MX records.
ACOS(config-policy:OXYGEN)# no dns addition-mx
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns auto-map
Description
The dns auto-map command enables the automatic creation of A and AAAA
records for IP resources configured on the ACOS device.
The no dns auto-map command disables automatic creation of A and AAAA
records.
Syntax
dns auto-map
no dns auto-map
Default
Disabled
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
The following command enables the automatic creation of A and AAAA records
for IP resources configured on the ACOS device.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns auto-map
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns auto-map
ACOS(config-policy:OXYGEN)#
Example
The command disables the automatic creation of A and AAAA records.
ACOS(config-policy:OXYGEN)# no dns auto-map
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns backup-alias
Description
The dns backup-alias command returns the alias CNAME record config­ured for
the service, if GSLB does not receive an answer to a query for the service and no
active DNS server exists. This option is valid in server mode or proxy mode.
To configure the backup alias for a service within a zone, use the dns-cnamerecord command at the configuration level for the service.
The no dns backup-alias command restores the default of not returning the
alias CNAME record.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
39/97
8/24/22, 3:10 PM
Syntax
Default
Global Server Load Balancing Guide
dns backup-alias
no dns backup-alias
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
This command configures the ACOS device to return the alias CNAME record
configured for the service when GSLB does not receive an answer to a query for
the service when no active DNS server exists.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns backup-alias
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns backup-alias
ACOS(config-policy:OXYGEN)#
Example
This command configures the ACOS device to not return the alias CNAME record
configured for the service when GSLB does not receive an answer to a query for
the service when no active DNS server exists.
ACOS(config-policy:OXYGEN)# no dns backup-alias
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns backup-server
Description
The dns backup-server command designates one or more backup servers that
can be returned to the client if the primaries should fail.
The no dns backup-server command removes the designation.
Syntax
Default
dns backup-server
no dns backup-server
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
This command designates the ACOS device as a backup server that can be
returned to the client if the primaries should fail.:
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns backup-server
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns backup-server
ACOS(config-policy:OXYGEN)#
Example
This command removes the backup server designation.
ACOS(config-policy:OXYGEN)# no dns backup-server
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
40/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
dns cache
Description
The dns cache command enables the GSLB ACOS device to cache DNS replies.
The ACOS device uses information in the cached DNS entries to reply to
subsequent client requests, as opposed to sending a new DNS request for every
client query.
When this option is enabled, the ACOS device caches a DNS reply for the duration
of the TTL in the reply when the aging time parameter is set to zero. To override
the entry TTL, set the cache aging time to a value greater than zero.
The no dns cache command disables the GSLB ACOS device from caching DNS
replies.
Syntax
dns cache [DURATION]
no dns cache
Parameter
Description
DURATION
Specifies site location mode. Valid options include
• <no parameter>
cache period is specified in DNS reply
• aging-time 0
cache period is specified in DNS reply
• aging-time period
cache period (seconds)
Value ranges from 1 to 1000000000 (one billion)
Default
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
The following command enables the caching of DNS replies and set the TTL to
the period specified in the reply.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns cache
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns cache
ACOS(config-policy:OXYGEN)#
Example
This command sets the TTL to 30 minutes.
ACOS(config-policy:OXYGEN)# dns cache aging-time 1800
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns cache aging-time 1800
ACOS(config-policy:OXYGEN)#
Example
This command resets the TTL to the period set to the period specified in the
reply.
ACOS(config-policy:OXYGEN)# dns cache aging-time 0
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns cache
ACOS(config-policy:OXYGEN)#
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
41/97
8/24/22, 3:10 PM
Example
Global Server Load Balancing Guide
The command disables the GSLB ACOS device from caching DNS replies.
ACOS(config-policy:OXYGEN)# no dns cache
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns cname-detect
Description
The dns cname-detect command enables CNAME response mode. When the
ACOS device is in CNAME response mode, it applies the zone and service policy
to the CNAME record instead of applying it to the address record. When CNAME
response mode is disabled, the zone and service policy is applied to the address
record. Executing this command restores the CNAME response mode setting of
enabled.
The no dns cname-detect command disables CNAME response mode on the
ACOS device.
Syntax
Default
Mode
Example
dns cname-detect
no dns cname-detect
Enabled
GSLB Policy Configuration Mode (gslb policy)
This command disables CNAME response mode.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# no dns cname-detect
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
no dns cname-detect
ACOS(config-policy:OXYGEN)#
Example
This command enables CNAME response mode.
ACOS(config-policy:OXYGEN)# dns cname-detect
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns delegation
Description
The dns delegation command enables sub-zone delegation mode. When in subzone delegation mode, the device delegates authority or responsibility for a portion
of the DNS name space from the parent domain to a separate sub-domain which
may reside on one or more remote servers and may be managed by someone other
than the network administrator who is responsi­ble for the parent zone. (see DNS
Sub-zone Delegation.)
The no dns delegation command disables sub-zone delegation mode.
Syntax
Default
dns delegation
no dns delegation
Disabled.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
42/97
8/24/22, 3:10 PM
Mode
Global Server Load Balancing Guide
GSLB Policy Configuration Mode (gslb policy)
Example
These commands enable sub-zone delegation mode.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns delegation
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns delegation
ACOS(config-policy:OXYGEN)#
Example
These command disables sub-zone delegation mode.
ACOS(config-policy:OXYGEN)# no dns delegation
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns external-ip
Description
The dns external-ip command returns the external IP address configured for a
service IP. If this option is disabled, the internal address is returned instead..
The external IP address must be configured on the service IP. Use the externalip command at the configuration level for the service IP.
The no dns external-ip command disables the option of returning the external IP
address configured for a service IP.
Syntax
dns external-ip
no dns external-ip
Default
Enabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands disable the option of returning the external IP address configured
for a service IP address.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# no dns external-ip
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
no dns external-ip
ACOS(config-policy:OXYGEN)#
Example
These commands enable the option of returning the external IP address con­figured
for a service IP address.
ACOS(config-policy:OXYGEN)# dns external-ip
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns external-soa
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
43/97
8/24/22, 3:10 PM
Description
Global Server Load Balancing Guide
The dns external-soa command programs the ACOS device to replace the
internal SOA record with an external SOA record, preventing external clients from
gaining accessing internal information.
The external SOA record must be configured in the GSLB zone. (Use the
external-soa record command at the GSLB zone configuration level.)
The no dns external-soa command disables this option. When this option is
disabled, the internal address is returned.
Syntax
Default
dns external-soa
no dns external-soa
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands programs the ACOS device to replace the internal SOA record
with an external SOA record.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns external-soa
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns external-soa
ACOS(config-policy:OXYGEN)#
Example
This command programs the ACOS device to return the internal address..
ACOS(config-policy:OXYGEN)# no dns external-soa
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns geoloc-action
Description
The dns geoloc-action command programs the ACOS device to perform the
DNS traffic handling action specified for the client’s geo-location. The action is
specified as part of service configuration in a zone.
To configure the DNS action for a service, use the geo-location location-name
action-type command at the configuration level for the service. See gslb zone.
The no dns geoloc-action command restores the default value, where the ACOS
device does not performing the DNS traffic handling action.
Syntax
Default
dns geoloc-action
no dns geoloc-action
Default.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands programs the ACOS device to perform the DNS traffic handling
action specified for the client’s geo-location.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns geoloc-action
ACOS(config-policy:OXYGEN)# show run | sec gslb
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
44/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
gslb policy OXYGEN
dns geoloc-action
ACOS(config-policy:OXYGEN)#
Example
This command programs the ACOS device to not perform the DNS traffic handling
action specified for the client’s geo-location.
ACOS(config-policy:OXYGEN)# no dns geoloc-action
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns geoloc-alias
Description
The dns geoloc-alias command configures the ACOS device to return the alias
name configured for the client’s geo-location.
The no dns geoloc-alias command configures the ACOS device to not return
alias name configured for the client’s geo-location.
Syntax
Default
dns geoloc-alias
no dns geoloc-alias
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands configure the ACOS device to return the alias name con­figured
for the client’s geo-location.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns geoloc-alias
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns geoloc-alias
ACOS(config-policy:OXYGEN)#
Example
This command programs the ACOS device to not return alias name config­ured for
the client’s geo-location.
ACOS(config-policy:OXYGEN)# no dns geoloc-alias
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns geoloc-policy
Description
The dns geoloc-policy command configures the ACOS device to use the GSLB
policy assigned to the client’s geo-location.
The no dns geoloc-policy command configures the ACOS device to not use the
GSLB policy assigned to the client’s geo-location.
Syntax
Default
dns geoloc-policy
no dns geoloc-policy
Disabled.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
45/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Mode
GSLB Policy Configuration Mode (gslb policy)
Description
These commands configure the ACOS device to use the GSLB policy assigned to
the client’s geo-location.
Example
The no dns geoloc-policy command configures the ACOS device to not use
the GSLB policy assigned to the client’s geo-location.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns geoloc-policy
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns geoloc-policy
ACOS(config-policy:OXYGEN)#
Example
This command configures the ACOS device to not use the GSLB policy assigned
to the client’s geo-location.
ACOS(config-policy:OXYGEN)# no dns geoloc-policy
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns hint
Description
The dns hint command manages the appearance of hints that appear in the
Additional Section of DNS responses. Hints are A or AAAA records that are sent
in the response to a client’s DNS request. These records provide a mapping between
the host names and IP addresses.
The hint option applies to the following record types: NS, MX, and SRV.
The no dns action command restores the default value of appending hints in the
Additional section, which is equivalent to the addition option.
Syntax
dns hint LOCATION
no dns hint
Parameter
Description
LOCATION
Specifies the section where hints are appended. Options
include:
• addition
(default).
• answer
• none
response.
Default
Appends hints in the Additional Section
Appends hints in the Answer Section.
Does not append hints in the DNS
Hints are enabled and appended in the Additional section..
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands configure the ACOS device to append hints in the Answer
section of the DNS response.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
46/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns hint answer
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns hint answer
ACOS(config-policy:OXYGEN)#
Example
This command configure the ACOS device to not append hints to the DNS
response.
ACOS(config-policy:OXYGEN)# dns hint none
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns hint none
ACOS(config-policy:OXYGEN)#
Example
This command configures the ACOS device to append hints in the Answer section
of the DNS response.
ACOS(config-policy:OXYGEN)# dns hint addition
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns ip-replace
Description
The dns ip-replace command configures the ACOS device to replace the IP
addresses in DNS replies with the service IP addresses configured for the service.
To configure the service IP addresses, use the service-ip command at the
configuration level for the service. See gslb zone.
The no dns ip-replace command restores the ACOS default behavior of not
replacing the IP addresses in DNS replies with the service IP addresses configured
for the service.
Syntax
Default
dns ip-replace
no dns ip-replace
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands configure the ACOS device to replace the IP addresses in DNS
replies with the service IP addresses configured for the service.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns ip-replace
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns ip-replace
ACOS(config-policy:OXYGEN)#
Example
This command restores the ACOS default behavior of not replacing the IP
addresses in DNS replies with the service IP addresses configured for the service.
ACOS(config-policy:OXYGEN)# no dns ip-replace
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
47/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns ipv6 mapping
Description
The dns ipv6 mapping command specifies the ACOS device response to IPv6
DNS query. You can enable one of these options.
• addition – Append AAAA records in the DNS Addition section of replies.
• answer – Append AAAA records in the DNS Answer section of replies.
• exclusive – Replace A records (IPv4 address records) with AAAA records.
• replace – Reply with AAAA records only.
The dns ipv6 mapping command restores the default behavior of not using
AAAA records to respond to IPv6DNS queries.
Parameter
Description
ACTION
Specifies response actions to IPv6 DNS queries. Valid
options include:
• addition – Append AAAA records in DNS Addition
section of replies.
• answer – Append AAAA records in the DNS Answer
section of replies.
• exclusive – Replace A records (IPv4 address) with
AAAA records.
• replace – Reply with AAAA records only.
Syntax
Default
dns ipv6 mapping ACTION
no dns ipv6 mapping
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands program the ACOS device to append AAAA records in the DNS
Addition section of replies to IPv6 DNS queries.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns ipv6 mapping addition
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns ipv6 mapping addition
ACOS(config-policy:OXYGEN)#
Example
This command programs the ACOS device to append AAAA records in the DNS
Answer section of replies to IPv6 DNS queries.
ACOS(config-policy:OXYGEN)# dns ipv6 mapping answer
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns ipv6 mapping answer
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
48/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
ACOS(config-policy:OXYGEN)#
Example
This command programs the ACOS device to replace A record with AAAA
records in response to IPv6 DNS queries.
ACOS(config-policy:OXYGEN)# dns ipv6 mapping exclusive
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns ipv6 mapping exclusive
ACOS(config-policy:OXYGEN)#
Example
This command programs the ACOS device to use AAAA records only in response
to IPv6 DNS queries.
ACOS(config-policy:OXYGEN)# dns ipv6 mapping replace
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns ipv6 mapping replace
ACOS(config-policy:OXYGEN)#
Example
This command programs the ACOS device to not use AAAA records respond to
IPv6 DNS queries.
ACOS(config-policy:OXYGEN)# no dns ipv6 mapping
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns ipv6 mix
Description
The dns ipv6 mix command configures the ACOS device to return AAAA and
A records in the same response.
The no dns ipv6 mix command disables the ability to return AAAA and A
records in the same response.
Syntax
Default
dns ipv6 mix
no dns ipv6 mix
Disabled
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands configure the ACOS device to return AAAA and A records in
the same response.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns ipv6 mix
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns ipv6 mix
ACOS(config-policy:OXYGEN)#
Example
This command disables the ability to return AAAA and A records in the same
response.
ACOS(config-policy:OXYGEN)# no dns ipv6 mix
ACOS(config-policy:OXYGEN)# show run | sec gslb
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
49/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns ipv6 smart
Description
The dns ipv6 smart command enables IPv6 return by query type.
• IPv4 to IPv6 mapping: an A query (IPv4) returns an A record
• IPv6 to IPv4 mapping: an AAAA query (IPv6) returns an AAAA record.
The dns ipv6 smart command disables smart mode.
Syntax
Default
Mode
Example
dns ipv6 smart
no dns ipv6 smart
Default.
GSLB Policy Configuration Mode (gslb policy)
These commands enables IPv6 return by query type.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns ipv6 smart
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns ipv6 smart
ACOS(config-policy:OXYGEN)#
Example
This command disables DNS IPv6 smart mode.
ACOS(config-policy:OXYGEN)# no dns ipv6 smart
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns logging
Description
The dns logging command enables DNS logging and specifies the mes­sages that
are logged.
The no dns logging command disables DNS logging.
Syntax
dns logging MESSAGE
no dns logging
Parameter
Description
MESSAGE
Specifies the information returned to the client. Valid options
include:
• query
• response
Query messages are logged.
Response messages are logged
• both
Query and response messages are logged
• none
Neither messages are logged
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
50/97
8/24/22, 3:10 PM
Default
Mode
Example
Global Server Load Balancing Guide
See descriptions.
GSLB Policy Configuration Mode (gslb policy)
These commands enable DNS logging of neither query nor response mes­sages.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns logging none
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns logging none
ACOS(config-policy:OXYGEN)#
Example
This command enables DNS logging of query messages
ACOS(config-policy:OXYGEN)# dns logging query
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns logging query
ACOS(config-policy:OXYGEN)#
Example
This command enables DNS logging of response messages.
ACOS(config-policy:OXYGEN)# dns logging response
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns logging response
ACOS(config-policy:OXYGEN)#
Example
This command enables DNS logging of response and query messages.
ACOS(config-policy:OXYGEN)# dns logging both
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns logging both
ACOS(config-policy:OXYGEN)#
Example
This command disables DNS logging.
ACOS(config-policy:OXYGEN)# no dns logging
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns proxy block <query>
Description
The dns proxy block <query> command programs the ACOS device to block
DNS queries from being sent to an internal DNS server. The ACOS device must be
in GSLB proxy mode for the feature to work. The command lists the records that
are blocked.
The no dns proxy block <query> command removes the ACOS device’s DNS
query block. The command requires a record list identical to the list of records
currently blocked.
Syntax
dns proxy block ATTRIBUTE_1 [ATTRIBUTE_2 ... ATTRIBUTE_n]
no dns proxy block ATTRIBUTES
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
51/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Parameter
Description
ATTRIBUTE_X
Specifies information returned to the client. The command
must list at least one attribute and may include more than
one. Options include:
•a
• aaaa
• mx
• ns
• srv
• cname
• ptr
• soa
• txt
Default
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands program the ACOS device to block DNS queries with A and
AAAA records.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns proxy block a aaaa
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns proxy block a aaaa
ACOS(config-policy:OXYGEN)#
Example
This command attempts to remove A records from the list of DNS queries the
ACOS device is programmed to block.
ACOS(config-policy:OXYGEN)# no dns proxy block a
Field value does not match (field: a).
ACOS(config-policy:OXYGEN)#
Example
This command removes the DNS query capacity of the ACOS device.
ACOS(config-policy:OXYGEN)# no dns proxy block a aaaa
ACOS(config-policy:OXYGEN)#
dns proxy block <type>
Description
The dns proxy block <type>command programs the ACOS device to block a
specified type of DNS queries. The command specifies the type, by num­ber, of
query being blocked. The device can utilize multiple command. Each command lists
either a single type or a number range corresponding to mul­tiple types.
The no dns proxy block <type> command restores the delivery of the specified
DNS queries.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
52/97
8/24/22, 3:10 PM
Syntax
Global Server Load Balancing Guide
dns proxy block TYPE-LIST
no dns proxy block TYPE-LIST
Parameter
Description
TYPE-LIST
Specifies the information returned to the client. Valid
options include:
• <1-255>
Specifies a single type
• range <1-255>
Specifies a single element range of
types
• range <1-255> to <1-255>
Specifies a range of
types
Default
Mode
Example
See descriptions.
GSLB Policy Configuration Mode (gslb policy)
These commands block DNS queries of type 56, 58, and 60-69.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns proxy block 56
ACOS(config-policy:OXYGEN)# dns proxy block 58
ACOS(config-policy:OXYGEN)# dns proxy block range 60 to 69
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns proxy block range 60 to 69
dns proxy block 56
dns proxy block 58
ACOS(config-policy:OXYGEN)#
Example
This command removes the types 63 to 67 from the DNS query block.
ACOS(config-policy:OXYGEN)# no dns proxy block range 63 to 67
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns proxy block range 60 to 62
dns proxy block range 68 to 69
dns proxy block 56
dns proxy block 58
ACOS(config-policy:OXYGEN)#
dns proxy block action
Description
The dns proxy block action command specifies the ACOS device method of
handling blocked DNS queries.
The no dns proxy block action command restores the default value.
Syntax
dns proxy block action DISPOSITION
no dns proxy block action
Parameter
Description
DISPOSITION
Specifies the information returned to the client. Valid
options include:
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
53/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• drop
• reject
• ignore
Mode
Example
GSLB Policy Configuration Mode (gslb policy)
These commands
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns proxy block action drop
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns proxy block action drop
ACOS(config-policy:OXYGEN)#
Example
This command
ACOS(config-policy:OXYGEN)# dns proxy block action reject
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns proxy block action reject
ACOS(config-policy:OXYGEN)#
Example
This command
ACOS(config-policy:OXYGEN)# dns proxy block action ignore
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns proxy block action ignore
ACOS(config-policy:OXYGEN)#
Example
This command
ACOS(config-policy:OXYGEN)# no dns proxy block action
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns selected-only
Description
The dns selected-only command enables return of only selected IP addresses.
The command specifies a limit of records that can be returned after a record is
selected. When the number of records exceed the config­ured value, GSLB ignores
this configuration.
The no dns selected-only command disables the return of selected IP addresses.
Syntax
dns selected-only [num-record]
no dns selected-only [num-record]
Parameter
Description
num-record
Specifies the limit of records that are returned. Valid
options include:
• <no parameter> – enables return of all selected records
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
54/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• <1-128> – specifies number of records
Default
Disabled.
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
These commands enable the return of 32 records after receiving a query from a
selected IP address.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns selected-only 32
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns selected-only 32
ACOS(config-policy:OXYGEN)#
Example
This command disables the return of records.
ACOS(config-policy:OXYGEN)# no dns selected-only 32
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
dns server
Description
The dns server command enables a GSLB ACOS device to act as a DNS
server for specific service IPs in the GSLB zone. When this setting is enabled, the
device responds directly to address queries for specific service IP addresses in the
GSLB zone. The ACOS device still forwards other types of queries to the DNS
server.
When using this command, the dns cname-detect command is not required. When a
client requests a configured alias name, GSLB applies the policy to the CNAME
records. The server option is not valid with the ip-replace option. They are
mutually exclusive.
When using this command, you also must enable the static option on the
individual service IP. (To configure the service IP addresses, use the serviceip command at the configuration level for the service. See gslb zone.)
The no dns server command disables the GSLB ACOS device from acting as a
DNS server for specific service IPs in the GSLB zone.
Syntax
dns server RECORD_1 [RECORD_2 ... RECORD_N]
no dns server
Parameter
Description
RECORD_X
Specifies the limit of records that are returned. Valid options include:
• addition-mx – Enables ACOS device to provide the A record
containing the mail server’s IP address in the Additional section,
when the device is configured for DNS server mode.
• any – Enables ACOS device to provide all resource records that
are avail­able, when the ACOS device is configured for DNS server
mode. When a client issues a type “ANY” request (which is
actually a pseudo resource record that is expressed by the wildcard
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
55/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
code “*”), then the ACOS device includes all RR information it
has available.
• authoritative – Makes the ACOS device the authoritative DNS
server for the GSLB zone, for service IPs in which static is
enabled. If omitted,the ACOS device is a non-authoritative DNS
server for the zone domain.
• cname – Allows ACOS device to respond to inbound GSLB DNS
requests that have load-balanced CNAME records.
• ns [auto-ns] – Provides name server record. The autons option causes the policy to provide A records for NS records
automatically.
• ptr [auto-ptr] – Provides the pointer record. The autoptr option causes the policy to provide pointer records
automatically.
• full-list – Appends all A records in the Authoritative section.
• mx – Provides MX record in Answer section, and A record for mail
server in Additional section, when device is configured for DNS
server mode.
• ns-list – This option appends all Name Server (NS) Resource
Records (RR) in the Authority section of DNS replies.
• ptr [auto-ptr] – Provides the pointer record. The autoptr option causes the policy to provide pointer records
automatically.
• sec – Provides DNSSEC support
• srv – Provides the service record.
• txt – Provides the service record. TXT resource records can be
used to carry multiple pieces of DNS TXT data within a single
record.
Default
Disabled
Mode
GSLB Policy Configuration Mode (gslb policy)
Example
The following command modifies the policy to program the ACOS device to act
as a DNS server for mail server and name server records.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns server ns addition-mx auto-ns
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns server addition-mx ns auto-ns
ACOS(config-policy:OXYGEN)#
Example
These commands disables the DNS server function on devices upon which the
policy is applied.
ACOS(config-policy:OXYGEN)# no dns server
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
56/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
dns sticky
Description
The dns sticky command programs device to send the same service IP address
to a client for all requests from that client for the service address. Sticky DNS
ensures that, during the aging-time, a client is always directed to the same site.
The prefix length options adjusts the granularity of the feature. The default prefix
length (32 for IPv4, 128 for IPv6) causes the ACOS device to maintain separate
stickiness information for each local DNS server. For example, if two clients use
DNS 10.10.10.25 as their local DNS server, and two other clients use DNS
10.20.20.99 as their local DNS server, the ACOS maintains separate stickiness
information for each set of clients, by maintaining separate stickiness information for
each of the local DNS servers.
When the sticky option is enabled, the sticky time must be at least as long as the
zone TTL as defined by the ttl command at the zone configuration level. (gslb
zone.)
The no dns sticky command restores the default value
Syntax
dns sticky [MASK-V4] [MASK-V6] [DURATION]
no dns sticky [MASK-V4] [MASK-V6] [DURATION]
Parameter
Description
MASK-V4
Specifies the IPv4 mask size. Valid options include:
• <no parameter>
• /<1-32>
IPv4 mask size of 32
Specifies IPv4mask size
• dotted decimal notation
value.
MASK-V6
Must be valid mask
Specifies the IPv6 mask size. Valid options include:
• <no parameter>
equivalent to ipv6-mask 128
• ipv6-mask <1-128>
DURATION
Specifies duration limit for returning record. Valid options
include:
• <no parameter>
equivalent to aging-time 5
• aging-time <1-65535>
Default
Disabled.
When the option is enabled, the default prefix is /32, the default aging time is 5
minutes, and the default IPv6 mask length is 128.
Mode
GSLB Policy Configuration Mode (gslb policy)
Usage
If more than one of the following options are enabled, GSLB uses them in the
order listed:
1. sticky
2. server
3. cache
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
57/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
4. proxy (The command does not have a separately configurable “proxy” option.
The proxy option is automatically enabled when you configure the DNS proxy.)
The site address selected by the first option that is applicable to the client and
requested service is used.
Example
These commands enables DNS sticky and establishes default values for aging time
and the masks.
ACOS(config)# gslb policy NEON
ACOS(config-policy:NEON)# dns sticky
ACOS(config-policy:NEON)# show run | sec gslb
gslb policy NEON
dns sticky
ACOS(config-policy:NEON)#
Example
This command configures non-default values for the aging time and masks.
ACOS(config-policy:NEON)# dns sticky /30 aging-time 15 ipv6-mask 124
ACOS(config-policy:NEON)# show run | sec gslb
gslb policy NEON
dns sticky /30 ipv6-mask 124 aging-time 15
ACOS(config-policy:NEON)#
Example
This command modifies IPv4 mask size without changing the other parame­ters.
ACOS(config-policy:NEON)# dns sticky /24 aging-time 15 ipv6-mask 124
ACOS(config-policy:NEON)# show run | sec gslb
gslb policy NEON
dns sticky /24 ipv6-mask 124 aging-time 15
ACOS(config-policy:NEON)#
Example
This command explicitly changes the parameter values to their defaults.
ACOS(config-policy:NEON)# dns sticky /32 ipv6-mask 128 aging-time 5
ACOS(config-policy:NEON)# show run | sec gslb
gslb policy NEON
dns sticky
ACOS(config-policy:NEON)#
Example
This command disables DNS sticky
ACOS(config-policy:NEON)# no dns sticky
ACOS(config-policy:NEON)# show run | sec gslb
gslb policy NEON
ACOS(config-policy:NEON)#
dns ttl
Description
The dns ttl command programs the ACOS device to change the TTL of each
DNS record in DNS replies received from the DNS for which the device is a
proxy.
The dns use-server-ttl command programs the device to use the time-to-live
value in the DNS server response instead of replacing it with a specified value.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
58/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
The no dns ttl and no dns use-server-ttl command restores the default value
of 10 seconds. The latter command is available only when dns use-server-ttl is
configured.
Syntax
dns ttl DURATION
dns use-server-ttl
no dns ttl
dns use-server-ttl
Parameter
Description
DURATION
Specifies the new TTL value (seconds). Value ranges from 0 to 1000000000
(one billion).
Default
Mode
Example
10 seconds.
GSLB Policy Configuration Mode (gslb policy)
These commands program the device to change TTL for DNS replies to 30 secs.
ACOS(config)# gslb policy OXYGEN
ACOS(config-policy:OXYGEN)# dns ttl 30
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns ttl 30
ACOS(config-policy:OXYGEN)#
Example
This command programs the device to use TTL from DNS records in DNS replies.
ACOS(config-policy:OXYGEN)# dns use-server-ttl
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
dns use-server-ttl
ACOS(config-policy:OXYGEN)#
Example
This command programs the device to change TTL for DNS replies to 10 seconds.
ACOS(config-policy:OXYGEN)# no dns ttl
ACOS(config-policy:OXYGEN)# show run | sec gslb
gslb policy OXYGEN
ACOS(config-policy:OXYGEN)#
edns client-subnet geographic
Description
Use the EDNS-Client-Subnet field for GSLB geo-location metric.
For DNS queries, not all requests use a third-party resolver that is in close
topographical proximity to themselves. Some recursive resolvers use an extra EDNS
field in DNS messages to forward details about where a network query is coming
from. ACOS can read the extra EDNS-Client-Subnet field and provide more specific
topological geo-location features for DNS queries in GSLB.
When enabled, the information in the EDNS-Client-Subnet field will be checked
against the configured geo-location database first. If the extra field contains no
information, then ACOS will check the source IP of the recursive DNS server
against the configured geo-location database in order to perform GSLB geo-location
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
59/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
metric. As back-end servers can also generate an OPT resource record, ACOS can
read EDNS-Client-Subnet fields from responses as well.
ACOS uses ENDS-Client-Subnet in GSLB server mode. Proxy mode is not
supported.
Syntax
[no] edns client-subnet geographic
Default
Disabled.
Mode
GSLB Policy
Usage
This command allows ACOS to read the extra field in DNS messages, and to
provide more specific topological geo-location features for DNS queries, based on
the client’s subnet. The information in the EDNS field is checked against configured
geo-location databases first.
Example
This example configures a device to read EDNS-Client-Subnet field in DNS
queries. In the example, if client traffic comes in with a source IP 11.11.11.11, but
the EDNS-Client-Subnet is 10.10.10.10, the DNS A record vs1 is selected because
the client’s EDNS-Client-Subnet corresponds to the geo-location of site1. The EDNSClient-Subnet 10.10.10.10 will be used for all geo-location metric features.
These commands configure two user-defined geo-locations.
ACOS(config)# gslb geo-location site1
ACOS(config-geo-location:site1)# ip 10.10.10.10 mask /24
ACOS(config-geo-location:site1)# exit
ACOS(config)# gslb geo-location site2
ACOS(config-geo-location:site2)# ip 11.11.11.11 mask /32
ACOS(config-geo-location:site2)# exit
The following commands configure example GSLB sites and their respective geolocations and SLB servers with virtual servers.
ACOS(config)# gslb site usa
ACOS(config-gslb site:usa)# geo-location site1
ACOS(config-gslb site:usa)# slb-dev acos1 10.10.10.10
ACOS(config-gslb site:usa-slb dev:acos1)# vip-server vs1
ACOS(config-gslb site:usa-slb dev:acos1)# exit
ACOS(config-gslb site:usa)# exit
ACOS(config)# gslb site china
ACOS(config-gslb site:china)# geo-location site2
ACOS(config-gslb site:china)# slb-dev acos2 200.20.20.20
ACOS(config-gslb site:china-slb dev:acos2)# vip-server vs2
ACOS(config-gslb site:china-slb dev:acos2)# exit
ACOS(config-gslb site:china)# exit
These commands configure an example GSLB policy related to DNS traffic.
ACOS(config)# gslb policy dns
ACOS(config-policy:dns)# dns selected-only
ACOS(config-policy:dns)# dns server authoritative
ACOS(config-policy:dns)# edns client-subnet geographic
ACOS(config-policy:dns)# exit
The following commands configure an example GSLB zone for example.com.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
60/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
ACOS(config)# gslb zone example.com
ACOS(config-zone:example.com)# policy dns
ACOS(config-zone:example.com)# service 80 http
ACOS(config-zone:example.com-service:http)# exit
ACOS(config-zone:example.com)# service 80 www
ACOS(config-zone:example.com-service:www)# dns-a-record vs1 static
ACOS(config-zone:example.com-service:www)# dns-a-record vs2 static
geo-location
Description
Syntax
Configure a geographic location. GSLB forwards client requests from IP addresses
within the location’s range to the GSLB site that serves the loca­tion.
[no] geo-location location-name
This command takes you to the geo-location configuration level within a GSLB
policy, where the following options are available:
Command
Description
ip start-ipv4-addr
{mask ipv4-mask | end-ipv4addr}
Specify the beginning IP address and subnet mask or ending
IP address for an IPv4 address range.
ipv6 start-ipv6-addr
{mask ipv6-mask | end-ipv6addr}
Specify the beginning IP address and subnet mask or ending
IP address for an IPv6 address range.
Default
None.
Mode
GSLB Policy
Usage
To prefer the location configured with this command over a globally config­ured
location, use the gslb policy geo-location match-first policy com­mand. (See
geo-location-match.)
Example
The following example configures geographic location “CN.BeiJing” for IP address
range 200.1.1.1 through 200.1.1.253:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# geo-location CN.Beijing
ACOS((config-policy:pol1-geo-location:CN.B...)# ip 200.1.1.1 200.1.1.253
geo-location-match
Description
Configure the policy to prefer either the globally configured geo-location or the
one configured in this policy. If a client IP address matches the IP ranges in a
globally configured location and in a location configured in this policy, the geolocation match-first command specifies which matching geo-location to use.
Syntax
[no] geo-location-match
{match-first {global | policy} | overlap [global | policy]}
Parameter
Description
match-first {global | policy}
Configure policy to prefer either the globally configured geolocation or the one configured in the policy. If a client IP
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
61/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
address matches IP ranges in a globally configured location and
in a location configured in the policy, the command specifies the
geo-location that is used.
• global - GSLB prefers globally configured locations.
• policy - GSLB prefers locations configured in this policy.
The default is global.
overlap [global | policy]
Enabled overlap matching mode. If there are overlapping
addresses in the geo-location database, use this option to enable
the ACOS device to find the most precise match.
• global - GSLB prefers globally configured locations.
• policy - GSLB prefers locations configured in this policy..
The default is global.
Default
See descriptions.
Mode
GSLB Policy
Usage
If you suspect a public IP address in your domain is not unique and the same IP
address may be associated with different hosts, you can enable the geo-location
overlap option. This causes the ACOS device to search the geo-loca­tion database for
the match best (or longest matching IP address). Other­wise, the ACOS device will
use its default behavior, which is to scan the specified geo-location database using
the “match first” algorithm, which uses the first IP address-region mapping
discovered. (See Geo-Location Overlap.)
Example
The following command configures the GSLB controller to prefer locations
configured in this policy:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# geo-location-match match-first policy
geographic
Description
Enable or disable the Geographic metric. The Geographic metric prefers sites that
are within the geographic location of the client.
Syntax
[no] geographic
Default
Enabled
Mode
GSLB Policy
Usage
You must configure the geographic location, by configuring a geo-location name,
then assigning the geo-location to a GSLB site. To configure a geo-location, assign
a client IP address range to a location name. (See gslb geo-location and geolocation.) To assign the geo-location to a site, use the geo-location command at the
site configuration level. (See gslb site.)
Example
The following command disables the Geographic metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# no geographic
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
62/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
health-check
Description
Enable or disable the Health-Check metric. The Health-Check metric prefers sites
that pass their health checks.
Syntax
[no] health-check
Default
Enabled
Mode
GSLB Policy
Usage
This metric requires the GSLB protocol to be enabled both on the GSLB con­troller
and site ACOS devices, if the default health checks are used on the ser­vice IPs.
If you use a custom health monitor, or you explicitly apply the default Layer 3
health monitor to the service, the GSLB protocol is not used for any of the health
checks. In this case, the GSLB protocol is not required to be enabled on the site
ACOS devices, although use of the protocol is still recommended.
Example
The following command disables the Health-Check metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# no health-check
ip-list
Description
Use an IP list to exclude a set of IP addresses from aRDT polling.
Syntax
[no] ip-list list-name
Default
None
Usage
To configure an IP list, see gslb ip-list.
Example
The following commands configure a GSLB IP list and use the list to exclude IP
addresses from an RDT data collection:
ACOS(config)# gslb ip-list iplist1
ACOS(config-ip list:iplist1)# ip 192.168.1.0 /24 id 3
ACOS(config-ip list:iplist1)# ip 10.10.10.10 /32 id 3
ACOS(config-ip list:iplist1)# ip 10.10.10.20 /32 id 3
ACOS(config-ip list:iplist1)# ip 10.10.10.30 /32 id 3
ACOS(config-ip list:iplist1)# exit
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# ip-list iplist1
ACOS(config-policy:pol1)# active-rdt ignore-id 3
least-response
Description
Enable or disable the Least-Response metric, which prefers VIPs that have the
fewest hits.
Syntax
[no] least-response
Default
Disabled
Mode
GSLB Policy
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
63/97
8/24/22, 3:10 PM
Example
Global Server Load Balancing Guide
The following command enables the Least-Response metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# least-response
metric-fail-break
Description
Enable GSLB to stop if there are no valid service IPs.
Syntax
[no] metric-fail-break
Default
Disabled
Mode
GSLB Policy
metric-force-check
Description
Force the GSLB controller to always check all metrics in the policy.
Syntax
[no] metric-force-check
Default
By default, the GSLB controller stops evaluating metrics for a site once a metric
comparison definitively selects or rejects a site.
Mode
GSLB Policy
metric-order
Description
Configure the order in which the GSLB metrics in this policy are used.
Syntax
[no] metric-order metric [metric ...]
Parameter
metric
[metric ...]
Description
One or more of the following metrics:
active-rdt
active-servers
admin-ip
admin-preference
bw-cost
capacity
connection-load
geographic
health-check
least-response
num-session
weighted-ip
weighted-site
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
64/97
8/24/22, 3:10 PM
Default
Global Server Load Balancing Guide
By default, metrics are used in the following order:
1. Health-Check
2. Weighted-IP
3. Weighted-Site
4. Session-Capacity
5. Active-Servers
6. aRDT
7. Geographic
8. Connection-Load
9. Num-Session
10.Admin-Preference
11.BW-Cost
12.Least-Response
13.Admin-IP
The Health-Check, Geographic, and Round-Robin metrics are enabled by default.
The Round-Robin metric does not appear in the list above because this is the
metric of last resort.
Mode
GSLB Policy
Usage
The first metric you specify with this command becomes the primary metric. If you
specify additional parameters, they are used in the priority you specify. All
remaining metrics are prioritized to follow the metrics you specify.
The GSLB Controller uses each metric, in the order specified, to compare the IP
addresses returned in DNS replies to clients. If a metric is disabled, the metric
order does not change. The GSLB Controller skips the metric and continues to the
next enabled metric.
The Round-Robin metric can not be re-ordered.
To display the metric order used in a policy, see show gslb policy.
num-session
Description
Configure the Num-Session metric, which evaluates a site based on availa­ble
session capacity and tolerance threshold compared to another site. Sites that are at
or below their thresholds of current available sessions are pre­ferred over sites that
are above their thresholds.
When dealing with smaller base numbers, a small fluctuation in the number of
available sessions can cause flapping from one site to another. Thus, when
configuring sites with smaller capacities, it is recommended to use a larger tolerance
number to prevent frequent flapping between preferred sites.
Example
Site A has 800,000 sessions available and Site B has 600,000 sessions avail­able. If
Num-Session is enabled, then Site A is preferred because it has a larger number of
available sessions than site B.
If the tolerance option is enabled (with a default value of 10 percent), and if Site
A has 800,000 sessions available and Site B has 600,000 sessions available, then
Site A will continue to be preferred until Site B’s available sessions exceed Site A’s
available sessions by more than 10 percent. In this case, Site A will remain the
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
65/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
preferred site until Site B’s available sessions exceed 800,000 by more than ten
percent (or 80,000 sessions). If Site A’s available sessions remain constant, and Site
B’s available sessions increase to the point that they exceed 880,000 sessions, the
Site B would become the preferred site.
Syntax
num-session tolerance num
The tolerance number is a number from 0 to 100 specifying the percentage by
which the number of available sessions on site SLB devices can differ without
causing the Num-Session metric to select one site device over another.
The num-session tolerance command has no negative form. To reset the NumSession tolerance back to default, enter the following command, which changes the
Num-Session tolerance back to the default percentage:
num-session tolerance 10
NOTE:
Default
Use the num-session-enable command to enable or disable the Num-Session
metric.
Disabled.
The default tolerance is 10 percent.
Mode
GSLB Policy
Usage
The GSLB ACOS device considers site SLB devices to be equal if the differ­ence
in the number of available sessions on each device does not exceed the tolerance
percentage. The tolerance percentage ensures that minor differ­ences in available
sessions do not cause frequent, unnecessary, changes in site preference.
This metric requires the GSLB protocol to be enabled both on the GSLB controller
and on the site ACOS devices.
Example
The following command changes the available-session tolerance threshold to 70
percent:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# num-session-enable
ACOS(config-policy:pol1)# num-session tolerance 70
num-session-enable
Description
Enable or disable the Num-Session metric.
Syntax
[no] num-session-enable
Default
Disabled
Mode
GSLB Policy
Example
The following command changes the available-session tolerance threshold to 70
percent:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# num-session-enable
ACOS(config-policy:pol1)# num-session tolerance 70
round-robin
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
66/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Description
Configure the Round-Robin metric, which selects sites in sequential order.
Syntax
[no] round-robin
Default
Enabled
Mode
GSLB Policy
Usage
The ACOS device uses Round-Robin to select a site at the end of the policy
parameters evaluation. This is true even if the Round-Robin metric is disa­bled in
the GSLB policy.
Example
The following command disables the Round-Robin metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# no round-robin
weighted-alias
Description
Enable the Weighted Alias metric, which prefers CNAME records with higher
weight values over CNAME records with lower weight values. This metric is similar
to Weighted-IP, but applies only to DNS CNAME records.
Syntax
[no] weighted-alias
Default
Disabled
Mode
GSLB Policy
Usage
Metric order does not apply to this metric.
To configure the Weighted Alias metric:
1. At the configuration level for the GSLB service, use the weight command to
assign a weight to the DNS CNAME record for the service. (See gslb serviceip.)
2. At the configuration level for the GSLB policy: (See Weighted-Alias.)
• Enable the Weighted Alias metric.
• Enable one or both of the following DNS options, as applicable to your
deployment:
• DNS backup-alias
• DNS geoloc-alias
3. If using the backup-alias option, use the dns-cname-record as-backup option
on the service. (See gslb service-ip.)
weighted-ip
Description
Syntax
Configure the Weighted-IP metric, which uses service IP addresses with higher
weight values more often than addresses with lower weight values.
[no] weighted-ip total-hits
The total-hits option will send requests to the service IP addresses that have
fewer hits first. After all service IP addresses have the same number of hits, GSLB
sends requests based on weight. This option is disabled by default.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
67/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Use the weighted-ip-enable command to enable selection of the Service-Ip by
weighted preference.
Default
Disabled
Mode
GSLB Policy
Usage
As a simple example, assume that the Weighted-IP metric is the only ena­bled
metric, or at least always ends up being used as the tie breaker. The totalhits option is disabled. IP address 10.10.10.1 has weight 4 and IP address
10.10.10.2 has weight 2. During a given session aging period, the first 4 requests
go to 10.10.10.1, the next 2 requests go to 10.10.10.2, and so on, (4 to 10.10.10.1,
then 2 to 10.10.10.2).
Here is an example using the same two servers and weights, with the totalhits option enabled. IP address 10.10.10.1 has weight 4 and total hits 8, and IP
address 10.10.10.2 has weight 2 and total hits 0. In this case, the first 4 requests
go to 10.10.10.2, then the requests are distributed according to weight. Four requests
go to 10.10.10.1, then two requests go to 10.10.10.2, and so on. To display the
total hits for a service IP address, use the show gslb service-ip command. (See
gslb service-ip.)
To assign a weight to a service IP address, use the following command at the
configuration level for the zone service:
dns-a-record name weight num
Example
The following command disables the Weighted-IP metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# no weighted-ip-enable
weighted-ip-enable
Description
Enable selection of the Service-Ip by weighted preference.
Syntax
[no] weighted-ip-enable
Default
Disabled
Mode
Example
GSLB Policy
The following command disables the Weighted-IP metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# no weighted-ip-enable
weighted-site
Description
Syntax
Configure the Weighted-Site metric, which uses sites with higher weight val­ues
more often than sites with lower weight values.
[no] weighted-site total-hits
The total-hits option will send requests to the service IP addresses that have
fewer hits first. After all service IP addresses have the same number of hits, GSLB
sends requests based on weight. This option is disabled by default.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
68/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Use weighted-site-enable command to enable selection of the Service-IP by weighted
preference.
Default
Disabled. When Weighted-Site metric is enabled, default weight of each site is 1.
Mode
GSLB Policy
Usage
As a simple example, assume that the Weighted-Site metric is the only ena­bled
metric, or at least always ends up being the tie breaker. Site A has weight 4 and
site B has weight 2. During a given session aging period, the first 4 requests go to
site A, the next 2 requests go to site B, and so on, (4 to A, then 2 to B).
This example uses the same two sites and weights, with the total-hits option
enabled: Site A has weight 4 with total hits 8; site B has weight 2 with total hits
0. In this case, the first 4 requests go to site B, then requests are sent as described
above. Four requests go to site A, then 2 requests go to site B, and so on.
To assign weight to a site, use the weight command.
Example
The following command disables the Weighted-Site metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# no weighted-site-enable
weighted-site-enable
Description
Enable selection of the Service-IP by weighted preference.
Syntax
[no] weighted-site-enable
Default
Disabled
Mode
GSLB Policy
Example
The following command disables the Weighted-Site metric:
ACOS(config)# gslb policy pol1
ACOS(config-policy:pol1)# no weighted-site-enable
Show Commands
This section describes the GSLB show commands.
• show gslb cache
• show gslb config
• show gslb fqdn
• show gslb geo-location
• show gslb group
• show gslb ip-list
• show gslb memory
• show gslb policy
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
69/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• show gslb protocol
• show gslb rdt
• show gslb samples conn
• show gslb samples conn-load
• show gslb samples rdt
• show gslb service
• show gslb service-group
• show gslb service-ip
• show gslb service-port
• show gslb session
• show gslb site
• show gslb slb-device
• show gslb state
• show gslb statistics
• show gslb zone
show gslb cache
Description
Show the DNS messages cached on the GSLB ACOS device. The GSLB ACOS
device caches DNS replies if either of the following GSLB policy options are
enabled:
• DNS caching
• aRDT metric (if the single-shot option is used)
Syntax
show gslb cache
[match domain-name]
[service-name ...]
[zone zone-name]
Parameter
Description
match
Displays cached DNS messages for the
matched domain.
domain-name
service-name
Displays cached DNS messages for the
specified service.
zone
Displays cached DNS messages for the
specified zone.
zone-name
Mode
All
Example
The following command displays cached DNS messages for service
“www.testme.com:http”:
ACOS# show gslb cache www.testme.com:http
QD = Question Records,
AN = Answer Records
NS = Authority Records, AR = Additional Records
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
70/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Flag = DNS Flag, Len = Cache Length
A = Authoritative Answer, D = Recursion Desired
R = Recursion Available
Zone: testme.com
Service
Alias
Len
TTL
Flag QD
AN
NS
AR
--------------------------------------------------------------------------www.testme.com:http
96
3055
DR
1
4
0
0
The following table describes the fields in the command output.
Field
Description
Zone
GSLB zone name.
Service
GSLB service.
Alias
Alias, if configured, that maps to the DNS Canonical Name
(CNAME) for the service.
Len
Length of the DNS message, in bytes.
TTL
Number of seconds for which the cached message is still
valid.
show gslb config
Description
Show the GSLB configuration commands that are in the running-config.
Syntax
show gslb config
[
active-rdt |
dns |
geo-location |
group |
ip-list |
policy |
protocol |
service-group |
service-ip |
site |
system
template |
view |
zone
]
Mode
All
Usage
The show gslb config command can be used in shared partitions, L3V parti­tions,
and GSLB view.
When used in shared partitions
When used within a shared partition, the show gslb config command can include the
following:
• active-rdt: Show GSLB aRDT configuration
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
71/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
• dns: Show GSLB global DNS configuration
• geo-location: Show GSLB global geo-location configuration
• group: Show GSLB group configuration
• ip-list: Show GSLB IP list configuration
• policy: Show GSLB policy configuration
• protocol: Show GSLB protocol configuration
• service-group: Show GSLB service-group configuration
• service-ip: Show GSLB service-ip configuration
• site: Show GSLB site configuration
• system: Show GSLB system options
• template: Show GSLB template configuration
• view: Show GSLB view
• zone: Show GSLB zone configuration
When used in L3V partitions
When used within a L3V partition, the show gslb config command can include
the following:
• group: Show GSLB Group configuration
• ip-list: Show GSLB IP list configuration
• policy: Show GSLB policy configuration
• service-ip: Show GSLB service-IP configuration
• site: Show GSLB site configuration
• template: Show GSLB template configuration
• zone: Show GSLB zone configuration
NOTE:
When the show gslb config command is used within a L3V partition, the
following command completions are not supported: active-rdt, dns, geolocation, protocol, system, and view.
When used in gslb-view
When used in gslb-view, the show gslb config command can include the
following:
• group: Show GSLB Group configuration
• ip-list: Show GSLB IP list configuration
• policy: Show GSLB policy configuration
• site: Show GSLB site configuration
• template: Show GSLB template configuration
• zone: Show GSLB zone configuration
NOTE:
When the show gslb config command is used in gslb-view, the fol­lowing
command completions are not supported: active-rdt, dns, geo-location,
protocol, service-ip, system, and view.
Details about L3V Deployments
When using the new show gslb config command filters in L3V partitions, only
the following command completions are supported: group, ip-list, policy, service-ip,
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
72/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
site, template, and zone.
The following show gslb config command options are not supported in L3V
deployments, and by extension, not supported by the new gslb show command
enhancements: active-rdt, dns, geo-location, protocol, system and view.
CLI Example
• Show gslb config zone
• Show gslb config site zone
• Show gslb config service-ip zone | include aaa
Show gslb config for gslb-view
The command syntax when used within gslb-view is as follows:
show gslb config
[
group |
ip-list |
policy |
service-ip |
site |
template |
zone |
common filters(| include xxx)
]
show gslb fqdn
Description
Show GSLB statistics using a Fully Qualified Domain Name (FQDN).
Syntax
show gslb fqdn domain-name [domain-name ... ]
[
cache |
dns-a-record |
dns-cname-record |
dns-mx-record |
dns-ns-record |
dns-ptr-record |
dns-srv-record |
dns-txt-record |
session
]
Mode
All
show gslb geo-location
Description
Syntax
Show the status of GSLB geo-location mappings.
show gslb geo-location
{
[db [geo-location-name]
[[statistics] ip-range range-start range-end]
[[statistics] depth num]
[[statistics] directory num]
[[statistics] top num [percent [global]]]
[statistics]]
[file [file-name]]
[ip ipaddr [statistics] [policy policy-name]]
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
73/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
[ipv6 ipv6addr [statistics] [policy policy-name]]
[rdt
[active [geo-location-name ...]
[site site-name] [depth num]]
Parameter
Description
db [options]
Displays the geo-location database. If you specify a geo-location name,
only the entries for that geo-location are shown. Otherwise, entries for all
geo-locations are shown.
• ip-range – Displays entries for the specified IP address range.
• depth num – Specifies how many nodes within the geo-location data
tree to display. For example, to display only continent and country
entries and hide individual state and city entries, specify depth 2. By
default, the full tree (all nodes) is displayed.
• directory num – Displays entries for the specific geo-location database
directory.
• top num [percent [global]] – Display the top statistics for the
selected geo-location database.
• statistics – Displays client statistics for the specified geo-location.
file
[file-name]
Displays the geo-location database files on the ACOS device, and their load
sta­tus. (Data from a geo-location database file does not enter the geolocation data­base until you load the file. See gslb system geo-location
load.)
ip ipaddr
Displays geo-location database entries for the specified IP address.
• statistics – Displays client statistics for the specified geo-location.
• policy policy-name – Filter output by policy.
ipv6 ipv6addr
Displays geo-location database entries for the specified IPv6 address.
• statistics – Displays client statistics for the specified geo-location.
• policy policy-name – Filter output by policy.
rdt [options]
Displays aRDT data for geo-locations. You can use the following options:
• active – Displays data for aRDT.
• geo-location-name – Displays aRDT data only for the specified
GSLB geo-location.
• site site-name – Displays aRDT data only for the specified GSLB
site.
• depth num – Specifies how many nodes within the geo-location data
tree to display. For example, to display only continent and country
entries and hide individual state and city entries, specify depth 2.
By default, the full tree (all nodes) is displayed.
Mode
All
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
74/97
8/24/22, 3:10 PM
Usage
Example
Global Server Load Balancing Guide
The matched client IP address and the hits counter indicate the working sta­tus of
the geo-location configuration.
The following command shows the status of a geo-location db named “pc”:
ACOS# show gslb geo-location db arin
Last = Last Matched Client, Hits = Count of Client matched
Sub = Count of Sub Geo-location
T = Type, P-Name = Policy name
G(global)/P(policy), S(sub)/R(sub range)
M(manually config)/B(built-in)
Geo-location: arin
From
To/Mask
Last
Hits
Sub
T
P-Name
-------------------------------------------------------------------------------0
21
G
ACOS#
The following table describes the fields in the command output.
Field
Description
Geo-location
Name of the geo-location.
From
Beginning address in the address range assigned to the geolocation.
To
Ending address in the address range assigned to the geoloca­tion.
Last
Client IP address that most recently matched the geolocation. If the value is “empty”, no client addresses have
matched.
Hits
Total number of client IP addresses that have matched the
geo-location.
Sub
Number of sublocations within the geo-location. For
example, if you configure the following geo-locations, geolocation “pc” has two sublocations, “pc.office” and “pc.lab”.
geo-location pc 10.1.0.0 mask /16
geo-location pc.office 10.1.1.0 mask /24
geo-location pc.lab 10.1.2.0 mask /24
T
Type of geo-location:
• G – The geo-location is configured at the global level in
the ACOS device configuration.
• P – The geo-location is configured within a GSLB policy.
P-Name
Name of the GSLB policy where the geo-location is
configured.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
75/97
8/24/22, 3:10 PM
Example
Global Server Load Balancing Guide
The following command shows the load status information for a geo-loca­tion
database file:
ACOS(config)# show gslb geo-location file test1
T = T(Template)/B(Built-in), Per = Percentage of loading
Filename
T Template
Per
Lines
Success
Error
-----------------------------------------------------------------------------test1
T t1
Example
98%
11
10
0
The following command displays entries in the geo-location database:
ACOS(config)# show gslb geo-location db
Last = Last Matched Client, Hits = Count of Client matched
T = Type, Sub = Count of Sub Geo-location
G(global)/P(policy), S(sub)/R(sub range)
M(manually config)
Global
Name
T
From
To/Mask
Last
Hits
Sub
-----------------------------------------------------------------------------NA
(empty)
(empty)
(empty)
To/Mask
Last
0
1
G
Geo-location: NA, Global
Name
T
From
Hits
Sub
-----------------------------------------------------------------------------US
(empty)
(empty)
(empty)
To/Mask
Last
0
10
GS
Geo-location: NA.US, Global
Name
T
From
Hits
Sub
-----------------------------------------------------------------------------69.26.125.0
69.26.125.255
(empty)
0
0
GR
69.26.126.0
69.26.126.255
(empty)
0
0
GR
69.26.127.0
69.26.127.255
(empty)
0
0
GR
...
show gslb group
Description
Syntax
Show information for GSLB controller groups.
show gslb group
[brief | group-name [...] [statistics] | statistics]
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
76/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Mode
All
Example
The following commands add a GSLB controller to the default GSLB group,
enable the device’s membership in the group, and display group information:
ACOS(config)# gslb group default
ACOS(config-gslb group)# enable
ACOS(config-gslb group)# show gslb group brief
Pri = Priority, Attrs = Attributes
D = Disabled, L = Learn
P = Passive, * = Master
Name
Pri Attrs Master
Member
-----------------------------------------------------------------------------default
255 L*
local
2
The following table describes the fields in the command output.
Field
Description
Name
Name of the GSLB controller group.
Pri
Priority of the master controller.
Attrs
GSLB group attributes of this member:
• D – Member is disabled.
• L – Group learning is enabled on this member.
• P – Member’s connection with this member (the
member on which you enter the show gslb group
command) is pas­sive.
The group connection between any two controller group
members is a client-server connection. The group
member that initiates the connection is the client, and
has the pas­sive side of the connection. The other
member is the server.
• * – Member is the current master for the group.
NOTE: Attributes are displayed only when at least two
group members are connected.
Master
IP address of the current master for the group.
Member
Number of GSLB controllers in the group. This number
includes all configured group members and all learned
group members.
ACOS(config-gslb group)# show gslb group
Pri = Priority, Attrs = Attributes
D = Disabled, L = Learn
P = Passive, * = Master
Group: default, Master: 192.168.101.72
Member
Sys-ID
Pri Attrs
Status
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
Address
77/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
-------------------------------------------------------------------------------local
825b1429 100 L
OK
192.168.1.131
941a1229 100
Synced
192.168.1.132
ab301229 100 P
Synced
The following table describes the fields in the command output.
Field
Description
Member
GSLB controllers currently in the group.
The “local” member is the GSLB controller on which you entered this show command.
ID
Group member ID assigned by the controller group feature.
Pri
Priority of the GSLB controller.
Attrs
GSLB group attributes of the member:
• D – Member is disabled.
• L – Group learning is enabled on this member.
• P – Member’s connection with this member (the member on which you enter the show
gslb group command) is passive.
The group connection between any two controller group members is a client-server
connec­tion. The group member that initiates the connection is the client, and has the
passive side of the connection. The other member is the server.
• * – Member is the current master for the group.
Note: Attributes are displayed only when at least two group members are connected.
Status
When the GSLB group is starting up, this column shows the protocol status. After the
group is established, this column shows the group status.
Protocol status:
• Idle
• Active
• OpenSent
• OpenConfirm
• Established
Group status of the member:
• Ready
• FullSync/MasterSync
• Synced
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
78/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Note: If the group status of the member is OK, this ACOS device (the one on which
you entered the command) knows of the member, but no connection between this ACOS
device and the member is required.
show gslb ip-list
Description
Display information for GSLB IP lists.
Syntax
show gslb ip-list
[brief | list-name | id num | ip ipaddr | statistics]
Mode
All
show gslb memory
Description
Display memory allocation information for GSLB.
Syntax
show gslb memory [mem-loc-id [...]] [interval seconds]
Mode
All
show gslb policy
Description
Show GSLB metric settings for GSLB policies.
Syntax
show gslb policy [policy-name]
Mode
All
The following table describes the fields in the command output.
Field
Description
Policy name
Name of the GSLB policy.
Type
Name of the GSLB metric.
MO
For GSLB metrics, indicates the order in which the metrics
are used.
Option
Metric or option name.
En-Value
For metric, indicates whether they are enabled (yes or no).
For options, indicates the value.
Description
Description of the metric or option.
show gslb protocol
Description
Syntax
Mode
Show the status of the GSLB protocol on the GSLB ACOS device and the SLB
devices (site ACOS device).
show gslb protocol [[geo-location-name] port portnum]
All
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
79/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Example
The following command shows GSLB protocol status information on an ACOS
device acting as a GSLB controller:
ACOS# show gslb protocol
GSLB site: aapg
slb-dev: acos (127.0.0.1) Established
Session ID:
26702
Connection succeeded:
1 |Connection failed:
Open packet sent:
0
1 |Open packet received:
1
Open session succeeded:
1 |Open session failed:
Sessions Dropped:
0 |Update packet received:
Keepalive packet sent:
1408 |Keepalive packet received:
Notify packet sent:
0
34411
1407
0 |Notify packet received:
Message Header Error:
0
0
GSLB site: abc
slb-dev: acos1 (127.0.0.2) Established
Session ID:
65410
Connection succeeded:
1 |Connection failed:
Open packet sent:
0
1 |Open packet received:
1
Open session succeeded:
Sessions Dropped:
1 |Open session failed:
0 |Update packet received:
Keepalive packet sent:
1408 |Keepalive packet received:
0
34411
1407
...
show gslb rdt
Description
Show aRDT data.
Syntax
show gslb rdt
[geo-location
[active [geo-location-name ...]
[site site-name] [depth num]]
[slb-device
[active [geo-location-name ...]
[ip ipaddr [...]]] |
Parameter
Description
geo-location
Displays aRDT data based on geo-location. Optional parameter includes:
• active – Displays data for aRDT. Optional parameter modifiers include:
• geo-location-name – Displays aRDT data only for the specified GSLB
geo-loca­tion.
• site site-name – Displays aRDT data only for the specified GSLB site.
• depth num – Specifies how many nodes within the geo-location data tree to
dis­play. For example, to display only continent and country entries and hide
individual state and city entries, specify depth 2.
By default, the full tree (all nodes) is displayed.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
80/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
slb-device
Displays aRDT data based on SLB device. Optional parameter includes:
• active – Displays data for aRDT. Optional parameter modifiers include:
• device-name – Displays aRDT data only for the specified device.
• ip ipaddr [...] – Displays aRDT data only for the specified clients.
By default, the full tree (all nodes) is displayed.
Mode
All
Usage
All of the options except local-info are applicable when you enter the com­mand
on a GSLB ACOS device. To display local aRDT data on a site ACOS device,
enter the command on the site ACOS device and use the local-info option.
Example
Here is an example of the output for this command when entered on the GSLB
ACOS device:
ACOS# show gslb rdt
TTL = Time to live(Unit: min), T = Type, A(active)
Device: site1/remote
IP
TTL
T|
1
2
3
4
5
6
7
8
-----------------------------------------------------------------------------10.10.10.2
10
A|
20.20.20.21
10
A|
0
0
41
0
40
0
29
0
46
0
38
42
0
34
0
30
192.168.217.1
10
A|
38
54
46
50
43
38
192.168.217.11
10
A|
41
40
29
46
38
42
34
30
4
5
6
7
Device: site2/local
IP
TTL
T|
1
2
3
8
-----------------------------------------------------------------------------10.10.10.2
10
A|
35
52
35
40
54
56
44
48
20.20.20.21
10
A|
20
20
16
16
20
16
20
18
192.168.217.1
10
A|
16
44
20
16
20
18
192.168.217.11
10
A|
20
20
16
16
20
16
20
18
T = Type: A(active), TS = Time Stamp(unit: min)
Geo-location
RDT TS
Site
T
-----------------------------------------------------------------------------cn.sh
38
10
site1
A
site2
A 18
10
cn.bj
30
10
site1
A
site2
A 18
jp
30
10
site1
A
10
site2
A 18
10
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
81/97
8/24/22, 3:10 PM
us
0
Global Server Load Balancing Guide
site1
A
10
site2
A 48
10
This example shows the default display (with no additional options). The TTL
results are organized by site ACOS device, then by geo-location.
The following table describes the fields in the command output.
Field
Description
Device
Site ACOS device.
IP
IP address at the other end of the aRDT exchange.
TTL
Time-to-live for the Active-TT entry.
T
RDT type, which can be A (aRDT).
1-8
Individual aRDT measurements (in units of seconds).
Geo-location
Geo-location name for which aRDT measurements have
been taken.
Site
GSLB site name within the geo-location.
T
RDT type. (See descriptions above.)
RDT
Individual aRDT measurements (in units of seconds).
TS
System time stamp of the aRDT measurement.
show gslb samples conn
Description
Syntax
Show the number of connections that are currently on a virtual port.
show gslb samples conn
[service-name | vipaddr]
[port port-num]
[range range-start range-end]
Parameter
Description
service-name |
vipaddr
Specifies the service name or service IP.
port-num
Specifies the virtual port.
range-start
Specifies the range start.
range
range-start range-end
Collects samples only for the specified range of
ser­vice port numbers.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
82/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Mode
All
Usage
The number of connections on the site is sampled based on the GSLB status
interval. (This is configurable using the gslb protocol command. See gslb protocol.)
Samples are listed row by row. The first 7 samples appear on row 1, the second 7
samples appear on row 2, and so on.
If you disable the GSLB protocol, the data is cleared.
Example
The following example shows connection activity for virtual port 80 on vir­tual
server “china”.
ACOS# show gslb samples conn china 80
0
| 1
2
3
4
5
6
7
---------------------------------------------------------------------------1
| 15000
25000
35000
2
| 85000
95000
105000
45000
55000
65000
75000
show gslb samples conn-load
Description
Show the number of connections on each virtual server.
Syntax
show gslb samples conn-load num-samples interval
[service-name | vipaddr]
[port-num]
Parameter
Description
num-samples
Number of connection-load samples to collect and
display.
num-samples
Number of seconds to wait between collection of each
sample.
service-name |
vipaddr
Collects samples only for the specified service IP.
port-num
Collects samples only for the specified service port
num­ber.
Mode
All
Example
The following command shows 5 connection-load samples, collected at 5-second
intervals:
ACOS# show gslb samples conn-load 5 5
ip1:80, average is: 36
| 1
2
3
4
5
6
7
---------------------------------------------------------------------------1
| 0
0
11
1
168
ip2:80, average is: 38
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
83/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
| 1
2
3
4
5
6
7
---------------------------------------------------------------------------1
| 0
0
22
2
3
2
168
ip3:80, average is: 60
| 1
4
5
6
7
---------------------------------------------------------------------------1
| 120
0
0
0
180
ip4:80, average is: 86
| 1
2
3
4
5
6
7
---------------------------------------------------------------------------1
| 240
0
0
0
192
In this example, five samples, taken at 5-second intervals, are shown for each of
four services (ip1:80 to ip4:80). Services are listed by service IP and service port.
In each section, the numbers across the top are column numbers. The numbers
along the leftmost column are row numbers. The other numbers are the actual
connection load data. For example, for ip1:80 (service port 80 on service IP “ip1”),
there were no connections during the first or second data samples, and 11
connections during the third sample.
show gslb samples rdt
Description
Show the aRDT between the GSLB ACOS device and a client.
Syntax
show gslb samples rdt
[geo-location
[active [geo-location-name ...]
[site site-name] [depth num]]
[slb-device
[active [geo-location-name ...]
[device-name] [ip A.B.C.D ...]]
[controller
[active [geo-location-name ...]
[device-name] [ip A.B.C.D ...]]
Parameter
Description
geo-location
Displays aRDT data based on geo-location. Optional parameter includes:
• active – Displays data for aRDT. Optional parameter modifiers include:
• geo-location-name – Displays aRDT data only for the specified GSLB
geo-loca­tion.
• site site-name – Displays aRDT data only for the specified GSLB site.
• depth num – Specifies how many nodes within the geo-location data tree to
dis­play. For example, to display only continent and country entries and hide
individual state and city entries, specify depth 2.
By default, the full tree (all nodes) is displayed.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
84/97
8/24/22, 3:10 PM
slb-device
Global Server Load Balancing Guide
Displays aRDT data based on SLB device. Optional parameter includes:
• active – Displays data for aRDT. Optional parameter modifiers include:
• device-name – Displays aRDT data only for the specified device.
• ip ipaddr [...] – Displays aRDT data only for the specified clients.
By default, the full tree (all nodes) is displayed.
Mode
All
Usage
Eight aRDT samples are displayed for each device. Times are shown in 10millisecond (ms) increments. In the example below, the first aRDT time for Device1
is 50 ms.
If you disable the GSLB protocol, the data is cleared.
show gslb service
Description
Syntax
Show the configuration information for services.
show gslb service
{cache | dns-a-record | dns-cname-record |
dns-mx-record | dns-ns-record | dns-ptr-record | dns-srv-record | dnstxt-record | session}
[service-name ...] [zone zone-name]
[ip ipaddr {subnet-mask | /mask-length}]
Parameter
Description
cache
Displays service information in the GSLB DNS
cache.
dns-a-record
Displays Address records for GSLB services.
dns-cname-record
Displays CNAME records for GSLB services.
dns-mx-record
Displays MX records for GSLB services.
dns-ns-record
Displays name server records for GSLB
services.
dns-ptr-record
Displays pointer records for GSLB services.
dns-srv-record
Displays service records for GSLB services.
dns-txt-record
Displays service records for GSLB services.
session
Displays current GSLB sessions for services.
service-name
Specifies a service name.
zone zone-name
Specifies a zone name.
ip ipaddr
Specifies a client host or subnet address. (This
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
85/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
{subnet-mask |
/mask-length}
Mode
option applies only to the session option.)
All
Example
The following example shows CNAME information for zone “example.com”:
ACOS# show gslb service dns-cname-record example.com
Zone: example.com
Alias = Alias Name, Geoloc = Geo-location
G-Geoloc = Matched Global Geo-location
P-Geoloc = Matched Policy Geo-location
Service
Alias
Geoloc
G-Geoloc
P-Geoloc
-----------------------------------------------------------------------------http:www
http.example.com
pc1
(empty)
(empty)
ftp:ftp
ftpp.example.com
pc1
(empty)
pc1
show gslb service-group
Description
Show FQDN group information.
Syntax
show gslb service-group group-name
[
cache |
dns-a-record |
dns-cname-record |
dns-mx-record |
dns-ns-record |
dns-ptr-record |
dns-srv-record |
dns-txt-record |
session [ip ipaddr | ipv6 ipv6addr] |
site-stat
]
Mode
All
show gslb service-ip
Description
Syntax
Example
Shows information for a GSLB service.
show gslb service-ip
{service-name | vipaddr | local-info | statistics}
Parameter
Description
service-name |
vipaddr
Specifies the service name or VIP address.
local-info
Shows local SLB virtual-server information.
statistics
Shows GSLB statistics for the service-IP.
The following command shows information for the “beijing” service:
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
86/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
ACOS# show gslb service-ip beijing
V = Is Virtual server, E = Enabled
P-Cnt = Count of Service Ports
Service-IP
Cnt Hits
IP
V E State
P-
------------------------------------------------------------------:Device1:beijing
0
2.1.1.10
Y Y UP
3
The following table describes the fields in the command output.
Field
Description
Service-IP
Device name and service IP name.
IP
IP address of the service.
V
Indicates whether the service IP is a virtual server IP
address (Y) or a real server IP address (N).
E
Indicates whether the service IP is enabled.
State
Indicates the service IP state: UP or DOWN.
P-Cnt
Number of service ports on the service IP.
Hits
Number of times the service IP has been selected.
show gslb service-port
Description
Show information about the GSLB service ports configured on the sites.
Syntax
show gslb service-port [local-info]
The local-info parameter displays local SLB virtual-port information.
Mode
All
Example
The following command shows information about all the configured GSLB service
ports.
ACOS# show gslb service-port
Attrs = Attributes, A-Svr = Active Real Servers
Cur-Conn = Current Connections
D = Disabled, P = GSLB Protocol, L = Local
Protocol
T = TCP, M = Manually Health check, * = Dynamic
Service-Port
Attrs State
Act-Svrs
Curr-Conn
------------------------------------------------------------------10.77.27.222:80
L
DOWN
0
0
10.10.10.1:80
DOWN
67.67.6.84:80
UP
1
0
67.67.6.82:21
UP
1
0
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
0
0
87/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
192.168.100.6:80
DOWN
0
0
The following table describes the fields in the command output.
Field
Description
Service-Port
Service IP address and service port number.
Attrs
Indicates whether the service port is reached using the
GSLB protocol or the local (SLB) protocol.
State
Indicates the service state: IP or DOWN.
Act-Svrs
Number of active real servers for the service.
Curr-Conn
Current number of connections to the service.
show gslb session
Description
Show cached GSLB policy selections.
Selections are cached on a zone:service basis. While a cached GSLB policy
selection is valid (that is, before it ages out), the cached selection is used for
subsequent requests from the same client for the same zone and service.
Syntax
Mode
show gslb session
[service-name ...] [zone zone-name]
[ip ipaddr {subnet-mask | /mask-length}]
[ipv6 ipv6addr {subnet-mask | /mask-length}]
[match domain-name]
Parameter
Description
service-name
Specifies a service name.
ip ipaddr {subnetmask | /mask-length}
Specifies a client host or subnet address.
match
Specifies a domain name to match to when
display­ing session information.
zone zone-name
Specifies a zone name.
All
show gslb site
Description
Show GSLB site information.
Syntax
show gslb site [site-name ...] [bw-cost] [statistics]
Parameter
Description
site-name
Displays information only for the specified site.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
88/97
8/24/22, 3:10 PM
Mode
Example
Global Server Load Balancing Guide
bw-cost
Displays BW-Cost information.
statistics
Displays statistics.
All
The following command shows information for GSLB site “Site1”:
ACOS# show gslb site Site1
Site
Device/server
VIP
Vport
State
Hits
------------------------------------------------------------------Site1
Device1 (device) 2.1.1.10
Up
1.2.2.2
0
21
Up
23
Up
80
Up
2.1.1.11
Up
0
21
Up
80
Up
2.1.1.12
Up
0
21
Up
23
Up
80
Up
serverB (server)
Up
0
3.1.1.10
80
Up
The following table describes the fields in the command output.
Field
Description
Site
GSLB site name.
Device/server
Device name and device IP address or real server name
and real server IP address.
VIP
Virtual IP address for the service.
Vport
Virtual port number.
State
Virtual port state.
Hits
Number of times the service IP was selected.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
89/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
The following table describes the fields in the command output when the bwcost option is used.
Example
Field
Description
Site
GSLB site name.
Template
SNMP template name.
Current
Current value of the SNMP object used for measurement.
Highest
Highest value of the SNMP object used for measurement.
Limit
Limit configured for the BW-Cost metric.
U
Indicates whether the site is usable, based on the BW-Cost
mea­surement.
Type
Data type of the SNMP object.
Len
Data length of the SNMP object.
Value
Value of the SNMP object.
TI
Time interval between measurements.
The following command shows GSLB site statistics:
ACOS# show gslb site statistics
Site
Hits
Last
------------------------------------------------------------------site1
14
2.1.1.10
site2
0
(empty)
site3
0
(empty)
site4
0
(empty)
The following table describes the fields in the command output when the
statistics option is used.
Field
Description
Site
GSLB site name.
Hits
Number of times the site was selected.
Last
Site that was most recently selected.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
90/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
show gslb slb-device
Description
Syntax
Show information about an SLB device used by GSLB.
show gslb slb-device
[
device-name |
local-info |
rdt active [device-name ... | ip ipaddr ...]
]
Parameter
Description
device-name
Displays information only for the specified SLB device.
local-info
Displays local SLB device information on a site SLB device.
rdt options
Displays aRDT data based on SLB device. Optional parameter includes:
• active – Displays data for aRDT. Optional parameter modifiers include:
• device-name – Displays aRDT data only for the specified device.
• ip ipaddr [...] – Displays aRDT data only for the specified clients.
By default, the full tree (all nodes) is displayed.
Mode
Example
All
The following command shows information about SLB device “Device1”:
ACOS# show gslb slb-device Device1
APF = Administrative Preference, Sub-Cnt = Count of ServiceIPs
Sesn-Uzn = Session Utilization
Sesn-Num = Number of Available Sessions
Device
Num
Sub-Cnt
IP
APF Sesn-Uzn Sesn-
----------------------------------------------------------------------------site1:Device1
3
1.2.2.2
200
0% 0
The following table describes the fields in the command output.
Field
Description
Device
Site name and device name.
IP
SLB device’s IP address.
APF
Administrative preference for the device.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
91/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Sesn-Uzn
Current session utilization on the device.
Sesn-Num
Number of sessions available on the device.
Sub-Cnt
Number of service IPs on the device.
show gslb state
Description
Show GSLB state information collected by GSLB debugging.
Syntax
show gslb state
Mode
All
Usage
To collect state information, enable GSLB debugging and use the state option.
(See the example below.)
Example
The following commands enable GSBL debugging with retention of state
information, and initiate display of the state information:
site-acos-1(config)# debug gslb state
site-acos-1(config)# show gslb state
show gslb statistics
Description
Show statistics for the GSLB protocol, for sites, or for zones.
Syntax
show gslb statistics {message | site | zone}
Mode
All
Usage
The show gslb statistics message command shows the same output as the show
gslb protocol command. Similarly, the show gslb statistics site command
shows the same output as the show gslb site statistics command, and the
show gslb statistics zone command shows the same output as the show gslb
zone statistics command.
Example
The following command shows statistics for the GSLB protocol:
ACOS# show gslb statistics message
GSLB site: site1
slb-dev: remote (20.20.20.2) Established
Session ID:
40576
Connection success:
4 |Connection failure:
0
Open packet sent:
4 |Open packet received:
1
Open session success:
1 |Open session failure:
3
Dropped sessions:
5101
0 |Update packet received:
Keepalive packet sent:
Notify packet sent:
1219 |Keepalive packet received:
1218
0 |Notify packet received:
0
Message Header Error:
0 |
0
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
92/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
GSLB site: site2
slb-dev: local (192.168.217.2) Established
Session ID:
104
Connection success:
1 |Connection failure:
1
Open packet sent:
1 |Open packet received:
1
Open session success:
1 |Open session failure:
0
Dropped sessions:
0 |Update packet received:
22
Keepalive packet sent:
2 |Keepalive packet received:
Notify packet sent:
1
0 |Notify packet received:
0
Message Header Error:
0 |
0
GSLB controller: 192.168.217.2 Established
Session ID:
104
Connection success:
0 |Connection failure:
0
Open packet sent:
1 |Open packet received:
1
Open Sent
1 |Open session failure:
0
Dropped sessions:
0 |Update packet sent:
22
Keepalive packet sent:
2 |Keepalive packet received:
Notify packet sent:
1
0 |Notify packet received:
0
Message Header Error:
0 |
0
show gslb zone
Description
Syntax
Show GSLB zone information.
show gslb zone [zone-name]
[dns-info] [dns-mx-record] [dns-ns-record] [dns-soa-record]
[site]
[statistics]
Parameter
Description
zone-name
Displays information only for the specified
zone.
dns-info
Displays the DNS information for the zone.
dns-mx-record
Displays the MX records for the zone(s).
dns-ns-record
Displays the name server records for the
zone(s).
dns-soa-record
Displays the start-of-authority records for the
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
93/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
zone(s).
Mode
Example
site
Displays statistics for the zone(s) by related
site.
statistics
Displays statistics for the zone(s).
All
The following example shows information for zone “example.com”:
ACOS# show gslb zone 123.com
Zone
Service
Policy
TTL
-----------------------------------------------------------------------------example.com
www
20
http:www
www
20
ftp:ftp
ftp
30
The following table describes the fields in the command output.
Example
Field
Description
Zone
Zone name.
Service
Service type and service name.
Policy
GSLB policy name.
TTL
DNS TTL value set by GSLB in DNS replies to queries for
the zone address.
The following command shows MX records for zones:
ACOS# show gslb zone dns-mx-record
Pri = Priority,
Last = Last Server
Owner
MX-Record
Pri
Hits
Last
----------------------------------------------------------------------------mail.abc.com:smtp
mail1.abc.com
0
mail2.xyz.com
0
10
The following table describes the fields in the command output.
Field
Description
Owner
Zone and service name to which the MX record
belongs.
MX-Record
Name of the MX record.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
94/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Example
Pri
Priority (preference) set for the MX record.
Hits
Number of times the record has been used.
Last
Most recent time the record was used.
The following command shows GSLB zone statistics:
ACOS(config-gslb zone-gslb service)# show gslb zone example.com statistics
GSLB Zone example.com:
Total Number of Services configured: 1
Rcv-query = Received Query, Sent-resp = Sent Response
M-Proxy = Proxy Mode, M-Cache = Cache Mode
M-Svr = Server Mode,
M-Sticky = Sticky Mode
M-Backup = Backup Mode
Service
Rcv-query
Sent-resp
M-Proxy
M-Cache
M-Svr
M-Sticky M-Backup
-------------------------------------------------------------------------------http:www
0
Total
0
0
0
0
0
0
0
0
12
0
0
12
0
The following table describes the fields in the command output.
Field
Description
GSLB Zone
Zone name.
Total Number of Services configured
Number of GSLB services configured for the zone.
Service
Service type and service name.
Rcv-query
Number of DNS queries received for the service.
Sent-resp
Number of DNS replies sent to clients for the service.
M-Proxy
Number of DNS replies sent to clients by the ACOS device as a
DNS proxy for the service.
M-Cache
Number of cached DNS replies sent to clients by the ACOS
device for the service. (applies only if the DNS cache option is
enabled in the pol­icy.)
M-Svr
Number of DNS replies sent to clients by the ACOS device as a
DNS server for the service. (This statistic applies only if the DNS
server option is enabled in the policy.)
M-Sticky
Number of DNS replies sent to clients by the ACOS device to
keep the clients on the same site. (This statistic applies only if the
DNS sticky option is enabled in the policy.)
M-Backup
Number of DNS replies sent to clients by the ACOS device using
a backup record.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
95/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
Clear Command
The following GSLB clear command is available:
• clear gslb
clear gslb
Description
Syntax
Clear statistics or reset functions. Sub-command parameters are required for specific
sub-commands.
clear gslb {options}
Options
Description
all
Clears all GSLB statistics.
cache
Clears the GSLB DNS cache.
debug
Clears debug statistics.
fqdn
Clears FQDN statistics.
geo-location
Clears geo-location statistics.
group
Clears GSLB group statistics.
ip-list
Clears IP-list statistics.
memory
Clears memory statistics.
protocol
Clears GSLB protocol statistics.
rdt
Clears RDT samples.
samples
Clears aRDT samples.
server
Clears server statistics.
service
Clears service statistics.
service-group
Clears service group statistics
service-group-session
Clears service-group-session statistics
session
Clears GSLB sessions.
site
Clears site statistics.
slb-device
Clears SLB device samples.
statistics options
Clears message, site, or zone statistics.
zone
Clears zone statistics.
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
96/97
8/24/22, 3:10 PM
Global Server Load Balancing Guide
https://documentation.a10networks.com/ACOS/414x/ACOS_4_1_4/html/gslb-Responsive HTML5/gslb/gslb_cli/gslb_cli.htm
97/97