GSLB Service Configuration

Introduction

Within a single Avi GSLB configuration, a set of identical services running at multiple sites can be formed into a GSLB service. This article shows the steps to take to perform the configuration. When editing pre-existing GSLB services, screens and their parameters are analogous to those documented herein.

Prerequisite

You must login as a user who has write access to GSLB Services, as shown in GSLB section of this display of the Tenant-Admin role.

Write access is required

Avi UI GSLB Service Basic Setup

Navigate to Applications > GSLB Services as shown below.


Starting point for GSLB service creation within the Avi UI

Click on Create option, and select the Basic Setup option.


GSLB service basic setup editor

  • Name – The GslbService object parameter that will appear in other UI screens; a terse way by which to refer to the global application from within Avi Vantage

  • Application Name – This field concatenated with the Subdomain forms the FQDN of the application.

  • Subdomain – This field’s pulldown menu is prepopulated with the subdomains associated with the GSLB configuration. Add or subtract to the set by navigating to Infrastructure > GSLB > Site Configuration.
    Notes:
    • When first entered, a subdomain should take the form alpha.beta.com. When it appears in the pulldown, Avi Vantage automatically prefixes it with a dot.
    • To support aliasing, a GSLB service could have one or more FQDns associated with it. For example, www.foo.com and www.foo.us may point to the same GSLB service. Aliasing avoids having to create multiple identical GSLB services.
  • Health Monitor – If it is desired to have the DNS Service Engine generate synthetic traffic via which to mark a service up or down, this field specifies which monitor to use. Five are included by default and automatically appear in the pulldown list: System-GSLB-UDP, System-GSLB-HTTPS, System-GLSB-HTTP, System-GSLB-TCP and System-GSLB-Ping. The pulldown list includes a green Create option via which to define yet another monitor. Alternatively, navigate to Templates > Profiles > Health Monitors to define a custom monitor for use with the global application.

  • Health Monitor Scope – By default, health monitors will assess the health of all GSLB pool members, be they Avi virtual services or external (third-party) VIPs. Choose Only Non Avi Members if you believe data-path monitoring of Avi members is redundant to the control-path health monitoring that may be in play.

  • Controller Health Status – The default is to assess the health of Avi member services by collecting VS health status from their local Avi Controllers. This option is irrelevant to external VIPs, whose health can only be assessed via data-path health checks.

  • Groups Load Balancing Algorithm – The load balancing algorithm will pick a GSLB pool within the GSLB service list of available pools. Choose one of two algorithms, priority- or geolocation-based.

  • Minimum number of Servers – The minimum number of members to which to distribute traffic. If non-zero, this value ranges from 1 to 65535. Zero is a special case; it disables limiting.

  • Site Persistence – Check this box to enable site persistence for the GSLB service. Learn more by reading GSLB Site Cookie Persistence.

  • Application Persistence Profile – Click on Create to launch an editor to create a new Site Cookie Application Persistence profile.
    application-profile

  • Select Group Type – Select the behavior for pools. Only if the default Active Active is chosen may you select one of four load balancing algorithms.

  • Pool Members Load Balancing Algorithm – For Active Active pool configurations, choose a load balancing algorithm that will pick a local member within the GSLB services list of available members. Your choices are Round Robin (the default), Consistent Hash, Geo or Topology.

  • IP Address/Virtual Service

    Accept Virtual Service (the default) to identify a native Avi Vantage virtual service. If IP Address is selected, a different set of options appear; these are explained in the list of steps following this list.

    Choose IP Address to identify an external (third-party) GSLB pool member. Refer to the related Avi GSLB in an AWS Multi-Region, Multi-AZ Deployment and Third-Party Site Configuration and Operations articles.

    Note: A third-party Controller — redundantly configured or not — is optional for third-party members. If you have chosen IP Address, skip the following steps.

  • Site Cluster Controller – To identify a native Avi virtual service, it is first required to select its Controller via this field. The Controller must be pre-configured for its name to be present in the drop-down list.

  • Virtual Service – This field only appears after a site cluster Controller has been chosen. Select a pre-configured VS from the drop-down list.

  • Public IP Address – This is an alternative IP address for the pool member. In usual deployments, the VIP in the virtual service is a private IP address; it gets configured in the IP field of the GSLB service. In this field you can identify the public IP address for the VIP; it will get translated to the private IP by a firewall. Client DNS requests coming in from the intranet should have the private IP served in the A record, while requests from outside should be served the public IP address. Learn more by reading the NAT-aware Public-Private GSLB Configuration article.

  • Description – Insert into this free-form field whatever comments you like.

  • Add GSLB Pool Member – After the first (minimum required) member service has been defined for the GSLB pool, click this hyperlink to create an additional one.

If IP Address was selected in the above steps to identify an external pool member, the below alternative display will appear. Follow the below steps instead of the options shown above.


if pool member external.png

  • IP Address or FQDN – The external pool member is configured with a fully qualified domain name, which is resolved to an IP address by the Controller. The DNS service health monitors the resolved address while returning the FQDN(cname).

  • Third-party Site Cluster Controller – From the drop-down, select the third-party site name to which the third-party VIP is to be associated.

  • Public IP Address– This is an alternative IP address for the pool member. In usual deployments, the VIP of the third-party service is a private IP address; it gets configured in the IP field of the GSLB service. In this field you can identify the public IP address for the VIP; it will get translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, while requests from outside should be served the public IP address.

  • Description – Insert into this free-form field whatever comments you like.

  • Add GSLB Pool Member – After the first (minimum required) member service has been defined for the GSLB pool, click this hyperlink to create an additional one.

Avi UI GSLB Service Advanced Setup

Familiarize yourself with the parameters which can be set in the basic setup, as outlined above. Then read this section, which highlights the additional parameters exposed via the advanced setup editor.
Navigate to Applications > GSLB Services as shown below.

Starting point for GSLB service creation within the Avi UI

Click on the green Create button, and select the Advanced Setup option. Notice the Pool Member section of the basic setup editor has been replaced by the GSLB pool section shown below.

GSLB service advanced setup editor

Clicking the pencil icon in the above screen opens the GSLB Pool editor, which exposes additional options not available in the Basic Setup editor. The editor is described in a subsequent section. As for the other fields in the above window:

  1. Priority – The DNS service chooses the pool with the highest priority that is operationally up. The value of this optional parameter ranges between 0 and 100. Non-unique values among groups is allowed. It may be left unset. The value of 10 is merely a placeholder.
  2. LB Algorithm – For Active Active pool configurations, choose either round-robin (the default), consistent hash, geo or topology.
  3. Number of IPs returned by DNS Service – If 0, then all IP addresses are returned; otherwise, one may specify a count between 1 and 20.
  4. TTL served by DNS service – If the default from the DNS service is not suitable, a value between 1 and 86400 seconds may be chosen for all DNS records served on behalf of all GSLB pool members.
  5. Down Response – When the service is down, this field will govern the response from the DNS. One may choose no response, an empty response, a fallback IP, or a response containing all records.

GSLB Pool Editor

The window the editor displays offers slightly different options, depending upon how one identifies the GSLB pool member in the Pool Member section of the editor window.

Identifying GSLB Pool Member by IP Address


Additional pool options are available in the GSLB service advanced setup editor - this is the case where IP address has been checked

  1. IP Address or FQDN – The pool member can be identified by its IP address or an FQDN that is resolved to an IP address by the Controller. The DNS service will monitor the health of the resolved IP address. If the user has configured an IP address (in addition to the FQDN), then the IP address will get overwritten whenever periodic FQDN refresh is done by the Controller.
  2. Third-party Site Cluster Controller – Refer to the Third-Party Site Configuration and Operations article.
  3. Public IP Address – This field is used to host the public IP address for the virtual service. It gets translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, and requests from outside should be served the public IP address.
  4. Enabled – Defaulted ON so that the IP address of this member will be provided in DNS responses. </li>
  5. Ratio – This field overrides the default ratio of 1. It reduces the percentage the load-balancing algorithm would pick the GSLB pool member in relation to its peers. The allowed value ranges between 1 and 20.
  6. Geo Location Source – Specify the geo location source or set the User Configured option from the pulldown to enter data about a particular location. Refer to Geolocation-based Load Balancing Algorithm for GSLB Members for more details.
    The fields to supply if defining a location on the fly are shown below.

    Fields for user-configured location

  7. Description – Insert into this free-form field whatever comments you like.

Identifying GSLB Pool Member by Virtual Service


Additional pool options are available in the GSLB service advanced setup editor - this is the case where virtual service has been checked

  • Site Cluster Controller– Cluster UUID of the site.

  • Public IP Address – This field is used to host the public IP address for the virtual service. It gets translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, and requessts from outside should be served the public IP address.

  • Enabled – Defaulted ON so that the IP address of this member will be provided in DNS responses.

  • Ratio – Overrides the default ratio of 1. It reduces the percentage the load-balancing algorithm would pick the GSLB pool member in relation to its peers. The value ranges between 1 and 20.

  • Geo Location Source – Specify the geo location source or set the User Configured option from the pulldown to enter data about a particular location. Refer to Geolocation-based Load Balancing Algorithm for GSLB Members for more details.
    The fields to supply if defining a location on the fly are shown below.

    Fields for user-configured location

  • Description – Insert the desired description.

A record addition for a CNAME query

Starting with 18.2.5, Avi Vantage supports A record addition for a common name (CNAME) query.

Use Case

When a static CNAME record is configured on a DNS virtual service and Avi Vantage is required to resolve that CNAME when a client query for that CNAME comes in.

For example if a query comes in for abc.foo.com and a CNAME record is configured for that FQDN (abc.foo.com -> abc.test.foo.com).

Using this feature, Avi Vantage returns the CNAME record and resolve the DNS query using the back-end pool and returns A record.

Enabling Resolve CNAME

Login to Avi CLI and use the resolve_cname flag under configure gslbservice mode to enable or disable A record addition for a CNAME query.


[admin:ctlr-1]: > configure gslbservice <gslb service name
[admin:ctlr-1]: gslbservice> resolve_cname
</code>

To disable use the no resolve_cname.


[admin:ctlr-1]: gslbservice> resolve_cname

References