GSLB Service Configuration

Introduction

Within a single Avi GSLB configuration, a set of identical services running at multiple sites can be formed into a GSLB service. This article explains various methods and options available to configure GSLB service.

Prerequisite

  • A user with write access is required to configure GSLB Services, as shown below in the GSLB section of the Tenant-Admin role.

    Write access is required

Configuring GSLB Service Basic Setup using Avi UI

  1. Navigate to Applications > GSLB Services as shown below.


    Starting point for GSLB service creation  within the Avi UI

  2. Click on the Create option, and select the Basic Setup option.


    GSLB service basic setup editor

  • Name – The GslbService object parameter that will appear in other UI screens. This is a reference to the global application hosted on Avi Vantage

  • Application Name – This field concatenated with the Subdomain forms the FQDN of the application.

  • Subdomain – This drop-down menu is pre-populated with the subdomains associated with the GSLB configuration. Add or subtract to the set by navigating to Infrastructure > GSLB > Site Configuration.

    Notes:

    • When first entered, a sub-domain should take the form alpha.beta.com. When it appears in the pulldown, Avi Vantage automatically prefixes it with a dot.
    • To support aliasing, a GSLB service could have one or more FQDNs associated with it. For example, www.foo.com and www.foo.us may point to the same GSLB service. Aliasing avoids having to create multiple identical GSLB services.
  • Health Monitor – If it is desired to have the DNS Service Engine generate synthetic traffic via which to mark a service up or down, this field specifies which monitor to use. Five are included by default and automatically appear in the drop-down list:
  • System-GSLB-UDP
  • System-GSLB-HTTPS
  • System-GLSB-HTTP
  • System-GSLB-TCP
  • System-GSLB-Ping.

Use the Create option to create a custom monitor. Alternatively, navigate to Templates > Profiles > Health Monitors to define a custom monitor for use with the global application.

  • Health Monitor Scope – By default, health monitors will assess the health of all GSLB pool members (Avi virtual services or external (third-party) VIPs). Choose Only Non Avi Members if the data-path monitoring of Avi members is redundant to the control-path health monitoring.

  • Controller Health Status – The default is to assess the health of Avi member services by collecting virtual service health status from their local Avi Controllers. This option is irrelevant to external VIPs, whose health can only be assessed via data-path health checks.

  • Groups Load Balancing Algorithm – The load balancing algorithm picks a GSLB pool within the GSLB service list of available pools. Choose one of two algorithms, priority- or geolocation-based.

  • Minimum number of Servers – The minimum number of members to which to distribute traffic. If non-zero, this value ranges from 1 to 65535. Zero is a special case; it disables limiting.

  • Site Persistence – Check this box to enable site persistence for the GSLB service. For more information, refer to GSLB Site Cookie Persistence.

  • Application Persistence Profile – Click on Create to launch an editor to create a new Site Cookie Application Persistence profile.
    application-profile

  • Select Group Type – Select the behavior for pools. If the default Active Active is chosen, one of four load balancing algorithms can be chosen.

  • Pool Members Load Balancing Algorithm – For Active Active pool configurations, choose a load balancing algorithm that will pick a local member within the GSLB services list of available members. The following are the options:
    • Round Robin(the default)
    • Consistent Hash
    • Geo
    • Topology
  • IP Address/Virtual Service

    Accept Virtual Service (the default) to identify a native Avi Vantage virtual service. If the IP Address is selected, a different set of options appear; these are explained in the list of steps following this list.

    Choose IP Address to identify an external (third-party) GSLB pool member. Refer to the related Avi GSLB in an AWS Multi-Region, Multi-AZ Deployment and Third-Party Site Configuration and Operations articles.

    Note: A third-party Controller — redundantly configured or not — is optional for third-party members. If you have chosen the IP Address option, skip the following steps.

  • Site Cluster Controller – To identify a native Avi virtual service, it is first required to select its Controller via this field. The Controller must be pre-configured for its name to be present in the drop-down list.

  • Virtual Service – This field only appears after a site cluster Controller has been chosen. Select a pre-configured virtual service from the drop-down list.

  • Public IP Address – This is an alternative IP address for the pool member. In usual deployments, the VIP in the virtual service is a private IP address; it gets configured in the IP field of the GSLB service. In this field you can identify the public IP address for the VIP; it will get translated to the private IP by a firewall. Client DNS requests coming in from the intranet should have the private IP served in the A record, while requests from outside should be served the public IP address. For more information, refer to NAT-aware Public-Private GSLB Configuration article.

  • Description – Insert into this free-form field whatever comments you like.

  • Add GSLB Pool Member – After the first (minimum required) member service has been defined for the GSLB pool, click this hyperlink to create an additional one.

If IP Address was selected in the above steps to identify an external pool member, the below alternative display will appear. Follow the below steps instead of the options shown above.


if pool member external.png

  • IP Address or FQDN – The external pool member is configured with a fully qualified domain name, which is resolved to an IP address by the Controller. The DNS service health monitors the resolved address while returning the FQDN(cname).

  • Third-party Site Cluster Controller – From the drop-down, select the third-party site name to which the third-party VIP is to be associated.

  • Public IP Address– This is an alternative IP address for the pool member. In usual deployments, the VIP of the third-party service is a private IP address; it gets configured in the IP field of the GSLB service. In this field you can identify the public IP address for the VIP; it will get translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, while requests from outside should be served the public IP address.

  • Description – Insert into this free-form field whatever comments you like.

  • Add GSLB Pool Member – After the first (minimum required) member service has been defined for the GSLB pool, click this hyperlink to create an additional one.

Avi UI GSLB Service Advanced Setup

This section discussed the additional parameters available using the advanced setup option on Avi UI.
Navigate to Applications > GSLB Services as shown below.

Starting point for GSLB service creation within the Avi UI

Click on Create, and select the Advanced Setup option. Notice the Pool Member section of the basic setup editor has been replaced by the GSLB pool section shown below.

GSLB service advanced setup editor

Clicking the pencil icon in the above screen opens the GSLB Pool editor, which exposes additional options not available in the Basic Setup editor. The editor is described in a subsequent section. As for the other fields in the above window:

  1. Priority – The DNS service chooses the pool with the highest priority that is operationally up. The value of this optional parameter ranges between 0 and 100. Non-unique values among groups are allowed. It may be left unset. The value of 10 is merely a placeholder.
  2. LB Algorithm – For Active Active pool configurations, choose either round-robin (the default), consistent hash, geo or topology.
  3. Number of IPs returned by DNS Service – If 0, then all IP addresses are returned; otherwise, one may specify a count between 1 and 20.
  4. TTL served by DNS service – If the default from the DNS service is not suitable, a value between 1 and 86400 seconds may be chosen for all DNS records served on behalf of all GSLB pool members.
  5. Down Response – When the service is down, this field will govern the response from the DNS. One may choose no response, an empty response, a fallback IP, or a response containing all records.

GSLB Pool Editor

The window the editor displays offers slightly different options, depending upon how one identifies the GSLB pool member in the Pool Member section of the editor window.

Identifying GSLB Pool Member by IP Address


Additional pool options are available in the GSLB service advanced setup editor - this is the case where IP address has been checked

IP Address or FQDN – The pool member can be identified by its IP address or an FQDN that is resolved to an IP address by the Controller. The DNS service will monitor the health of the resolved IP address. If the user has configured an IP address (in addition to the FQDN), then the IP address will get overwritten whenever the periodic FQDN refresh is done by the Controller. </li>

  • Third-party Site Cluster Controller – Refer to the Third-Party Site Configuration and Operations article.
  • Public IP Address – This field is used to host the public IP address for the virtual service. It gets translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, and requests from outside should be served the public IP address.
  • Enabled – Defaulted ON so that the IP address of this member will be provided in DNS responses. </li>

  • Ratio – This field overrides the default ratio of 1. It reduces the percentage the load-balancing algorithm would pick the GSLB pool member associated with its peers. The allowed value ranges between 1 and 20.
  • Geo Location Source – Specify the geo location source or set the User Configured option from the pulldown to enter data about a particular location. Refer to Geolocation-based Load Balancing Algorithm for GSLB Members for more details.
    The fields to supply if defining a location on the fly are shown below.

    Fields for user-configured location

  • Description – Insert into this free-form field whatever comments you like.
  • </ol>

    Identifying GSLB Pool Member by Virtual Service


    Additional pool options are available in the GSLB service advanced setup editor - this is the case where virtual service has been checked

    • Site Cluster Controller– Cluster UUID of the site.

    • Public IP Address – This field is used to host the public IP address for the virtual service. It gets translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, and requests from outside should be served the public IP address.

    • Enabled – Defaulted ON so that the IP address of this member will be provided in DNS responses.

    • Ratio – Overrides the default ratio of 1. It reduces the percentage the load-balancing algorithm would pick the GSLB pool member associated with its peers. The value ranges between 1 and 20.

    • Geo Location Source – Specify the geo location source or set the User Configured option from the pulldown to enter data about a particular location. Refer to Geolocation-based Load Balancing Algorithm for GSLB Members for more details.
      The fields to supply if defining a location on the fly are shown below.

      Fields for user-configured location

    • Description – Insert the desired description.

    Hostname Field for GSLB Pool Member (Starting with 18.2.6 release)

    Starting with release 18.2.6, Avi Vantage supports the configuration of a hostname field for GSLB pool members. If configured, this field is used as the host header in GSLB HTTP and HTTPS health monitor. CNAME/FQDN is used in the GSLB monitor if the hostname field is not configured.

    Configuring hostname field using Avi CLI

    Login to the Avi CLI and use the hostname <hostname_string> command under select gslbservice mode to use hostname for GSLB monitor for the desired GSLB service. The detailed steps are mentioned below:

    1. Select GSLB service.

      
      [admin:ctlr-1]: > configure gslbservice <gslb service name>
      
    2. Identify pool(group) index using where command:
      
      
      
      [admin:ctlr-1]: gslbservice> where
      
      ------------------------------------------------------------------------------------+
      
      Field 
      
      Value 
      
      ------------------------------------------------------------------------------------+
      
      uuid gslbservice-ebdd873c-85e8-41d5-be5d-7f0145c68831 
      
      name gs1 
      
      domain_names[1] abcd.com 
      
      groups[1] 
      
      name  gs1-pool 
      
      priority 9 
      
      algorithm GSLB_ALGORITHM_ROUND_ROBIN 
      
      members[1] 
         
      ip 10.140.61.13 
         
      ratio 1 
         
      enabled True 
        
      hostname  xyz 
        
      enabled True 
         
      down_response 
        
      type GSLB_SERVICE_DOWN_RESPONSE_NONE 
         
      health_monitor_refs[1] System-GSLB-HTTPS 
         
      controller_health_status_enabled True 
         
      

      In above example 1 is the index value for gs-pool1.

    3. Use the group index command to select the desired pool.

      
      [admin:ctlr-1]:gslbservice> groups index <pool_index>
      
    4. Identify pool member index using where command:
      
      [admin:ctlr-1]:gslbservice:groups> where
      
       ----------------------------------------+
      
       Field 
      
       Value 
      
       ----------------------------------------+
      
       name  gs1-pool 
      
       priority 9 
      
       algorithm GSLB_ALGORITHM_ROUND_ROBIN 
      
       members[1]
          
       ip 10.140.61.13 
          
       ratio 1 
          
       enabled True 
      
       hostname xyz 
      
       enabled True 
      
       ----------------------------------------+
       

      In above example pool member(10.140.61.13) index is 1

    5. Select pool member using the index value.

      
      [admin:ctlr-1]:gslbservice:groups> members index <pool_memeber_index>
      
    6. Configure hostname once the pool member is selected.

      
      [admin:ctlr-1]:groups:members> hostname <hostname_string>
      
    7. Save the configuration (pool member configuration)
      
      [admin:ctlr-1]:groups:members>save pool -> save gslbservice
      

    Note: Starting with release 18.2.6, SNI extension is also supported for GSLB HTTPS health monitor. In this method, the hostname is used as the server name. If the hostname is not configured, CNAME or FQDN is used for the health monitor.

    Avi UI Changes in 18.2.6 for GSLB Service Configuration

    The option to create a GSLB pool is same as previous to 18.2.6. Following is the navigation path to create the same.

    Infrastructure > GSLB Service > Add Service > Advanced > Add Pool. add-pool

    Starting with Avi Vantage release 18.2.6, location for the load balancing algorithm for pool and group has been changed for the basic and advanced set-up.

    The options available under GSLB service creation have changed with Avi Vantage release 18.2.6. The following is the navigation path to create a GSLB basic service. Infrastructure > GSLB Service > Add Service > Basic.

    18.2.6 Avi UI has options for Application name, Subdomain, and Pool Members Load Balancing Algorithm. Below is the screenshot of Avi UI for a GSLB service creation when the active-active mode is selected and the Pool Members Load Balancing Algorithm is set as Geo.

    new-gslb-selected-geo

    • Pool Members Load Balancing Algorithm is available regardless of the GSLB mode chosen (active-active or active-standby).

      active-standby-new

      Prior to 18.26, this option was only available if the active-active mode was selected.

      old-active-standby

    • Fallback algorithm option is available now while creating a GSLB service using the Basic option from Avi UI.

    • Group Type selection is available with Groups Load Balancing Algorithm dropdown. Only Groups Load Balancing Algorithm dropdown is available if Active-Active mode is selected.

    • Pool Members Fallback Load Balancing Algorithm dropdown is available when Geo is selected as the load balancing algorithm for pool members.

    Prior to 18.2.6 release, it was available under GSLB Service > Create > Advanced > Add Pool.

    Changes to Avi UI Access based on Privileges

    Starting with 18.2.6, if the privilege setting for the GSLB configuration is set to No Access and the privilege for the GSLB Service is set to Read or Write, the GSLB Services tab on the Avi UI is accessible.

    The following are the additional features available but with some limitations as mentioned below:

    • The access mentioned above is available only in a Read only mode. You will not be able to edit existing GSBL Services or create a new GSLB service.
    • You will be able to view the table, click on the Service, and see Member Status and Events sub-tabs, but not the FQDN Insights subtab.
    • The Create option is greyed out, with hover text reading: GSLB Config permissions must be set to read or write to create a GSLB Service.

    The following are the options which remain the same:

    • If the privileges for the GSLB Service is set to Read only mode, and GSLB Configuration is Read or Write, then you will still be in Read only mode, but FQDN Insights sub-tab will be available.

    • If GSLB Services is set to No Access, the entire GSLB Services tab is not available.

    • If the GSLB Service permission is set to Write, but the service site is a child site, the Create option will be greyed out, and the Avi UI exhibits GSLB Site {Leader Site Name} is the leader.

    References