global server load balancing

Global Server Load Balancing {GSLB}Global Server Load Balancing {GSLB}

Presented By Don Williams

Manager Escalation / TRM

Citrix Application Networking Group

Assistant Presenter

Seema Vaibhav Dubey

Lead Escalation Engineer/TRM


Presented By Don Williams

Manager Escalation / TRM


Assistant Presenter

Seema Vaibhav Dubey

Lead Escalation Engineer/TRM


2© 2007 Citrix Systems, Inc. — All rights reserved

Agenda

GSLB Overview

GSLB Operation

Decision Logics

Configuration

Demonstration


GSLB Overview

• Load balances services between geographically distributed locations

• Typical uses include:• Distribution of network traffic across multiple sites• Reduction of application latency• Distribution of server load across multiple sites• Disaster recovery

• Operates under many of the same general principles as LB but relies on DNS for directing client requests

• GSLB is a way to share the state & status of various geographically distributed servers and balance the load


DNS Features• Record Types

• AAAA, A, CNAME, NS, PTR, SRV, SOA

• Recursion• Ability to look up addresses not owned by the NS

• Negative Caching• Only happens in proxy mode

• Any Queries• Respond to queries with type any

• Delegation with NS records

• DNS Views• Internal and External clients

• Interface DNS expression

• Interface throughput


Agenda

GSLB Overview

GSLB Operation

Decision Logics

Configuration

Demonstration


GSLB Typical DesignGlobal Server Load Balancing (GSLB) addresses the needs of a distributed

Internet environment with Citrix NetScaler systems located in different

geographic locations

Florida

www.testlab.com Vgslb

VslbA

192.168.100.11:80

172.206.65.10:80

172.206.65.11:80

Atlanta VslbB

192.168.100.12:80

svc1a

svc2a

svc1bsvc2b

Private IP

172.22.8.100:80

Private IP

172.22.8.200:80

Public IP

1.1.1.1

Public IP

2.2.2.2

Allows to configure the system to direct DNS requests, from a client, to

the best performing GSLB Site in a distributed Internet environment


GSLB Entities

• Built on NetScaler load balancing environment and entity model

• GSLB entities in the NetScaler environment (descending hierarchy)GSLB domain: Publicly resolvable domain (zone) the GSLB

deployment responds as

GSLB site: Top level entity for linking remote sites, sharing monitoring data. IP needs to be an NS owned address (MIP, SNIP)

GSLB vserver: Linked to GSLB services, is the decision intermediary for directing clients’ requests to one of the site’s LB vservers.

GSLB service: Monitoring link to the vserver to be load balanced

vserver: Represents the servers and services being LB’d to clients

service: Links to & monitors the service/server (http, https, etc) fronted by the vserver


GSLB Communications: Monitoring

• MEP: Metric Exchange Protocol• Netscaler Internal Protocol to exchange state and health information

over a TCP session, enabled by default

• Connection establishment involves a secure RPC method

• Connection is initiated from Lower site IP using NSIP by default

• Port 3011 or 3009 {secure} on site’s public IP needs to be allowed on any blocking firewall

• Site to site monitoring• Distributes site metrics, network metrics, persistence information

• DNS queries get best suited response based on configured algorithm and information gathered through MEP


GSLB Communications: Monitoring

• MEP can be disabled, but limits GSLB methods to RR, static proximity, source IP hash. All other methods revert to RR when MEP is off/inactive.

set gslb site siteA –metricExchange DISABLED

• Monitoring• Only states Up or Down are learnt

• Status is assumed to be equally good

• Each DNS query gets the IP address of various participating GSLB sites in a round robin fashion

• Advanced Monitors• Extended Content Verification {ECV}

• User Scriptable Monitors


GSLB MEP Dependencies

GSLB Methods MEP Enabled MEP Disabled

Active *InActive

Round Robin As Defined As Defined As Defined

Static Proximity As Defined As Defined As Defined

SRCIP Hash As Defined As Defined As DefinedRTT(Dynamic

Proximity) As Defined RR RR

Least Conns As Defined RR RR

Least Packets As Defined RR RR

Least Bandwidth As Defined RR RR

Least Response As Defined RR RR

* In the preceding table, MEP is enabled but is inactive due to external factors. For example, bad network connections, firewalls dropping packets, or mismatch in MEP configuration.


DNS Methods

• Authoritative config: NetScaler answers the DNS query• Each NetScaler is locally configured for an authoritative GSLB domain.

Create DNS records for each site in the configuration

• Supported DNS record types: NS, A, AAAA, CNAME, MX, PTR, SRV and SOA

• Zone transfers not supported

• One or all NetScalers can be set to participate as authoritative

• Proxy config: NetScaler passes domain requests to backend DNS server• If the NetScaler is authoritative for the requested zone, the NetScaler

responds to the query

• If the request is for a zone that is within the GSLB domain, the NetScaler responds with the address of optimal vserver in GSLB domain


DNS Options• DNS response options (set per gslb vserver)

• MIR: Multi-IP Response, lookup returns all active VIPs with optimal VIP first in the response

• EDR: Empty Down Response, if returned VIP is down, send positive response but no records

• Backup Site • A site can be assigned to take over when all primary sites are

down> bind gslb vserver gslb_VIP_A –domain www.gslbdomain.com –backupip 205.18.145.12

• When all the services behind this vserver go down, the GSLB domain will resolve to the backup site’s IP address

12


DNS views

• Internal and External clients• add dns view privatesubnet

• bind gslb service GSLB_SVC1 -view privatesubnet 192.168.10.25

• add dns policy pol1 "CLIENT.IP.SRC.IN_SUBNET(192.168.0.0/16)" -view privatesubnet

• bind dns global pol1 1

• Interface DNS expression• Answer based on the interface the request entered

• Interface throughput• Answer based on the throughput of the interface


Agenda

GSLB Overview

GSLB Operation

Decision Logics

Configuration

Demonstration


GSLB Decision Logics

• Round Robin

• Static Proximity

• Source IP Hash

• Dynamic Proximity {RTT}

• Least methods

• Connections

• Packets

• Bandwidth

• Response


GSLB Decision Logics: Weighted Load Balancing

• Sites may have different infrastructure (Quantity and Capacity of Servers, bandwidth, etc)

• GSLB will send DNS responses in the ratio of weights associated with sites

• Site weight can be calculated dynamically by making it proportional to back end service count or weight


GSLB Decision Logics: Policy Based• Bypass the configured site selection algorithm

• User defined qualifying expressions

• Define policies and actions• Even though LDNS is geographically closer to site-1, point to site-2, where the servers are

less loaded than site-1

• Site Affinity via GSLB Policies• Evaluation of attributes on incoming client LDNS requests to

conditionally direct clients to a specific GSLB site

• Requires content filtering be enabled

• Always globally applied in GSLB


GSLB Decision Logics: Proximity Methods • Allows for faster response resulting from

selection of the closest available site• Dynamic Network Proximity (RTT)

• Determine site to send client to based on client’s local DNS (LDNS) proximity to various sites

• Gauged by Round Trip Time to the LDNS host• RTT tolerance factor, LDNS mask & entry timeout used to modify RTT further

• Static Proximity• Determine site to direct client to based on proximity to geographic locations in a

static location database

• Use location commands in configuring and populating the location DB

• Proximity methods require a specific license


GSLB Decision Logics: Persistence

• Site Persistence• Ensure LDNS requests are sent the same site and not load

balanced

• Source IP persistence set with: > set gslb vserver gslbvip -persistenceType SOURCEIP –persistenceID <positive_integer>

• Cookie based persistence and connection proxy• Allows setting HTTP level persistence

• Configured on local gslb services with options: -SitePersistence ConnectionProxy

-cookieTimeout <integer>

-CIP ENABLED <cipheader>


Agenda

GSLB Overview

GSLB Operation

Decision Logics

Configuration

Demonstration


Configuration StepsSteps for Basic Configuration via CLI

1. Create GSLB sites

> add gslb site siteA LOCAL 172.22.8.10

> add gslb site siteB REMOTE 172.22.8.11note: If you want them to use secure connections you must enable this after you add the sites

set ns rpcNode <ip_addr> -secure yes

2. Configure LoadBalancing

> add lb vserver vs1 http 172.22.8.200

> add service svc1 192.168.10.25 http 80

> bind lb vserver vs1 svc1


Configuration Steps con’t3. Configure GSLB Load Balancing

> add server GSLB_SRV1 172.22.8.200> add server GSLB_RMT1 172.22.8.100> add gslb vserver GSLB_VS1 http –lbmethod ROUNDROBIN> add gslb service GSLB_SVC1 172.22.8.200 http 80 –

siteName siteA> add gslb service GSLB_RMT1 172.22.8.100 http 80 –

siteName siteB > bind gslb vserver GSLB_VS1 -serviceName GSLB_RMT1> bind gslb vserver GSLB_VS1 -serviceName GSLB_SVC1> bind gslb vserver GSLB_VS1 -domainName www.testlab.com

-TTL 5

Once all sites, vservers, services are reported as up, tailor DNS, GSLB methods, persistence, and site affinity as necessary


Configuring DNS: ADNS1. Set up each NetScaler site as an SOA:

> add service gslb_adns_svc 172.22.8.205 adns 53

> add dns soarec www.testlab.com –originServer www.testlab.com –contact noc.testlab.com –serial 1 –refresh 300 –retry 600 – expire 604800 –minimum 3600 –ttl 3600

Repeat on each site with corresponding site values

2. Add DNS records for required addresses within the domain> add dns addrec sitea.testlab.com 172.22.8.10

> add dns addrec siteb.testlab.com 172.22.8.11

Duplicate records on the other sites


Configuring DNS: ProxyEnable the NetScaler to query a backend DNS

server

1. Create a DNS vserver:

> add vserver dns_vip dns 172.22.8.205

2. Add DNS service:

> add dns_svc 192.168.10.10 dns 53

3. Bind the two:

> bind lb vserver dns_vip dns_svc

Note: With vserver type DNS we will cache responses for TTL. To disable this use “set dns parameter -cacheRecords NO”


GSLB GUI


GSLB GUI con’t


Adding a Server


Add GSLB Service


Add GSLB Service con’t


Add GSLB Vserver


Add GSLB Vserver con’t


Secure Option

>set ns rpcNode 172.22.8.21 -secure YES


DNS Records

> flush dns proxyRecords


DNS Records


DNS Views


DNS Views con’t


DNS Views


DNS Views con’t


Agenda

GSLB Overview

GSLB Operation

Decision Logics

Configuration

Demonstration


Demonstration• Active-Active configuration

• NetScaler will server IP from two active sites in round robin fashion.

• Active-Standby configuration• NetScaler will server IP from SITEA only unless SITEA goes down

then the IP from SITEB will be served.

• Static Proximity• NS will hand out IP based on SRCIP of the request

global server load balancing

Education