GSLB CONFIGURATION FOR DISASTER RECOVERY

GSLB Configuration for Disaster Recovery

i

TABLE OF CONTENTS

GSLB DR SOLUTION ............................................................................................. 1

GSLB DR DESIGN .................................................................................................. 1

CONFIGURATION OVERVIEW ............................................................................. 2

CLI example .............................................................................................................................................................. 3 Primary and DR site configurations .................................................................................................................... 4

ADDITIONAL COMMANDS AND WORKFLOWS ................................................ 6

Verify Configuration: ............................................................................................................................................... 6 CLI example to Force traffic to the DR Site........................................................................................................ 6 aXAPI example......................................................................................................................................................... 7 Verify DNS functionality ......................................................................................................................................... 8

SUMMARY ............................................................................................................. 9

HELPFUL LINKS .................................................................................................... 9

ABOUT A10 NETWORKS .................................................................................................................................... 10

GSLB Configuration for Disaster Recovery

1

GSLB DR SOLUTION A10 Networks Global Server Load Balancing (GSLB) technology provides site failure protection. The GSLB

controller monitors each active site in the GSLB domain to verify the health of each site. If it determines that

the active site is down (for reasons not limited to power, circuit, or server failures), the GSLB controller will

shift application traffic to an alternate site dynamically. The failover is transparent to users connecting to a

fully-qualified domain name (FQDN) that the A10 GSLB controllers service. A manual GSLB site failover can

also be performed using a simple procedure. For example, the operator can force traffic to an alternate site

when an active site requires maintenance.

GSLB DR DESIGN Following is an Active - Standby design in GSLB server mode. Each site has a GSLB controller and the GSLB

controllers are authoritative for the DNS zone that has been delegated.

Figure 1: GSLB Disaster Recovery design

Below is a high-level overview of Figure 1: GSLB Disaster Recovery design:

o Users connecting to www.a10example.com:

- Queries the local DNS server and the recursive lookup process continues to the root DNS servers.

GSLB Configuration for Disaster Recovery

2

- The A10 GSLB controllers communicate using the GLSB protocol for health check monitors to verify site

availability.

- CNAME is used for delegation of the FQDN to the A10 GSLB controllers.

- The Primary or the DR GSLB controller responds to the users with the Primary site HTTP VIP address if

the Primary site is up.

o If the A10 GSLB controllers determine the Primary site is down:

- The A10 GSLB controller responds with the HTTP VIP address of the DR site.

- User traffic is directed to the DR site.

o When the GSLB Protocol determines the Primary site is up:

- User traffic is directed to the Primary site.

CONFIGURATION OVERVIEW To configure the GSLB active and standby sites based on Figure 1: GSLB Disaster Recovery design:

o Enable the GSLB controller process for the GSLB protocol to exchange site health information.

- Command: ACOS(config)# <gslb protocol enable controller>

o If SLB is also combined with GSLB, enable the GSLB device.

- Command: ACOS(config)# <gslb protocol enable device>

o Enable the DNS VIP for a standalone DNS server, configure the port, and enable GSLB.

- Command: ACOS(config)# <slb virtual-server <name> <IP address>>

- Command: ACOS(config-slb vserver)# <port <number> < udp>

- Command: ACOS (config-slb vserver-vport)# <gslb-enable>

o Configure the Service IP address for each site. This is the SLB VIP address or remote host IP address the

DNS VIP will respond with, to direct traffic to the site. Define the port and protocol.

- Command: ACOS(config)# <gslb service-ip <name> <IP address>>

- Command: ACOS(config-service-ip:PRI-GSLB-HTTP)# <port <number> <udp or tcp>>

o Configure the GSLB controller for each site. Configure the site parameters and set the administrative

preference to prefer Primary site for all traffic. The default administrative preference value is 100. Set the

active site to a higher administrative value than the default value to prefer traffic over the DR site. Add the

GSLB service VIP address to each site configuration.

- Command: ACOS(config)# <gslb site <name>>

- Command: ACOS(config-gslb site:name)# <slb-dev <name> <IP address>>

GSLB Configuration for Disaster Recovery

3

- Command: ACOS(config-gslb site:name-slb dev:name)# <admin-preference <0-255>>

- Command: ACOS(config-gslb site:name-slb dev:name)# <vip-server <GSLB VIP name>>.

o Configure the GSLB policy to determine how GSLB traffic will be distributed to each site. Enable the DNS

attributes to respond with a single IP and be authoritative for the zone. Enable administrative-preference

and disable round robin based on the active-standby design. Order the metrics for the desired GSLB

behavior.

- Command: ACOS(config)# <gslb policy <name>>

- Command: ACOS(config-policy:name)# <dns selected-only 1>

- Command: ACOS(config-policy:name)# <dns server authoritative>

- Command: ACOS(config-policy:name)# <admin-preference>

- Command: ACOS(config-policy:name)# <no round-robin>

- Command: ACOS(config-policy:name)# <metric-order admin-preference health-check>

o Enable the zone information for DNS query response for the FQDN zone. Bind the GSLB policy to the zone

configuration. Enter the CNAME if it was used for zone delegation on the A10 GSLB controllers or enter the

zone. Define the service prefix for the FQDN and associated service port. Configure the DNS A Record for

each GSLB VIP address of each site which will return the HTTP VIP address with the DNS response.

- Command: ACOS(config)# <gslb zone <zone name>

- Command: ACOS(config-zone:zone-name)# <policy <name>>

- Command: ACOS(config-zone:zone-name)# <service <port number> <service prefix for zone>>

- Command: ACOS(config-zone:zone-name.-service...)# <dns-a-record <GSLB VIP name> <static>>

CLI EXAMPLE

The following are the steps to configure GSLB using the CLI referencing Figure 1: GSLB Disaster Recovery

design. The CNAME, gslb.a10example.com, is used for the zone, www.a10example.com.

Primary Site Configuration:

ACOS-PRI(config)# gslb protocol enable controller

ACOS-PRI(config)# gslb protocol enable device

ACOS-PRI(config)# slb virtual-server DNS-VIP 192.168.20.53

ACOS-PRI(config-slb vserver)# port 53 udp

ACOS-PRI(config-slb vserver-vport)# gslb-enable

ACOS-PRI(config)# gslb service-ip PRI-GSLB-HTTP 192.168.20.200

ACOS-PRI(config-service-ip:PRI-GSLB-HTTP)# port 80 tcp

ACOS-PRI(config)# gslb service-ip DR-GSLB-HTTP 192.168.40.200

ACOS-PRI(config-service-ip:DR-GSLB-HTTP)# port 80 tcp

ACOS-PRI(config)# gslb site Primary

GSLB Configuration for Disaster Recovery

4

ACOS-PRI(config-gslb site:Primary)# slb-dev PRI 192.168.20.125

ACOS-PRI(config-gslb site:Primary-slb dev:PRI)# admin-preference 200

ACOS-PRI(config-gslb site:Primary-slb dev:PRI)#vip-server PRI-GSLB-HTTP

ACOS-PRI(config)# gslb site DRsite

ACOS-PRI(config-gslb site:DRsite)# slb-dev DR 192.168.40.125

ACOS-PRI(config-gslb site:DRsite-slb dev:DR)# vip-server DR-GSLB-HTTP

ACOS-PRI(config)# gslb policy A10health

ACOS-PRI(config-policy:a10health)# dns selected-only-1

ACOS-PRI(config-policy:a10health)# dns server authoritative

ACOS-PRI(config-policy:a10health)# admin-preference

ACOS-PRI(config-policy:a10health)# no round-robin

ACOS-PRI(config-policy:a10health)# metric-order health-check admin-preference

ACOS-PRI(config)# gslb zone gslb.a10example.com

ACOS-PRI(config-zone:gslb.a10example.)# policy A10health

ACOS-PRI(config-zone:gslb.a10example.)# service 80 www

ACOS-PRI(config-zone:gslb.a10example.-service...)# dns-a-record PRI-GSLB-HTTP static

ACOS-PRI(config-zone:gslb.a10example.-service...)# dns-a-record DR-GSLB-HTTP static

PRIMARY AND DR SITE CONFIGURATIONS

The GSLB configuration for both sites referencing Figure 1: GSLB Disaster Recovery design is shown below:

GSLB Configuration for Disaster Recovery

5

Primary Site:

ACOS-PRI#show running-configuration!Current configuration: 508 bytes!Configuration last updated at 00:28:05 GMT Sat Mar 24 2018!Configuration last saved at 23:48:37 GMT Fri Mar 23 2018!64-bit Advanced Core OS (ACOS) version 4.1.4, build 307 (Feb-12-2018,06:47)!hostname ACOS-PRI!interface management ip address 172.31.31.31 255.255.255.0 enable!interface ethernet 1 enable ip address 192.168.20.125 255.255.255.0!interface ethernet 2 !ip route 0.0.0.0 /0 192.168.20.154!slb server RS1 192.168.2.243 port 80 tcp!slb service-group SG1 tcp member RS1 80!slb virtual-server DNS-VIP 192.168.20.53 port 53 udp gslb-enable!slb virtual-server VS1 192.168.20.200 port 80 http source-nat auto service-group SG1!gslb service-ip PRI-GSLB-HTTP 192.168.20.200 port 80 tcp!gslb service-ip DR-GSLB-HTTP 192.168.40.200 port 80 tcp!gslb site Primary slb-dev PRI 192.168.20.125 admin-preference 200 vip-server PRI-GSLB-HTTP!gslb site DRsite slb-dev DR 192.168.40.125 vip-server DR-GSLB-HTTP!gslb policy A10health no geographic admin-preference no round-robin metric-order health-check admin-preference dns selected-only 1 dns server authoritative!gslb zone gslb.a10example.com policy A10health service 80 www policy A10health dns-a-record DR-GSLB-HTTP static dns-a-record PRI-GSLB-HTTP static!gslb protocol enable controller!gslb protocol enable device!end

DR Site:

ACOS-DR#show running-configuration!Current configuration: 362 bytes!Configuration last updated at 00:46:37 GMT Sat Mar 24 2018!Configuration last saved at 00:41:10 GMT Sat Mar 24 2018!64-bit Advanced Core OS (ACOS) version 4.1.4, build 307 (Feb-12-2018,06:47)!hostname ACOS-DR!interface management ip address 172.31.31.32 255.255.255.0!interface ethernet 1 enable ip address 192.168.40.125 255.255.255.0!interface ethernet 2!ip route 0.0.0.0 /0 192.168.40.154!slb server RS1 192.168.40.250 port 80 tcp!slb service-group SG1 tcp member RS1 80!slb virtual-server DNS-VIP 192.168.40.53 port 53 udp gslb-enable!slb virtual-server VS1 192.168.40.200 port 80 http source-nat auto service-group SG1!gslb service-ip DR-GSLB-HTTP 192.168.40.200 port 80 tcp!gslb service-ip PRI-GSLB-HTTP 192.168.20.200 port 80 tcp!gslb site DRsite slb-dev DR 192.168.40.125 vip-server DR-GSLB-HTTP!gslb site Primary slb-dev PRI 192.168.20.125 admin-preference 200 vip-server PRI-GSLB-HTTP!gslb policy A10health no geographic admin-preference no round-robin metric-order health-check admin-preference dns selected-only 1 dns server authoritative!gslb zone gslb.a10example.com policy A10health service 80 www policy A10health dns-a-record DR-GSLB-HTTP static dns-a-record PRI-GSLB-HTTP static!gslb protocol enable controller!gslb protocol enable device!!end

GSLB Configuration for Disaster Recovery

6

ADDITIONAL COMMANDS AND WORKFLOWS VERIFY CONFIGURATION:

Verify the Primary site and the DR site are communicating and exchanging HTTP VIP health information

indicated by the state being UP.

ACOS-PRI# show gslb service-ip

P-Cnt = Count of Service Ports, Attrs = Attributes

V = Is Virtual Server, D = Disabled

P = GSLB Protocol, L = Local Protocol

M = Manually Health Check, * = Dynamic

Service-IP IP/Desc Attrs State P-Cnt Hits

--------------------------------------------------------------------------------

:PRI:PRI-GSLB-HTTP 192.168.20.200 VL UP 1 0

:DR:DR-GSLB-HTTP 192.168.40.200 VP UP 1 0

CLI EXAMPLE TO FORCE TRAFFIC TO THE DR SITE

Change the administrative preference values for the Primary site configured, on each GSLB controller:

Configure the Primary Site:

Change the administrative preference for the Primary site configured at the Primary data center. For

example, a value of 90 is lower than the value of the default configured at the DR site (default = 100):

ACOS-PRI(config)# gslb site Primary

ACOS-PRI(config-gslb site:Primary)# slb-dev PRI 192.168.20.125

ACOS-PRI(config-gslb site:Primary-slb dev:PRI)# admin-preference 90

GSLB Configuration for Disaster Recovery

7

Configure the DR Site:

Change the administrative preference for the Primary site configured at the DR data center. For example, a

value of 100 is lower than the value of the default configured at the DR site (default = 150):

ACOS-DR(config)# gslb site Primary

ACOS-DR(config-gslb site:Primary)# slb-dev PRI 192.168.20.125

ACOS-DR(config-gslb site:Primary-slb dev:PRI)# admin-preference 90

AXAPI EXAMPLE

The A10 aXAPI is used to efficiently shift traffic to the DR site with a single command. Below is an example

of an API call to alter the administrative preference value to force a lower priority at the Primary site. The

GSLB controllers update the priorities of each site and either controller responds to users with the DR site

HTTP VIP address.

Send API call to the Primary GSLB Controller management IP address:

root@ubuntu:~# curl -k POST https://192.168.2.125/axapi/v3/gslb/site/Primary/slb-dev/PRI \

-H "Content-type: application/json" \

-H "Authorization:A10 6110a8f3a6b04ce64e0ab281b7f0aa" \

-d '{

"slb-dev": {

"admin-preference":50

}

}'

Send API call to the DR GSLB Controller:

root@ubuntu:~# curl -k POST https://192.168.40.125/axapi/v3/gslb/site/Primary/slb-dev/PRI \

-H "Content-type: application/json" \

GSLB Configuration for Disaster Recovery

8

-H "Authorization:A10 6110a8f3a6b04ce64e0ab281b7f0aa" \

-d '{

"slb-dev": {

"admin-preference":50

}

}'

For additional information see the link referencing the aXAPI Guide at the end of this article in Helpful Links

section.

VERIFY DNS FUNCTIONALITY

Below is an example dig command to verify the A10 GSLB controllers are responding with the correct site IP.

The GSLB controller is responding with Primary site Web site address:

Before the API command to change the administrative preference:

[root@localhost ~]# dig www.gslb.a10example.com

; <<>> DiG 9.2.4 <<>> www.gslb.a10example.com

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22893

;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.gslb.a10example.com. IN A

;; ANSWER SECTION:

www.gslb.a10example.com. 10 IN A 192.168.20.200

;; Query time: 16 msec

;; SERVER: 192.168.40.53#53(192.168.40.53)

;; WHEN: Fri Mar 23 18:48:43 2018

;; MSG SIZE rcvd: 80

After the API command to change the administrative preference for both GSLB controllers:

GSLB Configuration for Disaster Recovery

9

; <<>> DiG 9.2.4 <<>> www.gslb.a10example.com

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1992

;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.gslb.a10example.com. IN A

;; ANSWER SECTION:

www.gslb.a10example.com. 10 IN A 192.168.40.200

;; Query time: 59 msec

;; SERVER: 192.168.40.53#53(192.168.40.53)

;; WHEN: Fri Mar 23 19:20:58 2018

;; MSG SIZE rcvd: 80

SUMMARY A10 Networks GSLB ensures site reliability and effective deployment for Disaster Recovery. Traffic can be

distributed regionally or globally based on geographic location, bandwidth at remote sites, weighted

distribution, round-robin, or proximity of site to the local DNS query.

HELPFUL LINKS For the complete guide to configuring GSLB on A10 Thunder, see the following link:

https://documentation.a10networks.com/GSLB

For the complete guide to configuring SLB and other ADC functions on A10 Thunder, see the following links:

Layer 4 TCP/UDP Load Balancing:

https://documentation.a10networks.com/L4_SLB

GSLB Configuration for Disaster Recovery

10

Layer 7 Application Load Balancing:

https://documentation.a10networks.com/L7_App_LB

For the complete guide to the aXAPI Guide to automate configuration on A10 Thunder, see the following links:

https://documentation.a10networks.com/axAPI

11

LEARN MORE ABOUT A10 NETWORKS

CONTACT US

a10networks.com/contact

©2018 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, A10 Thunder, A10 Lightning, A10 Harmony and SSL Insight are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. For the full list of trademarks, visit: www.a10networks.com/a10-trademarks.

ABOUT A10 NETWORKS

A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application

networking solutions that help organizations ensure that their data center applications and networks remain highly

available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers

globally with offices worldwide.

For more information, visit: a10networks.com or tweet @a10Networks