Disaster Recovery and Resiliency
Overview
There are many use cases for GSLB implementation. Disaster recovery and resiliency is a critical use case for GSLB implementation. This article explains how GSLB works for disaster recovery and resiliency, and the required configurations in detail. Refer to the GSLB for Horizon in Avi Vantage for more information and other use cases.
Disaster Recovery and Resiliency
Use the following illustration to understand the use case:
- Applications are deployed in two data centers
- While both are healthy, all traffic is directed to the primary DC
- If the primary DC fails, the global DNS directs all user traffic to the other DC.
In this use case,
- DC1 is the active site, i.e. Avi GSLB site 1
- DC2 is the disaster recovery (DR)site, i.e. Avi GSLB site 2
Note: There are many other use cases for GSLB implementation. Only disaster recovery is considered for discussion in this article.
Avi GSLB can be configured for Horizon in active/active deployment or for geo based load balancing as well.
Avi GSLB
- Avi Vantage is running in two locations (GSLB sites), both on-premises - Avi GSLB Site1 and Avi GSLB Site2 . Each site has its own Avi Controller cluster (represented by a single Controller icon)
- Avi load balancer for UAG has virtual services (VS1 and VS2) running in both the locations
- Both the locations have global DNS services (DNS1, DNS2). They are all equally authoritative for the subdomain
gslb.horizon.com. - In an active/standby set up, DC1 will be active and serving traffic. When applications in DC1 are down, traffic will go to DC2. That is, the stand by site.
GSLB Configuration On Avi Vantage
In this guide, it is assumed that the Avi Controller clusters are already deployed in the respective sites and the cloud configuration is already in place. In case of vCenter environments, refer to Installing Avi Vantage for VMware vCenter for instructions to deploy the Avi Controller and configure the cloud:
- Configuring local load balancing in respective Controllers
- Configuring DNS virtual service on all active sites
- On the aforementioned entities being up GSLB will be enabled and all GSLB related configuration has to be done on the GSLB leader Controller
Configuring Local Load Balancing
To configure virtual services for Horizon, refer to the section Load Balancing Traffic to Connection Servers.
Configuring DNS - Virtual Service
Configure a local DNS virtual service bound to the local SE group.
- As a best practice, a DNS virtual service for GSLB should be exclusively allocated its own service engine group. That is, do not place other virtual services (DNS or other application types) on it.
Configure a service engine group to host the DNS virtual service(in this example, g-dns)
To configure this,
- From the Avi UI, navigate to Infrastructure > Service Engine Group.
- Select the vCenter cloud that was created for Horizon.
- Click on Create.
- Create
g-dnsas shown below:
- Click on Save.
- Configure a DNS virtual service on all the clusters where the DNS service needs to be hosted, bound to the
g-dnsse-group.
Create a new virtual service in the advanced mode, as shown below:- From the Avi UI, navigate to Applications > Virtual Services.
- Click on Create Virtual Service.
- Select Advanced Setup.
- Select VMwareCloud-Horizon.
- Click on Next.
- Select the System-DNS as the Application Profile.
- Click on Next and navigate to Policies > Analytics.
- Either accept the default configuration under the Analytics tab, or configure the fields as shown below:
- Click on Next and navigate to the Advanced tab.
- Select the SE group created to host this DNS virtual service as shown below:
- Click on Next to navigate to the Static DNS Records tab.
- Click on Save to complete process of defining the DNS virtual service for the DR site.
Avi Controller on the DR Site
Follow the instructions to create a dns se group , dns vs ( DNS-VS2) and local load balancer for UAG server as was done for the DC site.
Avi Controller on DC1
- From the Avi UI, navigate to Infrastructure > GSLB.
- Add the subdomain for GSLB.
- Click on Save.
- Click on Save and Set DNS Virtual Services and map the DNS virtual service on this site i.e.DNS-VS1 to the GSLB subdomain.
The Edit GSLB Site DNS Virtual Services screen is as shown below:
- Click on Save.
- Click on Add New Site to add a second site and bind the DNS-VS2 that was created.
The New GSLB Site screen appears as shown below:
- Click on Save and Set DNS Virtual Services and map the DNS virtual service on this site i.e.DNS-VS1 to the GSLB subdomain.
- Click on Save.
All the GSLB sites will be listed under Infrastructure > GSLB.
Creating GSLB Services
A GSLB service is the representation of a global application. The corresponding GslbService object identifies
- The application service’s name
- The FQDN of the application
- One or more GSLB pools comprising virtual service members running the application in the GSLB sites
- The priority or weights of the GSLB pools
- The weights of the virtual service members within those pools
- The monitoring methods to be used to make sure members are alive.
A GSLB (pool) member is typically a virtual service (as opposed to a service running on a solitary back-end server without an ADC front-ending it). Like other virtual services, a GSLB member is represented by an IP address:port or name.
A GSLB pool is a collection of GSLB pool members sharing the same priority, but potentially different weights.
Just like GSLB site , GSLB services are also configured on the leader site from where it gets propagated to other sites.
Prerequisite
Log in as a user with write access to GSLB Services, as shown below:
Avi Controller on DC 1
In this use case, where all the traffic has to be served by the app instance running in DC1 until DC2 is down, ensure that VIP A1 corresponding to DC1 is added as a gslb pool with high priority and VIP A2 corresponding to DC2 is added as a GSLB pool with low priority. This will ensure that traffic is sent over to the pool member with high priority. Only if it is down, traffic will be sent to the GSLB pool with low priority.
Avi GSLB uses health monitoring to determine the status of its pool members. To know more, refer to Avi GSLB Service Health Monitors.
GSLB pools are nothing but the way to represent the local load balancers i.e. VS1 and VS2
Note: In other use cases like where both the DCs are active, the configuration will vary ( i.e. priority would be the same in that case).
To create a new GSLB service,
- From the Avi Controller, navigate to Applications > GSLB Services.
- Click on Create.
- Click on Advanced Setup.
- Enter the details in the New GSLB Screen as shown below:
Notes:- System-GSLB-HTTPS is selected as the Health Monitor here. To know more about GSLB health monitoring, refer to Avi GSLB Service Health Monitors.
- Set the Groups Load Balancing Algorithm to Priority-based.
- Click on Add Pool and enter the details as shown below:
- Click on Done.
- Similarly, add another pool member and set the priority to 5. Select the site cluster to be DR site, and the virtual service VS2 will be created.
- After, both the pools are added, double check the priority of the pool members as shown below:
- After the services are created on the leader site, you can see that services have been propagated to all the follower sites.
Enable DNS SE Network Access to All Virtual Services Being Health-Checked
The DNS service engine monitors the health of the GSLB service members (application virtual services). Add static routes (or default gateway) to ensure the members are reachable. This steps needs to be done on all active sites to ensure reachability from all DNS virtual services.
Now the Avi Configuration is done , traffic can be sent to the GSLB setup. The Corporate DNS server is not yet aware about the Avi GSLB and DNS services.
To make this work , subdomain gslb.horizon.com has to be delegated on the Corporate DNS server to Avi DNS virtual services.