GSLB Service Configuration

Overview

This article explains various methods and available options for GSLB service configuration.

Within a single Avi GSLB configuration, a set of identical services running at multiple sites can be formed into a GSLB service. This article explains various methods and options available to configure GSLB service.


Note: Starting with Avi Vantage release 18.2.9, IPv6 address for GSLB is supported.

Prerequisite

A user with write access is required to configure GSLB Services, as shown below in the GSLB section of the Tenant-Admin role.

Write access is required

Configuring GSLB Service Basic Setup using Avi UI

  1. Navigate to Applications > GSLB Services. Click on the Create option, and select the Basic Setup option.


    GSLB service basic setup editor

  • Name – The GslbService object parameter that will appear in other UI screens. This is a reference to the global application hosted on Avi Vantage

  • Application Name – This field concatenated with the Subdomain forms the FQDN of the application.

  • Subdomain – This drop-down menu is pre-populated with the subdomains associated with the GSLB configuration. Add or subtract to the set by navigating to Infrastructure > GSLB > Site Configuration.

    Notes:

    • When first entered, a sub-domain should take the form alpha.beta.com. When it appears in the pulldown, Avi Vantage automatically prefixes it with a dot.
    • To support aliasing, a GSLB service could have one or more FQDNs associated with it. For example, www.foo.com and www.foo.us may point to the same GSLB service. Aliasing avoids having to create multiple identical GSLB services.
  • Health Monitor – If the DNS Service Engine is to generate synthetic traffic via which to mark a service up or down, this field specifies which monitor to use. Five are included by default and automatically appear in the drop-down list:

    • System-GSLB-UDP
    • System-GSLB-HTTPS
    • System-GLSB-HTTP
    • System-GSLB-TCP
    • System-GSLB-Ping

Use the Create option to create a custom monitor. Alternatively, navigate to Templates > Profiles > Health Monitors to define a custom monitor to use with the global application.

  • Health Monitor Scope – By default, health monitors will assess the health of all GSLB pool members (Avi virtual services or external (third-party) VIPs). Choose Only Non Avi Members if the data path monitoring of Avi members is redundant to the control path health monitoring.

  • Controller Health Status – The default is to assess the health of Avi member services by collecting virtual service health status from their local Avi Controllers. This option is irrelevant to external VIPs, whose health can only be assessed via data path health checks.

  • Groups Load Balancing Algorithm – The load balancing algorithm picks a GSLB pool within the GSLB service list of available pools. Choose one of two algorithms, priority- or geolocation-based.

  • Minimum number of Servers – The minimum number of members to which to distribute traffic. If non-zero, this value ranges from 1 to 65535. Zero is a special case which disables limiting. The min_members is similar to the min_servers for pool groups.

    Consider the following set-up:

    • Two GSLB pools
      • P1 (4 members ) of priority 10
      • P2 (3 members) priority 5
    • min_members value is set to 3.

    As long as P1 had at least 3 members up, only P1 is chosen. If the number of servers which are in up state in P1 goes below 3, then P1 and P2 are chosen equally.”

  • Site Persistence – Check this box to enable site persistence for the GSLB service. For more information, refer to GSLB Site Cookie Persistence.

  • Application Persistence Profile – Click on Create to launch an editor to create a new Site Cookie Application Persistence profile.
    application-profile

  • Select Group Type – Select the behavior for pools. If the default Active Active is chosen, one of four load balancing algorithms can be chosen.

  • Pool Members Load Balancing Algorithm – For Active Active pool configurations, choose a load balancing algorithm that will pick a local member within the GSLB services list of available members. The following are the options:
    • Round Robin(the default)
    • Consistent Hash
    • Geo
    • Topology
  • IP Address/Virtual Service

    Accept Virtual Service (the default) to identify a native Avi Vantage virtual service. If the IP Address is selected, a different set of options appear. These are explained in the list of steps following this list.

    Choose IP Address to identify an external (third-party) GSLB pool member. Refer to the related Avi GSLB in an AWS Multi-Region, Multi-AZ Deployment and Third-Party Site Configuration and Operations articles.

    Note: A third-party Controller — redundantly configured or not — is optional for third-party members. If you have chosen the IP Address option, skip the following steps.

  • Site Cluster Controller – To identify a native Avi virtual service, it is first required to select its Controller via this field. The Controller must be pre-configured for its name to be present in the drop-down list.

  • Virtual Service – This field only appears after a site cluster Controller has been chosen. Select a pre-configured virtual service from the drop-down list.

  • Public IP Address – This is an alternative IP address for the pool member. In usual deployments, the VIP in the virtual service is a private IP address; it gets configured in the IP field of the GSLB service. In this field you can identify the public IP address for the VIP; it will get translated to the private IP by a firewall. Client DNS requests coming in from the intranet should have the private IP served in the A record, while requests from outside should be served the public IP address. For more information, refer to NAT-aware Public-Private GSLB Configuration article.

  • Description – Insert a comment is required.

  • Add GSLB Pool Member – After the first (minimum required) member service has been defined for the GSLB pool, click on this hyperlink to create an additional one.

If IP Address was selected in the above steps to identify an external pool member, the below alternative display will appear. Follow the below steps instead of the options shown above.


if pool member external.png

  • IP(v4/v6) Address or FQDN – The external pool member is configured with a fully qualified domain name, which is resolved to an IP address by the Controller. The DNS service health monitors the resolved address while returning the FQDN(cname).

  • Public IP(v4/v6) Address – This is an alternative IP address for the pool member. In usual deployments, the VIP of the third-party service is a private IP address; it gets configured in the IP field of the GSLB service. In this field you can identify the public IP address for the VIP; it will get translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, while requests from outside should be served the public IP address.

  • Third-party Site Cluster Controller – From the drop-down, select the third-party site name to which the third-party VIP is to be associated.

  • Description – Insert into this free-form field whatever comments you like.

  • Add GSLB Pool Member – After the first (minimum required) member service has been defined for the GSLB pool, click this hyperlink to create an additional one.

Avi UI GSLB Service Advanced Setup

This section discusses the additional parameters available using the advanced setup option on Avi UI.

Navigate to Applications > GSLB Services. Click on Create, and select the Advanced Setup option. Notice the Pool Member section of the basic setup editor has been replaced by the GSLB pool section shown below.

GSLB service advanced setup editor

Click on the edit icon to open the GSLB Pool editor. These additional options are not available in the Basic Setup editor. The editor is described in a subsequent section. The other options are available as follow:

  1. Priority – The DNS service chooses the pool with the highest priority that is operationally up. The value of this optional parameter ranges between 0 and 100. Non-unique values among groups are allowed. It may be left unset. The value of 10 is merely a placeholder.
  2. LB Algorithm – For Active Active pool configurations, choose either round-robin (the default), consistent hash, geo or topology.
  3. Number of IPs returned by DNS Service – If 0, then all IP addresses are returned. You can specify a count between 1 and 20.
  4. TTL served by DNS service – If the default from the DNS service is not suitable, a value between 1 and 86400 seconds may be chosen for all DNS records served on behalf of all GSLB pool members.
  5. Down Response – When the service is down, this field will govern the response from the DNS. You can choose no response, an empty response, a fallback IP, or a response containing all records.
  6. Resolve CNAME – Check this box to resove CNAME

GSLB Pool Editor

The GSLB pool editor window displays different options depending on the GSLB pool member identified in the Pool Member section.

Identifying GSLB Pool Member by IP Address


Additional pool options are available in the GSLB service advanced setup editor - this is the case where IP address has been checked

  • IP(v4/v6) Address or FQDN – The pool member can be identified by its IP address or an FQDN that is resolved to an IP address by the Controller. The DNS service will monitor the health of the resolved IP address. If the user has configured an IP address (in addition to the FQDN), then the IP address will get overwritten whenever the periodic FQDN refresh is done by the Controller.

  • Public IP(v4/v6) Address – This field is used to host the public IP address for the virtual service. It gets translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, and requests from outside should be served the public IP address.

  • Third-party Site Cluster Controller – Refer to the Third-Party Site Configuration and Operations article.

  • Ratio – This field overrides the default ratio of 1. It reduces the percentage the load-balancing algorithm would pick the GSLB pool member associated with its peers. The allowed value ranges between 1 and 20.

  • Enabled – Set to ON by default so that the IP address of this member will be provided in DNS responses.

  • Geo Location Source – Specify the geo location source or set the User Configured option from the pulldown to enter data about a particular location. Refer to Geolocation-based Load Balancing Algorithm for GSLB Members for more details.

  • Description – Insert into this free-form field whatever comments you like.

Identifying GSLB Pool Member by Virtual Service


pool-members

While configuring the GSLB service, the virtual service selection will list the service based on the tenants in GSLB Config. By default, in the GSLB service, the system will display all the virtual services. However, starting with Avi Vantage version 20.1.5, you can change tenant_scope to see only tenant scoped virtual services.

The tenant_scope is the GSLB specific configuration parameter to restrict virtual service selection from the current tenant when it is set to True (Default), or allow virtual service selection from all accessible tenants when set to False.

Note: The default behavior in Avi Vantage version 20.1.5 is tenant_scoped set to True.

Example:

To set tenant_scoped, you can use the following CLI:


[admin:avi-controller]: > configure gslb glb-1
[admin:avi-controller]: gslb> tenant_scoped
[admin:avi-controller]: gslb> save

To unset tenant_scoped, you can use the following CLI:


[admin:avi-controller]: > configure gslb glb-1
[admin:avi-controller]: gslb>no tenant_scoped
[admin:avi-controller]: gslb> save
  • Site Cluster Controller– Cluster UUID of the site.

  • Public IP(v4/v6) Address – This field is used to host the public IP address for the virtual service. It gets translated to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, and requests from outside should be served the public IP address.

  • Ratio – Overrides the default ratio of 1. It reduces the percentage the load-balancing algorithm would pick the GSLB pool member associated with its peers. The value ranges between 1 and 20.

  • Enabled – Defaulted ON so that the IP address of this member will be provided in DNS responses.

  • Geo Location Source – Specify the geo location source or set the User Configured option from the pulldown to enter data about a particular location. Refer to Geolocation-based Load Balancing Algorithm for GSLB Members for more details.

  • Description – Insert the desired description.

Hostname Field for GSLB Pool Member

Starting with release 18.2.6, Avi Vantage supports the configuration of a hostname field for GSLB pool members. If configured, this field is used as the host header in GSLB HTTP and HTTPS health monitor. CNAME/FQDN is used in the GSLB monitor if the hostname field is not configured.

Configuring hostname field using Avi CLI

Login to the Avi CLI and use the hostname <hostname_string> command under select gslbservice mode to use hostname for GSLB monitor for the desired GSLB service. The detailed steps are mentioned below:

  1. Select GSLB service.

    
    [admin:ctlr-1]: > configure gslbservice <gslb service name>
    
  2. Identify pool (group) index using where command:
    
    
    
    [admin:ctlr-1]: gslbservice> where
    
    ------------------------------------------------------------------------------------+
    
    Field
    
    Value
    
    ------------------------------------------------------------------------------------+
    
    uuid gslbservice-ebdd873c-85e8-41d5-be5d-7f0145c68831
    
    name gs1
    
    domain_names[1] abcd.com
    
    groups[1]
    
    name  gs1-pool
    
    priority 9
    
    algorithm GSLB_ALGORITHM_ROUND_ROBIN
    
    members[1]
    
    ip 10.140.61.13
    
    ratio 1
    
    enabled True
    
    hostname  xyz
    
    enabled True
    
    down_response
    
    type GSLB_SERVICE_DOWN_RESPONSE_NONE
    
    health_monitor_refs[1] System-GSLB-HTTPS
    
    controller_health_status_enabled True
    
    

    In above example 1 is the index value for gs-pool1.

  3. Use the group index command to select the desired pool.

    
    [admin:ctlr-1]:gslbservice> groups index <pool_index>
    
  4. Identify pool member index using where command:
    
    [admin:ctlr-1]:gslbservice:groups> where
    
     ----------------------------------------+
    
     Field
    
     Value
    
     ----------------------------------------+
    
     name  gs1-pool
    
     priority 9
    
     algorithm GSLB_ALGORITHM_ROUND_ROBIN
    
     members[1]
    
     ip 10.140.61.13
    
     ratio 1
    
     enabled True
    
     hostname xyz
    
     enabled True
    
     ----------------------------------------+
     

    In above example pool member(10.140.61.13) index is 1

  5. Select pool member using the index value.

    
    [admin:ctlr-1]:gslbservice:groups> members index <pool_memeber_index>
    
  6. Configure hostname once the pool member is selected.

    
    [admin:ctlr-1]:groups:members> hostname <hostname_string>
    
  7. Save the configuration (pool member configuration)
    
    [admin:ctlr-1]:groups:members>save pool -> save gslbservice
    

Note: Starting with Avi Vantage release 18.2.6, SNI extension is also supported for GSLB HTTPS health monitor. In this method, the hostname is used as the server name. If the hostname is not configured, CNAME or FQDN is used for the health monitor.

Recent Avi UI Changes for GSLB Service Configuration

The option to create a GSLB pool is same as previous to the Avi Vantage release 18.2.6. Following is the navigation path to create the same.

Infrastructure > GSLB Service > Add Service > Advanced > Add Pool. add-pool

Starting with Avi Vantage release 18.2.6, location for the load balancing algorithm for pool and group has been changed for the basic and advanced set-up.

The options available under GSLB service creation have changed with Avi Vantage release 18.2.6. The following is the navigation path to create a GSLB basic service. Infrastructure > GSLB Service > Add Service > Basic.

18.2.6 Avi UI has options for Application name, Subdomain, and Pool Members Load Balancing Algorithm. Below is the screenshot of Avi UI for a GSLB service creation when the active/active mode is selected and the Pool Members Load Balancing Algorithm is set as Geo.

new-gslb-selected-geo

  • Pool Members Load Balancing Algorithm is available regardless of the GSLB mode chosen (active/active or active/standby).

Prior to 18.26, this option was only available if the active/active mode was selected.

  • Fallback algorithm option is available now while creating a GSLB service using the Basic option from Avi UI.

  • Group Type selection is available with Groups Load Balancing Algorithm dropdown. Only Groups Load Balancing Algorithm dropdown is available if Active Active mode is selected.

  • Pool Members Fallback Load Balancing Algorithm dropdown is available when Geo is selected as the load balancing algorithm for pool members.

Prior to 18.2.6 release, it was available under GSLB Service > Create > Advanced > Add Pool.

Changes to Avi UI Access based on Privileges

Starting with Avi Vantage version 18.2.6, if the privilege setting for the GSLB configuration is set to No Access and the privilege for the GSLB Service is set to Read or Write, the GSLB Services tab on the Avi UI is accessible.

The following are the additional features available but with some limitations as mentioned below:

  • The access mentioned above is available only in a Read only mode. You will not be able to edit existing GSBL Services or create a new GSLB service.
  • You will be able to view the table, click on the Service, and see Member Status and Events sub-tabs, but not the FQDN Insights subtab.
  • The Create option is greyed out, with hover text reading: GSLB Config permissions must be set to read or write to create a GSLB Service.

The following are the options which remain the same:

  • If the privileges for the GSLB Service is set to Read only mode, and GSLB Configuration is Read or Write, then you will still be in Read only mode, but FQDN Insights sub-tab will be available.

  • If GSLB Services is set to No Access, the entire GSLB Services tab is not available.

  • If the GSLB Service permission is set to Write, but the service site is a child site, the Create option will be greyed out, and the Avi UI exhibits GSLB Site {Leader Site Name} is the leader.

Note: GSLB site can be configured based on the privileges for GSLB admin.

References

Document Revision History

Date Change Summary
April 15, 2021 Updated virtual servicde related details in 'Identifying GSLB Pool Member by Virtual Service' section