Topology-Based GSLB Algorithm
Overview
Starting with Avi Vantage release 18.2.3, a topology-based algorithm is supported for GSLB, in addition to the other algorithms as mentioned below:
- Round robin
- Consistent Hash
- Geo
Topology-based load balancing distributes DNS name resolution requests using the topology policies that are configured at DNS virtual service level. This is an extension to the Geo load balancing algorithm and works in a similar fashion. Using the topology-based algorithm, GSLB services can be excluded from the regular DNS policy execution.
A DNS virtual service now has an option to configure topology policies (similar to DNS policies). These policies are triggered for the services which are configured with the topology-based GSLB algorithm. For other algorithms, the topology policies are not consulted.
In NSX Advanced Load Balancer, topology policy is supported.
Use Case
The topology-based algorithm is used in a deployment where there are hundreds of GSLB services deployed across various tenants. The requirement is to use round robin algorithm for a few GSLB services and for others you need to define preferred site based on the client’s IP address, Geo Location, etc.
Prior to Avi Vantage 18.2.3, the above requirement is achieved using string groups. String groups are part of DNS policies to specify the GSLB services FQDN name. Using string groups, DNS policies are triggered to call out the preferred site. This approach is feasible for smaller environments, but not for the huge deployment.
For multiple GSLB services, using string groups is not feasible if you have the tenant-based access restriction where tenant users cannot modify DNS policies. This privilege to modify DNS policy is required to add the GSLB service’s FQDN in the string group.
The limitations mentioned above can be solved using the topology-based GSLB algorithm.
For this use case, a few GSLB services are configured with round robin method and the remaining services are configured with the topology-based algorithm. The topology policies are triggered only for the GSLB service that has topology-based algorithm as GSLB method. Using this method, there is no overhead of configuring string groups or making a change to DNS virtual service every time a new GSLB service is added in any tenant.
Notes:
-
Topology policy consists of the same match targets and actions as that of DNS Policy. It is recommended to use the preferred site or the fallback site action for topology-based policies.
-
For non-topology-based algorithms, the topology policies are not considered.
-
A topology policy is applicable to all the GSLB services using topology-based GSLB algorithm. If the requirement is to have different topology policy for different GSLB services, then string groups for FQDNs are used.
-
If the action configured for the topology policy fails, for example, if the configured preferred site does not exist anymore, then Avi GSLB falls back to Geolocation algorithm. If Geolocation fails , then Avi GSLB falls back to round robin.
-
If a DNS virtual service has both the policies associated with it (DNS and Topology policies), then both the policies are triggered. The policies are triggered in the following order depending on the action configured within the policies:
-
If the DNS policy is configured to drop the request or send error response, then this takes precedence over the topology policy.
-
If the DNS policy has action configured as the site-selection, then the topology policy decision overrides the DNS policy.
-
It is recommended to configure drop or respond policies in the DNS policy and preferred or fallback site-selection policies in the topology policy.
Configuration
Configuring Topology Algorithm using Avi UI
Avi UI has the Topology Policy option to use when the GSLB algorithm is set as Topology. Use the following steps to configure the topology-based GSLB algorithm for selecting pool members. The configuration is divided into the following main points:
- Associating a topology policy with the virtual service
- Setting the GSLB algorithm for the GSLB Service as Topology
-
Navigate to Applications > Virtual Services. Select the desired virtual services and click on the edit option.
-
Navigate to the Policies > Topology Policy tab as shown below.
-
Create a new topology policy by clicking on the plus icon as shown below.
-
Provide the desired name, match criteria, and actions for the new rule. Once all the fields are configured, click on Submit.
-
Navigate to Applications > GSLB Services and select the required GSLB service.
-
Select the edit options available for the pool in the GSLB pools section as shown below.
-
Select Topology from the drop-down available for the Pool Members Load Balancing Algorithm field.
Configuring Topology Algorithm using Avi CLI
-
Login to the Avi CLI shell prompt and configure the topology policy with the required rules and action.
[admin-cntrl]: configure dnspolicy <dnspolicy name> name Name of the DNS Policy rule (submode) save Save and exit the current submode -
Configure or edit the virtual service and associate the topology policy created in the previous step.
[admin-cntrl: configure virtualservice <virtual service name> [admin-cntrl: virtualservice> topology_policies dns_policy_ref foo [admin-cntrl: virtualservice> : save -
Configure GSLB service and set algorithm as
gslb_algorithm_topology.[admin:ctlr-1]: > configure gslbservice gs1 [admin:ctlr-1]: gslbservice> groups index 1 [admin:ctlr-1]: gslbservice:groups> algorithm gslb_algorithm_topology [admin:ctlr-1]: gslbservice:groups> save [admin:ctlr-1]: gslbservice> save
Topology Policy on GSLB Service Level
As you have seen in the sections above, the topology algorithm can be configured on the GSLB pool level. Starting from version 22.1.1, NSX Advanced Load Balancer has added an option to enable the topology policy algorithm on the GSLB service level.
Consider a GSLB service that has two GSLB pools. The GSLB pools have their pool members. When the topology is enabled on the GSLB service level, topology policy rules are used for pool selection. At the time of pool selection, there could be multiple cases, as explained below:
-
If a match is found as per the topology policies and the matched GSLB pool has a valid pool member (that is UP and healthy), NSX Advanced Load Balancer servers send that record to the client.
-
If no match is found as per the configured Topology policies rules, the configured GSLB algorithm is used for pool selection.
-
If the selected pool has no valid members (for example, all pool members are down or disabled), pools are tried in decreasing order of priority till a valid member is found. If all the pools have the same priority, pools are selected in round-robin fashion.
-
If the selected pool has in turn configured a topology algorithm, topology policy rules are used again to get a valid member from this pool. A typical use case is to select a pool and then select members from preferred sites.
Configuring a Topology Policy to Select the GSLB Service Pool using the CLI
Please follow the steps below to configure the topology policy to select the GSLB service pool.
-
Enable topology policy at GSLB Service level by setting the
topology_policy_enabledknob to True.[admin:ctrl]: > configure gslbservice GS-1 Updating an existing object. Currently, the object is: +----------------------------------+--------------------------------------------------+ | Field | Value | +----------------------------------+--------------------------------------------------+ | uuid | gslbservice-88ad049f-e188-40f3-90de-235c6cb676a2 | | name | GS-1 | | domain_names[1] | foo.avi.com | | groups[1] | | | name | GS-1-pool-1 | | priority | 9 | | algorithm | GSLB_ALGORITHM_CONSISTENT_HASH | | members[1] | | | ip | 10.10.10.1 | | ratio | 1 | | enabled | True | | resolve_fqdn_to_v6 | False | | preference_order | 2 | | members[2] | | | ip | 10.10.10.2 | | ratio | 1 | | enabled | True | | resolve_fqdn_to_v6 | False | | preference_order | 4 | | enabled | True | | groups[2] | | | name | GS-1-pool-2 | | priority | 10 | | algorithm | GSLB_ALGORITHM_ROUND_ROBIN | | members[1] | | | ip | 10.10.10.3 | | ratio | 1 | | enabled | True | | resolve_fqdn_to_v6 | False | | preference_order | 1 | | members[2] | | | ip | 10.10.10.4 | | ratio | 1 | | enabled | True | | resolve_fqdn_to_v6 | False | | preference_order | 1 | | enabled | True | | down_response | | | type | GSLB_SERVICE_DOWN_RESPONSE_NONE | | controller_health_status_enabled | True | | health_monitor_scope | GSLB_SERVICE_HEALTH_MONITOR_ALL_MEMBERS | | enabled | True | | use_edns_client_subnet | True | | wildcard_match | False | | site_persistence_enabled | False | | pool_algorithm | GSLB_SERVICE_ALGORITHM_PRIORITY | | min_members | 0 | | resolve_cname | False | | is_federated | True | | tenant_ref | admin | +----------------------------------+--------------------------------------------------+ [admin:ctrl]: gslbservice> topology_policy_enabled [admin:ctrl]: gslbservice> saveThe GSLB service is configured as shown below:
+----------------------------------+--------------------------------------------------+ | Field | Value | +----------------------------------+--------------------------------------------------+ | uuid | gslbservice-88ad049f-e188-40f3-90de-235c6cb676a2 | | name | GS-1 | | domain_names[1] | foo.avi.com | | groups[1] | | | name | GS-1-pool-1 | | priority | 9 | | algorithm | GSLB_ALGORITHM_CONSISTENT_HASH | | members[1] | | | ip | 10.10.10.1 | | ratio | 1 | | enabled | True | | resolve_fqdn_to_v6 | False | | preference_order | 2 | | members[2] | | | ip | 10.10.10.2 | | ratio | 1 | | enabled | True | | resolve_fqdn_to_v6 | False | | preference_order | 4 | | enabled | True | | groups[2] | | | name | GS-1-pool-2 | | priority | 10 | | algorithm | GSLB_ALGORITHM_ROUND_ROBIN | | members[1] | | | ip | 10.10.10.3 | | ratio | 1 | | enabled | True | | resolve_fqdn_to_v6 | False | | preference_order | 1 | | members[2] | | | ip | 10.10.10.4 | | ratio | 1 | | enabled | True | | resolve_fqdn_to_v6 | False | | preference_order | 1 | | enabled | True | | down_response | | | type | GSLB_SERVICE_DOWN_RESPONSE_NONE | | controller_health_status_enabled | True | | health_monitor_scope | GSLB_SERVICE_HEALTH_MONITOR_ALL_MEMBERS | | enabled | True | | use_edns_client_subnet | True | | wildcard_match | False | | site_persistence_enabled | False | | pool_algorithm | GSLB_SERVICE_ALGORITHM_PRIORITY | | min_members | 0 | | resolve_cname | False | | is_federated | True | | tenant_ref | admin | | topology_policy_enabled | True | +----------------------------------+--------------------------------------------------+ [admin:ctrl]: > -
Configure topology policy rule for GSLB service group selection.
- Use the
gs_group_selectioncommand to select a GSLB service pool or group for matching DNS query. - Use the
group_namecommand to add GSLB service group name.
[admin:ctrl]: > configure dnspolicy dns-vs-TopologyPolicy-0 Updating an existing object. Currently, the object is: +------------+------------------------------------------------+ | Field | Value | +------------+------------------------------------------------+ | uuid | dnspolicy-e3aae711-7617-439f-912a-dea3945d39e1 | | name | dns-vs-TopologyPolicy-0 | | tenant_ref | admin | +------------+------------------------------------------------+ [admin:ctrl]: dnspolicy> rule New object being created [admin:ctrl]: dnspolicy:rule> name "Rule 1" [admin:ctrl]: dnspolicy:rule> index 1 [admin:ctrl]: dnspolicy:rule> match [admin:ctrl]: dnspolicy:rule:match> geo_location [admin:ctrl]: dnspolicy:rule:match:geo_location> match_criteria IS_IN [admin:ctrl]: dnspolicy:rule:match:geo_location> geolocation_tag "East Coast" [admin:ctrl]: dnspolicy:rule:match:geo_location> save [admin:ctrl]: dnspolicy:rule:match> save [admin:ctrl]: dnspolicy:rule> action [admin:ctrl]: dnspolicy:rule:action> gs_group_selection [admin:ctrl]: dnspolicy:rule:action:gs_group_selection> group_name "GS-1-pool-2" [admin:ctrl]: dnspolicy:rule:action:gs_group_selection> save [admin:ctrl]: dnspolicy:rule:action> save [admin:ctrl]: dnspolicy:rule> save [admin:ctrl]: dnspolicy> saveThe topology policy is configured as shown below:
+---------------------------------+------------------------------------------------+ | Field | Value | +---------------------------------+------------------------------------------------+ | uuid | dnspolicy-e3aae711-7617-439f-912a-dea3945d39e1 | | name | dns-vs-TopologyPolicy-0 | | rule[1] | | | name | Rule 1 | | index | 1 | | enable | True | | match | | | geo_location | | | match_criteria | IS_IN | | use_edns_client_subnet_ip | True | | geolocation_tag | East Coast | | action | | | gs_group_selection | | | group_name | GS-1-pool-2 | | tenant_ref | admin | +---------------------------------+------------------------------------------------+ [admin:ctrl]: > - Use the
Configuring a Topology Policy to Select the GSLB Service Pool using the UI
- Log in to UI and navigate to Applications > GSLB Services. Select the desired GSLB services and click the edit icon.
Note: Starting with NSX Advanced Load Balancer 22.1.2, support for GSLB service pool selection through topology policy is available. The UI support for GSLB pool selection is available from NSX Advanced Load Balancer version 22.1.3 onwards. -
Under GSLB pools, click Add Pool to open New GSLB Pool window.
-
Navigate to Applications > GSLB Services. Select the required GSLB service and click edit icon to configure topology policy rule for GSLB service group selection. Select Topology Policy checkbox.
-
Navigate to Applications > Virtual Services. Select the DNS Virtual service hosting the GSLB service and click edit. Go to Policies > Topology Policy and click Edit. Configure the match criteria and select action as pool selection, specify the pool name of GSLB service to be selected if match criteria is met. The topology policy is configured as shown below:
a. Name: Specify name of the rule.
b. Matches: Select the match for DNS service pool. The following are the options available:- Client IP Address
- Protocol
- Query Name
- Query Type
- Geographical Location
c. Actions: Select the DNS policy action from the drop-down menu. The following are the options available:
- Allow/ Drop Query
- Query Response
- Pool Switching
- Rate Limit
- GSLB Service Group Selection
- GSLB Site
Additional Information
Document Revision History
| Date | Change Summary |
|---|---|
| July 15, 2022 | Updated Topology Policy on GSLB Service Level (Version 22.1.1) |