06-06-2006 05:13 AM
Hi Guys,
I am currently trying to set-up GSLB between two CSS11501 running advanced feature set.
One is to be housed in one geographical location the other in our DR site.
I am wanting to use Roundrobin DNS to load balance between both sites and also need to configure dns sticky.
Do I simply need to configure as follows, also how can i use both http and https keepalives as I can only add dns to one rule??
Predicted config
CSS-1
app
app session 192.168.5.1
dns-server
dns-server zone 0 tier1 "dc1"
dns-record a www.somesite.co.uk [Vip_address] single-ap 192.168.4.1 60 sticky-enabled
serivce web1
ip address 192.168.1.1
keepalive type http
active
owner GSLB
content web
add dns www.somedomain.co.uk
add service web1
add service web2
CSS-1
app session 192.168.4.1
dns-server
dns-server zone 0 tier1 "dc1"
dns-record a www.somesite.co.uk [Vip_address] single-ap 192.168.5.1 60 sticky-enabled
serivce web1
ip address 192.168.2.1
keepalive type http
active
owner GSLB
content web
add dns www.somedomain.co.uk
add service web1
add service web2
Is this the best way to set this up??
Thanks in advance
Scott
06-06-2006 05:14 AM
second should read CSS-2
dns-server zone 1 tier1 "dc2"
Scott
06-07-2006 12:15 AM
Scott,
you're mixing 2 types of config.
There are 2 ways to achieve GSLB with the CSS.
One is called zone-based and the other one is called content-based.
From the name you can guess that the content-based solution is configured with the command 'add dns' under the content rule while the zone-based solution is configured using zone and dns record.
You are doing both and this could be a problem.
So, you should go for one or the other.
I would recommend the zone-based.
Also, if you want to have both http and https keepalive for the same service, you don't have much solution but to use a keepalive script.
Finally, we now recommend not to use GSLB on the CSS but instead to deploy a GSS which offers more features for all dns related questions.
Gilles.
06-07-2006 05:14 AM
Hi Giles,
i am now trying to deploy zone based, however when i interactivly login to the CSS the dns-server doesn't respond at all.
I have stripped the config back but still i get nothing??
CSS-1
dns-record a www.blu-fox.co.uk 80.86.36.1
dns-server
when i try the zone stuff its exactly the same, hence i am just trying to get one working for dns to start with, I just keep seeing errors in sh dns-server stats??
Cheers
Scott
06-07-2006 05:34 AM
Hi Giles,
i have tried resolving things locally that i have entered A records for and i get no response.
I have set primary dns to itself.
Entered A records and tried NS records, however the CSS just won;t resolve dns????
I set up content rule based GLSB and that worked fine.
Cheers
Scott
06-07-2006 06:30 AM
Scott,
for zone based, you need a zone, a A-record and the dns-server command.
If you get no response, capute a 'show dns-record keepalive' and make sure everything is up.
Gilles.
06-07-2006 06:38 AM
Hi Giles,
I now have it working of sorts, however I couldn't get the kal-ap keepalive to work????
I was specifying the ip of the outside nic on the CSS??
Current configs as follows;
CSS-1# sh run
!Generated on 06/07/2006 07:35:56
!Active version: sg0810107s
configure
!*************************** GLOBAL ***************************
kal-none
dns-server zone 0 tier1 "dc1"
dns-server
dns-record a www.blu-fox.co.uk 80.86.36.1 15 single kal-icmp 80.86.36.1 254 st
app session 192.168.66.2
app
dns primary 192.168.64.2
host dc1 192.168.64.2
host dc2 192.168.66.2
ip route 0.0.0.0 0.0.0.0 192.168.64.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge vlan 10
interface e2
phy 100Mbits-FD
bridge vlan 20
interface e5
bridge vlan 20
interface e6
bridge vlan 20
!************************** CIRCUIT **************************
circuit VLAN10
ip address 192.168.64.2 255.255.255.0
circuit VLAN20
ip address 192.168.65.1 255.255.255.0
!************************** SERVICE **************************
service web1
ip address 192.168.65.10
keepalive type http
keepalive uri "/"
active
service web2
port 80
ip address 192.168.65.20
keepalive type http
keepalive uri "/"
active
!*************************** OWNER ***************************
owner GSLB
content http-vip
add service web1
add service web2
advanced-balance sticky-srcip
vip address 80.86.36.1
active
CSS-2
CSS-2# sh run
!Generated on 06/07/2006 07:37:26
!Active version: sg0810107s
configure
!*************************** GLOBAL ***************************
dns-server zone 1 tier1 "dc2"
dns-server
dns-record a www.blu-fox.co.uk 80.86.36.17 15 single kal-icmp 80.86.36.17 254
sticky-enabled
app
app session 192.168.64.2
host dc1 192.168.64.2
host dc2 192.168.66.2
ftp-record DEFAULT_FTP 80.86.32.86 test des-password 5c6cydtgecxchbkg /
ip route 0.0.0.0 0.0.0.0 192.168.66.1 1
!************************* INTERFACE *************************
interface e1
bridge vlan 10
phy 100Mbits-FD
interface e2
bridge vlan 20
phy 100Mbits-FD
interface e5
bridge vlan 20
interface e6
bridge vlan 20
!************************** CIRCUIT **************************
circuit VLAN10
ip address 192.168.66.2 255.255.255.0
circuit VLAN20
ip address 192.168.67.1 255.255.255.0
!************************** SERVICE **************************
service web1
ip address 192.168.67.10
active
service web2
ip address 192.168.67.20
active
!*************************** OWNER ***************************
owner GSLB
content http-vip
add service web1
add service web2
advanced-balance sticky-srcip
vip address 80.86.36.17
Does the above config do the same thing? Instead of using the kal-ap I am simply polling the vip service ip??
Cheers
Scott
06-07-2006 11:27 PM
yes, this is more or less equivalent.
the keepalive type kal-ap requires a tag to be associated to a content rule.
There is kal-ap-vip that works by looking for the vip corresponding the dns ip address.
If you have more than one vip and want to select a specific one, this is one you use kal-ap.
The tag is actually configured with the command 'add dns
This is explained in the following config guide
[look for kal-ap].
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide