cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1042
Views
25
Helpful
13
Replies

How to test GSS before going to Production

new_networker
Level 1
Level 1

Scenario:

The live web application is currently running on one site. New site has to be setup following which the traffic will have to be routed from the old site to the new site. GSS will be implemented for the first time on both sites, old and new.

What is a good way to test out the GSS functionality before going into Production i.e. without affecting the old production internet traffic.

Regards.

1 Accepted Solution

Accepted Solutions

TTL is defined by Minimum field in SOA (Start of Authority) type as default TTL (common practice), or individually at each record as TTL (comparatively rare practice).

So the lowering down of ttl value in your case should happen at you ISP's DNS server, which is authoritative for the domain.

Syed

View solution in original post

13 Replies 13

Easiest thing would be to use a temporary DNS server and define it as the authoritative DNS server for the GSS domains and create entries for GSS here.

Configure your laptop/workstation to use this temp DNS server as the primary DNS Server.

Syed

Thanks.

Can I use local host file for this purpose instead of setting up a DNS server.

If you are not using GSS as the primay DNS server (Not running CNR-- Which is mostly the case) then Its always the Client Side DNS server that acts as client for the GSS.

Without CNS, Client PCs are never going to hit GSS, it will always be their DNS Servers.

HTH

Syed Iftekhar Ahmed

Ok.

Following is what I have put down for switchover steps in general for routing the internet traffic to the new site from old site (web application). Please review and assist

1. The domain name (www.abc.com) A record has already been propogated along with the authoritative server to the outside DNS servers.

2. Now, the same host/domain name (www.abc.com) will be used on the new site.

3. After installing the GSS at the old and new sites, the GSS shall be configured to return the VIP which will be defined on ACE.

4. The authoritative server is updated with the NS server (i.e. gss host).

5. Now, all the traffic hitting the authoritative server will direct it to gss public IP. GSS will receive request on private IP after being natted on the perimeter firewall.

6. GSS will reply with the VIP

7. User traffic will now be forwarded to the new IP via VIP i.e.new site.

Questions:

a) Is the above approach/understanding correct

b) Initially after going live, GSS in old site shall answer all the incoming requests. How will this function be switched to another GSS located at the new site. Or should traffic be sent to the second GSS regardless of the old site traffic.

Are both GSSs (at old & new sites) part of the same GSS network? If yes then request for http://www.abc.com can be forwarded to any of the GSSs.

Both of these GSSs should have the same rules and should reply back with the same VIP. In GSS network all GSSs carry the same Rules and they independently probes the Resources (Vips).

The primary DNS server can route the DNS resolution request to either GSS (at old/new site).

Lets Assume that your VIP is the IP for ww.abc.com.

You have two DataCenters DC1 & DC2 with one GSS place at each location.

Gss1 is at DC1 & GSS2 is at DC2.

As per the above assumptions

You should have the following entries in the Primary DNS server which is authoritative for the entire “abc.com” domain

http://www.abc.com. IN NS gss1.abc.com. <-- NS record for http://www.abc.com via GSS

http://www.abc.com. IN NS gss2.abc.com

gss1.abc.com. IN A 100.100.100.100 <-- A record for GSS1 at DC1

gss2.abc.com IN A 200.200.200.200 <-- A record for GSS2 at DC2

The primary DNS server with the above two recoeds can route the DNS resolution request to either gss1/gss2.

Typical flow is as follows

1. Client will hit their DNS servers (configured on their machines as primary/backup dns server).

2. "Client's DNS server" will query "DNS server authoritative for abc.com" for http://www.abc.com.

3. "DNS server authoritative for abc.com" will ask "client's DNS server" to query "GSS1/GSS2 -both Authoritative for http://www.abc.com"

4. "Client's DNS server" will query either gss1/gss2 for http://www.abc.com.

5. GSS1/GSS2 will send the ip add of most appropriate http://www.abc.com (which should be configured on ACE as VIP).

6. "Client's DNS server" will handover this VIP to client

7. Client will hit the VIP configured on ACE (for application http://www.abc.com).

Syed Iftekhar Ahmed

Great!

So lets say the NS record is updated just before cut-over to new site. There would still be many DNS servers around the world that had cached the previous DNS query. And that cache is still pointing to old DNS entry i.e. www.abc.com ip address instead of gss1/gss2 ip address.

So how should such requests over the internet be handled since the incoming traffic initiated by the cache entry may give unexpected results.

Please share any other issues you have encountered/assumed during live switchover implementations.

Regards.

Each DNS record has a TTL (time to live) value attached.This value is controlled by the Authoritative DNS server, and dictates the length of time that other DNS servers and applications are allowed to store/cache this DNS record before they must discard it and request a new copy if needed again.

Whenever you want to change the ip address for a DNS record the best idea is to change the ttl value to a lower value. This will ensure that the DNS servers of the world are only caching it for 2/3 minutes.

So for example if TTL is currently set for "X days" then you should lower it down to 2/3 minutes (this will increase the load on DNS server) "X days" prior to the migration.

Syed Iftekhar Ahmed

Hi,

I think I need more clarification on this.

From your reply I understand there are two authorities.

1. DNS server authoritative for abc.com (Domain)

2. GSS1/GSS2 -both Authoritative for http://www.abc.com (Hostname)

So there will be two point of changes I suppose. One at ISP (which hosts our current DNS Auhtoritative Server for the domain abc.com) and second at GSS which will host the DNS Authoritative Server for the hostnames for e.g. http://www.abc.com)

Please correct me if I am wrong.

Secondly, should the DNS record for the hostname be www.abc.com or http://www.abc.com

If http is required, then how will https requests be catered.

Regards.

In my previous post under Primary DNS server config I wrote

http://www.abc.com. IN NS gss1.abc.com. <-- NS record for http://www.abc.com via GSS

http://www.abc.com. IN NS gss2.abc.com

Which should be replaced with

www.abc.com. IN NS gss1.abc.com. <-- NS record for www.abc.com via GSS

www.abc.com. IN NS gss2.abc.com

My text editor played smart and put http:// by itself. In DNS server config you do not specify any protocol. DNS simply translate name to ip address. you dont need to worry about http/ftp/https or any protocol for that matter.

If you are currently not using GSS then DNS at your ISP is he only place to make changes,

Syed Iftekhar Ahmed

Since there is no change to the authoritative DNS server for domain abc.com, is it correct to say that there will be no propagation and hence no downtime for an existing web service.

The main difference after including GSS is that the hostname records are extended/moved to the GSS appliance. Right ?

Regards.

TTL is defined by Minimum field in SOA (Start of Authority) type as default TTL (common practice), or individually at each record as TTL (comparatively rare practice).

So the lowering down of ttl value in your case should happen at you ISP's DNS server, which is authoritative for the domain.

Syed

hi,

Would anyone know how to define the following in Windows Server 2003 DNS under zone 'abc.com'. I don't see any option for creating hostname such as www.abc.com to be 'IN NS gss1.abc.com'.

www.abc.com. IN NS gss1.abc.com. <-- NS record for http://www.abc.com via GSS

www.abc.com. IN NS gss2.abc.com

Please assist.

Regards.

Ok. I got it done.

The option to configure the above is 'New Delegation' under the parent domain.

This will map the hostname queries to the NS entity.

Review Cisco Networking for a $25 gift card