53-1002437-01 January 2012 ServerIron ADX Global Server Load Balancing Guide Supporting Brocade ServerIron ADX version 12.4.
© 2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, TurboIron, and Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary Networks, MyBrocade, VCS, and VDX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Contents About This Document Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Notes, cautions, and danger notices . . . . . . . . . . . . . . . . . . . . . .
Site persistence in GSLB using stickiness. . . . . . . . . . . . . . . . . . . . .64 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Enabling sticky GSLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Allowing sticky sessions for a specific prefix length . . . . . . . . . 67 Configuring the sticky GSLB session life time . . . . . . . . . . . . . . 67 Displaying current sticky GSLB sessions . . . . . . . . . . . . . . . . . .
DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112 Verification with DIG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 DNSSEC GSLB in DNS proxy mode . . . . . . . . . . . . . . . . . . . . . .114 Configuring DNSSEC for GSLB . . . . . . . . . . . . . . . . . . . . . . . . .115 Displaying DNSSEC configuration. . . . . . . . . . . . . . . . . . . . . . .116 Displaying DNSSEC statistics . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying GSLB information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165 Displaying site information . . . . . . . . . . . . . . . . . . . . . . . . . . . .165 Displaying real server information . . . . . . . . . . . . . . . . . . . . . .168 Displaying DNS zone and hosts . . . . . . . . . . . . . . . . . . . . . . . .170 Displaying metric information . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Displaying the default GSLB policy . . . . . . . . . . . . . . . . . . . . . .
Displaying GSLB for IPv6 configurations . . . . . . . . . . . . . . . . . . . . .231 Show commands for basic GSLB configurations. . . . . . . . . . .231 Show commands for advanced features . . . . . . . . . . . . . . . . .245 Troubleshooting GSLB for IPv6 configurations . . . . . . . . . . . . . . . .246 Appendix A Reference Materials RFC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
viii ServerIron ADX Global Server Load Balancing Guide 53-1002437-01
About This Document Audience This document is designed for system administrators with a working knowledge of Layer 2 and Layer 3 switching and routing. If you are using a Brocade Layer 3 Switch, you should be familiar with the following protocols if applicable to your network – IP, RIP, OSPF, BGP, ISIS, IGMP, PIM, DVMRP, and VRRP. Supported hardware and software Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for 12.3.
bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords Identifies text to enter at the GUI or CLI italic text Provides emphasis Identifies variables Identifies document titles code text Identifies CLI output For readability, command names in the narrative portions of this guide are presented in bold: for example, show version. Notes, cautions, and danger notices The following notices and statements are used in this manual.
Corporation Referenced Trademarks and Products Microsoft Corporation Windows NT, Windows 2000 The Open Group Linux Related publications The following Brocade documents supplement the information in this guide: • • • • • • • • • • • Release Notes for ServerIron Switch and Router Software TrafficWorks 12.2.
xii ServerIron ADX Global Server Load Balancing Guide 53-1002437-01
Chapter Global Server Load Balancing 1 Global Server Load Balancing overview Global Server Load Balancing (GSLB) enables a ServerIron ADX to add intelligence to authoritative Domain Name System (DNS) servers by serving as a proxy to these servers and providing optimal IP addresses to the querying clients.
1 Global Server Load Balancing overview If the local DNS server does not have an address record for the requested server, the local DNS server makes a recursive query. When a request reaches an authoritative DNS server, that DNS server responds to this DNS query. The client’s local DNS server then sends the reply to the client. The client now can access the requested host. With the introduction of redundant servers, a domain name can reside at multiple sites, with different IP addresses.
Global Server Load Balancing overview 1 • Session table statistics and CPU load information — The site ServerIron ADXs report this information to the GSLB ServerIron ADX at regular intervals. By default, each remote ServerIron ADX sends the status information to the GSLB ServerIron ADX every 30 seconds. You can change the update period for all the remote ServerIron ADXs by specifying a new period on the GSLB ServerIron ADX if needed.
1 Global Server Load Balancing overview • • • • • • IMAP4: the well-known name for port 143 LDAP: the well-known name for port 389 NNTP: the well-known name for port 119 POP3: the well-known name for port 110 SMTP: the well-known name for port 25 TELNET: the well-known name for port 23 NOTE To display the list when configuring zone information, enter the host-info ? command, where is a string specifying a host name.
Global Server Load Balancing overview 1 3. The authoritative DNS server for brocade.com answers the client’s query (forwarded by the GSLB ServerIron) by sending a list of IP addresses for the sites that correspond to the requested host. 4. The GSLB ServerIron assesses each IP address in the DNS reply to determine the optimal site for the client, and moves the address for that site to the top of the list. Authoritative DNS server for domain brocade.com DNS 209.157.23.
1 Global Server Load Balancing overview servers that receive the records retain them in their databases for only 10 seconds. After the ten seconds expire, subsequent requests from the client initiate another query to the authoritative DNS server. As a result, the client always receives fresh information and the address of the site that is truly the best site for the client. NOTE You also can change the TTL if needed.
Global Server Load Balancing overview 1 If the GSLB policy rejects all of the sites, the GSLB ServerIron ADX sends the DNS reply unchanged to the client. All of these metrics have default values but you can change the values if needed. In addition, you can disable individual metrics or reorder them. Refer to “Changing the GSLB policy metrics” on page 34.
1 Global Server Load Balancing overview NOTE You cannot use the weighted IP metric if the weighted site metric is enabled. The GSLB ServerIron ADX uses relative percentages in order to achieve 100% total weight distribution. To configure weighted IP metrics, refer to “Implementing the weighted IP metric” on page 40. Weighted site metric You can configure the ServerIron ADX to distribute SLB traffic among GSLB sites based on weights configured for the sites.
Global Server Load Balancing overview 1 Round-trip time between the remote ServerIron ADX and the client The Round-trip time (RTT) is the amount of time that passes between when the remote site receives a TCP connection (TCP SYN) from the client and when the remote site receives the client’s acknowledgment of the connection request (TCP ACK).
1 Global Server Load Balancing overview Site ServerIron ADX’s connection load A GSLB site’s connection load is the average number of new connections per second on the site, over a given number of intervals. When you enable this GSLB metric, all potential candidates are compared against a predefined load limit. All sites that have fewer average connections than the threshold are selected and passed to the next comparison metric.
Global Server Load Balancing overview 1 Site ServerIron ADX’s administrative preference The administrative preference is an optional metric. This metric is a numeric preference value from 0-255 that you assign to each site ServerIron ADX, to select that ServerIron ADX if the previous metrics do not result in selection of a best site. The GSLB policy prefers the site ServerIron ADX with the highest administrative preference.
1 Global Server Load Balancing overview Use the round robin selection metric instead of the least response selection metric when you want to prevent the GSLB ServerIron ADX from favoring new or recently recovered sites over previously configured active sites. The Least Response metric can cause the GSLB ServerIron ADX to select a new site or a previously unavailable site that has come up again instead of previously configured sites for a given VIP.
Minimum required configuration 1 NOTE The sum of number of VIPs configured and the number of GSLB hosts configured on the GSLB ServerIron ADX should not exceed 1024. Similarly, the sum of real servers configured and the number of DNS IP addresses should not exceed 4096.
1 Minimum required configuration Issue show gslb site on the controller to display site communication information. The state displays “CONNECTION ESTABLISHED” when communication is successful. A protocol version of 1 corresponds to “ATTEMPTING CONNECTION”. Established connections use protocol versions 4 or 5. SLB-chassis(config)# show gslb site SITE: brocade Enhanced RTT smoothing: OFF SI: 1.1.1.
1 Configuring GSLB Configuring GSLB The examples in the procedures in this section are based on the configuration shown in Figure 1 on page 4. TABLE 1 Configuration tasks: Global SLB Feature See page... DNS proxy parameters Configure a source IP address. The source IP address is required so that the GSLB ServerIron ADX can perform the health checks on remote devices. Add a real-server definition for the DNS server. Add a VIP for the DNS server and bind the real server and virtual server.
1 Configuring GSLB TABLE 1 Configuration tasks: Global SLB (Continued) Feature See page... Disable or re-enable GSLB Traps (optional) Disable or re-enable GSLB SNMP traps and syslog messages page 186 GSLB Error Handling for Unsupported DNS Requests (optional) Configure the ServerIron ADX to send error messages in response to client requests for unsupported DNS record types. page 188 You can configure the GSLB ServerIron ADX to be a proxy for more than one DNS server.
Proxy for DNS server 1 Proxy for DNS server NOTE The following scenario is for switch software. If you are using router software, then all you need is an interface IP on the ServerIron ADX that can reach the DNS server. To configure the GSLB ServerIron ADX as a proxy for a DNS server, complete the following steps. 1. If the GSLB ServerIron ADX and site ServerIron ADXs are in different subnets, add a source IP address.
1 Proxy for DNS server For example, the GSLB ServerIron ADX shown in Figure 1 on page 4 needs a source IP address in the subnet 209.157.23.x. Without this source IP address, Layer 4 and Layer 7 health checks to the ServerIron ADXs at the Sunnyvale site (209.157.22.x) and the Atlanta site (192.108.22.x) cannot reach the GSLB ServerIron ADX. To add a source IP address, enter a command such as the following: ServerIronADX(config)# server source-ip 209.157.23.225 255.255.255.0 0.0.0.
Proxy for DNS server 1 Syntax: [no] server real-name Syntax: [no] port dns proxy Syntax: [no] port [disable | enable] Syntax: [no] port [keepalive] Syntax: [no] server virtual-name-or-ip [] Syntax: [no] bind Enabling the GSLB protocol For security, remote ServerIron ADXs do not listen to TCP port 182 (the GSLB protocol port) by default. This means the GSLB protocol is disabled on remote site ServerIron ADXs by default.
1 Proxy for DNS server ServerIronADX(config-gslb-site-sunnyvale)# si-name slb-2 209.157.22.210 200 NOTE The administrative preference metric is disabled by default, which means it is not used by the GSLB policy. The GSLB policy uses the preference values only if you enable this metric. Refer to “Disabling or re-enabling individual GSLB policy metrics” on page 38. Syntax: [no] gslb site The parameter is a text string that uniquely identifies the site on the GSLB ServerIron ADX.
Proxy for DNS server 1 Specifying GSLB controller locations By default, the GSLB controller is assigned to the North America geographic. Specify the GSLB controller location by entering the following command at the global configuration level.
1 Proxy for DNS server • • • • • • IMAP4: the well-known name for port 143 LDAP: the well-known name for port 389 NNTP: the well-known name for port 119 POP3: the well-known name for port 110 SMTP: the well-known name for port 25 TELNET: the well-known name for port 23 The parameter specifies a TCP/UDP port number instead of a well-known port.
Proxy for DNS server 1 To display the status of CNAME, enter the following command.
1 Proxy for DNS server Syntax: host-info http | status-code [ [ []]] You can specify up to four ranges (total of eight values). To specify a single message code for a range, enter the code twice. For example to specify 200 only, enter the following command: port http status-code 200 200. NOTE When you change the status code ranges, the defaults are removed.
Proxy for DNS server 1 Syntax: host-info alias NOTE Make sure you configure the alias only after configuring the zone and the host application the alias is for, as shown in the example above. In addition, make sure you specify the fully-qualified name for the alias (for example, “www.gslb.brocade.com” instead of “www.gslb”. Configuring null host names When you configure a zone name in GSLB, you enter the zone name, then associate host applications with the zone name.
1 Private VIPs for GSLB ServerIronADX(config)# gslb dns zone brocade.com ServerIronADX(config-gslb-dns-brocade.com)# host-info www http ServerIronADX(config-gslb-dns-brocade.com)# host-info www ip-list 209.157.23.59 When the ServerIron ADX receives a reply from the client’s DNS server for brocade.com, the ServerIron ADX replaces the IP address in the reply with 209.157.23.59, the IP address of a proxy server.
Private VIPs for GSLB FIGURE 3 1 GSLB and private VIPs SI SI GSLB ServerIron A Firewall Firewall Site ServerIron B Private IP of VIP: 192.168.10.1 Public IP of VIP: 207.95.55.23 Internet Using the example in Figure 3, suppose the configuration specifies that the public IP address will be used by both the peer GSLB ServerIron ADX A and the site ServerIron ADX B.
1 Private VIPs for GSLB Private VIP display information To obtain more information about the public and private IP addresses configured for a VIP on a ServerIron ADX, use the following commands: • show gslb dns zone (see “Displaying the results of traffic distribution for Weighted IPs” on page 42 for an example screen display) • show gslb site (see “Displaying GSLB IP information” on page 28) • show gslb dns detail (the following is an example) ServerIronADX# show gslb dns detail ZONE: gslb1.
Configuring GSLB protocol parameters 1 The display shows that the public IP address, 207.95.55.23, is used by both the local and peer GSLB ServerIron ADXs. Syntax: show server virtual-name-or-ip NOTE For a complete description of the fields shown in this screen display, refer to the ServerIron ADX. To display the IP address used for a VIP at a given GSLB site, enter the following command. ServerIronADX-B# sh gslb site SITE: local ServerIronADX: 192.168.10.
1 Configuring GSLB protocol parameters The parameter specifies the TCP port number you want the ServerIron ADX to use for exchanging GSLB information with other ServerIron ADXs. If you change the GSLB protocol port number, you must write memory and reload the software to place the change into effect. Also, you must change the port to the same number on all ServerIron ADXs in the GSLB configuration.
Configuring GSLB protocol parameters 1 Removing IP addresses for sites that fail a health check By default, the ServerIron ADX does not remove an IP address from a DNS reply even if the address fails a health check. You can configure the ServerIron ADX to remove IP addresses from DNS replies when those addresses fail a health check. The ServerIron ADX removes the addresses that fail the check so long as the DNS query still contains at least one address that passes the health check.
1 Configuring GSLB protocol parameters To display the state of this feature, enter the show gslb policy command. The DNS best-only field indicates whether the feature is enabled or disabled. Refer to “Displaying the default GSLB policy” on page 175. Changing the query interval Frequency with which the ServerIron ADX verifies its current DNS records with DNS servers.
Configuring GSLB protocol parameters 1 ServerIronADX(config-gslb-policy)# no dns ttl Syntax: [no] dns ttl Enabling DNS override By default, the GSLB ServerIron ADX selects the best site IP address from among the addresses contained in the DNS reply. You can override the DNS reply for an individual domain (zone plus a host) by specifying a list of IP addresses, then enabling DNS override.
1 Configuring GSLB protocol parameters When you enable DNS override, the GSLB ServerIron ADX replaces the IP addresses in the DNS reply with the “best” of the proxy server addresses you specify. The GSLB ServerIron ADX determines which proxy server IP address is the best using the GSLB policy metrics. For information about the metrics, refer to “GSLB policy” on page 6. NOTE DNS override is a global parameter but a list of proxy IP addresses are associated with a specific host in a specific domain.
Configuring GSLB protocol parameters TABLE 2 1 GSLB policy metrics Metric Default Configuration options Server (host) health Enabled. The GSLB ServerIron ADX performs Layer 4 health checks on the TCP or UDP port and Layer 7 health checks on the application, if the application is known to the ServerIron ADX. You can disable this metric.
1 Configuring GSLB protocol parameters TABLE 2 36 GSLB policy metrics (Continued) Metric Default Configuration options Connection load Disabled. You can enable this metric. You also can change the data collection interval, the number of intervals used to calculate the connection load average, and the relative weights of the intervals. Available session capacity Enabled. The default tolerance is 10%.
Configuring GSLB protocol parameters 1 After changing policy values, you can display the new values using the show gslb policy command. If you decide you want to change a value back to its default (using “no” in front of the command you used to change it), you can display all the default policy values by entering the show gslb default command. Refer to “Displaying the default GSLB policy” on page 175.
1 Configuring GSLB protocol parameters • active bindings: The ServerIron ADX’s preference for the IP address with the highest number of active bindings. • capacity: The remote ServerIron ADX’s session capacity threshold.
Configuring GSLB protocol parameters 1 ServerIronADX(config)# gslb policy ServerIronADX(config-gslb-policy)# health-check ServerIronADX(config-gslb-policy)# geographic To enable the administrative preference metric, which is disabled by default, enter the following commands.
1 Configuring GSLB protocol parameters Implementing the weighted IP metric Beginning with router software release 08.1.00R, you can configure the ServerIron ADX to distribute GSLB traffic among IP addresses in a DNS reply, based on weights assigned to the IP addresses. The weights determine the percentage of traffic each IP address receives in comparison with other candidate IP addresses, which may or may not have assigned weights.
Configuring GSLB protocol parameters 1 • The number of eligible IP addresses to be evaluated by the weighted IP metric and their weights • The weight assigned to the IP address If an IP address has a relative weight of zero, or if it does not have a weight assigned to it, the IP address is not selected as the best IP address for a client.
1 Configuring GSLB protocol parameters is the IP address for which you are assigning a weight. is a value from 0 to 100. The default value is 0. However, this command will result in an error if the IP argument for ip-weight has not been previously entered as an argument for ip-list. For example, enter the command such as the following: SLOWANSI01(config-gslb-dns-myzone.com)#host-info www ip-weight 4.4.4.
Configuring GSLB protocol parameters TABLE 5 1 Example weighted site metric configuration GSLB site Configured weighted site metric Relative weighted site metric San Jose 50 50% New York 30 30% London 20 20% Total 100 100% Now consider the example in Table 6. In this example, the total of the Configured weighted site metrics (second column) does not equal 100.
1 Configuring GSLB protocol parameters Traffic distribution specifications In general, DNS response selection counters are maintained per IP address, per domain name. For example, suppose you configure three GSLB sites with assigned weights. All three sites host the application www.gslb.com and sites New York and London also host ftp.gslb.com, as illustrated below. www.gslb.com VIP 1.1.1.1 belongs to San Jose with a weight of 50 VIP 1.1.1.2 belongs to New York with a weight of 30 VIP 1.1.1.
Configuring GSLB protocol parameters 1 Displaying results of traffic distribution for Weighted Sites To view the results of traffic distribution after configuring weighted site metrics, enter the following command. ServerIronADX(config)# show gslb traffic site SITE: local Weight: 50 * a.b.c DNS Requests: 36 ServerIronADX VIP Selection (%) == === ============= 1.1.1.1 1.1.1.181 9 (25 %) 1.1.1.1 1.1.1.180 9 (25 %) Site Selection for Domain: 18 (50 %) * b.b.
1 Configuring GSLB protocol parameters The second example shows the third site. SITE: THREE * a.b.c DNS Requests: 36 ServerIronADX VIP == === 1.1.1.3 1.1.1.183 Site Selection for Domain: 0 (0 %) * b.b.c DNS Requests: 0 ServerIronADX VIP == === 1.1.1.3 1.1.1.123 Site Selection for Domain: 0 (0 %) Selection (%) ============= 0 (0 %) Selection (%) ============= 0 (0 %) In the above examples, there are two hosts; a (HTTP) and b (FTP) which belong to the zone b.c.
Configuring GSLB protocol parameters 1 For each VIP of interest, the GSLB ServerIron ADX stores the number of active bindings for the respective application port. If the agent is running a software image that does not support the active bindings metric, it does not report any information specific to the active bindings metric. In this case, the default active bindings value for each VIP residing on that site is 1 or 0, depending on the health status of the VIP. If the VIP is active, the value is 1.
1 Configuring GSLB protocol parameters GSLB active bindings enhancements The following features have been added to GSLB active bindings: • Weighed active bindings • Minimum active bindings • Tracking an application port for active bindings Configuring weighted active bindings Weighted Active Bindings allows you to configure the GSLB ServerIron ADX to direct requests to domain VIPs in proportion to their active bindings.
Configuring GSLB protocol parameters 1 ServerIronADX# configure terminal ServerIronADX(config)# gslb dns zone company.com ServerIronADX(config-gslb-dns-company.com)# host-info www http ServerIronADX(config-gslb-dns-company.com)# host-info www ssl ServerIronADX(config-gslb-dns-company.com)# host-info www http track-port ServerIronADX(config-gslb-dns-company.
1 Configuring GSLB protocol parameters ServerIronADX(config)# gslb policy ServerIronADX(config-gslb-policy)# connection-load limit 500 This command sets the site connection limit to 500 connections. During site comparison, the GSLB policy discards sites that have an average load of new connections that is higher than the amount you specify. All other sites are passed to the next GSLB policy metric as potential candidates.
Configuring GSLB protocol parameters 1 Changing the sample interval weight The interval weights are the relative weights of each data sample within a set of sampling intervals. When the data samples are averaged together, the relative weights of the samples can affect the outcome. You can adjust the load calculation formula by changing the weights of the intervals, so that some intervals are counted more heavily towards the average than other intervals.
1 Configuring GSLB protocol parameters You can change these parameters on an individual basis. To change the session-table capacity metric, enter commands such as the following: ServerIronADX(config)# gslb policy ServerIronADX(config-gslb-policy)# capacity threshold 99 Syntax: [no] capacity threshold The parameter specifies the maximum percentage of a site ServerIron ADX’s session table that can be in use.
Configuring GSLB protocol parameters 1 Modifying round-trip time values The Round-trip time (RTT) is the amount of time that passes between when the remote site receives a TCP connection (sends a TCP SYN) from the client and when the remote site receives the client’s acknowledgment of the connection request (sends a TCP ACK). A site ServerIron ADX sends RTT data to the GSLB ServerIron ADX every five seconds.
1 Configuring GSLB protocol parameters Syntax: [no] round-trip-time cache-interval The parameter specifies the aging interval and can be from 10-1,000,000 seconds (about 11-1/2 days). The default is 120 seconds. Changing the RTT cache prefix You can change the RTT cache prefix, which specifies the level of aggregation that occurs in the GSLB ServerIron ADX’s RTT cache. The entries in the RTT cache include IP address information for the clients.
Configuring GSLB protocol parameters 1 ServerIronADX(config)# gslb policy ServerIronADX(config-gslb-policy)# round-trip-time explore-percentage 10 The command in this example changes the RTT explore percentage from 5% to 10%. Syntax: [no] round-trip-time explore-percentage The parameter specifies the explore percentage and can be from 0-100. The default is 5.
1 Secure GSLB The specifies the address of the cache entry. This is not necessarily the address of a remote site. The address you specify here is combined with the prefix length to result in a network prefix (network portion of an IP address). The prefix length can be from 1-31. NOTE The prefix length 0 is not applicable to this feature and is ignored by the software. You can enter more than one prefix on the same command line. Separate each prefix with a space.
Secure GSLB 1 • Peer authentication — Each network device must be authenticated before it can connect to the GSLB network. This check ensures that any peer a GSLB device communicates with is the legitimate peer. Peer authentication is provided by using the Rivest-Shamir-Adleman (RSA) public key technology. The key length is 1024 bits. • Data Encryption — Converts plaintext into cipher text (encrypted data). Only the designated receiver can decrypt and retrieve the information.
1 Secure GSLB RSA challenge dialogue Once the initial peer authentication is complete, there is a challenge response dialogue between the two ServerIron ADXs as follows. From GSLB controller to site ServerIron ADX: • GSLB controller uses the site ServerIron ADX public key to encrypt a random sequence of bytes. • • • • The GSLB controller sends these encrypted bytes to the site ServerIron ADX. The site ServerIron ADX uses its private key to decrypt the bytes.
Secure GSLB 1 Configuring secure-communication on the controller On the GSLB controller, to enable the secure protocol instead of the standard one, enter commands such as the following: SLB-Ctrl-ServerIronADX(config)# gslb site sfo SLB-Ctrl-ServerIronADX(config-gslb-site-sfo)# si slb-1 100.1.1.3 secure-communication Syntax: si secure-communication The GSLB site ServerIron ADX will automatically understand the secure protocol.
1 Secure GSLB ServerIron(config)#wr mem .Write startup-config in progress. ..Write startup-config done. ServerIron(config)#Saving SSH host keys process is ongoing. Please wait ................................................................................. ......Writing SSH host keys is done! SLB-Ctrl-ServerIronADX(config)#^Z SLB-Ctrl-ServerIronADX#reload A write mem followed by a reload is required. Next, enter the crypto key generate rsa command on the site ServerIron ADX and reload.
Secure GSLB 1 NOTE When you specify a TCP port for the key exchange communication, DO NOT use port 182, or the port that you configured for GSLB communication traffic. The default destination TCP port for key exchange is 56895. To change default TCP port when doing public key exchange, enter a command such as the following: ServerIronADX(config)# crypto key-exchange passive 111 3. David connects to Bob's device and send his RSA public key. The fingerprint of the key is displayed on David's screen.
1 Secure GSLB 9. After the key-exchange (fingerprint) takes place, the key must be saved on both the controller and site ServerIron ADX using the crypto key-exchange save-peer-key command. Notice there is an erase-peer-key option also. SLB-Ctrl-ServerIronADX(config)#crypto key-exchange ? A.B.C.
Secure GSLB 1 The one-time option configures the peer public keys for a one-time usage, which is the highest level of security. They expire after each TCP session to the peer device is disconnected. To set up a new connection between the devices to forward GSLB messages, you must redo the key exchange steps detailed previously. When you enable the gslb auth-encrypt-communication secure-only option on a site, the ServerIron ADX will communicate only with the controller that is Secure GSLB enabled.
1 Site persistence in GSLB using stickiness The parameter specifies the name of the peer site ServerIron ADX to regenerate the session keys for. The parameter specifies the IP address of the peer site ServerIron ADX. The regenerate-key-interval parameter configures the ServerIron ADX to periodically regenerate session keys for the peer site ServerIron ADX. Each time a connection is set up, this key is regenerated and negotiated.
Site persistence in GSLB using stickiness 1 • Client IP address/prefix • Domain name the client requested • Selected IP address for the request This information is saved in a session table when the Sticky GSLB feature is enabled, and the GSLB controller creates a sticky session for each client within the session table. Each session has a special user type and source port or destination port number to distinguish from other sessions.
1 Site persistence in GSLB using stickiness Enabling sticky GSLB Enabling sticky GSLB is the minimum required configuration.
Site persistence in GSLB using stickiness 1 Syntax: [no] sticky NOTE No special CLI commands need to be issued on the site ServerIron ADX. Allowing sticky sessions for a specific prefix length You can allow sticky sessions for a specific prefix length (not all hosts). For added granularity of the sessions, specify the prefix length for the client IPs. The default is 32 bits.
1 Site persistence in GSLB using stickiness Displaying current sticky GSLB sessions To display current Sticky GSLB sessions, rconsole into a barrel processor (BP) and enter the following command. 2/3 #show session all 0 Session Info: Flags - 0:UDP, 1:TCP, 2:IP, 3:INT, 4:INVD, H: sessInHash, N: sessInNextEntry Index Src-IP ===== ====== 0 0.0.0.5 1 0.0.0.5 2 100.1.1.0 3 100.1.1.6 4 100.1.1.7 5 0.0.0.5 6 0.0.0.5 7 0.0.0.5 8 0.0.0.5 Dst-IP ====== 100.1.1.10 100.1.1.30 255.0.255.0 0.0.0.1 0.0.0.1 100.1.1.
Site persistence in GSLB using stickiness 1 Sticky GSLB counters To display how many times an IP address was selected as the best candidate for a client request, enter the following command. 2/3 #show gslb dns detail ZONE: gslb.com HOST: www: (GSLB policy: test) Flashback delay (x100us) TCP APP 0 0 DNS resp. selection counters Count (%) 13 (100%) * 100.1.1.30: dns v-ip ACTIVE N-AM Active Bindings: 1 site: local, weight: 0, SI: 100.1.1.1 session util: 0%, avail.
1 Site persistence in GSLB using hashing Deleting sticky GSLB session for a specific client To delete Sticky GSLB sessions for a specific client, enter a command such as the following: ServerIronADX#clear gslb sticky-session client-ip 100.1.1.101 Syntax: clear gslb sticky-session client-ip The is the IP address or prefix of the client for which sticky session will be deleted.
Site persistence in GSLB using hashing 1 To display the hash table for all domains or a specific zone-name, enter a command on the BP, such as the following: ServerIronADX# rconsole 1 1 ServerIronADX1/1#show gslb phash table all Syntax: show gslb phash table This command displays different results depending on which CPU you're looking at. To view a full count of all buckets, you need to examine the hashing table on all BP CPUs, not just one.
1 Site persistence in GSLB using hashing Example 1.1.1.42 yields hash index 45 {(1+1+1+42 %256) = 45} 172.168.10.1 yields hash index 95 {(172+168+10+1 %256) = 95} After the Client IP address is hashed to an index in the hash table, the IP address associated with the hash index in the hash table is selected as the best IP address for the client. The ServerIron reorders the IP address in the DNS server’s response so that the best IP address is first. Then it forwards the modified response to the client.
Site persistence in GSLB using hashing 1 The hash table allocation looks like the following: 0 1 2 3 4 5 .42 .44 .42 .44 .42 .44 6 7 .42 .44 8 9 .42 .44 Now the new IP address 1.1.1.43 is configured for domain www.foo.com. The ServerIron ADX sorts the IP addresses for domain www.foo.com as follows. 1.1.1.42 (rank 1) 1.1.1.43 (rank 2) 1.1.1.44 (rank 3) The new IP is 1.1.1.43. The top row below shows the current allocation of the hash table.
1 Site persistence in GSLB using hashing SLB-ServerIronADX(config)#gslb policy SLB-ServerIronADX(config-gslb-policy)#hash-persist persist-rehash-disable The second command disables the behavior described in the section “Rehash: new IP address for a domain or change of state” on page 72. Syntax: hash-persist persist-rehash-disable The parameter specifies the number of seconds before an IP address is removed from the hash table when that IP becomes down. The default is 5 seconds.
Site persistence in GSLB using hashing 1 SLB-ServerIronADX#clear gslb phash table zone-name gslb.com host-name www Syntax: clear gslb phash zone-name host-name Show commands Many existing show commands for GSLB global and host-level policy have been enhanced for hash-based persistence. Take note of the bold fields.
1 Weighted distribution of sites with hash-based persistence SLB-ServerIronADX#show gslb dns detail ZONE: gslb.com HOST: www: (Global GSLB policy) Flashback DNS resp. delay selection (x100us) counters SLB-ServerIronADX#show gslb dns detail TCP APP Count (%) * 100.1.1.163: dns v-ip ACTIVE N-AM 0 0 7 (100%) ZONE: gslb.com Active Bindings: 1 HOST: www: site:policy) local, weight: 0, SI: 100.1.1.2 (Global GSLB session util: 0%, avail.
Weighted distribution of sites with hash-based persistence 1 • “Disabling rehash on change in hash weight configuration” on page 79 GSLB hash-based persistence GSLB provides two methods for persistence- Sticky method and Hash-based persistence. Sticky GSLB is suitable for single-box and HA (hot standby, symmetric, sym-active) topologies.
1 Weighted distribution of sites with hash-based persistence In our example, Hash Hash Hash Hash Hash Hash Hash Hash bucket bucket bucket bucket bucket bucket bucket bucket 0 1 2 3 4 5 6 7 will will will will will will will will be be be be be be be be assigned assigned assigned assigned assigned assigned assigned assigned to to to to to to to to 1.1.1.42 1.1.1.43 1.1.1.44 1.1.1.44 1.1.1.42 1.1.1.43 1.1.1.44 1.1.1.44 And so on. In other words, for every bucket assigned to 1.1.1.
1 Weighted distribution of sites with hash-based persistence The ServerIron ADX sorts the IP addresses for domain www.foo.com in ascending order of the addresses as follows. 1.1.1.42 (rank 1)Hash Weight: 1 1.1.1.43 (rank 2)Hash Weight: 1 1.1.1.44 (rank 3) Hash Weight: 2 The hash table for domain is rehashed using the algorithm described in Section 1.3. The hash table for www.foo.com will be as follows after rehashing. 0 1 2 3 255 .42 .43 .44 .44 .
1 Weighted distribution of sites with hash-based persistence NOTE All the existing CLI for old hash-based persistence is applicable to weighted hash based persistence also. It is not described in this document for the sake of brevity. For further details on existing CLI for hash-based persistence, please refer to the online GSLB documentation. Enabling weighted hash-based GSLB persistence Weighted hash-based GSLB persistence can be enabled for all domains or for specific domains as needed.
Weighted distribution of sites with hash-based persistence 1 Configuring weights for domain IP addresses Weighted Hash-based GSLB persistence enables the user to distribute the hash buckets for the domain in proportion to the weights configured for the domain IP addresses. Use the following command line interface to configure weights for the domain IP addresses. ServerIronADX(config)# gslb dns zone gslb.com ServerIronADX(config-gslb-dns-gslb.com)# host www http ServerIronADX(config-gslb-dns-gslb.
1 Weighted distribution of sites with hash-based persistence ServerIronADX(config-gslb-policy)# hash-persist disable-weight-rehash Use the following command line interface to disable rehashing on weight change for host-level GSLB policy.
Weighted distribution of sites with hash-based persistence 1 Manually forcing rehash for a domain Consider the case where user disables rehashing on introduction of a new IP address or change of IP address state from down to healthy or on change in the IP weight configuration, as described earlier. In such a scenario, user may wish to force a rehash at a feasible time in order to allow the new configuration to also be included in the hash table.
1 Displaying the contents of active RTT cache entries ******************************************************** Client IP address: 30.30.1.2 Domain : www.l47qa.com Number of hashed IPs for domain : 3 Number of active IPs for domain : 3 Client IP hashes to bucket number: 63 IP associated with hash bucket 63: 20.20.1.100 Your Client IP 30.30.1.2 will be serviced by domain IP 20.20.1.
Affinity 1 Affinity The GSLB affinity feature configures the GSLB ServerIron ADX to always prefer a specific site ServerIron ADX for queries from clients whose addresses are within a given IP prefix. This feature is useful in the following situations: • When you want to use a primary site for all queries and use other sites only as backups. • When you want to use a site located near clients within a private network for all queries from the private network.
1 Affinity • If the reply contains a VIP on the ServerIron ADX associated with the prefix that the client’s IP address is in, the ServerIron ADX places the VIP at the top of the address list in the reply. (This assumes that the VIP passes the applicable health checks if they are enabled.) • If the reply contains more than one VIP on the ServerIron ADX associated with the prefix that contains the client’s IP address, the ServerIron ADX selected the VIP that has been selected least often.
Affinity 1 The parameter specifies the site ServerIron ADX’s management IP address. NOTE In either case, the running-config and the startup-config file refer to the ServerIron ADX by its IP address. The or / parameter specifies the prefix. You can specify a mask from 0.0.0.0-255.255.255.254. If you instead specify a prefix length, you can specify from 0-31 bits. If you specify 0.0.0.0 0.0.0.0 or 0.0.0.
1 GSLB domain-level affinity Displaying affinity selection counters You can display the number of times an IP address is selected based on affinity. To display the information, enter the following command. ServerIronADX(config)# show gslb dns detail ZONE: gslb.com HOST: www: * * Flashback DNS resp. delay selection (x100us) counters TCP APP Count (%) 1.1.1.101: dns v-ip ACTIVE N-AM 0 0 4 (100%) site: santaclara, ServerIronADX: 1.1.1.102 session util: 0%, avail.
GSLB domain-level affinity 1 Command line interface Users will now be able to configure domain-level affinity groups in addition to the global affinity definitions. The new command line interface for the domain-level affinity feature is described below. Creating a domain-level affinity group To create a domain-level affinity group, use the following commands.
1 GSLB domain-level affinity Show commands • • • • “show gslb affinity-group ” “show gslb resources” “show gslb dns zone” “show gslb dns detail” show gslb affinity-group Use this command to display the affinity group, associated affinity definitions, and other related information. Syntax: show gslb affinity-group [] If no group number is specified, this command displays all the domain affinity groups.
DNS cache proxy TCP * * 1.1.1.16: cfg real-ip ACTIVE N-AM 1.1.1.108: cfg v-ip ACTIVE N-AM 5 0 APP 17 0 1 Count (%) 0 (0%) 5 (100%) show gslb dns detail Use this command to display the affinity group associated with the domain and the number of selections based on affinity. Syntax: show gslb dns detail [] ServerIronADX# show gslb dns detail ZONE: foo.com HOST: www: (Global GSLB policy) GSLB affinity group: 7 * * Flashback delay (x100us) TCP APP 5 15 0 0 DNS resp.
1 DNS cache proxy In configurations where the ServerIron ADX and DNS server are co-located, the additional round trip time between the ServerIron ADX and DNS server is usually negligible. However, if the ServerIron ADX and DNS server are in different networks, the delay can become significant. In this case, the DNS cache proxy can help enhance performance by eliminating the exchange between the ServerIron ADX and DNS server for responses to client queries.
DNS cache proxy 1 • DISABLE (the default) • ENABLE Displaying DNS cache proxy statistics The GSLB ServerIron ADX maintains statistics for the transparent DNS as well as DNS proxy mode query intercept and DNS cache proxy features. The following statistics are displayed for DNS cache proxy: • Number of DNS queries the GSLB ServerIron ADX has responded to using the DNS cache proxy feature instead of forwarding the queries to the DNS server.
1 DNS cache proxy The Direct response field, under “DNS cache proxy stat”, lists how many DNS queries the GSLB ServerIron ADX has responded to using the DNS cache proxy feature instead of forwarding the queries to the DNS server. In this example, the GSLB ServerIron ADX has responded directly to client queries ten times with the best site address among those cached on the ServerIron ADX itself, instead of forwarding the request to the DNS server.
Transparent DNS query intercept 1 GSLB ServerIron ADX performs GSLB on client queries for IPv4 address records (A records). In GSLB topologies, when the client query comes in for any of the other record types, the GSLB ServerIron forwards the query to the backend DNS server and sends the DNS response unaltered to the client. DNS supports a special query type called "ANY". If the client sends a DNS query with type ANY, the DNS response contains all the records configured for that domain.
1 Transparent DNS query intercept • Redirect the client queries to a proxy DNS server and send the reply unchanged. The ServerIron ADX redirects the client request to the alternate DNS server and sends the response, as is, to the client. The alternate DNS server could be a ServerIron ADX configured for GSLB, in which case the reply has the best address(es) for the client. • Directly respond to client queries using the IP addresses configured for the domain.
Transparent DNS query intercept 1 Authoritative DNS server for domain brocade.com 209.157.23.130 4. ServerIron changes the source address in the reply to the authoritative DNS server. If the reply is from a proxy DNS server, the ServerIron also changes the destination address from the ServerIron’s source IP address to the client’s IP address. DNS ServerIron configured to intercept DNS queries to 209.157.23.130 SI 2.
1 Transparent DNS query intercept Use the following CLI method to configure this feature. To configure the ServerIron ADX to redirect queries to an alternative DNS server, enter commands such as the following: ServerIronADX(config)# source-ip 209.157.23.100 255.255.255.0 0.0.0.0 ServerIronADX(config)# server remote-name dns-redirect 209.200.22.
Transparent DNS query intercept 1 This command configures a virtual server that has the DNS server’s actual IP address. When the ServerIron ADX receives a DNS query addressed to the DNS server IP address, the ServerIron ADX intercepts the packet instead of forwarding it to the DNS server. The intercept parameter is required and indicates that you want to use the virtual server for intercepting DNS queries. This parameter also instructs the ServerIron ADX to ignore ARP requests and pings to the address.
1 Transparent DNS query intercept ServerIronADX(config)# server virtual-name-or-ip dns-intercept 209.157.23.130 intercept ServerIronADX(config-vs-dns-intercept)# port dns ServerIronADX(config-vs-dns-intercept)# bind dns dns-redirect dns ServerIronADX(config-vs-dns-intercept)# exit ServerIronADX(config)# gslb dns zone brocade.com ServerIronADX(config-gslb-dns-brocade.com)# host-info www http ServerIronADX(config-gslb-dns-brocade.
Transparent DNS query intercept 1 NOTE For non-direct respond transparent intercept, you should not enable dns transparent-intercept in the gslb policy. Notice that unlike the types of transparent DNS query intercept shown in “Redirecting queries” on page 97, the type shown here does not require configuration of a real server.
1 Enabling DNS request logging TABLE 7 Transparent DNS query intercept statistics This field... Displays... Redirect The number of queries the ServerIron ADX has redirected to an alternative (proxy) DNS server or another ServerIron ADX. Direct response The number of queries to which the ServerIron ADX has directly responded using an IP address configured for the domain.
Enabling DNS request logging TABLE 8 1 GSLB request information This field... Displays... User.Info The management IP address of the GSLB ServerIron ADX. src-ip The IP address of the client that sent the DNS request. best-ip The IP address selected by the GSLB ServerIron ADX as the best site. Host The host application requested by the client. Zone The zone name requested by the client. Metric The GSLB metric according to which the site was selected as the best site.
1 Enabling DNS request logging BP support as GSLB agent If the ServerIron ADX is used as a GSLB agent, the BP synchronizes RTT information collected from clients that make TCP SLB connections to the ServerIron ADX, to the MP. The MP communicates this RTT information to all collectors with which it opened TCP port 182 connections. Note that the agent needs to be serving TCP SLB connections in order to collect RTT samples from client networks.
Enabling DNS request logging 1 The configuration required for the GSLB distributed health check feature depends on whether the GSLB ServerIron ADX and the site ServerIron ADX support the distributed health check feature or not. Refer to the table below for more information on the configuration available and mandated by the GSLB distributed health check feature.
1 Enabling DNS request logging Enabling the distributed health check feature for an individual site ServerIron ADX You can enable the distributed health check feature for an individual site ServerIron ADX. Enter the commands such as the following on the GSLB ServerIron ADX, not on the site ServerIron ADX. GSLB-ServerIronADX(config)# gslb site sunnyvale GSLB-ServerIronADX(config-gslb-site-sunnyvale)# si-name abc 1.1.1.
Enabling DNS request logging 1 To globally configure the health status reporting interval, enter commands such as the following on the GSLB ServerIron ADX. GSLB-ServerIronADX(config)# gslb policy GSLB-ServerIronADX(config-gslb-policy)# health-status-interval 3 Syntax: [no] health-status-interval The parameter specifies the interval. Range is 2-120 seconds.
1 Enabling DNS request logging SITE-ServerIronADX# debug distributed-hcheck sent-add-list GSLB: sent-add-list debugging is on SITE-ServerIronADX# Sending Address List msg: VIP = 192.9.2.16, Active = 1, Host Range = 1, Num Ports = 2 Sending Address List msg: VIP = 192.9.2.
Enabling DNS request logging 1 Configuration examples FIGURE 7 Topology GSLB ServerIron Site SI 1.1.1.105 SI SI Site SI 1.1.1.106 SI Site SI 1.1.1.107 SI SI Site SI 1.1.1.108 Example 1 In this example: • The GSLB ServerIron ADX supports the distributed health check feature. • Site ServerIron ADXs 1.1.1.105, 1.1.1.106 and ServerIron ADX 1.1.1.107 all belong to site “sunnyvale” and do not support the distributed health check feature. • Site ServerIron ADX 1.1.1.
1 Enabling DNS request logging In order to globally configure the health status interval to 7 seconds, configure the following on the GSLB ServerIron ADX. GSLB-ServerIronADX(config)# gslb policy GSLB-ServerIronADX(config-gslb-policy)# health-status-interval 7 GSLB-ServerIronADX(config-gslb-policy)# end The distributed health check ServerIron ADX 1.1.1.108 now starts sending the health check status information to the GSLB ServerIron ADX every 7 seconds.
Enabling DNS request logging 1 The GSLB ServerIron ADX does not support the distributed health check feature, so the distributed health check configuration is neither supported nor applicable to the GSLB ServerIron ADX. The non-distributed health check GSLB ServerIron ADX and the distributed health check site ServerIron ADXs inter-operate without any special configuration; that is, no mandatory configuration is required to make them compatible.
1 DNSSEC DNSSEC DNSSEC (Domain Name System Security Extensions) is a set of extensions that provide DNS resolvers origin authentication of DNS data, data integrity and authenticated denial of existence. It protects DNS resolvers from forged DNS data (from cache poisoning, etc.). DNSSEC does not provide confidentiality. With DNSSEC, the responses are signed using public key cryptography.
DNSSEC 1 1. LDNS sends a normal type A request with the DO bit set to the mydnssec.com ADNS 2. If the ADNS supports DNSSEC, the response has the DO bit set and a RRSIG record for the response RRset in the answer section 3. The LDNS will then fetch the DNSKEY used in the RRSIG from the ADNS 4. DNSKEY validation at the LDNS occurs as follows: • It is configured to trust the DNSKEY for the root (.). • It fetches the DS record for the .com zone from the root. • It fetches the DNSKEY for the .
1 DNSSEC Verification with DIG The following example shows dig being used to validate a DNSSEC response. [16:31:54 root@rhl-236 ~]# dig +dnssec mydnssec.com +multiline +sigchase +trusted-key=/root/dnssec/Kmydnssec.com.+005+08340.key ;; RRset to chase: mydnssec.com. 86400 IN A 10.35.62.235 ;; RRSIG of the RRset to chase: mydnssec.com. 86400 IN RRSIG A 5 2 86400 20100513221145 ( 20100413221145 8340 mydnssec.com.
DNSSEC 1 (IP address) are used in the signature. The TTLs of individual resource records are not part of the data used in signing to allow for aging. Since the TTL of the RRSIG record is part of the signed data, a caching resolver is expected to cache a response up to the minimum (smallest RR TTL in RRset, RRSIG record TTL). With this approach a DNSSEC response can be performed without having to re-sign DNSSEC responses and without the need for key management.
1 DNSSEC Configuring load balancing of plain DNS request across all servers If zones and real servers are configured for DNSSEC, then non-dnssec servers are used for requests on non-dnssec zones. To load-balance non-dnssec (plain DNS) requests across all servers, use one of the following commands.ServerIron(config)# server virtual dns_vip 209.157.23.
Host-level policies for site selection 1 ServerIronADX# show gslb global-statistics DNS proxy statistics: TCP response = Query type A = DNSSEC response = 4 UDP response 8 Query type ANY 3 DNS cache proxy stat: Direct response = 0 DNS query intercept stat: Redirect = 0 Unsupported query types stat: Error handling cnt = 0 Direct response = = 5 1 = 0 Syntax: show gslb global-statistics Host-level policies for site selection ServerIron ADX provides the following support for configuring GSLB poli
1 Host-level policies for site selection 1. Define a name for the host-level GSLB policy. Refer to page 118. 2. Configure the parameters for the policy. Refer to page 118. 3. Apply the policy to a host or multiple hosts. Refer to page 125.
Host-level policies for site selection 1 You must specify a connection limit to enable the Connection Load metric. You can specify a value from 1 to as high a value as you need. There is no default. However, the actual value of the Connection Load limit, and other connection load parameters, will be obtained from the global GSLB policy.
1 Host-level policies for site selection Some of the DNS parameters are not configurable in the host-level GSLB policy. These parameters include: • dns cache-proxy: Enables the ServerIron ADX to act as a proxy for a DNS server, by responding directly to the client queries without forwarding them to the DNS server • dns check-interval: Changes the refresh interval for DNS queries to refresh verify zone and host information.
Host-level policies for site selection 1 When the ServerIron ADX compares the Flashback speeds, it compares the Layer 7 (application-level) Flashback speeds first, if applicable. If the application has a Layer 7 health check and if the Flashback speeds are not equal, the ServerIron ADX is through comparing the Flashback speeds. However, if only the Layer 4 health check applies to the application, or if further tie-breaking is needed, the ServerIron ADX then compares the Layer 4 Flashback speeds.
1 Host-level policies for site selection GSLB-ServerIronADX(config)# gslb-host-policy abc GSLB-ServerIronADX(config-gslb-host-policy-abc)# metric-order set health-check round-trip-time capacity num-session flashback Syntax: [no] metric-order set The parameter is a list of the metrics you want to use, in the order you want the GSLB ServerIron ADX to use them for the host-level policy. The GSLB ServerIron ADX uses the metrics in the order you specify.
Host-level policies for site selection 1 Enabling the Num-session metric The capacity threshold specifies how close to the maximum session capacity the site ServerIronADX (remote ServerIron ADX) can be and still be eligible as the best site for the client. This mechanism provides a way to shift load away from a site before the site becomes congested. The GSLB ServerIron ADX uses this metric when evaluating the sites in a DNS reply to choose the best site.
1 Host-level policies for site selection Syntax: [no] round-robin Enabling the Round-Trip-Time metric You can enable the GSLB metric for the round-trip time between the remote ServerIron ADX and the DNS client. The Round-trip time (RTT) is the amount of time that passes between when the remote site initiates a TCP connection (sends a TCP SYN) to the client and when the remote site receives the client’s acknowledgment of the connection request (sends a TCP ACK).
Host-level policies for site selection 1 GSLB-ServerIronADX(config)# gslb-host-policy abc GSLB-ServerIronADX(config-gslb-host-policy-abc)# weighted-site Syntax: [no] weighted-site Use the no form of the command to disable the weighted IP metric for the host-level policy. Applying a host-level policy to a GSLB host To apply a configured host-level policy to a GSLB host, enter commands such as the following: GSLB-ServerIronADX(config)# gslb dns zone gslb1.com GSLB-ServerIronADX(config-gslb-dns-gslb1.
1 Host-level policies for site selection Displaying all GSLB policies To view all defined host-level policies, enter the following command.
Host-level policies for site selection 1 Displaying the policy used for hosts To view which GSLB policy is being used for hosts, enter the following command. ServerIronADX# show gslb dns zone ZONE: gslb1.com HOST: www: (GSLB policy: test) * * * * 1.1.1.101: 1.1.1.22: 10.10.10.200: 1.1.1.76: dns dns dns dns v-ip real-ip real-ip v-ip N-AM N-AM N-AM N-AM Flashback delay (x100us) TCP APP 0 0 22 16 ----- DNS resp.
1 Host-level policies for site selection Deleting GSLB host-level policies Deleting a policy that is not applied to a host You can delete a host-level GSLB policy directly using the no gslb host-policy-name command as long as the policy is not applied to a host. If the policy is bound to a host, the GSLB ServerIron ADX will not allow you to delete the policy.
Geographic region for a prefix 1 GSLB-ServerIronADX(config-gslb-dns-gslb1.com)# exit GSLB-ServerIronADX(config)# gslb dns zone foo.com GSLB-ServerIronADX(config-gslb-dns-foo.com)# host-info ftp ftp GSLB-ServerIronADX(config-gslb-dns-foo.com)# host-info ftp gslb-policy test In the above example, with host policy “test” applied to host “www” for gslb1.com, when the ServerIron ADX receives client queries for www.gslb1.
1 Geographic region for a prefix management IP address. If you configure a geographic prefix entry that matches the management IP address of the remote ServerIron ADX and also specify a geographic location for the GSLB site where the remote ServerIron ADX resides, then the geographic location configured for the GSLB site takes precedence over the one defined in the user-configured geographic prefix entry.
Geographic region for a prefix 1 Syntax: [no] geo-prefix { | } [asia | europe | n-america | s-america | africa] The command configures an association between a prefix and a geographic location. The and variables identify the respective networks. Five operands serve as location tags for the network: asia, europe, n-america, s-america, and africa.
1 Geographic region for a prefix To view all geographic prefixes on the GSLB ServerIron ADX, enter the following command. GSLB-ServerIronADX# show gslb cache all geographic user-configured prefix length = 24, prefix = 1.1.1.0, region = EUROPE prefix source = geographic (user-configured), prefix length = 24, prefix = 10.10.10.0, region = ASIA prefix source = geographic (user-configured) The output above shows the IP address prefix, prefix length, the geographic region and source (user-configured).
Smoothing mechanism for RTT measurements 1 ServerIronADX# show gslb dns detail ZONE: gslb1.com HOST: www: (Global GSLB policy) * * * * Flashback DNS resp. delay selection (x100us) counters TCP APP Count (%) 1.1.1.22: dns real-ip ACTIVE ASIA 5 16 --- 10.10.10.200: dns real-ip DOWN N-AM ----- 1.1.1.76: dns v-ip DOWN ASIA ----- site: local, weight: 0, ServerIronADX: 1.1.1.102 session util: 0%, avail. sessions: 5999976 preference: 128 1.1.1.
1 Smoothing mechanism for RTT measurements This release introduces a new smoothing mechanism along with a proprietary smoothing algorithm for GSLB RTT measurements to effectively deal with variances in RTT measurements. These mechanisms allow you to define what is a very high or a very low value for an RTT sample on the GSLB ServerIron ADX. If the new sample is in the acceptable range, GSLB ServerIron ADX will do a smoothing similar to the one described above.
Smoothing mechanism for RTT measurements 1 Each successively high RTT sample will be gradually factored into the existing RTT value using an additive increase. The ramp up factor specifies the step for the additive increase. For example, if the ramp up factor is 2 and the normal ramp factor is 10, then the percent usage of the new RTT sample will increase in increments of 2 until it reaches 10, as follows: 1,3,5,7, 9,10.
1 Smoothing mechanism for RTT measurements Syntax: enable-site-rtt-smoothing Disabling enhanced RTT smoothing To disable enhanced RTT smoothing for a GSLB Site, enter commands such as the following: GSLB-ServerIronADX# configure terminal GSLB-ServerIronADX(config)# gslb site sanjose GSLB-ServerIronADX(config-gslb-site-sanjose)# disable-site-rtt-smoothing Syntax: disable-site-rtt-smoothing This command disables enhanced RTT smoothing for the specified site.
Smoothing mechanism for RTT measurements 1 Specifying the ramp-up-factor The ramp-up factor specifies the increments in which successively new high RTT samples should be factored into the existing RTT value. If you want to specify the ramp-up factor, enter commands such as the following on the GSLB ServerIron ADX.
1 Smoothing mechanism for RTT measurements Syntax: enable-sim-new-rtt-smooth This command enables enhanced RTT smoothing only for simulation purposes. To disable the enhanced smoothing mechanism during simulation, configure the following: GSLB-ServerIronADX(config-gslb-rtt-sim-test)# disable-sim-new-rtt-smooth Syntax: disable-sim-new-rtt-smooth This command disables enhanced RTT smoothing only for simulation purposes.
Smoothing mechanism for RTT measurements 1 RTT state before application of RTT smoothing mechanism: ------------------------------------------------------------------ RTT val = 114, RTT decimal val = 0.0 Applied RTT smoothing algorithm for new RTT sample 30 RTT state after application of RTT smoothing mechanism: ---------------------------------------------------------------- RTT value after smoothing = 105, RTT decimal val = 0.
1 Smoothing mechanism for RTT measurements ---------------------------------------------------------------- RTT value after smoothing = 27, RTT decimal val = 0.
Round-trip times 1 GSLB-ServerIronADX(config-gslb-rtt-sim-test)# exit Note that the resulting RTT value obtained after smoothing the following set of RTT samples (30,1,1000,30,30,30,30) using the old smoothing mechanism is 90.0. The result and is 28.96 with the enhanced smoothing mechanism. Determining if the new RTT smoothing mechanism is enabled To determine if the new RTT smoothing mechanism is enabled or disabled for a GSLB Site, enter the following command.
1 Round-trip times configured on the remote site ServerIron ADX, the passive RTT information is also gathered and sent out to the GSLB controller. You can check the features on a ServerIron ADX using show feature command on a BP console. If "SLB only" is display as “ON,” that means that the ServerIron ADX will only process basic load balance traffic. FIGURE 9 Passive RTT gathering GSLB ServerIron 2. The GSLB ServerIron replies with the optimal IP address for the client. LDNS 4.
Round-trip times 1 Active RTT is always measured between the Site ServerIron ADX and the client LDNS. This method of measuring RTT enables the GSLB ServerIron ADX to use this actively gathered RTT even if the client and its LDNS do not share the same network prefix. FIGURE 10 Active RTT gathering GSLB ServerIron 2. LDNS sends the query to the GSLB ServerIron. The GSLB ServerIron replies with the optimal IP address for the client. LDNS 4.
1 Round-trip times GSLB ServerIron ADXs on which active RTT gathering is enabled is compatible with Site ServerIron ADXs that are running passive RTT gathering, and vice versa. You can have an active RTT gathering GSLB ServerIron ADX with some Site ServerIron ADXs running active RTT gathering and others that are running passive RTT gathering. You can also have a GSLB ServerIron ADX that supports only passive RTT gathering (for example.
Round-trip times 1 Syntax: [no] gslb active-rtt-gathering Once you enter this command on the GSLB ServerIron ADX, the GSLB ServerIron ADX performs a message exchange with each Site ServerIron ADX to determine if it is running a version that supports active RTT gathering. If it does, then the GSLB ServerIron ADX instructs the Site ServerIron ADX to enable active RTT gathering.
1 Round-trip times Configuring active RTT parameters Configuring active RTT query message interval The active RTT query message interval refers to the time intervals at which the GSLB ServerIron ADX sends the list of LDNS addresses to the Site ServerIron ADXs. These are the LDNS hosts for which the Site ServerIron ADXs need to actively gather the RTT. To configure the active RTT query message interval, enter the following on the GSLB ServerIron ADX.
Round-trip times 1 Configuring the active RTT refresh interval The Site ServerIron ADX maintains a timestamp for each of the LDNS prefixes in its active RTT cache. The time stamp indicates the last time RTT was probed. If the time that has elapsed since the last probe is greater than the RTT refresh interval on the Site ServerIron ADX, then the Site ServerIron ADX initiates a new RTT measurement probe to the LDNS host for that prefix.
1 Round-trip times In the example above, assume that the GSLB ServerIron ADX is configured as Mode 2. Also assume that this GSLB ServerIron ADX is providing GSLB for www.foo.com where the IP addresses for this domain are IP-1, IP-2, and IP-3. IP-1 is a VIP on ServerIron ADX-1. IP-2 is a VIP on ServerIron ADX-2. IP-3 is a VIP on ServerIron ADX-3. If a DNS resolution request comes from LDNS 201.53.10.1, then GSLB ServerIron ADX uses only the RTT information for IP-1 which is configured on ServerIron ADX 1.
Round-trip times 1 GSLB-ServerIronADX# configure terminal GSLB-ServerIronADX(config)# gslb policy GSLB-ServerIronADX(config-gslb-policy)# round-trip-time active-rtt use-active-and-passive-rtts To configure a host-level GSLB policy to use both passive and active RTT values for RTT algorithm (Mode 3), enter commands such as the following GSLB-ServerIronADX# configure terminal GSLB-ServerIronADX(config)# gslb-host-policy test GSLB-ServerIronADX(config-gslb-host-policy-test)# round-trip-time active-rtt u
1 Round-trip times If neither of these commands is configured, then the GSLB ServerIron ADX will not use any DNS probe measurement reported by the Site ServerIron ADXs and will use only the RTT values reported by the ICMP probe for the best IP address selection. Enabling the DNS prober To enable the DNS prober on the Site ServerIron ADX, enter the following on the Site ServerIron ADX.
Round-trip times 1 If both the ICMP and DNS fast-aging commands are enabled on the Site ServerIron ADX, then failure of either ICMP or DNS probes will quickly age out LDNS prefixes from the active RTT cache. Typically you should enable only one of these commands.
1 Round-trip times Displaying RTT information Displaying the RTT gathering mechanism To view the RTT gathering mechanism for a Site ServerIron ADX, enter the following command on the GSLB ServerIron ADX. ServerIronADX# show gslb site SITE: local Enhanced RTT smoothing: OFF ServerIronADX: 1.1.1.102: state: SELF Protocol Version: 3 distributed health-chk Active RTT gathering: ON Current num. Session CPU load sessions util(%) (%) 24 0 6 Virtual IPs: 1.1.1.
Round-trip times 1 Displaying the active RTT gathering configuration To view the active RTT gathering configuration parameters, enter the following command. ServerIronADX# show gslb active-rtt-info Controller Information: ----------------------- Active RTT gathering: ENABLE Discard Passive RTT recvd.
1 Round-trip times TABLE 9 Show GSLB active RTT information (Continued) This field... Displays... Num passive RTT peers Number of active RTT GSLB ServerIron ADXs for which this ServerIron ADX is a Site ServerIron ADX. Agent active rtt cache interval The cache interval for a prefix in the Site ServerIron ADX’s active RTT cache. Agent active rtt refresh interval The interval at which the Site ServerIron ADX refreshes the RTT value for LDNS prefixes in its active RTT cache.
Round-trip times 1 This output shows that the prefix 1.1.0.0, prefix length = 20 was created due to an active RTT update from the Site ServerIron ADX. The primary RTT reported for this prefix by Site ServerIron ADX 1.1.1.115 is 2000 usec, the source is active RTT gathering and the probe method is DNS. The backup RTT is 1600usec and the method is ICMP probes.
1 Round-trip times Displaying the RTT algorithm mode To display the RTT algorithm mode, enter the following command.
GSLB affinity for high availability 1 GSLB affinity for high availability The GSLB Affinity feature configures the GSLB ServerIron ADX to always prefer a specific Site ServerIron ADX for queries from clients (or client LDNS servers) whose addresses are within a configured IP prefix. To configure affinity, you associate a site ServerIron ADX with an IP prefix.
1 GSLB affinity for high availability Syntax: [no] gslb ha-group Enter the IP address of the two Site ServerIron ADXs in a HA group for and . Currently, you can specify only two Site ServerIron ADXs in a HA group. You can configure as many HA groups as needed, but a Site ServerIron ADX can only be in one HA group at a time.
GSLB affinity for high availability 1 1. Make sure you configure HA groups for the ServerIron ADX. (Refer to “Configuring an HA group” on page 157.) 2. Enable dynamic detection as a backup mechanism by entering commands such as the following on the GSLB ServerIron ADX.
1 GSLB affinity for high availability Syntax: show gslb site The field "Cfg HA peer" shows the configured HA peer Site ServerIron ADX for this Site ServerIron ADX. Displaying the dynamically detected HA pairs To view the dynamically detected ServerIron ADX HA pairs, use the following command on the GSLB ServerIron ADX. ServerIronADX#show gslb dns detail ZONE: gslb1.com HOST: www: (Global GSLB policy) * * * * Flashback delay (x100us) TCP APP ----0 0 DNS resp.
GSLB affinity for high availability FIGURE 11 1 GSLB affinity for HA GSLB protocol GSLB SI 1.1.1.102 LDNS G toc ol 2.1.1.53 l co GS to LB o pr pro B SL Clients SI 2.1.1.103 VIP 2.1.1.23 (A) High Availability SI 2.1.1.104 VIP 2.1.1.23 (S) ServerIron ADX 1.1.1.102 is a GSLB ServerIron ADX that is providing GSLB for domain www.foo.com. One of the IP addresses for ww.foo.com is 2.1.1.23. ServerIron ADX 2.1.1.103 and ServerIron ADX 2.1.1.104 are Site ServerIron ADXs.
1 GSLB optimization Client LDNS 2.1.1.53 sends a DNS request to GSLB ServerIron ADX for www.foo.com. GSLB ServerIron ADX rearranges the DNS reply as follows. 1. It checks if there is any affinity definition associated with the client LDNS network. In this example, it finds that there is a definition associating network 2.1.1.0/24 with ServerIron ADX 2.1.1.104. So it checks if there is any IP address in the reply which is a VIP configured on ServerIron ADX 2.1.1.
GSLB optimization 1 1. On controller, enable VIP list process optimization by issuing the following command at global config level. ServerIronADX(config)# gslb process-vip-list-optimize ServerIronADX(config)# write memory ServerIronADX(config)# reload NOTE A system reload is required after enabling the gslb process-vip-list-optimize command. 2. Under a site definition on the controller, add the si optimized-dist-hcheck command.
1 GSLB optimization ServerIronADX# show gslb site SITE: site-1 Enhanced RTT smoothing: OFF SI: 68.87.24.37: state: CONNECTION ESTABLISHED Protocol Version: 1 distributed health-chk Active RTT gathering: NO Secure Authenticate/Encrypt: NO, Optimized dist hcheck: YES, Current num. Session CPU load Preference Location Connection sessions util(%) (%) (0-255) Load-Avg 160 0 4 128 N-AM -Virtual IPs: 68.87.9.213(A) 68.87.7.211(A) 68.87.5.209(A) 68.87.3.207(A) 3.3.3.233(A) 68.87.64.215(A) 68.87.64.213(A) 68.87.
Displaying GSLB information 1 Guidelines and recommendations for using this feature We recommend that you observe the following guidelines when using this feature: • The GSLB controller and ServerIron ADX Side functionality (remote or local) should not be configured on the same ServerIron ADX. • Domain IPs should be VIPs rather than real IP hosts to minimize the health-check load on the GSLB controller.
1 Displaying GSLB information To display information for all the configured sites, enter the following command at any level of the CLI. ServerIronADX(config)# show gslb site SITE: sunnyvale ServerIronADX: slb-1 209.157.22.209: state: CONNECTION ESTABLISHED Current num. Session CPU load Preference Location sessions util(%) (%) 500000 50 35 128 N-AM Virtual IPs: 209.157.22.227(A) 209.157.22.103(A) ServerIronADX: slb-2 209.157.22.210: state: CONNECTION ESTABLISHED Current num.
Displaying GSLB information 1 To display information about the GSLB site called “sunnyvale” and the ServerIron ADXs providing SLB within those sites, enter the following command. ServerIronADX(config)# show gslb site sunnyvale ServerIronADX: slb-1 209.157.22.209: state: CONNECTION ESTABLISHED Current num. Session CPU load Preference Location sessions util(%) (%) 500000 50 35 128 N-AM Virtual IPs: 209.157.22.227(A) ServerIronADX: slb-2 209.157.22.210: state: CONNECTION ESTABLISHED Current num.
1 Displaying GSLB information TABLE 10 Global SLB site information (Continued) This field... Displays... Preference The numeric preference value for this site ServerIron ADX. The preference can be used by the GSLB policy to select a site. Refer to “Site ServerIron ADX’s administrative preference” on page 11. This information is configured on the GSLB ServerIron ADX. Location The geographic location of the ServerIron ADX.
Displaying GSLB information 1 The GSLB protocol allows you to query the site ServerIron ADXs for configuration information as well as the session and CPU information used by the GSLB policy. You can view detailed configuration information and statistics for the site ServerIron ADX, from the GSLB management console.
1 Displaying GSLB information Displaying DNS zone and hosts To display information about the DNS zones and host names that you have configured the GSLB ServerIron ADX to globally load balance, use either of the following methods. NOTE There are two examples of this command line output shown below. The output differs depending on the ServerIron ADX device you are using and the software release installed on the ServerIron ADX.
Displaying GSLB information TABLE 11 1 GSLB zone and host application information This field... Displays... ZONE The zone name. The name that appears here is the name you specified when you configured the zone information. NOTE: This field appears only if you do not specify the zone name when you display the information. If you specify the zone name, information for only that zone is displayed. HOST The host name.
1 Displaying GSLB information TABLE 11 GSLB zone and host application information (Continued) This field... Displays... Location The geographic location of the server. The location is based on the IP address and can be one of the following: • ASIA • EUROPE • N-AM: North America • S-AM: South America The GSLB ServerIron ADX can use this information when comparing the servers in order to select the “best” ones for the client.
Displaying GSLB information 1 In this example, ServerIron ADX slb-1 is the active ServerIron ADX for VIPs 209.157.22.100 and 109.157.22.101 and ServerIron ADX slb-2 is the default active ServerIron ADX for VIPs 209.157.22.103 and 209.157.22.104. Although this example has both VIPs for a host active on the same ServerIron ADX, you can just as easily configure the VIPs so that both ServerIron ADXs have active VIPs for the same host. NOTE This example does not show the information for the atlanta site.
1 Displaying GSLB information Displaying metric information You can show the following information: • The metrics that were used to select a given site as the best site. • For each of the GSLB metrics that have been used to select the site, the number of times that metric was the deciding factor in selection of the site. To view metric information, enter the following command. ServerIronADX# show gslb dns detail ZONE: gslb.com HOST: www: * * * * Flashback DNS resp.
Displaying GSLB information 1 Displaying the default GSLB policy To display the default GSLB policy, enter the following command.
1 Displaying GSLB information TABLE 13 GSLB policy information (Continued) This field... Displays... DNS override Indicates whether DNS override is enabled. DNS override replaces the addresses in a DNS reply with the “best” address from a list of addresses you configure. This field can have one of the following values: • DISABLE: The ServerIron ADX does not replace the addresses in DNS replies with an address from a list you configure.
Displaying GSLB information TABLE 13 1 GSLB policy information (Continued) This field... Displays... Flashback appl-level delay tolerance Indicates the percentage of difference that can exist between application level FlashBack response times for two sites, without the ServerIron ADX preferring one site over the other based on this metric.
1 Displaying GSLB information ServerIronADX(config)# show gslb policy Default metric order: DISABLE Metric processing order: 1-Round trip time between remote ServerIronADX and client 2-Remote ServerIronADX's session capacity threshold 3-Remote ServerIronADX's available session capacity 4-Server flashback speed 5-Remote ServerIronADX's preference value 6-Least response selection DNS active-only: DISABLE DNS best-only: DISABLE DNS override: DISABLE Modify DNS response TTL: ENABLE DNS TTL: 10 (s
Displaying GSLB information 1 This example shows the RTT prefix cache entry that contains site IP address 192.1678.2.1. The prefix source line indicates that the prefix cache entry that matches the site address was added statically. Notice that a prefix cache entry can have more than one source. In this case, the prefix was statically configured but a specific entry (listed below under the domain name “www.brocade.
1 Displaying GSLB information Displaying GSLB resources For GSLB parameters, you can display the number of currently configured items and the maximum number of items you can configure on the ServerIron ADX. To display this information, use the following CLI method. To display GSLB resource information, enter the following command at any level of the CLI.
Displaying GSLB information TABLE 15 1 GSLB resources (Continued) This field... Displays... dns IP addrs. The number of IP addresses the GSLB ServerIron ADX has learned from the DNS server, and the maximum number of DNS records the GSLB ServerIron ADX can store in memory. affinities The number of affinity definitions currently configured on the GSLB ServerIron ADX and the maximum number that can be configured.
1 Displaying GSLB information To display dynamic server information, enter the commands shown in the following examples. The portions of the output that are shown in bold type are those of interest. Displaying dynamic real server information To display the real servers that the ServerIron ADX dynamically has created for the site addresses from DNS replies, enter the following information. ServerIronADX(config)# show Real Servers Info Name : 209.157.22.229 IP:209.157.22.
Displaying GSLB information Virtual Servers Info Server Name: 10.10.10.10 IP : 10.10.10.10 : 1 Status: enabled Predictor: round-robin TotConn: 0 Dynamic: Yes HTTP redirect: disabled ACL: id = 0 Sym: group = 1 state = 5 priority = 0 keep = 0 Activates = 1, Inactive= 0 Port State Sticky Concur Proxy CurConn TotConn http enabled NO NO NO 0 0 default enabled NO NO NO 0 0 Server Name: 10.10.10.11 IP : 10.10.10.
1 Displaying GSLB information The show server dynamic sessions command provides a simple way to list the real servers. The output is based on the output for the show server sessions command. However, in the case of dynamically created servers, there are no meaningful session statistics in this display.
Displaying GSLB information 1 ServerIronADX# show gslb cache all affinity prefix length = 24, prefix = 28.1.1.0, region = N-AM prefix source = affinity, affinity = site: local, ServerIronADX: 1.1.1.102 Syntax: show gslb cache all affinity To display the statically generated geographic cache entries on the GSLB ServerIron ADX, enter the following command. ServerIronADX# show gslb cache all geographic static prefix length = 8, prefix = 3.0.0.
1 SNMP traps and syslog messages ServerIronADX# show gslb cache 1.1.0.0 smaller-than 24 prefix length = 20, prefix = 1.1.0.0, region = ASIA prefix source = geographic (user-configured), rtt-update, site = local, ServerIronADX = (1.1.1.102), rtt = 7 (x100 usec) Syntax: show gslb cache smaller-than The example above displays all prefix cache entries for address 1.1.0.0, with a prefix length from 1 to 24.
SNMP traps and syslog messages 1 A given domain name can be associated with multiple health check TCP or UDP ports. In that case, the GSLB ServerIron ADX considers an IP address to be active only if all its associated TCP and UDP ports pass their health checks. State transitions of individual ports are determined as a part of the health check procedure.
1 GSLB error handling for unsupported DNS requests • The final two GSLB messages in this example (the ones nearest the top of the log) indicate that the site ServerIron ADXs responded to the Layer 3 health check (IP ping). Disabling and re-enabling traps All traps, including GSLB traps, are enabled by default.
GSLB error handling for unsupported DNS requests 1 This process works in topologies where the GSLB ServerIron ADX front-ends a DNS server. However, not all GSLB topologies require a DNS server. For example, when the GSLB ServerIron ADX is configured as a DNS cache proxy with DNS override and IP lists.
1 GSLB error handling for unsupported DNS requests Error handling response format The GSLB error handling response format complies with RFC 2308, NODATA type 3 response. By default, the return code (rcode) is noerror. The RFC 2308 format is as follows. NO DATA RESPONSE: TYPE 3 Header: RDCODE=NOERROR Query: ANOTHER.EXAMPLE.A Answer: Authority: Additional: The above is an authoritative answer with rcode=NOERROR, answer=0, and no Start of Authority (SOA) record.
GSLB error handling for unsupported DNS requests 1 refused = query refused servfail = server failure NOTE Do not change the error code unless you are absolutely certain of the effect of the configuration. For example, if you configure nxdomain as the return code, the GSLB ServerIron ADX responds to an unsupported query type with this error code. When the client receives the nxdomain response, the client typically stops attempting to resolve any other record type for that name.
1 192 GSLB error handling for unsupported DNS requests ServerIron ADX Global Server Load Balancing Guide 53-1002437-01
Chapter Global Server Load Balancing for IPv6 2 Global server load balancing for IPv6 overview Global Server Load Balancing (GSLB) enables a ServerIron ADX to add intelligence to authoritative Domain Name System (ADNS) servers by serving as a proxy to these servers and providing optimal IP addresses to the querying clients. As a DNS proxy, the GSLB ServerIron ADX evaluates the IP addresses in the DNS replies from the ADNS and places the “best” host address for the client at the top of the DNS response.
2 Global server load balancing for IPv6 overview GSLB for IPv6 feature support In the initial release of GSLB for IPv6, a subset of modes, GSLB policy metrics, and other features and modules are supported. Modes In the current implementation, GSLB ServerIron ADX performs GSLB for IPv6 domain IP addresses only in the DNS cache proxy with Override mode.
Global server load balancing for IPv6 overview 2 • If the client does not advertise EDNS0 header with a buffer larger than 512 bytes, eight IPv6 addresses per host are supported in the response. • If the client advertises EDNS0 header with a buffer smaller than 512 bytes, forty IPv6 addresses per host are supported in the response. GSLB for IPv6 example Typically, GSLB for IPv6 is used to distribute IPv6 traffic to multiple sites for load balancing, geographic proximity, or redundancy.
2 Basic GSLB for IPv6 configuration The GSLB controller makes decisions based on the GSLB policy. In the example above, both the IPv6 VIPs were healthy, so client was directed to the IPv6 VIP that was geographically closer based on the configured policy. If the VIP at the geographically closer site (the US site) was down, the GSLB controller would direct traffic to the EU site. 1. US IPv6 client (browser) sends a DNS request for the website brocade.com. 2.
Basic GSLB for IPv6 configuration 2 Configuring the GSLB controller The GSLB ServerIron ADX supports global server load balancing in DNS cache proxy with DNS override mode. In this mode, the GSLB controller responds directly to DNS queries with the “best” address, from a configured list of addresses, at the top of the DNS response. When you enable the DNS override feature, you need to configure an IP list for the required domains.
2 Basic GSLB for IPv6 configuration Enabling DNS override DNS override enables you to configure the GSLB ServerIron ADX to "override" the DNS reply for a domain and specify the IP addresses for the domains configured on it. DNS override (when configured in conjunction with DNS cache-proxy) allows the GSLB ServerIron ADX to respond directly to DNS queries using the configured IP lists, without the need for a backend DNS server. To enable DNS override, use the dns override command.
Basic GSLB for IPv6 configuration 2 • FTP: the well-known name for port 21. (Ports 20 and 21 both are FTP ports but on the ServerIron ADX, the name “FTP” corresponds to port 21.
2 Basic GSLB for IPv6 configuration The ip-list variable specifIes the proxy IPv6 address(es). You can specify as many proxy IP addresses as you need. If you specify multiple addresses, separate each address with a space. Here is an example: host-info www ip-list 2001:db8::56 2001:db8::ab 2001:db8::cd Configuring sites The GSLB protocol is disabled by default. You must enable the GSLB protocol on each site ServerIron ADX.
Basic GSLB for IPv6 configuration 2 Site ServerIron ADX configuration Enabling the GSLB protocol The GSLB protocol is disabled by default on site ServerIron ADX switches. You must enable the GSLB protocol on each site ServerIron ADX switch and configure the IP addresses of the site ServerIron ADX switches on the GSLB ServerIron ADX to enable the GSLB ServerIron ADX to establish communication with the site ServerIron ADX switches.
2 Basic GSLB for IPv6 configuration DNS override allows the ServerIron ADX to replace the IP address in the DNS reply with the IP addresses you configure for the DNS cache proxy. These addresses are defined in the IP list. Before specifying the IP list, you must define the hosts and their associated health checks (if applicable). You also must specify the host names and applications that you want to provide global server load balancing for. For example, assume that brocade.
2 Advanced GSLB configuration for IPv6 If you have enabled the GSLB protocol on the site ServerIron ADXs, the GSLB ServerIron ADX begins communicating with the site ServerIron ADXs using the GSLB protocol as soon as you add the site definitions to the GSLB ServerIron ADX. Advanced GSLB configuration for IPv6 Advanced configuration tasks include the configuration of GSLB policies and site persistence for IPv6 addresses.
2 Advanced GSLB configuration for IPv6 TABLE 17 Advanced GSLB for IPv6 configuration tasks Feature See page...
Advanced GSLB configuration for IPv6 TABLE 18 2 GSLB policy metrics (Continued)for IPv6 Metric Default Configuration options Weighted site metric Disabled. When the weighted IP metric is enabled, the weighted site metric is disabled. The weighted site metric is an alternative to the weighted IP metric. They are mutually exclusive. When enabled, the ServerIron ADX distributes SLB traffic among GSLB sites based on weights configured for the sites. You can disable this metric.
2 Advanced GSLB configuration for IPv6 TABLE 18 GSLB policy metrics (Continued)for IPv6 Metric Default Configuration options FlashBack speed Disabled. The default tolerance is 10%. This applies to the TCP health check and application health checks. When comparing sites based on the FlashBack speed, the GSLB ServerIron ADX will prefer one site over the other only if the FlashBack speeds differ by more than the specified tolerance. You also can disable this metric.
Advanced GSLB configuration for IPv6 2 NOTE Brocade recommends that you always use the health check as the first metric. Otherwise, it is possible that the GSLB policy will not select a “best” choice, and thus send the DNS reply unchanged. For example, if the first metric is geographic location, and the DNS reply contains two sites, one in North America and the other in South America, for clients in South America the GSLB policy favors the South American site after the first comparison.
2 Advanced GSLB configuration for IPv6 There are no parameters for the least response selection or round robin selection metrics. These metrics are tie-breakers. Only one of them is enabled at a time and the one that is enabled is always the last metric in the policy. Resetting GSLB policy metrics To reset the order of the GSLB policy metrics to the default (and also re-enable all disabled metrics), enter the following command.
Advanced GSLB configuration for IPv6 2 When you configure a ServerIron ADX for GSLB, it learns a series of IP addresses from its configured DNS real servers. Then it performs Layer 3, Layer 4, and if possible, Layer 7 health checks against those IP addresses. The GSLB ServerIron ADX determines which health checks to use based on the host applications you specify.
2 Advanced GSLB configuration for IPv6 For example, you could add the zone gslb.com, add the host www within the gslb.com zone, and assign a weight of 50 to the IP address 2001:DB8::56 by entering commands such as the following: SLB-ServerIronADX(config-gslb-policy)# weighted-ip SLB-ServerIronADX(config-gslb-policy)# gslb dns zone gslb.com SLB-ServerIronADX(config-gslb-dns-gslb.com)# host www http SLB-ServerIronADX(config-gslb-dns-gslb.
Advanced GSLB configuration for IPv6 2 The command results in an “IP-address not found for host-name” error if the IPv6 address specified for the ip-weight parameter was not used as an argument when you defined the IP list. For information about specifying IP lists, see “Specifying DNS override IP lists” on page 199. NOTE If no IP list is defined for the host, the IP weight for the host IPs are removed from the GSLB DNS zone configuration whenever the GSLB ServerIron ADX reloads.
2 Advanced GSLB configuration for IPv6 TABLE 20 Example weighted site metric configuration IP address Configured weighted site metric Relative weighted site metric San Jose 15 33% (15/45 * 100) New York 20 44% (20/45 * 100) London 10 22% (10/45 * 100) Total 45 100% By default, the weighted site metric is disabled. When enabled, it is placed second in the GSLB algorithm, after the server (host) health metric.
Advanced GSLB configuration for IPv6 2 ftp.gslb.com VIP 2001:DB8::2 belongs to New York with a weight of 30 VIP 2001:DB8::3 belongs to London with a weight of 20 Suppose that ten DNS requests are made to www.gslb.com. By viewing the selection counters (using the show gslb dns zone command), you would see that San Jose is selected five times (50%), New York is selected three times (30%), and London is selected two times (20%). Now suppose that five DNS requests are made to ftp.gslb.com.
2 Advanced GSLB configuration for IPv6 The default value for the threshold is 90%. Thus a site ServerIron ADX is eligible to be the best site only if its session utilization is below 90%. Refer to “Displaying DNS zone and hosts” on page 237 for commands to display a site’s utilization and the capacity threshold. Active bindings metric You can configure the ServerIron ADX to prefer an IP address with the highest number of active bindings.
Advanced GSLB configuration for IPv6 2 Use the show gslb dns detail command to view the active bindings for each IP address. Refer to “Displaying DNS zone and hosts” on page 237 for sample output. Configuring weighted active bindings Weighted active bindings allows you to configure the GSLB ServerIron ADX to direct requests to domain VIPs in proportion to their active bindings.
2 Advanced GSLB configuration for IPv6 ServerIronADX# configure terminal ServerIronADX(config)# gslb dns zone company.com ServerIronADX(config-gslb-dns-company.com)# host-info www http ServerIronADX(config-gslb-dns-company.com)# host-info www ssl ServerIronADX(config-gslb-dns-company.com)# host-info www http track-port ServerIronADX(config-gslb-dns-company.
Advanced GSLB configuration for IPv6 2 Configuring a geographic prefix Using the geo-prefix command, you can configure the geographic location of an IP address prefix, or override an existing geographic region for an IP address prefix by configuring a new one.
2 Advanced GSLB configuration for IPv6 If GSLB default location is not specified and if the requesting client prefix is from an unknown geography, then the GSLB controller assigns "north-america" as its geography. However, if the default location is specified, the GSLB controller assigns the configured geography to unknown client prefixes. NOTE This command requires a reload to take effect; therefore, always issue the write memory command after configuring the command.
Advanced GSLB configuration for IPv6 2 • Session capacity threshold: Specifies how close to the maximum session capacity the site ServerIron ADX (remote ServerIron ADX) can be and still be eligible as the best site for the client. This mechanism provides a way to shift load away from a site before the site becomes congested. The default value for the threshold is 90%. Thus a site ServerIron ADX is eligible to be the best site only if its session utilization is below 90%.
2 Advanced GSLB configuration for IPv6 You can modify the following FlashBack parameters: • Application tolerance • TCP tolerance The GSLB ServerIron ADX uses a tolerance value when comparing the FlashBack speeds of different sites. The tolerance value specifies the percentage by which the FlashBack speeds of the two sites must differ in order for the ServerIron ADX to choose one over the other. The default FlashBack tolerance is 10%.
Advanced GSLB configuration for IPv6 2 • You can bias a GSLB ServerIron ADX that is also configured as a site ServerIron ADX (for locally configured VIPs) to always favor itself as the best site. In this case, assign an administrative preference of 255 to the site for the GSLB ServerIron ADX itself, and assign a lower administrative distance to the other site ServerIron ADXs, or use the default (128) for those sites.
2 Advanced GSLB configuration for IPv6 Use the round robin selection metric instead of the least response selection metric when you want to prevent the GSLB ServerIron ADX from favoring new or recently recovered sites over previously configured active sites. The least response selection metric can cause the GSLB ServerIron ADX to select a new site or a previously unavailable site that has come up again instead of previously configured sites for a given VIP.
Advanced GSLB configuration for IPv6 2 NOTE Hash-based persistence is a better choice for GSLB configurations that utilize two GSLB controllers (that are not in an HA configuration) for the same domain and where site persistence is needed for a single client that is directed to two GSLB controllers.
2 Advanced GSLB configuration for IPv6 No special CLI commands need to be issued on the site ServerIron ADX. Specifying sticky session prefix lengths To create sticky for a specific group (subnet) of clients, configure a different prefix length for that group. Once configured, the GSLB controller will ensure that DNS clients within the same subnet will be served the same IP address in the GSLB response so long as the IP address belongs to the domain and is active.
Advanced GSLB configuration for IPv6 2 High availability considerations for IPv6 sticky persistence Sticky GSLB enables the GSLB controller to return the same IP address if a client sends multiple DNS requests within a configurable period of time. Controllers, when configured in HA scenarios, will need to sync their sticky sessions in order to maintain persistence across the controllers. This is similar to the IPV4 sticky persistence behavior.
2 Advanced GSLB configuration for IPv6 To create site persistence for a specific group (subnet) of clients, configure a different hash-based persistence prefix length for that group. Once configured, the GSLB controller will ensure that DNS clients within the same subnet will be served the same IP address in the GSLB response so long as the IP address belongs to the domain and is active.
Advanced GSLB configuration for IPv6 ServerIronADX(config)# gslb policy ServerIronADX(config-gslb-policy)# hash-persist 2 weighted To enable weighted hash-based GSLB persistence for a host-level policy, enter commands on the GSLB controller, such as the following: ServerIronADX# config t ServerIronADX(config)# gslb-host-policy test ServerIronADX(config-gslb-host-policy-test)# hash-persist weighted Syntax: [no] hash-persist [weighted] NOTE Note that weighted is an optional parameter.
2 Advanced GSLB configuration for IPv6 • is a value from 0 to 100. The default value is 1. A weight of 0 implies that the client IP will not be allocated any hash buckets. A weight of 0 can be used to designate a domain IP as backup. NOTE The aggregate of the hash weights for all the IPs for a domain does not have to add up to 100. When user configures a hash weight of zero for a domain IP, no hash buckets are allocated to this domain IP.
Advanced GSLB configuration for IPv6 2 If user configures this command, he or she will have to manually rehash at a later convenient time. This command can be used when user does not want to break the persistence for the existing IP addresses due to a change in weight configuration. User will disable rehashing on weight configuration change to preserve persistence and instead will rehash manually at a later convenient time, such as during a maintenance window for the GSLB controller.
2 Advanced GSLB configuration for IPv6 A site must pass all applicable Layer 4 and Layer 7 health checks to avoid being removed. NOTE If all the sites fail their health checks, resulting in all the sites being rejected by the GSLB ServerIron ADX, the ServerIron ADX sends the DNS reply unchanged to the client. The GSLB default behavior is as follows: • In DNS proxy, the entire list of IP addresses is sent back to the client with the best IP address selected by the GSLB controller at the top of the list.
2 Displaying GSLB for IPv6 configurations • If the host has an IPv6 IP list configured, the ServerIron ADX applies GSLB policy to the addresses on the list and responds with AAAA records. • If the host has an IPv4 IP list configured, the ServerIron ADX applies GSLB policy to the addresses on the list and responds with A records. • If the host has both IPv6 and IPv4 IP lists configured, the ServerIron ADX applies GSLB policy to the addresses on both the lists and responds with both AAAA and A records.
2 Displaying GSLB for IPv6 configurations Direct response Query type A = = 0 Query type ANY 56 Query type AAAA = = 87 0 The command returns information about the number of requests for three query types: queries for IPv4 addresses (A records), queries for IPv6 addresses (AAAA records), and ANY queries. The Direct Response field shows the total number of DNS queries that the GSLB ServerIron ADX has responded to directly.
Displaying GSLB for IPv6 configurations TABLE 22 2 GSLB policy information (Continued) This field... Displays... DNS active-only Indicates whether the GSLB ServerIron ADX removes IP addresses from the DNS response if those addresses fail a health check. This field can have one of the following values: • DISABLE: The ServerIron ADX does not remove the IP addresses from the DNS response. • ENABLE: The ServerIron ADX removes IP addresses that fail a health check from the DNS response.
2 Displaying GSLB for IPv6 configurations TABLE 22 GSLB policy information (Continued) This field... Displays... Round trip time tolerance Specifies the percentage by which the RTT for one site can differ from the RTT for another site without this metric resulting in selection of one site over the other.
Displaying GSLB for IPv6 configurations 2 In the following example, the order has been changed, two of the metrics have been disabled, and the administrative preference has been enabled.
2 Displaying GSLB for IPv6 configurations To view the results of traffic distribution after configuring weighted site metrics, enter the following command: ServerIronADX(config)# show gslb traffic site SITE: local Weight: 50 * a.b.c DNS Requests: 36 ServerIronADX VIP Selection (%) == === ============= 2001:db8::1 2001:db8::181 9 (25 %) 2001:db8::1 2001:db8::180 9 (25 %) Site Selection for Domain: 18 (50 %) * b.b.
Displaying GSLB for IPv6 configurations 2 • Local (weight: 50; ServerIron ADX: 2001:db8::1; VIPs: 2001:db8::180 (HTTP), 2001:db8::181 (HTTP), 2001:db8::121 (FTP) • TWO (weight: 50; ServerIron ADX: 2001:db8::2; VIPs: 2001:db8::182 (HTTP), 2001:db8::122 (FTP)) • THREE (weight: 0; ServerIron ADX: 2001:db8::3; VIPs: 2001:db8::183 (HTTP), 2001:db8::123 (FTP)) The IP resolution for the domain names is as follows: • a.b.c.: 2001:db8::180; 2001:db8::181; 2001:db8::182 • b.b.c.: 2001:db8::121; 2001:db8::1.
2 Displaying GSLB for IPv6 configurations Output differs depending on the ServerIron ADX device used and the software release installed on the ServerIron ADX. TABLE 23 GSLB zone and host application information This field... Displays... ZONE The zone name. The name that appears here is the name you specified when you configured the zone information. NOTE: This field appears only if you do not specify the zone name when you display the information.
Displaying GSLB for IPv6 configurations TABLE 23 2 GSLB zone and host application information (Continued) This field... Displays... State The state of the server. The ServerIron ADX determines the state based on the results of the Layer 7 health checks sent to the server. The ServerIron ADX sends Layer 7 health checks for each host application you associate with the zone.
2 Displaying GSLB for IPv6 configurations The command can be used with or without the variable, which specifies a single zone. If this variable is omitted, all zones are displayed. ServerIronADX(config)# show gslb dns zone brocade.com ZONE: brocade.com HOST: www: (Global GSLB policy) GSLB affinity group: global * * * * 2001:db8::abc: 2001:db8::def: 2001:db8::1: 2001:db8::5: cfg cfg cfg cfg v-ip v-ip v-ip real-ip ACTIVE ACTIVE ACTIVE DOWN N-AM. N-AM. N-AM. N-AM.
Displaying GSLB for IPv6 configurations 2 Syntax: clear gslb dns zone-name [] Replace with the zone for which you want to clear the DNS selection counters. To clear the counters globally (for all zones), do not enter a . Displaying detailed DNS information Use the show gslb dns detail command to view detailed information about the DNS zones and host names on GSLB controllers.
2 Displaying GSLB for IPv6 configurations TABLE 24 Global SLB zone and host application information This field... Displays... Active bindings Active bindings are a measure of the number of active real servers bound to a Virtual IP address (VIP) residing on a GSLB site. The GSLB ServerIron ADX uses the active bindings metric to select the best IP address for the client.
Displaying GSLB for IPv6 configurations 2 To display information for all configured sites, enter the following command at any level of the CLI: ServerIronADX(config)# show gslb site SITE: sunnyvale ServerIronADX: slb-1 209.157.22.209: state: CONNECTION ESTABLISHED Current num. Session CPU load Preference Location sessions util(%) (%) 500000 50 35 128 N-AM Virtual IPs: 209.157.22.227(A) 209.157.22.103(A) ServerIronADX: slb-2 209.157.22.210: state: CONNECTION ESTABLISHED Current num.
2 Displaying GSLB for IPv6 configurations TABLE 25 Global SLB site information This field... Displays... ServerIron ADX name and IP address For each ServerIron ADX, the first item of information listed is the name and management IP address. This is the information you specified when you added the ServerIron ADX to the site. SITE Indicates the site name of the ServerIron ADX. NOTE: This field appears only when you enter the show gslb site command without specifying a site name.
Displaying GSLB for IPv6 configurations TABLE 25 2 Global SLB site information (Continued) This field... Displays... Location The geographic location of the ServerIron ADX. The location is based on the ServerIron ADX’s management IP address and can be one of the following: • ASIA • EUROPE • N-AM: North America • S-AM: South America • AFRICA NOTE: If you explicitly identified the geographic location, the value you specified appears instead of a value based on the IP address.
2 Troubleshooting GSLB for IPv6 configurations bucket 2: ipv6 2001:db8::150, hit count 0 bucket 3: ipv6 2001:db8::150, hit count 0 Syntax: show gslb ipv6 phash (active-ip | allocation | table) The optional active-ip | allocation | table parameter specifies the information that you want to see. • The table operand displays the persistent GSLB hash table. • The active-ip operand shows the current active IP address. • The allocation operand shows the hash bucket for the client IP.
Troubleshooting GSLB for IPv6 configurations 2 ********************************************* PAX Mem dynamic real virtual debug information: *********************************************** Num MP dyn VIP pax mem alloc: 255466 Num MP dyn VIP pax mem alloc del err: 0 Num MP dyn VIP pax mem delete: 255462 Num MP dyn VIP port pax mem alloc: 255466 Num MP dyn VIP port pax mem delete: 255462 Num MP dyn real svr pax mem alloc: 305324 Num MP dyn real svr pax mem alloc del error: 0 Num MP dyn real svr pax mem dele
2 Troubleshooting GSLB for IPv6 configurations ********************************************* GSLB backend DNS debug information: *********************************************** g_gslb_dnssec_backend_not_found : g_gslb_dns_backend_not_found : 0 42409 ********************************************* GSLB Agent health check debug information: *********************************************** Number of hcheck msgs sent to local controller: 51088 Number of dist hcheck msgs sent to remote controllers: 156630 Numbe
Troubleshooting GSLB for IPv6 configurations 2 1/1 #sh debug trace summary Count of log entries in the buffer: 2 1/1 #show debug trace DECIMAL 50 entries will be displayed from this starting index config Show the configured debug-trace settings summary Show the captured log entry count 1/1 #sh debug trace 50 Displaying 2 entries ... GSLB Selection: Domain: ssl.brocadenet.com Client:5:1:1::100 16.8 Metric:least-response Selected IP 16.16. GSLB Selection: Domain: ssl.brocadenet.
2 250 Troubleshooting GSLB for IPv6 configurations ServerIron ADX Global Server Load Balancing Guide 53-1002437-01
Appendix A Reference Materials RFC IPv4 IPv4 RFC 791 IPv6 IPv6 RFC 2460 DNS The GSLB ServerIron uses the Internet Assigned Numbers Authority’s (IANA’s) IP address prefixes (IPv4 or IPv6) to generate an initial static database of geographic prefixes. This database consists of IP address prefixes (IP address/prefix length) and their corresponding geographic locations (such as, the continent for each IP address prefix).
A DNS TABLE 27 252 IPv4 address assignment Address Designation 145.248.0.0/14 EUROPE 145.252.0.0/15 EUROPE 145.254.0.0/16 EUROPE 149.202.0.0/15 EUROPE 149.204.0.0/16 EUROPE 149.206.0.0/15 EUROPE 149.208.0.0/12 EUROPE 149.224.0.0/12 EUROPE 149.240.0.0/13 EUROPE 149.248.0.0/14 EUROPE 15.0.0.0/8 NORTH AMERICA 150.254.0.0/16 EUROPE 151.13.0.0/16 EUROPE 151.14.0.0/15 EUROPE 151.16.0.0/12 EUROPE 151.3.0.0/16 EUROPE 151.32.0.0/11 EUROPE 151.4.0.0/15 EUROPE 151.64.0.
DNS TABLE 27 A IPv4 address assignment Address Designation 17.0.0.0/8 NORTH AMERICA 171.16.0.0/12 EUROPE 171.32.0.0/15 EUROPE 18.0.0.0/8 NORTH AMERICA 19.0.0.0/8 NORTH AMERICA 192.106.196.0/23 EUROPE 192.162.0.0/16 EUROPE 192.164.0.0/14 EUROPE 192.71.0.0/16 EUROPE 193.0.0.0/8 EUROPE 194.0.0.0/8 EUROPE 195.0.0.0/8 EUROPE 196.0.0.0/8 NORTH AMERICA 198.0.0.0/7 NORTH AMERICA 198.17.117.0/24 EUROPE 199.0.0.0/8 NORTH AMERICA 20.0.0.0/8 NORTH AMERICA 200.0.0.
A DNS TABLE 27 IPv4 address assignment Address Designation 29.0.0.0/8 NORTH AMERICA 3.0.0.0/8 NORTH AMERICA 30.0.0.0/8 NORTH AMERICA 33.0.0.0/8 NORTH AMERICA 35.0.0.0/8 NORTH AMERICA 38.0.0.0/8 NORTH AMERICA 4.0.0.0/8 NORTH AMERICA 44.0.0.0/8 NORTH AMERICA 45.0.0.0/8 NORTH AMERICA 46.0.0.0/8 NORTH AMERICA 47.0.0.0/8 NORTH AMERICA 48.0.0.0/8 NORTH AMERICA 55.0.0.0/8 NORTH AMERICA 56.0.0.0/8 NORTH AMERICA 6.0.0.0/8 NORTH AMERICA 61.0.0.0/8 ASIA 62.0.0.0/8 ASIA 63.0.0.
DNS TABLE 28 A IANA IPv6 address assignment (Continued) Address Designation 2001:0A00::/23 RIPE NCC 2001:0C00::/23 APNIC 2001:0E00::/23 APNIC 2001:1200::/23 LACNIC 2001:1400::/23 RIPE NCC 2001:1600::/23 RIPE NCC 2001:1800::/23 ARIN 2001:1A00::/23 RIPE NCC 2001:1C00::/23 RIPE NCC 2001:2000::/23 RIPE NCC 2001:3000::/23 RIPE NCC 2001:3800::/23 RIPE NCC 2001:4000::/23 RIPE NCC 2001:4200::/23 AfriNIC 2001:4400::/23 APNIC 2001:4600::/23 RIPE NCC 2001:4800::/23 ARIN 2001:4A0
