Configuring Global Server Load Balancing (GSLB)

A knowledge base article about Configuring Global Server Load Balancing (GSLB) provided by the UC Berkeley IT Service Hub - Knowledge Portal

This guide assumes that the administrator already has two or more load balancer sites online and accessible from the network. For more information on the requirements of GSLB please see the Global Load Balancer Service article.

This guide has been created to help kickstart the creation of a GSLB configuration. Neither bIT nor the network operations group provide support for SLB/GSLB configurations or assistance in their creation.

NOTE: These instructions assume a command line configuration, if you will be doing the work through the web interface documentation is available under the help system.

These instructions demonstrate how to balance traffic between two different web servers.

Configuring GSLB service follows three main steps, each with its own instructions:

Activate GSLB on master site/partition
Activate GSLB on member sites/partitions
Configuration of GSLB service on primary site/partition

What is needed before you begin:

A load balancer instance at two or more sites (see article on server load balancer service)
The names and addresses of two servers proving web service to be balanced (these do not have to be on networks connected to the load balancers)
One IP address from each load balancer instance to provide global load balancer service
A subdomain (something.berkeley.edu) to be dedicated for GSLB use
A zone to be dedicated for GSLB use

Step 1 - Prepare Master GSLB site/partition

Choose one SLB site as the master and connect to it with SSH and change to your partition
- active-partition {partition name}
Enter configuration mode
- configure terminal
Create the VIP to provide DNS server at this site (if the DNS server has IPv4 and IPv6 addresses you need to create separate entries. The names must be unique so adding a _v4 or _v6 to the end allows you to keep the names similar.)
- slb virtual-server {address name} {address}
  port 53 dns-tcp
  gslb-enable
  use-rcv-hop-for-resp
  port 53 dnx-udp
  gslb-enable
  use-rcv-hop-for-resp
Create the primary GSLB group
- gslb group {groupname}
  priority 200
  enable
If you want the ability to configure GSLB from any member in addition to the master add the following line to the group configuration
- config-anywhere
Exit the configuration and save what you have created so far
- end
- write memory
Keep this window open

Step 2 - Prepare Member GSLB sites/partitions

For each of the member sites follow this process:

Connect to the site with SSH and change to your partition
- active-partition {partition name}
Enter configuration mode
- configure terminal
Create the unique VIP to provide DNS server at this site (if your DNS server has IPv4 and IPv6 addresses create one entry for each)
- slb virtual-server {address name} {address}
  port 53 dns-tcp
  gslb-enable
  use-rcv-hop-for-resp
  port 53 dnx-udp
  gslb-enable
  use-rcv-hop-for-resp
Create the primary GSLB group
- gslb group {groupname}
  priority 150
  primary {VRRP address of master site}
  enable
Exit the configuration and save what you have created so far
- end
- write memory
In a few minutes hit enter and the prompt should show Member at the end to signify that it is connected to the master
Keep this window open

Step 3 - Configure GSLP from the Master

In the window with you master member hit enter and the prompt should change to have Master at the end, this signifies that at least one member is connected and it is recognized as the primary site.
Enter configuration mode again
- configure terminal
Create entries for the hosts you want to load balance between, if a host has IPv4 and IPv6 addresses you need to create separate entries. The names must be unique so adding a _v4 or _v6 to the end allows you to keep the names similar.
- gslb service-ip {first server name} {server address}
  port 443 tcp
  gslb service-ip {second server name} {server address}
  port 443 tcp
Create a policy defining how GSLB server will be provided
- gslb policy {groupname}
  no geographic
  dns backup-server
  dns selected-only 1
  dns logging both
  dns server ns authoritive
Create the DNS zone for service
- gslb zone {zone}.berkeley.edu
  policy {groupname}
  dns-soa-record {DNS VIP name from master} {youremail}.berkeley.edu expire 1209600 refresh 3600 retry 900 serial 2020111801 ttl 14400
  dns-ns-record {gslb name 1}
  dns-ns-record {gslb name 2}
  service 443 {shared DNS short name}
  dns-a-record {service-ip 1} ttl 300 static
  dns-a-record {service-ip 2} ttl 300 static
Exit from end configuration session and save your work
- end
- write memory
On the member SLB sites verify the GSLB configuration has replicated correctly
- show run gslb
Save configuration at each of the member sites
- write memory
Try performing a dns lookup against one of the DNS VIP you created for the record that is being balanced, you should get a single IP back. If you query multiple times you should receive the two addresses one after another
You are done

Example Configuration from Master Site:

slb virtual-server gslb1 192.169.10.10 
  port 53 dns-tcp 
    gslb-enable 
    use-rcv-hop-for-resp 
  port 53 dns-udp 
    gslb-enable 
    use-rcv-hop-for-resp
!
gslb service-ip east-server 10.20.0.5
  port 443 tcp 
!
gslb service-ip west-server 10.30.0.5 
  port 443 tcp 
!
gslb group gslbzone 
  config-anywhere 
  enable 
  priority 200 
!
gslb policy gslbzone 
  no geographic 
  dns backup-server 
  dns selected-only 1 
  dns logging both 
  dns server ns authoritative 
!
gslb zone gslbzone.net.berkeley.edu 
  policy gslbzone 
  dns-soa-record gslb1.gslbzone.berkeley.edu joejames.berkeley.edu expire 1209600 refresh 3600 retry 900 serial 2020111801 ttl 14400 
  dns-ns-record gslb1.gslbzone.berkeley.edu 
  dns-ns-record gslb2.gslbzone.berkeley.edu 
  service 443 * 
    dns-a-record east-server ttl 300 static 
    dns-a-record west-server ttl 300 static