Application of the A10 Server Load balancer device gslb (Inbound Link load balancing) in the Intranet

Not long ago I was in charge of a well-known national manufacturing group's load balancing project. I was deeply touched by the project's application of gslb in a specific environment and learned a lot of related Load Balancing knowledge. Today, let's calm down and think about how to learn a lot through the project. during the project implementation process, we have encountered quite a number of problems. Now, we have written the overall project situation and implementation steps and methods below and met related projects. this can be used as a reference.

The A10 is deployed in the Intranet. the device is deployed by bypass and connected to the core switch in the Intranet. The core switch is connected to the firewall. The firewall is connected to links of multiple operators, and all data entering and exiting the public network passes through the firewall.

There are multiple application services in the Intranet, and three links on the Internet correspond to three different carriers respectively. The Internet users are required to intelligently select link access based on the operator, and the telecom users choose to access the telecom link, china Unicom selects China Unicom link access.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4C/FE/wKioL1RIzbnC66VLAADWpGRJINA567.jpg "Title =" dual fetal .jpg "alt =" wkiol1rizbnc66vlaadwpgrjina567.jpg "/>

① Customer DNS request; for example, nc.sbtjt.com to the local carrier's DNS
② Local carrier DNS recursively queries the A10 gslb Device
③ The A10 gslb selects the most suitable user site as the DNS resolution result based on the user's link and site conditions.
④ The DNS resolution result is returned to the user through the local DNS
⑤ The user accesses the best link site

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4C/FD/wKiom1RIymewu3wRAAM5ttCJj0A961.jpg "Title =" qq 51123172819.jpg "alt =" wkiom1riymewu3wraam5ttcjj0a961.jpg "/>

A10 gslb configuration procedure

1. DNS VIP

2. Optional geo-location

4. Service-IP

5. Site

6. Zone

7. Enable the gslb Service

Gslb basic configuration-> 1.dns VIP

SLB virtual-server dns_yidong 192.168.10.13

Extended-Stats

Port 53 UDP

Gslb-enable

Use-RCV-hop-for-Resp

!

SLB virtual-server DNS-dianxin 192.168.10.16

Extended-Stats

Port 53 UDP

Gslb-enable

Use-RCV-hop-for-Resp

!

SLB virtual-server dns_liw.g 192.168.10.18

Extended-Stats

Port 53 UDP

Gslb-enable

Use-RCV-hop-for-Resp

In a multi-link environment, enable the source/output function in port53 UDP.

Use-RCV-hop-for-resplserver mode vs. proxymode

Load service-group in port 53 UDP is the proxy mode, while load service-group in port 53 UDP is the server mode.

Gslb basic configuration-> 2. Geo-location

Import geo-location chinagslb TFTP: // 120.195.105.34/china-gslb.csv

Gslb template csvchina

Field 1 IP-from

Field 2 IP-to-Mask

Field 3 Country

!

!

No gslbgeo-location load IANA

Gslb geo-location load china-gslb.csv China

!

!

1. Define the geo-location file

2. Import the pre-defined geo-location file

Gslb basic configuration-> 3. gslb Policy

Gslb policy default

DNS active-only

DNS selected-only 1

DNS server authoritative

Metric-orderhealth-check geographic admin-IP active-RDT weighted-IP weighted-site capacity active-servers connection-loadnum-session admin-preference BW-cost least-Response

Least-Response

Admin-IP

Gslb basic configuration-> 4. Service-IP

Gslb service-IP yidong-nei192.168.10.13

External-IP 120.203.220.205

Health-check gslb-yidong

Port 8080 TCP

Nohealth-Check

!

1. The service-IP name is best associated with the site/link to which the IP belongs.

2. if the service IP address needs to be Nat to a public IP address through the firewall, You need to configure its public IP address in the external IP address column in the service IP configuration.

3. By default, ax/thunder performs health checks on the service IP address and the configured ports.

Gslb basic configuration-> 5. Site

Gslb site dianxin

Geo-location CTC

Geo-location other

Geo-location CERNET

Geo-location CRTC

SLB-dev linkdianxin 192.168.10.211

VIP-server dianxin-nei

!

Gslb site liw.g

Geo-location Unicom

Geo-location CNC

Geo-location CUC

SLB-dev linkliantong 192.168.10.211

VIP-server liw.g-nei

!

Gslb site yidong

Geo-location CMCC

SLB-dev linkyidong 192.168.10.211

VIP-server yidong-nei

A site is required for each data center. For a data center with multiple link exits, a site is required for each egress.

There are two ways to associate service IP addresses.

1. Configure SLB-device to associate the service IP address with it.

2. configure it directly under IP server

Gslb basic configuration-> 6. Zone

Gslb zone gslbweb.sbtjt.com

Service HTTP web

DNS-a-record dianxin-nei static

DNS-a-record liw.g-nei static

DNS-a-record yidong-nei static

Admin-IP dianxin-nei liw.g-nei yidong-nei

Service HTTP OA

DNS-a-record dianxin-nei static

DNS-a-record liw.g-nei static

DNS-a-record yidong-nei static

Admin-IP dianxin-nei liw.g-nei yidong-nei

1. The domain name for configuration authorization must be consistent with the authorization domain name.

2. Configure DNS resolution records for each host in the authorization domain

Gslb basic configuration-> 7. gslb enable

!

!

Gslb protocol enabledevice

Gslb protocol enablecontroller

Enable gslb globally

About host-Switching

SLB template HTTP host

Host-switchingcontains nc.sbtjt.com service-group NCT

Host-switchingcontains oa.sbtjt.com service-group OA

Host-switchingcontains web.sbtjt.com service-Group web

SLB virtual-server yidong_vip1 192.168.10.13

Extended-Stats

Port 8080 HTTP

Source-Nat pool gslb-SNAT

Use-RCV-hop-for-Resp

Template HTTP host

1. Host-switching is used for an IP address and port to provide multiple domain name applications at the same time. When a customer accesses this address and port, the host information in the HTTP header is used to distinguish different services.

2. Apply the template to the VIP that provides the service.

The A10 device performs DNS server on the Intranet

SLB server 114.114.114.114 114.114.114.114
Port 53 UDP
!
SLB service-group DNS UDP
Member 114.114.114.114: 53

SLB virtual-server gslb 192.168.10.100
Extended-Stats
Port 53 UDP
Gslb-enable
Source-natpool SNAT
Service-group DNS
Use-RCV-hop-for-Resp

The above command is to use the A10 device as the internal DNS server host first query the DNS resolution result of the A10 device. If there is no relevant resolution record on a10, the request is forwarded to the Public DNS server.

Verification operation

Check whether the analysis is correct on the Web Kaka page

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4C/FF/wKioL1RI0pDidPR6AAGCGObRT8A690.jpg "Title =" qq 51123180058.jpg "alt =" wkiol1ri0pdidpr6aagcgobrt8a690.jpg "/>

Dig Tool

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4C/FE/wKiom1RI0mziB6UVAAGMsJRqr_A894.jpg "Title =" qq 23180108.jpg "alt =" wkiom1ri0mzib6uvaagmsjrqr_a894.jpg "/>

NSLookup targeted DNS server testing domain name resolution

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/4C/FF/wKioL1RI0tiSdrcaAAC_1DI-Fls253.jpg "Title =" qq 23180121.jpg "alt =" wKioL1RI0tiSdrcaAAC_1DI-Fls253.jpg "/>

Httpwatch view the resolution time and return status of the entire page

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/4C/FE/wKiom1RI0vTT07akAAHofS9vHy8896.jpg "Title =" qq 23180128.jpg "alt =" wkiom1ri0vtt07akaahofs9vhy8896.jpg "/>

This article from the "high magic feet" blog, please be sure to keep this source http://xiajiachen.blog.51cto.com/2934599/1567375

Application of the A10 Server Load balancer device gslb (Inbound Link load balancing) in the Intranet