Not long ago I was in charge of a well-known national manufacturing group's load balancing project. I was deeply touched by the project's application of gslb in a specific environment and learned a lot of related Load Balancing knowledge. Today, let's calm down and think about how to learn a lot through the project. during the project implementation process, we have encountered quite a number of problems. Now, we have written the overall project situation and implementation steps and methods below and met related projects. this can be used as a reference.
The A10 is deployed in the Intranet. the device is deployed by bypass and connected to the core switch in the Intranet. The core switch is connected to the firewall. The firewall is connected to links of multiple operators, and all data entering and exiting the public network passes through the firewall.
There are multiple application services in the Intranet, and three links on the Internet correspond to three different carriers respectively. The Internet users are required to intelligently select link access based on the operator, and the telecom users choose to access the telecom link, china Unicom selects China Unicom link access.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4C/FE/wKioL1RIzbnC66VLAADWpGRJINA567.jpg "Title =" dual fetal .jpg "alt =" wkiol1rizbnc66vlaadwpgrjina567.jpg "/>
① Customer DNS request; for example, nc.sbtjt.com to the local carrier's DNS
② Local carrier DNS recursively queries the A10 gslb Device
③ The A10 gslb selects the most suitable user site as the DNS resolution result based on the user's link and site conditions.
④ The DNS resolution result is returned to the user through the local DNS
⑤ The user accesses the best link site
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4C/FD/wKiom1RIymewu3wRAAM5ttCJj0A961.jpg "Title =" qq 51123172819.jpg "alt =" wkiom1riymewu3wraam5ttcjj0a961.jpg "/>
A10 gslb configuration procedure
1. DNS VIP
2. Optional geo-location
4. Service-IP
5. Site
6. Zone
7. Enable the gslb Service
Gslb basic configuration-> 1.dns VIP
SLB virtual-server dns_yidong 192.168.10.13
Extended-Stats
Port 53 UDP
Gslb-enable
Use-RCV-hop-for-Resp
!
SLB virtual-server DNS-dianxin 192.168.10.16
Extended-Stats
Port 53 UDP
Gslb-enable
Use-RCV-hop-for-Resp
!
SLB virtual-server dns_liw.g 192.168.10.18
Extended-Stats
Port 53 UDP
Gslb-enable
Use-RCV-hop-for-Resp
In a multi-link environment, enable the source/output function in port53 UDP.
Use-RCV-hop-for-resplserver mode vs. proxymode
Load service-group in port 53 UDP is the proxy mode, while load service-group in port 53 UDP is the server mode.
Gslb basic configuration-> 2. Geo-location
Import geo-location chinagslb TFTP: // 120.195.105.34/china-gslb.csv
Gslb template csvchina
Field 1 IP-from
Field 2 IP-to-Mask
Field 3 Country
!
!
No gslbgeo-location load IANA
Gslb geo-location load china-gslb.csv China
!
!
1. Define the geo-location file
2. Import the pre-defined geo-location file
Gslb basic configuration-> 3. gslb Policy
Gslb policy default
DNS active-only
DNS selected-only 1
DNS server authoritative
Metric-orderhealth-check geographic admin-IP active-RDT weighted-IP weighted-site capacity active-servers connection-loadnum-session admin-preference BW-cost least-Response
Least-Response
Admin-IP
Gslb basic configuration-> 4. Service-IP
Gslb service-IP yidong-nei192.168.10.13
External-IP 120.203.220.205
Health-check gslb-yidong
Port 8080 TCP
Nohealth-Check
!
1. The service-IP name is best associated with the site/link to which the IP belongs.
2. if the service IP address needs to be Nat to a public IP address through the firewall, You need to configure its public IP address in the external IP address column in the service IP configuration.
3. By default, ax/thunder performs health checks on the service IP address and the configured ports.
Gslb basic configuration-> 5. Site
Gslb site dianxin
Geo-location CTC
Geo-location other
Geo-location CERNET
Geo-location CRTC
SLB-dev linkdianxin 192.168.10.211
VIP-server dianxin-nei
!
Gslb site liw.g
Geo-location Unicom
Geo-location CNC
Geo-location CUC
SLB-dev linkliantong 192.168.10.211
VIP-server liw.g-nei
!
Gslb site yidong
Geo-location CMCC
SLB-dev linkyidong 192.168.10.211
VIP-server yidong-nei
A site is required for each data center. For a data center with multiple link exits, a site is required for each egress.
There are two ways to associate service IP addresses.
1. Configure SLB-device to associate the service IP address with it.
2. configure it directly under IP server
Gslb basic configuration-> 6. Zone
Gslb zone gslbweb.sbtjt.com
Service HTTP web
DNS-a-record dianxin-nei static
DNS-a-record liw.g-nei static
DNS-a-record yidong-nei static
Admin-IP dianxin-nei liw.g-nei yidong-nei
Service HTTP OA
DNS-a-record dianxin-nei static
DNS-a-record liw.g-nei static
DNS-a-record yidong-nei static
Admin-IP dianxin-nei liw.g-nei yidong-nei
1. The domain name for configuration authorization must be consistent with the authorization domain name.
2. Configure DNS resolution records for each host in the authorization domain
Gslb basic configuration-> 7. gslb enable
!
!
Gslb protocol enabledevice
Gslb protocol enablecontroller
Enable gslb globally
About host-Switching
SLB template HTTP host
Host-switchingcontains nc.sbtjt.com service-group NCT
Host-switchingcontains oa.sbtjt.com service-group OA
Host-switchingcontains web.sbtjt.com service-Group web
SLB virtual-server yidong_vip1 192.168.10.13
Extended-Stats
Port 8080 HTTP
Source-Nat pool gslb-SNAT
Use-RCV-hop-for-Resp
Template HTTP host
1. Host-switching is used for an IP address and port to provide multiple domain name applications at the same time. When a customer accesses this address and port, the host information in the HTTP header is used to distinguish different services.
2. Apply the template to the VIP that provides the service.
The A10 device performs DNS server on the Intranet
SLB server 114.114.114.114 114.114.114.114
Port 53 UDP
!
SLB service-group DNS UDP
Member 114.114.114.114: 53
SLB virtual-server gslb 192.168.10.100
Extended-Stats
Port 53 UDP
Gslb-enable
Source-natpool SNAT
Service-group DNS
Use-RCV-hop-for-Resp
The above command is to use the A10 device as the internal DNS server host first query the DNS resolution result of the A10 device. If there is no relevant resolution record on a10, the request is forwarded to the Public DNS server.
Verification operation
Check whether the analysis is correct on the Web Kaka page
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4C/FF/wKioL1RI0pDidPR6AAGCGObRT8A690.jpg "Title =" qq 51123180058.jpg "alt =" wkiol1ri0pdidpr6aagcgobrt8a690.jpg "/>
Dig Tool
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4C/FE/wKiom1RI0mziB6UVAAGMsJRqr_A894.jpg "Title =" qq 23180108.jpg "alt =" wkiom1ri0mzib6uvaagmsjrqr_a894.jpg "/>
NSLookup targeted DNS server testing domain name resolution
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/4C/FF/wKioL1RI0tiSdrcaAAC_1DI-Fls253.jpg "Title =" qq 23180121.jpg "alt =" wKioL1RI0tiSdrcaAAC_1DI-Fls253.jpg "/>
Httpwatch view the resolution time and return status of the entire page
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/4C/FE/wKiom1RI0vTT07akAAHofS9vHy8896.jpg "Title =" qq 23180128.jpg "alt =" wkiom1ri0vtt07akaahofs9vhy8896.jpg "/>
This article from the "high magic feet" blog, please be sure to keep this source http://xiajiachen.blog.51cto.com/2934599/1567375
Application of the A10 Server Load balancer device gslb (Inbound Link load balancing) in the Intranet