An Avi Load Balancer GSLB configuration can serve clients through a mixture of public and private networks.

Introduction

A private IP address is a VIP configured in a local virtual service (configured as a GSLB pool member). But this IP address may not always be reachable by the client. For example, a user on a laptop could come in using the corporate intranet or VPN, but also directly from the public Internet. In the former case, the source IP address would be an intranet private IP address, and in the latter case, it would be a public IP address.

Note:

If EDNS processing is enabled, the client’s IP address is found within the ECS option.

For more information, see Extension Mechanisms for DNS (EDNS) Client Subnet Option Insertion in the VMware Avi Load Balancer Configuration Guide.

The source being a certain set of resolver IP addresses could indicate that the client is coming in from a private network, and another set of IP addresses could indicate that the client is coming in from a public network.

How It Works

Client DNS requests coming in from within the intranet have the private IP served in the A record, and requests from outside are served the public IP address. Note that datapath health monitoring is performed only against the private IP address.

Configuration using Avi Load Balancer UI

In the GSLB global configuration (navigating to Infrastructure > GSLB > Site Configuration > Edit (pencil icon)), the user can specify a list of IP addresses (specific addresses, ranges, or prefixes) and categorize them as either private or public. If a private list is specified, all other addresses are deemed public, and vice versa.

In the GSLB pool member configuration, an optional public IP address can be specified. This field is used to host the public IP address for the VIP, which gets NATed to the private IP by a firewall.

Configuration using Avi Load Balancer CLI

In the below CLI sequence, private and public address ranges are defined.

configure gslb glb-1
client_ip_addr_group

type gslb_ip_p
gslb_ip_private Private IP Address.
gslb_ip_public Public IP Address.
type gslb_ip_public
prefixes 1.1.1.0/24
addrs 2.1.1.1
ranges begin 3.3.3.0 end 3.3.3.42
New object being created
save
save
save
...
client_ip_addr_group
type	            GSLB_IP_PUBLIC
addrs[1]	        2.1.1.1
ranges[1]
begin	            3.3.3.0
end	                3.3.3.42
prefixes[1]	        1.1.1.0/24
tenant_ref	        admin
-------------------------------------------------------------------------+

In the below CLI sequence, a public IP address is added to an existing pool member.

configure gslbservice gs-1
Updating an existing object. Currently, the object is:
groups index 1
members index 1
public_ip ip 2.2.2.2
save
save
save
save
...
members[1]
ip	        10.10.10.1
ratio	    1
enabled	    True
public_ip
ip	        2.2.2.2