This section focuses on NSX Advanced Load Balancer GSLB sites.

GSLB sites represent the location or a datacenter where one or more applications are hosted. GSLB sites are primarily of 2 types: NSX Advanced Load Balancer sites and third-party sites.



NSX Advanced Load Balancer Sites

An NSX Advanced Load Balancer site has a controller cluster and SEs that can perform any combination of the four key functions. The sites are further classified into two types - GSLB leader and follower (active and passive) sites

  • The site on which the administrator first defines a GSLB configuration is automatically designated as the GSLB leader. Exactly one active site is statically designated as the GSLB leader.

  • The other active sites subsequently added are GSLB followers.

  • The only way to switch leadership is through an override configuration from a follower site. This override can be invoked in the case of site failures or maintenance.

  • Firewall settings must permit bi-directional Controller communication among all active sites.

In next section, we will discuss different types of sites in detail.

GSLB Leader Site

The designated GSLB leader is the active site from which GSLB site configuration is performed. GSLB configuration changes are permitted only by logging into the leader, which propagates those changes to all active followers.

As mentioned in the previous section, the leader site is responsible for the following key functions:

  • Definition and ongoing synchronization and maintenance of the GSLB configuration

  • Monitoring the health of sites and pool members

  • Optimizing application service for clients by providing GSLB DNS responses to their FQDN requests based on the GSLB algorithm configured

  • Processing of application requests

Note:

In NSX Advanced Load Balancer, the GSLB leader periodically attempts to resynchronize the objects that are in an error state. The default value for the resynchronization interval is 300 seconds.

GSLB Follower Site

The NSX Advanced Load Balancer GSLB follower site is further classified as either an active or a passive GSLB site.

Site Classification

Function

Active Follower Sites

Active sites usually perform all three key functions (1-3) in some combination. All active sites have full-mesh connectivity between them at all times. This includes connectivity from leader-to-follower, follower-to-follower, and so on.

Passive Follower Sites

Passive sites only perform the processing of application requests (key function no. 4), that is, the hosting of virtual services that respond to requests from the clients of global apps. A passive site does not have a GSLB DNS VS, and the GSLB configuration is not pushed to it. Health of the members on the passive site can be monitored by the control plane health monitors or the data plane health monitors that are sent by the DNS running on other active sites. Since no DNS is running on passive sites, it cannot monitor the status of the other sites.

Note:
  • The connectivity between all sites is persistent.

  • Any connectivity issue between the sites is addressed using retries. For GSLB, the clear_on_max_retries parameter specifies the maximum number of connection retries permitted. If NSX Advanced Load Balancer cannot connect to the remote site within the configured retry count, the initiating site clears all the cached states, and the remote site is declared down. Following this, the initiating site attempts to connect to the remote site on a periodic basis, based on the send_interval configuration.

  • Firewall settings must permit bi-directional Controller communication among all active sites.



From the diagram shown above, observe the following:
  • Santa Clara, Chicago, and NY-1 are active sites.

  • Boston, Austin, and NY-2 are passive sites.

  • Santa Clara is the GSLB leader.

  • All other active sites are followers.

A single NSX Advanced Load Balancer Controller icon is used to depict a 3 node Controller cluster.

An Active Follower
  • Receives the GSLB configuration from the leader and thus can take over leadership in the event of the leader’s failure.

  • Must actively monitor the health of other GSLB sites.

  • Hosts an authoritative DNS for the NSX Advanced Load Balancer global applications defined by NSX Advanced Load Balancer GSLB. Such redundancy makes the DNS service highly available and performant.

A Passive Follower
  • Does not have DNS participating in the GSLB configuration. It may run DNS for applications unrelated to the GSLB deployment.

  • Does not receive the GSLB configuration and thus cannot take over for a failed leader.

  • Does not monitor other sites. Its health is determined by a health monitor running on an active site.

Note:

An NSX Advanced Load Balancer site can participate in exactly one NSX Advanced Load Balancer GSLB configuration. If site_A is a participant in GSLB_config_1, an attempt to incorporate site_A into GSLB_config_2 results in an error.

Recommendations

  1. It is recommended to have the same NSX Advanced Load Balancer version on all the GSLB sites.

  2. The Controller that assumes the GSLB leader role must not run a later version than any of its GSLB follower sites. This restriction applies both during the initial configuration and during subsequent upgrades.

Switching the Leader Site

There might be a requirement to change the GSLB leader site, that is, to make another active follower site the GSLB leader site. This could be required in the following scenarios:

  1. The leader site has been DOWN for a considerable time, and configuration updates are needed.

  2. Network partition.

  3. Maintenance activity on leader - If the leader site is DOWN, then we cannot make any config changes until the leader is back UP or a new leader is elected. The way to switch the leadership role to a follower is by overriding the configuration of the leader from a follower site. The steps are explained in Detaching GSLB Site from Unresponsive Leader Site.

    Note:

    Only active follower sites can become leader sites, not passive follower sites.

Third-party Sites

A third-party site can be a third-party ADC, any server or set of servers, any IP address, and so on. Such sites can only perform the processing of application requests (key function no. 4), as mentioned above.

Note:

Not every virtual service hosted on an NSX Advanced Load Balancer site or third-party site needs to participate in the NSX Advanced Load Balancer GSLB solution. This means, not every application is a global application.