This section covers the CLI commands to check the operational state of a site-persistent GSLB service and to determine the percentage of requests that are proxied from other virtual services back to the one to which clients are to be persisted.

In the following CLI sequences we have:

  1. A global service named gs-1.

  2. The global service is comprised of two virtual services named pay@site_A and pay@site_B.

  3. These virtual services run on their correspondingly named active sites, site_A, and site_B

  4. A site-persistence proxy pool at each site correspondingly named SP-gs-1-pay@site_A and SP-gs-1-pay@site_B.

    Note:

    NSX Advanced Load Balancer automatically forms a site’s proxy pool name by prepending SP- to the hyphenated concatenation of the GSLB service name and the virtual service name.

  5. The operational status for site persistence is up.

The output of the show command reflects points 1 through 5. To the right of the command’s output, we have inserted annotations to guide you where to look. These data are available from any active site.

Note:

To view site-persistence-related data you must include the arguments runtime filter sp_status.

show gslbservice gs-1 runtime filter sp_status
+-------------------------+---------------------------------------------------+
| Field                   | Value                                             |
+-------------------------+---------------------------------------------------+
| uuid                    | gslbservice-ff1b4e8d-663d-4cb9-932b-d007c81efba6  |
| name                    | gs-1                                              |  
| ldr_state               |                                                   |
|   last_changed_time     | Tue Feb  6 00:11:02 2018 ms(242588) UTC           |
| flr_state[1]            |                                                   |
|   status                | SYSERR_SUCCESS                                    |
|   reason                |                                                   |
|   site_uuid             | cluster-1e560f44-c898-41c3-818b-3433edbf9391      |
|   last_changed_time     | Tue Feb  6 00:11:02 2018 ms(904114) UTC           |
| groups[1]               |                                                   |
|   name                  | group2                                            |
|   members[1]            |                                                   |
|     cluster_uuid        | cluster-1e560f44-c898-41c3-818b-3433edbf9391      |
|     site_name           | site_B                                            |  
|     vs_uuid             | virtualservice-8a68c656-6a89-46d7-b9a5-1b693ae979 |
|     vs_name             | pay@site_B                                        |  
|     ip                  | 10.90.174.72                                      |
|     oper_ips[1]         | 10.90.174.72                                      |
|     vip_type            | AVI_VIP                                           |
|     services[1]         |                                                   |
|       port              | 80                                                |
|       enable_ssl        | False                                             |
|       port_range_end    | 80                                                |
|     app_type            | APPLICATION_PROFILE_TYPE_HTTP                     |
|     sp_pools[1]         |                                                   |
|       uuid              | pool-8a68c656-6a89-46d7-b9a5-1b693ae9798a         |
|       name              | SP-gs-1-pay@site_B                                |  
|       num_servers       | 1                                                 |
|       num_servers_up    | 1                                                 |
|     controller_status   |                                                   |
|       state             | OPER_UP                                           |
|       last_changed_time | Tue Feb  6 00:15:17 2018 ms(352917) UTC           |
| groups[2]               |                                                   |
|   name                  | group1                                            |
|   members[1]            |                                                   |
|     cluster_uuid        | cluster-3a179b95-dff9-444b-9986-ba89c4e19c44      |
|     site_name           | site_A                                            |  
|     vs_uuid             | virtualservice-dc871051-35e8-4bec-bd1f-3c63fb6bxx |
|     vs_name             | pay@site_A                                        |
|     ip                  | 10.90.173.73                                      |
|     oper_ips[1]         | 10.90.173.73                                      |
|     vip_type            | AVI_VIP                                           |
|     services[1]         |                                                   |
|       port              | 80                                                |
|       enable_ssl        | False                                             |
|       port_range_end    | 80                                                |
|     app_type            | APPLICATION_PROFILE_TYPE_HTTP                     |
|     sp_pools[1]         |                                                   |
|       uuid              | pool-dc871051-35e8-4bec-bd1f-3c63fb6b7087         |
|       name              | SP-gs-1-pay@site_A                                |
|       num_servers       | 1                                                 |
|       num_servers_up    | 1                                                 |
|     controller_status   |                                                   |
|       state             | OPER_UP                                           |
|       last_changed_time | Tue Feb  6 00:15:17 2018 ms(353741) UTC           |
| services_state          | Services-In-Sync                                  |
| tenant_name             | admin                                             |
| checksum                | e298eb000bb6d5bcaeaaf10d08e609441823c69fc83e7xx   |
| sp_oper_status          |                                                   |
|   state                 | OPER_UP                                           |
|   last_changed_time     | Tue Feb  6 00:15:17 2018 ms(353976) UTC           |
+-------------------------+---------------------------------------------------+

Status of the Member Virtual Services of the GSLB Service

To learn more about the individual virtual services that comprise a GSLB service, one must log into the site that pertains. The below shown virtual service command was executed on site_A to report on a local virtual service,pay@site_A. Note the site-persistence pool reference toward the very bottom. The SP pool on site_A engages the service of some virtual service on another active site, the site to which the client’s request must be persisted. In this example, there’s only one other site (site_B), but in general, there could be many.

show virtualservice pay@site_A
+------------------------------------+-------------------------------------------+
| Field                              | Value                                     |
+------------------------------------+-------------------------------------------+
| uuid                               | virtualservice-dc871051-35e8-4bec-bd1f-xx |
| name                               | pay@site_A                                |
| enabled                            | True                                      |
| services[1]                        |                                           |
|   port                             | 80                                        |
|   enable_ssl                       | False                                     |
|   port_range_end                   | 80                                        |
| application_profile_ref            | System-HTTP                               |
| network_profile_ref                | System-TCP-Proxy                          |
| pool_ref                           | pay                                       |
| se_group_ref                       | Default-Group                             |
| analytics_policy                   |                                           |
|   full_client_logs                 |                                           |
|     enabled                        | True                                      |
|     duration                       | 0 min                                     |
|     all_headers                    | True                                      |
|     throttle                       | 0 per_second                              |
|   client_insights                  | NO_INSIGHTS                               |
|   udf_log_throttle                 | 10 per_second                             |
|   significant_log_throttle         | 10 per_second                             |
|   enabled                          | True                                      |
| vrf_context_ref                    | global                                    |
| enable_autogw                      | False                                     |
| analytics_profile_ref              | System-Analytics-Profile                  |
| weight                             | 1                                         |
| delay_fairness                     | False                                     |
| max_cps_per_client                 | 0                                         |
| limit_doser                        | False                                     |
| type                               | VS_TYPE_NORMAL                            |
| cloud_type                         | CLOUD_NONE                                |
| use_bridge_ip_as_vip               | False                                     |
| flow_dist                          | LOAD_AWARE                                |
| ign_pool_net_reach                 | False                                     |
| ssl_sess_cache_avg_size            | 1024                                      |
| remove_listening_port_on_vs_down   | False                                     |
| close_client_conn_on_config_update | False                                     |
| tenant_ref                         | admin                                     |
| cloud_ref                          | Default-Cloud                             |
| east_west_placement                | False                                     |
| scaleout_ecmp                      | False                                     |
| active_standby_se_tag              | ACTIVE_STANDBY_SE_1                       |
| flow_label_type                    | NO_LABEL                                  |
| vip[1]                             |                                           |
|   vip_id                           | 0                                         |
|   ip_address                       | 10.90.173.73                              |
|   enabled                          | True                                      |
|   auto_allocate_ip                 | False                                     |
|   auto_allocate_floating_ip        | False                                     |
|   avi_allocated_vip                | False                                     |
|   avi_allocated_fip                | False                                     |
| vsvip_ref                          | vsvip-5c8iRv                              |
| sp_pool_refs[1]                    | SP-gs-1-pay@site_A                        | 
| use_vip_as_snat                    | False                                     |
+------------------------------------+-------------------------------------------+

Proxy Pools Appear Alongside Others

The below show pool command, executed on site_A, demonstrates that site-persistence pools appear in the same way that other pools do. In contrast to the last four listed, the two SP pools have servers that are virtual services on the one and only other site.

show pool
+--------------------------+------+---------------+------------+--------------------+
| Name                     | Port | Cloud         | Oper State | Servers (up/total) |
+--------------------------+------+---------------+------------+--------------------+
| SP-gs-1-pay@site_A       | 80   | Default-Cloud | OPER_UP    | 1/1                |
| SP-gs-2-securepay@site_A | 80   | Default-Cloud | OPER_UP    | 1/1                |
| ship                     | 80   | Default-Cloud | OPER_UP    | 2/2                |
+--------------------------+------+---------------+------------+--------------------+

When the virtual service tree is expanded, an additional pool group, listing other GSLB site virtual services as backend servers will also appear on the Dashboard, as shown below:



Proxy Pool Status

Details about a proxy pool are not rolled up at the GSLB level. One needs to log into the relevant site, and then use the show pool command on the proxy pool associated with the particular GSLB service. In the below example, we’re logged into site_A, looking at the site-persistence pool named sp-gs-1-pay@site_A.

Note that the one server in the SP pool is identified by the VIP (10.90.174.72) of a virtual service on site_B.

+--------------------------------------+---------------------------------------------------+
| Field                                | Value                                             |
+--------------------------------------+---------------------------------------------------+
| uuid                                 | pool-dc871051-35e8-4bec-bd1f-3c63fb6b7087         |
| name                                 |  SP-gs-1-pay@site_A                               |
| default_server_port                  | 80                                                |
| graceful_disable_timeout             | 1 min                                             |
| connection_ramp_duration             | 10 min                                            |
| max_concurrent_connections_per_server| 0                                                 |
| health_monitor_refs[1]               | ghm-ping                                          |
| servers[1]                           |                                                   |
|   ip                                 | 10.90.174.72                                      |
|   hostname                           | 10.90.174.72                                      |
|   enabled                            | True                                              |
|   ratio                              | 1                                                 |
|   verify_network                     | False                                             |
|   resolve_server_by_dns              | False                                             |
|   prst_hdr_val                       | 16077db5be5a5402f8185e02769756a3f0deffcdc0ab28fe  |
|   static                             | False                                             |
|   rewrite_host_header                | False                                             |
|   description                        | Gslb site-persistence server                      |
| server_count                         | 1                                                 |
| lb_algorithm                         | LB_ALGORITHM_LEAST_CONNECTIONS                    |
| application_persistence_profile_ref  | gap-1                                             |
| inline_health_monitor                | True                                              |
| use_service_port                     | True                                              |
| capacity_estimation                  | False                                             |
| server_auto_scale                    | False                                             |
| vrf_ref                              | global                                            |
| fewest_tasks_feedback_delay          | 10 sec                                            |
| enabled                              | True                                              |
| request_queue_enabled                | False                                             |
| request_queue_depth                  | 128                                               |
| host_check_enabled                   | False                                             |
| sni_enabled                          | True                                              |
| rewrite_host_header_to_si            | False                                             |
| rewrite_host_header_to_erver_name    | False                                             |
| lb_algorithm_core_nonafinity         | 2                                                 |
| gslb_sp_enabled                      | True                                              |
| lookup_server_by_name                | False                                             |
| description                          | Gslb site-persistence proxy pool                  |
| tenant_ref                           | admin                                             |
| cloud_ref                            | Default-Cloud                                     |
+--------------------------------------+---------------------------------------------------+                                               

Determining the Fraction of Client Requests Proxied

On a per-GSLB-service basis, use the NSX Advanced Load Balancer UI to monitor the per-pool activity on active sites running the GSLB service’s virtual service members. For each site, collect the following:

  1. The inbound request rate for the GSLB service’s local virtual service.

  2. Its SP pool request rate.

Calculate the total for 1 and the total for 2 across all sites. If the overall SP pool rate is large compared to the overall virtual service request rate, you may wish to increase the value of TTL.

Secure/HTTP_Only flag to GSLB Site Persistence Cookie

The http_only flag is supported for the HTTP cookie persistence profile. This flag sets the http_only attribute for the cookie used in GSLB site persistence. This prevents the client-side scripts from accessing the GSLB site persistence cookie (if supported by the browser).

When you set a cookie with the http_only flag, it informs the browser that only this cookie must be accessed or allowed by the server. Access using any other cookie from the client-side script is strictly forbidden.

Use the http_cookie_persistence_profile option to set the http_only flag while configuring an application persistence profile, as shown below:

[admin:avi-controller]: > configure applicationpersistenceprofile System-Persistence-Http-Cookie
Updating an existing object. Currently, the object is:
+---------------------------------+--------------------------------------------------------+
| Field                           | Value                                                  |
+---------------------------------+--------------------------------------------------------+
| uuid                            | applicationpersistenceprofile-c23015dd-8e50-4843-a21** |
| name                            | System-Persistence-Http-Cookie                         |
| persistence_type                | PERSISTENCE_TYPE_HTTP_COOKIE                           |
| server_hm_down_recovery         | HM_DOWN_PICK_NEW_SERVER                                |
| http_cookie_persistence_profile |                                                        |
|   cookie_name                   | HPWKEKQZ                                               |
|   key[1]                        |                                                        |
|     name                        | e55bc50c-5c89-4fe6-a61a-be2ef34490d0                   |
|     aes_key                     | b'Vmwr8mRPUdIPnMEgHyh9l5OXUoyRWIdubKFvBgjeNdQ='        |
| is_federated                    | False                                                  |
| tenant_ref                      | admin                                                  |
+---------------------------------+--------------------------------------------------------+
[admin:avi-controller]: applicationpersistenceprofile> http_cookie_persistence_profile
[admin:avi-controller]: applicationpersistenceprofile:http_cookie_persistence_profile> http_only
[admin:avi-controller]: applicationpersistenceprofile:http_cookie_persistence_profile> save
[admin:avi-controller]: applicationpersistenceprofile> save
+---------------------------------+--------------------------------------------------------+
| Field                           | Value                                                  |
+---------------------------------+--------------------------------------------------------+
| uuid                            | applicationpersistenceprofile-c23015dd-8e50-4843-****  |
| name                            | System-Persistence-Http-Cookie                         |
| persistence_type                | PERSISTENCE_TYPE_HTTP_COOKIE                           |
| server_hm_down_recovery         | HM_DOWN_PICK_NEW_SERVER                                |
| http_cookie_persistence_profile |                                                        |
|   cookie_name                   | HPWKEKQZ                                               |
|   key[1]                        |                                                        |
|     name                        | e55bc50c-5c89-4fe6-a61a-be2ef34490d0                   |
|     aes_key                     | b'Vmwr8mRPUdIPnMEgHyh9l5OXUoyRWIdubKFvBgjeNdQ='        |
|   always_send_cookie            | False                                                  |
|   http_only                     | True                                                   |
| is_federated                    | False                                                  |
| tenant_ref                      | admin                                                  |
+---------------------------------+--------------------------------------------------------+
[admin:avi-controller]: >