This section focuses on GSLB site selection and its fallback_site_names and is_preferred_site options.
The following are the types of policy actions for policy matches:
Allow or drop query
Query response
GSLB site
Pool switching
Rate limiting
Use Case for GSLB Site Selection
A simple use case illustrates how the feature might be used:
There are three GSLB sites, one in Paris, one in Lyons, and one in Antwerp.
The geolocation algorithm used by NSX Advanced Load Balancer will typically select the site that is closest to the client.
A client close to the French-Belgian border would normally be directed to Antwerp based on proximity, but since the client is in France (or some other criterion is matched), the GSLB-site-selection action returns the VIP of a site having the site name “FRANCE.”
Site selection features are engaged by defining a DNS policy rule. A rule match bypasses the chosen GSLB load-balancing algorithm that might be associated with the virtual service. By way of review, by default, there are five ways to effect a match, as shown in the following figure. You can also add more matches.
Whatever the match, if one is made, the action will be taken, as follows:
NSX Advanced Load Balancer looks for a VIP whose site_name parameter is equal to the desired value (“FRANCE” in the above use case).
Note:There may be more than one VIP with the given site name, in which case the first one found is returned.
If not one matching site is healthy and reachable, NSX Advanced Load Balancer checks to see if any sites have been defined as fallback sites (up to 16 may be defined). If such is the case, the VIP of the first healthy and reachable fallback site found is returned.
Finally, if not one of the fallback sites is healthy and reachable, if the is_site_preferred parameter has been set to True, then rather than return no address at all, the DNS VS reverts to the GSLB algorithm in force. In our use case example, Antwerp would be chosen.
Field
Description
Geolocation Tag
A string value associated with clients having IP addresses that can span many geolocation names representing a wide geography. That is, client IP addresses in locations Alaska and Hawaii might be collectively tagged ALASKA_HAWAII.
Note:A geolocation tag is not to be confused with a geolocation name.
GSLB Site Name
Usable only when GSLB services have been configured for the DNS virtual service. This field enables the system to override the GSLB load-balancing algorithm that otherwise would apply. A single GSLB site name can be associated with more than one VIP.
The is_site_preferred parameter is a per-application Boolean that is set when defining the action. If True, then when no suitable IP address in the list is found, rather than return nothing, the NSX Advanced Load Balancer DNS virtual service returns a healthy member from the list from which the GSLB algorithm normally returns an IP address.
NSX Advanced Load Balancer CLI Configuration
The below CLI show commands must be helpful for configuring fallback sites and using them in the DNS policy site selection action. You can see that GSLB pool members in GSLB service avi.com’s cluster_uuid is the third-party cluster_uuid. Also, you can see how the site selection has been set in DNS policy dns_policy_5.
[admin:10-10-27-253]: > show gslb glb-1 +--------------------------------------------------------------------+ | Field | Value | +--------------------------------------------------------------------+ | uuid | gslb-90412d33-fa47-4dc5-bcc2-7cb229461585| | name | glb-1 | | dns_configs[1] | | | domain_name | avi.com | | dns_configs[2] | | | domain_name | avi.us | | sites[1] | | | cluster_uuid | cluster-5fe7a684-12f1-4c85-a702-861eddd73| | name | default | | ip_addresses[1] | 10.10.27.253 | | port | 443 | | username | admin | | password | <sensitive> | | member_type | GSLB_ACTIVE_MEMBER | | enabled | True | | dns_vses[1] | | | dns_vs_uuid | virtualservice-77230146-d9d6-4349-be2a-b4| |leader_cluster_uuid | cluster-5fe7a684-12f1-4c85-a702-861eddd | | send_interval | 15 sec | |clear_on_max_retries | 20 | | view_id | 0 | | third_party_sites[1] | | | cluster_uuid | tp_cluster-1083375b-8f6a-4925-8108-b21d87| | name | SanFranciscoDC | | enabled | True | | third_party_sites[2] | | | cluster_uuid | tp_cluster-074c37ec-0d73-4d6b-98d8-998561| | name | LosAngelesDC | | enabled | True | | third_party_sites[3] | | | cluster_uuid | tp_cluster-0739f270-0be9-4a7e-81f7-bde80d| | name | LasVegasDC | | enabled | True | | third_party_sites[4] | | | cluster_uuid | tp_cluster-d793dbc8-ac76-49c4-bd41-52fedx| | name | PortlandDC | | enabled | True | | third_party_sites[5] | | | cluster_uuid | tp_cluster-bfddcd68-bbb0-472b-8f3c-ad0c99| | name | SanDiegoDC | | enabled | True | | third_party_sites[6] | | | cluster_uuid | tp_cluster-db7750ad-4fe7-44c9-8884-236a0a| | name | MumbaiDC | | enabled | True | | maintenance_mode | False | | is_federated | True | | tenant_ref | admin | +--------------------------------------------------------------------+ [admin:10-10-27-253]: > show gslbservice gslb-1 +--------------------------------------------------------------------------+ | Field | Value | +--------------------------------------------------------------------------+ | uuid | gslbservice-e413e0b0-2d3f-4d5f | | name | gslb-1 | | domain_names[1] | cloud1.avi.com | | domain_names[2] | cloud2.avi.com | | groups[1] | | | name | group1 | | priority | 15 | | algorithm | GSLB_ALGORITHM_ROUND_ROBIN | | members[1] | | | cluster_uuid | tp_cluster-1083375b-8f6a-492xx | | ip | 10.90.91.101 | | ratio | 1 | | enabled | True | | members[2] | | | cluster_uuid | tp_cluster-074c37ec-0d73-4d6xx | | ip | 10.90.91.111 | | ratio | 1 | | enabled | True | | members[3] | | | cluster_uuid | tp_cluster-0739f270-0be9-4a7e-8xx | | ip | 10.90.91.121 | | ratio | 1 | | enabled | True | | members[4] | | | cluster_uuid | tp_cluster-d793dbc8-ac76-49c4-bxx | | ip | 10.90.91.131 | | ratio | 1 | | enabled | True | | members[5] | | | cluster_uuid | tp_cluster-bfddcd68-bbb0-472b-8f3c-adx | | ip | 10.90.91.141 | | ratio | 1 | | enabled | True | | members[6] | | | cluster_uuid | tp_cluster-db7750ad-4fe7-44c9-8884-236 | | ip | 10.90.91.201 | | ratio | 1 | | enabled | True | | num_dns_ip | 1 | |controller_health_status_enabled| True | | health_monitor_scope |GSLB_SERVICE_HEALTH_MONITOR_ALL_MEMBERS| | enabled | True | | use_edns_client_subnet | True | | wildcard_match | False | | site_persistence_enabled | False | | pool_algorithm | GSLB_SERVICE_ALGORITHM_PRIORITY | | min_members | 0 | | is_federated | True | | tenant_ref | admin | +----------------------------------------------------------------------+ [admin:10-10-27-253]: > show dnspolicy dns_policy_5 ---------------------------------------------------------------------------+ | Field | Value | +--------------------------------------------------------------------------+ | uuid | dnspolicy-765105c0-4433-48d1-b6b1-5c331e2474| | name | dns_policy_5 | | rule[1] | | | name | rule_1 | | index | 1 | | enabled | True | | match | | | geo_location | | | match_criteria | IS_IN | | use_edns_client_subnet_ip | True | | geolocation_tag | SantaClaraClients | | action | | | gslb_site_selection | | | site_name | SanFranciscoDC | | is_site_preferred | False | | fallback_site_names[1] | MumbaiDC | | fallback_site_names[2] | LosAngelesDC | | fallback_site_names[3] | LasVegasDC | | fallback_site_names[4] | PortlandDC | | fallback_site_names[5] | SanDiegoDC | | tenant_ref | admin | +--------------------------------------------------------------------------+ [admin:10-10-27-253]: >
