Contents
This section shows all the settings available for the current GSLB farm categorized into four tabs: Global, Services, Zones, and IPDS. Every change in this section has to be applied by clicking the Submit button.
Global Settings for GSLB Farms
When creating this form, you will encounter the following fields:
Name. It’s the identification field and a description of a virtual service. It is only editable if the GSLB farm is down. Ensure that the new farm name is available before configuring it or an error message will appear.
Virtual IP. IP address used by the GSLB service. To make changes in this field, ensure that the new virtual IP is not taken already. It will be needed to restart the farm to apply the changes.
Virtual Port. IP Port used by the GSLB service. To make changes in these fields, ensure that the new virtual port is not in use. It’ll be needed to restart the farm to apply the changes.
This could also be done manually using the Actions if needed. You should notice the action button at the top right corner.
These icons will let you restart (the small curved arrows) or start/stop the farm (the green triangle or square).
The Status is indicated using the following colors:
- Green. Means UP. The farm is running and all backends are UP.
- Red. Means DOWN. The farm has stopped.
- Yellow. Means RESTART NEEDED. There are recent changes that need a farm restart to be applied.
- Black. Means CRITICAL. The farm is UP but there is no backend available or they are in maintenance mode
- Blue. Means PROBLEM. The farm is running but at least one backend is down.
- Orange. Means MAINTENANCE. The farm is running but at least one backend is in maintenance mode.
Those color codes are the same all over the graphical user interface. See a better explanation about the LSLB Farms Section here.
Services Section in GSLB Farms
Adding a New Service will require:
Service Name. A short descriptive name for the new service.
Algorithm. The preferred load balancing method for the new service.
- Round Robin: equal sharing. Balances the traffic equally among all the active servers at DNS layer. For every incoming connection, the balancer assigns the next round to a server.
- Priority: connections are forwarded to the backend with the highest priority.. Balances all connections to have the same priority. If this server is down, the connections switch to the next server with the highest priority. With this algorithm, you can build an Active-Passive high availability cluster service with several real servers.
The GSLB Priority service allows the creation of a global DNS clustering service at the domain name level. The Priority service permits the same configuration options as the Round Robin services, but only allows 2 backends to be configured to create a two-node cluster. By default, the local IP address 127.0.0.1 is configured and it should be modified by the real server’s IP address.
The configuration options of both service types are shown below:
Default TCP port health check. This is the TCP port that the service will check to determine whether the backend service is alive or not. It cannot be blank.
Farmguardian. Configure the default health check to the backends. See below for more information.
Once the new service is created, you’ll need it to restart the GSLB farm.
Farmguardian
Health Checks for the backend performed by Farmguardian are an optional advanced feature. Even if you do not enable it, a simple check will be performed every 5 seconds to monitor the backend status.
Some built-in or customized advanced health checks can be assigned to this service from the already created Farmguardian checks.
For further information about Farmguardian, go to the Monitoring >> Farmguardian section.
Notice that after selecting the Farmguardian, it will be automatically applied to the farm.
Backends
In regards to the Backends section, at least one backend should be configured. By default, the 127.0.0.1 local IP address is configured, but you will have to change it later on.
GSLB farms allow to configure the following real server properties:
Alias. Backend alias, if any alias was defined for the backend.
IP. The IP address of the backend, if you have selected any alias, this field will be not editable. You should change the alias field instead. If the Custom IP has been selected in the alias field, it will be editable for a custom IP address.
ACTION. Use the following actions outlined in the selected backends.
- Add Backend. This option opens the form to add a new backend in the service.
- Edit. Open the backend form to change the backend configuration.
- Delete. Delete the real server of the virtual service. The alias is not deleted. It is not allowed to delete the first backend from the list.
The backends of Priority services lack available actions. You only could Edit.
GSLB Farms Zones
A GSLB Zone will describe a DNS domain name, subdomains, aliases, etc., which will be needed to generate a complete DNS zone with additional load balancing records using the services defined as described above.
Once a new Zone is created for a certain domain, more configuration options will be available. See more details below.
Default Name Server. This will be the entry point root name server that will be available as the Start Of Authority (SOA) DNS record. By default, ns1 will be set.
Zone Resources Configuration
Every Zone requires creating Resources to configure the dynamic DNS:
Name. The resource name of the DNS entry.
TTL. The Time to Live (optional) value for the current record; it is needed to determine the length of time that the current name will be cached.
Type. DNS record type. The options are:
- A. Address type record returns an IPv4 address of a host.
- NS. Name Server type record, it delegates a DNS zone to use the given authoritative name servers.
- AAAA. Address type record returns an IPv6 address of a host.
- CNAME. Canonical name type record represents an alias of a given name.
- MX. Mail exchange type record maps a domain name to a list of message transfer agents for that domain.
- SRV. Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
- TXT. Text type record is used to store any text-based information that can be grabbed when necessary. We most commonly see TXT records used to hold SPF data and verify domain ownership.
- PTR. Pointer record, a pointer to a canonical name. Unlike a CNAME, DNS processing stops, and just the name is returned. The most common use is for implementing reverse DNS lookups.
- NAPTR. Naming Authority Pointer, Allows regular-expression-based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc.
- Services. Dynamic address (DYNA) type record returns a dynamic address specified by a Service already created within the farm configuration according to the algorithm selected for such service. This type behaves a little differently in regards to TTL. TTL fields have a syntax extension and slightly different meanings than the TTL field of a traditional, fixed Round Robin. The traditional format for DYNA/DYNC TTLs is MAX[/MIN], with MIN defaulting to half of MAX if not specified explicitly. In our case, it is not possible to define the MIN, so it will be always half of de MAX specified.
Data. It’s the real data needed by the record type, input value depends on the kind of the Resource Name, the following example shows the different kinds of Resource Names and the allowed data values for each one.
Allowed Data are:
- IPv4 address for A type.
- IPv6 address for AAAA type.
- Name server for NS type.
- Domain format for CNAME type (eg. foo.bar.com).
- Domain format for MX type (eg. mail.example.com).
- <priority> <weight> <port> <target> separated by blank spaces for SRV type (eg. 20 30 334 my.target.com).
- Domain format for PTR type (eg. foo.bar.com).
- <order> <preference|flags|services|regexp|replacement> for NAPTR type.
- Service name for Service type.
ACTION.
- Create Resource. Create a new resource record for a certain zone.
- Delete. Delete a resource record for a certain zone.
- Edit. Modify a certain resource value and apply.
IPDS
This section let you enable IPDS rules. The list shows different types of protection and a select box to enable them. For further information please go to the IPDS >> Blacklists rules, IPDS >> DoS rules or IPDS >> RBL rules specific documentation.
For each of the three types of IPDS rules, Blacklist, DoS, and RBL, there are two tables, Available and Enabled, and a chain icon that redirects to its IPDS section. Under the Available table, it can be seen all the available rules of the same kind, that can be applied to the farm. Under the enabled table, it can be seen each rule of the same type applied to the farm, there is also a status ball for each rule which tells if the rule is stopped in red or running in green.
Each rule can be accessed by clicking on its name which will allow you to change rules parameters or even start/stop the rule. It is not possible to create a new rule under this farm view, you should do it through the IPDS section.
You can add one rule, by clicking on the desired rule and then on the right single arrow, or more than one, keeping the shift key pressed and selecting the rules that you want to add, then you will need to click on the right single arrow. You can also add all available blacklists by clicking on the right double arrow.
To delete one or more rules, select them and click on the left arrow or click on the double arrow to remove all.
Next step, check out the GSLB Stats and Graphs.