11500 GSLB Newbie - help needed

acomiskey · ‎03-30-2007

I'm new to this equipment so bear with me. I am hoping to get a "plain english" explanation about the following doc. Here is my situation. I have 2 sites, a main and a backup, different networks, geographically remote with a point to point connection between the two. I also have a l2l tunnel between the two if it is needed. I have a web application I need to establish some redundancy for. If site A or webserver A goes down I need traffic to be directed to Site B Webserver B. Easy enough probably, according to the doc, it sounds like this is what I need to do, but I must be missing something. Any further explanation would be helpful and appreciated.

Basic Global Load Balancing Site Redundancy Using the CSS with DNS

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a00801dcd75.shtml

joquesada · ‎03-30-2007

Hi,

Have you already configured the CSS? If so, what are you missing? or what is not working for you?

What parts of this setup are giving you a hard time. Thanks!

Regards,

Jose.

acomiskey · ‎04-02-2007

I have not yet set this up. It is a little difficult because the diagram shown does not display all the ip addresses.

I'm really just trying to understand how it works.

acomiskey · ‎04-03-2007

Ok, I have a specific question now. In the document referenced above "Basic Global Server Load Balancing Site Redundancy Using the CSS with DNS", I have a few questions.

Are the CSS's becoming the authoritative DNS servers for the domain www.yourdomain.com ? If so, that means I have to create 2 NS records at my authoritative dns, 1 primary to VIP 1, and 1 secondary to VIP 2? I know it says this in the document, but if they mean A records instead of NS records, then the CSS's are not authoritative for www.yourdomain.com.

So I guess my question is do I create 2 NS records pointing to the VIP's or do I create 2 A records on my authoritative DNS to the VIP's? Hope that makes sense. thanks in advance.

acomiskey · ‎04-03-2007

Also, is this all possible behind NAT (ASA5510) with 1 to 1 statics?

joquesada · ‎04-03-2007

Hi,

In regards to your questions:

- I've set GSLB in the past following this link step by step and I've had no issues. In regards to the configuration of the CSS, no commands are missing. What do you mean when you say that some IPs are missing?

- Regarding your DNS questions, yes, the CSS' would be the authoritative DNS servers for the domains configured on the CSS', as long as you configure the NS records ( not A records ) on your DNS servers. So, you need to configure NS records and not A records on your DNS servers, pointing to the VIPs of the CSS; if you want the CSS to become the authoritative DNS servers for those domains.

- NAT shouldn't be a problem as long as it is properly configured. Remember that you need to configure NAT for DNS, also for the requests that come to the VIPs and don't forget the APP session between the Master and the Backup site.

I hope this helps. Thanks!

Regards,

Jose.

acomiskey · ‎04-04-2007

thanks jose.

The comment I made about missing IP's just refers to the diagram in the document. Only the VIP's are listed in the image, that's all. So far I have...

Type------Domain----------------Answer

NS--------ftp.mydomain.com----css1.mydomain.com

NS--------ftp.mydomain.com----css2.mydomain.com

A---------css1.mydomain.com---1.1.1.1

A---------css1.mydomain.com---2.2.2.2

Hopefully it will work this way without making css authoritative for mydomain.com, only ftp.mydomain.com? thanks again for the help, this is my first experience with css.

acomiskey · ‎04-04-2007

Update: The above seems to work. I only have 1 Css up at the moment, but I am able to resolve ftp.mydomain.com! I had to add the command "dns-server" to the Css for it to resolve the name. Will I need this command once I bring up the other Css and establish the APP session? The command was not in the doc. Thanks.

joquesada · ‎04-04-2007

Hi,

I just noticed that. You are right, you need to add the dns-server command to the CSS in order to get DNS resolutions. Is good to know that things are moving forward for you. Thanks!

Regards,

Jose.

acomiskey · ‎04-04-2007

Thanks again. Just stumbled upon that.

In this scenario, would there be anything that would prevent me from having the CSS monitor services/servers on separate networks?

I have several servers on a DMZ and one server on the inside I would like to do this with. Should I have to move all the servers to the same network? For some reason, I was told we would have to purchase a second pair in that scenario.

joquesada · ‎04-04-2007

Hi,

It shouldn't be a problem for the CSS to have more VLANS and servers configured, besides the portion that is used for the GSLB setup. Thanks!

Regards,

Jose.

acomiskey · ‎04-04-2007

So the servers don't have to be on the interfaces of the CSS? Would there be an advantage to having the servers on the physical interfaces of the CSS as opposed to somewhere else on the network?

joquesada · ‎04-04-2007

Hi,

The only advantage of having the servers directly connected to the interfaces of the CSS is that you don't need to worry about the routing on your network. If you are going to have the server somewhere else in your network, you must make sure that routing is properly configured, so the responses from the servers are indeed sent back to the CSS. Thanks!

Regards,

Jose.

acomiskey · ‎04-04-2007

You mention "the responses from the servers"...are you just talking about the responses from ICMP keepalives for example?

joquesada · ‎04-04-2007

Hi,

Yes, it could be the response to the keepalives and also, the response to the load balanced traffic. Thanks!

Regards,

Jose.