cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
980
Views
5
Helpful
18
Replies

GSS Physical Connectivity

new_networker
Level 1
Level 1

hi,

The data center site receives traffic through internet on the outside of its firewall. After the firewall is the ACE for load balancing requests. Where does the GSS fit into this topology and how is it physically connected i.e. via Ethernet0 or Ethernet1. Why do we need two interfaces.

Is there any easy to follow configuration example for GSS.

Rgds

18 Replies 18

GSS is part of DNS Infrastructure.

It doesnt need to be inline with FW/LB or any other device.

Just treat it as a Intelligent DNS server. Only requirement is that GSS needs to probe VIPs configured of LBs (or in some cases Servers directly-- if needed). Which means probe traffic from GSS to VIPs should be allowed by the intermediated Security devices.

You can use only one interface if you want. With two interface you can dedicate one interface for Inter-GSS traffiac and other interface for probe traffic.

Syed Iftekhar Ahmed

Thanks.

Is there any easy configuration for single site GSS functionality.

In our case, there are two GSS; one at Primary site and other at DR. The GSS at primary site should always send client requests to the primary. Only in case of unavailability of the primary site, the GSS should route the client requests to the DR site.

Rgds.

You will need to define a DNS rule on GSS with "ordered list". Ordered list method Uses next VIPs or NS Forwarders when all previous VIPs or NS Forwarders are OFFLINE or overloaded.

A DNS rule on GSS defines the desision logic for GSS.

A typical DNS rules is as follows

For requests arriving from a "certain D-Proxy"

and asking for a "certain Hosted Domain"

use this "Answer Group"

and use this "Balance Method" to choose the best answer.

I am afraid there is no shortcut, you will need to go through the GSS GSLB guide to understand GSS terms and implement it

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v1.2/configuration/guide/gsscongd.html

Syed Iftekhar Ahmed

Is it possible to configure the DNS rules via CLI. The configuration guide talks about DNS Rule Wizard & Builder, both of which I believe are GUI based.

If there is a CLI equivalent, please let me know the commands for

For requests arriving from a "certain D-Proxy"

and asking for a "certain Hosted Domain"

use this "Answer Group"

and use this "Balance Method" to choose the best answer.

Thanks.

I have found the CLI equivalent. Thanks

Ok. After I created DNS rule, VIP balance type etc how can I configure redirection to the DR sight in case of primary site failure.

If I were to configure VIP method as 'ordered', would the DR site VIP group contain a private IP OR public IP for the DR. If so, then how would the request be re-routed to the DR from Primary.

The data center setup is that the internet line is directly terminated on the outside of our first/edge device i.e. the firewall. GSS would probably be placed on the DMZ or inside of the firewall.

How can the re-routing be achieved ?

Thanks.

In addition to the previous request, could you also please clarify the below - taken from your another post

"

Typical flow is as follows

1. Client will hit their DNS servers (configured on their machines as primary/backup dns server).

2. "Client's DNS server" will query "DNS server authoritative for abc.com" for www.abc.com.

3. "DNS server authoritative for abc.com" will ask "client's DNS server" to query "GSS - Authoritative for www.abc.com"

4. "Client's DNS server" will query GSS for www.abc.com.

5. GSS will send the ip add of www.abc.com (which should be configured on ACE as VIP).

6. "Client's DNS server" will handover this VIP to client

7. Client will hit the VIP configured on ACE (for application www.abc.com).

"

Here at point 5, the VIP that GSS shall send is a private IP or public IP ?. I am assuming it cannot be private since the client will not be able initiate a request to VIP on private IP over the internet.

Lastly, if the client requests for two different URL's which translates to two different VIPs, would it require two GSS A records in the primary authoritative DNS or one GSS should suffice. If so, how will it be.

Awaiting your reply.

Kind Regards.

Both GSS's at the two data centers will be running the same DNS rule. You will need to create two answer groups.

Answer group1 --> for VIPS in DC1

Answer group2 --> for VIPS in DC2

DNS rule will state that use orderlist for Answer gp1 & Answer gp2. Which means serve Answers in AnswerGp1 and if these answers are not available then serve from AnswerGp2.

As I said earlier GSS is a part of Global DNS infrastructure thus it mostly resolves to Public IP.

I have done installations where there are isolated GSS Networks (Split DNS) where the Global GSS Network serves public IPs & Inranet GSS N/W serves Private IP.

In short If your GSSs are deployed for internet traffic then they should serve public

IPs.

Syed

I have a query on adding answers to the answer group.

Steps:

1. Define VIP-Type Answer

2. Define answer-group

3. Add answer to the VIP-Type Answer group

My query is that if I have already configured VIP-Type Answer (step 1), why do I need to mention the IP addressses again while adding answer to the VIP-Type Answer Group.

Thanks.

While adding answers to answer group, You just need to select the available/defined Answer checkboxes.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v1.2/configuration/guide/Answers.html#wp1152966

Syed Iftekhar Ahmed

Oops..I didn't mention I was using CLI. Could you please shed light on CLI part. That's where my concern is.

Thanks.

As an example,

- To create an answer:

answer vip 1.1.1.1

- To add an answer to the answer group

answer-add 1.1.1.1

Is it correct, the IP address needs to be entered twice.

Rgds.

Here you are just assigning Answers to the Answer Group. Answer group has no ip assigned to it. These IPs are only used to reference/identify Answer from the avaiable/configured Answers.

Syed

Hi,

Sorry to interrupt you ...

I have some queries related to this

GSS1 -- DC1

GSS2 --- DC2

VIP DC1 == 100.100.100.100(Public) - 1.1.1.1

VIP DC2 === 200.200.200.200 (Public) -2.2.2.2..natted in my FW

My requiremnet is if GSS1 is not avail then Gss2 shld respond. for the same i have created

one answer group (VIP type)

Two VIP answers (public IP ihave given in ANSWER and Mapped two answer to one answer group..

In answers VIP tab i need to give public IP/privte IP (natted IP)??

I have created two KAL-AP with privte IP(1.1.1.1, 2.2.2.2) and same ampped to answers,

is it right??

In ANS grp i need to give more weight to DC1 like(10) and DC2 is 1.. to achive the same???

Above config will meet my requirments??

Please help in this regard..right now i am testing, Now i need to put it in production at earliest..pls help me out in this reg..

Thanks in advance..

Once again i am sorry to break the conversation..

Regards

sateesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: