I am trying to understand the GSS product and how it provides 'immediate' redundancy across multiple data center(s).
So lets assume that the GSS (with CNR installed) has been deployed and functions as the authoritative server for the domain (www.test.com). The goal is to provide active/standby type configuration between two data centers.
If a client tries to access the page (www.test.com), the GSS replies with the address of server (e.g: 220.127.116.11) residing in Data Center(a). However lets assume after the response from GSS is sent to client and the client is trying to connect to the www.test.com using Ip address 18.104.22.168, Data Center(a) becomes unavailable. How will this connection get redirected to Data Center(b)'s IP address 22.214.171.124?
All subsequest request from the client will be done using 'DNS cache' so the GSS does not come into the picture since the client already knows the IP address of www.test.com (126.96.36.199).
Is this how it works or am I missing something here?
Thanks in advance for the response.
You are right.
If you donot configure the TTL value then 20 sec (default) is used.
Some of my previous GSS customers wondered why cisco kept it 20sec and why not 0 sec (to make it non-cachable). I think the reason is that a majority of DNS implementations do not honor 0 as TTL.
More details on how to change it (Using CLI) at
Syed Iftekhar Ahmed
There are few things you should keep in mind.
User Workstation is not the real client for GSS. Its primarily the Client's DNS Server.
With respect to caching you are very correct that GSS (for that matter any DNS based GSLB method) is prone to DNS caching issues.
There are various points in the network that stores/caches DNS information.
1. Client's DNS Servers
2. Client PC's OS
3. Browser on Client's PC
To mitigate Client DNS Server issue you need configure the A record served by GSS with a smaller TTL value. This "A-record TTL value" dictates how long can DNS server caches a DNS record. So for example if you set A-record TTL value to 5 minute then the worst outage of service you will get will be 5 minutes (as Client's DNS server will only cache it for 5 minutes and at 6th minute Client's DNS server will contact GSS again and will get the active vip as answer.
If you are using newer IE versions (6.x+) then you are in a better situation as these IEs try to resolve again if the web access to IP in DNS cache fails and hence will get the active IP on GSS.With Pre-6.x versions problem is severe as not only this feature is missing but also the DNS caching time is from 30 mins to 24 hours.
With Firefox (last time I checked) this dns cache timeout is 15 minute (so in worst case scenario the service outage will be 15 minutes).
Using google you can get lots of tools to disable dns caching on browsers. I know this is not a cool solution but it can be done.
In nutshell yes GSLB has issues with DNS caching but it still gives you a solution which can move client to a different Data center (after dns cache timeout).
Syed Iftekhar Ahmed