Solved: Re: GSS Dilemma

Vladimir Lazovic · ‎01-25-2010

Hi All,

As being new to GSS, I have certain dilemmas,

A client has two sites (active/standby) and offers public web hosting service.

Request is to have automatic site-to-site recovery, in case that Any of the services on primary site fails, standby site has to take over that service!

Is GSS proper solution, or do you suggest something else, ACE or something?

P.S. I think dns caching is problem.

Any help is very appreciated!

Thanks in advance

Vlad

Sean Merrow · ‎01-29-2010

Hi Vlad,

This is a very common use-case of the GSS. The GSS is designed to load balance two or more data-centers, while an ACE is designed to load balance two or more servers within a single data-center (typically speaking).

In your case, it sounds to me like rather than use the GSS for load balancing the two data-centers, you want to use it for disaster (or dilemma :- ) recovery. Here's how it would work:

Let's say the two data centers host www.mysite.com and site A is the primary site and site B is the disaster recovery site.

The GSS would be the authorative name server for www.mysite.com
Any DNS requests for www.mysite.com would be responded to by the GSS with the VIP for www.mysite.com (1.1.1.1) at site A.
The GSS would be peroidocially running a keepalive check to the VIP at both sites to verify their health
If the keepalive to site A's VIP fails, then the GSS would start returning site B's VIP for www.mysite.com (2.2.2.2)
You can configure the GSS to start serving up site A's VIP again when it comes back online, or you can configure it to require manual reactivation. Manual reactivation is nice if you want to leave it on site B until root cause for site A's failure has been determined, and thus you can avoid flapping between sites.

DNS caching will always play a role in failovers to some degree. You can lower the TTL of response from the GSS to help alleviate this.

As for how to configure this, you have two options.

You could place both the site VIPs (1.1.1.1 and 2.2.2.2) into a common Answer Group. Leave site A's VIP with the default order of 0, and change site B's VIP to order number 1. Then in the balance clause of the DNS Rule, use Ordered-List as the balance-method. The site A VIP will always be used as long as it is passing keepalives. Only if it is failing keepalives will site B's VIP be returned in the DNS response.
The other option is to put site A's VIP Answer in its own Answer Group and Site B's VIP Answer is a different Answer Group. Now you add site A's Answer Group to clause 1 in the DNS Rule and site B's Answer Group to clause 2. Clause 2 is only used if clause 1 has no available Answers to return.

Hope this helps!

Sean

View solution in original post

Sean Merrow · ‎02-01-2010

Hi Vlad,

I'm not sure I really understand your question, but the GSS will only failover the Answers that are failing. So if you have a total of five sites hosted at the primary and distaster-recovery sites, and only one of the VIPs on the primary site fails, the GSS will start sending clients to the DR site for that VIP only. All the other healthy VIPs at the primary site will stay at the primary site. This is all assuming you've configured the GSS to behave this way. You could configure the GSS to send all requests to site B if only one fails, or handle each one individually.

I hope this answers your question. If not let me know. Also, you indicated you had two more questions, but I only see one. Did you forget to add the second?

Regards,

Sean

View solution in original post

Sean Merrow · ‎02-01-2010

Hi Vlad,

The GSS is not aware of multiple servers at a given site. Think of it as a DNS server load balancing two different IP address resolutions for a single domain such as www.mysite.com. Clients using a browser don't know and don't care about all the background stuff at each site....they just want to know what the IP address is for www.mysite.com. Remember, a client browser such as IE or Firefox only looks at web-site servers to connect to.

The GSS will either send them the IP address of the VIP for www.mysite.com at site A, or the one at site B. So you would use a keepalive to verify the health of one or more IP addresses at site A, and if any of them fail, start sending clients to site B. You can get pretty creative with keepalives on the GSS. For example, you can have it perform keepalives to several different IP addresses (servers) at a given site to calculate the health of that site.

For the second question, a VIP Answer on the GSS would represent the IP address of the website at a given site. See my first response for further details on that.

Thanks,

Sean

View solution in original post

Sean Merrow · ‎02-02-2010

Hi Vlad,

1. Could I use Cisco ACE 4710 with Route Health Injection and BGP, and have site to site recovery?

The ACE 4710 does not support RHI. The ACE module does. If you have a module at your disposal and would like to implement this solution, then I would recommend engaging your Cisco SE or partner, as design is not my area of expertise.

You can place a redundant pair of ACE at different sites, as long as there is a fast, high-bandwidth layer-2 link between the two sites. Typically, redundant ACE's are installed at the same site.

2. Do I have to deploy GSS with mentioned situation or above is enough?

This may be a significant discussion because to me, it is no longer clear what goals you are trying to meet.

3. Does GSS supports Route Health Injection, or is it only ACE feature?

The GSS does not support RHI. RHI is a way to advertise the availabilty of some subnets to other layer-3 devices. The GSS does not need to do this as it is simply acting as a basic DNS server. It is not a router, and therefore has no need for such a feature. I think there may still be some confusion as to what the GSS is intended for versus a server load balancer. You might want to send this link to your customer as it supplies a thorough description of what the GSS does and what challenges it can help solve:

Introducing the Global Site Selector

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v3.1/configuration/cli/gslb/guide/Intro.html

I wish I could give you a better answer. A Cisco SE would be a better resource for you at this time. Perhaps one will pipe in on this thread.

Thank you,

Sean

View solution in original post

Sean Merrow · ‎01-29-2010

Hi Vlad,

This is a very common use-case of the GSS. The GSS is designed to load balance two or more data-centers, while an ACE is designed to load balance two or more servers within a single data-center (typically speaking).

In your case, it sounds to me like rather than use the GSS for load balancing the two data-centers, you want to use it for disaster (or dilemma :- ) recovery. Here's how it would work:

Let's say the two data centers host www.mysite.com and site A is the primary site and site B is the disaster recovery site.

The GSS would be the authorative name server for www.mysite.com
Any DNS requests for www.mysite.com would be responded to by the GSS with the VIP for www.mysite.com (1.1.1.1) at site A.
The GSS would be peroidocially running a keepalive check to the VIP at both sites to verify their health
If the keepalive to site A's VIP fails, then the GSS would start returning site B's VIP for www.mysite.com (2.2.2.2)
You can configure the GSS to start serving up site A's VIP again when it comes back online, or you can configure it to require manual reactivation. Manual reactivation is nice if you want to leave it on site B until root cause for site A's failure has been determined, and thus you can avoid flapping between sites.

DNS caching will always play a role in failovers to some degree. You can lower the TTL of response from the GSS to help alleviate this.

As for how to configure this, you have two options.

You could place both the site VIPs (1.1.1.1 and 2.2.2.2) into a common Answer Group. Leave site A's VIP with the default order of 0, and change site B's VIP to order number 1. Then in the balance clause of the DNS Rule, use Ordered-List as the balance-method. The site A VIP will always be used as long as it is passing keepalives. Only if it is failing keepalives will site B's VIP be returned in the DNS response.
The other option is to put site A's VIP Answer in its own Answer Group and Site B's VIP Answer is a different Answer Group. Now you add site A's Answer Group to clause 1 in the DNS Rule and site B's Answer Group to clause 2. Clause 2 is only used if clause 1 has no available Answers to return.

Hope this helps!

Sean

Vladimir Lazovic · ‎01-30-2010

Hey Sean,

I really appreciate your help and I thank you for such extensive answer!

V

Vladimir Lazovic · ‎02-01-2010

Hi Sean,

Two more questions.

In a case of only one server failure, does GSS switches only that server resources on disaster (dilemma ) site or it switches requests completely to site B?

Thank you

V

Sean Merrow · ‎02-01-2010

Hi Vlad,

I'm not sure I really understand your question, but the GSS will only failover the Answers that are failing. So if you have a total of five sites hosted at the primary and distaster-recovery sites, and only one of the VIPs on the primary site fails, the GSS will start sending clients to the DR site for that VIP only. All the other healthy VIPs at the primary site will stay at the primary site. This is all assuming you've configured the GSS to behave this way. You could configure the GSS to send all requests to site B if only one fails, or handle each one individually.

I hope this answers your question. If not let me know. Also, you indicated you had two more questions, but I only see one. Did you forget to add the second?

Regards,

Sean

Vladimir Lazovic · ‎02-01-2010

Hi Sean,

Here is the situation:

Primary site has 5-6 servers (web-site, web-services, database, mail server...) They all communicate between each other, and are all parts of one public web site www.mysite.com.

If, lets say, web-site server fails, (if I understood well) gss will use only web-site server service at/from disaster site, the other services will stay at primary site! Correct me if I'm wrong.

The second question (forgot to add): does 1 server means 1 VIP?

Thank you very much, I really appreciate!!!

V

Sean Merrow · ‎02-01-2010

Hi Vlad,

The GSS is not aware of multiple servers at a given site. Think of it as a DNS server load balancing two different IP address resolutions for a single domain such as www.mysite.com. Clients using a browser don't know and don't care about all the background stuff at each site....they just want to know what the IP address is for www.mysite.com. Remember, a client browser such as IE or Firefox only looks at web-site servers to connect to.

The GSS will either send them the IP address of the VIP for www.mysite.com at site A, or the one at site B. So you would use a keepalive to verify the health of one or more IP addresses at site A, and if any of them fail, start sending clients to site B. You can get pretty creative with keepalives on the GSS. For example, you can have it perform keepalives to several different IP addresses (servers) at a given site to calculate the health of that site.

For the second question, a VIP Answer on the GSS would represent the IP address of the website at a given site. See my first response for further details on that.

Thanks,

Sean

Vladimir Lazovic · ‎02-01-2010

Hey Sean

Once more, I really appreciate your help and I thank you very much for such extensive answer!

V

Vladimir Lazovic · ‎02-02-2010

Hi Sean,

Again , sorry, but now I have another question/request,

1. Could I use Cisco ACE 4710 with Route Health Injection and BGP, and have site to site recovery?

2. Do I have to deploy GSS with mentioned situation or above is enough?

3. Does GSS supports Route Health Injection, or is it only ACE feature?

I ask, because client is NOW asking if its possible to use/"redirect requests to" 1 particular service/server from disaster site, if that service/server fails on primary site, and all other healthy servers continue to work on primary site!!!

And I have thoroughly searched all possibilities, and there are a lot of inconsistencies saying that you can do it with Cisco ACE 4710 with Route Health Injection and BGP and no GSS, that GSS supports RHI, other, again saying that GSS does not support RHI... etc

So I'm stuck in between what is really supported feature on what device!!

T H A N K S in A D V A N C E!!!

V

Sean Merrow · ‎02-02-2010

Hi Vlad,

1. Could I use Cisco ACE 4710 with Route Health Injection and BGP, and have site to site recovery?

The ACE 4710 does not support RHI. The ACE module does. If you have a module at your disposal and would like to implement this solution, then I would recommend engaging your Cisco SE or partner, as design is not my area of expertise.

You can place a redundant pair of ACE at different sites, as long as there is a fast, high-bandwidth layer-2 link between the two sites. Typically, redundant ACE's are installed at the same site.

2. Do I have to deploy GSS with mentioned situation or above is enough?

This may be a significant discussion because to me, it is no longer clear what goals you are trying to meet.

3. Does GSS supports Route Health Injection, or is it only ACE feature?

The GSS does not support RHI. RHI is a way to advertise the availabilty of some subnets to other layer-3 devices. The GSS does not need to do this as it is simply acting as a basic DNS server. It is not a router, and therefore has no need for such a feature. I think there may still be some confusion as to what the GSS is intended for versus a server load balancer. You might want to send this link to your customer as it supplies a thorough description of what the GSS does and what challenges it can help solve:

Introducing the Global Site Selector

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v3.1/configuration/cli/gslb/guide/Intro.html

I wish I could give you a better answer. A Cisco SE would be a better resource for you at this time. Perhaps one will pipe in on this thread.

Thank you,

Sean

Vladimir Lazovic · ‎02-02-2010

Hi Sean,

1. This may be a significant discussion because to me, it is no longer clear what goals you are trying to meet.

My goals are same from begining, as I posted in a first place, and like you said, GSS, site to site recovery, if one is down, the other one takes over.

Point is, that I am saying one thing (same as you explained eariler) and explaining that answers are coming from expert on matter, as I am a completely new, but requests keep poping up!!

2. I wish I could give you a better answer. A Cisco SE would be a better resource for you at this time. Perhaps one will pipe in on this thread.

You've been more than helpful and I thank you once more, a big thanks!!! And a subject is definetely closed.

V