GSLB Always returns all DNS records in service
wkucardinal
Member ✭
Hi -
Old F5 customer here making the switch over to A10 and I am finding either GSLB does not behave as I am accustomed to or I don't know what I am doing. Probably the latter.
I have set up GSLB using sub zone delegation whereby we have a delegated subzone that forwards requests to my A10 devices. For example:
CNAME called Server.domain.com points to server.LB.domain.com which is really a delegated sub-zone pointing to A10
This query gets forwarded to the A10 device and hits the service server.lb.domain.com for resolution
In the F5 world, with round robin or any other load balancing method, a dig command would return ONE DNS record for a request like this. What I am finding with A10 is that it always sends all DNS records. If I have two SLB VIPs set up for server.lb.domain.com, the A10 device returns both DNS records whether or not one or both are up.
This shouldn't be for obvious reasons. The two DNS records are one VIP in my primary datacenter and one VIP in my DR datacenter. If a A10 or site is down, I need it to only resolve queries to one datacenter or the other.
What am I doing incorrectly?
Old F5 customer here making the switch over to A10 and I am finding either GSLB does not behave as I am accustomed to or I don't know what I am doing. Probably the latter.
I have set up GSLB using sub zone delegation whereby we have a delegated subzone that forwards requests to my A10 devices. For example:
CNAME called Server.domain.com points to server.LB.domain.com which is really a delegated sub-zone pointing to A10
This query gets forwarded to the A10 device and hits the service server.lb.domain.com for resolution
In the F5 world, with round robin or any other load balancing method, a dig command would return ONE DNS record for a request like this. What I am finding with A10 is that it always sends all DNS records. If I have two SLB VIPs set up for server.lb.domain.com, the A10 device returns both DNS records whether or not one or both are up.
This shouldn't be for obvious reasons. The two DNS records are one VIP in my primary datacenter and one VIP in my DR datacenter. If a A10 or site is down, I need it to only resolve queries to one datacenter or the other.
What am I doing incorrectly?
Tagged:
0
Comments
gslb policy GSLB-POLICY health-check-preference-enable weighted-ip-enable no geographic no round-robin metric-force-check metric-fail-break metric-order health-check weighted-ip dns backup-server dns selected-only 1 dns logging both dns server ! gslb zone gslb.mydomain.com policy GSLB-POLICY dns-soa-record ns1.mydomain.com admin.mydomain.com expire 604800 refresh 7200 retry 1800 serial 1513807667 ttl 14400 dns-mx-record mx01.mydomain.com 1 dns-mx-record mx02.mydomain.com 5 dns-ns-record ns01.mydomain.com dns-ns-record ns02.mydomain.com service 80 www dns-a-record VIP01-DR as-backup ttl 5 dns-a-record VIP01-HQ ttl 5 static !I looked at the policy like you suggested and figured out that the result I am looking for is controlled by the following settings:
Metric Fail Break (to force it to stop providing responses if everything is down)
Only Keep Active Servers (to force it to only return servers that have good health checks)
Only Keep Selected Servers - Value: 1 (to force it to only return one valid response)
I am enjoying my time with A10 so far but I am definitely finding that F5 had a lot more stuff in place when I first rolled it out. However, it just works differently. A10 has very granular control which is a positive.
Next thing on my list is to look at GSLB synchronization and health checking.. I'm sure I'll have more questions about that.
Regarding health checking: in the F5 world we had the iquery framework so that GTM pretty much just monitored the LTM VIPs you had setup, and if the health checks at the LTM level caused the VIP to go down, GTM took note of that and stopped routing to that VIP. Is that pretty much the same way things work in the GSLB world or is GSLB health checking considered an entity unto itself separate from the SLB/ADC realm?
Btw, thank you for your post, helped me as well.