Health check did not work in GSLB
huzhiqi
Member ✭
I have three ISP line,ISP1,ISP2 and ISP3.
We check the ISP's health status with ICMP protocol,when ISP1 down,how to know the status?When ISP1 down,If the health check monitor go out through ISP2 or ISP3?So A10 can't know the ISP1 down.The health check monitor did not work.
0
Comments
Hi,
Just use "gateway" option under site definition to enable Gateway Health Monitoring. Then you can create slb objects with each gateway´s internal IP and associate any HM containing the logic you desire to test its status
When a gateway is declared down all the services hanging on this site are marked unusable (remember that a site represents a link when talking about Link Load Balancing).
You can use this Link Load Balance config example as a reference:
##################### Diagram
##################### notes
- x.x.x.10 Are AX/TH physical ip´s on each segment
- 192.168.x.1 is the upstream gateway on each link
- 192.168.x.100 are used as hide nat for outbound traffic
- 192.168.x.100:25 are the smtp servers published on both links
- 192.168.x.100:80 are the web servers published on both links
- 192.168.x.100:53 is AX/TH DNS resolver on both links.
- 192.168.x.100:XX is free to publish other services relying on different service groups.
##################### Config
interface ve 10
ip address 192.168.1.10 255.255.255.0
!
interface ve 20
ip address 192.168.2.10 255.255.255.0
!
interface ve 30
ip address 172.16.20.10 255.255.255.0
ip allow-promiscuous-vip
!
ip route 0.0.0.0 /0 192.168.1.1
ip route 0.0.0.0 /0 192.168.2.1 100
!
ip route 0.0.0.0 /0 172.0.0.0/8 172.16.20.1
!
health monitor HM-Link
method icmp transparent 8.8.8.8
!
slb server GatewayLink1 192.168.1.1
health-check HM-Link
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server GatewayLink2 192.168.2.1
health-check HM-Link
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb service-group GatewaysTCP tcp
method round-robin-strict
health-check HM-Link
member GatewayLink1:0
member GatewayLink2:0
!
slb service-group GatewaysUDP udp
method round-robin-strict
health-check HM-Link
member GatewayLink1:0
member GatewayLink2:0
!
!
! OUTBOUND LLB
!
ip nat pool NATLink1 192.168.1.100 192.168.1.100 netmask /24
ip nat pool NATLink2 192.168.2.100 192.168.2.100 netmask /24
ip nat pool-group NATSalida NATLink1 NATLink2
!
!
access-list 100 permit ip 172.16.0.0 0.0.255.255 any
!
!
slb virtual-server OutboundLB 0.0.0.0 acl 100
port 0 tcp
name _wildcard_v4_100_TCP_0
source-nat pool NATSalida
service-group GatewaysTCP
no-dest-nat
port 0 udp
name _wildcard_v4_100_UDP_0
source-nat pool NATSalida
service-group GatewaysUDP
no-dest-nat
port 0 others
name _wildcard_v4_100_others_0
source-nat pool NATSalida
service-group GatewaysTCP
no-dest-nat
!
!
!
! INBOUND LLB
!
!
slb virtual-server "VS _Inbound_Link1" 192.168.1.100
port 25 tcp
name _192.168.1.100_TCP_25
use-rcv-hop-for-resp
service-group G1:25
port 80 tcp
name _192.168.1.100_TCP_80
use-rcv-hop-for-resp
service-group G1:80
port 53 dns-udp
name _192.168.1.100_DNS-UDP_53
use-rcv-hop-for-resp
gslb-enable
!
slb virtual-server "VS _Inbound_Link2" 192.168.2.100
port 25 tcp
name _192.168.2.100_TCP_25
use-rcv-hop-for-resp
service-group G1:25
port 80 tcp
name _192.168.2.100_TCP_80
use-rcv-hop-for-resp
service-group G1:80
port 53 dns-udp
name _192.168.2.100_DNS-UDP_53
use-rcv-hop-for-resp
gslb-enable
!
!
!
gslb service-ip ServiceIP_Link1 192.168.1.100
!
gslb service-ip ServiceIP_Link2 192.168.2.100
!
!
gslb site Link1
slb-dev local1 127.0.0.1
gateway 192.168.1.1
vip-server ServiceIP_Link1
!
gslb site Link2
slb-dev local2 127.0.0.1
gateway 192.168.2.1
vip-server ServiceIP_Link2
!
gslb policy LinkLB-General
dns active-only
dns selected-only 2
dns server authoritative
metric-order health-check weighted-ip weighted-site capacity active-servers active-rdt geographic connection-load num-session admin-preference bw-cost least-response admin-ip
no geographic
!
!
gslb zone a10net.com
policy LinkLB-General
service http test1
dns-a-record ServiceIP_Link1 ttl 5 static
dns-a-record ServiceIP_Link2 ttl 5 static
admin-ip ServiceIP_Link1 ServiceIP_Link2
service smtp mail
dns-a-record ServiceIP_Link1 ttl 5 static
dns-a-record ServiceIP_Link2 ttl 5 static
admin-ip ServiceIP_Link1 ServiceIP_Link2
!
#####################
Regards
Not clear,"BALANCEADOR" means "A10"?
Our A10 is deploy in Intranet with One-Arm mode,the A10 device is connected to a core switch like an extended arm.
So,pls fix my issue.tks.
Hi Huzhuqi,
Sorry, "Balanceador" is A10 (Load Balancer in Spanish). The physical topology is not changing the idea under it:
You need to create three servers pointing to the internal interface of each peering router. Then create a HM for them to determin its health, it can be a simple ping or something more complex (even an scripted monitor):
health monitor HM-Link
method icmp
!
slb server GatewayLink1 192.168.1.1
health-check HM-Link
port 0 tcp
no health-check
port 0 udp
no health-check
!
slb server GatewayLink2 192.168.2.1
health-check HM-Link
port 0 tcp
no health-check
port 0 udp
no health-check
!
Then when you create the GSLB Sites you need to configure a local device on each to stablish GSLB proto. There you can indicate the Gateway for each of them. When this Gateway is down the whole site (Link) is declared down with all its associated service IPs:
!
gslb site Link1
slb-dev local1 127.0.0.1 <-- use localhost or any floating IP
gateway 192.168.1.1
vip-server ServiceIP_Link1
!
gslb site Link2
slb-dev local2 127.0.0.1 <-- use localhost or any floating IP
gateway 192.168.2.1
vip-server ServiceIP_Link2
!