GSLB gateway failover

anfovar · May 13

Hello

I am trying to configure an A10 with 2 Internet Links to do response with a backup ip when gateway health check fails so I followed Multiple Gateway Links Configuration in the A10-GSLB.pdf but it´s not working

This is an example of my configuration:

gslb service-ip SIP-1 1.1.1.3

health-check HTTPS

port 443 tcp

health-check HTTPS

gslb service-ip SIP-2 2.2.2.3

health-check HTTPS

port 443 tcp

health-check HTTPS

----------------------------------------------------------------

gslb site lab

slb-dev LINK-1 1.1.1.2

gateway 1.1.1.1

vip-server SIP-1

slb-dev LINK-2 2.2.2.2

gateway 2.2.2.1

vip-server SIP-2

----------------------------------------------------------------

gslb policy PCY-TEST

metric-order health-check

dns backup-alias

dns server authoritative

----------------------------------------------------------------

gslb zone test.com

policy PCY-TEST

service 443 www

dns-a-record SIP-1 ttl 30 static

dns-a-record SIP-2 ttl 30 as-backup static

-----------------------------------------------------------------

gslb protocol enable device

!

gslb protocol enable controller

0_0?a=360&x=200&y=-1&w=859&h=881&store=1&accept=image%2F*&auth=LCA%20f703011136b145d129826fc5ed5d1b123ce9300351a8fdc767beca5319a8ce72-ts%3D1711038605

So what a want to do is when LINK-1 failed the A10 response with SIP-2 and when I try it with the configuration above the site-1 is down but the resolution is still with the SIP-1 and not with SIP-2

Thanks!

NorCal · May 13

Anfovar,

Thank you for the configuration and diagram!

From your diagram, you are only showing a single A10 ADC. Normally with GSLB, there would be two or more A10 ADCs at different sites. Do you have multiple sites with A10 GSLB in your environment?

NorCal · May 15

Anfovar,

Thank you for the configurations and detailed diagram!

GSLB is normally configured with multiple ADCs at different sites. When a server is down at one site (or the entire site is down) GSLB will respond to DNS queries and direct clients to a healthy server or site using DNS responses.

If you only have one A10 ADC (or two ADCs in an HA configuration at the same site) then GSLB won't help with this type of configuration.

Another potential solution would be to use a backup server. The backup server is only used should the primary server fail it's health checks. The health checks are using ICMP to ping the gateways. If the primary gateway fails, then the ADC will switch to sending traffic to the backup server. You could also add compound health checks that would check the actual health of the server AND the gateway before switching traffic to the backup server.

Here is a basic example of a backup server:

health monitor gateway1
method icmp transparent 1.1.1.1
!
health monitor gateway2
method icmp transparent 2.2.2.1
!
slb server backup-sip2 2.2.2.3
port 5060 udp
health-check gateway2
!
slb server sip1 1.1.1.3
alternate 1 backup-sip2
port 5060 udp
health-check-disable
!
slb service-group sg-ipv4 udp
health-check gateway1
member sip1 udp
!
slb virtual-server vip1-ipv4 10.10.10.10
port 5060 udp
service-group sg-ipv4
use-rcv-hop-for-resp

GSLB gateway failover

Comments