GSLB Site Selection with Fallback and Preferred-Site Options
As outlined in Avi DNS policy, three types of policy actions can be mated with policy matches. In the Avi UI those actions are referred to as:
- Allow/Drop Query
- Query Response
- GSLB Site
This article focuses on the third action (often called GSLB site selection) and its fallback_site_names
and is_preferred_site
options.
Note: Site selection was introduced in release 17.1.5. The ability to define a single fallback site and set the preferred-site option were introduced in release 17.2.5. Starting with release 17.2.7, the fallback site limit was increased from 1 to 16.
Illustrative Use Case
A simple use case illustrates how the feature might be used:
- There are three GSLB sites, one in Paris, one in Lyons, and one in Antwerp.
- Avi’s geolocation algorithm is in play, and in most cases will choose the site closest to the client.
- A client situated close to the French-Belgian border would normally be directed to Antwerp based on proximity, but, since the client is in France (or some other criterion is matched), the GSLB-site-selection action instead returns the VIP of a site having the site name “FRANCE.”
How It Works
Site selection features are engaged by defining a DNS policy rule. A rule match bypasses whatever chosen GSLB load-balancing algorithm might be associated with the virtual service. By way of review, by default there are five ways to effect a match, as shown in figure 1. More can be added.
Whatever the match, if one is made, the action will be taken, as follows:
- Avi Vantage looks for a VIP whose
site_name
parameter is equal to the desired value (“FRANCE” in the above use case). Note: There may be more than one VIP with the given site name, in which case the first one found is returned. - If not one matching site is healthy and reachable, Avi checks to see if any sites have been defined as fallback sites (up to 16 may be defined). If such is the case, the VIP of the first healthy and reachable fallback site found is returned.
- Finally, if not one of the fallback sites are healthy and reachable, if the
is_site_preferred
parameter has been set to True, then rather than return no address at all, the DNS VS reverts to the GSLB algorithm in force. In our use case example, Antwerp would be chosen.
-
Geolocation Tag – A string value associated with clients having IP addresses that may span a number of geolocation names representing a wide geography. I.e., client IP addresses in locations Alaska and Hawaii might be collectively tagged ALASKA_HAWAII. Note: a geolocation tag is not to be confused with a geolocation name.
-
GSLB Site Name – Usable only when GSLB services have been configured for the DNS virtual service, this field enables the system to override the GSLB load-balancing algorithm that otherwise would apply. A single GSLB site name can be associated with more than one VIP.
The is_site_preferred
parameter is a per-application Boolean that is set when defining the action. If True, then when no suitable IP address in the list is found, rather than return nothing, the Avi DNS VS returns a healthy member from the list from which the GSLB algorithm normally returns an IP address.
Avi CLI Configuration
The below CLI show
commands should be helpful for configuring fallback sites and using them in the DNS policy site selection action. You can see that GSLB pool members in GSLB service avi.com’s cluster_uuid is the third-party cluster_uuid. Also, you can see how the site selection has been set in DNS policy dns_policy_5
.
[admin:10-10-27-253]: > show gslb glb-1
+----------------------------------------------------------------------------+
| Field | Value |
+----------------------------------------------------------------------------+
| uuid | gslb-90412d33-fa47-4dc5-bcc2-7cb229461585 |
| name | glb-1 |
| dns_configs[1] | |
| domain_name | avi.com |
| dns_configs[2] | |
| domain_name | avi.us |
| sites[1] | |
| cluster_uuid | cluster-5fe7a684-12f1-4c85-a702-861eddd7313c |
| name | default |
| ip_addresses[1] | 10.10.27.253 |
| port | 443 |
| username | admin |
| password | <sensitive> |
| member_type | GSLB_ACTIVE_MEMBER |
| enabled | True |
| dns_vses[1] | |
| dns_vs_uuid | virtualservice-77230146-d9d6-4349-be2a-b4cbe4f55b47 |
| leader_cluster_uuid | cluster-5fe7a684-12f1-4c85-a702-861eddd7313c |
| send_interval | 15 sec |
| clear_on_max_retries | 20 |
| view_id | 0 |
| third_party_sites[1] | |
| cluster_uuid | tp_cluster-1083375b-8f6a-4925-8108-b21d871bb302 |
| name | SanFranciscoDC |
| enabled | True |
| third_party_sites[2] | |
| cluster_uuid | tp_cluster-074c37ec-0d73-4d6b-98d8-998561f0ff7d |
| name | LosAngelesDC |
| enabled | True |
| third_party_sites[3] | |
| cluster_uuid | tp_cluster-0739f270-0be9-4a7e-81f7-bde80d2c6ff4 |
| name | LasVegasDC |
| enabled | True |
| third_party_sites[4] | |
| cluster_uuid | tp_cluster-d793dbc8-ac76-49c4-bd41-52fede77a25b |
| name | PortlandDC |
| enabled | True |
| third_party_sites[5] | |
| cluster_uuid | tp_cluster-bfddcd68-bbb0-472b-8f3c-ad0c9944c0b7 |
| name | SanDiegoDC |
| enabled | True |
| third_party_sites[6] | |
| cluster_uuid | tp_cluster-db7750ad-4fe7-44c9-8884-236a0a1184ca |
| name | MumbaiDC |
| enabled | True |
| maintenance_mode | False |
| is_federated | True |
| tenant_ref | admin |
+----------------------------------------------------------------------------+
[admin:10-10-27-253]: > show gslbservice gslb-1
+-------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------------------------------------------------------------------+
| uuid | gslbservice-e413e0b0-2d3f-4d5f-ac79-14621943ddb9 |
| name | gslb-1 |
| domain_names[1] | cloud1.avi.com |
| domain_names[2] | cloud2.avi.com |
| groups[1] | |
| name | group1 |
| priority | 15 |
| algorithm | GSLB_ALGORITHM_ROUND_ROBIN |
| members[1] | |
| cluster_uuid | tp_cluster-1083375b-8f6a-4925-8108-b21d871bb302 |
| ip | 10.90.91.101 |
| ratio | 1 |
| enabled | True |
| members[2] | |
| cluster_uuid | tp_cluster-074c37ec-0d73-4d6b-98d8-998561f0ff7d |
| ip | 10.90.91.111 |
| ratio | 1 |
| enabled | True |
| members[3] | |
| cluster_uuid | tp_cluster-0739f270-0be9-4a7e-81f7-bde80d2c6ff4 |
| ip | 10.90.91.121 |
| ratio | 1 |
| enabled | True |
| members[4] | |
| cluster_uuid | tp_cluster-d793dbc8-ac76-49c4-bd41-52fede77a25b |
| ip | 10.90.91.131 |
| ratio | 1 |
| enabled | True |
| members[5] | |
| cluster_uuid | tp_cluster-bfddcd68-bbb0-472b-8f3c-ad0c9944c0b7 |
| ip | 10.90.91.141 |
| ratio | 1 |
| enabled | True |
| members[6] | |
| cluster_uuid | tp_cluster-db7750ad-4fe7-44c9-8884-236a0a1184ca |
| ip | 10.90.91.201 |
| ratio | 1 |
| enabled | True |
| num_dns_ip | 1 |
| controller_health_status_enabled | True |
| health_monitor_scope | GSLB_SERVICE_HEALTH_MONITOR_ALL_MEMBERS |
| enabled | True |
| use_edns_client_subnet | True |
| wildcard_match | False |
| site_persistence_enabled | False |
| pool_algorithm | GSLB_SERVICE_ALGORITHM_PRIORITY |
| min_members | 0 |
| is_federated | True |
| tenant_ref | admin |
+-------------------------------------------------------------------------------------+
[admin:10-10-27-253]: > show dnspolicy dns_policy_5
-----------------------------------------------------------------------------+
| Field | Value |
+----------------------------------------------------------------------------+
| uuid | dnspolicy-765105c0-4433-48d1-b6b1-5c331e2474a0 |
| name | dns_policy_5 |
| rule[1] | |
| name | rule_1 |
| index | 1 |
| enabled | True |
| match | |
| geo_location | |
| match_criteria | IS_IN |
| use_edns_client_subnet_ip | True |
| geolocation_tag | SantaClaraClients |
| action | |
| gslb_site_selection | |
| site_name | SanFranciscoDC |
| is_site_preferred | False |
| fallback_site_names[1] | MumbaiDC |
| fallback_site_names[2] | LosAngelesDC |
| fallback_site_names[3] | LasVegasDC |
| fallback_site_names[4] | PortlandDC |
| fallback_site_names[5] | SanDiegoDC |
| tenant_ref | admin |
+----------------------------------------------------------------------------+
[admin:10-10-27-253]: >