® GSS 4492R Global Site Selector (Figure 1) belongs to the Cisco ACE Application Control Engine Family of application switches that are used for increasing the availability, security, and consolidation of data center applications. The Cisco ACE product family consists of the Cisco ACE Modules for the Cisco Catalyst
® 6500 Series Switches and the Cisco 7600 Series Routers, the Cisco ACE 4710 appliance, the Cisco Global Site Selector (GSS) appliance, and the Cisco Application Networking Manager (ANM) management software.
Figure 1. Cisco ACE GSS 4492R Appliance
The Cisco GSS 4492R is a crucial element of business continuance and disaster recovery strategy for any data center or cloud environment. Its standalone appliance form factor coupled with an IPv6-enabled base platform that can be extended with licenses for geolocation services and distributed denial-of-service (DDoS) protection makes the Cisco GSS 4492R an important component of modern data center and cloud computing architectures. Cisco GSS 4492R helps ensure that users achieve the best response time for a data center or cloud-hosted application. The result is:
• Globally optimized access to application and service delivery for the end user
• Operating cost reductions for the organization
• Extreme scalability for cloud deployments
The primary role of Cisco GSS is to implement the business continuance and disaster recovery policies of a business by optimizing and securing the Domain Name System (DNS) infrastructure of the data center. It does this by integrating with the DNS infrastructure and responding to the client DNS requests, thereby directing the client to the site that is best able to serve its needs. Cisco GSS optimizes its responses to client requests based on site availability, geographical and network proximity, enterprise policy, current load, and available capacity. In addition, Cisco GSS comes with an optional DDoS protection function that substantially mitigates the risk to application availability when faced with a DDoS attack.
The intelligence that provides the optimization of responses served by Cisco GSS is based in the traffic management subsystem, which continuously monitors the load and health of any Simple Network Management Protocol (SNMP)-capable device (such as a server load-balancing [SLB] device or a server) within each data center. In addition, Cisco GSS uses the proprietary Cisco Keepalive Application Protocol (KAL-AP) to communicate with Cisco ACE10, ACE20, and ACE30 modules or the Cisco ACE4710 appliance to offer enhanced and detailed monitoring. Cisco GSS uses this information in conjunction with set business policy to select the data center, application server, or cloud that is best able to serve the user request within user-defined service levels.
Data center and cloud administrators can use the robust functions offered by Cisco GSS to enable a dynamic infrastructure that adjusts to the changing LAN and WAN environments. In addition to automating failover policy to counter a catastrophic event such as a data center outage, Cisco GSS allows policy-based intervention. For example, using the licensed geolocation services function, a data center administrator can get Cisco GSS to direct a client to the data center or cloud that is geographically most desirable.
Main Customer Benefits
• Global application delivery: Using Cisco GSS, organizations can take control of their global application and service delivery by routing their users to a desired site based on business network configuration, site capacity, quickest response time, load distribution, availability, content routing agent (CRA) resolution process, geolocation, or persistence.
Using these methods, Cisco GSS responds to a user query with the virtual IP address (the IPv4 A record or IPv6 AAAA record), directing the user to the best location of the desired application or service for that user, from that user's location, at that moment in time. For user queries outside the responsibility of Cisco GSS, the user is redirected to the standard name server that can respond to the query.
For instance, Cisco GSS can be configured to make that best site choice based on geographical proximity to the user's local DNS server or proximity based on round-trip time (RTT) between the application and the user's local DNS server. Figure 2 illustrates the multiple mechanisms available to a data center for site selection.
Figure 2. Site Selection Mechanisms
• Extreme scalability for cloud deployments: By using Cisco GSS, service providers and enterprises can enable global delivery of their applications and services over their Internet-scale cloud infrastructure. Cisco GSS can be configured to support thousands of distinct applications across hundreds of domains across millions of users. Cisco GSS 4492R supports both IPv4 and IPv6 addressing on clients and servers to help ensure the address scalability of devices in a data center now and in the future. To increase the availability of global application delivery, Cisco GSS 4492R can be deployed in a mesh with up to 16 Cisco GSS appliances that synchronize the configuration across the mesh and adapt to changing traffic conditions. This mesh is a Cisco GSS cluster. The entire Cisco GSS cluster can be managed as a single entity from a central point.
• Reduced operating costs: Businesses can manage the complexity of the global application delivery infrastructure from a central, redundant point of control. Cisco GSS offers an easy-to-use GUI. It also supports integration with TACACS+ and has extensive syslog and performance monitoring functions. Multiple Cisco GSS appliances, or even multiple clusters of Cisco GSS appliances, can be monitored using Cisco ANM, enabling single point of control for all application delivery infrastructure. For data centers with IPv6 management infrastructure, Cisco GSS 4492R supports IPv6 addressing of its interfaces and supports widely used management software over its IPv4 or IPv6 interface.
• Secure and optimize the DNS infrastructure: Businesses can mitigate security threats and optimize and offload existing DNS infrastructure using Cisco GSS. An optional license offers DNS-based DDOS mitigation software that implements best practices in antispoofing and rate limiting and well-known checks.
• End-to-end solution: Cisco GSS, together with the Cisco ACE Module and appliance application delivery controller products, security products, and routing and switching products, enables the business to create a global end-to-end solution that is unique in the industry in its interoperability and consistency.
Performance and Scalability
The Cisco GSS 4492R is highly scalable, meeting the needs of the most demanding environments.
Table 1 lists performance and scalability metrics information for the Cisco GSS 4492R.
Table 1. Performance and Scalability Metrics
DNS requests per second
• 28,000 to 30,000 tested maximum sustained rate for simple, single virtual IP address configurations
• 20,000 to 23,000 tested maximum sustained rate for moderately complex, configurations (1000 or more virtual IP addresses)
• 12,000 to 13,000 tested maximum sustained rate for the most complex, maximum-scale configurations (thousands of virtual IP addresses)
Name server forwarding requests per second
Active server load balancers
4000 (maximum 1000 per SLB)
Hosted domain character count and length
Hosted domain list
4000 (maximum 500 per list)
Virtual IP addresses
Source IP addresses configurable for DNS rules
Source address lists
60 (maximum 30 members per list)
Answers per answer group
Name server addresses for nonstop forwarding (NSF)
Keepalive (KAL) limits
These are the device monitoring probes that check for health and load. Standard KAL has a minimum polling interval of 40 seconds between checks; Fast can poll as often as every 4 seconds.
KAL-AP, the Cisco advanced probe, combines the load and virtual IP address online status of up to 1000 virtual IP addresses per monitored device, thereby dramatically increasing the scaling and detail of monitoring when Cisco GSS is used with Cisco ACE, Cisco CSS Content Services Switches, or Cisco Content Switching Module (CSM).
Internet Control Message Protocol (ICMP)
CRA (DNS race)
• Ordered list
Uses next virtual IP address when all previous virtual IP addresses are overloaded or down
• Static; based on client's DNS address
Maps the IP addresses of the client's DNS to available virtual IP addresses
Cycles through available virtual IP addresses in order
• Weighted Round-Robin
With weighting, causes repeat hits (up to 10) on a virtual IP address
• Least loaded
Uses least connections or load based on proprietary protocol
• Source address and domain hash
The IP address of client's DNS proxy and domain is used; persists clients to the same virtual IP address
• DNS race
Initiates race of responses to clients and finds the closest virtual IP address to the client's local DNS (LDNS)
Cisco Services offerings make networks, applications, and the people who use them work better together.
Today, the network is a strategic platform in a world that demands better integration of people, information, and ideas. The network works better when services, together with products, create solutions aligned with business needs and opportunities.
The unique Cisco lifecycle approach to services defines the requisite activities at each phase of the network lifecycle to help ensure service excellence. With a collaborative delivery methodology that joins the forces of Cisco, our skilled network of partners, and our customers, we achieve the best results.
Cisco Services can provide you with guidance and support in the design, deployment, and configuration of your DNS infrastructure, load balancing, and business resiliency using Cisco ACE 4700 Series Global Site Selector Appliances.
For More Information
For more information about the Cisco ACE product family, please visit the following sites or contact your local account representative: