Guest

Cisco CSS 11500 Series Content Services Switches

Configuring DNS Static Proximity on the CSS 11000

Cisco - Configuring DNS Static Proximity on the CSS 11000

Document ID: 12605

Updated: Jan 31, 2006

   Print

Introduction

Using Domain Name Service (DNS) static proximity, the Cisco Content Services Switch (CSS) can determine where best to send the client to serve up their data based on geographic proximity. It brings the user closer to the data without the client having to do anything.

Before You Begin

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

There are no specific prerequisites for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses the network setup shown in the diagram below.

dns_static_proximity.gif

The company foo.com is based in France and has a subsidiary in the United States. If a client comes into www.foo.com from a US ISP (with a net-blk of 192.168.1.128), it should be serviced locally. If the client comes in from a non-US ISP, foo.com wants the French site to handle the traffic.

Configurations

fooFrance Switch Configuration
!Generated MAY  2 11:06:36

!Active version: ap0310029s

configure

!*************************** GLOBAL ***************************

  bridge spanning-tree disabled

  acl enable

  dns-server                            


!--- Enable the DNS server.

 ip route 0.0.0.0 0.0.0.0 192.168.1.254 1

!************************** CIRCUIT **************************

circuit VLAN1

  ip address 10.1.1.254 255.255.255.0

  ip address 192.168.1.253 255.255.255.0

!************************** SERVICE **************************

service FrSrvr1

  ip address 10.1.1.1

  keepalive uri "/index.html"

  keepalive type http

  active

service FrSrvr2

  ip address 10.1.1.2

  keepalive uri "/index.html"

  keepalive type http

  active

service US-VIP

  ip address 192.168.1.100    


!--- Where to send the non-French clients.
!--- Check the site every 30 seconds.
!--- The  keepalive frequency is 30.

  type redirect       
  active              


!*************************** OWNER ***************************

owner foo.com

  dns both                              


!--- Accept and push DNS information.

  content WebServers

    add dns www.foo.com   
              


!--- When this name is given, return
!--- this address for the French servers.
!--- If they are all down, return this
!--- address. Once an address has been given, 
!--- load balance over the available servers.

    dnsbalance preferlocal             
    vip address 10.1.1.100              
    add service FrSrvr1                 
    add service FrSrvr2                 
    add service US-VIP                  
    protocol tcp                        
    port 80                             
    url "/*"

    active



!**************************** ACL ****************************

acl 1


!--- If this address comes in, send it to the US-Side, 
!--- unless it is down. If so, go local.



  clause 10 permit any 192.168.1.128 255.255.255.255 
     destination content foo.com/WebServers prefer US-VIP



!--- Anything else should go local.


  Clause 20 permit any any destination content foo.com/WebServers

  apply dns





!--- Since ACLs are enabled, explicitly allow server to 
!--- server traffic.


acl 10

  clause 10 permit any 10.1.1.0 255.255.255.0 destination any

  clause 20 permit any 192.168.1.0 255.255.255.0 destination any

  apply circuit-(VLAN1)

fooUS Switch Configuration
!Generated MAY  2 09:37:53

!Active version: ap0310027b

configure

!*************************** GLOBAL ***************************

  bridge spanning-tree disabled

  dns-server

  ip route 0.0.0.0 0.0.0.0 10.1.1.254 1

!************************** CIRCUIT **************************

circuit VLAN1

  ip address 10.1.1.253 255.255.255.0

  ip address 192.168.1.254 255.255.255.0

!************************** SERVICE **************************

service USSvr1

  ip address 192.168.1.1

  keepalive uri "/index.html"

  keepalive type http

  active

service USSvr2

  ip address 192.168.1.2

  keepalive type http

  keepalive uri "/index.html"

  active

!*************************** OWNER ***************************

owner foo.com

  dns both

  content WebServers

    protocol tcp

    port 80

    url "/*"

    VIP address 192.168.1.100

    add service USSvr1

    add service USSvr2

    balance leastconn   


!--- Use the least connections locally.

    dnsbalance leastloaded
      


!--- If someone resolves against this DNS server, 
!--- give them the least loaded site.


    add dns www.foo.com 
    active

Verify

This section provides information you can use to confirm your configuration is working properly.

To verify, perform the steps below.

  1. Ensure the default gateway on the servers point to the VLAN address of the network on which they live.

  2. Verify all of the services are up on both CSSs.

  3. On the US client, point the DNS to the authoritative server (the French DNS server: 10.1.1.254).

Name Resolution

On the French client, point the DNS to the VLAN address (10.1.1.254). At a command prompt, issue the nslookup www.foo.com command. On the CSS, issue the show dns-server stats command, and note that the client resolved against the DNS server on the CSS. Also note that the France CSS knows about both Web farms. Unplug the two France servers (or change the service to suspend. Repeat the nslookup command.

Note: The CSS's DNS server queried to see if any local service were up. Since they are all down, the IP address of the remote (US) Web farm was sent back.

If you repeat the show dns-server stats command, the remote counter incremented showing a remote address was sent back to the client.

DNS Server SCM database Statistics:

DNS Name:         Content Name:     Location:        Resolve Local:  Remote:

---------------------------------------------------------------------------

www.foo.com       WebServers        192.168.1.100    7               9

                                    10.1.1.100

Enable the servers on the France switch again.

Browser Test

Note: If you are using Internet Explorer (IE), it caches the DNS even though the CSS marks the Time To Live (TTL) as 0 (issue the show dns-server dbase command). This means you will have to close and re-open IE 5.0.

DNS Server SCM database:

DN: www.foo.com HO: 4 TTL: 0 DNSCB: 8372f120

On the French client, point the browser to http://www.foo.com. Stop the server services on the French switch (or unplug the servers). You will now be redirected to the US servers. On the US client, repeat the test. Unplug the link between the switches (as if the US site went down).

Note: In the show services summary command output, the site is marked as down.

Move the US client to the France switch and change its default gateway to 192.168.1.253 (since there is no router in our configuration, this simulates the client coming in from another path.) Now repeat the test. The CSS knows it should redirect the user to the US, but since the site is down, it drops them into the France site. Issue the show acl 1 command to see the number of DNS hits by location.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jan 31, 2006
Document ID: 12605