Cisco GSS CLI-Based Global Server Load-Balancing Configuration Guide (Software Version 4.1.2)
Building and Modifying DNS Rules
Downloads: This chapterpdf (PDF - 256.0KB) The complete bookPDF (PDF - 9.19MB) | Feedback

Building and Modifying DNS Rules

Table Of Contents

Building and Modifying DNS Rules

Logging in to the CLI and Enabling Privileged EXEC Mode

Building DNS Rules

Configuring Query Type for a DNS Rule

Configuring Balance Clauses for a DNS Rule

Configuring Balance Clauses that Use VIP-Type Answer Groups

Configuring Balance Clauses that Use NS-Type Answer Groups

Configuring Balance Clauses that Use CRA-Type Answer Groups

Modifying DNS Rules and Balance Clauses

Modifying DNS Rule Properties

Modifying Balance Clause Properties

Displaying DNS Rule Properties

Suspending a Clause

Reactivating a Clause

Managing Global Manual Reactivation of Clauses in a GSS Mesh

Enabling the Manual Reactivation Function Globally

Activating Operationally Suspended Clauses

Suspending a DNS Rule

Activating a DNS Rule

Suspending or Reactivating All DNS Rules Belonging to an Owner

Deleting a DNS Rule

Configuring DNS Rule Filters

Removing DNS Rule Filters

Delegating to GSS Devices

Where To Go Next


Building and Modifying DNS Rules


This chapter describes how to build and modify Domain Name System (DNS) rules on your GSS network. After you configure your source address lists, domain lists, answers, and answer groups, you are ready to begin constructing the DNS rules that will control global server load balancing on your GSS network.

When building DNS rules, you specify the actions for the GSS to perform when it receives a request from a known source (a member of a source address list) for a known hosted domain (a member of a domain list). The DNS rule specifies which response (answer) is given to the requesting user's local DNS host (D-proxy) and how that answer is chosen. The GSS uses one of a variety of balance methods to determine the best response to the request, which is based on the status and load of your GSS host devices.


Note Before you create DNS rules, review the "GSS Architecture" section in Chapter 1, Introducing the Global Site Selector.


This chapter contains the following major sections:

Logging in to the CLI and Enabling Privileged EXEC Mode

Building DNS Rules

Modifying DNS Rules and Balance Clauses

Displaying DNS Rule Properties

Suspending a Clause

Reactivating a Clause

Managing Global Manual Reactivation of Clauses in a GSS Mesh

Suspending a DNS Rule

Activating a DNS Rule

Suspending or Reactivating All DNS Rules Belonging to an Owner

Deleting a DNS Rule

Configuring DNS Rule Filters

Removing DNS Rule Filters

Delegating to GSS Devices

Where To Go Next

Logging in to the CLI and Enabling Privileged EXEC Mode


Note To log in and enable privileged EXEC mode in the GSS, you must be a configured user with admin privileges. See the Cisco Global Site Selector Administration Guide for information on creating and managing user accounts.


To log in to the primary GSSM and enable privileged EXEC mode at the CLI, perform the following steps:

1. If you are remotely logging in to the primary GSSM through Telnet or SSH, enter the hostname or IP address of the GSSM to access the CLI.

If you are using a direct serial connection between your terminal and the GSSM, use a terminal emulation program to access the CLI. For details about making a direct connection to the GSS device using a dedicated terminal and about establishing a remote connection using SSH or Telnet, see the Cisco Global Site Selector Getting Started Guide.

2. Specify your GSS administrative username and password to log in to the GSSM. The CLI prompt appears.

gssm1.example.com> 
 
   

3. At the CLI prompt, enable privileged EXEC mode as follows:

gssm1.example.com> enable
gssm1.example.com#
 
   

If you are accessing the GSS remotely using Telnet or SSH, the CLI prompts you for the enable password. The default password is default. For more information about the enable password and configuring a new password, see the Cisco Global Site Selector Getting Started Guide.

The prompt changes from the user-level EXEC right angle bracket (>) prompt to the privileged-level EXEC pound sign (#).

Building DNS Rules

You can build the DNS rules that specify the actions that each GSS is to perform when it receives a request from a known source for a known hosted domain. Build the DNS rules by using the dns rule command in global server load-balancing configuration mode.

The syntax of this command is as follows:

dns rule name activate owner name source-address-list name domain-list name suspend

The keywords and arguments are as follows:

name—Name for the DNS rule. Enter a unique alphanumeric name with a maximum of 80 characters. Names should not contain spaces.

activate—Activates the DNS rule after you suspend it (see the "Activating a DNS Rule" section).

owner name—Specifies the name of a previously created owner with whom the rule will be associated. The default owner is System.

source-address-list name—Specifies the name of a previously created source address list from which requests will originate. The DNS rule is applied only to requests coming from one of the addresses in the source address list. If you do not choose a source address list, the GSS automatically uses the default list Anywhere.

domain-list name—Specifies the name of a previously created domain list to which DNS queries will be addressed. The DNS rule is applied only to requests coming from one of the addresses in the source address list and for a domain on the specified domain list.

suspend—Suspends the DNS rule (see the "Suspending a DNS Rule" section).


Note After you enter the dns rule name command, the prompt changes to the rule configuration mode where you specify and configure load-balance clauses and optional DNS sticky and network proximity settings.


For example, to create a DNS rule called drule02, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# dns rule drule02 owner WEB-SERVICES source-address-list 
gssm1.example.com(config-gslb-rule[rule-name])#

To delete a DNS rule called drule02, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# no dns rule drule02 owner WEB-SERVICES source-address-list 
WEB-GLOBAL-LISTS domain-list E-COMMERCE 
gssm1.example.com(config-gslb-rule[rule-name])#
 
   

Configuring Query Type for a DNS Rule

After you create a DNS rule, you can configure a query type for a DNS rule using the query command:

query {a | aaaa | all }

query—Specifies the type of DNS query to apply to the rule. Choose one of the following:

a—The DNS rule is applied only to answer address record (A-record) requests originating from a host on the configured source address list. Any requests with unsupported query types (for example, MX, PTR, or CNAME records) that match this DNS rule are dropped and not answered by the GSS. For an AAAA query with a configured host domain, the GSS returns a NODATA (No Answer, No Error) response for the requester to make a subsequent A-record query. By default the query type is a.

All—The DNS rule is applied to all DNS queries originating from a host on the configured source address list. For any request other than an A or AAAA record query (for example, MX or CNAME record), the GSS forwards the request to a name server configured in one of the three balance clauses. When the GSS receives the response from the name server, it delivers the response to the requesting client D-proxy.


Note When you select All, you must configure one balance clause to include a name server-type answer group.


aaaa—The DNS rule is applied only to answer address record (AAAA record) requests originating from a host on the configured source address list. For any request with unsupported query types (for example, MX, PTR, or CNAME record) that match this DNS rule, those query types are dropped and are not answered by the GSS. For an A record query with a configured host domain, the GSS returns a NODATA (No Answer, No Error) response in order for the requester to then make a subsequent A-record query. In the DNS, rule A and AAAA record types can be selected simultaneously. The configured rule is applied to answer address record (A and AAAA record) requests originating from a host on the configured source address list. For any request with unsupported query types (for example, MX, PTR, or CNAME record) that match this DNS rule, those query types are dropped and are not answered by the GSS.

For example,

gssm1.example.com(config)#
gssm1.example.com(config-gslb)# dns rule drule02 owner WEB-SERVICES 
source-address-list WEB-GLOBAL-LISTS domain-list E-COMMERCE activate
gssm1.example.com(config-gslb-rule[rule-name])# query a 
gssm1.example.com(config-gslb-rule[rule-name])# 
 
   

Configuring Balance Clauses for a DNS Rule

After you create a DNS rule, you configure the balance clauses used by the rule by specifying the answer group and balance method that make up each balance clause. In addition, you can configure optional DNS sticky and network proximity settings. If you intend to use DNS sticky or network proximity, see Chapter 9, Configuring DNS Sticky or Chapter 10, Configuring Network Proximity for the configuration procedures.

The GSS can use a maximum of three possible balance method clauses in a DNS rule to select the most appropriate resource to serve a user request. Each balance method provides a different algorithm for selecting one answer from a configured answer group. Each clause specifies that a particular answer group serve the request and a specific balance method be used to select the best resource from that answer group.

The balance clauses that you configure in a DNS rule are evaluated in order, with parameters established to determine when a clause is skipped and the next clause used. A balance clause is skipped when any one of the following conditions exists:

A least-loaded balance method is selected and the load threshold for all online answers is exceeded.

The VIP answers in the specified VIP answer group are offline.

Proximity is enabled for a VIP-type answer group and the DRP agents do not return any RTT values that meet the value set for acceptable-rtt.

All answers in a CRA- or NS-type answer group are offline and keepalives are enabled to monitor the answers.

You can create balance clauses for a DNS rule by using the clause command in the rule configuration mode.

The syntax of this command is as follows:

clause number {cra-group name | ns-group name | vip-group name}

The keywords and arguments are as follows:

number—Balance clause number (1, 2, or 3). For clauses that use VIP- or NS-type answer groups, you can specify 1, 2, or 3. For clauses that use CRA-type answer groups, you can specify only 1 or 2.

cra-group name—Specifies that the balance clause is to use a CRA-type answer group. Enter the name of a previously created CRA-type answer group.

ns-group name—Specifies that the balance clause is to use an NS-type answer group. Enter the name of a previously created NS-type answer group.

vip-group name—Specifies that the balance clause is to use a VIP-type answer group. Enter the name of a previously created VIP-type answer group.

The answer group type (VIP, NS, or CRA) that you select for your balance clause determines the keywords and arguments that appear in the CLI.

This section contains the following topics:

Configuring Balance Clauses that Use VIP-Type Answer Groups

Configuring Balance Clauses that Use NS-Type Answer Groups

Configuring Balance Clauses that Use CRA-Type Answer Groups

Configuring Balance Clauses that Use VIP-Type Answer Groups

You can create balance clauses for a DNS rule that use VIP-type answer groups by using the clause number vip-group name command in the rule configuration mode.

Best Practices Guidelines

The syntax of this command is as follows:

clause number vip-group name [count number | ttl number | manual-reactivation enable | method {round-robin | least-loaded | ordered | weighted-round-robin | fair-weighted-round-robin | hashed {domain-name | source-address | both}} | sticky {enable | disable} | region-sticky {enable | disable} | proximity {enable [rtt number | wait {enable | disable}| zone number] | disable}] | geodb {enable [acceptable-distance distance] | disable}

The keywords and arguments are as follows:

number—Balance clause number (1, 2, or 3). You can specify a maximum of three balance clauses that use VIP-type answers.

vip-group name—Specifies the name of a previously created VIP-type answer group.

manual-reactivation—(Optional) Determines whether or not the GSS reactivates the clause automatically when it becomes available for use after being unavailable because all the answers in the answer group associated with it were either offline or overloaded.

Use one of the following keywords with this option:

enable—Enables the manual reactivation function. The GSS suspends the clause if it goes offline and changes its status to "operational suspend." The clause remains suspended until you reactivate it.


Note If you enable the manual reactivate function for a clause, you must also enable the global manual reactivate function for it to work (see the "Managing Global Manual Reactivation of Clauses in a GSS Mesh" section).


disable—Disables manual reactivation (default). If the clause goes offline, the GSS automatically reactivates the clause when it returns to an online state.

method—(Optional) Specifies the method type for each balance clause. Method types are as follows:

round-robin—The GSS cycles through the list of answers that are available as requests are received. This is the default.

least-loaded—The GSS selects an answer based on the load reported by each VIP in the answer group. The answer reporting the lightest load is chosen to respond to the request.The least-loaded option is available only for VIP-type answer groups that use a KAL-AP or Scripted keepalive.

ordered—The GSS selects an answer from the list based on precedence; answers with a lower order number are tried first, while answers further down the list are tried only if preceding answers are unavailable to respond to the request. The GSS supports gaps in numbering in an ordered list.


Note For answers that have the same order number in an answer group, the GSS will use only the first answer that contains the number. We recommend that you specify a unique order number for each answer in an answer group.


weighted-round-robin—The GSS cycles through the list of answers that are available as the requests are received, but sends requests to favored answers in a ratio determined by the weight value assigned to that resource.

fair-weighted-round-robin—In the fair weighted round-robin balance method, the user assigns a fair weight number to each answer in the answer group that is based on a ratio of the total number of real servers behind each answer in an answer group.When the GSS uses fair weighted round-robin balance method, the GSS cycles through the list of answers that are available as the requests are received. The GSS divides the requests among the answers in a ratio of the number of active real servers behind these answers in a answer group.This ratio is determined by the fair weight value assigned to a particular answer and the KALAP LOAD value for that answer.

In the least loaded method, due to the static nature of load calculation, only an answer with the least load is utilized. In weighted round-robin method, the GSS does not consider the load value of an answer in the answer group. By using the fair weighted round-robin method, the GSS overcomes the drawbacks of least-loaded balance method and weighted round-robin balance method.

hashed—The GSS selects the answer based on a unique value created from information stored in the request. The GSS supports two hashed balance methods. The GSS allows you to apply one or both hashed balance methods to the specified answer group as follows:

source-address—The GSS selects the answer based on a hash value created from the source address of the request.

domain-name—The GSS selects the answer based on a hash value created from the requested domain name.

both—The GSS selects the answer based on both the source address and domain name.

sticky—(Optional) Activates sticky for the clause when you specify enable. Deactivates sticky for the clause, when you specify disable (the default). To specify enable, make sure that the sticky method command option.

region-sticky—Activates DNS region sticky for the balance clause when you specify enable. Deactivates region-sticky for the balance clause, when you specify disable.


Note You can only enable either sticky or region-sticky at a time.



Note While enabling sticky feature, you must disable region-sticky explicitly if it is already enabled and vice-versa.
For example,
gssm1.example.com(config-gslb-rule)# clause 1 vip-group ag1 method round-robin ttl 20 count 1 region-sticky disable
gssm1.example.com(config-gslb-rule)# clause 1 vip-group ag1 method round-robin ttl 20 count 1 sticky enable


proximity—(Optional) Activates proximity for the clause when you specify enable. Deactivates the proximity for the clause when you specify disable. When you specify enable, the following options are available:

rtt number—Changes the proximity-acceptable RTT for the balance clause to a different value from the global proximity configuration. Enter an acceptable RTT value from 50 to 500 ms. The default value is 100 ms.

wait enable/disable—Changes the proximity wait state to a different setting than the global proximity configuration. When enabled, the GSS waits to perform a proximity selection until it receives the appropriate RTT and zone information based on the proximity settings. When disabled, the GSS proceeds to the next balance clause in the DNS rule.

zone number—Changes the proximity-acceptable zone percentage for the balance clause to a different value from the global proximity configuration. This option specifies the percentage of all zones configured and is used for a DNS rule and answer group.

count number—(Optional) Specifies the number of address records (A-records) that you want the GSS to return for requests that match the DNS rule. The default is 1 record.

ttl number—(Optional) Specifies the duration of time in seconds that the requesting DNS proxy caches the response sent from the GSS and considers it to be a valid answer. Valid entries are 0 to 604,800 seconds. The default is 20 seconds.


Note While enabling proximity feature you must disable GeoDB feature explicitly if it is already enabled and vice versa.

For example,
gssm1.example.com (config-gslb-rule)# clause 1 vip-group ag1 method round-robin ttl 20 count 1 geodb disable
gssm1.example.com (config-gslb-rule)# clause 1 vip-group ag1 method round-robin ttl 20 count 1 proximity enable


geodb—Activates GeoDB proximity for the balance clause when you specify enable. Deactivates the GeoDB proximity for the clause when you specify disable. When you specify enable, you can enter the acceptable distance. You can either enable geodb or proximity at once.

acceptable distance—Changes the GeoDB-acceptable distance for the balance clause to a different value from the global GeoDB configuration. The GSS uses this value as the user-specified acceptable distance when determining the most proximate answer. Enter an acceptable distance value from 0 to 20000 km. The default value is 5000 km.

For example, to configure a balance clause for a DNS rule, enter:

gssm1.example.com(config-gslb-rule[rule-name])# clause 1 vip-group ANSGRP-VIP-01 method 
ordered ttl 60 


Note If you configured a DNS rule with a balance clause that uses a CRA-type answer group, you must immediately follow the CRA-type clause with a balance clause that uses a VIP-type answer group. This ensures that if none of the Content Routing Agents successfully respond to the DNS race request, a "last gasp" server response from the VIP-type balance clause is sent to the requesting name server.


To reset the balance clause settings to their defaults for the DNS rule, use the no form of the clause command. For example, enter:

gssm1.example.com(config-gslb-rule[rule-name])# no clause 1 vip-group ANSGRP-VIP-01 method 
ordered ttl 60
 
   

You can create a maximum of three balance clauses that use VIP-type answer groups. A second or third balance clause applies only when the preceding clause is unable to provide an answer for the DNS query.


Note If you plan to configure DNS sticky in the DNS rule, see Chapter 9, Configuring DNS Sticky. If you plan to configure network proximity in the DNS rule, see Chapter 10, Configuring Network Proximity.


Configuring Balance Clauses that Use NS-Type Answer Groups

You can create balance clauses for a DNS rule that uses NS-type answer groups by using the clause number ns-group name command in the rule configuration mode.

The syntax of this command is as follows:

clause number ns-group name [manual-reactivation {enable | disable} | method {round-robin | least-loaded | ordered | weighted-round-robin | hashed {domain-name | source-address | both}}]

The keywords and arguments are as follows:

number—Balance clause number (1, 2, or 3). You can specify a maximum of three balance clauses that use NS-type answers.

ns-group name—Specifies the name of a previously created ns-type answer group.

manual-reactivation—(Optional) Determines whether or not the GSS reactivates the clause automatically when it becomes available for use after being unavailable because all the answers in the answer group associated with it were either offline or overloaded.

Use one of the following keywords with this option:

enable—Enables the manual reactivation function. The GSS suspends the clause if it goes offline and changes its status to "operational suspend." The clause remains suspended until you reactivate it.


Note If you enable the manual reactivate function for an clause, you must also enable the global manual reactivate function for it to work (see the "Managing Global Manual Reactivation of Clauses in a GSS Mesh" section).


disable—Disables manual reactivation (default). If the clause goes offline, the GSS automatically reactivates the clause when it returns to an online state.

method—Specifies the method type for each of your balance clauses. Method types are as follows:

round-robin—The GSS cycles through the list of answers that are available as requests are received. This is the default.

least-loaded—The GSS selects an answer based on the load reported by each VIP in the answer group. The answer reporting the lightest load is chosen to respond to the request.The least-loaded option is available only for VIP-type answer groups that use a KAL-AP or Scripted keepalive.

ordered—The GSS selects an answer from the list based on precedence; answers with a lower order number are tried first, while answers further down the list are tried only if preceding answers are unavailable to respond to the request. The GSS supports gaps in numbering in an ordered list.


Note For answers that have the same order number in an answer group, the GSS will only use the first answer that contains the number. We recommend that you specify a unique order number for each answer in an answer group.


weighted-round-robin—The GSS cycles through the list of answers that are available as requests are received but sends requests to favored answers in a ratio determined by the weight value assigned to that resource.

hashed—The GSS selects the answer based on a unique value created from information stored in the request. The GSS supports two hashed balance methods. The GSS allows you to apply one or both hashed balance methods to the specified answer group as follows:

domain-name—The GSS selects the answer based on a hash value created from the requested domain name.

source-address—The GSS selects the answer based on a hash value created from the source address of the request.

both—The GSS selects the answer based on both the source-address and domain name.

To configure a balance clause for the DNS rule, enter:

gssm1.example.com(config-gslb-rule[rule-name])# clause 1 ns-group ANSGRP-NS-01 method 
hashed both 

 
   

To reset the balance clause settings for the DNS rule to their defaults, use the no form of the clause command. For example:

gssm1.example.com(config-gslb-rule[rule-name])# no clause 1 ns-group ANSGRP-NS-01 method 
hashed both 

You can create a maximum of three balance clauses that use NS-type answer groups. A second or third balance clause applies only when the preceding clause is unable to provide an answer for the DNS query.

Configuring Balance Clauses that Use CRA-Type Answer Groups

You can create balance clauses for a DNS rule that use CRA-type answer groups by using the clause number cra-group name command in the rule configuration mode.

The syntax of this command is as follows:

clause number cra-group name [manual-reactivation {enable | disable} | method boomerang | fragment number | ip-ttl number | max-prop-delaynumber | pad number | secret key | server-delay number | ttl number]

The keywords and arguments are as follows:

number—Balance clause number (1 or 2). You can specify a maximum of two balance clauses that use CRA-type answers.

cra-group name—Specifies the name of a previously created CRA-type answer group.

manual-reactivation—(Optional) Determines whether or not the GSS reactivates the clause automatically when it becomes available for use after being unavailable because all the answers in the answer group associated with it were either offline or overloaded.

Use one of the following keywords with this option:

enable—Enables the manual reactivation function. The GSS suspends the clause if it goes offline and changes its status to "operational suspend." The clause remains suspended until you reactivate it.


Note If you enable the manual reactivate function for an clause, you must also enable the global manual reactivate function for it to work (see the "Managing Global Manual Reactivation of Clauses in a GSS Mesh" section).


disable—Disables manual reactivation (default). If the clause goes offline, the GSS automatically reactivates the clause when it returns to an online state.

method boomerang—Specifies that the balance method uses the boomerang DNS race to determine the best site. See the "DNS Race (Boomerang) Method" section in Chapter 1, Introducing the Global Site Selector, for more information on this balance method type. This is the default setting and cannot be changed.

fragment number—(Optional) Specifies the number of address records (A-records) that you want the GSS to return for requests that match the DNS rule. The default is 1 record.

ip-ttl number—(Optional) Specifies the maximum number of network hops that should be used when returning a response to a CRA from a match on a DNS rule.

max-prop-delaynumber—(Optional) Specifies the maximum propagation delay, which is the maximum delay (in milliseconds) that is observed before the boomerang server component of the GSS forwards a DNS request to a CRA.

pad number—(Optional) Specifies the amount of extra data (in bytes) included with each CRA response packet that is used to evaluate CRA bandwidth and latency when making load-balancing decisions.

secret key—(Optional) Specifies a text string with a maximum of 64 characters used to encrypt critical data sent between the GSS boomerang server and CRAs. This key must be the same for each configured CRA.

server-delay number—(Optional) Specifies the maximum delay (in milliseconds) that is observed before the boomerang server component of the GSS returns the address of its "last gasp" server as a response to the requesting name server.

ttl number—(Optional) Specifies the duration of time in seconds that the requesting DNS proxy caches the response sent from the GSS and considers it to be a valid answer. Valid entries are 0 to 604,800 seconds. The default is 20 seconds.

For example, to configure a balance clause for the DNS rule, enter:

gssm1.example.com(config-gslb-rule[rule-name])# clause 1 cra-group ANSGRP-CRA-01 fragment 
2 pad 20 

Note Always follow a balance clause that uses a CRA-type answer group with a balance clause that uses a VIP-type answer group. This ensures that if none of the Content Routing Agents successfully respond to the DNS race request, a "last gasp" server response from the VIP-type balance clause is sent to the requesting name server.


To reset the balance clause settings for the DNS rule to their defaults, use the no form of the clause command. For example, enter:

gssm1.example.com(config-gslb-rule[rule-name])# no clause 1 cra-group ANSGRP-CRA-01 
fragment 2 pad 20 
 
   

You can create a maximum of two balance clauses that use CRA-type answer groups. A second balance clause applies only when the first clause is unable to provide an answer for the DNS query.

Modifying DNS Rules and Balance Clauses

You can use the CLI to modify properties for an existing DNS rule or the balance clauses within a DNS rule.


Note If you have the manual reactivation function enabled for a clause and the GSS has the clause operationally suspended, modifying the DNS rule will reactivate it.


This section contains the following topics:

Modifying DNS Rule Properties

Modifying Balance Clause Properties

Modifying DNS Rule Properties

To modify an existing DNS rule, perform the following steps:

1. Display the current property settings for a DNS rule by entering the show gslb-config dns rule name command. See the "Displaying DNS Rule Properties" section for more information.

2. Change the settings for a DNS rule by entering the dns rule name command in global server load-balancing configuration mode.

The syntax of this command is as follows:

dns rule name {owner name | source-address-list name | domain-list name

3. Query is a sub-command mode with three options:

query {a | aaaa | all}

See the "Building DNS Rules" section for details about the keywords and arguments for this command.

4. Make modifications as necessary to the DNS rule options.

For example, to change the domain list for an existing DNS rule named drule02, enter:

gssm1.example.com(config-gslb)# show gslb-config dns rule drule02
dns rule rule02 owner WEB-SERVICES source-address-list WEB-GLOBAL-LISTS domain-list 
E-COMMERCE activate
        query a
        clause 1 vip-group ANSGRP6 method round-robin  ttl 20 count 1 manual-reactivation 
disable  activate
 
   
gssm1.example.com(config-gslb)# dns rule drule02 owner WEB-SERVICES source-address-list 
WEB-GLOBAL LISTS domain-list SECURITY 
 
   

5. Make modifications to the query type from a to aaaa or vice-versa

gssm1.example.com# show gslb-config dns rule
 
   
dns rule rule1 owner System source-address-list Anywhere domain-list d1 activate
        query a
        clause 1 vip-group ansgrp1 method round-robin  ttl 20 count 1 manual-reactivation 
disable  activate
gssm1.example.com#(config)# gslb
gssm1.example.com#(config-gslb)#dns rule rule1
gssm1.example.com#(config-gslb-rule)# query aaaa
gssm1.example.com#(config-gslb-rule)# end
gssm1.example.com## show gslb-config dns rule
 
   
dns rule rule1 owner System source-address-list Anywhere domain-list d1 activate
        query aaaa
        clause 1 vip-group ansgrp1 method round-robin  ttl 20 count 1 manual-reactivation 
disable  activate
gssm1.example.com#
 
   

Modifying Balance Clause Properties

To modify balance clause properties for an existing DNS rule using the CLI, perform the following steps:

1. Display the current property settings for a DNS rule and the balance clauses for that rule by entering the show gslb-config dns rule name command. See the "Displaying DNS Rule Properties" section for more information.

2. Change the balance clause properties for an existing DNS rule by using the dns rule name command in global server load-balancing configuration mode. This command allows you to access the rule configuration mode for the desired rule.

For example, enter:

gssm1.example.com(config-gslb)# dns rule drule02
gssm1.example.com(config-gslb-rule[rule-name])#
 
   

3. Modify balance clause properties by using the clause command. The syntax of the clause command varies according to the answer group type (VIP, CRA, or NS) that it uses. See the following sections for the clause command syntax based on the answer group type:

Configuring Balance Clauses that Use VIP-Type Answer Groups

Configuring Balance Clauses that Use NS-Type Answer Groups

Configuring Balance Clauses that Use CRA-Type Answer Groups

4. Make modifications as necessary to the balance clause keywords and arguments.

For example, to change the method type for clause 1 of the DNS rule drule02 from least-loaded to round-robin, enter:

gssm1.example.com(config-gslb)# show gslb-config dns rule drule02
 
   
dns rule drule02  owner WEB-SERVICES source-address-list WEB-GLOBAL-LISTS domain-list 
E-COMMERCE activate
     query  a
clause 1 vip-group ANSGRP6 least-loaded  ttl 20 count 2 manual-reactivation enable 
activate
 
   
gssm1.example.com(config-gslb)# dns rule drule02
gssm1.example.com(config-gslb-rule[rule-name])# clause 1 vip-group ANSGRP6 method 
round-robin ttl 20 count 2

Displaying DNS Rule Properties

You can display the current property settings for all DNS rules and balance clauses for each rule by using the show gslb-config dns rule command.

The syntax of this command is as follows:

show gslb-config dns rule [name]

The optional name argument specifies the name of a previously created DNS rule.

To display the properties for the DNS rule drule02, enter:

gssm1.example.com(config-gslb)# show gslb-config dns rule drule02
dns rule rule02 owner WEB-SERVICES source-address-list WEB-GLOBAL-LISTS domain-list 
E-COMMERCE activate
        query a aaaa
        clause 1 vip-group ANSGRP6 method round-robin  ttl 20 count 1 manual-reactivation 
disable  activate

Note show gslb-config output will display the status of sticky or region-sticky, if the sticky or region-sticky is enabled.


Suspending a Clause

You can temporarily stop the GSS from using an active clause associated with a rule by modifying the clause with the suspend keyword in the clause command. Manually suspending the clause prevents it from being used by the currently configured DNS rule.


Note When you create a new clause, it is in an active state by default.


To suspend a clause, perform the following steps:

1. Display the current rule clauses by entering the show gslb-config dns rule command. See the "Displaying DNS Rule Properties" section for more information.

2. Identify the active clause that you want to suspend, and then use the clause command with the suspend keyword to suspend the answer.

For example, to suspend Clause 1 of the drule02 rule, enter:

gssm1.example.com(config-gslb)# show gslb-config dns rule drule02
 
   
dns rule drule02  owner WEB-SERVICES source-address-list WEB-GLOBAL-LISTS domain-list 
E-COMMERCE activate
    query  a
 
   
clause 1 vip-group ANSGRP6 method least-loaded ttl 20 count 2 manual-reactivation disable 
activate
 
   
clause 2 vip-group ANSGRP7 method ordered ttl 20 count 2 manual-reactivation disable 
activate
 
   
gssm1.example.com(config-gslb)# dns rule drule02
gssm1.example.com(config-gslb-rule)# clause 1 vip-group ANSGRP6 suspend
 
   

To reactivate a suspended clause, use the activate feature (see the "Reactivating a Clause" section).

Reactivating a Clause

You can reactivate a clause that you suspended by modifying the specific clause with the activate keyword in the clause command.

To reactivate a clause, perform the following steps:

1. Display the current clauses by entering the show gslb-config dns rule command. See the "Displaying DNS Rule Properties" section for more information.

2. Identify the suspended answer that you want to reactivate, and then use the clause command with the activate keyword to reactivate the answer.

To reactivate Clause 1 of the drule02 rule, enter:

gssm1.example.com(config-gslb)# show gslb-config dns rule drule02 
dns rule drule02 owner WEB-SERVICES source-address-list WEB-GLOBAL-LISTS domain-list 
E-COMMERCE activate
    query a
 
   
clause 1 vip-group ANSGRP6 method least-loaded ttl 20 count 2 manual-reactivation disable 
suspend
 
   
clause 2 vip-group ANSGRP7 method ordered ttl 20 count 2 manual-reactivation disable 
activate
 
   
gssm1.example.com(config-gslb)# dns rule drule02
gssm1.example.com(config-gslb-rule)# clause 1 vip-group ANSGRP6 activate

Managing Global Manual Reactivation of Clauses in a GSS Mesh

Use the manual reactivation function to manage when the GSS reverts to using a clause that was unavailable for use but is now ready for service.

A clause becomes unavailable for use by the GSS when all the answers in the answer group associated with it are either offline or overloaded. When at least one of the answers returns to an online state, the clause becomes available once again and the GSS, by default, begins using it. To manually control when the GSS reverts to using a clause that returns to an available state, you enable the manual reactivation function from the primary GSSM.

When you enable manual reactivation for a specific clause and a GSS on the GSS mesh detects that its local copy of the clause is unavailable, that the GSS alone suspends its copy of the clause. The GSS marks the clause as "operational suspend" and does not use it in its load-balancing algorithm. Because the other GSSs on the GSS mesh maintain their own operational view of the clause, they continue to treat it as online as long as it remains in an online state locally. The clause remains suspended until you reactivate all operationally suspended clauses.


Note You can also enable the manual reactivation function for answers, enabling you to control when the GSS reverts to using an answer that returns to an online state. For more information, see theChapter 7 "Building and Modifying DNS Rules" section.


To use the manual reactivation function for clauses, you must configure the primary GSSM as follows:

Enable manual reactivation in each clause that you want to manage (see the "Building DNS Rules" section).

Enable the manual reactivation function globally as described in this section. You must enable manual reactivation globally to enable the GSS to operationally suspend all clauses that you configure for manual reactivation. You can then manually reactivate all clauses that are in the Operational Suspend state when required.

This section contains the following topics:

Enabling the Manual Reactivation Function Globally

Activating Operationally Suspended Clauses

Enabling the Manual Reactivation Function Globally

You can enable the manual activation function globally on the primary GSSM by using the manual-reactivation enable command in global server load-balancing mode.

The syntax of this command is as follows:

manual-reactivation enable

To disable the manual activation function globally on the primary GSSM, use the no form of the command.


Note Disabling manual reactivation globally causes the GSS to automatically reactivate all clauses and answers when they come back online, including any clauses and answers that you configure for manual reactivation.


To enable manual reactivation globally, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# manual-reactivation enable
gssm1.example.com(config-gslb)# 
 
   

To disable manual reactivation globally, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# no manual-reactivation enable
gssm1.example.com(config-gslb)# 

Activating Operationally Suspended Clauses

You can manually reactivate all of the answers that the GSS operationally suspended by using the manual-reactivation activate-mr-clauses all command in global server load-balancing mode.

The syntax of this command is as follows:

manual-reactivation activate-mr-clauses all

To manually reactivate a specific clause only that the GSS operationally suspended, use the clause command with the activate keyword (see the "Reactivating a Clause" section).

To manually reactivate all of the answers that the GSS operationally suspended, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# manual-reactivation activate-mr-clauses all
gssm1.example.com(config-gslb)# 

Suspending a DNS Rule

You can stop requests from being processed by a DNS rule on the GSS by using the dns rule command in global server load-balancing configuration mode.

The syntax of this command is as follows:

dns rule name suspend

The name argument specifies the name of a previously created DNS rule.

To display whether a DNS rule is currently activate or suspended, use the show gslb-config dns rule command (see the "Displaying DNS Rule Properties" section).

To suspend the DNS rule drule02, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# dns rule drule02 suspend
gssm1.example.com(config-gslb-rule)# 
 
   

Activating a DNS Rule

You can reactivate the operation of a suspended DNS rule on the GSS by using the dns rule command in global server load-balancing configuration mode.

The syntax of this command is as follows:

dns rule name activate

The name argument specifies the name of a previously created DNS rule.

To display whether a DNS rule is currently activate or suspended, use the show gslb-config dns rule command (see the "Displaying DNS Rule Properties" section).

To activate the DNS rule drule02, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# dns rule drule02 activate
gssm1.example.com(config-gslb-rule)# 
 
   

Suspending or Reactivating All DNS Rules Belonging to an Owner

You can group and manage your DNS rules according to an established GSS owner. Using a GSS owner to manage your DNS rules enables you to quickly suspend or activate all rules related to a particular group or department within your organization (for example, HR or Sales) without individually editing each rule that serves that owner.

You can suspend or reactivate all DSN rules associated with a GSS owner by using the owner command with the suspend-all-rules and activate-all-rules keywords.

To display the currently configured DNS rules and their associated owners, use the show gslb-config dns rule command. See the "Displaying DNS Rule Properties" section for more information.

To suspend all DNS rules associated with the owner WEB-SERVICES, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# owner WEB-SERVICES suspend-all-rules
gssm1.example.com(config-gslb)# 
 
   

To reactivate all DNS rules associated with the owner WEB-SERVICES, enter:

gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# owner WEB-SERVICES activate-all-rules
gssm1.example.com(config-gslb)# 

Deleting a DNS Rule

You can use the no form of the dns rule command to remove a previously created DNS rule from the GSSM database. Deleting a DNS rule does not delete the source address lists, domain lists, owners, and answer groups associated with the DNS rule.


Caution Deletions of any kind cannot be undone in the primary GSSM. Before deleting any data that you think you might want to use at a later point in time, perform a database backup of your GSSM. See the Global Site Selector Administration Guide for details.

To delete a DNS rule, perform the following steps:

1. Display the current DNS rules by using the show gslb-config dns rule command. See the Displaying DNS Rule Properties section for more information.

2. Identify the DNS rule that you want to delete, and then use the no form of the dns rule command to delete the rule.

For example, to delete a DNS rule named RULE1, enter:

gssm1.example.com(config-gslb)# show gslb-config dns rule
...
dns rule RULE1 owner OWNER1 source-address-list Anywhere domain-list www.wonderland.com 
query  a
	clause 1 vip-group ans-grp1 method ordered  ttl 20 count 1 sticky disable
...
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# no dns rule RULE1 owner OWNER1 source-address-list 
ANYWHERE domain-list WWW.WONDERLAND.COM 	 

gssm1.example.com(config-gslb)#

Configuring DNS Rule Filters

If you want to configure DNS rule filters on your GSS, log in to the primary GSSM GUI and access the DNS Rules tab. See the "Configuring DNS Rule Filters," section in Chapter 7, Building and Modifying DNS Rules, in the Cisco Global Site Selector GUI-Based Global Server Load-Balancing Configuration Guide for details.

Removing DNS Rule Filters

If you want to remove DNS rule filters on your GSS, log in to the primary GSSM GUI and access the DNS Rules tab. See the "Removing DNS Rule Filters," section in Chapter 7, Building and Modifying DNS Rules, in the Cisco Global Site Selector GUI-Based Global Server Load-Balancing Configuration Guide for details.

Delegating to GSS Devices

After you configure your GSS devices to connect to your network and create the logical resources (source address lists, domain lists, answers and answer groups, and DNS rules) required for global server load balancing, you can integrate your global server load-balancing device into your network's DNS infrastructure to deliver user queries to your GSS. To accomplish this integration, you must modify your parent domain's DNS server to delegate parts of its name space to your GSS devices.

You should carefully review and perform a test of your GSS deployment before making changes to your DNS server configuration that will affect your public or enterprise network configuration.

Modifying your DNS servers to accommodate your GSS devices involves the following steps:

1. Adding name server (NS) records to your DNS zone configuration file that delegates your domain or subdomains to one or more of your GSSs.

2. Adding "glue" address (A) records to your DNS zone configuration file that map the DNS name of each of your GSS devices to an IP address.


Note The A-records that define the name servers within the domain are frequently called glue records.


Example 7-1 provides an example of a DNS zone configuration file for a fictitious cisco.com domain that has been modified to delegate primary DNS authority for three domains to two GSS devices. Relevant lines are shown in bold type.

In Example 7-1, the delegated domains are as follows:

www.cisco.com

ftp.cisco.com

media.cisco.com

The GSS devices are as follows:

gss1.cisco.com

gss2.cisco.com

Example 7-1 Sample BIND Zone Configuration File Delegating GSSs

cisco.com. 	IN SOA ns1.cisco.com. postmaster.cisco.com. 	(
		2001111001	; serial number
		36000	; refresh 10 hours
		3600		; retry   1  hour
		3600000	; expire  42 days
		360000	; minimum 100 hours )
 
   
; Corporate Name Servers for cisco.com
		IN	NS	ns1.cisco.com.
		IN	NS	ns2.cisco.com.
ns1		IN	A	192.168.157.209
ns2		IN	A	192.168.150.100
 
   
; Sub-domains delegated to GSS Network
www		IN	NS	gss1.cisco.com.
		IN	NS	gss2.cisco.com.
media		IN	CNAME	 www
ftp		IN	NS	gss1.cisco.com.
		IN	NS	gss2.cisco.com.
 
   
 
   
 
   
 
   
 
   
; "Glue" A records with GSS interface addresses
;		Cisco GSS Dallas
gss1		IN	A	172.16.2.3
;		Cisco GSS London
gss2		IN	A	192.168.3.6
.
.

You can use many possible GSS deployments when reviewing this zone file; some deployments may suit your needs and your network better than the previous example. For example, instead of having all subdomains shared by all GSS devices, you may want to allocate specific subdomains to specific GSSs.

Where To Go Next

Chapter 8, Configuring and Monitoring the GeoDB, describes how to implement GeoIP database-based proximity computation mechanism in GSS.

If you plan to use DNS sticky for your global server load balancing, configure local or global DNS sticky for GSS devices in your network. See Chapter 9, Configuring DNS Sticky, for details.

If you plan to use network proximity for your global server load balancing, configure proximity for GSS devices in your network. See Chapter 10, Configuring Network Proximity, for details.