Cisco GSS CLI-Based Global Server Load-Balancing Configuration Guide (Software Version 1.3)
Configuring DNS Sticky
Download this chapter
Configuring DNS StickyConfiguring DNS Sticky
Download the complete book
Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide Book-Length PDF, Software Version 1.3Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide Book-Length PDF, Software Version 1.3 (PDF - 5 MB)
give_us_feedback

Table Of Contents

Configuring DNS Sticky

DNS Sticky Overview

Local DNS Sticky

Sticky Database

Global DNS Sticky

GSS Sticky Peer Mesh

Sticky Mesh Conflict Resolution

Communicating in the Sticky Peer Mesh

Logging in to the CLI and Enabling Privileged EXEC Mode

DNS Sticky Quick Start Guide

Synchronizing the GSS System Clock with an NTP Server

Configuring Sticky Using the Primary GSSM CLI

Configuring DNS Sticky

Enabling Sticky in a DNS Rule

Sticky DNS Rule Overview

Adding Sticky to a DNS Rule that uses VIP-Type Answer Groups

Creating Sticky Groups

DNS Sticky Group Overview

Creating a DNS Sticky Group

Deleting a Sticky Group IP Address Block

Deleting a Sticky Group

Deleting Entries from the Sticky Database

Dumping Sticky Database Entries

Running a Periodic Sticky Database Backup

Loading Sticky Database Entries

Disabling DNS Sticky Locally on a GSS for Troubleshooting


Configuring DNS Sticky

This chapter describes how to configure a GSS to support DNS stickiness to answer requests received from client D-proxies. The GSS supports DNS sticky both locally and globally between GSS network peers.

This chapter contains the following major sections:

DNS Sticky Overview

DNS Sticky Quick Start Guide

Synchronizing the GSS System Clock with an NTP Server

Configuring Sticky Using the Primary GSSM CLI

Disabling DNS Sticky Locally on a GSS for Troubleshooting

Each GSS supports a comprehensive set of show CLI commands to display sticky application mesh statistics for the GSS device. In addition, the primary GSSM GUI displays sticky statistics for the GSS network. Refer to Chapter 12, Displaying GSS Global Server Load-Balancing Statistics for details about viewing sticky statistics.

DNS Sticky Overview

Stickiness, also known as persistent answers or answer caching, enables a GSS to remember the DNS response returned for a client D-proxy and to later return that same answer when the client D-proxy makes the same request. When you enable stickiness in a DNS rule, the GSS makes a best effort to always provide identical A-record responses to the requesting client D-proxy, assuming that the original VIP continues to be available.

For many users browsing a site, being redirected to a new site is transparent. However, customers performing e-commerce or other transactions may experience a break in the connection when redirected, which results in a loss of the e-commerce transaction. Having DNS sticky enabled on a GSS helps to ensure that e-commerce clients remain connected to a particular server for the duration of a transaction, even when the client's browser refreshes the DNS mapping.

While some browsers allow client connections to remain for the lifetime of the browser instance or for several hours, other browsers may impose a connection limit of 30 minutes before requiring a DNS re-resolution. This time period may not be long enough for a client to complete an e-commerce transaction. A new DNS resolution can then cause the client to connect to a server that is different from the original server, disrupting the transaction. DNS sticky helps to ensure that a client completes a transaction if a DNS re-resolution occurs.

This section includes the following topics on DNS sticky in the GSS:

Local DNS Sticky

Sticky Database

Global DNS Sticky

Local DNS Sticky

With local DNS sticky, each GSS device attempts to ensure that subsequent client D-proxy requests to the same domain name from the same GSS device will be "stuck" to the same location as the first request. DNS sticky guarantees that all requests from a client D-proxy to a particular hosted domain or domain list are given the same answer by the GSS for the duration of a user-configurable sticky inactivity time interval, assuming the answer is still valid.

Each GSS dynamically builds and maintains a local sticky database that is based on the answers that the GSS sends to the requesting client D-proxies. If a subsequent request comes from the same client D-proxy, and the answer in the database is valid, the GSS returns the cached answer to the client D-proxy.

You configure the GSS to perform sticky load-balancing operations by configuring options on DNS rules and balance clauses. You identify the sticky method used by the DNS rule by matching a hosted domain or matching a hosted domain list. When sticking on a domain, the GSS provides the same sticky answer to all requests from a client D-proxy for that domain. When sticking on a domain list, the GSS provides the same sticky answer to all requests from a client D-proxy for all domains in that domain list.

Before returning a sticky answer to a client, the GSS verifies the keepalive status. If the resource is:

Available (online state), the GSS uses this answer for the DNS response sent back to the D-proxy.

Available (online state) but the VIP corresponding to the answer is overloaded, the GSS continues to use this answer for the DNS response sent back to the D-proxy. Sticky always takes precedence over an exceeded load threshold in the associated DNS rule.

Unavailable (offline state), the GSS selects a new answer and inserts this answer into the sticky database, replacing the previous answer.

Sticky Database

The sticky database provides the core intelligence for all DNS sticky-based decisions made by a GSS, on a local or global level. The GSS collects requests from the client D-proxies and stores these requests in memory as the sticky database. Requests may be identified by the IP address of the client D-proxy or a database ID representing a list of D-proxy IP addresses (configured as a sticky group, see the "Creating Sticky Groups" section). The D-proxy IP address may also be some form of a sticky global netmask if the global subnet mask is set to a value other than the default of 255.255.255.255.

The sticky database stores the answer to each request that the DNS rule matches, which may be for a single domain (including wildcard expressions) or a configured list of domains. These components comprise each sticky database key that the GSS uses for the look up, storage, and persistence of stickiness for DNS responses.

The primary GSSM supports the creation of sticky groups which allow you to configure multiple blocks of D-proxy IP addresses that each GSS device stores in its sticky database as a single entry. Instead of multiple sticky database entries, the GSS uses only one entry in the sticky database for multiple D-proxies. The GSS treats all D-proxies in a sticky group as a single D-proxy.

All entries in the sticky database age-out based on a user-specified global sticky inactivity timeout value. The sticky inactivity timeout value identifies the time period that an answer remains valid in the sticky database. Every time the GSS returns an answer to the requesting client, the GSS resets the expiration time of the answer to this value. When the sticky inactivity timeout value elapses without the client requesting the answer, the GSS identifies the answer as invalid and purges it from the sticky database. You can specify a global sticky inactivity timeout default value for the GSS or modify the inactivity timeout value for each DNS rule.

Note The sticky inactivity timeout is accurate to within five minutes of the specified value. Each entry will persist in the sticky database for the configured sticky inactivity timeout value, and may remain in the sticky database for no longer than five minutes past the specified value.

Upon receiving a DNS request, the GSS searches the sticky database for a matched entry based on the combination of D-proxy IP address (or sticky group ID) and requested hosted domain or domain list information in the request. If the GSS finds a matched entry (a hit), the GSS returns the original DNS answer to the requesting D-proxy and the GSS resets the user-configured sticky inactivity timeout to its starting value. If the GSS does not find a matched entry (a miss), the GSS does not return a sticky answer but, instead, performs normal load balancing for the request to locate a new answer and add the new entry into the sticky database.

The GSS supports a maximum of 400,000 entries in the sticky database. When the total number of entries in the sticky database reaches 400,000, the GSS automatically removes entries from the database based on the lowest percentage of time remaining.

Global DNS Sticky

This section provides an overview of the global DNS sticky function and the behavior of GSS devices operating in a peer mesh. It includes the following topics:

GSS Sticky Peer Mesh

Sticky Mesh Conflict Resolution

Communicating in the Sticky Peer Mesh

GSS Sticky Peer Mesh

With global DNS sticky enabled, each GSS device in the network shares sticky database answers with the other GSS devices in the network, operating as a fully connected peer-to-peer mesh. Each GSS device in the mesh stores the requests and responses from client D-proxies in its own local database, and shares this information with the other GSS devices in the network. As a result, subsequent client D-proxy requests to the same domain name to any GSS in the network causes the client to be "stuck".

When one GSS device in the mesh receives a query from a client for a hosted domain or domain list, global sticky enables each GSS in the network to make a best effort attempt to return the same answer to the requesting client. This action is performed regardless of which GSS in the network is selected to answer the first and subsequent requests. The individual GSS devices work together to maintain a global sticky database across the network.

Each GSS in the peer mesh receives updates from the other peers and sends local changes to its remote peers. The GSS devices share the following information with the other GSS devices in the peer mesh:

The sticky database lookups performed

The persistent answers provided in the response

The related time stamp and sticky inactivity timeout details

Each GSS sends updates to its remote GSS peers when any of the following events occur:

A D-proxy request arrives at a GSS with no previous database entry. The GSS returns a new answer to the requesting client and enters that answer in its local database.

A GSS returns a previous answer to the requesting client. The GSS resets the expiration time for the answer to its original sticky inactivity timeout value.

The GSS finds an existing answer in the sticky database but a keepalive determines that the answer is nonresponsive (offline). In this case, the GSS uses the DNS rule to choose a new answer, overriding the previous answer in the sticky database, and communicates this answer to all peers.

You use the sticky database delete CLI command to delete one or more entries from the sticky database.

A GSS does not send information to its peers when purging an answer from the sticky database due to reaching the normal sticky inactivity timeout or due to a sticky database overflow. Each GSS in the mesh performs is expected to perform this task independently.

When a local GSS node receives information from one of its peers in the network, that GSS performs a lookup of each received data entry in its local sticky database. Based on the results of the lookup, the GSS performs one of the following actions:

If the GSS does not find the entry in its sticky database, the GSS adds the answer to its local sticky database.

If the GSS finds the same entry in its sticky database, the GSS resets the expiration time for the answer to the initial sticky inactivity timeout value.

The GSS supports encryption of all inter-GSS communications to maintain the integrity of the sticky database information transferred among the mesh peers. Each GSS uses the Message Digest 5 (MD5) based hashing method to encrypt the application data sent throughout the mesh.

To authenticate communication between GSS devices in the mesh to prevent unauthorized device access, you can specify a secret string that is used by all GSS devices in the mesh. The secret string provides a key for authentication between GSS devices as well as for encryption (if enabled). Each local GSS uses the Challenge Handshake Authentication Protocol (CHAP) method to establish a connection with a remote peer.

Sticky Mesh Conflict Resolution

In some instances, two or more GSS devices in the mesh may answer the same sticky request at the same time. When GSS devices communicate their updates to each peer, the recipient detects a conflict. Conflicts are resolved in the peer network by each GSS keeping the record with the greatest expiration time stamp, that is, the newest record. If the conflicting entries have identical time stamps, the GSS uses the entry containing the most recently configured answer based on configuration ID.

Conflicts are far more likely to occur when multiple requests are grouped by domain list, or when you group D-proxy clients by a sticky mask or by sticky group. For example, if you configure a DNS rule for domains A and B, one client may request GSS 1 for domain A, while a second client may make a request for domain B. If the GSS receives both requests at the same time, the two clients may receive different answers.

You can reduce global sticky mesh conflicts if you:

Configure sticky DNS rules for one domain only. Avoid using the domain-list option for the sticky method unless absolutely necessary.

Avoid the use of domain wildcards. Wildcard domains pose the same issue as domain lists.

Avoid the use of low DNS ttl values in a sticky balance clause. Setting the ttl value of each sticky balance clause to a high value allows the sticky database to synchronize answers before the client D-proxy attempts to re-resolve the answer.

Communicating in the Sticky Peer Mesh

To successfully pass packets between GSS peers in the sticky mesh, ensure the following requirements are met:

Synchronize the system clock of each GSS device in the mesh with a Network Time Protocol (NTP) server. If a GSS system clock is out of synchronization with the other GSS peers (by a value greater than a three minutes), that GSS ignores update messages from other GSS devices until you synchronize its system clock. See the "Synchronizing the GSS System Clock with an NTP Server" section for details.

Each GSS in the peer mesh has the same global subnet mask values. A GSS will drop all global sticky messages received from a GSS with a different subnet mask. A difference in global sticky masks on a peer would occur only if a configuration change were made on the primary GSSM and the peer did not receive the change due to a network failure. See the "Configuring DNS Sticky" section for details.

Each GSS in the peer mesh has the same version of GSS software.

If these conditions are not met, a GSS cannot properly receive or send packets with the other GSS peers in the sticky mesh.

A GSS leaves and rejoins the global sticky mesh when you perform one of the following actions:

Enter a gss restart command to restart the GSS software on the local GSS node.

Enter the sticky stop and sticky start command sequence on the local GSS node.

Enter a reload command to perform a cold restart of the local GSS node.

Enter the enable global command in sticky properties configuration mode.

Upon reentry into the mesh, the GSS attempts to load the sticky database from a peer GSS. The GSS uses the shortest round-trip time (RTT) to prioritize from which peer to request the database update. If a GSS peer is unavailable, the GSS locally restores the sticky database from the last available periodic database dump file. The GSS restores the sticky database from the database dump file anytime it rejoins the mesh and cannot retrieve a database from a GSS peer in the mesh. When the load is complete, the local database on the GSS device contains a full version of the sticky database.

If you want the local GSS node to attempt synchronization with a specific GSS peer upon reentry into the sticky mesh, you can identify a favored GSS peer for that GSS device. By identifying a favored GSS peer, you can also reduce network issues with peer synchronization, which typically generate a burst of network traffic. In this case, direct network traffic to a peer other than the GSS identified as being the closest (with the shortest round-trip time).

When you identify a favored peer, upon reentry into the mesh, the local GSS node always attempts to first synchronize its sticky database entries with the favored GSS peer. If the GSS favored peer is unavailable, the local GSS node queries the remaining mesh peers to find the closest up-to-date sticky database.

Network connectivity issues, GSS devices leaving and rejoining the mesh, and GSS device restarts have a minor impact on the synchronization of the sticky database. Sticky database entries always reconverge based on their usage and the user-configurable sticky inactivity timeout values.

Logging in to the CLI and Enabling Privileged EXEC Mode

Note To log in and enable privileged EXEC mode in the GSS, you must be a configured user with admin privileges. Refer to the Cisco Global Site Selector Administration Guide for information on creating and managing user accounts.

To log in to the primary GSSM and enable privileged EXEC mode at the CLI:

1. If you are remotely logging in to the primary GSSM through Telnet or SSH, enter the host name or IP address of the GSSM to access the CLI.

If you are using a direct serial connection between your terminal and the GSSM, use a terminal emulation program to access the CLI. For details about making a direct connection to the GSS device using a dedicated terminal and about establishing a remote connection using SSH or Telnet, refer to the Cisco Global Site Selector Getting Started Guide.

2. Specify your GSS administrative username and password to log in to the GSSM. The CLI prompt appears. 

gssm1.example.com>

3. At the CLI prompt, enable privileged EXEC mode as follows: 

gssm1.example.com> enable

gssm1.example.com#

DNS Sticky Quick Start Guide

Table 8-1 provides a quick overview of the steps required to configure the GSS for DNS sticky operation, both local and global DNS sticky. Each step includes the primary GSSM command required to complete the task. For the procedures to configure the GSS for DNS sticky, see the sections that follow the table.

Table 8-1 DNS Sticky Configuration Quick Start 

Task and Command Example

1. If you are using global sticky with multiple GSS devices, log in to the CLI of each GSS in the mesh, enable privileged EXEC mode, and synchronize its system clock with an NTP server.

For example: 

gssm1.example.com> enable

gssm1.example.com# config

gssm1.example.com(config)# ntp-server 172.16.1.2 172.16.1.3

gssm1.example.com(config)# ntp enable

2. Enter the global server load-balancing configuration mode.

For example: 

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)#

3. Use the sticky-properties command to enter the sticky properties configuration mode.

For example: 

gssm1.example.com(config-gslb)# sticky-propertie

gssm1.example.com(config-gslb-stkyprop)#

4. From the sticky properties configuration mode, enable sticky and specify a mode (global or local).

For example, to enable global DNS sticky for the GSS network, enter: 

gssm1.example.com(config-gslb-stkyprop)# enable global

gssm1.example.com(config-gslb-stkyprop)# exit

gssm1.example.com(config-gslb)#

5. Configure default DNS sticky configuration and inter-GSS global sticky mesh settings using the any of the following commands in sticky properties configuration mode. Refer to the "Configuring DNS Sticky" section for a complete description of these settings. You can configure:

encryption—Enables or disables the encryption of data transmitted by GSS devices in the mesh. Valid options are:

enable—Enables the encryption of data transferred between GSS peers in the mesh.

key name—Provides a secret string a key for authentication between GSS devices as well as for encryption (if enabled).

mask netmask—Specifies a global subnet mask that the GSS uses to uniformly group contiguous D-proxy addresses as an attempt to increase the number of clients that the sticky database can support.

timeout seconds—Specifies the maximum time period that an unused answer remains valid in the sticky database.

favored-peerIf you want a local GSS device to attempt synchronization with a specific favored GSS peer upon reentry into the sticky mesh, specify a GSS device and a favored GSS peer (a different GSS device ) combination for each local GSS device in the mesh.

For example: 

gssm1.example.com(config-gslb-stkyprop)# enable global

gssm1.example.com(config-gslb-stkyprop)# encryption key SECRETKEY 
gssm1.example.com(config-gslb-stkyprop)# timeout 120

gssm1.example.com(config-gslb-stkyprop)# exit

gssm1.example.com(config-gslb)#

6. Develop your DNS rule using the dns rule command.

For example: 

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# dns rule drule02 owner 
WEB-SERVICES source-address-list WEB-GLOBAL-LISTS domain-list 
E-COMMERCE query A

gssm1.example.com(config-gslb-rule[rule-name])#

7. Use the sticky method command to define how the GSS supports DNS stickiness in a DNS rule (by domain or domain-list).

For example: 

gssm1.example.com(config-gslb-rule[rule-name])# sticky method 
domain

gssm1.example.com(config-gslb-rule[rule-name])#

8. If you want to override the global timeout value set for the DNS rule, specify a new timeout value.

For example: 

gssm1.example.com(config-gslb-rule[rule-name])# sticky method 
domain timeout 250

gssm1.example.com(config-gslb-rule[rule-name])#

9. Use the clause command to configure balance clause 1 for the DNS rule and the sticky enable option to enable sticky for the DNS rule.

For example: 

gssm1.example.com(config-gslb-rule[rule-name])# clause 1 
vip-group ANSGRP-VIP-01 sticky enable

gssm1.example.com(config-gslb-rule[rule-name])#

10. Optionally configure other clause command settings as appropriate. Refer to the "Adding Sticky to a DNS Rule that uses VIP-Type Answer Groups" section for a complete description of these settings.You can configure:

count number—Specifies the number of address records (A-records) that you want the GSS to return for requests that match the DNS rule.

ttl number—Specifies the duration of time in seconds that the requesting DNS proxy caches the response sent from the GSS and considers it to be a valid answer.

method—(Optional) Specifies the method type for each balance clause. Method types are:

round-robin—The GSS cycles through the list of answers that are available as requests are received. This is the default.

ordered—The GSS selects an answer from the list based on precedence

least-loaded—The GSS selects an answer based on the load reported by each VIP in the answer group.

weighted-round-robin—The GSS cycles through the list of answers that are available as requests are received but sends requests to favored answers in a ratio determined by the weight value assigned to that resource.

hashed—The GSS selects the answer based on a unique value created from information stored in the request. Valid hashed method types are: source-address, domain-name, or both.

For example: 

gssm1.example.com(config-gslb-rule[rule-name])# clause 1 
vip-group ANSGRP-VIP-01 sticky enable ttl 30 method ordered

gssm1.example.com(config-gslb-rule[rule-name])#

11. Using the clause command, repeat steps 9 and 10 for clause 2.

For example: 

gssm1.example.com(config-gslb-rule[rule-name])# clause 2 
vip-group ANSGRP-VIP-02 sticky enable ttl 60 method least-loaded

gssm1.example.com(config-gslb-rule[rule-name])#

Note The GSS prevents you from enabling sticky on balance clause 2 if you do not first enable sticky on balance clause 1. This restriction is also true if you attempt to enable sticky on balance clause 3 without first configuring sticky on balance clause 2.

12. Reenter the clause command for clause 3, then repeat steps 9 and 10.

13. (Optional) To group multiple D-proxy IP addresses as a single entry in the sticky database, exit from the rule configuration mode, then use the sticky group command in global server load-balancing mode.

For example: 

gssm1.example.com(config-gslb-rule[rule-name])# exit

gssm1.example.com(config-gslb)# sticky group StickyGroup1 ip 
192.168.3.0 netmask 255.255.255.0

Synchronizing the GSS System Clock with an NTP Server

If you are using global sticky in your GSS network, you must synchronize the clocks of all GSS devices in the mesh to enable a GSS to communicate with the other GSS devices in the peer mesh. If a GSS system clock is out of synchronization with the other GSS peers (by a value greater than three minutes), that GSS will ignore update messages from other GSS devices until you synchronize its system clock.

We strongly recommend that you synchronize the system clock of each GSS in the mesh with a Network Time Protocol (NTP) server. NTP is a protocol designed to synchronize the clocks of computers over a network with a dedicated time server.

You must specify the NTP servers for each GSS device operating in the global mesh before you enable DNS sticky for those devices from the primary GSSM. This sequence ensures that the clocks of each GSS device are synchronized before they join the global sticky peer mesh.

Note For details on logging in to a GSS device and enabling privileged EXEC mode at the CLI, refer to the "Logging in to the CLI and Enabling Privileged EXEC Mode" section.

Use the ntp-server global configuration mode command to specify one or more NTP servers for GSS clock synchronization. The syntax for this CLI command is:

ntp-server ip_or_host

The ip_or_host variable specifies the IP address or host name of the NTP time server in your network that provides the clock synchronization. You can specify a maximum of four IP addresses or host names. Enter the IP address in dotted-decimal notation (for example, 172.16.1.2) or a mnemonic host name (for example, myhost.mydomain.com).

Use the ntp enable global configuration mode command to enable the NTP service. The syntax of this CLI command is:

ntp enable

This example shows how to specify the IP addresses of two NTP time servers for a GSS device and to enable the NTP service: 

gssm1.example.com> enable

gssm1.example.com# config

gssm1.example.com(config)# ntp-server 172.16.1.2 172.16.1.3

gssm1.example.com(config)# ntp enable

Configuring Sticky Using the Primary GSSM CLI

This section describes how to configure GSS devices for DNS sticky operation, add stickiness to a DNS rule on the primary GSSM, and manage the sticky database. It includes the following procedures:

Configuring DNS Sticky

Enabling Sticky in a DNS Rule

Creating Sticky Groups

Deleting Entries from the Sticky Database

Dumping Sticky Database Entries

Running a Periodic Sticky Database Backup

Loading Sticky Database Entries

Configuring DNS Sticky

The GSS includes a set of DNS sticky settings that function as the default values used by the GSS network when you enable sticky in a DNS rule.

From global server load-balancing configuration mode, use the sticky-properties command to enter the sticky properties configuration mode. In the sticky properties configuration mode, you can issue commands to enable sticky and modify the DNS sticky settings for the GSS network. Sticky settings are applied as soon as you exit from the sticky properties configuration mode or enter a new mode.

To enable sticky and configure the sticky settings from the sticky properties configuration mode, specify one or more of the following commands:

enable—Enables DNS sticky for the global or local level. Valid options are:

global—Enables global DNS sticky for each active GSS device across the entire GSS mesh. With global DNS sticky, all local sticky features are in operation and each GSS device in your network shares answers between peer GSS devices in a peer mesh. The peer mesh attempts to ensure that if any of the GSS devices in the mesh receives the same question, then the same answer is returned to the requesting client D-proxy.

local—Enables DNS sticky for each active GSS device on a local level only. Each GSS attempts to ensure that subsequent requests for the same domain name are "stuck" to the same location as the first request. Sticky database information is not shared between GSS devices in the GSS mesh.

encryption—Enables or disables the encryption of data transmitted by GSS devices in the mesh. This command is valid only if the global command is enabled. The GSS support encryption of all inter-GSS communications to maintain the integrity of the sticky database information transferred among the mesh peers. This command is disabled by default (data is transmitted in clear text). Valid options are:

enable—Enables the encryption of data transferred between GSS peers in the mesh. Each GSS uses the Message Digest 5 (MD5) based hashing method to encrypt the application data sent throughout the mesh.

key name—(Optional) Provides a secret string a key for authentication between GSS devices as well as for encryption (if enabled). Enter a unique alphanumeric name, with a maximum of 31 characters. Names that include spaces must be entered in quotes (for example, "name 1").

mask netmask—Specifies a global subnet mask that the GSS uses to uniformly group contiguous D-proxy addresses as an attempt to increase the number of clients that the sticky database can support. This mask is applied to the client source IP address before accessing the sticky database. Enter the subnet mask in dotted-decimal notation (for example, 255.255.255.0). The default global mask is 255.255.255.255.

When you define a DNS sticky group for incoming D-proxy addresses (see the "Creating Sticky Groups" section) and the incoming D-proxy address does not match any of the entries in a defined DNS sticky group, the GSS uses this global netmask value to calculate a grouped D-proxy network address.

timeout seconds—Specifies the maximum time period that an unused answer remains valid in the sticky database. This value defines the sticky database entry age-out process. Every time the GSS returns an answer to the requesting client D-proxy, the GSS resets the expiration time of the answer to this value. When the sticky timeout value elapses without the client again requesting the answer, the GSS identifies the answer as invalid and purges it from the sticky database. Enter a value from 15 to 10080 minutes (168 hours), specified in 5 minute intervals (15, 20, 25, 30, up to 10080). The default value is 60 minutes.

You can also individually set the timeout value for each DNS rule. When you set a timeout value for a DNS rule, that value overrides the global timeout value.

Note The sticky timeout is accurate to within five minutes of the specified value. Each entry will persist in the sticky database for the configured sticky timeout value, and may remain in the sticky database for no longer than five minutes past the specified value.

favored-peerIf you want a local GSS device to attempt synchronization with a specific GSS peer upon reentry into the sticky mesh, specify a favored peer for each local GSS device in the mesh. By specifying a favored GSS peer, you can also reduce network issues with peer synchronization, which typically generate a burst of network traffic. In this case, you can direct network traffic to a peer other than the GSS identified as being the closest (with the shortest round-trip time). This command is valid only if you enable the global option. Specify:

GSSSpecifies the name of the local GSS device that will be associated with a favored peer GSS device. The peer GSS device is the name of another GSS device that you specify in the GSS-peer variable.

GSS-peerSpecifies the name of the favored GSS peer that is to be associated with the GSS device name specified as the GSS variable.

Reenter the favored-peer command as many times as required to assign favored GSS peers to the GSS devices in the sticky mesh.

A GSS joins the mesh when any of the following occur:

A reload

A power up

When you issue a gss stop and gss start command sequence

When you issue a reload command

When you issue a sticky stop and sticky start command sequence

When you enable the global option.

Upon reentry into the mesh, the local GSS device first attempts to synchronize its sticky database entries with its favored GSS peer. If the favored peer is unavailable, the GSS queries the remaining mesh peers to find the closest up-to-date sticky database (with the shortest round-trip time).

For example, assume there are four GSS devices in a mesh (gss_1, gss_2, gss_3, and gss_4), and both gss_1 and gss_2 are in the bootup process. You can direct local device gss_1 to gss_3 as its GSS peer, and direct local device gss_2 to gss_4 as its GSS peer. The identification of favored GSS peers in the mesh can prevent those GSS devices that are booting from waiting for another database request to complete before their database synchronization request can be serviced.

If you do not specify any favored GSS peers, the GSS uses the shortest round-trip time to prioritize which peers to request a database update.

mask netmask—Specifies a global subnet mask that the GSS uses to uniformly group contiguous D-proxy addresses as an attempt to increase the number of clients that the sticky database can support. This mask is applied to the client source IP address before accessing the sticky database. Enter the subnet mask in dotted-decimal notation (for example, 255.255.255.0). The default global mask is 255.255.255.255.

When you define a DNS sticky group for incoming D-proxy addresses (see the "Creating Sticky Groups" section) and any incoming D-proxy address does not match any of the entries in a defined DNS sticky group, the GSS uses this global netmask value to calculate a grouped D-proxy network address.

timeout minutes—Specifies the maximum time period that an unused answer remains valid in the sticky database. This value defines the sticky database entry age-out process. Every time the GSS returns an answer to the requesting client D-proxy, the GSS resets the expiration time of the answer to this value. When the sticky timeout value elapses without the client again requesting the answer, the GSS identifies the answer as invalid and purges it from the sticky database. Enter a value from 15 to 10080 minutes (168 hours), specified in 5 minute intervals (15, 20, 25, 30, up to 10080). The default value is 60 minutes.

You can also individually set the timeout value for each DNS rule. When you set a timeout value for a DNS rule, that value overrides the global timeout value.

Note The sticky timeout is accurate to within five minutes of the specified value. Each entry will persist in the sticky database for the configured sticky timeout value, and may remain in the sticky database for no longer than five minutes past the specified value.

For example, to enable global stickiness and specify encryption key and timeout values, enter: 

gssm1.example.com(config-gslb)# sticky-properties 

gssm1.example.com(config-gslb-stkyprop)# enable global

gssm1.example.com(config-gslb-stkyprop)# encryption key SECRETKEY 

gssm1.example.com(config-gslb-stkyprop)# timeout 120

gssm1.example.com(config-gslb-stkyprop)# exit

gssm1.example.com(config-gslb)#

To reset a stickiness setting to its default, use the no form of the command. For example, enter: 

gssm1.example.com(config-gslb-stkyprop)# no timeout 120

gssm1.example.com(config-gslb-stkyprop)# no mask 255.255.255.0

gssm1.example.com(config-gslb-stkyprop)# exit

gssm1.example.com(config-gslb)#

Enabling Sticky in a DNS Rule

This section includes the following topics:

Sticky DNS Rule Overview

Adding Sticky to a DNS Rule that uses VIP-Type Answer Groups

Sticky DNS Rule Overview

After you enable DNS sticky and configure sticky settings, you add stickiness to a DNS rule using the sticky method and clause commands in rule configuration mode. The GSS supports DNS stickiness in a DNS rule on either a matching domain (domain option) or on a matching domain list (domain-list option). The domain and domain-list sticky methods instruct the GSS that all requests from a client D-proxy for a matching hosted domain or domain list are to be given the same answer for the duration of a user-configurable sticky time period.

Enabling sticky in a DNS rule clause causes the GSS to look up in the sticky database for a matched entry based on a combination of D-proxy IP address and requested domain information, and if the answer is found, to return the answer as the DNS response to the requesting D-proxy. If the answer is in the offline state, or the GSS does not find the answer, it evaluates the balance method clauses in the DNS rule to choose a new answer.

You can configure sticky individually for each balance clause in a DNS rule. However, the GSS prevents you from enabling sticky on balance clause 2 if you do not first enable sticky on balance clause 1. This restriction is also true if you attempt to enable sticky on balance clause 3 without first configuring sticky on balance clause 2.

Note If you use DNS sticky and network proximity in your DNS rule, stickiness always takes precedence over proximity. When a valid sticky answer exists for a given DNS rule match, the GSS does not consider proximity when returning an answer to a client D-proxy.

Adding Sticky to a DNS Rule that uses VIP-Type Answer Groups

To add sticky to a DNS rule that uses VIP-type answer groups:

1. If you have not already done so, enable local or global DNS sticky. See the "Configuring DNS Sticky" section for details.

2. Develop your DNS rule using the dns rule command, as described in the "Building DNS Rules" section of Chapter 7, Building and Modifying DNS Rules.

3. To define how the GSS supports DNS stickiness in a DNS rule, use the sticky method command, with one of the following options:

domain—Enables DNS stickiness on a domain. For all requests from a single D-proxy, the GSS sends the same answer for a domain. For rules matching on a domain wildcard (for example, *.cisco.com), entries are stuck together using the global configuration ID assigned to the wildcard. The GSS does not attempt to distinguish the individual domains that match the wildcard.

domain-list—Enables DNS stickiness on a matching domain list. The GSS groups all domains in the domain list and treats them as a single hosted domain. The GSS treats wildcards in domain lists the same as non-wildcard domains.

Note Sticky is disabled by default. When disabled, the GSS answers DNS requests for all domains and clients that pertain to the DNS rule, subject to DNS rule matching, without accessing the sticky database or sharing sticky database information between peers in the network.

4. To override the global timeout value set for a DNS rule, specify a new timeout value. Enter the maximum time interval that can pass without the sticky database receiving a lookup request for an entry. Every time the GSS returns an answer to the requesting client D-proxy, the GSS resets the expiration time of the answer to this value. When the sticky timeout value elapses without the client again requesting the answer, the GSS identifies the answer as invalid and purges it from the sticky database. Enter a value from 15 to 10080 minutes, defined in 5 minute intervals (15, 20, 25, 30 up to 10080).

For example, enter: 

gssm1.example.com(config-gslb)# dns rule drule02

gssm1.example.com(config-gslb-rule[rule-name])# sticky method 
domain timeout 250

gssm1.example.com(config-gslb-rule[rule-name])#

Note The sticky timeout is accurate to within five minutes of the specified value. Each entry will persist in the sticky database for the configured sticky timeout value, and may remain in the sticky database for no longer than five minutes past the specified value.

5. Configure balance clause 1 using the clause number vip-group name command in the rule configuration mode. The syntax for this command is:

clause number vip-group name [count number | sticky {enable | disable} | ttl number | method {round-robin | least-loaded | ordered | weighted-round-robin | hashed {domain-name | source-address | both}}]

The variables and options for this command are:

number—Specifies the balance clause number (1, 2, or 3). You can specify a maximum of three balance clauses that use VIP-type answers.

vip-group name—Specifies the name of a previously created VIP-type answer group.

count number—(Optional) Specifies the number of address records (A-records) that you want the GSS to return for requests that match the DNS rule. The default is 1 record.

sticky—(Optional) Specify enable to activate sticky for the clause. Specify disable (the default) to deactivate sticky for the clause. To specify enable, make sure that the sticky method option (see step 3.) is set to domain or domain-list.

ttl number—(Optional) Specifies the (time to live) duration of time in seconds that the requesting DNS proxy caches the response sent from the GSS and considers it to be a valid answer. Valid entries are 0 to 604,800 seconds. The default is 20 seconds.

method—(Optional) Specifies the method type for each of your balance clauses. Method types are:

round-robin—The GSS cycles through the list of answers that are available as requests are received. This is the default setting.

least-loaded—The GSS selects an answer based on the load reported by each VIP in the answer group. The answer reporting the lightest load is chosen to respond to the request.The least-loaded option is available only for VIP-type answer groups that use a KAL-AP keepalive.

ordered—The GSS selects an answer from the list based on precedence; answers with a lower order number are tried first, while answers further down the list are tried only if preceding answers are unavailable to respond to the request. The GSS supports gaps in numbering in an ordered list.

Note For answers that have the same order number in an answer group, the GSS will only use the first answer that contains the number. We recommend that you specify a unique order number for each answer in an answer group.

weighted-round-robin—The GSS cycles through the list of answers that are available as requests are received but sends requests to favored answers in a ratio determined by the weight value assigned to that resource.

hashed—The GSS selects the answer based on a unique value created from information stored in the request. The GSS supports two hashed balance methods. The GSS allows you to apply one or both hashed balance methods to the specified answer group. Enter one:

source-address—The GSS selects the answer based on a hash value created from the source address of the request.

domain-name—The GSS selects the answer based on a hash value created from the requested domain name.

both—The GSS selects the answer based on both source-address and domain name.

6. Using the clause command, repeat the configuration process for clauses 2
and 3.

Note The GSS prevents you from enabling sticky on clause 2 if you do not first enable sticky on clause 1. This restriction is also true if you attempt to enable sticky on clause 3 without first configuring sticky on clause 2.

For example, to set up balance clauses 1 and 2 with stickiness for the previously created DNS rule named drule02, enter: 

gssm1.example.com(config-gslb)# dns rule drule02

gssm1.example.com(config-gslb-rule[rule-name])# clause 1 vip-group 
ANSGRP-VIP-01 sticky enable method ordered

gssm1.example.com(config-gslb-rule[rule-name])# clause 2 vip-group 
ANSGRP-VIP-02 sticky enable method least-loaded

gssm1.example.com(config-gslb-rule[rule-name])#

To delete a balance clause, use the no form of the clause command. For example, enter: 

gssm1.example.com(config-gslb-rule[rule-name])# no clause 2 vip-group 
ANSGRP-VIP-02 sticky enable method least-loaded

gssm1.example.com(config-gslb-rule[rule-name])#

Creating Sticky Groups

The primary GSSM supports the creation of sticky groups. A sticky group allows you to configure multiple blocks of D-proxy IP addresses that each GSS device stores in its sticky database as a single entry. Instead of multiple sticky database entries, the GSS uses only one entry in the sticky database for multiple D-proxies. The GSS treats all D-proxies in a sticky group as a single D-proxy.

This section includes the following topics:

DNS Sticky Group Overview

Creating a DNS Sticky Group

Deleting a Sticky Group IP Address Block

Deleting a Sticky Group

DNS Sticky Group Overview

Create sticky groups from the primary GSSM CLI to obtain better scalability of your configuration and to allow for ease of sticky group creation through automation scripts. The primary GSSM supports a maximum of 800 sticky groups. Each sticky group contains one to 30 blocks of IP addresses and subnet masks (in dotted-decimal notation).

The grouping of D-proxy IP addresses in the sticky database provides you with a method to address proxy hopping. Certain ISPs rotate their D-proxies. A user's browser may use DNS server A to resolve a hostname, and later use DNS server B to resolve the same name. This technique, referred to as proxy hopping, has implications for sticky because the DNS sticky function remembers the client's D-proxy IP address and not the IP address of the actual client. In this case, rotating D-proxies appear to the GSS as unique clients. Sticky grouping provides you with a mechanism to globally group sets of D-proxies together to solve this proxy hopping problem.

In addition to creating DNS sticky groups of multiple D-proxy IP addresses from the CLI, you can configure a global netmask to uniformly group contiguous D-proxies (see the "Configuring DNS Sticky" section). The global netmask is used by the GSS device when no DNS sticky group matches the incoming D-proxy address. The GSS uses the full incoming D-proxy IP address (255.255.255.255) and the global netmask as the key to look up in the DNS sticky database. The default global mask is 255.255.255.255.

Figure 8-1 illustrates how through DNS sticky group entries 192.168.9.0 255.255.255.0 and 172.16.5.1 255.255.255.255, the DNS requests from D-proxies 192.168.9.2, 192.168.9.3, and 172.16.5.1 all map to the identified group name, StickyGroup1. If no match is found in the sticky group table for an incoming D-proxy IP address, the GSS applies a user-specified global netmask to calculate a network address as the database key. In this example, DNS requests from 192.168.2.1 and 192.168.7.2 use the database entries keyed as 192.168.2.0 and 192.168.7.0 with a specified global netmask of 255.255.255.0.

Figure 8-1 Locating a Grouped Sticky Database Entry

Creating a DNS Sticky Group

To create a DNS sticky group, use the sticky group global server load-balancing command from the primary GSSM CLI to identify the name of the DNS sticky group and add an IP address block to the group. Use the no form of the command to delete a previously configured IP address block from a sticky group or to delete a sticky group.

You create sticky groups at the CLI of the primary GSSM to obtain better scalability of your configuration and to allow for ease of sticky group creation through automation scripts. The sticky groups are saved in the primary GSSM database and all GSS devices in the network receive the same sticky group configuration. You cannot create sticky groups using the CLI of a standby GSSM or individual GSS devices.

The syntax for this command is:

sticky group groupname ip ip-address netmask netmask

The options and variables are:

groupname—Enter a unique alphanumeric name for the DNS sticky group with a maximum of 80 characters. Names that include spaces are not allowed.

ip ip-address—The IP address block specified in dotted-decimal notation (for example, 192.168.9.0).

netmask netmask—The subnet mask of the IP address block specified in dotted-decimal notation (for example, 255.255.255.0).

This example shows how to create a sticky group called StickyGroup1 with an IP address block of 192.168.9.0 255.255.255.0: 

gssm1.example.com# config

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# sticky group StickyGroup1 ip 
192.168.9.0 netmask 255.255.255.0

Reenter the sticky group command if you want to perform one of the following tasks:

Add multiple IP address blocks to a DNS sticky group

Create additional DNS sticky groups

Each sticky group can have a maximum of 30 blocks of defined IP addresses and subnet masks. The GSS prohibits duplication of IP addresses and subnet masks among DNS sticky groups.

Deleting a Sticky Group IP Address Block

To delete a previously configured IP address block from a sticky group, use the no form of the sticky group ip command. For example: 

gssm1.example.com# config

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# no sticky group StickyGroup1 ip 
192.168.3.0 netmask 255.255.255.0

Deleting a Sticky Group

To delete a sticky group, use the no form of the sticky group command. For example: 

gssm1.example.com# config

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# no sticky group StickyGroup1

Deleting Entries from the Sticky Database

You can remove entries from the sticky database of each GSS device by using the sticky database delete command. When operating in a global sticky configuration, the result of the sticky database delete command propagates throughout the GSS mesh to maintain synchronization between the peers in the GSS network.

Caution Use the sticky database delete all command in special circumstances when you want to remove all entries from the sticky database in order to have an empty database. Ensure that you want to permanently delete entries from the sticky database before you enter this command. You cannot retrieve sticky database entries once you delete them.

To view the entries in the sticky database to identify the sticky entries that you want to delete, use the show sticky database command (refer to the "Displaying Sticky Database Status" section in Chapter 12, Displaying GSS Global Server Load-Balancing Statistics).

Use the sticky database delete command to remove entries from the sticky database. The syntax for this command is:

sticky database delete {all | answer {name/ip_address} | domain {name} | domain-list {name} | group {name} | inactive minimum {minutes} maximum {minutes} | ip {ip_address} netmask {netmask} | rule {rule_name}}

The options and variables are:

all—Removes all entries from the sticky database memory. The prompt Are you sure? appears to confirm the deletion of all database entries. Specify y to delete all entries or n to cancel the deletion operation.

answer name/ip_address—Removes all sticky entries related to a particular answer. Specify the name of the answer. If there is no name for the answer, specify the IP address of the sticky answer in dotted-decimal notation (for example, 192.168.9.0).

domain name—Removes all sticky entries related to a domain. Specify the exact name of a previously created domain.

domain-list name—Removes all sticky entries related to a domain list. Specify the exact name of a previously created domain list.

group name—Removes all sticky entries related to a sticky group. Specify the exact name of a previously created sticky group.

inactive minimum minutes maximum minutes—Removes all sticky entries that have not received a lookup request by a client D-proxy in the specified minimum and maximum time interval. Valid entries are 0 to 10100 minutes. If you do not specify a maximum value, the GSS deletes all entries that have been inactive for the specified minimum value or longer. The GSS returns an error if one of the following situations occur:

The maximum value is set to a value that is less than the minimum value.

The minimum and maximum values are not within the allowable range of values for the sticky inactivity timeout.

ip ip_address netmask netmask—Removes all sticky entries related to a D-proxy IP address and subnet mask. Specify the IP address of the requesting client's D-proxy in dotted-decimal notation (for example, 192.168.9.0) and specify the subnet mask in dotted-decimal notation (for example, 255.255.255.0).

rule rulename—Removes all sticky entries related to a DNS rule. Specify the exact name of a previously created DNS rule.

For example, to remove the D-proxy IP address 192.168.8.0 and subnet mask 255.255.255.0, enter: 

gssm1.example.com# sticky database delete ip 192.168.8.0 netmask 
255.255.255.0

Dumping Sticky Database Entries

The GSS automatically dumps sticky database entries to a backup file on disk approximately every 20 minutes. The GSS uses this backup file to initialize the sticky database upon system restart or reboot to enable the GSS to recover the contents of the database. When global sticky is enabled, the GSS restores from the database dump file any time it reenters the mesh and cannot retrieve the sticky database contents from a GSS peer in the mesh.

If desired, you can dump all entries or selected entries from the sticky database to a named file as a user-initiated backup file. You can then use the ftp command in EXEC or global configuration mode to launch the FTP client and transfer the file to and from remote machines.

To view the entire contents of a sticky database XML output file from the GSS, use the type command. Refer to the Cisco Global Site Selector Administration Guide for details about displaying the contents of a file.

The GSS includes a number of options to provide a level of granularity for dumping entries from the sticky database. The GSS supports binary and XML output formats. Optionally, you can specify the entry type filter to clarify the information dumped from the sticky database.

If you specify a format but do not specify an entry type, the GSS automatically dumps all entries from the sticky database.

If you attempt to overwrite an existing sticky database dump file with the same filename, the GSS displays the following message: Sticky Database dump failed, a file with that name already exists.

Use the sticky database dump command to output entries from the sticky database. The syntax for this command is:

sticky database dump {filename} format {binary | xml} entry-type {all | group | ip}

The options and variables are:

filename—The name of the output file containing the sticky database entries on the GSS disk. This file resides in the /home directory.

format—Dumps the sticky database entries in binary or XML format. Select the binary encoding as the format type if you intend to load the contents of the file into the sticky database of another GSS. The valid entries are:

binary—Dumps the assigned sticky entries in true binary format. This file can be used only with the sticky database load command.

xml—Dumps the assigned sticky entries in XML format. The contents of an XML file includes the data fields and the data descriptions. The contents of this file can be viewed using the type command. See "Sticky and Proximity XML Schema Files" for information on defining how content appears in output XML files.

Note Dumping sticky database entries in XML format can be a resource intensive operation and may take from two to four minutes to complete depending on the size of the sticky database and the GSS platform in use. We recommend that you do not perform a sticky database dump in XML format during the routine operation of the GSS to avoid a degradation in performance.

entry-type—Specifies the type of sticky database entries to dump. The valid entries are:

all—Dumps all entries from the sticky database

group—Dumps all entries that have sticky group IDs from the database

ip—Dumps all entries that have source IP addresses from the database

This example shows how to dump the D-proxy source IP addresses from the sticky database to the sdb2004_06_30 file in XML format. For large numbers of entries, progress messages may appear. 

gssm1.example.com# sticky database dump sdb2004_06_30 format xml 
entry-type ip

Starting Sticky Database dump.


gssm1.example.com# sticky database dump sdb2004_06_30 format xml 
entry-type ip

Sticky Database dump is in progress...

Sticky Database has dumped 15678 of 34512 entries


gssm1.example.com# sticky database dump sdb2004_06_30 format xml 
entry-type ip

Sticky Database dump completed. The number of dumped entries: 34512

gssm1.example.com#


When the dump finishes, a "completed" message displays and the CLI prompt reappears.

Running a Periodic Sticky Database Backup

You can instruct the GSS to dump sticky database entries to an output file on the GSS disk prior to the scheduled time. You may want to initiate a sticky database dump as a database recovery method to ensure that you store the latest sticky database entries prior to shutting down the GSS.

To force an immediate backup of the sticky database residing in GSS memory, use the sticky database periodic-backup now command. The GSS sends the sticky database entries to the system dump file as the sticky database file. Upon a reboot or restart, the GSS reads this file and loads the contents to initialize the sticky database at boot time.

The syntax for this command is:

sticky database periodic-backup now

For example, enter: 

gssm1.example.com# sticky database periodic-backup now

Loading Sticky Database Entries

The GSS supports the loading and merging of sticky database entries from a file into the existing sticky database in GSS memory. The sticky database merge capability supports the addition of entries from one GSS into another GSS. The file must be in binary format for loading into GSS memory.

The GSS validates the loaded database entries, checks the software version for compatibility, and then adds the sticky database entries in memory. The GSS does not overwrite duplicate entries in the sticky database.

Use the sticky database load command to load and merge a sticky database from disk into the existing sticky database in GSS memory. The syntax for this command is:

sticky database load filename

Note If you prefer to load and replace all sticky database entries from a GSS instead of merging the entries with the existing sticky database, first enter the sticky database delete all command to remove all entries from sticky database memory before you enter the sticky database load command.

Specify the name of the sticky database file to load and merge with the existing sticky database on the GSS device. The file must be in binary format for loading into GSS memory (see the "Dumping Sticky Database Entries" section). Use the ftp command in EXEC or global configuration mode to launch the FTP client and transfer the sticky database file to the GSS from a remote GSS.

This example shows how to load and merge the entries from the GSS3SDB file with the existing entries in the GSS sticky database: 

gssm1.example.com# sticky database load GSS3SDB

Disabling DNS Sticky Locally on a GSS for Troubleshooting

You can disable DNS sticky for a single GSS when you need to locally override the globally-enabled sticky option to troubleshoot or debug the device. The GSS does not store the local-disable setting in its running-configuration file. When you restart the device and sticky has been enabled from the primary GSSM, the GSS reenables DNS sticky.

Use the sticky stop and sticky start commands to locally override the sticky enable option of the primary GSSM.

When you enter the sticky stop command, the GSS immediately stops the following operations:

Sticky lookups in the sticky database

Accessing the sticky database for new requests

Periodic sticky database dumps

Sticky database entry age-out process

The GSS continues to answer DNS requests according to the DNS rules and keepalive status.

When you locally disable sticky on a GSS, sticky remains disabled until you perform one of the following actions:

Enter the sticky start CLI command.

Enter a gss restart CLI command to restart the GSS software.

Enter a reload CLI command to perform a cold restart of the GSS device.

If you are using global DNS sticky in your network, upon reentry of the GSS device into the peer mesh, the GSS attempts to synchronize the database entries with the other peers in the mesh. The GSS queries each peer to find the closest up-to-date sticky database. If no update is available from a peer, the GSS initializes the sticky database entries from the previously saved database on disk if a file is present and valid. Otherwise, the GSS starts with an empty sticky database.

This example shows how to use the sticky stop command to locally disable DNS sticky on a GSS device: 

gssm1.example.com# sticky stop

This example shows how to use the sticky start command to locally reenable DNS on the GSS device: 

gssm1.example.com# sticky start