-
Cisco GSS GUI-Based Global Server Load-Balancing Configuration Guide (Software Version 1.3)
-
Index
-
Preface
-
Introducing the Global Site Selector
-
Configuring Resources
-
Configuring Source Address Lists
-
Configuring Domain Lists
-
Configuring Keepalives
-
Configuring Answers and Answer Groups
-
Building and Modifying DNS Rules
-
Configuring DNS Sticky
-
Configuring Network Proximity
-
Monitoring GSS Global Server Load-Balancing Operation
-
Primary GSSM Global Server Load-Balancing Error Messages
-
Sticky and Proximity XML Schema Files
-
Glossary
-
Table Of Contents
Proximity Network Design Guidelines
Network Proximity Quick Start Guide
Configuring a Cisco Router as a DRP Agent
Choosing a Cisco Router as a DRP Agent
Cisco IOS Release 12.1 Interoperability Considerations
Synchronizing the GSS System Clock with an NTP Server
Creating Zones Using the Primary GSSM GUI
Associating a Proximity Zone With a Location
Associating a Proximity-Based Location with an Answer
Configuring Proximity Using the Primary GSSM GUI
Using the DNS Rule Builder to Add Proximity to a DNS Rule
Configuring Proximity Using the GSS CLI
Logging in to the CLI and Enabling Privileged EXEC Mode
Deleting a Proximity Group IP Address Block
Configuring Static Proximity Database Entries
Adding Static Proximity Entries
Deleting Static Entries from the Proximity Database
Deleting Entries from the Proximity Database
Dumping Proximity Database Entries to a File
Running a Periodic Proximity Database Backup
Loading Proximity Database Entries
Initiating Probing for a D-proxy Address
Disabling Proximity Locally on a GSS for Troubleshooting
Configuring Network Proximity
This chapter describes how to configure a Global Site Selector to perform network proximity to determine the best (most proximate) resource for handling global load-balancing requests.
This chapter contains the following major sections:
•
Proximity Network Design Guidelines
•
•
•
•
•
•
•
•
Each GSS supports a comprehensive set of show CLI commands to display network proximity statistics for the device. In addition, the primary GSSM GUI displays statistics about proximity operation for the GSS network. Refer to Chapter 10, Monitoring GSS Global Server Load-Balancing Operation for details about viewing network proximity statistics.
Network Proximity Overview
The GSS responds to DNS requests with the most proximate answers (resources) relative to the requesting D-proxy. In this context, proximity refers to the distance or delay in terms of network topology, not geographical distance, between the requesting client's D-proxy and its answer.
To determine the most proximate answer, the GSS communicates with a probing device, a Cisco IOS-based router, located in each proximity zone to gather round-trip time (RTT) metric information measured between the requesting client's D-proxy and the zone. Each GSS directs client requests to an available server with the lowest RTT value.
The proximity selection process is initiated as part of the DNS rule balance method clause. When a request matches the DNS rule and balance clause with proximity enabled, the GSS responds with the most proximate answer.
This section describes the major functions in GSS network proximity:
Proximity Zones
A network can be logically partioned into "zones" based on the arrangement of devices and network partioned characteristics. A zone can be geographically related to data centers in a continent, a country, or a major city. All devices, such as web servers in a data center, that are located in the same zone have the same proximity value when communicating with other areas of the Internet.
You can configure a GSS proximity network with up to 32 zones. Within each zone, there is an active probing device that is configured to accept probing instructions from any GSS device. Probing refers to the process of measuring RTT from one probing device to a requesting D-proxy.
A location is a method to logically group devices in data centers for administrative purposes. A location can represent a physical point, such as a building or a rack. When you use the GSS to perform network proximity, each location must be assigned to a zone. In addition, you assign each answer used in a GSS proximity DNS rule to a location that is associated with a zone. This configuration hierarchy informs the GSS about resources when determining the most proximate answer.
Probe Management and Probing
Probe management is the intelligence behind each GSS device's interaction with the probing device in a zone. Within each zone, there must be at least one probing device and, optionally, a backup probing device. Upon failure of the primary probing device, the probes are redirected to the backup device. Once the primary probing device becomes available, probes are redirected back to the primary probing device.
The GSS uses Director Response Protocol (DRP) to communicate with the probing devices, called DRP agents, in each zone. DRP is a general User Datagram Protocol (UDP)-based query and response information exchange protocol developed by Cisco Systems. You can use any Cisco router as the probing device in a zone that is capable of supporting the DRP agent software and can measure ICMP or TCP RTT. The GSS communicates with the Cisco IOS-based router using the DRP RTT query and response method.
Each DRP agent accepts probing instructions from the GSS and returns probing results to the GSS based on the DRP protocol. DRP allows for the authentication of packets exchanged between the DRP agent and the GSS.
The GSS transmits DRP queries to one or more probing devices in the GSS network, instructing the DRP agent in the probing device to probe specific D-proxy IP addresses. Each probing device responds to the query by using a standard protocol, such as ICMP or TCP, to measure the RTT between the DRP agent in the zone and the IP address of the requesting client's D-proxy device.
When the GSS receives a request from a D-proxy, it decides if it can provide a proximate answer. If the GSS is unable to determine a proximate answer from the proximity database (PDB), it sends a probe to one or more probing devices to get proximity information between those probing devices and the new D-proxy. After the GSS receives the probing results, it adds the RTT information to the PDB.
Figure 9-1 illustrates the probing process between a GSS (DRP client) and a probing device (DRP agent).
Figure 9-1
DRP Communication in a GSS Network
The GSS supports two type of probing methods:
•
•
Note
Proximity Database
The proximity database (PDB) provides the core intelligence for all proximity-based decisions made by a GSS. Proximity lookup occurs when a DNS rule is matched and the associated clause has the proximity option enabled. When the GSS receives a request from a D-proxy and decides that a proximity response should be provided, the GSS identifies the most proximate answer (the answer with the smallest RTT time) from the PDB residing in GSS memory and sends that answer to the requesting D-proxy. If the PDB is unable to determine a proximate answer, the GSS collects the zone-specific RTT results, measured from probing devices in every zone in the proximity network, and puts the results in the PDB.
For example, a GSS communicates with three zones to determine the most proximate answer and receives the following RTT values from the probing devices in each zone to a particular client D-proxy:
•
•
•
From the three RTT values in the PDB, the GSS selects Zone1 as the most proximate zone for the client's D-proxy request because it has the smallest RTT value.
The GSS supports a maximum of 500,000 D-proxy IP address entries in the PDB table, both dynamic and static entries. The GSS creates dynamic entries in the PDB as the result of requests for new D-proxy IP addresses. If required, you can add static entries to the PDB by specifying permanent RTT values (gathered by other means), and optionally, alternative IP addresses to probe.
The primary GSSM supports the creation of proximity groups which allow you to configure multiple blocks of D-proxy IP addresses that each GSS device stores in its PDB as a single entry. Instead of multiple PDB entries, the GSS uses only one entry in the PDB for multiple D-proxies. The GSS treats all D-proxies in a proximity group as a single D-proxy when responding to DNS requests with the most proximate answers. Requests from D-proxies within the same proximity group receive the RTT values from the database entry for the group. The benefits of proximity grouping include less probing activities performed by the GSS, less space required for the PDB, and user flexibility in assigning alternative probing targets or static proximity metrics to a group.
The dynamic entries in the PDB age-out based on the user-specified global inactivity setting to keep the PDB size manageable. The inactivity timeout setting defines the maximum period of time that can occur without a PDB entry receiving a lookup request, after which the GSS deletes the entry from the PDB.
When the total number of entries in the PDB exceeds 480,000, the GSS automatically removes the least recently used entries. The GSS determines the least recently used entries as those dynamic entries in the PDB that have not been hit within a fixed cutoff time of 60 minutes (one hour). The GSS does not automatically remove static entries from the PDB. You must manually delete PDB static entries from the GSS CLI.
When the PDB reaches a maximum of 500,000 entries, the GSS does not add entries to the PDB and any new requests for answers result in a failure. The GSS tracks how many entries are dropped because the maximum limit has been reached. Once the number of PDB entries drops below 500,000, the GSS resumes adding new entries to the PDB.
Example of Network Proximity
The process outlined below describes how the GSS interacts with the probing devices in multiple zones to perform network proximity. See Figure 9-2 for an illustration of the following steps.
1.
2.
3.
4.
5.
6.
7.
Figure 9-2
Network Proximity Using the Cisco Global Site Selector
Proximity Network Design Guidelines
When developing your proximity network, plan it appropriately to ensure you include a sufficient number of GSS devices to support the expected load. Follow these guidelines when designing your proximity network:
•
•
•
•
–
–
To use an answer group with a proximity balance method, answers in the answer group must be contained in locations that are tied to a zone.
Network Proximity Quick Start Guide
Table 9-1 provides a quick overview of the steps required to configure the GSS for proximity network operation. Each step includes the primary GSSM GUI page or the GSS CLI command required to complete the task. For the procedures to configure the GSS for proximity, see the sections following the table.
Configuring a Cisco Router as a DRP Agent
When you enable DRP on a Cisco router, the router gains the additional functionality of operating as a DRP agent in the GSS network. A DRP agent can communicate with multiple GSSs and support multiple distributed servers.
This section includes the following background information about choosing and configuring the Cisco router in each proximity zone as a DRP agent:
•
•
Choosing a Cisco Router as a DRP Agent
When selecting a Cisco router as the DRP agent in a zone, ensure the following:
•
•
Configuring the DRP Agent
To configure and maintain the DRP agent in the Cisco IOS-based router, perform the tasks described in the "Configuring IP Services" chapter, the "Configuring a DRP Server Agent" section, of the Cisco IOS IP Configuration Guide. The Cisco IOS-based router must support the DRP protocol in a proximity zone. DRP is supported in the following Cisco IOS release trains: 12.1, 12.1E, 12.2T, 12.2, 12.3, and later releases. ICMP probing is only supported in Cisco IOS release 12.2T, 12.3, and later.
The GSS operates with Cisco IOS-based routers using the following DRP RTT probing methods: TCP ("DRP Server Agent") and ICMP ("ICMP ECHO-based RTT probing by DRP agents"). "DRP Server Agent" and "ICMP ECHO-based RTT probing by DRP agents" are the Cisco IOS feature names as shown in the Cisco Feature Navigator II.
The following summarizes the steps required to configure a Cisco IOS-based router as a DRP agent:
1.
2.
3.
4.
Cisco IOS Release 12.1 Interoperability Considerations
If you use a GSS in a network proximity zone configuration with a Cisco router running IOS release 12.1, it is important to ensure the DRP authentication configuration is identical on both devices. For example, if you intend to perform DRP authentication between a GSS and a Cisco IOS 12.1 router, ensure that you properly enable and configure authentication on both devices. The same is true if you choose not to use DRP authentication; you disable authentication on both devices.In the case that you disable DRP authentication on a Cisco IOS 12.1 router but enable DRP authentication on a GSS, all measurement probes sent by a GSS to the Cisco IOS-based router will fail. This condition occurs because the Cisco IOS 12.1 router fails to recognize the DRP echo query packets sent by a GSS and the GSS cannot detect a potential failure of measurement packets sent to the router. In this case, the GSS identifies the Cisco IOS-based router as being ONLINE in its show statistics proximity probes detailed CLI command, yet the measurement response packets monitored in the Measure Rx field do not increment. Together, these two conditions may indicate a DRP authentication mismatch.
If DRP probe requests fails between the GSS and a Cisco router running IOS release 12.1, even when the GSS indicates that the router is ONLINE, verify the DRP authentication configurations on both the GSS and the Cisco router:
•
•
Modify the DRP authentication configuration on either the Cisco router running IOS release 12.1 or the primary GSSM GUI and make them consistent to avoid a DRP authentication mismatch.
Synchronizing the GSS System Clock with an NTP Server
We strongly recommend that you synchronize the system clock of each GSS device in your network with an Network Time Protocol (NTP) server. NTP is a protocol designed to synchronize the clocks of computers over a network with a dedicated time server.
Synchronizing the system clock of each GSS ensures that the PDB and probing mechanisms function properly by having the GSS internal system clock remain constant and accurate within the network. If the system clock of a GSS changes, this can affect the time stamp used by PDB entries and the probing mechnaism used in a GSS.
You must specify the NTP server(s) for each GSS device operating in the proximity network before you enable proximity for those devices from the primary GSSM GUI. This sequence ensures that the clocks of each GSS device are synchronized.
Note
Use the ntp-server global configuration mode command to specify one or more NTP servers for GSS clock synchronization. The syntax for this CLI command is:
ntp-server ip_or_host
The ip_or_host variable specifies the IP address or host name of the NTP time server in your network that provides the clock synchronization. You can specify a maximum of four IP addresses or host names. Enter the IP address in dotted-decimal notation (for example, 172.16.1.2) or a mnemonic host name (for example, myhost.mydomain.com).
Use the ntp enable global configuration mode command to enable the NTP service. The syntax of this CLI command is:
ntp enable
This example shows how to specify the IP addresses of two NTP time servers for a GSS device and to enable the NTP service:
gss1.example.com> enablegss1.example.com# configgss1.example.com(config)# ntp-server 172.16.1.2 172.16.1.3gss1.example.com(config)# ntp enableCreating Zones Using the Primary GSSM GUI
A proximity zone is a logical grouping of network devices that also contains one active probing device and a possible backup probing device. A zone can be geographically related to a continent, a country, or a major city. Each zone can include one or more locations. A location is a method to logically group collocated devices for administrative purposes.
During the proximity selection process, the GSS chooses the most proximate zones containing one or more valid answers based on RTT data received from probing devices configured in the zone. You can configure a proximity network with up to 32 zones.
This section includes the following procedures:
•
•
•
Creating a New Proximity Zone
To create a proximity zone from the primary GSSM GUI:
1.
2.
Figure 9-3 Zones List Page
3.
Figure 9-4 Creating New Zone Detail Page
4.
5.
6.
7.
8.
Modifying a Proximity Zone
To modify a proximity zone from the primary GSSM GUI:
1.
2.
3.
Figure 9-5 Modifying Zone Details Page
4.
Note
5.
Deleting a Proximity Zone
To delete a proximity zone from the primary GSSM GUI:
1.
2.
3.
4.
5.
Associating a Proximity Zone With a Location
To associate a proximity zone with a location:
1.
2.
Figure 9-6 Locations List Page
3.
Figure 9-7 Creating New Location Details Page
4.
5.
Associating a Proximity-Based Location with an Answer
To assign a location that is associated with a proximity zone to an answer:
1.
2.
Figure 9-8 Answers List Page
3.
Figure 9-9 Creating New Answer Details Page
4.
5.
6.
7.
8.
9.
Configuring Proximity Using the Primary GSSM GUI
This section discusses how to configure the GSS for network proximity operation from the primary GSSM GUI and how to add proximity to a DNS rule in the DNS Rule Builder. It includes the following procedures:
•
Configuring Proximity
The GSS includes a set of proximity settings that function as the default values used by the GSS network when you enable proximity in a DNS rule. You enable proximity and modify the global proximity setting for the GSS network using the fields on the Global Proximity Configuration details page of the Traffic Mgmt tab. Changing a global proximity setting and applying that change is immediate and modifies the default values of the proximity settings used by the DNS Rule Builder.
To configure proximity from the primary GSSM GUI:
1.
2.
Figure 9-10 Global Proximity Configuration Details Page
3.
4.
When you define a proximity group for incoming D-proxy addresses (see the "Creating Proximity Groups" section), if the incoming D-proxy address does not match any of the entries in a defined proximity group, then the GSS uses this global netmask value to calculate a grouped D-proxy network address.
5.
6.
For example, with an Equivalence Window setting of 20 percent and a series of returned RTT values:
•
•
•
The GSS determines that Zone1 has the lowest RTT value. In this case, the GSS adds 20 percent (20 ms) to the RTT value to make Zone 1 and 2 equally proximate in regards to the GSS selecting an answer. The RTT equivalence window range is from 100 ms to 120 ms, and the GSS considers any zone that returns an RTT value in that range to be equally proximate.
Use this parameter to adjust the granularity of the proximity decision process. Enter an equivalence window value from 0 to 100 percent. The default value is 20 percent.
7.
8.
•
•
9.
a.
b.
c.
Use this parameter to adjust the granularity of the proximity decision process. Enter an acceptable RTT value from 50 to 500 ms. The default value is 100 ms.
10.
Use this parameter to adjust the granularity of the proximity decision process. Enter a percentage of zones from 3 to 100 percent. The default value is 40 percent.
Note
11.
•
•
The default setting is Disabled.
12.
•
•
The default setting is Disabled.
13.
Creating DRP Keys
DRP supports the authentication of packets exchanged between the DRP agent (probing device) and the DRP client (the GSS). To enable DRP authentication for network proximity, create one or more DRP keys. Each DRP key contains a key identification number and a key authentication string. The primary GSSM GUI supports a maximum of 32 keys.
The DRP key is stored locally on each GSS in the network. The key functions as an encrypted password to help prevent DRP-based denial-of-service attacks, which can be a security threat. Each GSS generates DRP packets that contain all of the configured keys and sends the packets to the DRP agent in each configured zone. The DRP agent in each probing device examines the packet for a matching key (see the "Configuring the DRP Agent" section). If it finds a matching key, the DRP agent considers the DRP connection as authentic and accepts the packet.
To create a DRP authentication key:
1.
2.
3.
Figure 9-11 Creating New DRP Key Details Page
4.
•
•
5.
6.
7.
Deleting DRP Keys
To remove DRP authentication keys:
1.
2.
3.
Figure 9-12 Remove DRP Key Details Page
4.
Using the DNS Rule Builder to Add Proximity to a DNS Rule
After you configure network proximity from the primary GSSM GUI, add proximity to a DNS rule for VIP-type answer groups using the DNS Rule Builder. The balance method configured in the matched clause of the DNS rule determines which answer the GSS selects when multiple valid answers are present in the most proximate zones, and returns this answer as the DNS response to the requesting D-proxy. If the GSS does not find an answer, it evaluates the other balance methods in the DNS rule to choose a new answer.
The GSS supports proximity in a DNS rule with the following balance methods:
•
•
•
•
You can configure proximity individually for the three balance clauses in a DNS rule. Proximity lookup occurs when the DNS rule is matched and the associated clause has the proximity option enabled. When the GSS receives a request from a D-proxy and decides that a proximity response should be provided, the GSS identifies the most proximate answer (the answer with the smallest RTT time) from the PDB residing in GSS memory and sends that answer to the requesting D-proxy. If the PDB is unable to determine a proximate answer, the GSS collects the zone-specific RTT results, measured from probing devices in every zone in the proximity network, and puts the results in the PDB.
When there are no valid answers in the answer group of a proximity balance clause, the GSS skips that balance clause and moves on to the next clause listed in the DNS rule unless you specify a proximity Wait condition. In that case, the GSS waits to perform a proximity selection until it receives the appropriate RTT and zone information based on the proximity settings. The GSS does not return an answer to the requesting client's D-proxy until the GSS obtains sufficient proximity data to complete the selection process.
Note
To use the DNS Rule Builder to add proximity balance clauses to a DNS rule:
1.
Figure 9-13 DNS Rules List Page
2.
Figure 9-14 Create New DNS Rule Window
3.
4.
•
•
5.
•
•
–
–
–
Enter an acceptable RTT value from 50 to 500 ms. The default value is 100 ms.
•
Enter a percentage of zones from 3 to 100 percent. The default value is 40 percent.
•
–
–
–
6.
7.
Configuring Proximity Using the GSS CLI
This section describes how to configure a GSS device for network proximity operation from the CLI. From the primary GSSM CLI, you can create proximity groups to obtain better scalability of your GSS proximity configuration and to allow for ease of proximity group creation through automation scripts. You can also use the CLI of each GSS in your proximity network to perform PDB activities on an individual GSS basis, such as configuring static proximity entries, removing PDB entries from GSS memory, dumping entries from the PDB to a named file, forcing an immediate backup of the PDB, or loading and merging PDB from a file.
The section includes the following procedures:
•
•
•
•
•
Logging in to the CLI and Enabling Privileged EXEC Mode
Note
To log in to a GSS device and enable privileged EXEC mode at the CLI:
1.
2.
Otherwise, if you are using a direct serial connection between your terminal and the GSS device, use a terminal emulation program to access the GSS CLI.
For details about making a direct connection to the GSS device using a dedicated terminal and about establishing a remote connection using SSH or Telnet, refer to the Cisco Global Site Selector Getting Started Guide.
3.
gss1.example.com>4.
gss1.example.com> enablegss1.example.com#Creating Proximity Groups
This section includes the following topics:
•
Proximity Group Overview
The primary GSSM supports the creation of proximity groups. A proximity group allows you to configure multiple blocks of D-proxy IP addresses that each GSS device stores in its PDB as a single entry. Instead of multiple PDB entries, the GSS uses only one entry in the PDB for multiple D-proxies. The GSS treats all D-proxies in a proximity group as a single D-proxy when responding to DNS requests with the most proximate answers. Requests from D-proxies within the same proximity group receive the RTT values from the database entry for the group.
You create proximity groups from the primary GSSM CLI to obtain better scalability of your configuration and to allow for ease of proximity group creation through automation scripts. The primary GSSM supports a maximum of 5000 proximity groups. Each proximity group contains one to 30 blocks of IP addresses and subnet masks (in dotted-decimal format).
The benefits of proximity grouping include the following:
•
•
•
In addition to creating proximity groups of multiple D-proxy IP addresses from the CLI, you can configure a global netmask from the primary GSSM GUI to uniformly group contiguous D-proxies (see the "Configuring Proximity" section). The global netmask is used by the GSS device when no proximity group matches the incoming D-proxy address. The GSS uses the full incoming D-proxy IP address (255.255.255.255) and the global netmask as the key to look up the proximity database. The default global mask is 255.255.255.255.
Figure 9-15 illustrates how through proximity group entries 192.168.9.0/24 and 172.16.5.1/32, the DNS requests from D-proxies 192.168.9.2, 192.168.9.3, and 172.16.5.1 all map to the identified group name, ProxyGroup1. If no match is found in the PDB for an incoming D-proxy IP address, the GSS applies a user-specified global netmask to calculate a network address as the database key. In this example, DNS requests from 192.168.2.1 and 192.168.7.2 use the database entries keyed as 192.168.2.0 and 192.168.7.0 with a specified global netmask of 255.255.255.0.
Figure 9-15 Locating a Grouped Proximity Database Entry
Creating a Proximity Group
To create a proximity group, use the proximity group global server load-balancing configuration mode command from the primary GSSM CLI to identify the name of the proximity group and add an IP address block to the group. Use the no form of the command to delete a previously configured IP address block from a proximity group or to delete a proximity group.
You create proximity groups at the CLI of the primary GSSM to obtain better scalability of your configuration and to allow for ease of proximity group creation through automation scripts. The proximity groups are saved in the primary GSSM database and all GSS devices in the network receive the same proximity group configuration. You cannot create proximity groups at the CLI of a standby GSSM or individual GSS devices.
The syntax for this command is:
proximity group {groupname} ip {ip-address} netmask {netmask}
The options and variables are:
•
•
•
This example shows how to create a proximity group called ProxyGroup1 with an IP address block of 192.168.9.0 255.255.255.0:
gssm1.example.com# configgssm1.example.com(config)# gslbgssm1.example.com(config-gslb)# proximity group ProxyGroup1 ip 192.168.9.0 netmask 255.255.255.0Reenter the proximity group command if you want to perform the following:
•
•
Each proximity group can have a maximum of 30 blocks of defined IP addresses and subnet masks. The GSS prohibits duplication of IP addresses and subnet masks among proximity groups.
Deleting a Proximity Group IP Address Block
To delete a previously configured IP address block from a proximity group, use the no form of the proximity group command. For example:
gssm1.example.com# configgssm1.example.com(config)# gslbgssm1.example.com(config-gslb)# no proximity group ProxyGroup1 IP 192.168.9.0 netmask 255.255.255.0Deleting a Proximity Group
To delete a proximity group and all configured IP address blocks, use the no form of the proximity group command. For example:
gssm1.example.com# configgssm1.example.com(config)# gslbgssm1.example.com(config-gslb)# no proximity group ProxyGroup1Configuring Static Proximity Database Entries
This section describes how to configure static entries in the PDB. It includes the following procedures:
•
•
Adding Static Proximity Entries
Entries in the PDB can be both dynamic and static. The GSS creates dynamic entries in the PDB as the result of requests from new D-proxy IP addresses. If you find that you need to configure static proximity metrics for zones in your GSS network or to assign probing devices to specific D-proxies, define a series of static entries in the PDB by using the proximity assign global server load-balancing configuration mode command. If the same entry, dynamic or static, already exists in the proximity database, the GSS will overwrite that entry with the newly assigned entry. You can use automation scripts if you intend to add numerous static entries in the PDB of each GSS.
You can also successfully add static proximity entries on the primary GSS. However, you cannot add entries by zone on any other GSS. When you attempt to use static entries locally and configure them separately on each GSS using the proximity assign CLI command, the GSS responds that this command is valid only on the primary GSSM.
Note
Static entries in the PDB do not age out and remain in the PDB until you delete them. In addition, static entries are not subject to the automatic database cleanup of least recently used entries when the PDB size is almost at the maximum number of entries. Use the no form of the proximity assign command to delete static entries from the PDB.
You can specify permanent RTT values for the static entries. When the GSS uses permanent RTT values, it does not perform active probing with the DRP agent. Instead of RTT values, you can specify alternative IP addresses as targets for probing by the probing devices to obtain RTT data. The GSS probes the alternative probe target for requests from D-proxies matching these static entries.
Static entries in the PDB are either static RTT-filled or probe-target IP-filled.
To create static entries in the PDB, use the proximity assign global server load-balancing configuration mode command. The syntax for this command is:
proximity assign {group {groupname}} | ip {entryaddress} | [probe-target {ip-address} | zone-data {"zoneId:RTT"}]
Note
The options and variable are:
•
•
•
•
This example shows how to configure an alternative probing target for the proximity group ISP1:
gssm1.example.com# configgssm1.example.com(config)# gslbgssm1.example.com(config-gslb)# proximity assign group ISP1 probe-target 192.168.2.2This example shows how to configure an alternative probing target for D-proxy subnet 192.168.8.0 (assuming the global mask configuration is 255.255.255.0):
gssm1.example.com# configgssm1.example.com(config)# gslbgssm1.example.com(config-gslb)# proximity assign ip 192.168.8.0 probe-target 192.168.2.2This example shows how to configure static RTT metrics for the proximity group ISP2 using zone indexes created previously through the primary GSSM GUI:
gssm1.example.com# configgssm1.example.com(config)# gslbgssm1.example.com(config-gslb)# proximity assign group ISP2 zone-data "1:100,2:200,3:300,4:400,5:500"This example shows how to configure static RTT metrics for D-proxy subnet 192.168.8.0 (assuming the global mask configuration is 255.255.255.0):
gssm1.example.com# configgssm1.example.com(config)# gslbgssm1.example.com(config-gslb)# proximity assign ip 192.168.8.0 zone-data "1:100,2:200,3:300,4:400,5:500"Deleting Static Entries from the Proximity Database
The GSS allows you to remove entries from the PDB of each GSS device through the CLI. To delete static entries from the PDB in GSS memory, use the no form of the proximity assign global server load-balancing configuration mode command.
Note
This example shows how to delete static RTT entries for the proximity group ISP1:
gssm1.example.com# configgssm1.example.com(config)# gslbgssm1.example.com(config-gslb)# no proximity assign group ISP1 zone-data "1:100,2:200,3:300,4:400,5:500"Deleting Entries from the Proximity Database
You can remove PDB entries from GSS memory by using the proximity database delete CLI command. This command, however, does not delete PDB entries saved as part of an automatic dump to a backup file on disk, which the GSS loads upon a reboot or restart to initialize the PDB. To ensure that you successfully remove the desired PDB entries from both GSS memory and disk, enter the proximity database delete command followed by the proximity database periodic-backup now command to force an immediate backup of the empty PDB residing in GSS memory.
The syntax for this command is:
proximity database delete {all | assigned | group {name} | inactive minutes | ip {ip-address} netmask {netmask} | no-rtt | probed}
The options and variables are
•
Caution
•
•
•
•
•
•
For example, to remove the D-proxy IP address 192.168.8.0 and subnet mask 255.255.255.0, enter:
gss1.example.com# proximity database delete ip 192.168.8.0 255.255.255.0Dumping Proximity Database Entries to a File
The GSS automatically dumps PDB entries to a backup file on disk approximately every hour. The GSS uses this backup file to initialize the PDB upon system restart or reboot to enable the GSS to recover the contents of the database.
If desired, you can dump all or selected entries from the PDB to a named file as a user-initiated backup file. You can then use the ftp command in EXEC or global configuration mode to launch the FTP client and transfer the file to a remote machine.
To view the entire contents of a PDB XML output file from the GSS, use the type command. Refer to the Cisco Global Site Selector Administration Guide for details about displaying the contents of a file.
The GSS includes a number of options to provide a level of granularity for dumping entries from the PDB. The GSS supports binary and Extensible Markup Language (XML) output formats. Optionally, you can specify filters, such as PDB entry type and entry IP network address, to clarify the information dumped from the PDB. PDB entry types can be either statically entered (see the "Configuring Static Proximity Database Entries" section) or dynamically learned by the GSS. You can instruct the GSS to dump both type of entries from the PDB. If you do not specify an entry type, the GSS automatically dumps all entries from the PDB.
If you attempt to overwrite an existing proximity database dump file with the same filename, the GSS displays the following messsage: Proximity Database dump failed, a file with that name already exists.
To dump entries contained in the PDB to a named file, use the proximity database dump command.
The syntax for this command is:
proximity database dump {filename} format {binary | xml} [entry-type {all | assigned | probed}] [entry-address {ip-address} netmask {netmask}]
The options and variables are:
•
•
–
–
Note
•
–
–
–
The default is all.
•
•
This example shows how to dump the dynamic PDB entries to a file named PDB2004_6_30 in XML format. If the dump is large, progress messages appear.
gss1.example.com# proximity database dump PDB2004_6_30 format xml entry-type probed entry-address 172.23.5.7 netmask 255.255.255.255 Starting Proximity Database dump.gss1.example.com# proximity database dump PDB2004_6_30 format xml entry-type probed entry-address 172.23.5.7 netmask 255.255.255.255 Proximity Database dump is in progress...Proximity Database has dumped 15678 of 34512 entriesgss1.example.com# proximity database dump PDB2004_6_30 format xml entry-type probed entry-address 172.23.5.7 netmask 255.255.255.255 Proximity Database dump completed. The number of dumped entries: 34512When the dump finishes, a "completed" message displays and the CLI prompt reappears.
Running a Periodic Proximity Database Backup
You can instruct the GSS to dump PDB entries to an output file on the GSS disk before the scheduled time. You may want to initiate a PDB dump as a database recovery method to ensure you store the latest PDB entries before shutting down the GSS.
To force an immediate backup of the PDB residing in GSS memory, use the proximity database periodic-backup now command. The GSS sends the PDB entries to the system dump file as the proximity database file. Upon a reboot or restart, the GSS reads this file and loads the contents to initialize the PDB at boot time.
The syntax for this command is:
proximity database periodic-backup now
For example, enter:
gss1.example.com# proximity database periodic backup nowLoading Proximity Database Entries
The GSS supports the loading and merging of a PDB from a file into the existing PDB in GSS memory. This PDB merge capability supports the conversion and migration of PDB entries from one GSS into the PDB of another GSS. The file must be in binary format for loading into GSS memory. Proximity RTT metrics loaded from the file replace overlapping entries that exist in the database and supplement the non-overlapping database entries.
To load a PDB from disk into GSS memory, use the proximity database load command. The syntax for this command is:
proximity database load filename format binary [override]
The options and variable are:
•
•
•
–
–
If you do not specify the override option, the GSS loads the most recent entries into memory, which will replace the older entries of the same type (dynamic or static) in the PDB. For example, the most recent dynamic entries replace the older dynamic entries in the PDB.
This example shows how to load the entries from the GSS3PDB file without overriding the existing entries in the GSS PDB:
gss1.example.com# proximity database load file GSS3PDB format binaryFor example, to override the same entries located in the existing GSS PDB, enter:
gss1.example.com# proximity database load GSS3PDB format binary overrideInitiating Probing for a D-proxy Address
The GSS sends a probe request to each configured probe device in a specified zone to obtain probe information (RTT values). The GSS uses the obtained probe information from the D-proxy to update the PDB entry if the entry can be found in the PDB.
There may be instances when you need to instruct the probing device in one or all zones (broadcast) to send a probe to a specific D-proxy address, obtain an RTT value, and save the entry in the PDB. To initiate direct probing to a specific D-proxy IP address or direct probing to one or more zones, use the proximity probe command.
The syntax for this command is:
proximity probe {dproxy_address} [zone {zoneId | all}]
The options and variables are:
•
•
•
For example, to instruct the probing device in zone 1 to send a probe to the D-proxy at 172.16.5.7, enter:
gss1.example.com# proximity probe 172.16.5.7 zone 1Disabling Proximity Locally on a GSS for Troubleshooting
You can disable proximity for a single GSS when you need to locally override the GUI-enabled proximity option. You may need to locally disable proximity on a GSS when you need to troubleshoot or debug the device.The GSS does not store the local disable setting in its running-config file.
When you enter the proximity stop command, the GSS immediately stops the following operations:
•
•
•
•
•
When you restart the device, the GSS reenables network proximity.
This example shows how to locally disable proximity on a GSS device using the proximity stop command:
gss1.example.com# proximity stopThis example shows how to locally reenable proximity on a GSS device, using the proximity start command:
gss1.example.com# proximity start
