Table Of Contents

Configuring Answers and Answer Groups

Configuring and Managing Answers

Logging in to the CLI and Enabling Privileged EXEC Mode

Configuring a VIP-Type Answer

Configuring Keepalive VIP Answers

Configuring ICMP Keepalive VIP Answers

Configuring TCP Keepalive VIP Answer Settings

Configuring HTTP HEAD Keepalive VIP Answer Settings

Configuring KAL-AP Keepalive VIP Answer Settings

Configuring Scripted Keepalive VIP Answers

Configuring Multiport Keepalives for a VIP Answer Type

Configuring a CRA-Type Answer

Configuring a Name Server-Type Answer

Modifying an Answer

Displaying Answer Properties

Suspending an Answer

Reactivating an Answer

Suspending or Reactivating All Answers in a Location

Managing Global Manual Reactivation of Answers in a GSS Mesh

Enabling the Global Manual Reactivation Function

Activating Operationally Suspended Answers

Deleting an Answer

Configuring and Modifying Answer Groups

Creating an Answer Group

Adding Answers to a CRA-Type Answer Group

Adding Answers to an NS-Type Answer Group

Adding Answers to a VIP-Type Answer Group

Modifying an Answer Group

Adding or Deleting an Authority Domain in an Answer Group

Suspending or Reactivating All Answers in an Answer Group

Suspending or Reactivating an Answer in an Answer Group

Suspending or Reactivating All Answers in Answer Groups Associated with an Owner

Displaying Answer Group Properties

Deleting an Answer Group

Where to Go Next

Configuring Answers and Answer Groups

---

This chapter describes how to create and configure answers and answer groups for your GSS network. It contains the following major sections:

•Configuring and Managing Answers

•Configuring and Modifying Answer Groups

•Where to Go Next

Configuring and Managing Answers

In a GSS network, an answer refers to the resources that respond to content queries. When you create an answer using the primary GSSM, you are identifying a resource on your GSS network to which queries can be directed. This resource provides the requesting client D-proxy with the address of a valid host to serve the request.

GSS answers include the following:

•VIP—Virtual IP (VIP) addresses associated with an SLB such as the Cisco ACE, Cisco CSS, Cisco CSM, Cisco IOS-compliant SLB, Cisco LocalDirector, a web server, a cache, or any other geographically dispersed device in a global network deployment.

•Name Server—Configured DNS name server on your network that can answer queries that the GSS cannot resolve.

•CRA—Content routing agents that use a resolution process called DNS race to send identical and simultaneous responses back to a user's D-proxy.

The GSS groups answers together as resource pools, also referred to as answer groups. From the available answer groups, the GSS can use a maximum of three possible response answer group and balance method clauses in a DNS rule to select the most appropriate resource that serves a user request. Each balance method provides a different algorithm for selecting one answer from a configured answer group. Each clause specifies that a particular answer group serve the request and a specific balance method be used to select the best resource from that answer group.

Depending on the type of answer, the GSS can further analyze DNS queries to choose the best host. For example, a request that is routed to a VIP associated with a Cisco CSS is routed to the best resource based on load and availability, as determined by the CSS. A request that is routed to a CRA is routed to the best resource based on proximity, as determined in a DNS race conducted by the GSS.

This section contains the following topics:

•Logging in to the CLI and Enabling Privileged EXEC Mode

•Configuring a VIP-Type Answer

•Configuring a CRA-Type Answer

•Configuring a Name Server-Type Answer

•Modifying an Answer

•Displaying Answer Properties

•Suspending an Answer

•Reactivating an Answer

•Suspending or Reactivating All Answers in a Location

•Managing Global Manual Reactivation of Answers in a GSS Mesh

•Deleting an Answer

Logging in to the CLI and Enabling Privileged EXEC Mode

---

Note To log in and enable privileged EXEC mode in the GSS, you must be a configured user with admin privileges. See the Cisco Global Site Selector Administration Guide for information on creating and managing user accounts.

---

To log in to the primary GSSM and enable privileged EXEC mode at the CLI, perform the following steps:

1. If you are remotely logging in to the primary GSSM through Telnet or SSH, enter the hostname or IP address of the GSSM to access the CLI.

Otherwise, if you are using a direct serial connection between your terminal and the GSSM, use a terminal emulation program to access the CLI. For details about making a direct connection to the GSS device using a dedicated terminal and about establishing a remote connection using SSH or Telnet, see the Cisco Global Site Selector Getting Started Guide.

2. Specify your GSS administrative username and password to log on to the GSSM. The CLI prompt appears.

gssm1.example.com> 

3. At the CLI prompt, enable privileged EXEC mode as follows:

gssm1.example.com> enable

gssm1.example.com# 

If you are accessing the GSS remotely using Telnet or SSH, the CLI prompts you for the enable password. The default password is default. For more information about the enable password and configuring a new password, see the Cisco Global Site Selector Getting Started Guide.

The prompt changes from the user-level EXEC right angle bracket (>) prompt to the privileged-level EXEC pound sign (#).

Configuring a VIP-Type Answer

When configuring a VIP-type answer, you can configure one of several different keepalive types or multiple keepalive types to test for that answer. See the "Configuring Multiport Keepalives for a VIP Answer Type" section for more information on configuring multiple keepalives to test for an answer. For a KAL-AP keepalive, configure shared keepalives before you configure your answer. See Chapter 5, Configuring Keepalives for more information on creating shared keepalives.

You can configure a VIP-type answer by using the answer vip ip_address command in global server load-balancing configuration mode.

The syntax of this command is as follows:

answer vip ip_address [activate | location name | manual-reactivation {enable | disable} | name name | suspend]

After you enter the answer vip ip_address command, the prompt changes to the answer vip configuration mode where you can optionally specify and configure keepalives for your VIP-type answer.

The keywords and arguments for this command are as follows:

•ip_address—VIP address field. Enter the VIP address to which the GSS will forward requests. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•activate—(Optional) Reactivates a suspended VIP answer. This is the default setting.

•location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources.

•manual-reactivation—(Optional) Determines whether the GSS reactivates the answer automatically when its state changes from offline to online or if you must manually reactivate the answer.

Use one of the following keywords with this option:

–enable—Enables the manual reactivation function. The GSS suspends the answer if it goes offline and changes its status to "operational suspend." The answer remains suspended until you reactivate it.

---

Note If you enable the manual reactivate function for an answer, you must also enable the global manual reactivate function for it to work (see the "Managing Global Manual Reactivation of Answers in a GSS Mesh" section).

---

–disable—Disables manual reactivation (default). If the answer goes offline, the GSS automatically reactivates the answer when it returns to an online state.

•name name—(Optional) Specifies a name for the VIP-type answer that you are creating. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•suspend—(Optional) Suspends an active VIP answer.

For example, to create a VIP answer called SEC-LONDON1, associate it with the London location, and enable the manual reactivation function, enter:

gssm1.example.com# config

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# answer vip 10.86.209.232 name SEC-LONDON1 location LONDON 
manual-reactivate enable

gssm1.example.com(config-ansvip[ans-ip])

To delete a VIP answer, enter:

gssm1.example.com# config

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# no answer vip 10.86.209.232 name SEC-LONDON1 location 
LONDON

gssm1.example.com(config-gslb)

For more information on modifying existing answers, see the "Modifying an Answer" section.

This section contains the following topics:

•Configuring Keepalive VIP Answers

•Configuring ICMP Keepalive VIP Answers

•Configuring TCP Keepalive VIP Answer Settings

•Configuring HTTP HEAD Keepalive VIP Answer Settings

•Configuring KAL-AP Keepalive VIP Answer Settings

•Configuring Scripted Keepalive VIP Answers

•Configuring Multiport Keepalives for a VIP Answer Type

Configuring Keepalive VIP Answers

After you create an answer, you can choose to configure one of a variety of different keepalive types or multiple keepalive types to test for that answer.

---

Note The default values used for each of the VIP keepalives are determined by the global keepalive property settings previously specified (see Chapter 5, Configuring Keepalives).

---

Configuring ICMP Keepalive VIP Answers

You can define the ICMP keepalives for your VIP answer by using the keepalive type icmp command in answer vip configuration mode. This command sends an ICMP echo message (ping) to the address specified for the VIP answer. The GSS determines the online status by the response received from the device, indicating simple connectivity to the network.

The syntax of this command is as follows:

keepalive type icmp [shared ip_address | retries number | successful-probes number]

The keywords and arguments for this command are as follows:

•shared ip_address—(Optional) Specifies the IP address of an existing ICMP shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). See Chapter 5, Configuring Keepalives, for more information on creating shared keepalives.

•retries number—(Optional) Specifies the number of times that the GSS retransmits an ICMP echo request packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

•successful-probes number—(Optional) Specifies the number of consecutive successful ICMP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

For example, to configure an ICMP keepalive for the VIP-type answer servicing VIP address 10.86.209.232, enter:

gssm1.example.com(config-gslb)# answer vip 10.86.209.232

gssm1.example.com(config-ansvip[ans-ip])# keepalive type icmp  
retries 2

gssm1.example.com(config-ansvip[ans-ip])#

See the "Configuring Multiport Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer.

Configuring TCP Keepalive VIP Answer Settings

You can define the TCP keepalive for your VIP answer by using the keepalive type tcp command in answer vip configuration mode. This command sends a TCP handshake to the address specified for the VIP answer and port number of the remote device to determine service viability (three-way handshake and connection termination method), returning the online status of the device.

The syntax of this command is as follows:

keepalive type tcp [shared ip_address | port number | retries number | successful-probes number | termination {graceful | reset}]

The keywords and arguments for this command are as follows:

•shared ip_address—(Optional) Specifies the IP address of an existing TCP shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). See Chapter 5, Configuring Keepalives for more information on creating shared keepalives.

•port number—(Optional) Specifies the port on the remote device that is to receive the TCP-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.

•retries number—(Optional) Specifies the number of times the GSS retransmits a TCP packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

•successful-probes number—(Optional) Specifies the number of consecutive successful TCP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

•termination —(Optional) Specifies one of the following TCP keepalive connection termination methods:

–graceful—The GSS initiates the graceful closing of a TCP connection by using the standard three-way connection termination method.

–reset—The GSS immediately terminates the TCP connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.

For example, to configure a TCP keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter:

gssm1.example.com(config-gslb)# answer vip 192.168.200.1

gssm1.example.com(config-ansvip[ans-ip])# keepalive type tcp port 23 successful-probes 4

gssm1.example.com(config-ansvip[ans-ip])#

See the "Configuring Multiport Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer.

Configuring HTTP HEAD Keepalive VIP Answer Settings

You can define the HTTP HEAD keepalive for your VIP answer by using the keepalive type http-head command in answer vip configuration mode. This command sends a TCP-format HTTP HEAD request to an origin web server at the address specified for the VIP answer. The GSS determines the online status of the device in the form of an HTTP Response Status Code of 200 (for example, HTTP/1.0 200 OK) from the server as well as information on the web page status and content size.

The syntax of this command is as follows:

keepalive type http-head [host-tag domain_name | path path | port number | retries number | shared ip_address | successful-probes number | termination {graceful | reset}]

The keywords and arguments for this command are as follows:

•host-tag domain_name —(Optional) Specifies an optional domain name that is sent to the VIP as part of the HTTP HEAD query. This tag allows an SLB to resolve the keepalive request to a particular website even when multiple sites are represented by the same VIP.

•path path—(Optional) Specifies the server website queried in the HTTP HEAD request (for example, /company/owner). The default path "/" specifies the virtual root of the webserver.

•port number—(Optional) Specifies the port on the remote device that is to receive the HTTP HEAD-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.

•retries number—(Optional) Specifies the number of times that the GSS retransmits an HTTP HEAD packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

•shared ip_address—(Optional) Specifies the IP address of an existing HTTP HEAD shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). See Chapter 5, Configuring Keepalives for more information on creating shared keepalives.

•successful-probes number—(Optional) Specifies the number of consecutive successful HTTP HEAD keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

•termination—(Optional) Specifies one of the following HTTP HEAD keepalive connection termination methods:

–graceful—The GSS initiates the graceful closing of an HTTP HEAD connection by using the standard three-way connection termination method.

–reset—The GSS immediately terminates the TCP-formatted HTTP HEAD connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.

To configure an HTTP HEAD keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter:

gssm1.example.com(config-gslb)# answer vip 192.168.200.1

gssm1.example.com(config-ansvip[ans-ip])# keepalive type http-head host-tag WWW.HOME.COM 
termination graceful

gssm1.example.com(config-ansvip[ans-ip])#

See the "Configuring Multiport Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer.

Configuring KAL-AP Keepalive VIP Answer Settings

You can define the KAL-AP keepalive for your VIP answer by using the keepalive type kalap command in answer vip configuration mode. This command sends a detailed query to the Cisco CSS or CSM at the address specified for the VIP answer to extract the load and availability. The GSS determines the online status when the SLBs respond with information about a hosted domain name, host VIP address, or a configured tag on a content rule.

The syntax of this command is as follows:

keepalive type kalap {tag ip_address {tag_name} | vip ip_address}

The keywords and arguments for this command are as follows:

•tag ip_address—Specifies the shared KAL-AP-type keepalive address in the KAL-AP request. The KAL-AP queries the keepalive address to determine the online status. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•tag_name— An alphanumeric tag associated with the VIP in the KAL-AP request. The tag value is used to match the correct shared keepalive VIP, thus avoiding the confusion that may be caused when probing for the status of a VIP located behind a firewall network address translation (NAT). Enter a unique alphanumeric name with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•vip ip_address—Specifies the shared KAL-AP-type keepalive address in the KAL-AP request. The KAL-AP queries the keepalive address to determine the online status. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

To configure a KAL-AP keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter:

gssm1.example.com(config-gslb)# answer vip 192.168.200.1

gssm1.example.com(config-ansvip[ans-ip])# keepalive type kalap tag 192.168.50.41 TAG1 

gssm1.example.com(config-ansvip[ans-ip])#

See the "Configuring Multiport Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer.

The Content and Application Peering Protocol (CAPP) may not recognize dropped fragments when a KAL-AP keepalive spans multiple datagrams due to large payloads. When the KAL-AP keepalive spans multiple datagrams and one of the spanned packets is dropped, the GSS does not retry the request. Instead, the GSS waits until the next period and sends the packets again, which results in the dropped datagram not getting updated load values on the VIPs that expect them. This behavior occurs when the GSS consumes the full datagram (roughly 1.4 K) with tag names or VIP addresses. Otherwise, all data fits in a single datagram.

Use the VIP format for KAL-AP when you need the GSS to send a detailed query on load for hundreds of VIPs configured to a single primary or optional secondary (backup) IP address. You can also use the tag format for KAL-AP. However, you must limit the length of the tag name to ensure that the packets do not exceed 1.4 K.

Configuring Scripted Keepalive VIP Answers

You can define the Scripted keepalives for your VIP answer by using the keepalive type scripted-kal command in answer vip configuration mode. This command allows you to specify a KAL name and maximum load in order to add a Scripted keepalive probe to the VIP.

The syntax of this command is as follows:

keepalive type scripted-kal kal-name name max-load max load value match-string string [use-load {enable | disable}]

The keywords and arguments for this command are as follows:

•kal-name name—Specifies the name of an existing Scripted keepalive shared keepalive. See Chapter 5, Configuring Keepalives for more information on creating shared keepalives.

•max-load max load value—Specifies the maximum allowable load when adding a Scripted keepalive probe to the VIP.

•match-string string—Specifies the character string used to match the OID value for the online status (all nonmatching strings indicate an offline status). Enter 1 to 16 alphanumeric characters (special characters are allowed, but spaces are not allowed).

•use-load—(Optional) Specifies whether or not the GSS uses the load value obtained by the Scripted keepalive. Enter one of the following keywords:

–enable—Specifies that the GSS uses the load value of the Scripted KAL.

–disable—Specifies that the GSS ignores the load value of the Scripted KAL and uses a static value to determine the online or offline status of the device.

To configure a Scripted keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter:

gssm1.example.com(config-gslb)# answer vip 192.168.200.1

gssm1.example.com(config-ansvip[ans-ip])# keepalive type scripted-kal kal-name samplekal 
max-load 50

gssm1.example.com(config-ansvip[ans-ip])#

See the "Configuring Multiport Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer.

Configuring Multiport Keepalives for a VIP Answer Type

The primary GSSM allows you to assign multiple keepalives and/or destination ports for a single VIP answer. You can configure a maximum of five different keepalives for a VIP answer, in a mix and match configuration of ICMP, TCP, HTTP HEAD, and KAL-AP VIP keepalive types. However, the primary GSSM supports only a single usage of a shared keepalive and a single KAL-AP keepalive when you specify multiple keepalive types.

Multiport keepalives enable the following applications:

•Monitor multiple ports on a server. For TCP or HTTP HEAD keepalives, you may also specify different destination ports. The multiport keepalive capability allows you to monitor a single server and check responses from multiple ports. If all of the multiport keepalives in the VIP answer are successful, the GSS device considers the resource active and continues to redirect client traffic to the server. If any of the multiport keepalives fails, the GSS considers the answer offline and marks the server as unavailable. Subsequent successful connections to the server will reinstate it as an available resource.

•Monitor the status of an SLB device (such as a Cisco CSS, CSM, or ACE) and the various network connections to your servers. For this application, you configure the answer with a KAL-AP to monitor the ACE status. To monitor the network connections to the servers, you also configure the answer with multiple ICMP KALs (ping list).

•Monitor both the status of an SLB device (such as a Cisco CSS, CSM, or ACE) and the status of a server. For this application, you configure the answer with a KAL-AP to monitor the SLB and retrieve the load value, and a Scripted keepalive to monitor the status (online or offline) of the server.

Use a KAL-AP keepalive and Scripted keepalive combination to perform the following operations:

–Globally load balance an SLB using KAL-AP.

–Check the performance of the back-end server cluster using Scripted keepalives if the back-end server cluster supports performance MIB objects. The Scripted keepalive uses the SNMP get request to fetch the load information from the target device.

When using multiple keepalive types, the VIP answer status is a logical AND function of all keepalive probes associated with an answer, resulting in a consolidation of results from each answer.

When configuring a multiport keepalive answer, observe the following rules:

•A multiport keepalive answer can contain one KAL-AP keepalive only.

•When using a combination of KAL-AP and Scripted keepalives, do not configure the Scripted keepalives for load enable. For this application, use the KAL-AP keepalive only to retrieve the load value. Use the Scripted keepalives to retrieve the status (online or offline) of the MIB object.

•When the multiport keepalive answer is to contain multiple Scripted keepalives and no KAL-AP keepalive, configure only one Scripted keepalive for load enable to retrieve the load value. Configure the remaining Scripted keepalives for device status retrieval only.

To configure a group of five keepalives that include a mix of shared and nonshared TCP-, -ICMP, and HTTP HEAD-type keepalives servicing VIP address 192.168.200.1, enter:

gssm1.example.com(config-gslb)# answer vip 192.168.200.1

gssm1.example.com(config-ansvip[ans-ip])# keepalive type tcp port 443 ip-address 
192.168.50.41 retries 3 successful-probes 4 termination reset

gssm1.example.com(config-ansvip[ans-ip])# keepalive type tcp port 80 retries 4

gssm1.example.com(config-ansvip[ans-ip])# keepalive type http-head port 8080 ip-address 
10.86.209.22 termination graceful

gssm1.example.com(config-ansvip[ans-ip])# keepalive type icmp ip-address 10.86.209.4 
shared

gssm1.example.com(config-ansvip[ans-ip])# keepalive type tcp port 1650 ip-address 
10.86.209.4 shared

gssm1.example.com(config-ansvip[ans-ip])# exit

gssm1.example.com(config-gslb)# 

To configure TCP- and HTTP HEAD-type keepalives for multiple ports for the VIP-type answer named MPORT_KALE_MIX that services VIP address 192.168.200.1, enter:

gssm1.example.com(config-gslb)# answer vip 192.168.200.1 name MPORT_KALE_MIX

gssm1.example.com(config-ansvip[ans-ip])# keepalive type tcp port 80

gssm1.example.com(config-ansvip[ans-ip])# keepalive type tcp port 443

gssm1.example.com(config-ansvip[ans-ip])# keepalive type http-head port 8080

gssm1.example.com(config-ansvip[ans-ip])# exit

gssm1.example.com(config-gslb)# 

---

Note When you configure multiple keepalives for an answer and you are using a KAL-AP-type keepalive, you can configure only one KAL-AP-type keepalive, which you must specify as the first keepalive.

---

To configure KAL-AP-, TCP- and HTTP HEAD-type keepalives for the VIP-type answer servicing VIP address 192.168.200.1, enter:

gssm1.example.com(config-gslb)# answer vip 192.168.200.1

gssm1.example.com(config-ansvip[ans-ip])# keepalive type kalap tag 192.168.50.41 TAG1

gssm1.example.com(config-ansvip[ans-ip])# keepalive type tcp port 80

gssm1.example.com(config-ansvip[ans-ip])# keepalive type tcp port 443

gssm1.example.com(config-ansvip[ans-ip])# keepalive type http-head port 8080

gssm1.example.com(config-ansvip[ans-ip])# exit

gssm1.example.com(config-gslb)# 

Configuring a CRA-Type Answer

The content routing agent (CRA) answer type relies on content routing agents and the GSS to choose a suitable answer for a given query based on the proximity of two or more possible hosts to the requesting D-proxy.

With the CRA-type answer, the requests received from a particular D-proxy are served by the content server that responds first to the request. The response time is measured using a DNS race and is coordinated by the GSS and content routing agents running on each content server. In the race, multiple hosts respond simultaneously to a request. The server with the fastest response time (the shortest network delay between itself and the client's D-proxy) is chosen to serve the content.

The CRA-type answer is designed to work with the GSS when you select the boomerang balance method with a DNS rule (utilizing the boomerang server component of the GSS).

Closeness is determined when multiple hosts reply to the requesting D-proxy simultaneously in what is referred to as a "DNS race." The GSS coordinates the start of the race so that all CRAs initiate their response at the same time. The first DNS reply to reach the D-proxy is chosen by the name server as the host containing the answer.

You can configure a CRA-type answer by using the answer cra ip_address command in global server load-balancing configuration mode.

The syntax of this command is as follows:

answer cra ip_address [activate | delay number | disable | enable | location name | manual-reactivation {enable | disable} | name name | suspend]

The keywords and arguments for this command are as follows:

•ip_address—Interface or circuit address of the CRA. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•activate—(Optional) Reactivates a suspended CRA answer. This is the default.

•delay number—(Optional) Specifies a one-way delay time in milliseconds. This value is used by the GSS to calculate a static round-trip time (RTT), with the one-way delay constituting one-half of the round-trip time that is used for all DNS races involving this answer. Valid entries are 0 to 1000 milliseconds. The default is 0.

•disable—(Optional) Specifies that the GSS use the one-way delay keyword to calculate a static round-trip time (RTT). See the delay keyword for more information on static RTT.

•enable—(Optional) Specifies that the GSS is to perform keepalive checks on the answer. This is the default setting. Use the disable keyword if you plan to specify a one-way delay to calculate a static RTT. See the delay keyword for information on static RTT.

•location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources.

•manual-reactivation—(Optional) Determines whether the GSS reactivates the answer automatically when its state changes from offline to online or if you must manually reactivate the answer.

Use one of the following keywords with this option:

–enable—Enables the manual reactivation function. The GSS suspends the answer if it goes offline and changes its status to "operational suspend." The answer remains suspended until you reactivate it.

---

Note If you enable the manual reactivate function for an answer, you must also enable the global manual reactivate function for it to work (see the "Managing Global Manual Reactivation of Answers in a GSS Mesh" section).

---

–disable—Disables manual reactivation (default). If the answer goes offline, the GSS automatically reactivates the answer when it returns to an online state.

•name name—(Optional) Specifies a name for the CRA-type answer. Enter a unique alphanumeric name with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•suspend—(Optional) Suspends an active CRA answer.

To create a CRA-type answer with a one-way delay and manual reactivation enabled, enter:

gssm1.example.com# config

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# answer cra 10.86.209.22 name CRA-ANS1 delay 3 
manual-reactivation enable

gssm1.example.com(config-gslb)

To delete a CRA-type answer, enter:

gssm1.example.com(config-gslb)# no answer cra 10.86.209.22 name CRA-ANS1 delay 3

gssm1.example.com(config-gslb)

For information on modifying existing answers, see the "Modifying an Answer"section.

Configuring a Name Server-Type Answer

A name server (NS)-type answer specifies the IP address of a DNS name server to which DNS queries are forwarded from the GSS. Using the name server forwarding feature, queries are forwarded to a non-GSS name server for resolution, with the answer passed back to the GSS name server and from there to the requesting D-proxy. The name server-type answer acts as a guaranteed fallback resource. A fallback resource can resolve requests that the GSS cannot resolve itself either because the requested content is unknown to the GSS or because the resources that typically handle such requests are unavailable.

You can configure a NS-type answer by using the answer ns ip_address command in global server load-balancing configuration mode.

The syntax of this command is as follows:

answer ns ip_address [activate | disable | domain name | enable | location name | manual-reactivation {enable | disable} | name name | suspend]

The keywords and arguments for this command are as follows:

•ip_address—Name server that the GSS uses to forward its requests. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•activate—(Optional) Reactivates a suspended NS answer. This is the default.

•disable—(Optional) Specifies that the GSS disable keepalive checks on the specified name server. The GSS assumes that the name server is always online.

•domain name—(Optional) Specifies the name of the domain name server to which an NS-type keepalive is sent (to determine the online status). Enter the name as an unquoted text string with no spaces and a maximum length of 100 characters (for example, www.home.com).

---

Note If no domain is specified, the GSS queries the globally configured query domain. For instructions on configuring the global query domain, see Chapter 5, Configuring Keepalives.

---

•enable—(Optional) Specifies that the GSS is to perform keepalive checks on the specified name server. The GSS queries the name server IP address to determine online status. This is the default.

•location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources.

•manual-reactivation—(Optional) Determines whether the GSS reactivates the answer automatically when its state changes from offline to online or if you must manually reactivate the answer.

Use one of the following keywords with this option:

–enable—Enables the manual reactivation function. The GSS suspends the answer if it goes offline and changes its status to "operational suspend." The answer remains suspended until you reactivate it.

---

Note If you enable the manual reactivate function for an answer, you must also enable the global manual reactivate function for it to work (see the "Managing Global Manual Reactivation of Answers in a GSS Mesh" section).

---

–disable—Disables manual reactivation (default). If the answer goes offline, the GSS automatically reactivates the answer when it returns to an online state.

•name name—(Optional) Specifies a name for the NS-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•suspend—(Optional) Suspends an active NS answer.

To create an NS-type answer that specifies a domain name server and enables manual reactivation, enter:

gssm1.example.com# config

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# answer ns 10.86.209.4 domain WWW.HOME.COM enable 
manual-reactivation enable

gssm1.example.com(config-gslb)

To delete a NS-type answer, enter:

gssm1.example.com(config-gslb)# no answer ns 10.86.209.4 domain WWW.HOME.COM enable

gssm1.example.com(config-gslb)

For information on modifying existing answers, see the "Modifying an Answer" section.

Modifying an Answer

Once you have configured your answers, you can modify them at any time. However, once an answer is created and named, you cannot modify its type (for example, from VIP to CRA), its IP address, or its name.

---

Note If you have the manual reactivation function enabled for the answer and the GSS has the answer operationally suspended, modifying the answer will reactivate it.

---

To modify an existing answer, perform the following steps:

1. Display the current property settings for answers by entering the show gslb-config answer command. See the "Displaying Answer Properties" section for more information.

2. Change settings for an answer by entering the answer command in global server load-balancing configuration mode.

The syntax of this command is as follows:

answer {cra | ns | vip}

The options are as follows:

•cra—Specifies a CRA-type answer for modification. See the "Configuring a CRA-Type Answer" section for details on how to modify CRA-type properties.

•ns—Specifies an NS-type answer for modification. See the "Configuring a Name Server-Type Answer" section for details on how to modify NS-type properties.

•vip—Specifies a VIP-type answer for modification. See the "Configuring a VIP-Type Answer" section for details on how to modify VIP-type properties. Also, See the "Configuring Keepalive VIP Answers" section for information on modifying keepalives for VIP-type answers.

To first display the answer property settings and then change the one-way delay time for an existing CRA-type answer, enter:

gssm1.example.com(config-gslb)# show gslb-config answer 

...

answer cra 192.168.50.41 delay 2 manual-reactivation disable activate

answer ns 172.16.27.4 domain EXAMPLE.COM manual-reactivation disable activate

answer vip 172.16.27.6 name ansvip2 manual-reactivation enable activate

		keepalive type tcp port 180 activate

		keepalive type tcp port 88 activate

...

gssm1.example.com(config-gslb)# answer cra 192.168.50.41 delay 5

gssm1.example.com(config-gslb)#

In order to modify a named answer, you must specify its name, type, and IP address. For example, to modify the answer named ANSVIP2, enter:

gssm1.example.com(config-gslb)# answer vip 172.16.27.6 name ANSVIP2 delay 100

gssm1.example.com(config-gslb)#

Displaying Answer Properties

You can display the current property settings for all answer types by using the show gslb-config answer command.

The syntax of this command is as follows:

show gslb-config answer

For example, enter:

gssm1.example.com(config-gslb)# show gslb-config answer 

answer cra 192.168.50.41 delay 2 manual-reactivation disable activate

answer ns 172.16.27.4 domain EXAMPLE.COM manual-reactivation disable activate

answer vip 172.16.27.6 name ansvip2 manual-reactivation enable activate

          keepalive type tcp port 180 active

answer vip 192.168.50.30 manual-reactivation enable activate

          keepalive type tcp port 88 active

answer vip 192.168.50.2 name ansvip manual-reactivation enable activate

          keepalive type icmp active

          keepalive type tcp port 88 active

          keepalive type tcp port 80 active

gssm1.example.com(config-gslb)# 

To display the property settings based on the IP address and answer type, enter:

gssm1.example.com(config-gslb)# show gslb-config answer 172.16.27.6 vip

answer vip 172.16.27.6 name ansvip2 manual-reactivation enable activate

          keepalive type tcp port 180 active

gssm1.example.com(config-gslb)# 

To display the property settings based on an answer name, enter:

gssm1.example.com(config-gslb)# show gslb-config answer ansvip2

answer vip 172.16.27.6 name ansvip2 manual-reactivation enable activate

          keepalive type tcp port 180 active

gssm1.example.com(config-gslb)# 

Suspending an Answer

You can temporarily stop the GSS from using an active answer by modifying the answer with the suspend keyword in the answer command. Suspending prevents that answer from being used by any of the currently configured DNS rules.

---

Note You can suspend multiple answers associated with an answer group by using the no activate-all-answers command. See the "Suspending or Reactivating All Answers in an Answer Group" section for details.

---

To suspend an answer, perform the following steps:

1. Display the current answers by entering the show gslb-config answer command. See the "Displaying Answer Properties" section for more information.

2. Identify the active answer that you want to suspend, and then use the answer command with the suspend keyword to suspend the answer.

For example, to suspend the NS-type answer that queries the domain server at EXAMPLE.COM, enter:

gssm1.example.com(config-gslb)# show gslb-config answer 

...

answer cra 192.168.50.41 delay 2 manual-reactivation disable activate

answer ns 172.16.27.4 domain EXAMPLE.COM manual-reactivation disable activate

answer vip 172.16.27.6 name ansvip2 manual-reactivation enable activate

          keepalive type tcp port 180 active

...

gssm1.example.com(config-gslb)# answer ns 172.16.27.4 domain EXAMPLE.COM suspend

gssm1.example.com(config-gslb)#

To reactivate a suspended answer, use the activate feature (see the "Reactivating an Answer" section).

Reactivating an Answer

You can reactivate a suspended answer by modifying the specific answer with the activate keyword (for the answer command).

To reactivate an answer, perform the following steps:

1. Display the current answers by entering the show gslb-config answer command. See the "Displaying Answer Properties" section for more information.

2. Identify the active answer that you want to reactivate, and then use the answer command with the activate keyword to reactivate the answer.

For example, to reactivate the NS-type answer that queries the domain server at EXAMPLE.COM, enter:

gssm1.example.com(config-gslb)# show gslb-config answer 

...

answer cra 192.168.50.41 delay 2 manual-reactivation disable activate

answer ns 172.16.27.4 domain EXAMPLE.COM manual-reactivation disable suspend

answer vip 172.16.27.6 name ansvip2 manual-reactivation enable activate

          keepalive type tcp port 180 active

...

gssm1.example.com(config-gslb)# answer ns 172.16.27.4 domain EXAMPLE.COM activate

gssm1.example.com(config-gslb)#

Suspending or Reactivating All Answers in a Location

You can group and manage answers according to an established GSS location. Using a location to manage your answers makes it easier for you to quickly suspend or activate answers in a particular area of your network, for example, shutting down one or more data centers to perform software upgrades or regular maintenance.

The GSS automatically detects and routes requests around suspended answers.

---

Note Suspending all answers in a location overrides the active or suspended state of an individual answer.

---

You can suspend or reactivate answers based on their location by using the location command with the suspend-all-answers and activate-all-answers options.

Use the show gslb-config location command to display the currently configured locations. See Chapter 2, Displaying Resource Information, for more information about this command.

For example, to suspend all answers based on the location Normandy, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# location Normandy suspend-all-answers

gssm1.example.com(config-gslb)# 

To reactivate all answers based on the location Normandy, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# location Normandy activate-all-answers

gssm1.example.com(config-gslb)# 

Managing Global Manual Reactivation of Answers in a GSS Mesh

Use the GSS global manual reactivation function to manage when the GSS reverts to sending an answer that had gone offline but is now online and ready for service.

When an answer goes offline (for example, Answer 1), the GSS sends the next available answer (Answer 2) associated with the clause. If the clause does not contain another answer to send, the GSS sends an answer from the next available clause. By default, the GSS reverts to sending Answer 1 when this answer returns to an online state. To manually control when the GSS reverts to sending an answer that returns to an online state after being offline, you enable the manual reactivation feature from the primary GSSM.

When you enable manual reactivation for a specific answer and a GSS on the GSS mesh detects that its local copy of the answer is offline, that GSS alone suspends its copy of the answer. The GSS marks the answer as "operational suspend" and does not use it in its load-balancing algorithm. KALs do not monitor the suspended answer, which remains suspended until you reactivate all operationally suspended answers. Because the other GSSs on the GSS mesh maintain their own operational view of the answer, they continue to treat it as online as long as it remains in an online state locally.

---

Note You can also activate the manual reactivation function clauses, enabling you to control when the GSS reverts to using a clause that returns to an available state. For more information, see the "Managing Global Manual Reactivation of Clauses in a GSS Mesh" section on page 7-12.

---

To use the manual reactivation function for answers, you must configure the primary GSSM as follows:

•Enable manual reactivation in each answer that you want to manage (see the "Configuring and Managing Answers" section).

•Enable the global manual reactivation function as described in this section. The global manual reactivation function enables the GSS to operationally suspend all answers that you configure for manual reactivation. You can then manually reactivate all answers that are in the Operational Suspend state when required.

This section contains the following topics:

•Enabling the Global Manual Reactivation Function

•Activating Operationally Suspended Answers

Enabling the Global Manual Reactivation Function

You can enable the global manual activation function on the primary GSSM by using the manual-reactivation enable command in global server load-balancing mode.

The syntax of this command is as follows:

manual-reactivation enable

To disable the global manual activation function on the primary GSSM, use the no form of the command.

---

Note Disabling global manual reactivation causes the GSS to automatically reactivate all answers and clauses when they return to an online state, including any answers and clauses that you configure for manual reactivation.

---

For example, to enable global manual reactivation, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# manual-reactivation enable

gssm1.example.com(config-gslb)# 

To disable manual reactivation globally, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# no manual-reactivation enable

gssm1.example.com(config-gslb)# 

Activating Operationally Suspended Answers

You can manually reactivate all of the answers that the GSS operationally suspended by using the manual-reactivation activate-mr-answers all command in global server load-balancing mode.

The syntax of this command is as follows:

manual-reactivation activate-mr-answers all

---

Note The manual-reactivation activate-mr-answers all command restarts all of the keepalives for answers that have manual reactivation enabled, including those that are currently in an online state. This may cause the online manual reactivation answers to enter the initializing (INIT) state for a short period of less than 40 seconds before returning to an online state.

---

To manually reactivate a specific answer only that the GSS operationally suspended, use the answer command with the activate keyword (see the "Reactivating an Answer" section).

For example, to manually reactivate all of the answers that the GSS operationally suspended, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# manual-reactivation activate-mr-answers all

gssm1.example.com(config-gslb)# 

Deleting an Answer

---

Caution Deletions of any kind cannot be undone in the primary GSSM. Before deleting any data that you think you might want to use at a later point in time, perform a database backup of your GSSM. See the Global Site Selector Administration Guide for details.

---

To delete an answer, perform the following steps:

1. Display the current answers by entering the show gslb-config answer command. See the "Displaying Answer Properties" section for more information.

2. Identify the active answer that you want to delete, and then use the no form of the answer command to delete the answer.

For example, to delete the VIP-type answer that queries IP address 192.168.50.30 and all keepalives for that answer, enter:

gssm1.example.com(config-gslb)# show gslb-config answer 

...

answer cra 192.168.50.41 delay 2 manual-reactivation disable activate

answer ns 172.16.27.4 domain EXAMPLE.COM manual-reactivation disable activate

answer vip 172.16.27.6 name ansvip2 manual-reactivation enable activate

          keepalive type tcp port 180 activate

answer vip 192.168.50.30 manual-reactivation enable activate

          keepalive type tcp port 88 activate

answer vip 192.168.50.2 name ansvip manual-reactivation enable activate

          keepalive type icmp activate

          keepalive type tcp port 88 activate

          keepalive type tcp port 80 activate

          keepalive type tcp activate

...

gssm1.example.com(config-gslb)# no answer vip 192.168.50.30

gssm1.example.com(config-gslb)#

In order to delete a named answer, you must specify its name, type, and IP address. For example, to delete the answer named ANSVIP2, you must enter:

gssm1.example.com(config-gslb)# no answer vip 172.16.27.6 name ANSVIP2

gssm1.example.com(config-gslb)#

Configuring and Modifying Answer Groups

Answer groups are lists of GSS resources that are candidates to respond to DNS queries received from a user for a hosted domain. By using the DNS rules feature, you associate these lists of network resources with one of the following balance methods used to resolve the request:

•For a VIP answer group type, the GSS selects one or more VIPs using the balance method specified in the DNS rule.

•For a CRA answer group type, all CRAs in the answer group are queried and then race to respond first to the D-proxy with their IP address.

•For a name server answer group type, the GSS selects a name server using the balance method specified in the DNS rule and forwards the client's request to that name server.

A DNS rule can have a maximum of three balance clauses. Each balance clause specifies a different answer group from which an answer can be chosen after taking load threshold, order, and weight factors into account for each answer.

Before creating your answer groups, configure the answers that make up those groups. See the "Configuring and Managing Answers" section for more information on creating GSS answers.

This section contains the following topics:

•Creating an Answer Group

•Modifying an Answer Group

•Adding or Deleting an Authority Domain in an Answer Group

•Suspending or Reactivating All Answers in an Answer Group

•Suspending or Reactivating an Answer in an Answer Group

•Suspending or Reactivating All Answers in Answer Groups Associated with an Owner

•Displaying Answer Group Properties

•Deleting an Answer Group

Creating an Answer Group

You can configure up to 2000 answer groups on the primary GSSM. You create an answer group by using the answer-group command in global server load-balancing configuration mode.

The syntax of this command is as follows:

answer-group name {owner name type {cra | ns | vip}}

The keywords and arguments are as follows:

•name—Name for the answer group. Enter a unique alphanumeric name with a maximum of 80 characters. Names should not contain spaces.

•owner name—Specifies the name of an existing owner with which the answer group will be associated. For details about creating an owner, see Chapter 2, Configuring Resources.

•type—Specifies a type for the answer group. The following options are available:

–cra—The answer group consists of content routing agents (CRAs) for use with the boomerang server component of the GSS.

–ns—The answer group consists of configured name servers.

–vip—The answer group consists of virtual IPs controlled by an SLB device such as a CSS or CSM.

The maximum number of answers that you can place in each of these answer groups is 20 for a CRA answer group, 30 for an NS answer group, and 100 for a VIP answer group.

After you enter the answer-group command, the prompt changes to the answer group configuration mode, where you add previously configured answers to the group.

To create a VIP answer group, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# answer-group ANSGRPVIP1 owner WEB-SERVICES type vip

gssm1.example.com(config-gslb-agvip[ag-name])# 

For example, to delete a VIP answer group, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# no answer-group ANSGRPVIP1 owner WEB-SERVICES type vip

gssm1.example.com(config-gslb)# 

This section contains the following topics:

•Adding Answers to a CRA-Type Answer Group

•Adding Answers to an NS-Type Answer Group

•Adding Answers to a VIP-Type Answer Group

Adding Answers to a CRA-Type Answer Group

After you create a CRA-type answer group, add previously configured CRA-type answers to the group using the answer-add command in the answer group configuration mode.

The syntax of this command is as follows:

answer-add ip_address [activate | name | suspend]

The keywords and arguments are as follows:

•ip_address—IP address of a previously configured CRA-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•activate—(Optional) Reactivates a suspended CRA answer. This is the default.

•name—(Optional) Specifies the name of a previously configured CRA-type answer. Enter a unique alphanumeric name with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•suspend—(Optional) Suspends an active CRA answer.

For example, to add answers to and configure a CRA answer group, enter:

gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.168.10.1 name www-boston-1

gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.172.24.1 name www-ny-1

gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.186.14.1 name www-atlanta-1

gssm1.example.com(config-gslb-agcra[ag-name])# 

To delete an answer from a CRA answer group, enter:

gssm1.example.com(config-gslb-agcra[ag-name])# no answer-add 192.186.14.1 name 
www-atlanta-1

Adding Answers to an NS-Type Answer Group

After you create an NS-type answer group, add previously configured NS-type answers to the group using the answer-add command in the answer group configuration mode.

The syntax of this command is as follows:

answer-add ip_address [name | order number | weight number | activate | suspend]

The keywords and arguments are as follows:

•ip_address—IP address of a previously configured NS-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•name—(Optional) Specifies the name of a previously configured NS-type answer. Enter a unique alphanumeric name with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•order number—(Optional) Assigns the specified order to the answer that is to be added to the answer group. Specify this option when using an ordered balance method type. Valid entries are 0 to 65535.

•weight number—(Optional) Assigns the specified weight to the answer that is to be added to the answer group. Specify this option when using a weighted round-robin or least-loaded balance method type. Valid entries are 1 to 10.

For more information on the order and weight settings, see the "Balance Methods" section in Chapter 1, Introducing the Global Site Selector.

•activate—(Optional) Reactivates a suspended NS answer. This is the default.

•suspend—(Optional) Suspends an active NS answer.

For example, to add answers to and configure an NS answer group, enter:

gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.168.10.1 name www-zurich-1 
order 10

gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.172.20.1 name www-barcelona-1 
order 20

gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.188.30.1 name www-brussels-30

gssm1.example.com(config-gslb-agns[ag-name])#

To delete an answer from an NS answer group, enter:

gssm1.example.com(config-gslb-agns[ag-name)# no answer-add 192.168.10.1 name www-zurich-1 
order 10

Adding Answers to a VIP-Type Answer Group

After you create a VIP-type answer group, add previously configured VIP-type answers to the group using the answer-add command in the answer group configuration mode.

The syntax of this command is as follows:

answer-add ip_address [name | load-threshold number | order number | weight number | activate | suspend]

The keywords and arguments are as follows:

•ip_address—IP address of a previously configured VIP-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•name—(Optional) Specifies the name of a previously configured VIP-type answer. Enter a unique alphanumeric name with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•load-threshold number—(Optional) Assigns the specified load threshold to the answer that is to be added to the answer group. Use this option to determine whether an answer is available, regardless of the balance method type. Valid entries are 2 to 254.

•order number—(Optional) Assigns the specified order to the answer that is to be added to the answer group. Specify this option when using an ordered balance method type. Valid entries are 0 to 65535.

•weight number—(Optional) Assigns the specified weight to the answer that is to be added to the answer group. Specify this option when using a weighted round-robin or least-loaded balance method type. Valid entries are 1 to 10.

For more information on the order, weight, and load threshold settings, see the "Balance Methods" section in Chapter 1, Introducing the Global Site Selector.

•activate—(Optional) Reactivates a suspended VIP answer. This is the default.

•suspend—(Optional) Suspends an active VIP answer.

For example, to add answers to and configure a VIP answer group, enter:

gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 name www-hk-1 
weight 1

gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.174.20.1 name www-sf-1 
weight 2

gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.188.40.1 name www-london-1 
weight 4

gssm1.example.com(config-gslb-agvip[ag-name])# 

To delete an answer from a VIP answer group, enter:

gssm1.example.com(config-gslb-agvip[ag-name])# no answer-add 192.168.30.1 name www-hk-1 
weight 1

Modifying an Answer Group

Once you create your answer groups, use the CLI in the primary GSSM to make modifications to their configurations, such as adding and removing answers, or changing the order, weight, and load thresholds of the individual answers. Answers can belong to more than one answer group. However, once you add answers to an answer group, you cannot change the type of an answer group (for example, from VIP to CRA).

To modify an answer group, perform the following steps:

1. Display the current property settings for answer groups by entering the show gslb-config answer-group command. See the "Displaying Answer Group Properties" section for more information.

2. Modify an answer group. Be aware that the commands you use here depend on the changes you need to make. For example, to change the weight assigned to an answer within an answer group, use both the answer-group command and the answer-add command. To change the owner setting for an answer group, use only the answer-group command.

–For syntax of the answer-group command, see the "Creating an Answer Group" section.

–For syntax of the answer-add command when modifying CRA-type answer groups, see the "Adding Answers to a CRA-Type Answer Group" section.

–For syntax of the answer-add command when modifying NS-type answer groups, see the "Adding Answers to an NS-Type Answer Group" section.

–For syntax of the answer-add command when modifying VIP-type answer groups, see the "Adding Answers to a VIP-Type Answer Group" section.

For example, to change the order setting for an answer in the VIP answer group ANSGRPVIP4, enter:

gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip

gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 name www-hk-1 order 
10 comments "CHANGED ORDER 12/01/05"

gssm1.example.com(config-gslb-agvip[ag-name])# 

To change the owner of the NS answer group ANSGRPNS2, enter:

gssm1.example.com(config-gslb)# answer-group ANSGRPNS2 owner E-COMMERCE type ns

gssm1.example.com(config-gslb-agns[ag-name])#

Adding or Deleting an Authority Domain in an Answer Group

Start of Authority (SOA) record TTLs are required when forming negative responses for DNS queries. Be aware that you do not have to configure any SOA records on the GSS to use in the negative response. Instead, you configure a name service (NS) answer on the GSS that specifies the IP address of the authority name server for the domain and the domains hosted on the name server.

You can configure an NS answer on the GSS by using the auth-domain command in answer group configuration mode. Use the no form of this command to delete an authority domain in an answer group.

The syntax of this command is as follows:

auth-domain domain-name

no auth-domain domain-name

---

Note Do not use regular expressions or wild cards with the auth-domain command. Use only well-defined domain names.

---

To add an authority domain, perform the following steps:

1. Configure an NS answer by entering the following commands:

gssm1.example.com# config

gssm1.example.com (config)# gslb

gssm1.example.com (config-gslb)# answer ns 1.2.3.4 name ns1 activate

2. Configure an answer group and add the NS answer and its associated authority domains by entering the following commands:

gssm1.example.com (config-gslb)# answer-group ag1 owner System type ns

gssm1.example.com (config-gslb-agns)# answer-add 1.2.3.4 name ns1

gssm1.example.com (config-gslb-agns)# auth-domaain soa.test

gssm1.example.com (config-gslb-agns)# auth-domain soa.org

Upon completion, NS answer 1.2.3.4 is the authoritative name server for the soa.test and soa.org domains, NS 1 answer is the authority for the configured domains soa.test and soa.org, and the GSS is the authority for A record abc.soa.test.

With this configuration, the negative responses for soa.test that need SOA records are included. If there is a cached SOA from answer NS 1, it is used in the negative response. Otherwise, the GSS queries name server ns1 for an SOA record for the domain soa.test, uses it in the negative response, and then caches it.

You do not need to configure SOA records on the GSS for the domains for which GSS is authoritative (that is, certain types of resource records). GSS will always obtain the SOA record from the primary name server that is authoritative for the zone.

Suspending or Reactivating All Answers in an Answer Group

You can temporarily stop the GSS from using all answers in an active answer group by modifying the answer group with the no activate-all-answers command in answer group configuration mode. When you suspend all answers in an answer group, you prevent that answer group from being used by any of the currently configured DNS rules. Suspending the answers in one answer group also affects any other answer groups to which those answers belong.

You can reactivate the answers in the answer group by using the activate-all-answers command in the answer group configuration mode for a specific answer group.

To suspend all answers in an answer group, perform the following steps:

1. Display the current answer groups by entering the show gslb-config answer-group command. See the "Displaying Answer Group Properties" section for more information.

2. Identify the active answer group that you want to suspend, and then use the answer-group command and the no activate-all-answers command to suspend all answers in the group.

For example, to suspend all answers in the vip-type answer group ANSGRPVIP4, enter:

gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip

gssm1.example.com(config-gslb-agvip[ag-name])# no activate-all-answers

gssm1.example.com(config-gslb-agvip[ag-name])# 

To reactivate all answers in a suspended answer group, use the activate-all-answers command.

For example, enter:

gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip

gssm1.example.com(config-gslb-agvip[ag-name])# activate-all-answers

gssm1.example.com(config-gslb-agvip[ag-name])# 

Suspending or Reactivating an Answer in an Answer Group

You can temporarily stop the GSS from using an answer in an active answer group by modifying the answer group with the suspend keyword in the answer-add command. Enter this command in answer group configuration mode. Suspending prevents that answer in the answer group from being used by any of the currently configured DNS rules.

---

Note Suspending an answer in one answer group also affects any other answer groups to which the answer belongs.

---

You can reactivate an answer in the answer group by using the active option (for the answer-add command) in the answer group configuration mode.

To suspend an answer in an answer group, perform the following steps:

1. Display the current answers and answer groups by entering the show gslb-config answer-group command. See the "Displaying Answer Group Properties" section for more information.

2. Identify the active answer that you want to suspend (and its answer group), and then use the answer-add command and the suspend option to suspend the answer in the group.

To suspend the answer www-sf-1 in the vip-type answer group ANSGRPVIP4, enter:

gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip

gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 suspend

gssm1.example.com(config-gslb-agvip[ag-name])# 

To reactivate a suspended answer in an answer group with the activate command, enter:

gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip

gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 activate

gssm1.example.com(config-gslb-agvip[ag-name])# 

Suspending or Reactivating All Answers in Answer Groups Associated with an Owner

You can group and manage answers added to answer groups according to the GSS owner. Using a GSS owner to manage your answer groups enables you to quickly suspend or activate related answers.

You can suspend or reactivate all answers in answer groups associated with a GSS owner by using the suspend-all-answers and activate-all-answers keywords (for the owner command).

You can display the currently configured owners, answers, and answer groups by using the show gslb-config answer-group command.

To suspend all answers in answer groups associated with the owner WEB-SERVICES, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# owner WEB-SERVICES suspend-all-answers

gssm1.example.com(config-gslb)# 

To reactivate all answers in answer groups associated with the owner WEB-SERVICES, enter:

gssm1.example.com(config)# gslb

gssm1.example.com(config-gslb)# owner WEB-SERVICES activate-all-answers

gssm1.example.com(config-gslb)# 

Displaying Answer Group Properties

You can display the current property settings for all answer groups by using the show gslb-config answer-group command.

The syntax of this command is as follows:

show gslb-config answer-group

For example, enter:

gssm1.example.com(config-gslb)# show gslb-config answer-group 

...

answer-group AGROUP1 owner "OWNER1" type ns

answer-group AGROUP2 owner "OWNER2" type cra

answer-group AGROUP3 owner System type vip

...

To display the properties for an answer group based on an answer group name, enter:

gssm1.example.com(config-gslb)# show gslb-config answer-group ANGROUP1

answer-group AGROUP1 owner "OWNER1" type ns

Deleting an Answer Group

---

Caution Deletions of any kind cannot be undone in the primary GSSM. Before deleting any data that you think you might want to use at a later point in time, perform a database backup of your GSSM. See the Global Site Selector Administration Guide for details.

---

Before deleting an answer group, verify that none of your DNS rules reference the answer group that you are about to delete. If necessary, deselect the answer group from the DNS rule. See Chapter 7, Building and Modifying DNS Rules, for information about modifying a DNS rule.

Deleting an answer group does not delete the answers contained in the answer group.

To delete an answer group, perform the following steps:

1. Display the current answers by entering the show gslb-config answer-group command. See the "Displaying Answer Group Properties" section for more information.

2. Identify the active answer group that you want to delete, and then use the no form of the answer-group command to delete the answer.

For example, to delete the VIP-type answer group ANSGRPVIP1, enter:

gssm1.example.com(config-gslb)# show gslb-config answer-group 

answer-group ANSGRPVIP1 owner OWNR1 type vip

answer-group ANSGRPVIP2 owner System type vip

gssm1.example.com(config-gslb)# no answer-group ANSGRPVIP1

gssm1.example.com(config-gslb)# 

Where to Go Next

Chapter 7, Building and Modifying DNS Rules, describes how to construct the DNS rules that govern all global server load balancing on your GSS network.