In this two-part blog post, I will talk about the Global Server Load Balancing (GSLB) function provided by the speak NetScaler.
In Part 1, let's examine DNS name resolution process as GSLB DNS is based load balancing. In Part 2 we will take a look at the implementation details of the NetScaler.
Name Resolution Process
recursive DNS query
Let us assume that a MAC is connected to a network and then obtains an IP address and DNS server information via DHCP, as shown below.
Open Chrome and navigate to "http://www.google.com".
The browser first looks at his integrated DNS cache , looking for an existing entry for the hostname " www .google.com . "
Chrome integrated DNS cache can be viewed by entering ' chrome: // .. net-internals / # dns "in the address bar
If an existing entry is present and has not expired
DNA ends. What happened after that DNS is irrelevant .
built for demonstration purposes, assuming that an entry for ' www.google.com ' did not exist in the cache. [1945005
Chrome DNS client (a separate DNS client on the one hand in the operating system integrated), shown below by default, enabled a recursive DNS query to the upstream DNS server does, the solution ' www.google.com
The following track detects that DNS traffic.
The first packet from 192.168.1.3 based (Mac) and destined to 8.8.8.8 (upstream DNS) is a recursive query , the demand for IP address assignment (a) Record 'www.google.com'.
the second packet in the reverse direction, is a DNS response containing the IP addresses assigned.
For a recursive query, the DNS server must either return the associating IP (s) for the A-Record, or informed that the A-record does not exist.
There may be no other forms of responses. For example, I do not know, ask someone else.
The above response is a valid DNS response is not valid to answer as part of a recursive DNS query however.
The above DNS resolution process includes between the Mac and its upstream DNS servers.
Iterative DNS query
what's on upstream DNS server takes a recursive query from the Mac to the reception?
it first checks its own DNS cache before and see if there is already an entry exists, that is, there is a new (non-expired) entry for 'www.google.com'
Note :. the freshness of a cache entry is by checking how many seconds an entry in the cache and how long the TTL (time-to-live) the record is has been determined. If the lifetime of an entry> TTL, record expired, ensure a lookup by the DNS server. Otherwise, an entry is fresh.
If the DNS cache a new entry for 'www.google.com' has, associate IP (s) returned for a data set "www.google.com" in Mac immediately, in response to the previous recursive DNS query.
If the DNS cache for "www.google.com" requires have no new entry. the DNS server has the answer out for themselves. with a recursion enabled DNS server, it generates iterative DNS queries about this process.
For demonstration purposes, assuming that no fresh entry in the DNS cache. [1945005Anmerkung]
. the DNS server
Packet For the analysis, the following, 192.168.1.3 # 3 shows that 192.168.1.3 (DNS server) forwards the query it from to 192.33.4.12 received
Why 192.33.4.12?
Since a DNS server to support Mac recursion must to send a DNS query, which is called a 'root name servers ".
There are 13 root name servers in the world.
hardly change the IP addresses of the root name server and the list of root name servers programmed into the DNS server application.
, the DNS server makes an arbitrary selection from the list of available root name servers, and in this particular case, 192.33.4.12.
Packet # 4 (below) 192.33.4.12 is the DNS response of root name servers.
It says, know 'sorry mate, I do not know what www. google.com is, but I know the name servers that are responsible for .com domains, have the answer, and by the way, these are the IP (s) for them.
Packet # 5 shows that 192.168.1.3 (DNS server) forwards the same DNS query to 192.52.178.30.
Why 192.52.178.30?
Because the DNS server makes an arbitrary selection from the list of name servers for .de domains. It does not matter which name server he asks, therefore arbitrarily
Note . The name servers that are responsible for a domain (eg .com) called Authoritative Name Server . .com domain is a top-level domain, the FQDN of the name server containing 'gTLD', 'Generic top-level domain "means. The above process is as DNS referral known as the Root nameservers not return a "response" section in its reply. Only 'authoritative name servers "and" additional records "sections are included in the DNS reply. The above process also includes an delegation , ie, .com domain .com authoritative name servers delegated by the root name servers.
Packet # 6 is a DNS response of 192.52.178.30. please "I for you no answer have pairs, ask the four authoritative nameservers for google.com
states subdomain. By the way, these are the IP addresses for them. "
this is also a referrer and delegation occurs google.com authoritative nameservers.
Packet # 7 shows that 192.168.1.3 (DNS server) the same query 216.239.36.10, after an arbitrary selection of the available four.
Packet # 8 passes shows that it finally gets an answer.
Because this DNS resolution process shown by very different, is what has happened between the Mac and the upstream DNS servers. The difference is due to the fact that the former includes a recursive DNS request, and this participation iterative DNS queries are involved.
In summation, the following chart reflects the full name resolution.
How does fit GSLB?
Assuming that the authoritative name servers for google.com subdomain (relative domain .com), instead of giving out the IP (s) in the "Answer section" his answer, but says: "I do not know, please answer the authoritative nameservers for www.google.com go and ask subdomain (based on google.com), and and by the way way, these are their IP (s). "
, the DNS server the same iterative DNS query to an arbitrarily chosen authoritative name server will then send for www.google.com subdomain, and imagine they are hosted on the NetScaler (s). In this case, the NetScaler is (n) would be the authoritative name servers for www.google.com subdomain GSLB perform effectively.
To the above objectives to achieve, two things must be done.
- configure subdomain delegation to authoritative nameservers for google.com domain.
- Settings ADNS (Authoritative DNS) service on the NetScaler (s) so that it is authoritative DNS server for GSLB subdomain.
to point one, in the case of BIND name servers (mostly widespread), the following additional configuration is required.
It says, involved in the search for 'www.google.com', talk to authoritative nameservers dns1.gslb.google.com or dns2.gslb .google.. com
dns1.gslb.google.com is an a record and the IP for the recording is xxxx; dns2.gslb.google.com is an a record and the IP for that a record 6 yyyy
The above is essentially a delegation, identical processes brings to previously shown by packet # 4 and #.
point with respect to two, there, one on each NetScaler with IP (s) xxxx and yyyy (s), we create a ADNS service two assuming NetScaler.
the following chart shows the name resolution with GSLB involved.
After the delegation is complete, the NetScaler now authoritative DNS server for www.google.com subdomain is, and DNS queries for 'www .google.com' will come and be answered.
Please note that the DNS resolution process described above is universal. For example, The same procedure applies for NetScaler implementing GSLB and F5 implementation of GTM etc.
In the second part, we look at specific NetScaler configuration is required for GSLB to work.
0 Komentar