Configuring GLB
The Traffic Manager uses the components described in Components of a Traffic Manager GLB Deployment to perform global load balancing. This section describes how to configure each of these components within a typical Traffic Manager deployment.
Overview
For the Traffic Manager to perform load balancing between geographically separate locations, you must:
•Define the GLB Locations to be served.
•Create Service Monitors to monitor the availability of each of your GLB Locations.
•Create a GLB Service to manage DNS queries for the domains being requested.
•Create a Pool of your back-end DNS Servers.
•Create a DNS Virtual Server to listen for DNS requests.
Defining GLB Locations
To view, modify or add new GLB Locations, use the Catalogs > Locations page. To modify the name or geographic position for an existing GLB Location, click the location name or the associated Edit button.
Your Configuration Locations and GLB Locations are listed separately on this page, with the ability to add to, and remove from, each list individually. For more information on Configuration Locations, see Multi-Site Cluster Management.
To create a new GLB Location
1.Go to Catalogs > Locations.
2.In the "Create new GLB Location" section, type an identifying name into the Name textbox.
3.For Type, select "GLB".
If Multi-Site Cluster Management is disabled, all locations created on this page are of type GLB and this field is not displayed.
4.Click Add Location to add this GLB Location and access the location edit page.
5.On the location edit page, choose the Position of the GLB Location. Select from either a drop-down list of country names, a specific set of latitude-longitude coordinates, or select a point on the displayed map.
6.Click Update Location to save your changes.
To delete a GLB Location, first disassociate it with any GLB Services that are using it. Then click the Confirm checkbox and click Delete Location to remove it from the system.
Creating a Service Monitor
To configure a Service Monitor for a GLB Location, create a new Pool/GLB Monitor and instruct it to monitor the IP address or hostname of a service hosted at each of your GLB Locations. The monitor type you choose might require additional parameters - see Health Monitoring for more information.
To create a Service Monitor
1.Navigate to Catalogs > Monitors.
2.In the "Create new monitor" section, enter the following:
•Name: The identifying name for this Service Monitor.
•Type: Choose the monitor type that best suits your requirements.
•Scope: Click Pool/GLB and enter the IP address or hostname of the service present at the GLB Location you want to monitor. Some monitor types might also require a port number.
3.Click Create Monitor to create this Service Monitor and access the edit page.
4.Optionally make any parameter adjustments you need, and click Update to save the changes.
5.Repeat this procedure for each GLB Location you want to monitor.
Creating a GLB Service
A GLB Service is based on a set of FQDNs and IP addresses. When you create a new GLB Service, you tell the Traffic Manager which IP addresses are hosted at each GLB Location for each domain name. All of your connected Traffic Managers manage the DNS lookups for each GLB Service.
To create a GLB Service
1.Navigate to Catalogs > GLB Services.
2.In the "Create a new GLB service" section, enter the following:
•Service Name: The identifying name for this GLB Service.
•Domains: Enter at least one domain name you want this GLB Service to balance globally. To enter multiple domains, separate the list with a comma or space.
•Add locations: Click one or more pre-defined GLB Locations you want to host the GLB Service. For information on creating GLB Locations, see Defining GLB Locations.
3.Click Create GLB Service to create this GLB Service and access the edit page.
For each GLB Service, use the GLB Service edit page to modify its settings. This page shows the basic GLB Service settings, as entered when you created the service, and all other available configuration settings grouped into subpages.
Each new GLB Service you create is added disabled. To enable your GLB Service, set Enabled to "Yes".
To add and remove domains that a GLB Service balances, use the Domains table. Create an entry here for every FQDN you want to balance globally.
Use "*" to specify a wildcard character. For example, to manage all DNS lookups for any "example.com" domain, type "*.example.com".
Locations and Monitoring
To configure the GLB Locations and Service Monitors attached to this GLB Service, click Catalogs > GLB Services > Locations and Monitoring.
The Traffic Manager presents a dedicated configuration subsection for each attached GLB Location. Click Update to save any changes you make.
You typically select each GLB Location you want to use when you first create the GLB Service. To add additional GLB Locations, use the "Add Location" section. To remove a GLB Location, locate and click the dedicated Remove this location link in the desired GLB Location configuration subsection.
For a newly created GLB Service, the Traffic Manager might show a warning associated with the GLB Locations you selected. This warning exists until you provide suitable Service IP addresses for each GLB Location.
For each attached GLB Location, you can configure the following:
•Draining: To stop sending traffic to this GLB Location, set this to "Yes". For example, if you are physically relocating your equipment from one location to another, or if you are upgrading the backup power system and need to disconnect your UPS, generator, inverter and batteries, you can use this option to instruct the Traffic Manager to stop sending traffic to this GLB Location.
•Service IPs: In order for the Traffic Manager to manipulate the answers it sends to a client, it must know which IP addresses belong to which GLB Locations. Use this configuration option to enter a list, or a range, of IPv4 addresses or IPv4 CIDR subnets for this GLB Location. These IP addresses correspond to the IP addresses that your DNS servers return using a round-robin mechanism when queried for the domains you are managing.
These IP addresses are typically the same IP addresses you configure in the Service Monitors you assign to this GLB Location.
•Monitors: Select which Service Monitors the Traffic Manager should use for this GLB Location. Each monitor performs one test, and you can configure multiple monitors for each GLB Location. You can only select monitors that have a host-wide or pool-wide scope. Monitor tests are performed at configured intervals against a specific target, configured in the Service Monitor. When a monitor has exceeded its limit of consecutive failures, the service in a particular data center is flagged as unavailable. Consequently, this GLB Location is filtered out of any subsequent DNS responses.
Load Balancing
To configure load balancing and failure recovery for this GLB Service, click Catalogs > GLB Services > Load Balancing.
The available load balancing methods are:
•Load: Distributes traffic based on the detected load at a GLB Location. The Traffic Manager determines load by using health monitors to measure the time it takes to receive a response for a request sent to the GLB Location. In other words, the load value is the measured round-trip time (in milliseconds) for data packets sent to the GLB Location. Whenever a round-trip time of less than 50ms is measured, the Traffic Manager instead uses a load value of 50 to ensure that similarly-local locations are treated equivalently.
You can override this mechanism and influence load balancing decisions by programmatically setting specific load values for each GLB Location. To do this, use either the Traffic Manager's SOAP API or create an external program monitor. Through these methods, the Traffic Manager instead uses the values set when making traffic distribution decisions.
For the SOAP API method, use the GLB.Service.setLoad() function to declare a load value for each location. To disable the SOAP API and return load reporting to the GLB Location's health monitors, set a load value of 0.
For the external program monitor method, create a script or program that calculates the GLB load for a location and outputs this value to stdout using the following format:
vTM-Set-node-load: <load-value>
where <load-value> is an integer.
Then, add your script or program as an external program monitor to the location.
When using the SOAP API or an external program monitor to set the load to less than 50, the Traffic Manager instead uses a load value of 50. In other words, the behavior is the same as if a round-trip time of less than 50ms had been measured.
Use verbose mode to print your program’s stdout output to the Traffic Manager event log.
•Geographic: Distributes traffic based solely on the geographic location of each client.
•Adaptive: Distributes traffic based on both the current GLB Location load and geographic location of the client. This algorithm might be useful if you find that one of your locations is receiving most of the traffic (to the point where it is being overloaded). In this case, this algorithm can help to achieve the best balance between latency due to distance and latency due to load.
•Geo Effect: Use this option to fine tune how much effect the geographic location has when the Traffic Manager decides which GLB Location it should send a client to.
•Round Robin: Distributes traffic based on the sequential selection of each available GLB Location in turn. Over time, all GLB Locations receive an equal number of requests.
•Weighted Random: Distributes traffic using a random selection generator, weighted by the setting in Location Weights. The Traffic Manager sends more traffic to the GLB Location with the greater weight.
•Location Weights: Set the required proportional weighting for each GLB Location. Over time, a GLB Location receives a number of requests equal to the proportion declared using this setting.
•Primary/Backup: The Traffic Manager sends DNS records for one primary GLB Location at any time, resorting only to using a backup GLB Location if the primary GLB Location fails. If you provide a service dependent on state information (such as a shopping cart Web site) and you are not replicating your databases globally in real time, this algorithm can be suitable.
To determine the order of precedence in your list of GLB Locations, use the drag-and-drop tabs to the left of each GLB Location indicator bar. To promote a GLB Location (using a top-down priority order), drag it to the desired place within the stack.
•Automatic Failback: Decide what happens when a higher-priority GLB Location recovers after a failure. Click "Yes" to automatically mark the higher-priority GLB Location as active and to instruct the Traffic Manager to direct all users to it. Click "No" to leave the recovered GLB Location as inactive. In this case, the Traffic Manager continues directing users to a currently active GLB Location.
•Activate best available location: If Automatic Failback is set to "No", click this button to instruct the Traffic Manager to select a new active GLB Location from the list of currently enabled or available GLB Locations.
The geographic and adaptive load balancing algorithms both require installation of a GeoIP database. For more details, see Using a GeoIP Database.
To set the failure recovery options for all load balancing algorithms, use the following settings:
•disable_on_failure: To ensure recovering GLB Locations do not automatically become enabled, click "Yes". Then, to manually enable a particular disabled GLB Location, click Enable in the desired GLB Location indicator bar. This setting is useful in deployments where the recovered GLB Location needs to synchronize state or content before it can be used.
•autorecovery: If all your GLB Locations fail, click "Yes" to instruct the Traffic Manager to automatically enable the last failed GLB Location when it recovers. If you are using the "Primary/Backup" algorithm, your recovered GLB Location is also made active. Click "No" to leave all recovered locations in a disabled state.
The "autorecovery" setting, when enabled, takes precedence over "Automatic Failback" and "disable_on_failure".
•last_resort_response: If all GLB Locations connected to this GLB Service become unavailable, the Traffic Manager returns the contents of this setting as a last resort DNS response to any client request. Use either a space separated list of IP addresses, a single domain name, or "ALL" to instruct the Traffic Manager to return all IP addresses received from the DNS server.
DNS Authentication (DNSSEC)
To configure the Domain Name System Security Extensions (DNSSEC) settings for this GLB Service, click Catalogs > GLB Services > DNS Authentication (DNSSEC).
The DNSSEC suite of specifications provides a set of security and authentication extensions to DNS. To enable the Traffic Manager to alter DNSSEC authenticated responses, use this page to set up associations between signature domains and DNSSEC Private Keys.
To add an association
1.Enter a signature domain in the box provided and click the plus symbol.
2.Select a private key to be associated with the domain from the drop-down box.
3.Click Update to confirm the association.
You can associate multiple keys to one domain, and you can use an individual key to authenticate many domains (a many-to-many relationship).
To add DNSSEC private keys, click Manage DNSSEC private keys to access the Catalogs > SSL > DNSSEC Keys page. For more information on importing and uploading SSL Certificates and Keys, see SSL Encryption.
For more information on DNSSEC, see www.dnssec.net.
Rules
To configure TrafficScript rules for this GLB Service, click Catalogs > GLB Services > Rules.
You can apply TrafficScript rules to this GLB Service to provide additional traffic management functionality. Note however that you cannot use functions that are incompatible with the DNS protocol (such as http.*). For full details about TrafficScript and its capabilities, see TrafficScript Rules.
Request Logging
To configure request logging for this GLB Service, click Catalogs > GLB Services > Request Logging.
In some circumstances, you might want greater visibility of the DNS requests that are flowing into your Traffic Manager cluster. Request logging lets you log each request into a specified file for later analysis.
You can configure the following:
•log!enabled: To enable request logging, set to "Yes".
•log!filename: The full path and filename on the local file system where the Traffic Manager stores request logs for this GLB Service. Click Macros… to see the list of available macros.
•log!format: The string format of the request log. You can access information about each request using macros escaped by “%”. Click Macros… to see the list of available macros.
To view the request logs for your GLB Service, click View Request Logs in file.
DNS Settings
To configure the DNS settings for this GLB Service, click Catalogs > GLB Services > DNS Settings.
You can configure the following:
•Time To Live (TTL): A DNS Server sets a TTL value for each resource record in a DNS response. The TTL value controls how long caching resolvers cache the DNS record before attempting to re-resolve it. GLB services typically require rapid failover in the event of a GLB Location failure and the TTL value set by a DNS server might be too long (for example, several hours or days). To override the TTL for resource records handled by the Traffic Manager, click Custom and enter a new value (in seconds).
Creating a DNS Server Pool
For your GLB Virtual Server to perform global load balancing, you need to create a pool containing your DNS Server nodes.
To set up a DNS Server pool
1.Navigate to Services > Pools.
2.In the "Create a new Pool" section, add the following fields:
•Pool Name: The identifying name for the new pool.
•Nodes: A list of one or more DNS Server IP addresses or hostnames, with a corresponding port number in the format <host>:<port>. To specify more than one nodes, use a space or comma separator.
•Use autoscaling: Uncheck this box.
•Monitor: Optionally specify a monitor to check the health of your DNS Servers.
3.Click Create Pool to create this pool and access the edit page.
Creating a DNS Virtual Server
Your Virtual Server handles incoming DNS requests and passes them on to your back-end DNS Server pool. You associate the GLB Service you created with this Virtual Server.
To create a DNS Virtual Server
1.Navigate to Services > Virtual Servers.
2.In the "Create a new Virtual Server" section, enter the following:
•Virtual Server Name: The identifying name for this virtual server.
•Protocol: Select "DNS (UDP)" or "DNS (TCP)" from the drop-down list.
•Port: Choose the incoming port number that this virtual server listens on.
•Default Traffic Pool: Choose the pool containing your DNS Server nodes. For more information, see Creating a DNS Server Pool.
3.Click Create Virtual Server to create this virtual server and access the edit page.
4.Click GLB Services to access the "Edit GLB Services" page.
5.In the "Add new GLB Service" section, select your required GLB Service from the drop-down list and click Add Service. For more information on creating GLB Services, see Creating a GLB Service.
6.To enable your Virtual Server, set Enabled to "Yes" on the Virtual Server edit page or click the play icon next to the Virtual Server name on the Traffic Manager home page.
EDNS0 Client Subnet Support
Typically, the Traffic Manager uses the IP address of an incoming DNS request to determine the perceived geographic location of the client when making GLB decisions based on location. However, this IP address might belong to an upstream server or recursive resolver rather than the client it originated from. In many cases, it is safe to assume that the DNS request's IP address is topologically close to the source of the request. However, in some circumstances there might be a significant distance between a client and an upstream resolver, leading the Traffic Manager to make less efficient GLB decisions.
To alleviate this situation, the Traffic Manager supports use of the EDNS0 Client Subnet protocol extension to facilitate identification of the originating client subnet IP address in a DNS request. With this feature enabled, your GLB services use the network address stored in this extension rather than the address from which the DNS request originated.
To enable EDNS0 Client Subnet support, configure your DNS virtual server with dns!edns_client_subnet set to “Yes”.
For additional information on the EDNS0 Client Subnet option, refer to RFC 7871 (https://tools.ietf.org/html/rfc7871).