Using a GeoIP Database

Some features of the Traffic Manager require a GeoIP database that maps IP addresses to location - longitude and latitude, city, county and country. GLB uses this GeoIP database to estimate distances between remote users and local datacenters.

You can access the database directly using the included geo.* TrafficScript and Java functions. For example, to discover the 2-letter country code that a site visitor is accessing from, use the following TrafficScript:

$ip = request.getRemoteIP();

$countryCode = geo.getCountryCode( $ip );

Previous versions of the Traffic Manager have included a database derived from MaxMind's GeoLite2 City database in each release. For Traffic Manager version 20.3 onwards, this database must be obtained and downloaded separately. You can download, install, and update the GeoIP database using the update package available from the Pulse Secure Technical Support website.

Alternatively, use your own copy of the MaxMind GeoLite2 or GeoIP2 database. For more detail on this process, see https://community.pulsesecure.net/t5/Pulse-Secure-vADC/Updating-the-Pulse-Secure-vTM-GeoIP-database/ta-p/35215.

Installing the Traffic Manager’s GeoIP Database

Use the steps contained in this section to obtain and install the GeoIP package on your Traffic Manager cluster.

This process requires a restart of your Traffic Manager instances. Consider performing these steps at a time of least impact to your services.

To install the GeoIP database:

1.Log in to https://my.pulsesecure.net and navigate to Software Licensing and Download > Pulse License and Download Center > Software Download > Pulse Secure vADC > Pulse Secure Virtual Traffic Manager > Related Software > Accept > Accept.

2.Select the GeoIP database download package (for example, "geoip_update_20210119.tgz"), click View Details, then click Download.

3.Download the GeoIP package to your local workstation.

4.Log in to the Admin UI of one of your target Traffic Manager instances and use the System > Traffic Managers > Upgrade page to upload the GeoIP package obtained in the previous steps.

5.Select "Upgrade specified traffic managers".

6.Select the Traffic Manager instance you are logged in to.

This method updates Traffic Managers separately to minimize downtime. At this step, if you are satisfied service interruption is not going to impact your users, consider selecting all Traffic Manager instances in the cluster.

7.Click Upgrade.

The Traffic Manager applies the GeoIP package and restarts.

8.Check the error log for any problems reported during the upgrade process.

9.Repeat step 4- step8 for all other cluster members in turn.

Extending the Traffic Manager's GeoIP Database

The database does not include locations for private IP address ranges (see RFC1918), and other IP address ranges might be missing or inaccurate if they were recently allocated or moved. This section provides information on how you can extend the internal GeoIP database to add or override IP address ranges.

Extensions to the database are stored in the following file $ZEUSHOME/zxtm/conf/locations.cfg

Use the following format for each entry, specified as a single line:

firstIP lastIP lat lon CC RR city

The following rules and definitions apply to each mapping:

•The elements in the line are white-space separated.

•The IP address range is inclusive, and the latitude ("lat") and longitude ("lon") are either "-" or decimal degrees.

•For each location mapping, only firstIP and lastIP are required. All other fields are optional. However, to use the Geographic or Adaptive GLB load balancing algorithms, you must also specify a latitude and longitude.

•The country code ("CC") and region code ("RR") are either "-" or two-letter codes. For example, US TX for Texas. The special files $ZEUSHOME/zxtm/etc/geo/country_codes.txt and $ZEUSHOME/zxtm/etc/geo/region_codes.txt provide a full list of the relevant codes.

•The city name can include spaces, for example "San Francisco", but does not specifically have to refer to a city (any descriptive text is acceptable).

Some example mappings:

192.168.0.1 192.168.0.128 52.1234 -0.5678 US TX New datacntr

172.16.0.1 172.16.255.255 - - - - Test VPN

99.98.97.96 99.98.97.99

Testing the IP Address Mappings

You can test any changes with the following example TrafficScript request rule:

$text = "";

# Test your own IP addresses with the whereis function here.

$text .= whereis( "192.168.35.40" ); $text .= "\n";

$text .= whereis( "192.168.199.199" ); $text .= "\n";

$text .= whereis( "17.18.19.20" ); $text .= "\n";

 

http.sendResponse( "200", "text/plain", $text, "" );

 

sub whereis( $ip ) {

return $ip . " is in:\n" .

" Country: " . geo.getCountry( $ip ) . "\n" .

" CountryCode: " . geo.getCountryCode( $ip ) . "\n" .

" Region: " . geo.getRegion( $ip ) . "\n" .

" City: " . geo.getCity( $ip ) . "\n" .

" Long/Lat: " . geo.getLongitude( $ip ) .'/'. geo.getLatitude( $ip ) . "\n";

}

Updating Your Traffic Manager Cluster Configuration

You can edit the locations.cfg file directly and the local Traffic Manager configuration system notices the fact that this file has changed and automatically accepts the location mappings defined within it.

However, by editing a configuration file directly in the file system, your Traffic Manager configuration is not automatically replicated out to other cluster members. To manually replicate out the updated configuration, use one of the following methods on the Traffic Manager you just updated:

•Use the replicate option on the Diagnose > Cluster Diagnosis page in the Admin UI.

•Execute the $ZEUSHOME/zxtm/bin/replicate-config script on the command line.