ADC

Configure a GSLB service group

Service group enables you to manage a group of services as easily as a single service. For example, if you enable or disable an option, such as compression, health monitoring, or graceful shutdown, for a service group, the option gets enabled or disabled for all the members of the service group.

After creating a service group, you can bind it to a virtual server, and you can add services to the group. You can also bind monitors to the service groups.

Important

If the load balancing virtual server is either in a GSLB node itself or is in a child node (in parent-child deployment) and no monitors are bound to the GSLB service, then make sure the following:

The GLSB service group IP address, port number, and protocol match the virtual server that the service is representing. Else, the service state is marked as DOWN.

The Citrix ADC supports the following types of GSLB service groups.

  • IP address based service groups
  • Domain name based service groups
  • Domain name based autoscale service groups

GSLB domain name based autoscale service groups

The Citrix ADC hybrid and multi-cloud global server load balancing (GSLB) solution enables customers to distribute application traffic across multiple data centers in hybrid clouds, multiple clouds, and on-premises. The Citrix ADC GSLB solution supports various load balancing solutions, such as the Citrix ADC load balancer, Elastic Load Balancing (ELB) for AWS, and other third-party load balancers. Also, the GSLB solution performs global load balancing even if the GSLB and load balancing layers are independently managed.

In cloud deployments, users are given a domain name as a reference when accessing the load balancing solution for management purposes. It is recommended that external entities do not use the IP addresses that these domain names resolve to. Also, the load balancing layers scale up or down based on the load, and the IP addresses are not guaranteed to be static. Therefore, it is recommended to use the domain name to refer to the load balancing endpoints instead of IP addresses. This requires the GSLB services to be referred using the domain name instead of IP addresses and it must consume all the IP addresses returned for the load balancing layer domain name and have a representation for the same in GSLB.

To use domain names instead of IP addresses when referring to the load balancing endpoints, you can use the domain name based service groups for GSLB.

Monitor GSLB domain name based service groups

The Citrix ADC appliance has two built-in monitors that monitor TCP-based applications; tcp-default and ping-default. The tcp-default monitor is bound to all TCP services and the ping-default monitor is bound to all non-TCP services. The built-in monitors are bound by default to the GSLB service groups. However, it is recommended to bind an application specific monitor to the GSLB service groups.

Recommendation for setting the trigger monitors option to MEPDOWN

The Trigger Monitors option can be used to indicate if the GSLB site must use the monitors always, or use monitors when the metrics exchange protocol (MEP) is DOWN.

The Trigger Monitors option is set to ALWAYS by default.

When the Trigger Monitors option is set to ALWAYS, each GSLB node triggers the monitors independently. If each GSLB node triggers the monitors independently, then each GSLB node might operate on different set of GSLB services. This might result in discrepancies in the DNS responses for the DNS requests landing on these GSLB nodes. Also, if each GSLB node is monitoring independently, then the number of monitor probes reaching the load balancer entity increases. The persistence entries also become incompatible across the GSLB nodes.

Therefore, it is recommended that the Trigger Monitors option on the GSLB site entity is set to MEPDOWN. When the Trigger Monitors option is set to MEPDOWN, the load balancing domain resolution and monitoring ownership lies with the local GSLB node. When the Trigger Monitors option is set to MEPDOWN, the load balancing domain resolution and subsequent monitoring is done by the local GSLB node of a GSLB service group. The results are then propagated to all other nodes participating in GSLB by using the metrics exchange protocol (MEP).

Also, whenever the set of IP addresses associated with a load balancing domain are updated, it is notified through MEP.

Limitations of GSLB service groups

  • For a load balancing domain, the IP address that is returned in the DNS response is generally the public IP address. The private IP address cannot be applied dynamically when the load balancing domain is resolved. Therefore, public IP port and private IP port for the GSLB domain name based autoscale service groups IP port bindings are the same. These parameters cannot be set explicitly for the domain name based autoscale service groups.
  • Site persistence, DNS views, and clustering are not supported for GSLB service groups.

Configure and manage GSLB service groups by using the CLI

To add a GSLB service group:

add gslb serviceGroup <serviceGroupName>@ <serviceType> [-autoScale ( DISABLED | DNS )] -siteName <string>
<!--NeedCopy-->

Example:

add gslb serviceGroup Service-Group-1 http -siteName Site1 -autoScale DNS
<!--NeedCopy-->

To bind a GSLB service group to a virtual server

bind gslb serviceGroup <serviceGroupName> ((<IP>@ <port>) | <serverName>@ | (-monitorName <string>@))
<!--NeedCopy-->

Example:

bind gslb serviceGroup Service-Group-1 203.0.113.2
bind gslb serviceGroup Service-Group-1 S1 80
bind gslb serviceGroup Service-Group-1 -monitorName Mon1
<!--NeedCopy-->

To unbind a GSLB service group to a virtual server:

unbind gslb serviceGroup <serviceGroupName> ((<IP>@ <port>) | <serverName>@ | -monitorName <string>@)
<!--NeedCopy-->

Example:

unbind gslb serviceGroup Service-Group-1 -monitorName Mon1
<!--NeedCopy-->

To set parameters for a GSLB service group:

set gslb serviceGroup <serviceGroupName>@ [(<serverName>@ <port> [-weight <positive_integer>] [-hashId <positive_integer>] [-publicIP <ip_addr|ipv6_addr|*>] [-publicPort <port>]) | -maxClient <positive_integer> | -cip ( ENABLED | DISABLED ) | <cipHeader> | -cltTimeout <secs> | -svrTimeout <secs> | -maxBandwidth <positive_integer> | -monThreshold <positive_integer> | -downStateFlush ( ENABLED | DISABLED )] [-monitorName <string> -weight <positive_integer>] [-healthMonitor ( YES | NO )] [-comment <string>] [-appflowLog ( ENABLED | DISABLED )]
<!--NeedCopy-->

To unset parameters from a GSLB service group:

unset gslb serviceGroup <serviceGroupName>@ [<serverName>@ <port> [-weight] [-hashId] [-publicIP] [-publicPort]] [-maxClient] [-cip] [-cltTimeout] [-svrTimeout] [-maxBandwidth] [-monThreshold] [-appflowLog] [-monitorName] [-weight] [-healthMonitor] [-cipHeader] [-downStateFlush] [-comment]
<!--NeedCopy-->

To enable a GSLB service group:

enable gslb serviceGroup <serviceGroupName>@ [<serverName>@ <port>]
<!--NeedCopy-->

Example:

enable gslb serviceGroup SG1 S1 80
<!--NeedCopy-->

To disable a GSLB service group:

disable gslb serviceGroup <serviceGroupName>@ [<serverName>@ <port>] [-delay <secs>] [-graceFul ( YES /| NO )]
<!--NeedCopy-->

Example:

disable gslb serviceGroup SRG2 S1 80
<!--NeedCopy-->

Note:

The service group that has to be disabled must be a DBS service group and not an autoscale service group.

To remove a GSLB service group:

rm gslb serviceGroup <serviceGroupName>
<!--NeedCopy-->

Example:

rm gslb serviceGroup Service-Group-1
<!--NeedCopy-->

To view the statistics of a GSLB service group:

stat gslb serviceGroup [<serviceGroupName>]
<!--NeedCopy-->

Example:

stat gslb serviceGroup Service-Group-1
<!--NeedCopy-->

To view the properties of a GSLB service group:

show gslb serviceGroup [<serviceGroupName>  -includeMembers]
<!--NeedCopy-->

Example:

show gslb serviceGroup SG1
show gslb serviceGroup -includeMembers
<!--NeedCopy-->

Changes to the existing GSLB CLI commands

The following changes are done to the existing GSLB commands after the introduction of the GSLB service groups:

  • bind gslb vserver - The service group name is added to the bind command.

    Example:

     bind gslb vserver <name> ((-serviceName <string> [-weight <positive_integer>] ) | <serviceGroupName>@ | | (-domainName <string> [-TTL <secs>] [-backupIP<ip_addr|ipv6_addr|*>] [-cookieDomain <string>] [-cookieTimeout <mins>][-sitedomainTTL <secs>]) | (-policyName <string>@ [-priority<positive_integer>] [-gotoPriorityExpression <expression>] [-type REQUEST | RESPONSE )]))
     <!--NeedCopy-->
    
  • unbind gslb vserver - The service group is added to the unbind command.

    Example:

     unbind gslb vserver <name> (-serviceName <string> <serviceGroupName> @ /(-domainName <string> [-backupIP] [-cookieDomain]) | -policyName <string>@)
     <!--NeedCopy-->
    
  • show gslb site - When this command is run, the GSLB service groups are also displayed.

  • show gslb vs - When this command is run, the GSLB service groups are be displayed.

  • stat gslb vs - When this command is run, the GSLB service groups statistics are also displayed.

  • show lb monitor bindings - When this command is run, the GSLB service group bindings are also displayed.

Configure GSLB service groups by using the GUI

  1. Navigate to Traffic Management > GSLB > Service Groups.
  2. Create a service group and set the AutoScale Mode to DNS.

Configure site persistence for the GSLB service groups

You can configure site persistence for the IP address based and domain name based service groups. Site persistence is not supported for domain name based autoscale service groups.

To set site persistence based on HTTP cookies by using the CLI

  • For connection proxy persistence, you do not have to set the site prefix.

At the command prompt, type:

set gslb service group <serviceGroupName> [-sitePersistence <sitePersistence>]
<!--NeedCopy-->
  • For HTTP redirect persistence, you must first set the site prefix for a member of the service group and then set the HTTPRedirect persistence parameter for the service group.

At the command prompt, type:

set gslb servicegroup <serviceGroupName>  <serviceGroup member name|Ip> <port>  [-sitePrefix <string>]

set gslb servicegroup <serviceGroupName> [-sitePersistence <sitePersistence>]
<!--NeedCopy-->

Examples:

  • Connection proxy persistence

     set gslbservicegroup sg1 -sitePersistence connectionProxy
     <!--NeedCopy-->
    
  • HTTPRedirect persistence

     set gslb servicegroup sg2 test1 80 -sitePrefix vserver-GSLB-1
     <!--NeedCopy-->
    
     set gslb servicegroup sg2 -sitePersistence HTTPRedirect
     <!--NeedCopy-->
    

To set site persistence based on cookies by using the GUI

  1. Navigate to Traffic Management > GSLB > Services Groups and select the service group that you want to configure for site persistence (for example, servicegroup-GSLB-1).
  2. Click the Site Persistence section and set the persistence that meets your requirement.

Tip

For deployment scenario and example configuration of GSLB service groups, see the following topics:

Configure a GSLB service group