ADC

Use the EDNS0 client subnet option for Global Server Load Balancing

EDNS Client Subnet (ECS) is a Domain Name Server (DNS) header extension that provides the client subnet details. You can use these details to improve the accuracy of Citrix ADC Global Server Load Balancing (GSLB) by using the client network location rather than the DNS resolver location to determine the topological closeness of the client.

Note

Citrix ADC supports only EDNS0.

Important:

Make sure that the Local Domain Name Server (LDNS) in your deployment supports the EDNS0 Client Subnet so that the incoming DNS queries contain the EDNS0 Client Subnet option and the Citrix ADC appliance uses the ECS address while processing the DNS query.

The Citrix ADC appliance uses the LDNS IP address for determining the topological closeness of the client and performs GSLB so, when you use proximity-based load balancing methods like static proximity or dynamic round-trip time (RTT). It happens in a typical GSLB deployment. But when a centralized DNS resolver, such as Google DNS or OpenDNS, is involved in the deployment, the Citrix ADC appliance sends the DNS request to a data center close to the centralized DNS resolver, which might not be close to the client. For example, in a typical Citrix ADC GSLB deployment using the static proximity load balancing method, an end-user request from Japan is sent to a data center in Japan and an end user request from California is sent to a data center in California. But if a centralized DNS resolver is involved, the Citrix ADC appliance might send a request from Japan to a data center in California.

You can use the ECS option in deployments that include the Citrix ADC appliance configured as an Authoritative DNS (ADNS) server for a GSLB domain. If you use static proximity as the load balancing method, you can use the IP subnet in the EDNS header instead of the LDNS IP address. This helps to determine the geographical proximity of the client. In proxy mode deployment, the Citrix ADC appliance forwards an ECS-enabled DNS query as-is to the back-end servers. The appliance does not cache ECS-enabled DNS responses.

Note

The ECS option is not applicable for all other deployment modes, such as ADNS mode for non-GSLB domains, resolver mode, and forwarder mode. The ECS option is ignored by the Citrix ADC appliance in the preceding mentioned modes. Also, by default, ECS is disabled for GSLB deployment.

GSLB EDNSO

EDNSO GSLB

To enable the EDNS0 Client Subnet option by using the command line interface:

At the command prompt, type:

set gslb vserver <vserver_name> **-ECS ENABLED

set gslb vserver vserver-GSLB-1 -ECS ENABLED
<!--NeedCopy-->

Address validation

You can configure a GSLB virtual server to verify that the address returned by the EDNS0 Client Subnet (ECS) option of the DNS query is not a private or an unroutable IP address. With address validation enabled, the Citrix ADC appliance ignores the ECS address in the DNS query if it is listed in the following table, and instead uses the LDNS IP address for global server load balancing.

Note

By default, address validation is disabled.

Address Type Address Description
IPV4 10.0.0.0/8 For private use
  172.16.0.0/12 For private use
  192.168.0.0/16 For private use
  0.0.0.0/8 Refers to the host on the network
  100.64.0.0/10 Shared address space
  127.0.0.0/8 Loopback address
  169.254.0.0/16 Link Local IPv4 address as defined in RFC 3927
  192.0.0.0/24 Used for IETF protocol assignments, includes the private space 192.168.0.0/16
  192.0.2.0/24 Used for documentation purposes
  192.88.99.0/24 Used for 6to4 Relay Anycast
  198.18.0.0/15 Used in Device benchmark testing
  198.51.100.0/24 Used for documentation purposes
  203.0.113.0/24 Used for documentation purposes
  240.0.0.0/4 Used as reserved
  255.255.255.255/32 Used for broadcast
     
IPv6 ::1/128 loopback address
  ::/128 unspecified address
  ::ffff:0:0/96 IPv4-mapped address
  100::/64 discard-only address block
  2001::/23 Used for IETF protocol assignments
  2001::/32 TEREDO
  2001:2::/48 Used for benchmarking
  2001:db8::/32 Used for documentation purposes
  2001:10::/28 ORCHID
  2002::/16 Used for 6to4 Relay Anycast
  fc00::/7 Unique-local
  fe80::/10 Link-local Unicast addresses

To enable address validation by using the command line interface

At the command prompt, type:

set gslb vserver <vserver_name> -ecsAddrValidation ENABLED

set gslb vserver vserver-GSLB-1 -ecsAddrValidation ENABLED
<!--NeedCopy-->
Use the EDNS0 client subnet option for Global Server Load Balancing