Citrix ADC Global load balancing for hybrid and multi-cloud deployments
The Citrix ADC hybrid and multi-cloud global load balancing (GLB) solution enables you to distribute application traffic across multiple data centers in hybrid clouds, multiple clouds, and on-premises deployment. The ADC hybrid and multi-cloud GLB solution helps you to manage your load balancing setup in hybrid or multi-cloud without altering the existing setup. Also, if you have an on-premises setup, you can test some of your services in the cloud by using the hybrid and multi-cloud GLB solution before completely migrating to the cloud. For example, you can route only a small percentage of your traffic to the cloud, and handle most of the traffic on premises. The hybrid and multi-cloud GLB solution also enables you to manage and monitor Citrix ADC instances across geographic locations from a single, unified console.
A hybrid and multi-cloud architecture can also improve overall enterprise performance by avoiding “vendor lock-in” and using different infrastructure to meet the needs of your partners and customers. With multiple cloud architecture, you can manage your infrastructure costs better as you now have to pay only for what you use. You can also scale your applications better as you now use the infrastructure on demand. It also provides the ability to quickly switch from one cloud to another to take advantage of the best offerings of each provider.
Architecture of the ADC hybrid and multi-cloud GLB solution
The following diagram illustrates the architecture of the ADC hybrid and multi-cloud GLB feature.
The ADC GLB nodes handle the DNS name resolution. Any of these GLB nodes can receive DNS requests from any client location. The GLB node that receives the DNS request returns the load balancer virtual server IP address as selected by the configured load balancing method. Metrics (site, network, and persistence metrics) are exchanged between the GLB nodes using the metrics exchange protocol (MEP), which is a proprietary Citrix protocol. For more information on the MEP protocol, see Configuring the Metrics Exchange Protocol. The monitor configured in the GLB node monitors the health status of the load balancing virtual server in the same data center. In a parent-child topology, metrics between the GLB and the ADC nodes are exchanged by using MEP. However, configuring monitor probes between a GLB and the ADC LB node is optional in a parent-child topology.
The Citrix Application Delivery Management (ADM) service agent enables communication between ADM and the managed instances in your data center. For more information on ADM service agents and how to install them, see Getting Started.
This document makes the following assumptions:
- If you have existing load balancing setup, it is up and running.
- A SNIP address or a GLB site IP address is configured on each of the ADC GLB nodes. This IP address is used as the datacenter source IP address when exchanging metrics with other datacenters.
- An ADNS or ADNS-TCP service is configured on each of the ADC GLB instances to receive the DNS traffic.
- The required firewall and security groups are configured in the cloud service providers.
Security groups configuration
You must set up the required firewall/security groups configuration in the cloud service providers. For more information about AWS security features, see AWS documentation. For more information about Microsoft Azure Network Security Groups, see Microsoft Azure documentation.
In addition, on the GLB node, you must open port 53 for ADNS service/DNS server IP address and port 3009 for GSLB site IP address for MEP traffic exchange. On the load balancing node, you must open the appropriate ports to receive the application traffic. For example, you must open port 80 for receiving HTTP traffic and open port 443 for receiving HTTPS traffic. Open port 443 for NITRO communication between the ADM service agent and ADM.
For the dynamic round trip time GLB method, you must open port 53 to allow UDP and TCP probes depending on the configured LDNS probe type. The UDP or the TCP probes are initiated using one of the SNIPs and therefore this setting must be done for security groups bound to the server side subnet.
Capabilities of the ADC hybrid and multi-cloud GLB solution
Some of the capabilities of the ADC hybrid and multi-cloud GLB solution are described in this section:
Compatibility with other load balancing solutions
The ADC hybrid and multi-cloud GLB solution supports various load balancing solutions, such as the ADC load balancer, Nginx, HAProxy, and other third-party load balancers.
Note: Load balancing solutions other than ADC are supported only if proximity-based and non-metric based GLB methods are used and if parent-child topology is not configured.
The Citrix ADC hybrid and multi-cloud GLB solution supports the following GLB methods.
Metric-based GLB methods.
Metric-based GLB methods collect metrics from the other ADC nodes through the metrics exchange protocol.
- Least Connection. The client request is routed to the load balancer that has fewest active connections.
- Least Bandwidt. The client request is routed to the load balancer that is currently serving the least amount of traffic.
- Least Packets. The client request is routed to the load balancer that has received the fewest packets in the last 14 seconds.
- Non-metric based GLB methods
- Round Robin. The client request is routed to the IP address of the load balancer that is at the top of the list of load balancers. That load balancer then moves to the bottom of the list.
- Source IP Hash. This method uses the hashed value of the client IP address to select a load balancer.
- Proximity-based GLB methods
- Static Proximity. The client request is routed to the load balancer that is closest to the client IP address.
- Round-Trip Time (RTT). This method uses the RTT value (the time delay in the connection between the client’s local DNS server and the data center) to select the IP address of the best performing load balancer.
For more information on the load balancing methods, see Load Balancing Algorithms.
The ADC hybrid and multi-cloud GLB solution supports the active-passive topology and parent-child topology.
- Active-passive topology. Provides disaster recovery and ensures continuous availability of applications by protecting against points of failure. If the primary data center goes down, the passive data center becomes operational. For more information about GSLB active-passive topology, see Configuring GSLB for Disaster Recovery.
- Parent-child topology. Can be used if you are using the metric-based GLB methods to configure GLB and LB nodes and if the LB nodes are deployed on a different ADC instance. In a parent-child topology, the LB node (child site) must be an ADC appliance because the exchange of metrics between the parent and child site is through the metrics exchange protocol (MEP).
For more information about parent-child topology, see Parent-Child Topology Deployment Using the MEP Protocol.
The ADC hybrid and multi-cloud GLB solution also supports IPv6.
The ADC hybrid and multi-cloud GLB solution supports built-in monitors with an option to enable the secure connection. However, if LB and GLB configurations are on the same NetSADCcaler instance or if parent-child topology is used, configuring monitors is optional.
The ADC hybrid and multi-cloud GLB solution supports;
- Source IP based persistence sessions, so that multiple requests from the same client are directed to the same service if they arrive within the configured time-out window. If the time-out value expires before the client sends another request, the session is discarded, and the configured load balancing algorithm is used to select a new server for the client’s next request.
- Spillover persistence so that the backup virtual server continues to process the requests it receives, even after the load on the primary falls below the threshold. For more information, see Configuring Spillover.
- Site persistence so that the GLB node selects a data center to process a client request and forwards the IP address of the selected data center for all subsequent DNS requests. If the configured persistence applies to a site that is DOWN, the GLB node uses a GLB method to select a new site, and the new site becomes persistent for subsequent requests from the client.
Configuration by using Citrix ADM StyleBooks
You can use the default Multi-cloud GLB StyleBook on Citrix ADM to configure the ADC instances with hybrid and multi-cloud GLB configuration.
You can use the default Multi-cloud GLB StyleBook for LB Node StyleBook to configure the ADC load balancing nodes which are the child sites in a parent-child topology that handle the application traffic. Use this StyleBook only if you want to configure LB nodes in case of a parent-child topology. However, each LB node must be configured separately using this StyleBook.
Workflow of ADC hybrid and multi-cloud GLB solution configuration
You can use the shipped Multi-cloud GLB StyleBook on ADM to configure the ADC instances with hybrid and multi-cloud GLB configuration.
The following diagram shows the workflow for configuring ADC hybrid and multi-cloud GLB solution. The steps in the workflow diagram are explained in more detail after the diagram.
Perform the following tasks as a cloud administrator:
Sign up for a Citrix Cloud account.
To start using Citrix ADM, create a new Citrix Cloud company account or join an existing one that has been created by someone in your company.
Request an ADM Trial.
After you log on to Citrix Cloud, click Request Trial to obtain access to the trial and to set up the service for the first time.
Download and install multiple ADM service agents.
You must install and configure the ADM service agent in your network environment to enable communication between the ADM and the managed instances in your data center or cloud. Install an agent in each region, so that you can configure LB and GLB configurations on the managed instances. The LB and GLB configurations can share a single agent. For more information on the above three tasks, see Getting Started.
Deploy load balancers on Microsoft Azure/AWS cloud/on-premises data centers.
Depending on the type of load balancers that you are deploying on cloud and on-premises, provision them accordingly. For example, you can provision ADC VPX instances in a Microsoft Azure Resource Manager (ARM) portal, in an Amazon Web Services (AWS) virtual private cloud and/or in on-premises data centers. Configure ADC instances to function as LB or GLB nodes in standalone mode, by creating the virtual machines and configuring other resources. For more information on how to deploy ADC VPX instances, see the following documents:
Perform security configurations.
Configure network security groups and network ACLs in ARM and/or AWS to control inbound and outbound traffic for your instances and subnets.
Add ADC instances in ADM.
ADC instances are ADC network appliances or virtual appliances that you want to discover, manage, and monitor from ADM. To manage and monitor these instances, you must add the instances to the service and register both LB (if you are using ADC for LB) and GLB instances. For more information on how to add ADC instances in ADM, see Getting Started.
Implement the GLB and LB configurations using default ADM StyleBooks.
Use Multi-cloud GLB StyleBook to execute the GLB configuration on the selected GLB ADC instances.
Implement the load balancing configuration. (You can skip this step if you already have LB configurations on the managed instances.)
You can configure load balancers on ADC instances in one of two ways:
Manually configure the instances for load balancing the applications. For more information on how to manually configure the instances, see Setting Up Basic Load Balancing.
Use StyleBooks. You can use one of the ADM StyleBooks (HTTP/SSL LoadBalancing StyleBook or HTTP/SSL LoadBalancing (with Monitors) StyleBook) to create the load balancer configuration on the selected ADC instance. You can also create your own StyleBooks. For more information on StyleBooks, see StyleBooks.
Use Multi-cloud GLB StyleBook for LB Node to configure GLB parent-child topology in any of the following cases:
If you are using the metric-based GLB algorithms (Least Packets, Least Connections, Least Bandwidth) to configure GLB and LB nodes and if the LB nodes are deployed on a different ADC instance.
If site persistence is required.