Synchronizing a Configuration in a GSLB Setup

Typically, a GSLB setup has a few data centers with a GSLB site configured for each data center. In each NetScaler, participating in GSLB, configure one GSLB site as a local site and the others as remote sites. When you add another GSLB site at a later point of time, ensure that all the GSLB sites have the same configuration. To have the same configuration on all the GSLB sites, you can use the NetScaler appliance’s GSLB configuration synchronization option.

The NetScaler appliance from which you use the synchronization option is referred to as the ‘master node’ and the GSLB sites on which the configuration is copied as ‘slave nodes’. When you synchronize a GSLB configuration, the configurations on all the GSLB sites participating in the GSLB setup are made similar to that on the master node.

Synchronization (may also be referred to as ‘auto sync’) is carried out in the following manner:

  • The master node finds the differences between the configuration of the master node and slave node, and changes the configuration of the slave node to make it similar to the master node.
    If you force a synchronization (use the ‘force sync’ option), the NetScaler deletes the GSLB configuration from the slave node and then configures the slave to make it similar to the master node.
  • During synchronization, if a command fails, synchronization is not aborted and the error message are logged into a .err file in the /var/netscaler/gslb directory.
  • Synchronization is done only on the parent sites. GSLB child sites’ configuration is not affected by synchronization. This is because the parent site and the child site configurations are not identical. The child sites configuration consists only of its own and its parent site’s details. Also, GSLB services are not always required to be configured in the child sites.
  • If you disable the internal user login, the GSLB auto sync uses the SSH keys to synchronize the configuration. But, to use GSLB auto sync in partition environment, you need to enable the internal user login and make sure that the partition username in the local and remote GSLB sites is same.
  • For enhanced security, Citrix recommends that you change the internal user account and RPC node passwords. Internal user account password is changed through RPC node password. For details, see Change an RPC node password.


  • On the remote GSLB site RPC node, configure the firewall to accept auto-sync connections by specifying the remote site IP (cluster IP address for cluster setup) and port (3010 for RPC and 3008 for secure RPC). The source IP address that will be used for auto-sync is the NSIP of the master node (NSIP of the configuration coordinator in a cluster setup). The destination IP is the site IP (remote site IP).
  • The source IP address cannot be synchronized across the sites participating in GSLB because the source IP address for a RPC node is specific to each NetScaler appliance. Therefore, after you force a synchronization (using the sync gslb config -forceSync command or by selecting the ForceSync option in the NetScaler GUI), you have to manually change the source IP addressess on the other NetScaler appliances.
    Port 22 is also required for synchronizing the database files to the remote site.

If you use the saveconfig option, the sites that participate in the synchronization process automatically save their configuration, in the following way:

  1. The master node saves its configuration immediately before it initiates the process of synchronization.
  2. After the process of synchronization is complete, the slave nodes save their configuration. A slave node saves its configuration only if the configuration difference was applied successfully on it. If synchronization fails on a slave node, you must manually investigate the cause of the failure and take corrective action.

Limitations of synchronization

  • On the master node, the names of the remote GSLB sites must be identical to the names of sites configured on the NetScaler appliances hosting those sites.
  • During the synchronization, traffic disruptions may occur.
  • NetScaler can synchronize only up to 80000 lines of the configuration.
  • Synchronization may fail:
    • If the spill over method is changed from CONNECTION to DYNAMIC CONNECTION.
    • If you interchange the site prefix of the GSLB services bound to a GSLB virtual server on the master node and then try to synchronize.
    • If the RPC node passwords are different for NetScaler IP address (NSIP) and loopback IP address.
    • If you perform synchronization on GSLB sites that are configured in different partitions of the same NetScaler appliance.
  • If you have configured the GSLB sites as High Availability (HA) pairs, the RPC node passwords of primary and secondary nodes should be same.
  • If you rename any GLSB entity that are part of your GSLB configuration (use “show gslb runningConfig” command to display the GSLB configuration). You need to use the force sync option to synchronize the configuration to other GSLB sites.

Note: To overcome the limitations due to some settings in the GSLB configuration, you can use the force sync option. But, if you use the force sync option the GSLB entities are removed and re-added to the configuration and the GSLB statistics are reset to zero. Hence the traffic is disrupted during the configuration change.

Points to note before starting the synchronization of a GSLB setup

Before you start the synchronization of a GSLB setup, make sure that:

  • On all the GSLB sites including the master node, management access and SSH should be enabled for the IP address of the corresponding GSLB site. The IP address of a GSLB site must be an IP address owned by the NetScaler.

    For more information about adding the GSLB site IP addresses and enabling Management Access, see Configuring a Basic GSLB Site.

  • The GSLB configuration on the NetScaler appliance that is considered as the master node is complete and appropriate to be copied on all the sites.

  • If you are synchronizing the GSLB configuration for the first time, all the sites participating in GSLB need to have the GSLB site entity of their respective local sites.

  • You are not synchronizing sites that, by design, do not have the same configuration.


After a GSLB configuration is synchronized, the configuration cannot be rolled back on any of the GSLB sites. Run the sync gslb config command only if you are sure that the synchronization process will not overwrite the configuration on the remote site. Site synchronization is undesirable when the local and remote sites have different configurations by design, and can lead to site outage. If some commands fail and some commands succeed, the successful commands cannot be rolled back.

To synchronize a GSLB configuration by using the command line interface

At the command prompt, type the following commands to synchronize GSLB sites and verify the configuration:

sync gslb config [-preview | -forceSync <string> | -nowarn | -saveconfig] [-debug]

show gslb syncStatus  


> sync gslb config
[WARNING]: Syncing config may cause configuration loss on other site.
Please confirm whether you want to sync-config (Y/N)? [N]:y
Sync Time: Dec 9 2011 10:56:9
Retrieving local site info: ok
Retrieving all participating gslb sites info: ok
        Getting Config: ok
        Getting Config: ok
        Comparing config: ok
         Applying changes: ok

To synchronize a GSLB configuration by using the NetScaler GUI  

Navigate to Traffic Management > GSLB and, under GSLB Configuration, click Synchronize configuration on remote sites and synchronize the GSLB configuration.

Previewing GSLB synchronization

Note: This feature was introduced in NetScaler release 11.1 build 42.5.

By previewing the GSLB synchronization operation, you can see the differences between the master node and each slave node. If there are any discrepancies, you can troubleshoot before synchronizing the GSLB configuration.

To preview the GSLB synchronization output by using the command line interface  

At the command prompt, type the following command:

sync gslb config -preview

To preview the GSLB synchronization output by using the NetScaler GUI  

  1. Navigate to Configuration > Traffic Management > GSLB > GSLB Configuration > Synchronize configuration on remote sites.
  2. Select the Preview check box.
  3. Click Run.
    A progress window displays any discrepancies in the configuration.

Debugging the commands triggered during synchronization process

You can view the status (success or failure) of each command triggered during the synchronization process and troubleshoot accordingly.

To debug the GSLB synchronization commands by using the command line interface  

At the command prompt, type the following command:

sync gslb config -debug

To debug the GSLB synchronization commands by using the NetScaler GUI

  1. Navigate to Configuration > Traffic Management > GSLB > GSLB Configuration > Synchronize configuration on remote sites.
  2. Select the Debug check box.
  3. Click Run.
    A progress window displays the status of each command triggered during synchronization.

Real-time synchronization between sites participating in GSLB

Note: This feature was introduced in NetScaler release 11.1 build 51.x.

If you want to synchronize GSLB configuration across slave sites automatically when the commands are executed on master sites, you can now use the AutomaticConfigSync option to automatically synchronize the real-time GSLB configuration. You do not have to manually trigger the AutoSync option to synchornize the configuration.

If you attempt to manually synchronize (with the sync gslb config command) a site while it is being autosynchronized, a “Sync in progress” error message appears. Autosynchronization cannot be triggered for a site that is in the process of being synchronized manually.


  • All logs related to real-time sync are stored in the /var/netscaler/gslb/periodic_sync.log file.
  • The sync status file and default configuration file are stored in the location /var/netscaler/gslb_sync.
  • Enabling AutomaticConfigSync from default partition of a partitioned appliance is not supported. However, it can be enabled from all other partitions. The sync status file and default configuration file are stored in the location /var/partitions/<partition name>/netscaler/gslb_sync.

To enable real-time synchronization by using the command line interface  

At the command prompt, type the following command:

set gslb parameter –automaticConfigSync (ENABLED DISABLED)

To enable real-time synchronization by using the NetScaler GUI  

  1. Navigate to Configuration >Traffic Management > GSLB > Change GSLB Settings.
  2. Select Automatic Config Sync check box.

           Note: This option must be enabled only in the site where the configuration is performed.

Best practices for using the real-time synchronization feature

  • It is recommended that all the NetScaler appliances participating as sites have the same NetScaler software version.
  • To change the RPC node password, first change the password on the slave site and then on the master site.
  • Configure local GSLB sites on each site participating in GSLB.
  • Enable automaticConfigSync on one of the sites where the configuration is performed. This site eventually gets synchronized to other GSLB sites.
  • If there is a new configuration or changes are made to the existing configuration, make sure to check the status using the “show gslb syncStatus” command to confirm if the changes are synchronized across all sites or if there was any error.