Product Documentation

Use the EDNS0 client subnet option for GSLB

EDNS Client Subnet (ECS) is a DNS header extension that provides the client subnet details. You can use these details to improve the accuracy of Citrix ADC Global Server Load Balancing (GSLB) by using the client network location rather than the DNS resolver location to determine the topological closeness of the client.

Note

Citrix ADC supports only EDNS0.

Important:

Make sure that the LDNS in your deployment supports EDNS0 Client Subnet so that the incoming DNS queries contains the EDNS0 Client Subnet option and the Citrix ADC appliance uses the ECS address while processing the DNS query.

In a typical GSLB deployment, when you use proximity-based load balancing methods like static proximity or dynamic round-trip time (RTT), the Citrix ADC appliance uses the local DNS (LDNS) IP address for determining the topological closeness of the client and performs GSLB accordingly. But when a centralized DNS resolver, such as Google DNS or OpenDNS, is involved in the deployment, the Citrix ADC appliance sends the DNS request to a datacenter close to the centralized DNS resolver, which might not be close to the client. For example, in a typical Citrix ADC GSLB deployment using the static proximity load balancing method, an end-user request from Japan is sent to a datacenter in Japan and an end user request from California is sent to a datacenter in California. But if a centralized DNS resolver is involved, the Citrix ADC appliance might send a request from Japan to a datacenter in California.

You can use the ECS option in deployments that include the Citrix ADC appliance configured as Authoritative DNS (ADNS) server for a GSLB domain. If you use static proximity as the load balancing method, you can use the IP subnet in the EDNS header instead of the LDNS IP address to determine the geographical proximity of the client. In the case of proxy mode deployment, the Citrix ADC appliance forwards an ECS-enabled DNS query as-is to the back-end servers, and the appliance does not cache ECS-enabled DNS responses.

Note

The ECS option is not applicable for all other deployment modes, such as ADNS mode for non-GSLB domains, resolver mode, and forwarder mode. In all these modes, the ECS option is ignored by the Citrix ADC appliance. Also, by default, ECS is disabled for GSLB deployment.

localized image

localized image

To enable EDNS0 Client Subnet option by using the command line interface:

At the command prompt, type:

set gslb vserver <vserver_name> **-ECS ENABLED

set gslb vserver vserver-GSLB-1 -ECS ENABLED

Address validation

You can configure a GSLB virtual server to verify that the address returned by the EDNS0 Client Subnet (ECS) option of the DNS query is not a private or an unroutable IP address. With address validation enabled, the Citrix ADC appliance ignores the ECS address in the DNS query if it is listed in the following table, and instead uses the LDNS IP address for global server load balancing.

Note

By default, address validation is disabled.

     
Address Type Address Description
IPV4 10.0.0.0/8 For private use
  172.16.0.0/12 For private use
  192.168.0.0/16 For private use
  0.0.0.0/8 Refers to the host on the network
  100.64.0.0/10 Shared address space
  127.0.0.0/8 Loopback address
  169.254.0.0/16 Link Local IPv4 address as defined in RFC 3927
  192.0.0.0/24 Used for IETF protocol assignments, includes the private space 192.168.0.0/16
  192.0.2.0/24 Used for documentation purposes
  192.88.99.0/24 Used for 6to4 Relay Anycast
  198.18.0.0/15 Used in Device benchmark testing
  198.51.100.0/24 Used for documentation purposes
  203.0.113.0/24 Used for documentation purposes
  240.0.0.0/4 Used as reserved
  255.255.255.255/32 Used for broadcast
     
IPv6 ::1/128 loopback address
  ::/128 unspecified address
  ::ffff:0:0/96 IPv4-mapped address
  100::/64 discard-only address block
  2001::/23 Used for IETF protocol assignments
  2001::/32 TEREDO
  2001:2::/48 Used for benchmarking
  2001:db8::/32 Used for documentation purposes
  2001:10::/28 ORCHID
  2002::/16 Used for 6to4 Relay Anycast
  fc00::/7 Unique-local
  fe80::/10 Link-local Unicast addresses

To enable address validation by using the command line interface

At the command prompt, type:

set gslb vserver <vserver_name> -ecsAddressValidation ENABLED

set gslb vserver vserver-GSLB-1 -ecsAddressValidation ENABLED

Use the EDNS0 client subnet option for GSLB

In this article