Product Documentation

Synchronizing a Configuration in a GSLB Setup

Jun 19, 2018

Typically, a GSLB setup has a few data centers with a GSLB site configured for each data center. In each NetScaler, participating in GSLB, configure one GSLB site as a local site and the others as remote sites. When you add another GSLB site at a later point of time, ensure that all the GSLB sites have the same configuration. To have the same configuration on all the GSLB sites, you can use the NetScaler appliance's GSLB configuration synchronization option.

The NetScaler appliance from which you use the synchronization option is referred to as the 'master node' and the GSLB sites on which the configuration is copied as 'slave nodes'. When you synchronize a GSLB configuration, the configurations on all the GSLB sites participating in the GSLB setup are made similar to that on the master node.

Synchronization (may also be referred to as 'auto sync') is carried out in the following manner:
  • The master node finds the differences between the configuration of the master node and slave node, and changes the configuration of the slave node to make it similar to the master node.
    If you force a synchronization (use the 'force sync' option), the NetScaler deletes the GSLB configuration from the slave node and then configures the slave to make it similar to the master node.
  • During synchronization, if a command fails, synchronization is not aborted and the error message are logged into a .err file in the /var/netscaler/gslb directory.
  • Synchronization is done only on the parent sites. GSLB child sites’ configuration is not affected by synchronization. This is because the parent site and the child site configurations are not identical. The child sites configuration consists only of its own and its parent site’s details. Also, GSLB services are not always required to be configured in the child sites.
  • If you disable the internal user login, the GSLB auto sync uses the SSH keys to synchronize the configuration. But, to use GSLB auto sync in partition environment, you need to enable the internal user login and make sure that the partition username in the local and remote GSLB sites is same.   


  • On the remote GSLB site RPC node, configure the firewall to accept auto-sync connections by specifying the remote site IP (cluster IP address for cluster setup) and port (3010 for RPC and 3008 for secure RPC). The source IP address that will be used for auto-sync is the NSIP of the master node (NSIP of the configuration coordinator in a cluster setup). The destination IP is the site IP (remote site IP).
  • The source IP address cannot be synchronized across the sites participating in GSLB because the source IP address for a RPC node is specific to each NetScaler appliance. Therefore, after you force a synchronization (using the sync gslb config -forceSync command or by selecting the ForceSync option in the NetScaler GUI), you have to manually change the source IP addressess on the other NetScaler appliances.
  • Port 22 is also required for synchronizing the database files to the remote site.   

If you use the saveconfig option, the sites that participate in the synchronization process automatically save their configuration, in the following way:

  1. The master node saves its configuration immediately before it initiates the process of synchronization.
  2. After the process of synchronization is complete, the slave nodes save their configuration. A slave node saves its configuration only if the configuration difference was applied successfully on it. If synchronization fails on a slave node, you must manually investigate the cause of the failure and take corrective action.

Limitations of synchronization:

  • On the master node, the names of the remote GSLB sites must be identical to the names of sites configured on the NetScaler appliances hosting those sites.
  • During the synchronization, traffic disruptions may occur.
  • NetScaler can synchronize only up to 80000 lines of the configuration.
  • Synchronization may fail:
    • If the spill over method is changed from CONNECTION to DYNAMIC CONNECTION.
    • If you interchange the site prefix of the GSLB services bound to a GSLB virtual server on the master node and then try to synchronize.
    • If the RPC node passwords are different for NetScaler IP address (NSIP) and loopback IP address.
  • If you have configured the GSLB sites as High Availability (HA) pairs, the RPC node passwords of primary and secondary nodes should be same.
  • If you rename any GLSB entity that are part of your GSLB configuration (use “show gslb runningConfig” command to display the GSLB configuration). You need to use the force sync option to synchronize the configuration to other GSLB sites.

Note: To overcome the limitations due to some settings in the GSLB configuration, you can use the force sync option. But, if you use the force sync option the GSLB entities are removed and re-added to the configuration and the GSLB statistics are reset to zero. Hence the traffic is disrupted during the configuration change.

Before you start the synchronization of a GSLB setup, make sure that:

  • On all the GSLB sites including the master node, management access and SSH should be enabled for the IP address of the corresponding GSLB site. The IP address of a GSLB site must be an IP address owned by the NetScaler. For more information about adding the GSLB site IP addresses and enabling Management Access, see "Configuring a Basic GSLB Site".
  • The GSLB configuration on the NetScaler appliance that is considered as the master node is complete and appropriate to be copied on all the sites.
  • If you are synchronizing the GSLB configuration for the first time, all the sites participating in GSLB need to have the GSLB site entity of their respective local sites.
  • You are not synchronizing sites that, by design, do not have the same configuration.