Product Documentation

Using the EDNS0 Client Subnet Option for Global Server Load Balancing

Sep 13, 2016

EDNS Client Subnet (ECS) is a DNS header extension that provides the client subnet details. You can use these details to improve the accuracy of NetScaler Global Server Load Balancing (GSLB) by using the client network location rather than the DNS resolver location to determine the topological closeness of the client.

메모

NetScaler supports only EDNS0.

Important

Make sure that the LDNS in your deployment supports EDNS0 Client Subnet so that the incoming DNS queries contains the EDNS0 Client Subnet option and the NetScaler appliance uses the ECS address while processing the DNS query.

In a typical GSLB deployment, when you use proximity-based load balancing methods like static proximity or dynamic round-trip time (RTT), the NetScaler appliance uses the local DNS (LDNS) IP address for determining the topological closeness of the client and performs GSLB accordingly. But when a centralized DNS resolver, such as Google DNS or OpenDNS, is involved in the deployment, the NetScaler appliance sends the DNS request to a datacenter close to the centralized DNS resolver, which might not be close to the client. For example, in a typical NetScaler GSLB deployment using the static proximity load balancing method, an end-user request from Japan is sent to a datacenter in Japan and an end user request from California is sent to a datacenter in California. But if a centralized DNS resolver is involved, the NetScaler appliance might send a request from Japan to a datacenter in California.

You can use the ECS option in deployments that include the NetScaler appliance configured as Authoritative DNS (ADNS) server for a GSLB domain. If you use static proximity as the load balancing method, you can use the IP subnet in the EDNS header instead of the LDNS IP address to determine the geographical proximity of the client. In the case of proxy mode deployment, the NetScaler appliance forwards an ECS-enabled DNS query as-is to the back-end servers, and the appliance does not cache ECS-enabled DNS responses.

메모

The ECS option is not applicable for all other deployment modes, such as ADNS mode for non-GSLB domains, resolver mode, and forwarder mode. In all these modes, the ECS option is ignored by NetScaler. Also, by default, ECS is disabled for GSLB deployment.

localized image
localized image

To enable EDNS0 Client Subnet option by using the command line interface:

At the command prompt, type:

set gslb vserver <vserver_name> -ECS ENABLED

Example 복사

set gslb vserver vserver-GSLB-1 -ECS ENABLED

Address Validation

You can configure a GSLB virtual server to verify that the address returned by the EDNS0 Client Subnet (ECS) option of the DNS query is not a private or an unroutable IP address. With address validation enabled, the NetScaler appliance ignores the ECS address in the DNS query if it is listed in the following table, and instead uses the LDNS IP address for global server load balancing.

메모

By default, address validation is disabled.

Address Type

Address

Description

IPV4

10.0.0.0/8

For private use

 

172.16.0.0/12

For private use

 

192.168.0.0/16

For private use

 

0.0.0.0/8

Refers to the host on the network

 

100.64.0.0/10

Shared address space

 

127.0.0.0/8

Loopback address

 

169.254.0.0/16

Link Local IPv4 address as defined in RFC 3927

 

192.0.0.0/24

Used for IETF protocol assignments, includes the private space 192.168.0.0/16

 

192.0.2.0/24

Used for documentation purposes

 

192.88.99.0/24

Used for 6to4 Relay Anycast

 

198.18.0.0/15

Used in Device benchmark testing

 

198.51.100.0/24

Used for documentation purposes

 

203.0.113.0/24

Used for documentation purposes

 

240.0.0.0/4

Used as reserved

 

255.255.255.255/32

Used for broadcast

 

 

 

IPv6

::1/128

loopback address

 

::/128

unspecified address

 

::ffff:0:0/96

IPv4-mapped address

 

100::/64

discard-only address block

 

2001::/23

Used for IETF protocol assignments

 

2001::/32

TEREDO

 

2001:2::/48

Used for benchmarking

 

2001:db8::/32 

Used for documentation purposes

 

2001:10::/28

ORCHID

 

2002::/16

Used for 6to4 Relay Anycast

 

fc00::/7

Unique-local

 

fe80::/10

Link-local Unicast addresses

To enable address validation by using the command line interface:

At the command prompt, type:

set gslb vserver <vserver_name> -ecsAddressValidation ENABLED

Example 복사

set gslb vserver vserver-GSLB-1 -ecsAddressValidation ENABLED