Mais conteúdo relacionado Semelhante a Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks) (20) Mais de Avi Networks (20) Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)1. Confidential │ ©2019 VMware, Inc.
Deep-dive on GSLB with
VMware NSX Advanced
Load Balancer (Avi
Networks)
Avi Tech Corner Episode 11
G. Wesley Robertson
SE, NSBU
10/24/19
2. Confidential │ ©2019 VMware, Inc.
Agenda
2
Platform Overview
DNS / GSLB 101
Avi GSLB Solution
Use Cases
Demo
Q&A
3. Confidential │ ©2019 VMware, Inc. 3
BARE METAL VIRTUALIZED CONTAINERSON PREMISES PUBLIC CLOUDVIRTUALIZED CONTAINERS
INTELLIGENCE
ELASTICITY
AUTOMATIONMULTI-CLOUD
SEPARATE CONTROL
& DATA PLANE
VMware NSX Advanced Load Balancer (Avi Networks)
Modern, Scalable, Multi-Cloud Architecture
CONTROLLER
SERVICE ENGINE
4. Confidential │ ©2019 VMware, Inc. 4
DNS 101
Standard DNS Query
LDNS
1
.com
avi.com
3 A Record
Root
Avi DNS
1. Client requests recursive DNS lookup
for www.avi.com from local DNS.
2. LDNS does not have answer, sends a
new iterative query to root.
Root does not have answer, sends NS
record for avi.com name server.
3. LDNS sends new iterative query to
avi.com, the authoritative nameserver
for Avi.com, which responds with the A
record.
4. LDNS returns A record to client.
Client initiates application connection to
IP for www.avi.com
5. Confidential │ ©2019 VMware, Inc. 5
GSLB 101
DNS Query with GSLB Response
1. Client requests DNS lookup for
www.avi.com from local DNS.
2. LDNS does not have answer, sends a
new query to root. Root does not have
answer, sends NS record for avi.com
name server.
3. LDNS sends new query to avi.com
nameserver, which responds with NS
record for delegated subdomain.
4. LDNS sends new query to www.avi.com
nameserver (Avi GSLB), which responds
with an A record for one of the two sites.
5. LDNS returns A record to client.
Client initiates application connection to
IP for www.avi.com
LDNS
1
.com
avi.com
3 NS Record
Root
Avi DNS
Data Center 1
10.1.1.1
www.avi.com
Data Center 2
20.2.2.2
Avi GSLB
6. Confidential │ ©2019 VMware, Inc. 6
Virtual service GSLB service
Listens for IP:Port Domain name
Points to (one or more) Pools (one or more) Global pools
Pool contains Server IP:Ports VS or Server IPs
GSLB Service Hierarchy
A global service is essentially the same concept as a virtual service
Local Load Balancing
GSLB service
Virtual services
(or servers)
Global pool
Virtual
service
Servers
Pool
Global Load Balancing
• Site (Data Center): Location where apps may be deployed.
A DC may or may not have Avi in that location.
• Federation: Some objects can be marked as federated, such as
health checks, and will be replicated across Avi Vantage /
Controller clusters
7. Confidential │ ©2019 VMware, Inc. 7
Active Leader Site - DC 1
VS-A1 VS-B1
DNS
VS-A4
DNS
All GSLB configuration is performed at
the “Leader” Controller
“Leader” Controller syncs the
configuration to all the “Follower” sites
Active Follower Site - AWS
Admin
VS-B3
Active Follower Site - DC 2
VS-A2
DNS
Passive Follower Site Azure
VS-B2
VS-A3
• Leader site
• Follower site
• Active
• Passive
Definitions
GSLB Object Model
8. Confidential │ ©2019 VMware, Inc. 8
GSLB Federation
• Each Site has a local Controller cluster / Avi deployment
• Both DCs have a GSLB Service Engine, tied to their respective Controllers
• The GSLB configuration is synched between the two Controller clusters
• One Controller cluster will be leader for GSLB configuration
– All GSLB config changes must be made from the lead Controller
– Config will be pushed to the remote Controller clusters
– Other than GSLB-related config sync, Controller clusters have no other interaction
Data Center 1
LLB
SE
GSLB
SE
LLB
SE
GSLB
SE
Lead Controller Controller
Data Center 2
9. Confidential │ ©2019 VMware, Inc. 9
Health Monitors
• Monitoring should be done across sites via data plane and control plane
• Data plane monitoring
– Active (synthetic) monitor send from GSLB SE to local and remote VS
– By default, ALL DNS-VS SEs monitor ALL VS. Use Health monitor proxy/sharding to
control monitor source and scale
• Control plane monitoring
– Controller in charge of SE/VS propagates health status to other Controller clusters
Data Center 1
LLB
SE
GSLB
SE
LLB
SE
GSLB
SE
Lead Controller Controller
Data Center 2
Control plane health exchange
Data plane health monitors
Back haul
VPN
X
X
10. Confidential │ ©2019 VMware, Inc. 10
DNS Virtual Service for GSLB
• DNS VS provides the resolution for defined domain names – authoritative name server(s)
• DNS VS is placed on a Service Engine, within an SE Group
– Avi recommends creating a new SE Group, and placing DNS VS into a dedicated SE group
– For high availability, GSLB SEs should exist in more than one DC
– Local SE redundancy is optional
– If geo location LB is used, SEs should be given minimum of 4GB memory
– As in any VS, you can associate a pool for load balancing non-GSLB queries (screening mode)
Data Center 1
Global &
Local LB SE
GSLB
SE
LLB
SE
Lead Controller Controller
Data Center 2
11. Confidential │ ©2019 VMware, Inc. 11
Managing 3rd-party Sites
• A Controller may manage multiple clouds (data center 1 and 2 in the illustration)
• Servers may be load balanced even though Avi is not deployed at that location (data center 3)
– Common use case is a non-Avi load balancer
– Only data plane health monitoring may be performed
– Only one Avi GSLB needs to health check the 3rd party site
Data Center 1
LLB
SE
LLB
SE
GSLB
SE
GSLB
SE
Controller
Data Center 2 Data Center 3
(3rd-party site)
12. Confidential │ ©2019 VMware, Inc. 12
GSLB Features At-A-Glance
Functionality
• Active / Standby sites
• Active / Active sites
• Geo location based load balancing (Latt/Long)
• Network Topology based load balancing
• DNS Policy for advanced use cases
• Public/Private Address Resolution
• Full range of analytics and visibility
• Site persistence – consistent hash LB, site cookie
• Read/write EDNS/ECS (Think: XFF for DNS)
Steps Required:
1. Turn on GSLB in Infrastructure > GSLB
2. Configure at least one Site
3. Point to or create a DNS virtual service as the GSLB listener
4. Create a global service which is a load balanced domain name
DC1 DC2
X
Site persistence can automatically
correct a situation where a user is
resolved to a different data center
mid-session
13. Confidential │ ©2019 VMware, Inc. 13
IN ALL cases, resolve clients to the nearest Data Center location
• For External Applications, use the Geo-ip database for clients, as well as custom geo mappings (Latt/Long) for sites
• For Internal Applications, use a custom topology based on subnet mappings
For internal applications, only accept queries from Internal clients
Resolve Internal clients to Private addresses
Resolve External clients to Public addresses
Provide a fallback option based on site availability
Make decisions based on the EDNS0/ECS “Client Subnet” header Vs the LDNS IP address
Use case: Public/Private IP-aware, location-based decisioning
GSLB Demo