Jump to content
Welcome to our new Citrix community!

GSLB with content switching on top


Recommended Posts

Hello,

 

I am trying to configure GSLB in a region with several sites/VPXs to use a preferred site/DC based on Client source IP, I was trying to do it with a content switch on top of GSLB objects, but I realize this will not work as the actual request towards the ADNS process will not reflect the client's IP, in other words, the DNS request takes place before the actual HTTP request is processed. I would like to know if there is a way around this keeping the content switch in the highest level  cs vs > gslb vs. I have looked at several posts like this https://docs.citrix.com/en-us/netscaler/12/global-server-load-balancing/how-to/configure-gslb-content-switch.html, but my understanding is that this is not working for me because the source IP parameter (add cs policy p1 -rule "CLIENT.IP.SRC.EQ(5.5.5.5)" -action a1) would match the resolver and not the actual client.

 

I am looking to confirm if there is something I could do to get this working.

 

Thanks.

Jose

 

 

Link to comment
Share on other sites

Hello,

 

I configured static proximity using custom entries>

 

client 1 public IP > add location 2*1.203.117.**9 2*1.203.117.**9 *.US.*.*.*.*
client 2 public IP > add location 169.**.177.9* 169.**.177.9* *.GB.*.*.*.*.*
gslb service 1>add location 169.*2.43.22* 169.*2.43.22* *.GB.*.*.*.*
gslb service 2> add location 169.*4.255.2*3 169.*4.255.2*3 *.US.*.*.*.*

 

I do see the names being resolved the locations in the CLI output.

 

> SHOW LOCATION
1) IP from 2*1.203.117.**9      IP to 2*1.203.117.**9
Continent.Country.Region.City.ISP.Organization = 
North America.US.*.*.*.*
Coordinates: Not specified
2) IP from 169.**.177.9*        IP to 169.**.177.9*
Continent.Country.Region.City.ISP.Organization = 
Europe.GB.*.*.*.*
Coordinates: Not specified
3) IP from 169.*2.43.22*        IP to 169.*2.43.22*
Continent.Country.Region.City.ISP.Organization = 
Europe.GB.*.*.*.*
Coordinates: Not specified
4) IP from 169.*4.255.2*3       IP to 169.*4.255.2*3
Continent.Country.Region.City.ISP.Organization = 
North America.US.*.*.*.*
Coordinates: Not specified

 

> show gslb vserver http-gslb-vs 
        http-gslb-vs - HTTP     State: UP
        DNS Record Type: A
        Last state change was at Sun Jun 30 18:21:48 2019
        Time since last state change: 11 days, 04:46:20.40
        Configured Method: STATICPROXIMITY
        BackupMethod: ROUNDROBIN
        No. of Bound Services :  2 (Total)       2 (Active)
        Persistence: NONE
        Disable Primary Vserver on Down: DISABLED       Site Persistence: NONE

        Empty Down Response: ENABLED
        EDNS Client Subnet: ENABLED
        EDNS Client Subnet Address Validation: DISABLED
        Multi IP Response: DISABLED
        Dynamic Weights: DISABLED
        Cname Flag: DISABLED
        Effective State Considered: NONE
        Appflow logging: DISABLED

1)      dal09-gslb-remotesvc(169.*4.255.2*3: 80)- HTTP State: UP        Weight: 1
                 Dynamic Weight: 0       Cumulative Weight: 1
                 Effective State: UP 
                 Threshold : BELOW
                 Location: North America.US.*.*.*.*
                 Appflow logging: ENABLED
2)      wdc07-gslb-localsvc(169.*2.43.22*: 80)- HTTP State: UP  Weight: 1
                 Dynamic Weight: 0       Cumulative Weight: 1
                 Effective State: UP 
                 Threshold : BELOW
                 Location: Europe.GB.*.*.*.*
                 Appflow logging: ENABLED

 

I enabled  EDNS0 expecting the the GSLB process to look at entries added and send all traffic coming from client 1 to be served by GSLB service 2 and client 2 by GSLB service 1. However, I see responses coming from both sites when querying the FQDN, Am I missing something?. I tried different prefixes and combinations for locations, not sure if I am not understanding correctly.

 

Thanks.

 

Jose

 

 

 

 

 

Link to comment
Share on other sites

Please check out the following Citrix Support article:

 

https://support.citrix.com/article/CTX232884 - Policies with GSLB Wildcard Location expressions not getting a hit on build 11.1-53.11 and above

 

Quote

From 11.1-53.11 onwards, we have to manually enable wildcard matches by enabling the parameter using the below command:

set locationParameter -matchWildcardtoany YES

 

 

Link to comment
Share on other sites

Maybe I’m misunderstanding as well.

 

I assumed that the set locationParameter -matchWildcardtoany YES would need to be set if wildcard expressions were going to be used anywhere; if not in a policy, they’re still being entered into the database and the Netscaler would still need to evaluate that expression when performing a lookup.

Link to comment
Share on other sites

Hi Jim,

 

I enabled the parameter but I still get responses from both sites in my clients.

> show locationparameter
Static Proximity
----------------
Database mode: Not applicable
Flushing: Idle; Loading: Idle
Context: geographic
Qualifier 1 label: Continent
Qualifier 2 label: Country
Qualifier 3 label: Region
Qualifier 4 label: City
Qualifier 5 label: ISP
Qualifier 6 label: Organization

IPv4 Location file (format: ):
 Not loaded
Lines: 0 Warnings: 0 Errors: 0
Current static entries: 0  Current custom entries: 4

IPv6 Location File
Location file (format: ):
 Not loaded
Lines: 0 Warnings: 0 Errors: 0
Current static entries: 0  Current custom entries: 0

Match wildcard qualifier to any: YES
 Done

Its like static proximity does not work as expected,  I do not understand. 

 

Jose

Link to comment
Share on other sites

I was able to confirm some entries with the LDNS ips and it does work, so it looks like this is a problem with the EDNS0 extension, all I did was enabled it at the GSLB VS like the documentation states (nothing at client side), but maybe there is more to it, not sure if maybe is getting blocked or not supported somewhere along the way.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...