Jump to content
Welcome to our new Citrix community!

Recommended Posts



I just want to ask a newbie questions regarding GSLB setup because i will soon implementing GSLB on our organization.


How many IP addresses do i need?


1. I read some articles and i saw a video creating GSLB sites. There is Site IP address and Public IP address? What is the use of this IP and what do i need to use? a private/public IP address? 


2. What IP address type do i need to configure ADNS service? a private NAT'd IP address?


I understand that i need a 1 Public DNS Record resolving to the 2 Public IP address of my Data center. Does the public ip address the same as my ADNS IP Address?


Thank you guys. Hope get answered.


Link to comment
Share on other sites

You can use a SNIP for both.


Site IP is the IP that MEP uses to communicate between the ADC instances. You can use SNIP as the MEP IP (Site IP). Or you can create a separate non-SNIP Site IP.


Public IP is if you are routing MEP across the Internet so the local MEP IP (Site IP) connects to the Public IP of the remote ADC. MEP can also be routed internally. (GSLB Services also have Public IPs)


ADNS is a SNIP. 



Link to comment
Share on other sites

(Carl responded before I finished for obvious reasons :)  )


Fort the GSLB Infrastructure:

1) GSLB Site IPs:  one for each set of participating locations.  The site ips are used for site to site communication (gslb status, mep, etc).  You do not have to have a public IP. If the "private ip" allows communication from Datacenter 1 to Datacenter 2 on a private network segment, then you just need the site ip.  If you need to traverse a public network segment to "see" the other location(s), then the public IP can basically be used to NAT in front of the actual "private IP".

Each gslb will know about all other sites. But the location will only OWN its specific gslb site ip.  But it needs to know its own site and all participating peers.


2)For ADNS, you need to decide which mechanism will be used to get DNS request for the GSLB-managed FQDN's from regular DNS to the gslb particpating systems. And you want to avoid a single point of failure.  See dns options in more detail in the GSLB Primer:  https://support.citrix.com/article/CTX123976 (PDF at top of article); also this kb article:  https://support.citrix.com/article/CTX122619.


If you decide to put your DNS servers "behind" the ADC. Then you would create a DNS lb vserver with a VIP on location A and likely another DNS VIP in location B.  Then you would register the DNS VIP with the TLD dns nameservers to get company.com requests to your DNS LB vservers (as the DNS authorities). The convenience of this method, is that non-gslb entities are handled by the DNS lb vserver and directed to the dns services (and future requests are cached).  GSLB based requests that arrive at the DNS lb vservers are passed to the GLSB vserver to resolve.  No delegation, subdomains needed.


If you are setting up ADNS on the ADC's, then you want to make sure you're normal dns authorities handle non-gslb resolutions; but direct the gslb-based resolutions to the ADC's dns authority.  (Subdomains with delegations or other mechanisms can be used).  So if your GSLB is for external entities, then the ADNS IP would be public.  If for internal resolutions, internal facing.  For redundancy, you would likely have ADNS out of both gslb locations.  During the dns phase either datacenter can make the gslb decision.


Whether or not you can share the IP, depends.  A SNIP can be used to co-locate with GSLB Site IP functions (but mgmt access has to be enabled) or an ADNS service IP.  But a GSLB Site IP (specialized) is not going to colocate with other functions (ADNS or other).  Since there are a LOT of reasons to not have a publically accessible snip with mgmtaccess enabled, dedicated gslb site ips and dedicated adns ip's tend to make more sense.


3) For the actual GSLB destinations.  Figure out which FQDNS you are resolving to which destination IPs (these are usually going to correspond to a set of lb vserver VIPs, cs vserver VIPS, or vpn vserver VIPS).   Each GSLB service represent's the potential IPS the gslb vserver for a specific FQDN will resolve too (so the gslb service(s) match the IPS of the VIPs you want to get users to).  So you will also have those "ips" to account for as well.  Howe you bind the gslb services to the gslb vserver will determine if you are in active/active or active/passive or other configuration.


So a basic config example (For the gslb settings, all commands are on both participating sites; the lb destinations are ADC specific; can easily be made for more than 2 locations).


## Location A: ADC HA Pair:

add dns nameserver <ADNS IPA> -local   # note you can also use add dns service....


## Location B: ADC HA Pair:

add dns nameserver <ADNS IPB> -local   # note you can also use add dns service....


## Commands common to both Location A/Location B:

add gslb site gslb_site_A <SiteIPA>

add gslb site gslb_site_B <SiteIPB> 


# Example GSLB Services for App1 in location A and B; and a separate resource APP2 in location A and B.... (so two different gslb entities)

add gslb service gslb_svc_app1_A  <VIP1> HTTP 80 -siteName gslb_site_A

add gslb service gslb_svc_app1_B  <VIP2> HTTP 80 -siteName gslb_site_B


add gslb service gslb_svc_app1_A  <VIP1> HTTP 80 -siteName gslb_site_A

add gslb service gslb_svc_app1_B  <VIP2> HTTP 80 -siteName gslb_site_B


# App1 is in a active/active config:

add gslb vserver gslb_vsrv_app1 HTTP -lbmethod leastconnection

bind gslb vserver gslb_vsrv_app1 -serviceName gslb_svc_app1_A

bind gslb vserver gslb_vsrv_app1 -serviceName gslb_svc_app1_B

bind gslb vserver gslb_vsrv_app1 -domainName app1.domain.com 


# App2 is in an active/passive config:

add gslb vserver gslb_vsrv_app2_Aprimary HTTP -lbmethod leastconnection

bind gslb vserver gslb_vsrv_app2_Aprimary -serviceName gslb_svc_app2_A

bind gslb vserver gslb_vsrv_app2_Aprimary -domainName app2.domain.com 


add gslb vserver gslb_vsrv_app2_Bsecondary HTTP -lbmethod leastconnection

bind gslb vserver gslb_vsrv_app2_Bsecondary -serviceName gslb_svc_app2_B


set gslb vserver gslb_vsrv_app2_Aprimary -backupVServer gslb_vsrv_app2_Bsecondary






  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...