Jump to content
Welcome to our new Citrix community!

Active/Passive GSLB Configuration DNS issue


kabobb29

Recommended Posts

Ok Citrix peeps.  I have a problem that I can't seem to figure.  I run two GSLB sites.  Each site has two SDX platforms (12.1) and each SDX platform has two VPXs on it.  The four VPXs are two HA pairs.  One VPX pair is used for an external gateway, and one is used for internal.  

Site 1 is active, Site 2 is passive.  

Site 1 is primary, Site 2 is secondary

 

Site 1:  www.citrix1.external.contoso.com 192.168.24.1 with name server DNS1.external.contoso.com

Site 2:  www.citrix2.external.contoso.com 192.168.16.1 with name server DNS2.external.contoso.com

The external.contoso.com domain is unique to the externally facing VPXs.  

The sites are behind a consolidated name of www.citrix.contoso.com

 

The DNS zone is external.contoso.com

Proxy mode is checked

DNSSEC Offload is not checked

Domain Name/Record Types are:  

external.contoso.com NS,SOA

dns1.external.contoso.com, A Record

dns2.external.contoso.com, A Record

 

MEP status between sites is healthy, and does not drop.  

 

The issue we run into is that there appears to be a "flapping" of DNS when looking externally.  If I run nslookup citrix.contoso.com from my personal computer, about 2 times out of 10 I receive a response that citrix.contoso.com is 192.168.16.1.  I inherited this environment and did not build it.  I don't even know where to begin in troubleshooting this.  I understand that I'm not being as specific as I'd like to be, but customer privacy is of the utmost concern here.  I can gather any data needed, though I will change any customer specific data.  I just don't know enough about GSLB to begin troubleshooting this confidently.  

 

 

 

Link to comment
Share on other sites

1 hour ago, Carl Stalhood1709151912 said:

The GSLB vServer only has one Service bound? 

 

Maybe the two pairs are not configured identically. Use nslookup to test each pair:

 

nslookup www.citrix1.external.contoso.com dns1.external.contoso.com

nslookup www.citrix1.external.contoso.com dns2.external.contoso.com

 

Hi Carl, thanks for the reply!  I have validated that the two sites show consistent records.  I do only have one service bound to each GSLB vServer.  I also just noticed that MEP is down between the sites, so I'll have to troubleshoot that to attempt to determine what the cause of that is.  

Link to comment
Share on other sites

Ah, if MEP is down, each site will only respond with its own entity as it assumes partner is down.

So when your external DNS resolves to either DNS authority it is going to site1 then site2, and each site is only responding with their service.

Site1 (if primary), responds with itself.

Site2 (if secondary), has to assume Site1 is down and responds with its own secondary IP.

In addition:

Both sites should have a gslb vserver (primary) pointing to service1 and gslbvserver (backup) pointing to service2 and then gslbvserver secondary as a backup vserver to gslbvserver primary for the active/passive config. Both sites need the same config.   But the MEP failure is affecting what is perceived as working between sites.

 

If you need info on MEP troubleshooting, post back.

 

Link to comment
Share on other sites

1 hour ago, Rhonda Rowland1709152125 said:

Ah, if MEP is down, each site will only respond with its own entity as it assumes partner is down.

So when your external DNS resolves to either DNS authority it is going to site1 then site2, and each site is only responding with their service.

Site1 (if primary), responds with itself.

Site2 (if secondary), has to assume Site1 is down and responds with its own secondary IP.

In addition:

Both sites should have a gslb vserver (primary) pointing to service1 and gslbvserver (backup) pointing to service2 and then gslbvserver secondary as a backup vserver to gslbvserver primary for the active/passive config. Both sites need the same config.   But the MEP failure is affecting what is perceived as working between sites.

 

If you need info on MEP troubleshooting, post back.

 

 

Ok so, I've tried to figure out how to troubleshoot it, but I'm at a loss.  The domain binding is there on the active node, and it has the passive site vserver set as the backup, and vice versa (inverse vice versa?).  Beyond that, I'm at a loss..  As my 4 year old would say, "Hep!  Hep me!"

Link to comment
Share on other sites

3 hours ago, kabobb29 said:

Ok so, I've tried to figure out how to troubleshoot it, but I'm at a loss.  The domain binding is there on the active node, and it has the passive site vserver set as the backup, and vice versa (inverse vice versa?).  Beyond that, I'm at a loss..  As my 4 year old would say, "Hep!  Hep me!"

Two sections of troubleshooting:

1) Why is MEP down and how to enable it OR rely on monitors instead.

2) what should your gslb config actually be.  Your two sites for an active/passive config should be identical and not inverses of each other.  During normal operations either siteA or SiteB resolves to the primary service (lets say serviceA) and if its down either will get you to serviceB (in siteB/passive member).  DNS can hit either site during resolution, but they should both get you to primary (serviceA) and only resolve to secondary serviceB if primary is down.    If your gslb configs are inverses of each other, you have a bonus set of issues.

Link to comment
Share on other sites

  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...