05-06-2008 10:38 PM
I want to use SA 6000 with Active Active cluster with DX 3200.I want to use both GSLB and SLB GSLB for DNS resolve with Members pointing to SLB VIP. and SLB for 443 and 4500 and target pointing to Both the SA Boxes
Is this setup works correctly or I have to do any changes pls specify
Solved! Go to Solution.
05-07-2008 05:22 AM
GSLB is usually used to direct requests across multiple sites or to re-direct requests to a back-up site if the primary site becomes unavailable. There is no specific SLB GSLB as GSLB returns IP addresses for hostname queries and does not return TCP/UDP ports - it can be used for SLBs, Clusters or Forwarders on the DX. There are Appnotes on GSLB at http://forums.juniper.net/jnet/attachments/jnet/dx
You describe using SLB for ports 443 and 4500, so the DX will not be doing the SSL termination but passing the traffic through to the active SAs.
To configure this you will need:
SLB Group for port 443:
configure listening IP on port 443;add the SAs as target hosts (port 443); enable sticky persistence; select the Load balancing policy of choice (Least connections is suggested) and set the target host max conns to 5000, which is the SA6000 concurrent user limit.
SLB Group for port 4500:
configure listening IP on port 4500; change the protocol to UDP; add the SAs as target hosts (4500); enable sticky persistence; select the port 443 SLB group as the sticky leader and set the target host max conns to 5000, which is the SA6000 concurrent user limit.
SLB groups do full NAT by default, so the connections to the SAs will all come from the DX IP address. If you need to have the true client IP you will need to change the SLB groups to use half-NAT and the SAs will need to have the DX as their defualt gateway.
05-07-2008 07:06 AM
Thanks for replying
But I want DX as DNS server for SA 6000 so that all the users DNS query for SA 6000 url resolved on the DX box and also DX active active cluster with DX.
so how can I configure DX in this case
05-08-2008 02:51 AM
The DNS entry will need to be altered so it returns the DX SLB group IP address. The DX will then receive the client requests and load balance them over the SAs which are the target servers.
If there are multiple sites which users can connect to (say IP addresss A and IP address B are the SLB group IP addresses at two sites) then a GSLB resolver can be configured with one hostname and both these IPs and the GSLB will return one when a client does a DNS lookup for the hostname.
If there is only one IP address which is associated with the hostname (the SLB groups' address) then a GSLB localdns entry can be used, which is like a 'normal' DNS entry in that the same IP is always returned for a DNS lookup of the hostname.