How to Configure GSLB on ADC Gateway

How to Configure GSLB on ADC Gateway

book

Article ID: CTX205277

calendar_today

Updated On:

Description

Use Case

To leverage ADC GSLB’s geographic load balancing and disaster recovery ability with ADC Gateway to assure availability of internal resources to end users.

Introduction to ADC GSLB and Gateway

ADC Gateway enables access to intranet resources from outside the enterprise network through VPN tunnel. It is important that the internal network resources are always available.

ADC GSLB makes sure that datacentres located at geographically far locations are always connected and provide best user experience to end users. It also takes care of disaster situations or network outages where users of one datacentre can be redirected to other datacentre for seamless user experience. GSLB can be configured for any application or VPN connection.

By configuring GSLB for ADC Gateway, network admins ensure that enterprise internal network is always available to end users from anywhere in world. Also, to make sure that the end user connects to the same datacentre always, GSLB persistence shall be configured. Gateway does the user authentication and any unauthenticated user does not have access to internal resources. If persistence is not configured, the user might go to the other site and thus will be prompted for authentication again.

Instructions

GSLB Persistence

On ADC, we can configure GSLB persistence based on source IP or HTTP cookies. In source IP persistence, based on IP of user device, persistence is maintained. ADC maintains a persistence table for each user device connected and sends the user to appropriate data centre.

HTTP cookie-based GSLB persistence is based on cookie in HTTP headers. Gateway virtual server checks the cookie in the HTTP header and accepts, proxies or redirects the request. Cookie-based persistence is recommended for Gateway because all requests are HTTP based and it is most reliable persistence method. This persistence can be configured as connection proxy or HTTP redirect. In connection proxy, when a request with HTTP cookie lands on another datacenter Gateway virtual server, the vserver tunnels the request to the original datacenter, gets the response and sends back to the client.

To configure HTTP redirect, sitePrefix needs to be added. It is the site’s prefix string concatenated to GSLB virtual server domain name as a prefix. This is stored internally for each bound service-domain pair. When a Gateway virtual server gets a request with cookie of other Gateway virtual server then the first Gateway virtual server sends a redirect response with the domain name i.e. the stored concatenated site prefix and domain name. Client on receiving the redirect connects to the concatenated domain name it received. This way, the persistence is maintained.
Note: Configuring persistence is optional and is not covered in this article.

Configuration Steps

Prerequisite: Gateway virtual server on all the sites should already be configured. To know how to configure gateway virtual server please see - http://support.citrix.com/article/CTX127044.
For configuring GSLB, it is required to do same configuration on all the sites participating in GSLB. Here the configuration from only one site is shown.

Step 1: Add GSLB sites

Add a local site and one or more remote site(s).
CLI:
add gslb site site_1 <site SNIP>
GUI:
Go to Traffic Management > GSLB > Sites.

User-added image

Step 2: Add GSLB services

Add a GSLB service for the local Gateway virtual server and one or more GSLB service(s) for remote site(s).
CLI:
> add gslb service <GSLB service name> <gateway vserver IP> SSL 443 -siteName <GSLB site name to which the gateway vserver belong>
GUI:
Go to Traffic Management > GSLB > Services.

User-added image

Step 3: Add GSLB virtual server

Add a GSLB vertical server (in each site) which will take the GSLB DNS request and select the appropriate site for the user.
CLI:
> add gslb vserver <GSLB virtual server name> SSL
> bind gslb vserver <GSLB virtual server name> -serviceName <GSLB service name>
> bind gslb vserver <GSLB virtual server name> domainName <GSLB vserver domain name>
GUI:
Go to Traffic Management > GSLB > Virtual Servers

User-added image

User-added image

User-added image

User-added image

To get more details on how GSLB works, please see https://docs.citrix.com/en-us/citrix-adc/current-release/global-server-load-balancing.html  

For more information on HTTP cookie based persistence, please see https://docs.citrix.com/en-us/citrix-adc/current-release/global-server-load-balancing/how-to/configure-persistent-connections.html 

Issue/Introduction

This article describes how to configure GSLB on ADC Gateway.

Additional Information

Citrix Discussions - The Built-in Monitors

Refer to "ADC How Do I?" page for more easy to implement articles on commonly used features of ADC.

Powered by Wolken Software