- A remote NetScaler GSLB Site, have the  Site Metric MEP Status  showing as DOWN.

- Monitor bound to the GSLB Service shows Down 

 

1. Confirm if MEP status is DOWN/UP.

2. If MEP is DOWN, access the CLI of the NetScaler, go to Shell and execute the command  " nstcpdump.sh port 3011 " (for Unencrypted traffic)  or the command  " nstcpdump.sh port 3009 " (for Encrypted traffic).

3. This TCP dump have to be executed on both NetScaler nodes.

4. You need to review if the traffic passing through this ports, are Sourced from the SNIP configured for GSLB  (the Type on the Network table is  SNIP | GSLB | ADNS)  locally on the NetScaler and reaching the destination called " Site IP Address " (Remote Site Public IP) configured in  Traffic Management > GSLB > GSLB Sites , like in the example below :

5. If you Do Not see request and response for this traffic on these ports, on both of the NetScalers, then the Network/Firewall devices needs to be reviewed by the Network admin to determine the point of failure, and open the communication.

    

   6. We need to check if the state of the GSLB Service is decided by the MEP or a Monitor bound to the GSLB Service. When you bind a monitor the GSLB Service by default the ADC uses the state of the service reported by the monitor. If the monitor is configured with the option "Always use monitor" (configured in the site level) then we will have to check further if the monitor status is UP and should direct our troubleshooting further on that lines .
   
   7.You may also check the RPC Node  Password Settings to see if the correct IP has been set as the Source IP for GSLB.

Problem Cause

Remember that some IP Addresses are needed on each NetScaler pair to make GSLB work:

• ADNS IP: IP that will listen for ADNS queries. For external, create a public IP for the ADNS IP and open UDP 53 so Internet-based DNS servers can access it. This can be an existing SNIP on the appliance.
• GSLB Site IP / MEP IP: GSLB Site IP that will be used for NetScaler to NetScaler communication, which is called MEP or Metric Exchange Protocol. The IP for ADNS can also be used for MEP / GSLB Site.
  • RPC Source IP: RPC traffic is sourced from a SNIP, even if this is different than the GSLB Site IP. It’s less confusing if you use a SNIP as the GSLB Site IP.
  • Public IP: For external GSLB, create public IPs that are NAT’d to the GSLB Site IPs. The same public IP used for ADNS can also be used for MEP. MEP should be routed across the Internet so NetScaler can determine if the remote datacenter has Internet connectivity or not.
  • MEP Port: Open port TCP 3009 between the two NetScaler GSLB Site IPs. Make sure only the NetScalers can access this port on the other NetScaler. Do not allow any other device on the Internet to access this port. This port is encrypted.
  • GSLB Sync Ports: To use GSLB Configuration Sync, open ports TCP 22 and TCP 3008 from the NSIP (management IP) to the remote public IP that is NAT’d to the GSLB Site IP. The GSLB Sync command runs a script in BSD shell and thus NSIP is always the Source IP.
• DNS Queries: The purpose of GSLB is to resolve a DNS name to one of several potential IP addresses. These IP addresses are usually public IPs that are NAT’d to existing Load Balancing, SSL Offload, Content Switching, or NetScaler Gateway VIPs in each datacenter.
• IP Summary: In summary, for external GSLB, you will need a minimum of two public IPs in each datacenter:
  • One public IP that is NAT’d to the IP that is used for ADNS and MEP (GSLB Site IP). You only need one IP for ADNS / MEP no matter how many GSLB names are configured. MEP (GSLB Site IP) can be a different IP, if desired.
  • One public IP that is NAT’d to a Load Balancing, SSL Offload, Content Switching, or NetScaler Gateway VIP.
  • If you GSLB-enable multiple DNS names, each DNS name usually resolves to different IPs. This usually means that you will need additional public IPs NAT’d to additional VIPs.