Chapter 2: Getting Started

This chapter is designed to provide you with all the information you need to configure your GSS devices to connect to your network, establish global server load-balancing resources and rules on the devices, and configure your existing DNS system to recognize and interact with your GSS devices.

Overview

•

Network connectivity—Configuration of everything that is required to connect your GSS device to your IP network. This includes the configuration of network configuration information such as device IP addresses and gateways, FTP, Telnet and SSH access, and so on.

•

Global server load balancing and DNS management—Configuration of GSS components related to global server load balancing within Content Delivery Networks. This includes the creation of DNS rules—the policies that will be used to process DNS queries and the methods used to respond to them—as well as the configuration of GSS resources such as answers and keepalive objects that provide reliable responses to queries.

Network connectivity is configured for each device using the CLI. Global server load balancing and DNS management are configured using the centralized GSSM GUI.

This chapter explains how to set up and configure network connectivity for your GSS devices, and how to configure global server load balancing using the GSSM.

For detailed instructions on the syntax and use of GSS command, refer to the Cisco Global Site Selector Command Reference.

Network Configuration

When setting up your GSS or GSSM for the first time, you must log in directly to the CLI on the GSS device.

Note Because both SSH and Telnet are disabled by default on all GSS devices, you must have physical access to the GSS device. Refer to the Cisco Global Site Selector Hardware Installation Guide for instructions on connecting a console cable to your Cisco Global Site Selector 4480 hardware.

Once you have configured your GSS device to connect to your IP network, you can enable SSH and Telnet, which will make it possible for you to administer the GSS device remotely in the future.

Note Network configuration requires that you enter into EXEC mode on the CLI, so your login must have adequate permissions to enable you to enter EXEC mode.

Configuring a GSSM

Before you can begin configuring request routing or adding GSSs to your GSS network, you must first have configured a primary GSSM with which the GSSs will be associated.

When configuring a GSSM, you need to configure both the network connectivity of the GSSM as well as the embedded GSS database that resides on the GSSM and holds GSS device and network configuration information. You must also indicate whether the GSSM will serve as the primary or redundant (standby) manager.

Note Because both SSH and Telnet are disabled by default on all GSS devices, accessing the GSSM CLI requires that you have physical access to the GSS device. Refer to the Cisco Global Site Selector Hardware Installation Guide for instructions on connecting a console cable to your Cisco Global Site Selector 4480 hardware.

By default, the host name for GSS devices is localhost.localdomain. This changes once you configure the host name for the device.

Step 2

Exit global configuration mode and use the gssm command to create the embedded GSS database, for example:

If a database has already been created on this device, an error message appears, for example:

Use the database delete command to delete the existing database and then repeat the gssm database create command to create a new GSS database. For example:

•

If this GSSM is to be the primary (default) routing manager for your GSS network, use the gss enable gssm-primary command to enable your GSS device and make it the primary GSSM.

•

If this GSSM is to be a backup (standby) GSSM for your GSS, use the gss enable gssm-standby command to place the GSSM in standby mode and associate it with the DNS name or IP address of the primary GSSM.

You must have a primary GSSM configured and enabled before you can enable a standby GSSM.

If you fail to save your configuration changes, the device reverts to its previous settings when it reboots.

Starting the Cisco GSS Software and the GUI

After you have enabled your GSS devices, you must start the Cisco GSS software. Starting the software is required before the device will begin acting as a GSSM or GSS, and before you can access the GSSM GUI.

Step 1

Log on to the CLI of the GSS device, following the instructions in the Cisco Global Site Selector Command Reference. The Cisco CLI prompt appears.

Step 3

Use the gss start command to start the Cisco GSS software. For example:

You can now access the GSSM GUI using your preferred web browser by pointing that browser to the URL of the GSSM. See the "Logging On to the GSSM GUI" section for information on logging on to and navigating the GSSM GUI.

Configuring a Global Site Selector

You must have configured and enabled your primary GSSM before you can begin configuring GSS devices that are neither primary nor standby GSSMs. If you have not already done so, see the "Configuring a GSSM" section for information on configuring and enabling your primary and standby GSSMs and the "Starting the Cisco GSS Software and the GUI" section for information on starting the GSSM GUI.

Note Because both SSH and Telnet are disabled by default on all GSS devices, accessing the GSS CLI requires that you have physical access to the GSS device. Refer to the Cisco Global Site Selector Hardware Installation Guide for instructions on connecting a console cable to your Cisco Global Site Selector 4480 hardware.

Step 1

Log on to the CLI, following the instructions in the Cisco Global Site Selector Command Reference. The Cisco CLI prompt appears.

By default, the host name for GSS devices is localhost.localdomain. This changes once you configure the host name for the device.

Step 2

Enable privileged EXEC mode and then global configuration mode on the device, for example:

Step 3

Each GSS device contains two Ethernet interfaces, eth0 and eth1. From global configuration mode, use the gss-communications command to designate one of these interfaces as the designated network interface for GSS device communications, for example:

Step 4

Configure the IP address and netmask that will be used by the primary interface, for example:

Step 5

Configure host name and gateway information for the GSS device, for example:

Step 6

Configure the domain name server or servers that will be used by the GSS device. You can enter addresses singly or specify up to eight name servers using a comma-separated or space-separated list, for example:

Step 7

Exit global configuration mode and then use the gss command to enable your GSS device as a GSS and point it to the primary GSSM for your GSS network, using either the domain name or the network address of the primary GSSM. For example:

If you fail to save your configuration changes, the device reverts to its previous settings when it reboots.

Step 9

After you have enabled your GSSMs and GSSs, use the GSSM GUI to activate each device on your network. See the "Creating and Modifying GSS Devices" section for more information.

You may also wish to enable SSH on the GSS device after you have configured its network settings. This makes it possible to administer the device remotely in the future.

Enabling and Disabling SSH, Telnet, and FTP on a GSS Device

In order to monitor the performance of your GSS devices and administer them once they are deployed, you must be able to access those devices.

Accordingly, once you have basic network connectivity on your GSS device you may want to use the CLI to enable remote access to the device using the SSH, Telnet, or FTP protocols.

Step 1

Log on to the CLI, following the instructions in the Cisco Global Site Selector Command Reference. The Cisco CLI prompt appears.

Step 2

Enable privileged EXEC mode and then global configuration mode on the device, for example:

Step 3

Once in global configuration mode, use the enable command to activate the remote access protocol you need. For example, to enable SSH connections to the GSS device, you would enter the following command:

Step 5

To disable a protocol, use the no form of the enable command, for example:

Logging On to the GSSM GUI

After you have configured and enabled your primary GSSM, you are ready to access the GSSM GUI by pointing your preferred web browser to the DNS name or IP address of the primary GSSM.

Remember that the GSSM uses secure HTTP (HTTPS) to communicate with web clients. For example, if your primary GSSM is named gssm1.yourdomain.com, you would enter the following to bring up the GSSM GUI logon window and access the GUI:

When first logging on to the GSSM GUI, you can use the system default administrative account and password to access the GSSM GUI. See the instructions that follow for more detail.

After accessing the GUI, you can create and maintain additional user accounts and passwords using the user administration features of the GUI. See the "Creating and Managing GSSM Login Accounts" section on page 3-9 for more information on creating user accounts.

Note The user accounts and passwords that you create for the GSSM GUI are maintained separately from the usernames and passwords used to log on to your GSS devices using the CLI.

Step 1

Open your preferred Internet web browser application, such as Internet Explorer or Netscape Navigator.

Note

If you have trouble locating the GSSM, remember that the GSS network uses secure connections, so the address of the GSSM will feature https:// (secure HTTP) in the place of the more common http://.

Step 2

If you are prompted to accept a certificate from the GSSM, click Yes to accept the certificate signed by Cisco Systems, Inc. If you are using Netscape, click Next and choose the Accept this Certificate Forever (until it expires) option.

Note

Take the extra steps to trust certificates from Cisco Systems, Inc., which will prevent you from having to approve a certificate every time you log on to a GSSM. Refer to the online help for your browser for instructions on trusting certificates from a particular owner or website.

Step 3

When you are prompted to log on to the GSSM, enter your username and password in the fields provided and click OK. If this is your first time logging on to the GSSM, use the default account name and password to access the GSSM GUI as follows:

The GSSM Welcome window appears. See the "Global Server Load-Balancing Configuration" section that follows for instructions on using the GSSM to configure content request routing on your GSS network.

Global Server Load-Balancing Configuration

Once you have created your GSS device and configured it to connect to your network, you are ready to begin configuring request routing and global server load balancing on your GSS network.

Global server load balancing on your GSS network is managed through a centralized GUI on the GSSM. Using this interface, you can identify your network resources (GSSs) and create the DNS rules that will be used to process incoming content requests.

Overview

Because you will be creating DNS rules that route incoming DNS requests to the most available data centers and resources on your network, you must configure the elements that will constitute your DNS rules before creating the rules themselves.

Create regions, locations, and owners—Optional. Use these groupings to organize your GSS network resources by customer account, physical location, or other organizing principle.

Activate and configure your GSS devices—Use the GSSM GUI to enable your standby GSSM and any additional GSSs, and then assign each device to a location.

Create one or more source address lists—Optional. Use these lists of addresses to identify the name servers (DNS proxies) that forward requests to the specified domains; the default source address list is "Any" and matches any incoming DNS request to the domains.

Create one or more domain lists—Establish lists of Internet domains, possibly using wildcards, that are being managed by the GSS and queried by users.

Create any shared keepalives—Optional. These are GSS network resources that are regularly polled to monitor the online status of one or more GSS resources linked to the keepalive. Shared keepalives are required for any answer that uses the KAL-AP keepalive type.

Create one or more answers—These are resources that match requests to domains.

Create one or more answer groups—These are collections of resources that can balance requests for content.

Build your DNS rules to process incoming DNS requests using the DNS Rule Builder or DNS Rule Wizard.

Preparing to Configure Request Routing

Make sure that you have configured your hardware devices. You must have a primary GSSM configured and enabled before you can configure request routing and server load balancing on the GSS network. Ideally, you have a standby GSSM configured as well.

See the "Network Configuration" section for more information. If you will be deploying GSSs in addition to your primary and standby GSSM, these devices will identify themselves to the GSSM and appear on the GSSM GUI when you click the Resources button and choose Global Site Selectors from the drop-down menu.

Organizing Your GSS Network

The GSSM provides you with a number of tools that allow you to group and organize resources on your GSS network. The sections below explain how to create and manage these organizational tools on your GSS network. These include:

•

Locations—Logical groupings for GSS resources that correspond to geographical entities such as a city, data center, or content site

•

Regions—Higher-level geographical groupings that contain one or more locations

•

Owners—Groupings that correspond to business or organizational relationships; for example, customers, internal departments, and IT personnel

The following sections explain how to create and manage locations, regions, and owners on your GSS network.

Creating and Modifying Locations and Regions

The process for creating and maintaining locations and regions is essentially identical, except that in addition to their other configuration information, locations are associated with regions in a many-to-one relationship. Use the following procedures to set up both regions and locations on your GSS network.

Creating New Locations and Regions

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose either the Locations or the Regions option, depending on what type of grouping you are creating. The list window for that grouping appears. (See Figure 2-1.)

Step 3

Click the Create Region or Create Location button. The details window appears, allowing you to fill in the configuration information for the grouping that you are creating.

Step 5

In the Comments field, enter descriptive information or important notes regarding the new region or location.

Step 6

If you are creating a location, click the Region drop-down list and choose a region with which the location will be associated. There should be a logical connection between region and location.

Step 7

Click Save to save your new region or location and return to the list window. Your new grouping will be listed and can now be used to help you organize other GSS resources.

Modifying Locations and Regions

You can modify your locations and regions at any point after you create them using the GSSM GUI.

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose either the Locations or Regions option, depending on what type of grouping you are modifying. (See Figure 2-2.) The list window for that grouping appears.

Step 3

Click the Edit icon for the location or region that you will be modifying. The details window appears, displaying configuration information for that resource.

Step 5

In the Comments field, enter or modify the descriptive information or notes regarding the region or location.

Step 6

If you are modifying a location and wish to move it to a new region, click the Region drop-down list and choose a new region with which the location will be associated.

Step 7

Click Save to save the changes to your region or location and return to the list window.

Deleting Locations and Regions

You can delete locations and regions from the GSS using the GSSM GUI. Before you attempt to delete a region or location, be sure that you know what dependencies that resource has. For example, regions that have locations associated with them cannot be deleted. In addition, answers associated with locations that are deleted will automatically be associated with the "Unspecified" location.

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose either the Locations or Regions option, depending on what type of grouping you are deleting. The list window for that grouping appears.

Step 3

Click the Edit icon for the location or region that you will be deleting. The details window appears, displaying configuration information for that resource.

Step 4

Click the Delete button. You are prompted to confirm your decision to delete the region or location.

Step 5

Click OK. You are returned to the list window with the grouping removed.

If an error appears, telling you that a GSS resource is still linked to this grouping, use the GSSM GUI to disassociate that resource and then try deleting the grouping again.

Creating and Modifying Owners

Owners are logical groupings for GSS network resources that correspond to business or organizational structures. For example, an owner might be a hosting customer, an internal department such as human resources, or an IT staff resource.

Owners are created and managed separately from either GSS or GSSM logins, and there is no necessary connection between the two.

Creating New Owners

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose Owners. The Owners list window appears, displaying a list of all configured owners on your GSS network and providing an overview of how many resources are assigned to each. (See Figure 2-3.)

Step 3

Click the Create Owner button. The Owners details window appears. (See Figure 2-4.)

Step 5

In the Comments field, enter other descriptive or contact information for the new owner.

Step 6

Click Save to save your new owner and return to the list window. Your new owner is now listed and can be used to help you organize other GSS resources.

Modifying Owners

You can modify your owners at any point after you create them using the GSSM GUI.

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose the Owners option. The Owners list window appears. (See Figure 2-3.)

Step 3

Click the Edit icon for the owner that you will be modifying. The Owners details window appears, displaying configuration information for that resource. (See Figure 2-4.)

Step 5

In the Comments field, enter or modify the descriptive information or notes regarding the owner.

Step 6

Click Save to save the changes to your region or location and return to the list window.

Deleting Owners

You can delete an owner at any point after you create it using the GSSM GUI. Before you attempt to delete an owner, be sure that you know what dependencies that resource has. For example, answer groups, DNS rules, and domain lists associated with an owner will, if that owner is deleted, automatically be associated with the "System" owner account.

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose the Owners option. The Owners list window appears. (See Figure 2-3.)

Step 3

Click the Edit icon for the owner that you will be deleting. The details window appears, displaying configuration information for that resource. (See Figure 2-4.)

Step 4

Click the Delete button to remove the owner from the GSS. You are returned to the Owners list window with the owner removed.

Grouping GSS Resources by Location, Region, and Owner

After you have created your locations, regions, and owners, you can begin using these tools to organize your GSS resources. To associate a particular resource with a location, region, or owner, edit the properties of that resource and then choose the location, region, or owner from the drop-down list provided. Table 2-1 indicates which GSS resources can be grouped by locations, regions, and owners.

Table 2-1 GSS Network Groupings
GSS Network Resource	Grouped By	Grouped Using
GSS	Location	Global Site Selector details window
Locations	Region	Locations details window
Region	—	—
Owner	—	—
DNS rules	Owner	DNS Rule Builder DNS Rule Wizard
Source address lists	Owner	Source Address Lists details window
Domain lists	Owner	Domain Lists details window
Answer group	Owner	Answer Group details window
Answer	Location	Answer details window

Creating and Modifying GSS Devices

The first step in configuring global server load balancing on your GSS network is to activate and configure your GSS devices. Using the Global Site Selectors feature of the GSSM GUI, you can activate GSS devices (GSSs and standby GSSMs) that have been added to your GSS network, name GSS devices, and delete them from the GSS network.

Activating Your GSS Devices

After you have configured your GSS devices to act as GSSs or GSSMs, you must activate those devices from the GSSM GUI before they can begin receiving and processing user requests.

The one exception to this rule is the primary GSSM, which does not need to be activated after it is initially configured.

Step 2

From the drop-down list, choose the Global Site Selectors option. The GSS list window appears. The device or devices that you need to activate are listed with an inactive status.

Step 3

Click the Edit icon for the first GSS that you wish to activate. The GSS details window appears. (See Figure 2-5.)

Step 4

Check the activate check box. (This box does not appear in the GSS details window after the device has been activated.)

Step 5

Click the Save button. You are returned to the GSS list window. The status of the device that you activated is listed as pending.

Assuming that the device is functioning properly and that network connectivity between the device and the GSSM is good, the status of the device changes to online the next time the GSSM polls the GSS. The default GSS poll rate is 5 minutes.

Step 6

Repeat Step 1 through Step 5 for each inactive GSS or standby GSSM that you need to activate.

Modifying GSS Device Configuration

You can modify the name and location of any of your GSS devices using the GSSM GUI. To modify other network information such as the host name, IP address, or role, however, you must access the CLI on the device.

Step 2

From the drop-down list, choose the Global Site Selectors option. The GSS list window appears.

Step 3

Click the Edit icon for the GSS or GSSM that you wish to modify. The device type (GSS or GSS/GSSM) appears in the Node Services column.

Step 4

To modify the name of the device, enter a new name in the Global Site Selector Name field. This is not the same as the host name, which can only be changed using the CLI, but is used to easily distinguish one GSS device from another in the GSS GUI list windows, where many devices might be appear together.

Step 5

To modify the device location, choose a new location from the Location drop-down list.

Step 6

Click Save to save your changes and return to the GSS list window.

Deleting GSS Devices

With the exception of the primary GSSM, you can delete GSS devices from your network using the GSSM GUI. Deleting a GSS device such as a GSS or standby GSSM allows you to remove nonfunctioning GSS devices from your network, or to reconfigure and then reactivate a device should you encounter synchronization problems following a software upgrade or other configuration change.

Step 2

From the drop-down list, choose the Global Site Selectors option. The GSS list window appears.

Step 3

Click the Edit icon for the GSS or standby GSSM that you wish to delete. The details window for the device appears.

Step 4

Click the Delete button. You are prompted to confirm your decision to delete the device.

Step 5

Click OK. You are returned to the GSS list window, with the device that you deleted removed.

Creating and Modifying Source Address Lists

The second step in configuring routing on your GSS network is to define the addresses from which requests will be sent. This is accomplished through the creation of source address lists, which are collections of IP addresses or address blocks for known client DNS proxies (or D-proxies).

Note The deployment of source address lists is optional. A default source address list, Anywhere, is supplied with the Cisco GSS software and matches any request for a domain.

Using the source address lists feature, you can enter one or more IP addresses, up to 30 addresses per list, representing DNS proxies from which requests will be originating.

In addition to adding individual addresses, the GSSM interface also allows you to enter IP address blocks conforming to the classless interdomain routing (CIDR) IP addressing scheme.

Creating Source Address Lists

Step 2

From the drop-down list, choose the Source Address Lists option. The Source Address Lists window appears. (See Figure 2-6.)

Step 3

Click the Create Source Address List button. The Source Address Lists details window appears. (See Figure 2-7.)

Step 4

In the fields provided, enter a name and description for the new source address list. Source address list names cannot contain spaces.

Step 5

From the Owner drop-down list, choose the contact with whom the source address list will be associated.

Step 6

Click the Add Address Block(s) tab. You will use this interface to add new addresses or address blocks to your list of source addresses.

Step 7

In the field provided, enter the IP addresses, or CIDR address blocks. If you are entering multiple addresses, separate each one with a semicolon, for example:

Step 8

Click the Add address block(s) to the list button. The addresses that you entered are added to the source address list.

Step 9

To view the list, click the Current Members tab. The addresses in the source address list are expressed using the CIDR format.

Step 10

When you are satisfied with your source address list, click the Save button to save your changes.

Modifying Source Address Lists

Step 2

From the drop-down list, choose the Source Address Lists option. The Source Address Lists window appears, listing existing source address lists. (See Figure 2-6.)

Step 3

Click the Edit icon corresponding to the source address list that you would like to edit. The Source Address Lists details window appears, displaying configuration information for that source address list. (See Figure 2-7.)

Step 4

Use the fields provided to modify the name, description, or owner for the source address list. Source address list names cannot contain spaces.

Step 5

To add more addresses to the list, click the Add Address Block(s) tab and then use the field provided to enter the IP addresses or CIDR address blocks that you wish to add. Clicking the Add address block(s) to the list button appends the new addresses to the existing source address list.

Step 6

To remove addresses from the source address list, click the Remove Address Block(s) tab. Check the check box accompanying each source address that you wish to remove from the list and then click the Remove Selected button to remove the source addresses from the list.

Step 7

Once you have made your modifications, click the Current Members tab to review your updated source address list and then click the Save button. Your changes are saved, and you are returned to the Source Address Lists window.

Deleting Source Address Lists

You cannot delete source address lists that are associated with an existing DNS rule. Before proceeding with the instructions below, first verify that none of your DNS rules reference the source address list that you will be deleting.

Step 2

From the drop-down list, choose the Source Address Lists option. The Source Address Lists window appears, listing existing source address lists. (See Figure 2-6.)

Step 3

Click the Edit icon corresponding to the source address list that you would like to delete. The Source Address Lists details window appears, displaying configuration information for that source address list. (See Figure 2-7.)

Step 4

Click the Delete button. You are prompted to confirm your decision to delete the source address list.

Step 5

Click OK. You are returned to the Source Address Lists window with the source address list that you deleted removed.

Configuring and Modifying Domain Lists

Domain lists are collections of domain names for Internet or intranet resources, sometimes referred to as "hosted domains," that are being requested by your users.

Domain lists contain one or more domain names that point to content for which the GSS is acting as the authoritative DNS server and for which you wish to use the GSS technology to balance traffic and user requests. Using the domain lists feature, you can enter complete domain names or any valid regular expression that specifies a pattern by which the GSS can match incoming addresses. For example, if you had only three hosted domains—www.cisco.com, support.cisco.com, and customer.cisco.com—for which the GSS was responsible, you might want to enter only those domains in your domain list, as follows:

However, if you had 20 or more possible domains for which the GSS was responsible—www1.cisco.com, www2.cisco.com, and so on—manually entering each address is prohibitive. In such a situation, you could create a wildcard expression that would cover all those domains, as follows:

Any request for a hosted domain that matches that pattern will be directed accordingly.

The Cisco GSS can support up to 1024 domains on any single server load-balancing device such as a Content Services Switch or Content Switching Module.

Creating Domain Lists

Step 2

From the drop-down list, choose the Domain Lists option. The Domain Lists window appears. (See Figure 2-8.)

Step 3

Click the Create Domain List button. The Domain Lists details window appears. (See Figure 2-9.)

Step 4

In the fields provided, enter a name and description for the new domain list. Domain list names cannot contain spaces.

Step 5

From the Owner drop-down list, choose the GSS with which the domain list will be associated.

Step 6

Click the Add Domain(s) tab. You will use this interface to add new hosted domains to your list.

Step 7

In the field provided, enter the names of any hosted domains that you want to add to the domain list. You can enter complete domain names or any regular expression that specifies a pattern by which the GSS can match incoming addresses, for example:

These should be addresses of resources for which the GSS is acting as the authoritative DNS server.

Domain names that do not use wildcards cannot exceed 128 characters. For domain names with wildcards that are valid regular expressions, the GSS can match strings up to 256 characters long.

If you are entering multiple domain names, separate each one with a semicolon, for example:

Step 8

Click the Add Domains to Group button. The domain names that you entered are added to the domain list.

Step 10

When you are satisfied with your domain list, click the Save button to save your changes.

You can add domains to or remove them from the list at any time. See the "Modifying Domain Lists" section that follows.

Modifying Domain Lists

Step 2

From the drop-down list, choose the Domains Lists option. The Domain Lists window appears, listing existing domain lists. (See Figure 2-8.)

Step 3

Click the Edit icon corresponding to the domain list that you would like to edit. The Domain Lists details window appears, displaying configuration information for that domain list. (See Figure 2-9.)

Step 4

Use the fields provided to modify the name, description, or owner for the domain list. Domain list names cannot contain spaces.

Step 5

To add more addresses to the list, click the Add Domain(s) tab and then use the field provided to enter the domain names that you wish to add. Clicking the Add Domains to Group button appends the new domains to the existing list.

Step 6

To remove domains from the domain list, click the Remove Domain(s) tab.

•

Check the check box accompanying each domain that you wish to remove from the list.

Step 7

Once you have made your modifications, click the Current Members tab to review your updated domain list and then click the Save button. You changes are saved and you are returned to the Domain Lists window.

Deleting Domain Lists

You cannot delete domain lists that are associated with an existing DNS rule. Before proceeding with the instructions below, first verify that none of your DNS rules reference the domain list that you will be deleting.

Step 2

From the drop-down list, choose the Domain Lists option. The Domain Lists window appears, listing existing domain lists. (See Figure 2-8.)

Step 3

Click the Edit icon corresponding to the domain list that you would like to delete. The Domain Lists details window appears, displaying configuration information for that domain list. (See Figure 2-9.)

Step 4

Click the Delete button. You are prompted to confirm your decision to delete the domain list.

Step 5

Click OK. You are returned to the Domain Lists window with the list that you deleted removed.

Modifying Global Keepalive Properties

Using fields available on the KeepAlive Properties window, you can modify your global GSS keepalive properties. These are the default or minimum values used by the GSS when no other value is specified by the user. Changing the global keepalive properties is optional.

Step 2

From the drop-down list, choose the KeepAlive Properties option. The KeepAlive Properties window appears. (See Figure 2-10.)

Step 3

Use the fields provided to modify any of the keepalive properties. Table 2-2 describes the purpose of each property.

Table 2-2 Keepalive Properties
Keepalive Property	Description	Default Value
Default name server query domain	Globally defined domain name to query when using the name server (NS) keepalive.	. (period)
Default CAPP hash secret	Alphanumeric value used to encrypt interbox communications using the Content and Application Peering Protocol (CAPP).	hash-not-set
HTTP HEAD response timeout	Length of time (between 20 and 60 seconds) allowed before the GSS device retransmits data to a keepalive device that is not responding to a request.	20 seconds
HTTP HEAD default destination port	Default port on the keepalive device that is queried by HTTP HEAD-type requests.	80
HTTP HEAD default path	Default path on the keepalive device to which the website being queried in the HTTP HEAD request is relative, for example: /home/athurber	/ (slash)
CRA decay timing	Value within a configurable range (1 and 10 by default) that indicates how heavily the GSS should weigh recent DNS race results relative to earlier races, with 1 indicating that recent results should be weighed more heavily than previous race results.	1
ICMP minimum interval	Minimum frequency (between 45 and 255 seconds) with which the keepalive engine attempts to schedule ICMP keepalives to the VIP.	45 seconds
HTTP HEAD minimum interval	Minimum frequency (between 45 and 255 seconds) with which the keepalive engine should attempt to schedule HTTP Head keepalives	45 seconds
CRA minimum interval	Minimum frequency (between 45 and 255 seconds) with which the keepalive engine attempts to schedule CRA keepalives to the configured content routing agents.	45 seconds
NS minimum interval	Minimum frequency (between 45 and 255 seconds) with which the keepalive server query keepalives.	45 seconds
KAL-AP minimum interval	Minimum frequency (between 45 and 255 seconds) with which the keepalive engine will attempt to schedule KAL-AP By Tag or KAL-AP By VIP keepalives.	45 seconds

Step 4

Click Save to save your changes to the keepalive properties. You receive a confirmation if your transaction was successfully completed.

Configuring and Modifying Shared Keepalives

Shared keepalives are keepalive objects that can be used to provide liveness information to the GSS for multiple VIP answer types.

Once created, shared keepalives are associated with VIPs when you create VIP answer types.

Should a shared keepalive fail to return a liveness status, all VIPs associated with that shared keepalive are assumed to be off line.

You must have a shared keepalive configured if you intend to use the KAL-AP keepalive method with a VIP answer; they are an option for both the ICMP and HTTP Head keepalive types.

Creating a Shared Keepalive

Step 2

From the drop-down list, choose the Shared KeepAlives option. The Shared KeepAlives list window appears, listing existing shared keepalives.

Step 3

Click the Create KeepAlive button. The Shared KeepAlives details window appears.

Step 4

Click the Type drop-down list at the top of the window and choose from one of the keepalive types for your shared keepalive:

•

ICMP—Pings the specified keepalive address. Liveness is determined by a response from the address, indicating simple connectivity to the network.

•

KAL-AP—Sends a detailed query to the keepalive address about the associated VIP, returning the liveness status of each interface as well as information on load for whichever VIP is acting as the master.

•

HTTP Head—Sends a TCP format HTTP HEAD request to the web server at an address you specified, returning the liveness status of the device in the form of a 200 response.

•

If you chose an ICMP shared keepalive type, enter the IP address that you will use to test liveness for the linked VIPs.

–

Enter the primary (master) IP address that will be tested for liveness in the field provided.

–

If you wish, enter a secondary (standby) IP address in the field provided. This step is optional.

–

If you will be using Content and Application Peering Protocol (CAPP) encryption, check the CAPP Secure check box and enter an alphanumeric encryption key value in the CAPP Hash Secret field.

–

Enter an optional domain name that is sent to the VIP as part of the HTTP HEAD query in the Host tag field. This tag allows an SLB to resolve the keepalive request to a particular website even when multiple sites are represented by the same VIP.

–

Enter the port on the remote device that receives the HTTP request in the Destination port field. The default HTTP port is 80.

–

Enter the default path used to locate the website in the Path field, for example:

Step 6

Click Save to create the new shared keepalive and return to the Shared KeepAlives list window.

Modifying a Shared Keepalive

Once you have configured your shared keepalives, they can be modified at any time using the GSSM user interface.

Step 2

From the drop-down list, choose Shared KeepAlives. The Shared KeepAlives list window appears.

Step 3

Locate the shared keepalive that you would like to modify and click the Edit icon adjacent to the keepalive name. The details window for that keepalive appears.

Step 4

Use the fields provided to modify the shared keepalive configuration.

Step 5

Click Save to save your configuration changes and return to the Shared KeepAlives list window.

Deleting a Shared Keepalive

To delete a shared keepalive from your GSS network, you must first disassociate any answers that are using the keepalive. Use the procedure that follows to disassociate your answers and remove a shared keepalive from your GSS network.

Step 2

From the drop-down list, choose the Shared KeepAlives option. The Shared KeepAlives list window appears, listing existing shared keepalives.

Step 3

Click the Edit icon corresponding to the shared keepalive that you would like to delete. The Shared KeepAlive details window appears, displaying configuration information for that shared keepalive.

•

To disassociate all answers from the chosen shared keepalive and set the keepalive type of each of those answers to ICMP using the answer's own VIP, click the Set Answers KAL ICMP button.

•

To disassociate all answers from the chosen shared keepalive and set the keepalive type of each of those answers to None—meaning that the GSS will assume they are always alive—click the Set Answers KAL None button.

You are prompted to confirm your decision to disassociate all the answers from the existing shared keepalive.

Step 6

Click the Delete button. You are prompted to confirm your decision to delete the shared keepalive.

Step 7

Click OK. You are returned to the Shared KeepAlives list window with the shared keepalive that you deleted removed.

Configuring and Modifying Answers

After you have configured your answers, see the "Configuring and Modifying Answer Groups" section for instructions on collecting those answers into groups from which individual answers will be chosen by your DNS rules.

Remember that the method of keepalive monitoring available to you varies with the resource type, as explained below.

Creating a VIP Answer Type

The VIP answer type refers to a virtual IP address (VIP) associated with an SLB device such as a Content Services Switch or Content Switching Module. When it receives requests for content that is managed by an SLB, the GSS returns an A record containing the VIP of the SLB that manages that content.

When configuring a VIP answer type you have the option of configuring one of a variety of different keepalive types to test for that answer. For certain keepalives, such as KAL-AP, it is necessary to configure shared keepalives before configuring your answer. See the "Configuring and Modifying Shared Keepalives" section for more information on creating shared keepalives.

Step 2

From the drop-down list, choose the Answers option. The Answers list window appears, listing existing answers. (See Figure 2-11.)

Step 3

Click the Create Answer button. The Answers details window appears. (See Figure 2-12.)

Step 4

Click the Type drop-down list at the top of the window and choose the VIP option.

Note

You will not be able to configure a VIP answer type unless you have first chosen VIP from the Type list.

Step 5

If you wish, in the Name field, enter a name for the VIP answer that you are creating. This step is optional.

Step 6

If you wish, from the Location drop-down list, choose a GSS location to which the answer corresponds. This step is optional, and you are not required to associate your answer with a location.

Step 8

In the VIP address field, enter the publicly addressable or enterprise addressable VIP for the SLB that is managing the requested domain.

•

ICMP—Pings the VIP that you specified or an ICMP shared keepalive address type that you created. Liveness is determined by receiving a response to the ICMP packet sent.

•

KAL-AP—Sends a detailed query to the VIPs associated with the shared keepalives, returning the liveness status of each interface as well as information on load for whichever VIP is acting as the master.

•

HTTP Head—Sends a detailed HTTP HEAD query to the VIP address you specified that probes for a web page header containing the page status. A 200 message in the response from the server indicates liveness at the VIP.

•

None—Sends no keepalive queries to the VIP. The GSS assumes that the VIP is always alive.

•

If you chose an ICMP keepalive type, check the VIP address check box to have the GSS ping the VIP address to determine liveness. Otherwise, uncheck the VIP address check box and choose an ICMP shared keepalive type from the Shared ICMP keepalive drop-down list.

•

If you chose a KAL-AP keepalive type, from the KAL Type drop-down list, choose the format of the KAL-AP keepalive query that you will be sending. The choices are:

–

KAL-AP By Tag—Embeds a unique alphanumeric tag in the KAL-AP request. The tag value is used to match the correct VIP on the SLB, avoiding confusion that can be caused when probing for the status of a VIP on an SLB that is located behind a firewall using Network Address Translation (NAT) or that is applying multiple content rules to incoming requests.

–

KAL-AP By VIP—Embeds the shared keepalive VIP address in the KAL-AP request. The KAL-AP queries the shared keepalive address to determine liveness.

–

Check the VIP address check box if you wish to query the VIP address you specified for liveness and then proceed to Step 11.

–

Uncheck the VIP address check box if you want to query a shared HTTP Head keepalive type for liveness, and then choose that keepalive from the Shared HTTP HEAD KeepAlive drop-down list. Proceed to Step 12.

–

Choose the appropriate KAL-AP type keepalive from the Shared KAL-AP Type Keepalive drop-down list.

–

Enter a unique alphanumeric value in the Tag field. This is used as a "key" by the Content Services Switch or the Content Switching Module to match the KAL-AP request with the appropriate VIP.

•

If you chose KAL-AP By VIP from the KAL Type drop-down list, choose the appropriate KAL-AP keepalive type from the Shared KAL-AP Type Keepalive drop-down list.

•

If you chose the VIP address option under the heading HTTP Head, fill in the fields provided to configure your keepalive. See Step 5 of the "Creating a Shared Keepalive" section for explanations of the HTTP Head configuration settings.

Step 12

Click Save to create the new VIP answer type and return to the Answers list window.

Creating a CRA Answer Type

The content routing agent (CRA) answer type is designed to work with the GSS when the boomerang balance method has been selected.

Closeness is determined when multiple hosts reply to the requesting D-proxy simultaneously in what is referred to as a "DNS race." The GSS coordinates the start of the race so that all CRAs initiate their response at the exact same time. The first DNS reply to reach the D-proxy is chosen by the server as the host containing the answer.

Step 2

From the drop-down list, choose Answers. The Answers list window appears. (See Figure 2-11.)

Step 3

Click the Create Answer button. The Answers details window appears. (See Figure 2-12.)

Step 5

From the Owner drop-down list, choose a defined GSS owner with which the answer will be associated.

Step 7

If you wish, click the Location drop-down list and choose a location for the answer. Specifying a location for the answer is optional.

Step 9

If you wish the GSS to perform keepalive checks on the CRA answer, check the Perform KeepAlive check check box.

Step 10

If you wish, enter a one-way delay value (in milliseconds) in the field provided.

Note

The Perform KeepAlive option can be disabled if a static one-way delay value is used.

When specified, this value is used to calculate a static round-trip time (RTT), with the one-way delay constituting one-half of the round-trip time that will be used for all DNS races involving this answer. Use the one-way delay value instead of the delay measured by the GSS keepalive engine.

Creating a Name Server Answer Type

Step 2

From the drop-down list, choose the Answers option. The Answers list window appears, listing existing answers. (See Figure 2-11.)

Step 3

Click the Create Answer button. The Answers details window appears. (See Figure 2-12.)

Step 4

Click the Type drop-down list at the top of the window and choose the Name Server option.

Note

You will not be able to configure a name server answer type unless you have first chosen Name Server from the Type list.

Step 5

If you wish, in the Name field, enter a name for the name server answer type that you are creating. This step is optional, and you are not required to enter a name for your answer.

Step 6

If you wish, from the Location drop-down list, choose a GSS location to which the answer corresponds. This step is optional, and you are not required to associate your answer type with a location.

Step 8

In the Name Server address field, enter the IP address of the name server to which the GSS will be forwarding requests.

Step 9

If you wish to have the GSS perform keepalive checks on the name server that you specified, verify that the Perform KeepAlive check box is checked (the default). The GSS will query the name server address you specified to determine liveness.

Step 10

If you wish to have the GSS query the name server for a specific domain in determining liveness, enter the domain name in the KeepAlive query domain field, for example:

Step 11

Click Save to create the new answer and return to the Answers list window.

Modifying an Answer

Once you have configured your answers, they can be modified at any time using the GSSM user interface.

Step 2

From the drop-down list, choose Answers. The Answers list window appears. (See Figure 2-11.)

Step 3

Locate the answer that you would like to modify and click the Edit icon adjacent to the answer name. The details window for that answer appears. (See Figure 2-12.)

Step 5

Click Save to save your configuration changes and return to the Answers list window.

Suspending or Reactivating an Answer

If you have created an answer but wish to temporarily stop the GSS from using it, you can use the suspend feature on the GSSM user interface to prevent that answer from being used by any of the currently configured DNS rules.

If you have already suspended an answer, use the activate feature to reactivate the answer.

Step 2

From the drop-down list, choose Answers. The Answers list window appears. (See Figure 2-11.)

Step 3

Locate the answer that you would like to suspend or reactivate and click the Edit icon adjacent to the answer name. The details window for that answer appears. (See Figure 2-12.)

Step 5

Click OK to confirm your decision to suspend or reactivate the answer. You are returned to the Answers list window. The answer that you modified will be listed with a status of "Suspended" or "Active."

Suspending or Reactivating All Answers in a Location

Answers can be grouped and managed according to a GSS location that has been established and with which answers have been associated.

Using locations to manage your answers makes it easier for you to quickly suspend or activate answers in a particular area of your network, for example, shutting down one or more data centers for the purposes of software upgrades or regular maintenance.

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose the Locations option. The Locations list window appears. (See Figure 2-1.)

Step 3

Click the Edit icon for the location containing the answers that you will be suspending or reactivating. The details window appears, displaying configuration information for that resource.

•

To suspend answers associated with this location, click the Suspend Answers button.

•

To reactivate suspended answers associated with this location, click the Activate Answers button.

Deleting an Answer

If you have created an answer but wish to delete it from the GSS, you can use the delete feature on the GSSM GUI to remove that answer.

Step 2

From the drop-down list, choose Answers. The Answers list window appears. (See Figure 2-11.)

Step 3

Locate the answer that you would like to delete and click the Edit icon adjacent to the answer name. The details window for that answer appears.

Step 4

Click the Delete button to remove the answer. You are prompted to confirm your decision to delete the answer.

Step 5

Click OK to confirm your decision to delete the answer. You are returned to the Answers list window. The answer that you deleted will be removed.

Configuring and Modifying Answer Groups

Answer groups are lists of GSS resources that are candidates to respond to DNS queries received from a user for a hosted domain. Using the DNS rules feature, these lists of network resources are associated with a particular balance method, which is used to resolve the request.

•

In the case of a VIP answer group type, the GSS chooses a single VIP using the balance method specified in the DNS rule.

•

In the case of a CRA answer group type, all CRAs in the answer group are queried and then "race" to respond first to the D-proxy with their IP address.

•

In the case of a name server answer group type, the GSS chooses a name server using the balance method specified in the DNS rule.

A DNS rule can have up to three balance clauses, each specifying a different answer group from which an answer can be chosen, after taking load threshold, order, and weight factors into account for each answer.

Before creating your answer groups, you must first have configured the answers that will make up those groups. See the "Configuring and Modifying Answers" section for more information on creating GSS answers.

Creating an Answer Group

The procedure for creating an answer group is the same, regardless of what type of answer group you are creating.

Step 2

From the drop-down list, choose the Answer Groups option. The Answer Group list window appears. (See Figure 2-13.)

Step 3

Click the Create Answer Group button. The Answer Group details window appears. (See Figure 2-14.)

Step 5

If you wish, in the Comments field, enter a description or other instructions regarding the new answer group. This step is not required.

Step 6

If you wish, from the Owner drop-down list, choose the GSS owner with which the answer group will be associated. You are not required to designate an owner for the answer group.

•

VIP—The answer group will consist of VIPs controlled by an SLB device such as a Content Services Switch or a Content Switching Module.

Step 8

Click the Add Existing [answer]s tab. You will use this interface to add new answers to your answer group. The name of this tab varies depending on what type of answer group you are configuring. For example, if you are creating a name server answer group type, it will be labeled Add Existing Name Servers.

Step 9

Check the check box corresponding to each answer that you wish to add to the group.

Step 10

Click the Add Selected button. The answers that you chose are added to the answer group.

Step 11

Click the Current Members tab. You will use this interface to configure each of the answers in your group. The configuration options differ depending on the type of answer group. See the "Balance Method Options" section on page 1-25 for explanations of the different balance method options available to you.

•

If you are configuring a name server answer group type, assign an order and weight to each answer in the answer group using the fields provided.

•

If you are configuring a VIP answer group type, assign an order and load threshold to the answer using the fields provided, and then choose a weight for each answer in the answer group using the drop-down list provided.

Step 13

When you are satisfied with your answer group, click the Save button to save your changes.

You can add answers to or remove answers from the answer group at any time. See the "Modifying an Answer Group" section that follows for more information.

Modifying an Answer Group

Once you have created your answer groups, you can use the GSSM GUI to make modifications to their configurations, adding and removing answers, changing the order, weight, and load thresholds of individual answers, and so on.

Answers can belong to more than one answer group. However, once you have added answers to an answer group, you cannot change the type of an answer group (for example, from VIP to CRA).

Step 2

From the drop-down list, choose the Answer Groups option. The Answer Group list window appears. (See Figure 2-13.)

Step 3

Click the Edit icon for the answer group you wish to modify. The Answer Group details window appears. (See Figure 2-14.)

Step 4

Use the fields provided to make changes to the name or comments attached to the answer group.

Step 5

If you wish, from the Owner drop-down list, choose a new GSS owner with which the answer group will be associated. This step is optional, and you are not required to designate an owner for the answer group.

–

Click the Add [answer]s tab. The name of this tab varies depending on what type of answer group you are configuring. For example, if you are creating a name server answer group type, it will be labeled Add Existing Name Servers. Answers can be added to more than one answer group.

–

Check the check box corresponding to each answer that you wish to add to the answer group.

–

Click the Add Selected button. The answers that you chose are added to the answer group.

–

Check the check box corresponding to each answer that you wish to remove from the answer group.

–

Click the Remove Selected button. The answers that you chose are removed from the answer group.

–

In the Order field for each VIP listed, enter a number representing the order in which that answer will be used when the balance method is ordered list. Lower numbers take precedence over higher numbers.

–

In the LT field, enter the load threshold for each VIP answer listed. The load threshold represents the maximum load allowable for each answer. If the answer reports a load greater than or equal to the specified threshold, that answer is ignored in favor of other answers.

–

In the Weight field for each VIP listed, choose a weight (between 1 and 10) from the drop-down list that is to be used in determining how often the GSS should choose the selected answer when the balance method is weighted round-robin.

–

Step 8

When you are satisfied with your answer group, click the Save button to save your changes. You are returned to the Answer Group list window.

Suspending or Reactivating an Answer Group

If you have created an answer group but wish to temporarily stop the GSS from directing requests to it, you can use the suspend answer feature on the GSSM user interface to temporarily suspend the answers that make up that group, thus preventing that answer group from being used by any of the currently configured DNS rules.

Note Suspending the answers in one answer group also affects any other answer groups to which those answers belong.

If you have already suspended the answers in an answer group, use the activate answers feature to reactivate the answer group.

Step 2

From the drop-down list, choose Answer Groups. The Answer Group list window appears. (See Figure 2-13.)

Step 3

Locate the answer group that you would like to suspend and click the Edit icon adjacent to the answer group name. The details window for that answer group appears. (See Figure 2-14.)

Step 4

Click the Suspend Answers button to suspend the answer group.

If you are reactivating an answer group, click the Activate Answers button.

Step 5

Click OK to confirm your decision to suspend or reactivate the answers in the answer group. You are returned to the Answer Group list window.

Suspending or Reactivating All Answers in an Answer Group Associated with an Owner

Answers that have been added to answer groups can be grouped and managed according to a GSS owner.

Using a GSS owner to manage your answer groups makes it easier for you to quickly suspend or activate related answers.

To suspend or reactivate all answers in answer groups associated with a GSS owner:

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose the Owners option. The Owners list window appears. (See Figure 2-3.)

Step 3

Click the Edit icon for the owner of the answers that you will be modifying. The Owners details window appears, displaying configuration information for that owner. (See Figure 2-4.)

•

To suspend answers associated with this owner, click the Suspend Answers button.

•

To reactivate suspended answers associated with this owner, click the Activate Answers button.

Deleting an Answer Group

If you have created an answer group but wish to delete it from the GSS, you can use the delete feature on the GSSM user interface to remove that answer.

Note You cannot delete answer groups that are linked to DNS rules. Disassociate your answer groups from all DNS rules before attempting to delete them.

Step 2

From the drop-down list, choose Answer Groups. The Answer Group list window appears. (See Figure 2-13.)

Step 3

Locate the answer group that you would like to delete and click the Edit icon adjacent to the answer name. The details window for that answer group appears. (See Figure 2-14.)

Step 4

Click the Delete button to remove the answer group. You are prompted to confirm your decision to delete the answer group.

Step 5

Click OK to confirm your decision to delete the answer group. You are returned to the Answer Group list window. The answer that you deleted has been removed.

Building and Modifying DNS Rules

Once you have configured your source address lists, domain lists, answers, and answer groups, you are ready to begin constructing the DNS rules that will govern all global server load balancing on your GSS network.

When building DNS rules, you specify actions for the GSS to take when it receives a request from a known source (a member of a source address list) for a known hosted domain (a member of a domain list).

The DNS rule specifies which response (answer) will be given to the requesting user's local DNS host (D-proxy) and how that answer is chosen. One of a variety of balance methods is used to determine the best response to the request, based on the liveness and load of your GSS host devices.

DNS Rule Configuration Interface

Because of the complexity of DNS rules, a slightly different interface scheme was adopted for the process of creating these rules. This scheme gives the user a choice of two interfaces for creating rules:

If you are an experienced GSS user, you can use the DNS Rule Builder (see Figure 2-15) to quickly assemble DNS rules from source address lists, domain lists, and answers (balance methods) that you have already created. Using the fields and drop-down menus provided, you can assign a name for your rule and then configure the rule with up to three balance methods.

Because the DNS Rule Builder is launched in its own window, you can leave it open and return to the GSSM GUI to review or add answers, answer groups, domain lists, and more. Any changes made to your GSS network configuration while the DNS Rule Builder is open are immediately reflected in the DNS Rule Builder. For example, an answer group added while the DNS Rule Builder window is open automatically appears in the drop-down list of answer groups.

To access the DNS Rule Builder, click the DNS RULES button and then click Open Rule Builder.

The DNS Rule Wizard (see Figure 2-16) is an easy-to-use tool that walks you through the process of creating a DNS rule. Unlike the DNS Rule Builder, the DNS Rule Wizard provides explanations for each step in the rule authoring process. Like the DNS Rule Builder, the DNS Rule Wizard allows you to create source address lists, domain lists, answer groups, and balance methods on the fly.

When you use the wizard, the Next and Back buttons step you forward and backward through the rule-building process. Alternatively, use the links under the Wizard Contents heading to jump back and forth to any step in the wizard.

Building DNS Rules Using the Wizard

Step 1

From the Cisco GSS software user interface, click DNS RULES. The DNS Rules list window appears. (See Figure 2-17.)

Step 2

Click the Rule Wizard button. The DNS Rule Wizard introduction window appears. Read this window carefully, because it provides an overview of the steps necessary to create a DNS rule.

Step 3

Click Next to advance to the first step in creating your rule: identifying your source address list.

•

To have this DNS rule apply to requests originating from any DNS proxy, click the Any Address button, click Next, and then proceed to Step 7.

•

To have this DNS rule apply to requests originating from a list of DNS proxies that you have not yet configured and want to configure now, click the Manually entered source address list button and then click Next.

•

To have this DNS rule apply to requests originating from a list of DNS proxies that you have already configured using the source address lists feature, click the Predefined source address list button and then click Next.

•

If you chose the Manually entered source address list option, use the following procedure to create your source address list. Once you have configured your source address list using the wizard, it is available for other DNS rules as well.

–

If you wish, choose an owner for the list by clicking the List Owner drop-down list and choosing a GSS username from the list. This step is optional.

–

In the field provided, enter one or more source CIDR-format IP addresses that will make up the list. You can enter individual IP addresses or address blocks. Separate addresses using semicolons, for example:

•

If you chose the Predefined source address list option, click the name of the source address list so that it is highlighted.

Step 6

Click Next to proceed to the domain list configuration stage of the DNS Rule Wizard.

•

To have this DNS rule apply to requests for a hosted domain that you have not yet configured and want to configure now, click the Manually entered domain list button and then click Next.

•

To have this DNS rule apply to requests originating from a list of hosted domains that you have already configured using the domain lists feature, click the Predefined domain list button and then click Next.

Step 8

This step of the DNS Rule Wizard allows you to configure the domains that users will be requesting. The GSS can support up to 1024 domains managed by any single server load-balancing device such as a Cisco Content Services Switch or Content Switching Module.

•

If you chose the Manually entered domain list option, use the following procedure to create your domain list. Once you have configured your domain list using the wizard, it is available for other DNS rules as well.

–

If you wish, choose an owner for the list by clicking the List Owner drop-down list and choosing a GSS owner from the list.

–

In the field provided, enter one or more domain names that will make up the list. You can enter complete domain names or any regular expression that specifies a pattern by which the GSS can match incoming addresses, for example:

Any request for a hosted domain that matches that pattern is directed accordingly.

•

If you chose the Predefined domain list option, click the name of the domain list so that it is highlighted and then click Next.

Step 9

This step of the DNS Rule Wizard enables you to configure answer groups, which are collections of resources that are used to respond to user requests.

•

To have this DNS rule respond to the request for the hosted domain using resources (answers) that you have not yet configured, click the Enter addresses button and then click Next.

•

To have this DNS rule respond to the request for the hosted domain using resources (answers) that you already configured using the answers and answer group features, click the Select an existing Answer Group button and then click Next.

•

If you chose the Enter addresses option, use the following procedure to create your answers and answer group. Once you have configured your answer group using the wizard, it is available for other DNS rules as well.

–

If you wish, choose an owner for the answer group by clicking the List Owner drop-down list and choosing a GSS owner from the list. This step is optional.

–

Choose an answer group type by clicking one of the three buttons provided. Once you choose an answer group type, only answers of that type (VIP, NS, or CRA) can be added to the group.

–

Click Next to begin configuring answers for your answer group and then proceed to the next step.

•

If you chose the Select an existing Answer Group option, click the name of the answer group so that it is highlighted and then click Next.

You will be asked to configure your answer group or choose an existing answer group to respond to requests.

If you will be creating your own answer group and need to enter more addresses than there are IP Address fields, click the Add Page button at the bottom of the window to create additional spaces in which to enter addresses.

Use the page number links in the upper right corner of the Answer Group Configuration window to navigate back and forth between windows.

•

If you are configuring a VIP answer group type, use the following procedure to identify the VIPs that will serve as the answers that make up the answer group. Then assign an order, load threshold, and weight to each answer in the answer group.

–

Enter the address of each VIP that will belong to the answer group in the IP Address fields provided.

–

If you wish, for each VIP IP address choose an optional location by clicking the Location drop-down list. This step is optional.

–

If you will be using the ordered list balance method with this answer group, assign an order to each VIP listed in the answer group using the Order drop-down list provided. The number that you assign represents the priority of the answer on the list, with lower-numbered answers having a higher priority. Subsequent VIPs on the list are used only if preceding VIPs on the list are unavailable.

–

If you will be using the weighted round-robin balance method with this answer group, you can optionally assign a weight between 1 and 10 to each answer in the answer group using the Weight drop-down list provided.

–

If you will be using the round-robin, ordered list, or least loaded balance methods, choose a threshold between 2 and 254 from the Load Threshold drop-down list. If the VIP answer reports a load above the threshold that you specify, the GSS considers the device unavailable to handle further requests.

•

If you are configuring a CRA answer group type, use the following procedure to identify the CRAs that will serve as the answers that make up the answer group. If you wish, you can also assign a location for each answer in the answer group.

–

Enter the address of each CRA that will belong to the answer group in the IP Address fields.

–

For each CRA IP address, if you wish, you can choose an optional location by clicking the Location drop-down list.

•

If you are configuring a name server answer group type, use the following procedure to identify the name servers that will serve as the answers that make up the answer group:

–

Enter the address of each name server that will belong to the answer group in the IP Address fields.

–

If you wish, for each name server IP address, you can choose an optional location by clicking the Location drop-down list.

–

If you will be using the ordered list balance method with this answer group, assign an order to each name server listed in the answer group using the Order field. The number that you assign represents the priority of the answer on the list. Subsequent name servers on the list are used only if preceding name servers on the list are unavailable.

–

If you will be using the weighted round-robin balance method, assign a weight between 1 and 10 to each answer in the answer group, using the Weight drop-down list. The number that you provide is used to create a ratio that the GSS will use when directing requests to each answer.

For example, if answer A has a weight of 10 and answer B has a weight of 1, answer A will receive 10 requests for every 1 directed to answer B.

Step 12

Click Next to proceed to the balance method configuration stage of the DNS Rule Wizard.

Step 13

You will now choose a balance method to be used when an answer is chosen from your answer group that is best suited to respond to the DNS query. Your choice of balance methods is limited by the type of answer method (name server, VIP, or CRA) that you chose. See the "Balance Methods" section on page 1-23 for detailed explanations of each option.

•

If you are configuring a VIP or name server answer group type to respond to requests, choose from the following balance methods for each of your DNS rule clauses:

–

Hashed—The GSS chooses the answer based on a unique value created from information stored in the request. There are two hash options, both of which can be applied to a particular answer group simultaneously:

•

Hashed By Source Address—The GSS chooses the answer based on a hash value created from the source address of the request.

•

Hashed By Domain Name—The GSS chooses the answer based on a hash value created from the requested domain name.

–

Least loaded—This balance method is available for the VIP answer group type only. The GSS chooses an answer from the list based on the load reported by each VIP in the answer group; the answer reporting the lightest load is chosen to respond to the request.

–

Ordered list—The GSS chooses an answer from the list based on precedence; answers with a lower number are tried first, whereas answers farther down the list are tried only if preceding name servers are unavailable to respond to the request.

–

Round-robin—The GSS cycles through the list of answers that are available as requests are received.

–

Weighted round-robin—The GSS cycles through the list of answers that are available as requests are received but sends requests to favored answers in a ratio determined by the weight value assigned to that resource.

–

DNS TTL—This balance method is available for the VIP answer group type only. It is the length of time in seconds that the requesting DNS proxy will cache the response sent from the GSS and consider it to be a valid answer.

–

Return Record Count—This balance method is available for the VIP answer group type only. It is the number of address records (A records) that the GSS will return for requests that match the DNS rule.

•

If you are configuring a CRA answer group type to respond to requests, enter a "last gasp" address in the Last Gasp field. This address serves as the answer if no CRAs reply to the request.

Step 14

Click Next to proceed to the Summary stage of the DNS Rule Wizard. An overview of your rule is provided that supplies information on the source address list, domain list, answer group, and balance method chosen.

Step 15

Using the fields provided in the Summary window, finish configuring your rule as follows:

If you wish, associate the rule with a GSS owner by choosing an owner from the Rule Owner drop-down list.

Indicate what type of DNS queries that this rule will be applied to by choosing a query type from the Match DNS Query Type drop-down list:

–

All—The DNS rule will be applied to all DNS queries originating from a host on the configured source address list.

–

A record—The DNS rule will be applied only to answer record (A record) requests originating from a host on the configured source address list.

–

Suspended—The DNS rule will be listed in your GSSM DNS Rules list window but will have a status of "suspended" and will not be used to process any incoming DNS queries.

Step 16

Click Save to save your DNS rule and return to the DNS Rules list page.

Building DNS Rules Using the DNS Rule Builder

If you are comfortable with the process of building a DNS rule and have already configured your domain lists, answers, and answer groups, you can use the DNS Rule Builder to quickly assemble a DNS rule.

The DNS Rule Builder is a simplified interface that pulls together all the GSS elements needed to create new DNS rules. In addition to being simpler than the DNS Rule Wizard, the DNS Rule Builder allows you to configure multiple clauses for your DNS rule; that is, additional answer group and balance method pairs that can be tried in the event that the first answer group and balance method specified does not yield an answer.

Step 1

From the Cisco GSS software user interface, click DNS RULES. The DNS Rules list window appears. (See Figure 2-17.)

Step 2

Click the Open Rule Builder button. The DNS Rule Builder window opens in a separate window. (See Figure 2-15.)

Step 3

In the Rule Name field, enter a name for your new DNS rule. Rule names cannot contain spaces.

Step 4

If you wish, click the Rule Owner drop-down list and choose a GSS owner with which the rule will be associated.

Step 5

Click the Source Address List drop-down list and choose a source address list from which requests will originate. The DNS rule will be applied only to requests coming from one of the addresses in the source address list.

Step 6

Click the Domain List drop-down list and choose a domain list to which DNS queries will be addressed. The DNS rule is applied only to requests for a domain on the specified domain list.

Step 7

From the Match DNS Query Type drop-down list, indicate what type of DNS queries this rule will be applied to:

•

All—The DNS rule will be applied to all DNS queries originating from a host on the configured source address list.

•

A record—The DNS rule will be applied only to answer record (A record) requests originating from a host on the configured source address list.

Step 8

Next to the heading Balance Clause 1, choose the answer group component of your first answer group and balance method pairing from the drop-down list. This will be the first method that the GSS will use to choose an answer for the DNS query.

Step 9

Fill in any additional configuration information for your answer group as follows:

•

If you chose a VIP answer group type, configure the following in the fields provided:

–

DNS TTL—The length of time in seconds that the requesting DNS proxy should cache the response sent from the GSS and consider it to be a valid answer.

–

Return record count—The number of address records (A records) that match the configured DNS rule clauses that the GSS will return to the requesting D-proxy.

•

If you chose a CRA answer group type, configure the following in the fields provided:

–

DNS TTL—The length of time in seconds that the requesting DNS proxy will cache the response sent from the GSS and consider it to be a valid answer.

–

Fragment size—The maximum size of the reply packet that is sent to each DNS server during a race. Lower packet sizes result in two or more packets being sent to the D-proxy for a single DNS reply. This can help identify network congestion and provide more reliable race results.

–

Pad size—The amount of extra data (in bytes) included with each CRA response packet and used to evaluate CRA bandwidth as well as latency when making routing decisions.

–

IP TTL—The maximum number of network hops that should be used when responding to the D-proxy.

–

Secret—A text string of up to 64 characters that is used to encrypt critical data sent between the GSS and CRAs. This key must be the same for each configured CRA.

–

Max prop. delay—The maximum propagation delay, the maximum delay (in milliseconds) that will be observed before the GSS forwards a DNS request to a CRA.

–

Server delay—The maximum delay (in milliseconds) that will be observed before the GSS forwards the address of its "last gasp" server as a response to the requesting name server.

Step 10

Choose the balance method for the answer group from the drop-down list.

•

If you chose a CRA answer group type, the balance method is automatically set to boomerang.

•

If you chose hashed as the balance method, choose from the following options for the hash method (multiple options can be chosen in the same session):

–

Hashed By Source Address—The GSS passes the request along to a name server forwarder based on a hash value created from the source address of the request.

–

Hashed By Domain Name—The GSS passes the request along to a name server forwarder based on a hash value created from the requested domain name.

Step 11

If you wish, repeat Step 8 through Step 10 to choose additional answer group and balance method pairings for Balance Clause 2 and Balance Clause 3. These answer pairs are only applied if the preceding clause was unable to arrive at an answer for the DNS query.

Step 12

Click Save to save your DNS rule and return to the DNS Rules list page.

Suspending a DNS Rule

If you want to stop requests from being processed by a DNS rule on your GSS, use the suspend feature to temporarily deactivate the rule. You can use the suspend feature to temporarily halt traffic to particular answers while those resources are receiving maintenance and so on.

Once a rule has been suspended, you must reactivate it from the GSSM GUI before it can again be used to process incoming DNS queries.

Step 1

From the Cisco GSS software user interface, click DNS RULES. The DNS Rules list window appears. (See Figure 2-17.)

Step 2

Click the Edit icon for the DNS rule you wish to suspend. The DNS Rule Builder/Edit DNS Rule window appears in a separate browser window.

Step 3

Click the Suspend link in the upper right corner of the window. You are prompted to confirm your decision to suspend the DNS rule.

Step 4

Click OK to confirm your decision. You are returned to the DNS Rule list window. The status of the DNS rule is listed as "Suspended."

Suspending or Reactivating All DNS Rules Belonging to an Owner

DNS rules can be grouped and managed according to a GSS owner that has been established and with which the DNS rules have been associated.

Using owners to manage your DNS rules makes it easier for you to quickly suspend or activate rules related to a particular group or department within your organization (for example HR or sales) without needing to individually edit each rule that serves that entity.

Step 1

From the Cisco GSS software user interface, click RESOURCES. The GSS list window appears.

Step 2

From the drop-down list, choose the Owners option. The Owners list window appears. (See Figure 2-3.)

Step 3

Click the Edit icon for the owner responsible for the DNS rules that you will be modifying. The details window appears, displaying configuration information for that resource.

•

To suspend DNS rules associated with this owner, click the Suspend DNS Rules button.

•

To reactivate suspended DNS rules associated with this owner, click the Activate DNS Rules button.

You are asked to confirm your decision to suspend or activate all the DNS rules associated with this owner.

Deleting a DNS Rule

Step 1

From the Cisco GSS software user interface, click DNS RULES. The DNS Rules list window appears. (See Figure 2-17.)

Step 2

Click the Edit icon for the DNS rule that you wish to delete. The DNS Rule Builder/Edit DNS Rule window appears in a separate browser window.

Step 3

Click the Delete link in the upper right corner of the window. You are prompted to confirm your decision to delete the DNS rule.

Step 4

Click OK to confirm your decision. You are returned to the DNS Rule list window. The DNS rule is removed from the list.

Configuring DNS Rule Filters

As your GSS network grows, so will your collection of DNS rules for handling traffic to and from your network. In time, it may become difficult to locate the rules that you need. For that reason, the GSS GUI provides filters that can be applied to your DNS rules, allowing you to view only those rules that have the properties you are interested in. For example, you can create a filter that will limit your view of the DNS rules to include only those that involve a certain source address list or domain list, use a certain balance method, are owned by a particular user, or have a status of "active."

Step 1

From the Cisco GSS software user interface, click DNS RULES. The DNS Rules list window appears. (See Figure 2-17.)

Step 2

Click the Filter List button. The DNS Rule Filter List window appears. (See Figure 2-18.)

Step 3

To filter your list by any of the properties displayed in the DNS Rule Filter List window, enter a complete or partial (wildcard) value in the fields provided. Table 2-3 lists the parameters that can be used to filter your DNS rules list and provides explanations and sample entries for each parameter.

Table 2-3 DNS Rules Filter Parameters
Parameter	Description	Examples
Source Address List
Name	Name assigned to a source address list associated with the DNS rule	`VIP1` `VIP*` `NameServerList`
IP Address Block	IP address or address block assigned to a source address list associated with the DNS rule	`192.168.110.100` `192.168.*`
Owner	Contact name assigned to the source address list associated with the DNS rule	`Any` `System` `Andrew`
Domain List
Name	Name assigned to a domain list associated with the DNS rule	`CiscoSystems` `Cisco*`
Domain	Domain included on the domain list associated with the DNS rule	`www.cisco.com` `support.cisco.com` `www.*`
Owner	Contact name assigned to the domain list associated with the DNS rule	`Any` `System` `Andrew`
Request Handling
Name	Name assigned to an answer group associated with the DNS rule	`VIP_answer_Group_1` `VIP_answer_Group_2` `VIP_*`
Owner	Contact name assigned to the answer group associated with the DNS rule	`Any` `System` `Andrew`
Type	Type of answer group associated with the DNS rule	`CRA` `Name server` `VIP`
Answer	Answer belonging to an answer group associated with the DNS rule	`192.161.1.2` `192.168.*`
Balance Method	Type of balance method (boomerang, ordered list, etc.) associated with the DNS rule	`Least Loaded` `Round-robin` `Hashed` `Weighted round-robin`
DNS Rule
Name	Name of the DNS rule	`Cisco_Rule` `Cisco*`
Owner	Contact name assigned to the DNS rule	`Any` `System` Andrew
Status	Status of the DNS rule, either active or suspended	`Any` `Active` `Suspended`

Step 4

Click OK to confirm your decision. You are returned to the DNS Rules list window. The displayed DNS rules are those that match your search criteria. If no DNS rule parameters match the parameters that you are using to filter the list, a message is displayed, indicating "no DNS rules match the filter specification."

Removing DNS Rule Filters

Use the Show All button to remove any filters that have been applied to your DNS rules. The Show All button removes all filters, displaying a complete list of DNS rules on your GSS network.

Step 1

From the Cisco GSS software user interface, click DNS RULES. The DNS Rules list window appears. (See Figure 2-17.)

Step 2

Click the Show All button. The DNS Rule Filter List window refreshes (see Figure 2-18), displaying all configured DNS rules.

Upstream DNS Configuration

Once you have configured your GSS devices to connect to your network and have created the logical resources (source address lists, domain lists, answers and answer groups, and DNS rules) required for global server load balancing, you are ready to complete the final step that will integrate your new global server load-balancing device into your network's DNS infrastructure and start delivering user queries to your GSS: modifying your upstream DNS servers to delegate parts of your name space to your GSSs.

Note You should carefully review and perform a test of your GSS deployment before making changes to your DNS server configuration that will affect your public or enterprise network configuration.

Modifying your DNS servers to accommodate your GSS devices involves the following steps:

Adding name server (NS) records to your DNS zone configuration file that delegates your domain or subdomains of your domain to one or more of your GSSs

Adding "glue" address (A) records to your DNS zone configuration file that map the DNS name of each of your GSS devices to an IP address

Example 2-1 provides an example of a DNS zone configuration file for a fictitious cisco.com domain that has been modified to delegate primary DNS authority for three domains to two GSS devices. Relevant lines are shown in bold type.

When reviewing this zone file, remember that there are any number of possible GSS deployments that you can use, some of which may suit your needs and your network better than the example listed. For example, instead of having all subdomains shared by all your GSS devices, you may want to allocate specific subdomains to specific GSSs.

Table Of Contents

Getting Started

Overview

Network Configuration

Configuring a GSSM

Starting the Cisco GSS Software and the GUI

Configuring a Global Site Selector

Enabling and Disabling SSH, Telnet, and FTP on a GSS Device

Logging On to the GSSM GUI

Global Server Load-Balancing Configuration

Overview

Preparing to Configure Request Routing

Organizing Your GSS Network

Creating and Modifying Locations and Regions

Creating New Locations and Regions

Modifying Locations and Regions

Deleting Locations and Regions

Creating and Modifying Owners

Creating New Owners

Modifying Owners

Deleting Owners

Grouping GSS Resources by Location, Region, and Owner

Creating and Modifying GSS Devices

Activating Your GSS Devices

Modifying GSS Device Configuration

Deleting GSS Devices

Creating and Modifying Source Address Lists

Creating Source Address Lists

Modifying Source Address Lists

Deleting Source Address Lists

Configuring and Modifying Domain Lists

Creating Domain Lists

Modifying Domain Lists

Deleting Domain Lists

Modifying Global Keepalive Properties

Configuring and Modifying Shared Keepalives

Creating a Shared Keepalive

Modifying a Shared Keepalive

Deleting a Shared Keepalive

Configuring and Modifying Answers

Creating a VIP Answer Type

Creating a CRA Answer Type

Creating a Name Server Answer Type

Modifying an Answer

Suspending or Reactivating an Answer

Suspending or Reactivating All Answers in a Location

Deleting an Answer

Configuring and Modifying Answer Groups

Creating an Answer Group

Modifying an Answer Group

Suspending or Reactivating an Answer Group

Suspending or Reactivating All Answers in an Answer Group Associated with an Owner

Deleting an Answer Group

Building and Modifying DNS Rules

DNS Rule Configuration Interface

Building DNS Rules Using the Wizard

Building DNS Rules Using the DNS Rule Builder

Suspending a DNS Rule

Suspending or Reactivating All DNS Rules Belonging to an Owner

Deleting a DNS Rule

Configuring DNS Rule Filters

Removing DNS Rule Filters

Upstream DNS Configuration