Use the EDNS0 client subnet option for Global Server Load Balancing 编辑
Use the EDNS0 client subnet option for Global Server Load Balancing
EDNS Client Subnet (ECS) is a Domain Name Server (DNS) header extension that provides the client subnet details. You can use these details to improve the accuracy of Citrix ADC Global Server Load Balancing (GSLB) by using the client network location rather than the DNS resolver location to determine the topological closeness of the client.
Note
Citrix ADC supports only EDNS0.
Important:
Make sure that the Local Domain Name Server (LDNS) in your deployment supports the EDNS0 Client Subnet so that the incoming DNS queries contain the EDNS0 Client Subnet option and the Citrix ADC appliance uses the ECS address while processing the DNS query.
The Citrix ADC appliance uses the LDNS IP address for determining the topological closeness of the client and performs GSLB so, when you use proximity-based load balancing methods like static proximity or dynamic round-trip time (RTT). It happens in a typical GSLB deployment. But when a centralized DNS resolver, such as Google DNS or OpenDNS, is involved in the deployment, the Citrix ADC appliance sends the DNS request to a data center close to the centralized DNS resolver, which might not be close to the client. For example, in a typical Citrix ADC GSLB deployment using the static proximity load balancing method, an end-user request from Japan is sent to a data center in Japan and an end user request from California is sent to a data center in California. But if a centralized DNS resolver is involved, the Citrix ADC appliance might send a request from Japan to a data center in California.
You can use the ECS option in deployments that include the Citrix ADC appliance configured as an Authoritative DNS (ADNS) server for a GSLB domain. If you use static proximity as the load balancing method, you can use the IP subnet in the EDNS header instead of the LDNS IP address. This helps to determine the geographical proximity of the client. In proxy mode deployment, the Citrix ADC appliance forwards an ECS-enabled DNS query as-is to the back-end servers. The appliance does not cache ECS-enabled DNS responses.
Note
The ECS option is not applicable for all other deployment modes, such as ADNS mode for non-GSLB domains, resolver mode, and forwarder mode. The ECS option is ignored by the Citrix ADC appliance in the preceding mentioned modes. Also, by default, ECS is disabled for GSLB deployment.
To enable the EDNS0 Client Subnet option by using the command line interface:
At the command prompt, type:
set gslb vserver <vserver_name> **-ECS ENABLEDset gslb vserver vserver-GSLB-1 -ECS ENABLED<!--NeedCopy-->
Address validation
You can configure a GSLB virtual server to verify that the address returned by the EDNS0 Client Subnet (ECS) option of the DNS query is not a private or an unroutable IP address. With address validation enabled, the Citrix ADC appliance ignores the ECS address in the DNS query if it is listed in the following table, and instead uses the LDNS IP address for global server load balancing.
Note
By default, address validation is disabled.
Address Type | Address | Description |
---|---|---|
IPV4 | 10.0.0.0/8 | For private use |
172.16.0.0/12 | For private use | |
192.168.0.0/16 | For private use | |
0.0.0.0/8 | Refers to the host on the network | |
100.64.0.0/10 | Shared address space | |
127.0.0.0/8 | Loopback address | |
169.254.0.0/16 | Link Local IPv4 address as defined in RFC 3927 | |
192.0.0.0/24 | Used for IETF protocol assignments, includes the private space 192.168.0.0/16 | |
192.0.2.0/24 | Used for documentation purposes | |
192.88.99.0/24 | Used for 6to4 Relay Anycast | |
198.18.0.0/15 | Used in Device benchmark testing | |
198.51.100.0/24 | Used for documentation purposes | |
203.0.113.0/24 | Used for documentation purposes | |
240.0.0.0/4 | Used as reserved | |
255.255.255.255/32 | Used for broadcast | |
IPv6 | ::1/128 | loopback address |
::/128 | unspecified address | |
::ffff:0:0/96 | IPv4-mapped address | |
100::/64 | discard-only address block | |
2001::/23 | Used for IETF protocol assignments | |
2001::/32 | TEREDO | |
2001:2::/48 | Used for benchmarking | |
2001:db8::/32 | Used for documentation purposes | |
2001:10::/28 | ORCHID | |
2002::/16 | Used for 6to4 Relay Anycast | |
fc00::/7 | Unique-local | |
fe80::/10 | Link-local Unicast addresses |
To enable address validation by using the command line interface
At the command prompt, type:
set gslb vserver <vserver_name> -ecsAddrValidation ENABLEDset gslb vserver vserver-GSLB-1 -ecsAddrValidation ENABLED<!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论