Use the EDNS0 client subnet option for Global Server Load Balancing

EDNS Client Subnet (ECS) is a Domain Name Server (DNS) header extension that provides the client subnet details. You can use these details to improve the accuracy of Citrix ADC Global Server Load Balancing (GSLB) by using the client network location rather than the DNS resolver location to determine the topological closeness of the client.

Note

Citrix ADC supports only EDNS0.

Important:

Make sure that the Local Domain Name Server (LDNS) in your deployment supports the EDNS0 Client Subnet so that the incoming DNS queries contain the EDNS0 Client Subnet option and the Citrix ADC appliance uses the ECS address while processing the DNS query.

The Citrix ADC appliance uses the LDNS IP address for determining the topological closeness of the client and performs GSLB so, when you use proximity-based load balancing methods like static proximity or dynamic round-trip time (RTT). It happens in a typical GSLB deployment. But when a centralized DNS resolver, such as Google DNS or OpenDNS, is involved in the deployment, the Citrix ADC appliance sends the DNS request to a data center close to the centralized DNS resolver, which might not be close to the client. For example, in a typical Citrix ADC GSLB deployment using the static proximity load balancing method, an end-user request from Japan is sent to a data center in Japan and an end user request from California is sent to a data center in California. But if a centralized DNS resolver is involved, the Citrix ADC appliance might send a request from Japan to a data center in California.

You can use the ECS option in deployments that include the Citrix ADC appliance configured as an Authoritative DNS (ADNS) server for a GSLB domain. If you use static proximity as the load balancing method, you can use the IP subnet in the EDNS header instead of the LDNS IP address. This helps to determine the geographical proximity of the client. In proxy mode deployment, the Citrix ADC appliance forwards an ECS-enabled DNS query as-is to the back-end servers. The appliance does not cache ECS-enabled DNS responses.

Note

The ECS option is not applicable for all other deployment modes, such as ADNS mode for non-GSLB domains, resolver mode, and forwarder mode. The ECS option is ignored by the Citrix ADC appliance in the preceding mentioned modes. Also, by default, ECS is disabled for GSLB deployment.

To enable the EDNS0 Client Subnet option by using the command line interface:

At the command prompt, type:

set gslb vserver <vserver_name> **-ECS ENABLEDset gslb vserver vserver-GSLB-1 -ECS ENABLED<!--NeedCopy-->

Address validation

You can configure a GSLB virtual server to verify that the address returned by the EDNS0 Client Subnet (ECS) option of the DNS query is not a private or an unroutable IP address. With address validation enabled, the Citrix ADC appliance ignores the ECS address in the DNS query if it is listed in the following table, and instead uses the LDNS IP address for global server load balancing.

Note

By default, address validation is disabled.

To enable address validation by using the command line interface

At the command prompt, type:

set gslb vserver <vserver_name> -ecsAddrValidation ENABLEDset gslb vserver vserver-GSLB-1 -ecsAddrValidation ENABLED<!--NeedCopy-->