Global Server Load Balancing – FortiBalancer

14.3.2.4 Configuring Host Method

grr

FortiBalancer3 is configured as local DNS to resolve a domain name “www.a.com” by following the above basic configurations.

  • Step 1 Assign “grr” host method to “www.a.com” on FortiBalancer3

FortiBalancer(config)#sdns host method “www.a.com” grr

The resolving results are displayed through nslookup of Windows as follows:

www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.230.1, 10.3.220.1, 10.3.210.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.220.1, 10.3.210.1, 10.3.230.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.210.1, 10.3.220.1, 10.3.230.1

As is obvious from the above, the result of resolving “www.a.com” is round robin on the three IP addresses, 10.3.230.1, 10.3.220.1, and 10.3.210.1.

vwgrr

Besides the above basic configurations, it is necessary to set the weights of the IP addresses which a domain name is corresponding to. (In the basic configurations, the weights of all the IP addresses default to 1.) FortiBalancer3 is configured as local DNS to resolve “www.a.com”.

  • Step 1 Set the weight of “www.a.com” to 1 on FortiBalancer1

FortiBalancer(config)#llb dns host “www.a.com” 10.3.210.1 1

  • Step 2 Set the weight of “www.a.com” to 2 on FortiBalancer2

FortiBalancer(config)#llb dns host “www.a.com” 10.3.220.1 2

  • Step 3 Set the weight of “www.a.com” to 3 on FortiBalancer3

FortiBalancer(config)#llb dns host “www.a.com” 10.3.230.1 3

  • Step 4 Assign “vwgrr” host method to “www.a.com” on FortiBalancer3

FortiBalancer(config)#sdns host method “www.a.com” vwgrr

And the resolving results are displayed through nsookup of Windows as follows:

>www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.210.1, 10.3.220.1, 10.3.230.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.220.1, 10.3.230.1, 10.3.210.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.220.1, 10.3.230.1, 10.3.210.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.230.1, 10.3.220.1, 10.3.210.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.230.1, 10.3.220.1, 10.3.210.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Addresses: 10.3.230.1, 10.3.220.1, 10.3.210.1

As is obvious from the above, when “www.a.com” is resolved in terms of different weights of three IP addresses, the three IP addresses’ return times are different (refer to the following table).

Table 14-2 Weight and Return Times of IP Addresses

IP Weight Continuous returned times
10.3.210.1 1 1
10.3.220.1 2 2
10.3.230.1 3 3

gco

FortiBalancer3 is configured as local DNS to resolve a domain name “www.a.com”. Besides the basic configurations, SDNS chain needs to be configured.

FortiBalancer3

  • Step 1 Configure an overflow chain called “mychain” on FortiBalancer3

FortiBalancer(config)#sdns overflow chain mychain

  • Step 2 Add FortiBalancer1, FortiBalancer2, and FortiBalancer3 into “mychain”

FortiBalancer(config)#sdns overflow member mychain FortiBalancer1 FortiBalancer(config)#sdns overflow member mychain FortiBalancer2

FortiBalancer(config)#sdns overflow member mychain FortiBalancer3

Note: The earlier an FortiBalancer is added, the higher priority it will be assigned.

  • Step 3 Assign “gco” host method to “www.a.com” on FortiBalancer3

FortiBalancer(config)#sdns host method “www.a.com” gco mychain

  • Step 4 Set the maximum number of TCP connections to 3

FortiBalancer(config)#sdns member local FortiBalancer3 3

FortiBalancer1

  • Step 1 Set the maximum number of TCP connections to 1

FortiBalancer(config)#sdns member local FortiBalancer1 1

FortiBalancer2

  • Step 1 Set the maximum number of TCP connections to 2

FortiBalancer(config)#sdns member local FortiBalancer2 2

The resolving results are displayed through nslookup of Windows as follows:

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Address: 10.3.210.1

 

(Set up one TCP connection to FortiBalancer1)

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Address: 10.3.220.1

 

(Set up two TCP connections to FortiBalancer2 and at the same time maintain the TCP connection to FortiBalancer1)

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Address: 10.3.230.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

(Break up the TCP connection to FortiBalancer1)

Name: www.a.com

Address: 10.3.210.1

As is obvious from the above, because the indexes of FortiBalancer1, FortiBalancer2, and FortiBalancer3 are respectively 1, 2, 3, the initial resolving of “www.a.com” will return IP addresses on FortiBalancer1. As the number of TCP connection on FortiBalancer1 is set to 1, the resolving of “www.a.com” will transfer to FortiBalancer2 after maintaining a connection to FortiBalancer1. The rest may be deduced by analogy. The resolving of “www.a.com” will transfer to FortiBalancer3 after maintaining two connections to FortiBalancer2. Once the TCP connection to FortiBalancer1 is broken up, the resolving of “www.a.com” will reuse the IP addresses on FortiBalancer1.

glc

FortiBalancer3 is configured as local DNS to resolve a domain name “www.a.com”. Besides the above basic configurations, TCP connection of every FortiBalancer appliance needs to be configured.

FortiBalancer3

  • Step 1 Assign “glc” host method to “www.a.com” on FortiBalancer3

FortiBalancer(config)#sdns host method “www.a.com” glc

  • Step 2 Set the maximum number of TCP connections to 3

FortiBalancer(config)#sdns member local FortiBalancer3 3

FortiBalancer1

  • Step 1 Set the maximum number of TCP connections to 3

FortiBalancer(config)#sdns member local FortiBalancer1 3

FortiBalancer2

  • Step 1 Set the maximum number of TCP connections to 3

FortiBalancer(config)#sdns member local FortiBalancer2 3

The resolving results are displayed through nslookup of Windows as follows:

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

(The number of TCP connection to FortiBalancer1 is 1, and 2 to FortiBalancer2 and FortiBalancer3.)

Name: www.a.com

Address: 10.3.210.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

(The number of TCP connection to FortiBalancer2 is 1, and 2 to FortiBalancer1 and FortiBalancer3.)

Name: www.a.com

Address: 10.3.220.1

 

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

(The number of TCP connection to FortiBalancer3 is 1, and 2 to FortiBalancer1 and FortiBalancer2.)

Name: www.a.com

Address: 10.3.230.1

As is obvious from above, when “www.a.com” is resolved, the IP address on the FortiBalancer appliance with the least TCP connections will be returned.

ipo

FortiBalancer3 is configured as local DNS to resolve a domain name “www.a.com”. Besides the above basic configurations, IP address’ priority should be configured.

FortiBalancer3

  • Step 1 Assign “ipo” host method to “www.a.com” on FortiBalancer3

FortiBalancer(config)#sdns host method “www.a.com” ipo

  • Step 2 Set “www.a.com” priority to 3

FortiBalancer(config)#llb dns host “www.a.com” 10.3.230.1 3

FortiBalancer1

  • Step 1 Set www.a.com priority to 1

FortiBalancer(config)#llb dns host “www.a.com“ 10.3.210.1 1

FortiBalancer2

  • Step 1 Set “www.a.com” priority to 2

FortiBalancer(config)#llb dns host “www.a.com” 10.3.220.1 2

And the resolving results are displayed through nslookup of Windows as follows:

> www.a.com Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Address: 10.3.230.1

 

llb dns host “www.a.com“ 10.3.220.1 5

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Address: 10.3.220.1

 

(Set the priority of 10.3.210.1 to 8 which is the highest value among the three IP addresses.)

lb dns host “www.a.com“ 10.3.210.1 8

> www.a.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.a.com

Address: 10.3.210.1

This shows that every DNS resolving will return the IP address with the highest priority.

proximity

The logical architecture related to SDNS site should be mentioned here. The labeled numbers in the following figure are the setting distance values. (These values have nothing to do with the length of the lines in this figure.)

 

Figure 14-8 Proximity Method

In the above figure, every site has a member, but Chongqing site has no member.

FortiBalancer1

  • Step 1 Configure each site (respectively Beijing, Tianjin, Shanghai and Chongqing)

FortiBalancer(config)#sdns site location beijing 42

FortiBalancer(config)#sdns site location tianjin 32

FortiBalancer(config)#sdns site location shanghai 22

FortiBalancer(config)#sdns site location chongqing 12

  • Step 2 Configure the distance value between two sites

FortiBalancer(config)#sdns site distance “beijing” “tianjin” 1 FortiBalancer(config)#sdns site distance “beijing” “shanghai” 7

FortiBalancer(config)#sdns site distance “beijing” “chongqing” 5 FortiBalancer(config)#sdns site distance “tianjin” “shanghai” 9

FortiBalancer(config)#sdns site distance “tianjin” “chongqing” 5

FortiBalancer(config)#sdns site distance “shanghai” “chongqing” 8

  • Step 3 Add the members into sites (Chongqing site has no member)

FortiBalancer(config)#sdns site member beijing FortiBalancer1

FortiBalancer(config)#sdns site member tianjin FortiBalancer2

FortiBalancer(config)#sdns site member shanghai FortiBalancer3

  • Step 4 Configure proximity

FortiBalancer(config)#sdns proximity 10.3.50.7 255.255.255.255 beijing 0

FortiBalancer(config)#sdns proximity 10.3.200.107 255.255.255.255 tianjin 0

FortiBalancer(config)#sdns proximity 10.3.200.108 255.255.255.255 chongqing 0

  • Step 5 Set “www.b.com” method to proximity

FortiBalancer(config)#sdns host method “www.b.com” proximity

  • Step 6 Add IP address into “www.b.com”

FortiBalancer(config)#slb virtual http “vs2” 10.3.210.2 80

FortiBalancer(config)#slb virtual http “vs3” 10.3.210.3 80

FortiBalancer(config)#slb virtual http “vs4” 10.3.220.4 80

FortiBalancer(config)#slb policy static “vs2” “rs1”

FortiBalancer(config)#slb policy static “vs3” “rs1”

FortiBalancer(config)#slb policy static “vs4” “rs1”

FortiBalancer(config)#llb dns host “www.b.com” 10.3.210.2

FortiBalancer(config)#llb dns host “www.b.com” 10.3.210.3

FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.4

FortiBalancer2

  • Step 1 Add IP address into “www.b.com”

FortiBalancer(config)#slb virtual http “vs2” 10.3.210.2 80

FortiBalancer(config)#slb virtual http “vs3” 10.3.210.3 80

FortiBalancer(config)#slb virtual http “vs4” 10.3.220.4 80

FortiBalancer(config)#slb policy static “vs2” “rs1”

FortiBalancer(config)#slb policy static “vs3” “rs1”

FortiBalancer(config)#slb policy static “vs4” “rs1”

FortiBalancer(config)#llb dns host “www.b.com” 10.3.210.2

FortiBalancer(config)#llb dns host “www.b.com” 10.3.210.3

FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.4

FortiBalancer3

  • Step 1 Add IP address into “www.b.com”

FortiBalancer(config)#slb virtual http “vs2” 10.3.210.2 80

FortiBalancer(config)#slb virtual http “vs3” 10.3.210.3 80

FortiBalancer(config)#slb virtual http “vs4” 10.3.220.4 80

FortiBalancer(config)#slb policy static “vs2” “rs1”

FortiBalancer(config)#slb policy static “vs3” “rs1”

FortiBalancer(config)#slb policy static “vs4” “rs1”

FortiBalancer(config)#llb dns host “www.b.com” 10.3.210.2

FortiBalancer(config)#llb dns host “www.b.com” 10.3.210.3

FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.4

Request for resolving “www.b.com” on three clients (their IP addresses are respectively 10.3.50.7, 10.3.200.107, and 10.3.200.108)by using nslookup of Windows. The resolving result is as follows:

The client whose IP address is 10.3.200.107 sets local DNS to 10.3.200.1.

> www.b.com

Server: [10.3.200.1] Address: 10.3.200.1

 

Name: www.b.com

Addresses: 10.3.220.1, 10.3.220.2, 10.3.220.3

 

> www.b.com

Server: [10.3.200.1] Address: 10.3.200.1

 

Name: www.b.com

Addresses: 10.3.220.2, 10.3.220.3, 10.3.220.4

 

> www.b.com

Server: [10.3.200.1] Address: 10.3.200.1

 

Name: www.b.com

Addresses: 10.3.220.3, 10.3.220.4, 10.3.220.1

The result is as above. FortiBalancer appliance locates to Tianjin site by SDNS proximity, and then returns the IP addresses on the FortiBalancer2 of Tianjin site.

The client whose IP address is 10.3.50.7 sets local DNS to 10.3.200.3.

> www.b.com Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.b.com

Addresses: 10.3.210.1, 10.3.210.2, 10.3.210.3

 

> www.b.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.b.com

Addresses: 10.3.210.2, 10.3.210.3, 10.3.210.4

 

> www.b.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.b.com

Addresses: 10.3.210.3, 10.3.210.4, 10.3.210.1

Referring to the above results, FortiBalancer appliance locates to Beijing site by SDNS proximity, and then returns the IP addresses on the FortiBalancer1 of Beijing site.

The client whose IP address is 10.3.200.108 sets local DNS to10.3.200.1.

> www.b.com Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.b.com

Addresses: 10.3.210.1, 10.3.210.2, 10.3.210.3

 

> www.b.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.b.com

Addresses: 10.3.210.2, 10.3.210.3, 10.3.210.4

 

> www.b.com

Server: [10.3.200.3] Address: 10.3.200.3

 

Name: www.b.com

Addresses: 10.3.210.3, 10.3.210.4, 10.3.210.1

The result is as above. FortiBalancer appliance locates to Chongqing site by SDNS proximity. But no member is added in Chongqing site. FortiBalancer appliance will compare the distance value between Chongqing site and another site and it will find that the distance between Chongqing site and Beijing site (the distance value is 4) is shorter than the distance between Chongqing site and Tianjin site (the distance value is 5). So at last FortiBalancer appliance will locate to Beijing site and return the IP addresses on the FortiBalancer1of Beijing site.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.