14.3.3.2 Configuring LLB

The “llb dns host/ttl” command does not need to be executed for FortiBalancer1 on Topology 2. LLB configurations for FortiBalancer2 and FortiBalancer3 are the same on Topology 1 and Topology 2.

FortiBalancer2

• Step 1 Configure LLB DNS host entry

Three domain names are configured and each domain name is assigned three IP addresses here.

FortiBalancer(config)#llb dns host “www.a.com” 10.3.220.1

FortiBalancer(config)#llb dns host “www.a.com” 10.3.220.2

FortiBalancer(config)#llb dns host “www.a.com” 10.3.220.3

 

FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.1

FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.2

FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.3

 

FortiBalancer(config)#llb dns host “*.c.com” 10.3.220.1

FortiBalancer(config)#llb dns host “*.c.com” 10.3.220.2

FortiBalancer(config)#llb dns host “*.c.com” 10.3.220.3

• Step 2 Configure LLB DNS TTL (Time to Live)

FortiBalancer(config)#llb dns ttl “www.a.com” 60

FortiBalancer(config)#llb dns ttl “www.b.com” 60

FortiBalancer(config)#llb dns ttl “*.c.com” 60

FortiBalancer3

 

Step 1 Configure LLB DNS host entry

Three domain names are configured and each domain name is assigned three IP addresses here.

FortiBalancer(config)#llb dns host “www.a.com” 10.3.230.1 FortiBalancer(config)#llb dns host “www.a.com” 10.3.230.2

FortiBalancer(config)#llb dns host “www.a.com” 10.3.230.3

 

FortiBalancer(config)#llb dns host “www.b.com” 10.3.230.1

FortiBalancer(config)#llb dns host “www.b.com” 10.3.230.2

FortiBalancer(config)#llb dns host “www.b.com” 10.3.230.3

 

FortiBalancer(config)#llb dns host “*.c.com” 10.3.230.1 FortiBalancer(config)#llb dns host “*.c.com” 10.3.230.2

FortiBalancer(config)#llb dns host “*.c.com” 10.3.230.3

Ø    Step 2 Configure LLB DNS TTL (Time to Live)

FortiBalancer(config)#llb dns ttl “www.a.com” 60

FortiBalancer(config)#llb dns ttl “www.b.com” 60 FortiBalancer(config)#llb dns ttl “*.c.com” 60

14.3.3.3 Configuring Basic SDNS

The basic SDNS configurations on Topology 2 are different from these configurations on Topology 1. Here, FortiBalancer1 needs to be configured as “dns” while FortiBalancer2 and FortiBalancer3 are configured as “proxy”.

FortiBalancer1

• Step 1 Enable SDNS

FortiBalancer(config)#sdns on

• Step 2 Configure SDNS members

FortiBalancer(config)#sdns member attribute FortiBalancer1 10.3.200.1 5888 dns

FortiBalancer(config)#sdns member attribute FortiBalancer2 10.3.200.2 5888 proxy

FortiBalancer(config)#sdns member attribute FortiBalancer3 10.3.200.3 5888 proxy

• Step 3 Configure FortiBalancer1 as a local member

FortiBalancer(config)#sdns member local FortiBalancer1

FortiBalancer2

• Step 1 Enable SDNS

FortiBalancer(config)#sdns on

• Step 2 Configure SDNS members

FortiBalancer(config)#sdns member attribute FortiBalancer1 10.3.200.1 5888 dns

FortiBalancer(config)#sdns member attribute FortiBalancer2 10.3.200.2 5888 proxy FortiBalancer(config)#sdns member attribute FortiBalancer3 10.3.200.3 5888 proxy

• Step 3 Configure FortiBalancer2 as a local member

FortiBalancer(config)#sdns member local FortiBalancer2

FortiBalancer3

• Step 1 Enable SDNS

FortiBalancer(config)#sdns on

• Step 2 Configure SDNS members

FortiBalancer(config)#sdns member attribute FortiBalancer1 10.3.200.1 5888 dns

FortiBalancer(config)#sdns member attribute FortiBalancer2 10.3.200.2 5888 proxy

FortiBalancer(config)#sdns member attribute FortiBalancer3 10.3.200.3 5888 proxy

• Step 3 Configure FortiBalancer3 as a local member

FortiBalancer(config)#sdns member local FortiBalancer3

14.3.3.4 Configuring Host Method

region

The logical architecture related to SDNS site/region/pool in this example should be introduced firstly.

 

Figure 14-9 SDNS Region Method

In the section Configuring Basic SDNS, FortiBalancer1 needs to be configured as “dns”, while FortiBalancer2 and FortiBalancer3 need to be configured as “proxy”.

FortiBalancer1

• Step 1 Create two sites: Beijing and Tianjin

FortiBalancer(config)#sdns site location beijing 90

FortiBalancer(config)#sdns site location tianjin 80

• Step 2 Add the members into the sites

FortiBalancer(config)#sdns site member beijing FortiBalancer2

FortiBalancer(config)#sdns site member tianjin FortiBalancer3

• Step 3 Create two regions: China and Default

FortiBalancer(config)#sdns region location china 60

FortiBalancer(config)#sdns region location default 30

Step 4 Add the region/site into the region

FortiBalancer(config)#sdns region division china beijing

FortiBalancer(config)#sdns region division china Tianjin

FortiBalancer(config)#sdns region division default china

• Step 5 Create a pool (www.b.com-beijing) and configure its IP addresses

FortiBalancer(config)#sdns pool method “www.b.com” beijing rr 2

FortiBalancer(config)#sdns pool ip “www.b.com” beijing 10.3.220.1 5 FortiBalancer(config)#sdns pool ip “www.b.com” beijing 10.3.220.2 5 FortiBalancer(config)#sdns pool ip “www.b.com” beijing 10.3.220.3 5

• Step 6 Create a pool (www.b.com-tianjin) and configure its IP addresses

FortiBalancer(config)#sdns pool method “www.b.com” tianjin ipo 1

FortiBalancer(config)#sdns pool ip “www.b.com” tianjin 10.3.230.1 6

FortiBalancer(config)#sdns pool ip “www.b.com” tianjin 10.3.230.2 5

FortiBalancer(config)#sdns pool ip “www.b.com” tianjin 10.3.230.3 4

• Step 7 Create a pool (www.b.com-china) and configure its IP addresses

FortiBalancer(config)#sdns pool method “www.b.com” china pi 2

FortiBalancer(config)#sdns pool ip “www.b.com” china 10.3.220.1 3

FortiBalancer(config)#sdns pool ip “www.b.com” china 10.3.230.1 3 FortiBalancer(config)#sdns persistent timeout 12

• Step 8 Create a pool (www.b.com-default) and configure its IP addresses

FortiBalancer(config)#sdns pool method “www.b.com” default rr 2 FortiBalancer(config)#sdns pool ip “www.b.com” default 10.3.220.4 5

• Step 9 Create a pool rule (rule1-china) and configure its IP addresses

FortiBalancer(config)#sdns pool rule “rule1” china rr 3

FortiBalancer(config)#sdns pool ip “rule1” china 10.3.220.1 10

• Step 10 Set the rule1 to host www.a.com

FortiBalancer(config)#sdns host rule “rule1” www.a.com

• Step 11 Set the host method to “region”

FortiBalancer(config)#sdns host method “www.a.com” region

FortiBalancer(config)#sdns host method “www.b.com” region

• Step 12 Set the SDNS proximity

FortiBalancer(config)#sdns proximity 10.3.200.107 255.255.255.255 beijing

FortiBalancer(config)#sdns proximity 10.3.50.7 255.255.255.255 tianjin

Request for resolving “www.b.com” on two clients (their IP addresses are respectively 10.3.50.7 and 10.3.200.107）by using nslookup of Windows.

The client whose IP address is 10.3.200.107 will set local DNS to 10.3.200.1

> www.b.com Server: [10.3.200.1] Address: 10.3.200.1   Name: www.b.com Addresses: 10.3.220.1, 10.3.220.2

> www.b.com Server: [10.3.200.1] Address: 10.3.200.1   Name: www.b.com Addresses: 10.3.220.2, 10.3.220.3   > www.b.com Server: [10.3.200.1] Address: 10.3.200.1   Name: www.b.com Addresses: 10.3.220.3, 10.3.220.1

As is obvious from the above, the packet whose corresponding source IP address is configured as10.3.200.107 in SDNS proximity will be located to Beijing pool. So the IP address of “www.b.com-beijing” pool will be returned. Because the returned IP address’ number of the pool is assigned to 2, every time two IP addresses will be returned in round robin. The client whose IP address is 10.3.50.7 sets local DNS to 10.3.200.1.

region:

> www.b.com

Server: [10.3.200.1] Address: 10.3.200.1

 

Name: www.b.com

Addresses: 10.3.230.1

 

> www.b.com

Server: [10.3.200.1] Address: 10.3.200.1

 

Name: www.b.com

Addresses: 10.3.230.1

 

> www.b.com

Server: [10.3.200.1] Address: 10.3.200.1

 

Name: www.b.com

Addresses: 10.3.230.1

As is obvious from the above, the packet whose corresponding source IP address is set to

10.3.50.7 in SDNS proximity will be located to Tianjin pool. So the IP address of “www.b.com” with the highest priority in Tianjin pool will be returned. Because the returned IP address’ number of the pool is assigned to 1, every time the IP address with the highest priority will be returned.

14.3.3.5 Configuring SDNS Bandwidth

If we want to manage the SDNS bandwidth, we need to go on the configuration of bandwidth for “region” host method.

Set the bandwidth of “region”, “site” and “member”

• Step 1 Set the “china region” bandwidth limit to 10M and the statistics mode is inout

FortiBalancer(config)#sdns bandwidth region china 1 10

Step 2 Set the “beijing site” bandwidth limit to 2M, and the statistics mode is inout

FortiBalancer(config)#sdns bandwidth site beijing 3 2

• Step 3 Set the “tianjin site” bandwidth limit to 1M, and the statistics mode is in

FortiBalancer(config)#sdns bandwidth site tianjin 2 1

• Step 4 Set the FortiBalancer1 member bandwidth limit to 1M, and the statistics mode is inout

FortiBalancer(config)#sdns bandwidth member FortiBalancer2 1 1

• Step 5 Set the FortiBalancer2 member bandwidth limit to 1M, and the statistics mode is inout

FortiBalancer(config)#sdns bandwidth member FortiBalancer3 1 1

Access “www.b.com” from 10.3.200.107 (DNS server is set to 10.3.200.1). The traffic is displayed as follows:

FortiBalancer1(config)#show sdns band Name               Site/Region ID              Limit             Usage            Mode						Status
china                      3	10000000       1231638         1
Region: china www.b.com             3	10000000	1254880	8
default                    4	-1	0	0
Region: default   beijing                    1	2000000	615906	3
Site: beijing www.b.com             1	5000000	0	7
tianjin                     2	1000000	666	2
Site: tianjin   FortiBalancer3	1000000         901			1
FortiBalancer2	1000000         1230737			1		Full
FortiBalancer1   The bandwidth of vips:	-1                  0			0

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!