14.3.3.2 Configuring LLB
The “llb dns host/ttl” command does not need to be executed for FortiBalancer1 on Topology 2. LLB configurations for FortiBalancer2 and FortiBalancer3 are the same on Topology 1 and Topology 2.
FortiBalancer2
- Step 1 Configure LLB DNS host entry
Three domain names are configured and each domain name is assigned three IP addresses here.
FortiBalancer(config)#llb dns host “www.a.com” 10.3.220.1
FortiBalancer(config)#llb dns host “www.a.com” 10.3.220.2
FortiBalancer(config)#llb dns host “www.a.com” 10.3.220.3
FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.1
FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.2
FortiBalancer(config)#llb dns host “www.b.com” 10.3.220.3
FortiBalancer(config)#llb dns host “*.c.com” 10.3.220.1
FortiBalancer(config)#llb dns host “*.c.com” 10.3.220.2
FortiBalancer(config)#llb dns host “*.c.com” 10.3.220.3
- Step 2 Configure LLB DNS TTL (Time to Live)
FortiBalancer(config)#llb dns ttl “www.a.com” 60
FortiBalancer(config)#llb dns ttl “www.b.com” 60
FortiBalancer(config)#llb dns ttl “*.c.com” 60
FortiBalancer3
Step 1 Configure LLB DNS host entry
Three domain names are configured and each domain name is assigned three IP addresses here.
FortiBalancer(config)#llb dns host “www.a.com” 10.3.230.1 FortiBalancer(config)#llb dns host “www.a.com” 10.3.230.2
FortiBalancer(config)#llb dns host “www.a.com” 10.3.230.3
FortiBalancer(config)#llb dns host “www.b.com” 10.3.230.1
FortiBalancer(config)#llb dns host “www.b.com” 10.3.230.2
FortiBalancer(config)#llb dns host “www.b.com” 10.3.230.3
FortiBalancer(config)#llb dns host “*.c.com” 10.3.230.1 FortiBalancer(config)#llb dns host “*.c.com” 10.3.230.2
FortiBalancer(config)#llb dns host “*.c.com” 10.3.230.3
Ø Step 2 Configure LLB DNS TTL (Time to Live)
FortiBalancer(config)#llb dns ttl “www.a.com” 60
FortiBalancer(config)#llb dns ttl “www.b.com” 60 FortiBalancer(config)#llb dns ttl “*.c.com” 60
14.3.3.3 Configuring Basic SDNS
The basic SDNS configurations on Topology 2 are different from these configurations on Topology 1. Here, FortiBalancer1 needs to be configured as “dns” while FortiBalancer2 and FortiBalancer3 are configured as “proxy”.
FortiBalancer1
- Step 1 Enable SDNS
FortiBalancer(config)#sdns on
- Step 2 Configure SDNS members
FortiBalancer(config)#sdns member attribute FortiBalancer1 10.3.200.1 5888 dns
FortiBalancer(config)#sdns member attribute FortiBalancer2 10.3.200.2 5888 proxy
FortiBalancer(config)#sdns member attribute FortiBalancer3 10.3.200.3 5888 proxy
- Step 3 Configure FortiBalancer1 as a local member
FortiBalancer(config)#sdns member local FortiBalancer1
FortiBalancer2
- Step 1 Enable SDNS
FortiBalancer(config)#sdns on
- Step 2 Configure SDNS members
FortiBalancer(config)#sdns member attribute FortiBalancer1 10.3.200.1 5888 dns
FortiBalancer(config)#sdns member attribute FortiBalancer2 10.3.200.2 5888 proxy FortiBalancer(config)#sdns member attribute FortiBalancer3 10.3.200.3 5888 proxy
- Step 3 Configure FortiBalancer2 as a local member
FortiBalancer(config)#sdns member local FortiBalancer2
FortiBalancer3
- Step 1 Enable SDNS
FortiBalancer(config)#sdns on
- Step 2 Configure SDNS members
FortiBalancer(config)#sdns member attribute FortiBalancer1 10.3.200.1 5888 dns
FortiBalancer(config)#sdns member attribute FortiBalancer2 10.3.200.2 5888 proxy
FortiBalancer(config)#sdns member attribute FortiBalancer3 10.3.200.3 5888 proxy
- Step 3 Configure FortiBalancer3 as a local member
FortiBalancer(config)#sdns member local FortiBalancer3
14.3.3.4 Configuring Host Method
region
The logical architecture related to SDNS site/region/pool in this example should be introduced firstly.
Figure 14-9 SDNS Region Method
In the section Configuring Basic SDNS, FortiBalancer1 needs to be configured as “dns”, while FortiBalancer2 and FortiBalancer3 need to be configured as “proxy”.
FortiBalancer1
- Step 1 Create two sites: Beijing and Tianjin
FortiBalancer(config)#sdns site location beijing 90
FortiBalancer(config)#sdns site location tianjin 80
- Step 2 Add the members into the sites
FortiBalancer(config)#sdns site member beijing FortiBalancer2
FortiBalancer(config)#sdns site member tianjin FortiBalancer3
- Step 3 Create two regions: China and Default
FortiBalancer(config)#sdns region location china 60
FortiBalancer(config)#sdns region location default 30
Step 4 Add the region/site into the region
FortiBalancer(config)#sdns region division china beijing
FortiBalancer(config)#sdns region division china Tianjin
FortiBalancer(config)#sdns region division default china
- Step 5 Create a pool (www.b.com-beijing) and configure its IP addresses
FortiBalancer(config)#sdns pool method “www.b.com” beijing rr 2
FortiBalancer(config)#sdns pool ip “www.b.com” beijing 10.3.220.1 5 FortiBalancer(config)#sdns pool ip “www.b.com” beijing 10.3.220.2 5 FortiBalancer(config)#sdns pool ip “www.b.com” beijing 10.3.220.3 5
- Step 6 Create a pool (www.b.com-tianjin) and configure its IP addresses
FortiBalancer(config)#sdns pool method “www.b.com” tianjin ipo 1
FortiBalancer(config)#sdns pool ip “www.b.com” tianjin 10.3.230.1 6
FortiBalancer(config)#sdns pool ip “www.b.com” tianjin 10.3.230.2 5
FortiBalancer(config)#sdns pool ip “www.b.com” tianjin 10.3.230.3 4
- Step 7 Create a pool (www.b.com-china) and configure its IP addresses
FortiBalancer(config)#sdns pool method “www.b.com” china pi 2
FortiBalancer(config)#sdns pool ip “www.b.com” china 10.3.220.1 3
FortiBalancer(config)#sdns pool ip “www.b.com” china 10.3.230.1 3 FortiBalancer(config)#sdns persistent timeout 12
- Step 8 Create a pool (www.b.com-default) and configure its IP addresses
FortiBalancer(config)#sdns pool method “www.b.com” default rr 2 FortiBalancer(config)#sdns pool ip “www.b.com” default 10.3.220.4 5
- Step 9 Create a pool rule (rule1-china) and configure its IP addresses
FortiBalancer(config)#sdns pool rule “rule1” china rr 3
FortiBalancer(config)#sdns pool ip “rule1” china 10.3.220.1 10
- Step 10 Set the rule1 to host www.a.com
FortiBalancer(config)#sdns host rule “rule1” www.a.com
- Step 11 Set the host method to “region”
FortiBalancer(config)#sdns host method “www.a.com” region
FortiBalancer(config)#sdns host method “www.b.com” region
- Step 12 Set the SDNS proximity
FortiBalancer(config)#sdns proximity 10.3.200.107 255.255.255.255 beijing
FortiBalancer(config)#sdns proximity 10.3.50.7 255.255.255.255 tianjin
Request for resolving “www.b.com” on two clients (their IP addresses are respectively 10.3.50.7 and 10.3.200.107)by using nslookup of Windows.
The client whose IP address is 10.3.200.107 will set local DNS to 10.3.200.1
| > www.b.com Server: [10.3.200.1] Address: 10.3.200.1
Name: www.b.com Addresses: 10.3.220.1, 10.3.220.2 |
|
> www.b.com Server: [10.3.200.1] Address: 10.3.200.1
Name: www.b.com Addresses: 10.3.220.2, 10.3.220.3
> www.b.com Server: [10.3.200.1] Address: 10.3.200.1
Name: www.b.com Addresses: 10.3.220.3, 10.3.220.1 |
As is obvious from the above, the packet whose corresponding source IP address is configured as10.3.200.107 in SDNS proximity will be located to Beijing pool. So the IP address of “www.b.com-beijing” pool will be returned. Because the returned IP address’ number of the pool is assigned to 2, every time two IP addresses will be returned in round robin. The client whose IP address is 10.3.50.7 sets local DNS to 10.3.200.1.
region:
> www.b.com
Server: [10.3.200.1] Address: 10.3.200.1
Name: www.b.com
Addresses: 10.3.230.1
> www.b.com
Server: [10.3.200.1] Address: 10.3.200.1
Name: www.b.com
Addresses: 10.3.230.1
> www.b.com
Server: [10.3.200.1] Address: 10.3.200.1
Name: www.b.com
Addresses: 10.3.230.1
As is obvious from the above, the packet whose corresponding source IP address is set to
10.3.50.7 in SDNS proximity will be located to Tianjin pool. So the IP address of “www.b.com” with the highest priority in Tianjin pool will be returned. Because the returned IP address’ number of the pool is assigned to 1, every time the IP address with the highest priority will be returned.
14.3.3.5 Configuring SDNS Bandwidth
If we want to manage the SDNS bandwidth, we need to go on the configuration of bandwidth for “region” host method.
Set the bandwidth of “region”, “site” and “member”
- Step 1 Set the “china region” bandwidth limit to 10M and the statistics mode is inout
FortiBalancer(config)#sdns bandwidth region china 1 10
Step 2 Set the “beijing site” bandwidth limit to 2M, and the statistics mode is inout
FortiBalancer(config)#sdns bandwidth site beijing 3 2
- Step 3 Set the “tianjin site” bandwidth limit to 1M, and the statistics mode is in
FortiBalancer(config)#sdns bandwidth site tianjin 2 1
- Step 4 Set the FortiBalancer1 member bandwidth limit to 1M, and the statistics mode is inout
FortiBalancer(config)#sdns bandwidth member FortiBalancer2 1 1
- Step 5 Set the FortiBalancer2 member bandwidth limit to 1M, and the statistics mode is inout
FortiBalancer(config)#sdns bandwidth member FortiBalancer3 1 1
Access “www.b.com” from 10.3.200.107 (DNS server is set to 10.3.200.1). The traffic is displayed as follows:
| FortiBalancer1(config)#show sdns band
Name Site/Region ID Limit Usage Mode |
Status | |||||
| china 3 | 10000000 1231638 1 | |||||
|
Region: china www.b.com 3
|
10000000 | 1254880 | 8 | |||
| default 4 | -1 | 0 | 0 | |||
|
Region: default
beijing 1
|
2000000 | 615906 | 3 | |||
| Site: beijing
www.b.com 1
|
5000000 | 0 | 7 | |||
| tianjin 2 | 1000000 | 666 | 2 | |||
| Site: tianjin
FortiBalancer3 |
1000000 901 | 1 | ||||
| FortiBalancer2 | 1000000 1230737 | 1 | Full | |||
| FortiBalancer1
The bandwidth of vips:
|
-1 0 | 0 |
|
|||