CLI: Example for Configuring Round Robin-Based Multi-Server Smart DNS
This section provides an example for configuring round robin-based multi-server smart DNS.
Networking Requirements
As shown in Figure 1, an enterprise deploys two web servers to provide services for external users, and the domain name is www.example.com. The private IP addresses of the servers are respectively 10.1.1.10 and 10.1.1.11, and two public IP addresses 1.1.1.9 and 1.1.1.10 are provided for ISP1 users to access the servers. The DNS server has the mappings between the domain name www.example.com and the public addresses 1.1.1.9 and 1.1.1.10.
Multiple ISP1 users may access the Web server using the same link, causing link congestion. To ensure that different DNS reply addresses are allocated to ISP1 users, configure round robin so that traffic arrives the web server over different links, implementing load balancing. The enterprise requires that when ISP1 users access www.example.com, the domain name be resolved to either public IP address 1.1.1.9 or 1.1.1.10 of the ISP1 server, then the access traffic be transmitted over the ISP1 network to the FW, and the FW use the NAT Server function to map the public IP address to private IP address 10.1.1.10 or 10.1.1.11 of the ISP1 server.
Configuration Roadmap
As shown in Figure 1, in normal cases, ISP users can obtain two server IP addresses, which are 1.1.1.9 and 1.1.1.10. You can configure round robin-based smart DNS to enable the FW to allocate addresses to users based on weights. The FW changes the destination addresses of user access requests to divert traffic to web servers over various links, implementing load balancing. The configuration roadmap is as follows:
Enable smart DNS.
Configure ISP egress-based multi-server smart DNS because the enterprise deploys two web servers. The multi-server smart DNS function maps ISP egresses with the public IP addresses of the ISP servers. For example, ISP1 egress GE0/0/1 can be mapped to ISP1 server addresses 1.1.1.9 and 1.1.1.10.
- Configure the NAT Server function.
Configure a NAT Server mapping for the FW to translate ISP1 public IP address 1.1.1.9 to the private IP address 10.1.1.10 of the ISP1 server, so that ISP1 users can access the ISP1 server using the public IP address.
Configure a NAT Server mapping for the FW to translate ISP1 public IP address 1.1.1.10 to the private IP address 10.1.1.11 of the ISP1 server, so that ISP1 users can access the ISP1 server using the public IP address.
Configure sticky load balancing.
Procedure
- Configure smart DNS.
# Enable smart DNS.
<FW> system-view [FW] dns-smart enable
# Select a traffic allocation mode.
[FW] dns-smart group 1 type multi [FW-dns-smart-group-1] metric roundrobin [FW-dns-smart-group-1] weight-rule roundrobin 1.1.1.9 1.1.1.10
# Configure smart DNS mappings.
[FW-dns-smart-group-1] out-interface GigabitEthernet 0/0/1 map weight-rule [FW-dns-smart-group-1] quit
- Configure NAT Server mappings.
[FW] nat server isp_server_nat_1 protocol tcp global 1.1.1.9 inside 10.1.1.10 no-reverse [FW] nat server isp_server_nat_2 protocol tcp global 1.1.1.10 inside 10.1.1.11 no-reverse
- Set network parameters for interface GigabitEthernet 0/0/1 and enable sticky load balancing.
[FW] interface GigabitEthernet 0/0/1 [FW-GigabitEthernet0/0/1] ip address 1.1.1.2 24 [FW-GigabitEthernet0/0/1] redirect-reverse next-hop 1.1.1.1 [FW-GigabitEthernet0/0/1] gateway 1.1.1.1 [FW-GigabitEthernet0/0/1] quit
Configuration Verification
Ping www.example.com from the PC of an ISP1 user. The returned server address is 1.1.1.9 or 1.1.1.10.
Configuration Scripts
# nat server isp_server_nat_1 global 1.1.1.9 inside 10.1.1.10 no-reverse nat server isp_server_nat_2 global 1.1.1.10 inside 10.1.1.11 no-reverse # dns-smart enable # dns-smart group 1 type multi metric roundrobin weight-rule roundrobin 1.1.1.9 1.1.1.10 out-interface GigabitEthernet 0/0/1 map weight-rule # interface GigabitEthernet 0/0/1 ip address 1.1.1.2 255.255.255.0 redirect-reverse next-hop 1.1.1.1 gateway 1.1.1.1 #