ACE GSS Basics – Part I

[Data Center Virtualization Fundamentals: Deleted Scene 161]

The Cisco Application Control Engine Global Site Selector (ACE GSS) is a network service that provides global server load balancing for geographically dispersed servers. It relies on Domain Name System (DNS) requests from application clients to direct them to the IP address from a host or to a server load balancer´s virtual IP (VIP) address.

ACE GSS integrates to a company network through the use of Name Server (NS) records inserted into its DNS. Adversely from Address (A) records, which provides a destination server IP address in a DNS lookup, a NS entry informs the IP address of an ACE GSS appliance where another request should be forwarded. In this way, a DNS request for a URL such as ends up being resolved by an appliance that can apply intelligence to its response.

Figure 1 represents the main components of an ACE GSS implementation.

In the figure, you can notice:

  • Two dispersed sites (Site 1 and 2) with separate infrastructure (data center networks are not depicted).
  • An ACE virtual context at each site representing a “local” server load balance (ACE1 and ACE2). Each virtual context has a VIP (VIP1 and VIP2, respectively) that can receive user sessions that will be load balanced to the application servers.
  • Each ACE virtual context test the application availability in each server through health probes.
  • GSS1 also sends probes to verify the state of VIP1 and VIP2. If at least one server is available, its virtual context will receive sessions on its VIP.
  • GSS1 resides on Site 1 but it is part of a cluster with GSS2, which is located at Site 2.

When a customer device wants to establish a session with the geographically dispersed application, it sends a DNS request to a server that is inserted in its TCP/IP stack (statically or through DHCP). Generically speaking, this server usually is a D-proxy that issues iterative DNS queries on behalf of the client.

Looking for , the D-proxy queries the DNS server responsible (“authoritative”) for the .com domain. It contains a NS record that points to the server that is responsible for Such a server is usually present at a customer premises, for instance Site 1.

Luckily, this server was prepared with a NS record that characterizes GSS1 as the responsible for domain . Now, GSS1 can forward VIP1 or VIP2 as a response to the D-proxy depending on multiple factors, such as:

  • Application state
  • Number of active servers per site
  • Server load
  • D-proxy IP address
  • … and many others

That explanation summarizes the most usual design for ACE GSS. In the next post, I will show you how to perform a basic configuration on an appliance. Stay tuned!

Best regards,

Gustavo A. A. Santana