Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

Persistence

Use this command to configure source address affinity and a timeout for GSLB persistence. You enable persistence per host in the GSLB host configuration.

If the DNS query is for a host that has persistence enabled, the DNS server replies with an answer that has the virtual server IP addresses listed in the order determined by the GSLB proximity algorithms, and the client source IP address (for example 192.168.1.100) is recorded in the persistence table. If source address affinity is set to 24 bits, subsequent queries for the host from the 192.168.1.0/24 network are sent an answer with the virtual servers listed in the same order (unless a server becomes unavailable and is therefore omitted from the answer).

Persistence is required for applications that include transactions across multiple hosts, so the persistence table is also used for queries for other hosts with the same domain. For example, a transaction on a banking application might include connections to login.bank.com and transfer.bank.com. To support persistence in these cases, the GSLB persistence lookup accounts for domain as well. The first query for login.bank.com creates a mapping for the source address network 192.168.1.0/24 and the domain bank.com. When the DNS server receives subsequent requests, it consults the persistence table for a source network match, then a domain match and a hostname match. In this example, as long as you have created host configurations for both login.bank.com and transfer.bank.com, and persistence is enabled for each, the persistence table can be used to ensure the DNS answers to queries from the same network list the resource records in the same order.

Before you begin:

  • You must have read-write permission for global load balancing settings.

Syntax

config global-load-balance setting

set persistence-mask-length <integer>

set persistence-mask-length6 <integer>

set persistence-timeout <integer>

end

persistence-mask-length

Number of IPv4 netmask bits that define network affinity for the persistence table. The default is 24.

persistence-mask-length6

Number of IPv6 netmask bits that define network affinity for the persistence table. The default is 64.

persistence-timeout

This setting specifies the length of time in seconds for which the entry is maintained in the persistence table. The default is 86400. The valid range is 60-2,592,000 seconds.

Example

FortiADC-docs # config global-load-balance setting

FortiADC-docs (setting) # get

password : *

proximity-detect-protocol : icmp

proximity-detect-retry-count : 3

proximity-cache-mask-length : 24

proximity-cache-mask-length6 : 64

proximity-detect-interval : 3

proximity-cache-aging-period : 86400

persistence-mask-length : 24

persistence-mask-length6 : 64

persistence-timeout : 60

FortiADC-docs (setting) # set persistence-mask-length 24

FortiADC-docs (setting) # set persistence-mask-length6 64

FortiADC-docs (setting) # set persistence-timeout 60

FortiADC-docs (setting) # end

Persistence

Use this command to configure source address affinity and a timeout for GSLB persistence. You enable persistence per host in the GSLB host configuration.

If the DNS query is for a host that has persistence enabled, the DNS server replies with an answer that has the virtual server IP addresses listed in the order determined by the GSLB proximity algorithms, and the client source IP address (for example 192.168.1.100) is recorded in the persistence table. If source address affinity is set to 24 bits, subsequent queries for the host from the 192.168.1.0/24 network are sent an answer with the virtual servers listed in the same order (unless a server becomes unavailable and is therefore omitted from the answer).

Persistence is required for applications that include transactions across multiple hosts, so the persistence table is also used for queries for other hosts with the same domain. For example, a transaction on a banking application might include connections to login.bank.com and transfer.bank.com. To support persistence in these cases, the GSLB persistence lookup accounts for domain as well. The first query for login.bank.com creates a mapping for the source address network 192.168.1.0/24 and the domain bank.com. When the DNS server receives subsequent requests, it consults the persistence table for a source network match, then a domain match and a hostname match. In this example, as long as you have created host configurations for both login.bank.com and transfer.bank.com, and persistence is enabled for each, the persistence table can be used to ensure the DNS answers to queries from the same network list the resource records in the same order.

Before you begin:

  • You must have read-write permission for global load balancing settings.

Syntax

config global-load-balance setting

set persistence-mask-length <integer>

set persistence-mask-length6 <integer>

set persistence-timeout <integer>

end

persistence-mask-length

Number of IPv4 netmask bits that define network affinity for the persistence table. The default is 24.

persistence-mask-length6

Number of IPv6 netmask bits that define network affinity for the persistence table. The default is 64.

persistence-timeout

This setting specifies the length of time in seconds for which the entry is maintained in the persistence table. The default is 86400. The valid range is 60-2,592,000 seconds.

Example

FortiADC-docs # config global-load-balance setting

FortiADC-docs (setting) # get

password : *

proximity-detect-protocol : icmp

proximity-detect-retry-count : 3

proximity-cache-mask-length : 24

proximity-cache-mask-length6 : 64

proximity-detect-interval : 3

proximity-cache-aging-period : 86400

persistence-mask-length : 24

persistence-mask-length6 : 64

persistence-timeout : 60

FortiADC-docs (setting) # set persistence-mask-length 24

FortiADC-docs (setting) # set persistence-mask-length6 64

FortiADC-docs (setting) # set persistence-timeout 60

FortiADC-docs (setting) # end