config global-load-balance servers
Use this command to configure global load balance servers.
In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) that are to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that are possible to include in the GLB virtual server pool.
Figure 1 illustrates configuration discovery. You use the execute discovery-glb-virtual-server command to populate the virtual-server-list configuration. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.
Before you begin:
- You must have created the data center configuration objects that are associated with the local SLB.
- You must have created virtual server configurations on the local FortiADC SLB so that you can use execute discovery-glb-virtual-server command to discover them.
- You must have created an SDN connector configuration.
Note: Currently, the SDN Connector option only supports AWS Connectors - You must have read-write permission for global load balancing settings.
After you have created a server configuration object, you can specify it the global load balancing virtual server pool configuration.
Syntax
config global-load-balance servers
edit <name>
set server-type {FortiADC-SLB|Generic-Host|SDN-Connector}
set auth-type {none|TCP_MD5SIG|auth_verify}
set auth-key <string>
set user-defined-certificate {enable|disable}
set cert <datasource>
set address-type {ipv4|ipv6}
set ip <ip&netmask>
set ip6 <ipv6&netmask>
set port <integer>
set sdn-connector <datasource>
set use-sdn-private-ip {enable|disable}
set data-center <datasource>
set auto-sync {enable|disable}
set health-check-ctrl {enable|disable}
set health-check-relation {AND|OR}
set health-check-list <datasource> <datasource> ...
config virtual-server-list
edit <name>
set address-type {ipv4|ipv6}
set ip <ip&netmask>
set ip6 <ipv6&netmask>
set gateway <string>
set instance <datasource>
set health-check-inherit {enable|disable}
set health-check-ctrl {enable|disable}
set health-check-list <datasource> <datasource> ...
set health-check-relation {AND|OR}
next
end
next
end
server-type |
Select the remote server to use for global server load balancing:
|
auth-type |
The auth-type option is available if server-type is FortiADC-SLB. Select the authentication type:
|
auth-key |
The auth-key option is available if server-type is FortiADC-SLB and auth-type is TCP_MD5SIG. Enter the password to authenticate the key. The password you enter here must match the password configured on the FortiADC appliance in a global sever load-balancing configuration. |
user-defined-certificate |
The user-defined-certificate option is available if Type is FortiADC SLB. Enable to use a self-defined certificate for authentication. |
cert |
The cert option is available if server-type is FortiADC-SLB and user-defined-certificate is enabled. Select the local certificate object to use for the GSLB server. |
address-type |
The address-type option is available if server-type is FortiADC-SLB. IPv4 or IPv6. |
ip/ip6 |
The ip or ip6 option is available if server-type is FortiADC-SLB. Specify the IPv4 or IPv6 address for the FortiADC management interface. This IP address is used for synchronization and also status checks. If the management interface is unreachable, the virtual servers for that FortiADC are excluded from DNS responses. |
port |
The port option is available if server-type is FortiADC-SLB. Specify the port. Default: 5858 Range: 1-65535. |
sdn-connector |
The sdn-connector option is available if server-type is SDN-Connector. Select the SDN Connector to synchronize to the GSLB server. |
use-sdn-private-ip |
The use-sdn-private-ip option is available if server-type is SDN-Connector. Enable to use the SDN Private IP address. |
data-center |
Select a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests. |
auto-sync |
Enable/disable automatic synchronization with the remote server. When enabled, Global load balancing will synchronize automatically with the server member. If auto-sync is enabled for SDN Connector type servers, all instances from the SDN connector will be added as server members. Note: When disabling auto-sync, the server member will be cleared and re-synced. |
health-check-ctrl |
The health-check-ctrl option is available if server-type is Generic-Host or SDN-Connector. Enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration. Note: Health checking is built-in, and you can optionally configure a gateway health check. |
health-check-relation |
The health-check-relation option is available if server-type is Generic-Host or SDN-Connector, and health-check-ctrl is enabled.
|
health-check-list |
The health-check-list option is available if server-type is Generic-Host or SDN-Connector, and health-check-ctrl is enabled. Select one or more health check configuration objects. |
config virtual-server-list |
|
When servers are FortiADC servers, use execute discovery-glb-virtual-server to populate the basic virtual-server-list configuration. After it has been populated, you can add a gateway health check. (optional). |
|
<name> |
Must match the virtual server configuration name on the local FortiADC. |
address-type |
The address-type option is available if server-type is FortiADC-SLB. IPv4 or IPv6. |
ip/ip6 |
The ip or ip6 option is available if server-type is FortiADC-SLB. Virtual server IPv4 or IPv6 address. |
gateway |
The gateway option is available if server-type is FortiADC-SLB. Specify a gateway to enable an additional health check: is the gateway beyond the FortiADC reachable? Specify a string that matches the configuration name of a link load balancing gateway. |
instance |
The instance option is available if server-type is SDN-Connector. Select an instance from the SDN's instance list. |
health-check-inherit |
The health-check-inherit is available if server-type is Generic-Host or SDN-Connector. Enable to inherit the health check settings from the parent configuration. The Health Check Inherit option is enabled by default. Disable to specify health check settings in this member configuration. |
health-check-ctrl |
The health-check-ctrl is available if server-type is Generic-Host or SDN-Connector, and health-check-inherit is disabled. Enable health checking for the virtual server. |
health-check-list |
The health-check-list is available if server-type is Generic-Host or SDN-Connector, and health-check-inherit is disabled. Specify one or more health check configuration objects. |
health-check-relation |
The health-check-relation is available if server-type is Generic-Host or SDN-Connector, and health-check-inherit is disabled.
|
Example
FortiADC-VM # config global-load-balance servers
FortiADC-VM (servers) # edit FortiADC-2
FortiADC-VM (FortiADC-2) # set sync-status enable
FortiADC-VM (FortiADC-2) # auth-type TCP_MDFSIG
FortiADC-VM (FortiADC-2) # set auth-key ENC QVhOH9Wvq6q4BP2sqQMNJ6FDWWYcZA6THCj/sHFGHtAb6qO5nqy1SJ9PpEpc+yk/j8XWfXeORT8DsF8KDBhDL9K5Ms9sXs1y8gUQbtFnCIHKwIpf
FortiADC-VM (FortiADC-2) # set data-center United_States
FortiADC-VM (FortiADC-2) # set auto-sync enable
FortiADC-VM (FortiADC-2) # set ip 172.30.144.100
FortiADC-VM (FortiADC-2) # set server-type FortiADC-SLB
FortiADC-VM (FortiADC-2) # show
config global-load-balance servers
edit "FortiADC-2"
set ip 172.30.144.100
set data-center United_States
config virtual-server-list
end
next
end
FortiADC-VM (FortiADC-2) # end
FortiADC-VM # execute discovery-glb-virtual-server server FortiADC-2
FortiADC-VM # show global-load-balance servers FortiADC-2
config global-load-balance servers
edit "FortiADC-2"
set ip 172.30.144.100
set data-center United_States
config virtual-server-list
edit "mail_example_com"
set ip 192.0.2.2
set port 80
next
edit "www_example_com"
set ip 192.0.2.1
set port 811
next
end
next
end
FortiADC-VM # config global-load-balance servers
FortiADC-VM (servers) # edit FortiADC-2
FortiADC-VM (FortiADC-2) # config virtual-server-list
FortiADC-VM (virtual-server~l) # show
config virtual-server-list
edit "mail_example_com"
set ip 192.0.2.2
set port 80
next
edit "www_example_com"
set ip 192.0.2.1
set port 811
next
end
FortiADC-VM (virtual-server~l) # edit www_example_com
FortiADC-VM (www_example_com) # set gateway US-ISP1
FortiADC-VM (www_example_com) # end
FortiADC-VM (FortiADC-2) # end