3-DNS® Administrator Guide version 4.
Product Version This manual applies to version 4.5 of 3-DNS® Controller. Legal Notices Copyright Information in this document is subject to change without notice. © 2002 Dell Computer Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of Dell Computer Corporation is strictly forbidden. Trademarks used in this text: Dell and PowerEdge are trademarks of Dell Computer Corporation.
Standards Compliance The product conforms to ANSI/UL Std 1950 and Certified to CAN/CSA Std. C22.2 No. 950. Acknowledgments This product includes software developed by the University of California, Berkeley and its contributors. This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory. This product includes software developed by the NetBSD Foundation, Inc. and its contributors. This product includes software developed by Christopher G.
This product includes Malloc library software developed by Mark Moraes. (© 1988, 1989, 1993, University of Toronto). This product includes open SSL software developed by Eric Young (eay@cryptsoft.com), (© 1995-1998). This product includes open SSH software developed by Tatu Ylonen (ylo@cs.hut.fi), Espoo, Finland (© 1995). This product includes open SSH software developed by Niels Provos (© 1999). This product includes SSH software developed by Mindbright Technology AB, Stockholm, Sweden, www.mindbright.
iv
Table of Contents
Table of Contents 1 Introduction IMPORTANT HARDWARE INFORMATION ............................................................ 1-1 Getting started ................................................................................................................. 1-1 Choosing a configuration tool ................................................................................ 1-2 Browser support ......................................................................................................
Table of Contents Setting the interface media type ............................................................................. 3-7 Configuring VLANs and IP addresses ................................................................... 3-7 Configuring a default gateway pool ....................................................................... 3-8 Configuring remote web server access ................................................................... 3-8 Configuring remote administrative access ..........
Table of Contents 6 Configuring a Globally-Distributed Network Understanding a globally-distributed network ............................................................... 6-1 Using Topology load balancing ...................................................................................... 6-2 Setting up a globally-distributed network configuration ................................................ 6-2 Adding data centers to the globally-distributed network configuration .................
Table of Contents Running the 3dns_add script ........................................................................................ 10-4 Verifying the configuration ..........................................................................................
1 Introduction • IMPORTANT HARDWARE INFORMATION • Getting started • Using the Administrator Kit • What is the 3-DNS Controller? • What’s new in version 4.
Introduction IMPORTANT HARDWARE INFORMATION References to hardware and upgrades contained in this document are specific to F5 Networks hardware products. For information concerning the initial deployment of your system, see the Deployment Guide that was shipped with your system. For in-depth Dell-specific hardware information, see the server documentation that is provided on the Resource CD and that shipped with your system if you ordered printed documentation.
Chapter 1 ◆ Working with Global Availability Load Balancing This chapter describes the components of the Global Availability load balancing mode. ◆ Adding a 3-DNS Controller to an Existing Network This chapter describes the tasks you complete to configure an additional 3-DNS Controller in a network that already contains one or more 3-DNS Controllers.
Introduction Please note that your license allows you to manage a maximum of 100 IP addresses in the NameSurfer application. For more information, refer to the end-user license agreement included in your product shipment. 3-DNS Maintenance menu The 3-DNS Maintenance menu is a command line utility that runs scripts which assist you in configuration and administrative tasks, such as installing the latest version of the big3d agent on all your systems, or setting up encrypted communications in the network.
Chapter 1 ◆ 3-DNS Reference Guide The 3-DNS Reference Guide provides basic descriptions of individual 3-DNS objects, such as wide IPs, pools, virtual servers, load balancing modes, the big3d agent, resource records, and production rules. It also provides syntax information for 3dnsmaint commands, configuration utilities, the wideip.conf file, and system utilities.
Introduction Identifying command syntax We show actual, complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command sets the 3-DNS Controller load balancing mode to Round Robin: lb_mode rr Table 1.1 explains additional special conventions used in command line syntax.
Chapter 1 • Set up load balancing among BIG-IP systems, EDGE-FX Caches, and other load-balancing hosts • Monitor real-time network conditions Internet protocol and network management support The 3-DNS Controller supports both the standard DNS protocol and the 3-DNS iQuery protocol (a protocol used for collecting dynamic load balancing information).
Introduction Controller supports a variety of media options, including Fast Ethernet, and Gigabit Ethernet; the 3-DNS Controller also supports multiple network interface cards that can provide redundant or alternate paths to the network. Note If you use NameSurfer to manage your DNS zone files, you can configure only up to 100 IP addresses and domain names.
Chapter 1 The 3-DNS Controller actually supports two methods of checking the status of the peer system in a redundant system: ◆ Hardware-based fail-over In a redundant system that has been set up with hardware-based fail-over, the two units in the system are connected to each other directly using a fail-over cable attached to the serial ports. The standby unit checks on the status of the active unit once every second using this serial link.
Introduction Once the 3-DNS Controller returns a DNS answer to an LDNS, the conversation between the LDNS and the 3-DNS Controller ends, and the client connects to the IP address returned by the 3-DNS Controller. Unlike the 3-DNS Controller, the BIG-IP system sits between the client and the content servers. It manages the client’s entire conversation with the content server. What’s new in version 4.5 The 3-DNS Controller, version 4.
Chapter 1 Expanded statistics The statistics screens on the 3-DNS Controller have been enhanced and expanded. You can now view statistics for the following objects: • The Detailed Wide IP Statistics screen, available from the Wide IP Statistics screen, now displays information about virtual servers in the context of the wide IP pools of which they are members. • The Link Statistics screen displays information about any router links you have configured.
Introduction Finding help and technical support resources You can find additional technical documentation about the 3-DNS Controller in the following locations: ◆ Release notes Release notes for the 3-DNS Controller are available from the home screen of the Configuration utility. The release note contains the latest information for the current version, including a list of new features and enhancements, a list of fixes, and a list of known issues.
Chapter 1 1 - 12
2 Planning the 3-DNS Configuration • Managing traffic on a global network • Planning issues for the network setup • Choosing the 3-DNS mode • Planning issues for the load balancing configuration • Using advanced traffic control features
Planning the 3-DNS Configuration Managing traffic on a global network 3-DNS® Administrator Guide 2-1
Chapter 2 Figure 2.1 A sample network layout showing data paths Synchronizing configurations and broadcasting performance metrics 3-DNS Controllers typically work in sync groups, where a group of controllers shares load balancing configuration settings. In a sync group, any system that has new configuration changes can broadcast the changes to any other system in the sync group, allowing for easy administrative maintenance.
Planning the 3-DNS Configuration the big3d agents collect the data, they each broadcast the collected data to all systems in the network, again allowing for simple and reliable metrics distribution. Using a 3-DNS Controller as a standard DNS server When a client requests a DNS resolution for a domain name, an LDNS sends the request to one of the 3-DNS Controllers that is authoritative for the zone.
Chapter 2 Figure 2.2 illustrates the specific steps in the name resolution process. 1. The client connects to an Internet Service Provider (ISP) and queries the local DNS server to resolve the domain name www.siterequest.com. 2. If the information is not already in the LDNS server’s cache, the local DNS server queries a root server (such as InterNIC’s root servers). The root server returns the IP address of the DNS systems associated with www.siterequest.
Planning the 3-DNS Configuration ◆ EDGE-FX systems An EDGE-FX virtual server maps to cached content that gets refreshed at frequent intervals. ◆ Generic host A host virtual server can be an IP address or an IP alias that hosts the content. ◆ Other load balancing hosts Other load balancing hosts map virtual servers to a series of content hosts. Figure 2.3 illustrates the hierarchy of how the 3-DNS Controller manages virtual servers. Figure 2.
Chapter 2 Planning issues for the network setup After you finish running the Setup utility, and connect each system to the network, you can set up the network and load balancing configuration on one 3-DNS Controller, and let the sync group feature automatically broadcast the configuration to the other 3-DNS Controllers in the network.
Planning the 3-DNS Configuration can only be configured using the Setup utility or its components. (To make changes to other base network components, such as domain names, default routes, and certificate information, refer to Chapter 3, Using the Setup Utility, which describes the Setup utility and its various components.) A 3-DNS usually has two network interfaces. Each active interface must be configured with a VLAN membership, and each VLAN must have a self IP address.
Chapter 2 group receive broadcasts of metrics data from the big3d agents. All members of the sync group also receive broadcasts of updated configuration settings from the 3-DNS Controller that has the latest configuration changes. When you define the sync group, you select the sync group members from the list of 3-DNS Controllers you have already defined. The sync group lists the 3-DNS Controllers in the order in which you selected them.
Planning the 3-DNS Configuration ◆ 3-DNS Controllers communicating with other 3-DNS Controllers To allow 3-DNS Controllers to communicate with each other, you must set up ssh and scp utilities. ◆ 3-DNS Controllers communicating with BIG-IP systems and EDGE-FX systems To allow the 3-DNS Controller to communicate with BIG-IP systems and EDGE-FX systems, you address the same ssh issues.
Chapter 2 big3d agent, managing the factories, opening the UDP ports, and working with firewalls, review Chapter 5, Probing and Metrics Collection, in the 3-DNS Reference Guide. Choosing the 3-DNS mode The 3-DNS Controller can run in one of three modes: node, bridge, or router. The base network configuration changes depending on which mode you choose. The following sections describe the three modes and provide basic configuration examples.
Planning the 3-DNS Configuration Using the 3-DNS synchronization features If you use the advanced synchronization features of the 3-DNS Controller, we strongly recommend that you configure each 3-DNS Controller to run as authoritative for the domain. This type of configuration offers the following advantages: • You can change zone files on any one of the 3-DNS Controllers in the network and have those changes automatically broadcast to all of the other systems in the network.
3 Using the Setup Utility • Creating the initial software configuration with the Setup utility • Connecting to the 3-DNS Controller for the first time • Using the Setup utility for the first time • Running the Setup utility after creating the initial software configuration
Using the Setup Utility Creating the initial software configuration with the Setup utility Once you install and connect the hardware and obtain a license, the next step in the installation process is to turn the system on and run the Setup utility. The Setup utility defines the initial configuration settings required to install the 3-DNS Controller into the network. You can run the Setup utility remotely from a web browser, or from an SSH or Telnet client, or you can run it directly from the console.
Chapter 3 Connecting to the 3-DNS Controller for the first time The Setup utility prompts you to enter the same information, whether you run the utility from a web browser, or from the command line. If you run the utility from the console, no reboot is necessary; if you run the utility from the web, the unit reboots automatically; if you run the utility from an SSH client, we recommend that you reboot the unit after you complete the setup.
Using the Setup Utility To set up an IP alias for the alternate IP address The IP alias must be in the same network as the default IP address you want the 3-DNS Controller to use. For example, on a UNIX workstation, you might create one of the following aliases: ◆ 3-DNS® Administrator Guide If you want the unit to use the default IP address 192.168.1.
Chapter 3 4. On the Configuration Status screen, click Setup Utility. 5. Fill out each screen using the information from the Setup utility configuration list. After you complete the Setup utility, the 3-DNS Controller reboots and uses the new settings you defined. Note You can rerun the Setup utility from a web browser at any time by clicking the Setup utility link on the welcome screen.
Using the Setup Utility Note You can rerun the Setup utility at any time using the setup command. Using the Setup utility for the first time The following sections provide detailed information about the settings that you define in the Setup utility. Keyboard type Select the type of keyboard you want to use with the 3-DNS Controller.
Chapter 3 Host name The host name identifies the 3-DNS Controller itself. Host names must be fully qualified domain names (FQDNs). The host portion of the name must start with a letter, and must be at least two characters. The FQDN must be less than or equal to 256 characters, but not less than 1 character. Each label part of the name must be 63 characters or fewer. Only letters, numbers, and the characters underscore ( _ ), dash ( - ), and period ( . ) are allowed.
Using the Setup Utility Setting the interface media type Configure media settings for each interface. The media type options depend on the network interface card included in your hardware configuration. The Setup utility prompts you with the settings that apply to the interface installed in the unit. The 3-DNS Controller supports the following types: • auto • 10baseT • 10baseT, FDX • 100baseTX • 100baseTX, FDX • Gigabit Ethernet Note For best results, choose the auto setting.
Chapter 3 Note The IP address of the external VLAN is not the IP address of your site or sites. The IP addresses of the sites themselves are specified by the virtual IP addresses associated with each virtual server you configure. Assigning interfaces to VLANs After you configure the VLANs that you want to use on the 3-DNS Controller, you can assign interfaces to the VLANs.
Using the Setup Utility 3-DNS web server configuration also requires that you define a password for the admin user. If SSL is available, the configuration also generates authentication certificates. Note If the host name portion of the FQDN is greater than 64 characters, the 3-DNS software cannot use it for the web server FQDN. The Setup utility guides you through a series of screens to set up remote web access. • The first screen prompts you to select the VLAN you want to configure for web access.
Chapter 3 When the Setup utility prompts you to enter an IP address for administration, you can type a single IP address or a list of IP addresses, from which the 3-DNS Controller will accept administrative connections (either remote shell connections, or connections to the web server on the 3-DNS Controller). To specify a range of IP addresses, you can use the asterisk (*) as a wildcard character in the IP addresses. The following example allows remote administration from all hosts on the 192.168.2.
Using the Setup Utility Configuring the 3-DNS mode The 3-DNS Controller can run in three different modes: node, bridge, and router. ◆ Node mode The node mode is the traditional installation of the 3-DNS Controller. The 3-DNS Controller replaces a DNS server in a network and uses the DNS server’s IP address. All DNS traffic is directed at the 3-DNS Controller because it is registered with InterNIC as authoritative for the domain. In node mode, you usually run BIND on the system to manage DNS zone files.
Chapter 3 Using the local LDAP database only When you run the Setup utility, you are not required to configure an external LDAP or RADIUS database to manage user authentication. Instead, you can use the default authentication mechanism, which is the 3-DNS Controller’s local LDAP database. In this case, the local LDAP database manages not only authorization for your 3-DNS users, but also authentication.
Using the Setup Utility users. For detailed instructions on setting roles for users, see Managing user accounts, in Chapter 6, Administration and Monitoring, in the 3-DNS Reference Guide. Configuring external RADIUS authentication When you configure the unit to use an external RADIUS server for user authentication you need the following information: • The IP address of the RADIUS server, or the IP address of the primary server and secondary server if you have more than one RADIUS server.
Chapter 3 2. Edit the zone file information as required. For help with the NameSurfer application, click Help in the NameSurfer navigation pane. Note Remember that if you run the 3-DNS Controller in bridge or router mode, the system is not authoritative for any domains, so the NameSurfer application is not available to manage any zone files.
Using the Setup Utility • Configure Telnet • Set time zone • Remote authentication • License activation • Configure remote access (for configuration synchronization) • Set support access lqq I N I T I A L S E T U P M E N U qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x Choose the desired configuration function from the list below.
Chapter 3 want to embed as objects in the portal object reference. Typically, in a redundant system, this list includes the fail-over IP address of the other 3-DNS unit in the redundant system. This option prompts you to set the portal to use IP addresses instead of DNS names. If the portal is set to use IP addresses, the 3-DNS Controller does not have to do a DNS lookup. In addition to these settings, you can change the following iControl portal settings: • The security mode of the portal.
Using the Setup Utility If the service port for FTP is closed, this utility opens the service port to permit FTP connections to the 3-DNS Controller. Although you can configure FTP and Telnet on a 3-DNS Controller, we recommend that you leave these services disabled, for security reasons.
Chapter 3 3 - 18
4 Post-Setup Tasks • Introduction • Configuring the interfaces • Working with VLANs • Configuring a self IP address
Post-Setup Tasks Introduction Setting up the base network for the 3-DNS Controller means configuring elements such as the 3-DNS Controller host name, a default gateway pool, interface media settings, and VLANs and self IP addresses. Configuration tasks for the BIG-IP base network are performed using the Setup utility. For information on using the Setup utility, see Chapter 3, Using the Setup Utility.
Chapter 4 Configuring the interfaces Typically, a 3-DNS Controller has two network interfaces. The following sections describe the naming convention, displaying the status, setting the media type, and setting the duplex mode for the interfaces in the 3-DNS Controller. Understanding the interface naming convention By convention, the Ethernet interfaces on a 3-DNS Controller take the name .
where s is the slot number of the NIC, and p is the port number on the NIC.
Post-Setup Tasks Setting the media type You can set the media type for the interface card either to the specific media type or to auto for auto detection. If the media type is set to auto and the card does not support auto detection, the default type for that interface is used, for example 100BaseTX. Use the following syntax to set the media type: b interface media | auto (Default media type is auto.
Chapter 4 Working with VLANs A VLAN is a grouping of separate 3-DNS Controller networks that allows those networks to behave as if they were a single local area network, whether or not there is a direct ethernet connection between them. The 3-DNS Controller offers several options that you can configure for a VLAN. These options are summarized in Table 4.1. Option Description Create a default VLAN configuration You can use the Setup utility to create a default VLAN configuration.
Post-Setup Tasks Figure 4.3 Simple VLAN configuration for a 3-DNS Controller VLAN flexibility is such that separate IP networks can belong to a single VLAN, while a single IP network can be split among multiple VLANs. (The latter case allows the 3-DNS Controller to be inserted into an existing LAN without renaming the nodes.) The VLANs named external and internal are separate networks, and in the configuration shown they behave like separate networks.
Chapter 4 To rename or delete a VLAN using the Configuration utility 1. In the navigation pane, click Network. The VLANs screen opens. 2. In the VLANs screen, use one of the following options: • To rename a VLAN, click the VLAN name you want to change. The VLAN properties screen opens. Type the new name in the VLAN name box. • To delete a VLAN, click the Delete button for the VLAN you want to delete. 3. Click Done.
Post-Setup Tasks Configuring packet access to VLANs The 3-DNS Controller supports two methods for sending and receiving packets through an interface that is a member of one or more VLANs. These two methods are: ◆ Port-based access to VLANs Packets are accepted for a VLAN because the packets have no tags in their headers and were received on an interface that is a member of a VLAN. With this method, an interface is configured as an untagged member of the VLAN.
Chapter 4 Each time you add an interface to a VLAN, either when creating a VLAN or modifying its properties, you can designate that interface as a tagged interface. A single interface can therefore have multiple tags associated with it. The result is that whenever a packet comes into that interface, the interface reads the tag that is embedded in a header of the packet. If the tag in the packet matches any of the tags associated with the interface, the interface accepts the packet.
Post-Setup Tasks To configure tag-based access on an existing VLAN using the Configuration utility Configuring tag-based access on an existing VLAN means changing the existing status of one or more member interfaces from untagged to tagged. 1. In the navigation pane, click Network. The VLAN screen opens. 2. Click the VLAN name in the list. The properties screen for that VLAN opens. 3. In the Resources box, move any untagged interfaces from the Current Interfaces list to the Interface Number list. 4.
Chapter 4 To enable or disable port lockdown using the Configuration utility 1. In the navigation pane, click Network. The VLAN screen opens. 2. Click the VLAN name in the list. The properties screen for that VLAN opens. 3. To enable port lockdown, click a check in the Port Lockdown box. To disable port lockdown, clear the Port Lockdown check box. 4. Click Done.
Post-Setup Tasks To set the fail-over timeout and arm the fail-safe from the command line Using the vlan command, you may set the timeout period and also arm or disarm the fail-safe.
Chapter 4 Find the MAC address on both the active and standby units, and pick one that is similar but unique. A safe technique for selecting the shared MAC address follows. Suppose you want to set up mac_masq on the external interfaces. Using the b interface show command on the active and standby units, you note that their MAC addresses are: Active: 3.1 = 0:0:0:ac:4c:a2 Standby: 3.1 = 0:0:0:ad:4d:f3 In order to avoid packet collisions, you now must choose a unique MAC address.
Post-Setup Tasks 3. Click the Add button. 4. In the IP Address box, type the self IP address to be assigned. 5. In the Netmask box, type an optional netmask. 6. In the Broadcast box, type an optional broadcast address. 7. If you want to configure the self IP address as a floating address, check the Floating box. 8. If you want to enable the address for SNAT auto-mapping, check the SNAT Automap box. 9. In the VLAN box, type the name of the VLAN to which you want to assign the self IP address. 10.
Chapter 4 4 - 14
5 Essential Configuration Tasks • Reviewing the configuration tasks • Setting up a basic configuration • Setting up a data center • Setting up servers • Working with sync groups • Overview of auto-configuration • Configuring global variables
Essential Configuration Tasks Reviewing the configuration tasks Once you have completed the Setup utility, you set up the network and load balancing aspects of the 3-DNS Controller. The 3-DNS Controller has three essential configuration tasks that all users must complete, regardless of the chosen load balancing solution.
Chapter 5 Setting up a basic configuration Each 3-DNS Controller in the network setup must have information regarding which data center houses specific servers, and with which other 3-DNS Controllers it can share configuration and load balancing information. A basic network setup includes data centers, servers, and one sync group. Once you have the basic network components configured on your 3-DNS Controller, you can set up the wide IPs you need for managing your load balancing.
Essential Configuration Tasks domain name to a pool of virtual servers, and it specifies the load balancing modes that the 3-DNS Controller uses to choose a virtual server from the pool. When a local DNS server requests a connection to a specific domain name, the wide IP definition specifies which virtual servers are eligible to answer the request, and which load balancing modes to use in choosing a virtual server to resolve the request.
Chapter 5 Figure 5.1 Example of a multiple data center setup When you add servers to the network setup, you assign the servers to the appropriate data centers. To configure a data center using the Configuration utility 1. In the navigation pane, click Data Centers. 2. On the toolbar, click Add Data Center. The Add New Data Center screen opens. 3. Add the new data center settings. For help on defining data centers, click Help on the toolbar. The data center is added to your configuration. 4.
Essential Configuration Tasks Setting up servers There are five types of servers you can configure on a 3-DNS Controller: 3-DNS Controllers, BIG-IP systems, EDGE-FX systems, hosts, and routers. At the minimum, your network includes one 3-DNS Controller, and at least one server (BIG-IP system, EDGE-FX system, or host) that it manages. This section describes how to set up each server type (3-DNS Controller, BIG-IP system, EDGE-FX system, host, and router) that makes up your network.
Chapter 5
Essential Configuration Tasks To add virtual servers using the Configuration utility 1. In the navigation pane, expand the Servers item, and then click BIG-IP. 2. In the table, find the BIG-IP system that you just added. 3. Click the entry in its BIG-IP Virtual Servers column. 4. On the toolbar, click Add Virtual Server. The Add Virtual Server to BIG-IP screen opens. 5. Add the new virtual server settings. For help on adding virtual servers, click Help on the toolbar.
Chapter 5 5. Add the rest of the settings as needed. Note: When you have finished defining the BIG-IP system, you can add the 3-DNS Controller module to the configuration. 6. In the navigation pane, expand the Servers item, and then click 3-DNS. The 3-DNS List screen opens. 7. On the toolbar, click Add 3-DNS. The Add 3-DNS screen opens. 8. In the 3-DNS Name box, type combo.siterequest.net. 9. In the 3-DNS IP Address box, type 192.168.100.100. 10. Add the rest of the settings as needed.
Essential Configuration Tasks 3. Add the new router settings. For help on defining a router, click Help on the toolbar. Note For details on how to configure a router from the command line, refer to Appendix A, 3-DNS Configuration File, in the 3-DNS Reference Guide. Defining EDGE-FX systems An EDGE-FX system can be either an EDGE-FX Cache, or a GLOBAL-SITE Controller.
Chapter 5 If you do not turn on Discovery when you add the EDGE-FX system to the configuration, then use the following procedure to add virtual servers to the EDGE-FX definition in the configuration. To add virtual servers using the Configuration utility 1. In the navigation pane, click Servers, then click EDGE-FX. 2. In the table, find the EDGE-FX system that you just added. 3. Click the entry in its EDGE-FX Virtual Servers column. 4. On the toolbar, click Add Virtual Server.
Essential Configuration Tasks Important Auto-configuration automatically collects the virtual server configuration information for any load-balancing hosts you may have in your network (with the exception of Cisco® LocalDirectors). For more information about auto-configuration, see Overview of auto-configuration, on page 5-15. To define a host using the Configuration utility 1. In the navigation pane, expand the Servers item, and then click Host. 2. On the toolbar, click Add Host.
Chapter 5 Configuring host SNMP settings After defining a host server, you need to configure its SNMP settings if you want to use SNMP host probing. Remember that you must first set up at least one SNMP probing factory on any 3-DNS Controller, BIG-IP system, EDGE-FX Cache, or GLOBAL-SITE Controller that runs the big3d agent and is in the same data center as the host. The SNMP prober collects some or all of the following information from hosts.
Essential Configuration Tasks Viewing host performance metrics The Configuration utility displays the host metrics in the Host Statistics screen. The 3-DNS Controller bases the advanced load balancing decisions on packet rate, kilobytes per second, and current connections metrics, but the Host Statistics screen displays the other metrics as well, for information purposes.
Chapter 5 To define a sync group using the Configuration utility 1. In the navigation pane, click 3-DNS Sync. The System - Add a New Sync Group screen opens. 2. In the New Sync Group Name box, type the name of the new sync group and click Add. The Add a 3-DNS to a Sync Group screen opens. 3. From the list of 3-DNS Controllers, first select the 3-DNS Controller that you want to be the principal system. Then check the box next to each 3-DNS Controller that you want to add to the sync group. 4. Click Add.
Essential Configuration Tasks 4. Save and close the file. 5. Commit the changes to the configuration by typing: 3ndc reload Overview of auto-configuration The 3-DNS Controller automatically retrieves configuration details from BIG-IP systems, hosts, and other 3-DNS Controllers that you add to the 3-DNS configuration. This process is known as auto-configuration. Auto-configuration queries BIG-IP systems for their configuration information, including self IP addresses and virtual servers.
Chapter 5 host systems in the network. Instead, you must make all changes to the configuration either by using the Configuration utility, or by editing the wideip.conf file. Note that this is the default setting. Note In the Configuration utility, auto-configuration is labeled Discovery. To modify the auto-configuration setting for a BIG-IP system using the Configuration utility 1. In the navigation pane, expand the Servers item, and then click BIG-IP. The BIG-IP List screen opens. 2.
Essential Configuration Tasks 3. In the Discovery box, select one of the following settings: ON, ON/NO DELETE, or OFF. 4. Click Update. The configuration updates with the new setting. Configuring global variables The global variables determine the default settings for iQuery messages, synchronization, encryption, and default load balancing parameters. The default values for the global variables are sufficient for most load balancing situations.
Chapter 5 5 - 18
6 Configuring a Globally-Distributed Network • Understanding a globally-distributed network • Using Topology load balancing • Setting up a globally-distributed network configuration • Additional configuration settings and tools
Configuring a Globally-Distributed Network Understanding a globally-distributed network When you are familiar with your traffic patterns and are expanding into a global marketplace, you can use the 3-DNS Controller to distribute requests in an efficient and seamless manner using Topology load balancing. When you use Topology load balancing, the 3-DNS Controller compares the location information derived from the DNS query message to the topology records in the topology statement.
Chapter 6 Using Topology load balancing The Topology load balancing mode is optimal for organizations that have data centers in more than one country or on more than one continent. The 3-DNS Controller enables topology-based load balancing by resolving DNS requests to the geographically closest server. The traditional topology load balancing mode, which provides basic topology mapping functionality, uses IP subnets of virtual servers and known LDNS servers.
Configuring a Globally-Distributed Network Adding data centers to the globally-distributed network configuration The first task you perform is to add your data centers to the 3-DNS configuration. To add data centers using the Configuration utility 1. In the navigation pane, click Data Centers. The Data Centers screen opens. 2. Click Add Data Center on the toolbar. The Add Data Centers screen opens. 3. Add your data center information.
Chapter 6 2. Click Add 3-DNS on the toolbar. The Add New 3-DNS screen opens. For information and help on the specific settings on any screen in the Configuration utility, click Help on the toolbar. 3. Add the 3-DNS Controller information. 4. Repeat the previous steps to add any additional 3-DNS Controllers to the configuration. Configuration notes For the globally-distributed network configuration shown in Figure 6.
Configuring a Globally-Distributed Network 7. Once you have configured your first BIG-IP system, you can repeat the previous steps to add all of the additional BIG-IP systems to the 3-DNS configuration. Tip For information and help on the specific settings on any screen in the Configuration utility, click Help on the toolbar.
Chapter 6 Configuration notes For the globally-distributed network configuration shown in Figure 6.1, on page 6-1, we have set up one wide IP, labeled www.siterequest.com, and we added two pools to the wide IP, americas_pool and europe_pool. When you configure the topology records, as explained in the next section, we designate these two pools to process the load balancing requests based on the geographic location of the local DNS server or client making the request.
Configuring a Globally-Distributed Network With this topology statement, in our example configuration, queries to resolve www.siterequest.com from local DNS servers somewhere in North America get responses from virtual servers in the pool americas_pool. All other queries to resolve www.siterequest.com get responses from virtual servers in the pool europe_pool. Additional configuration settings and tools The following optional settings and tools can help you refine your load balancing configuration.
Chapter 6 Other resources In addition to setting limits, the 3-DNS Controller provides the following resources to help you maintain your configuration and monitor system performance. Monitoring system performance The Statistics screens in the Configuration utility provide a great deal of information about the 3-DNS Control56.2.
7 Configuring a Content Delivery Network • Introducing the content delivery network • Deciding to use a CDN provider • Setting up a CDN provider configuration • Ensuring resource availability • Monitoring the configuration
Configuring a Content Delivery Network Introducing the content delivery network A content delivery network (CDN) is a network of clusters that includes devices designed and configured to maximize the speed at which a content provider's content is delivered. The purpose and goal of a content delivery network is to cache content closer, in Internet terms, to the user than the origin site is.
Chapter 7 Reviewing a sample CDN configuration The two following diagrams illustrate how DNS query resolutions for content delivery networks are processed by the 3-DNS Controller. In the example, the content provider for www.download.siterequest.com has two data centers, one in San Jose, California (see Figure 7.1), and one in Washington, DC (see Figure 7.2 on page 7-3).
Configuring a Content Delivery Network CDN provider (2C). The CDN provider’s DNS server responds with the IP address of the best virtual server for resolution among those in the CDN (2D). The CDN provider’s cache servers resolve to the origin site virtual servers for cache refreshes using a different domain name (origin.download.siterequest.com). Figure 7.
Chapter 7 Deciding to use a CDN provider The 3-DNS Controller is well-suited to serve as the wide-area traffic manager (WATM) for CDNs that have many of the following attributes: 7-4 ◆ The CDN provider has a global presence around the edge of the Internet. ◆ The CDN provider outsources a content delivery infrastructure to content providers.
Configuring a Content Delivery Network Setting up a CDN provider configuration The following sections describe the specific tasks you perform to set up a CDN provider configuration, as shown in the example configuration on page 7-2.
Chapter 7 Configuration note Please note that when you are working with more than one 3-DNS Controller, you create your entire configuration on one system and then add the second system using the 3dns_add script. The 3dns_add script copies the entire configuration from the first system onto the second system, and synchronizes all of the settings.
Configuring a Content Delivery Network c) In the Load Balancing Modes, Preferred list, select Round Trip Time. d) In the Load Balancing Modes, Alternate list, select Packet Rate. e) In the Load Balancing Modes, Fallback list, select Round Robin. f) Accept the defaults for the rest of the settings and click Next. The Select Virtual Servers screen opens. 6. In the Select Virtual Servers screen, check the virtual servers among which you want the 3-DNS Controller to load balance DNS requests, and click Finish.
Chapter 7 You have now set up the load balancing and delegation pools for your domain. The last required configuration step is to create a topology statement. Adding a topology statement The topology statement contains the topology records that the 3-DNS Controller uses to load balance DNS queries from geographically dispersed local DNS servers. The following procedure describes how to set up a topology statement, with two topology records, for our example.
Configuring a Content Delivery Network Now you have created a topology statement for your CDN, and the 3-DNS Controller can successfully load balance DNS queries based on the location information derived from the DNS query message. For our example, using the topology statement you just created, the 3-DNS Controller would direct queries for www.download.siterequest.com that originated in North America to the origin pool for resolution.
Chapter 7 Monitoring the configuration The following resources can help you monitor your configuration and troubleshoot problems. 7 - 10 ◆ You can view performance metrics, limit settings, and other details about your data centers, servers, virtual servers, wide IPs, and pools in the Statistics screens in the Configuration utility. For more information on specific Statistics screens, click Help on the toolbar. ◆ You can view your configuration using the Network Map in the Configuration utility.
8 Working with Quality of Service • Overview of Quality of Service • Understanding QOS coefficients • Customizing the QOS equation • Using the Dynamic Ratio option
Working with Quality of Service Overview of Quality of Service The Quality of Service mode is a dynamic load balancing mode that includes a configurable combination of the Round Trip Time (RTT), Completion Rate, Packet Rate, Topology, Hops, Link Capacity, VS Capacity, and Kilobytes/Second (KBPS) modes. The Quality of Service mode is based on an equation that takes each of these performance factors into account.
Chapter 8 Understanding QOS coefficients Table 8.1 lists each Quality of Service (QOS) coefficient, its scale, a likely upper limit for each, and whether a higher or lower value is more efficient.
Working with Quality of Service • Emphasis You can adjust coefficients to emphasize one normalized metric over another. For example, by changing the coefficients to the values shown in Figure 8.1, you are putting the most emphasis on completion rate. globals { qos_coeff_rtt 50 qos_coeff_completion_rate 100 qos_coeff_packet_rate 1 qos_coeff_topology 0 qos_coeff_hops 0 qos_coeff_lcs qos_coeff_vs_capacity 0 qos_coeff_kbps 0 } Figure 8.
Chapter 8 To modify QOS coefficients for a specific wide IP using the Configuration utility 1. In the navigation pane, click Wide IPs. 2. In the Wide IP column, click a wide IP name. The Modify Wide IP screen opens. 3. On the toolbar, click Modify Pool. The Modify Wide IP Pools screen opens. 4. In the Pool Name column, click the name of a pool. The Modify Load Balancing screen opens. 5.
Working with Quality of Service To assign QOS coefficients for a specific wide IP from the command line 1. Type the following command to ensure that the configuration files contain the same information as the memory cache. 3ndc dumpdb 2. Open the wideip.conf file in a text editor (either vi or pico). 3. Locate or add the globals statement. The globals statement should be at the top of the file. 4. Refer to the example syntax shown in Figure 8.3 to define a wide IP’s QOS equation. Figure 8.
Chapter 8 Using the Dynamic Ratio option When the Dynamic Ratio option is turned on, the 3-DNS Controller treats QOS scores as ratios, and it uses each server in proportion to the ratio determined by the QOS calculation. When the Dynamic Ratio option is turned off (the default), the 3-DNS Controller uses only the server with the highest QOS score for load balancing, (in which case it is a winner-takes-all situation) until the metrics information is refreshed.
Working with Quality of Service 6.
Chapter 8 8-8
9 Working with Global Availability Load Balancing • Overview of the Global Availability load balancing mode • Configuring the Global Availability mode
Working with Global Availability Load Balancing Overview of the Global Availability load balancing mode You can use the Global Availability mode in one of two ways: either to load balance among wide IP pools, or to load balance within a wide IP pool. When you use the Global Availability mode to load balance among pools, the 3-DNS Controller continually sends requests to the first pool in the wide IP.
Chapter 9 Figure 9.1 shows the 3-DNS Controller using the Global Availability load balancing mode. Figure 9.
Working with Global Availability Load Balancing Configuring the Global Availability mode The following sections describe how to configure the Global Availability load balancing mode to load balance among pools and to load balance within a pool. To configure the Global Availability load balancing mode among pools using the Configuration utility 1. In the navigation pane, click Wide IPs. 2. In the Wide IP column, click a wide IP name. The Modify Wide IP screen opens. 3.
Chapter 9 3. On the toolbar, click Modify Pool. The Modify Wide IP Pools screen opens. 4. In the Pool Name column, click the name of a pool. The Modify Load Balancing screen opens. 5. Select Global Availability as the Preferred, Alternate, or Fallback load balancing mode. 6. Click Update. 7. A popup screen appears, indicating that with the Global Availability load balancing mode you must order the virtual servers. Click OK. The Modify Virtual Servers screen opens. 8.
Working with Global Availability Load Balancing A Global Availability configuration example With the Global Availability load balancing mode, you can configure one data center as your primary service provider and have several alternate service providers on standby. In the wideip statement, list the virtual servers in descending order of preference. The first available virtual server is chosen for each resolution request. Figure 9.2 shows a sample wideip definition, in the wideip.
Chapter 9 9-6
10 Adding a 3-DNS Controller to an Existing Network • Working with multiple 3-DNS Controllers • Preparing to add a second 3-DNS Controller to your network • Running the 3dns_add script • Verifying the configuration
Adding a 3-DNS Controller to an Existing Network Working with multiple 3-DNS Controllers When you are working with more than one 3-DNS Controller in your network, and you want the systems to load balance to the same virtual servers, you can create your entire configuration on one system and then add the second system using the 3dns_add script. The 3dns_add script copies the entire configuration from the first system onto the second system, and synchronizes all of the settings between the systems.
Chapter 10 Preparing to add a second 3-DNS Controller to your network Before you run the 3dns_add script on any additional 3-DNS Controllers you are adding to your network, you should complete the following tasks: ◆ Physically install the second 3-DNS Controller in its data center. (For more information on hardware installation, refer to the Platform Guide that shipped with the unit.) ◆ Run the Setup utility on the second system.
Adding a 3-DNS Controller to an Existing Network Making the existing 3-DNS Controller aware of the additional controller Once you have installed the hardware and run the Setup utility on the new system, you add its configuration information to the existing 3-DNS Controller (the 3-DNS Controller that is already installed in your network). To add the new controller to the existing controller’s configuration using the Configuration utility 1. Add the second data center to the configuration.
Chapter 10 Running the 3dns_add script You can run the 3dns_add script on the new 3-DNS Controller either by using a remote secure shell session, or by using a monitor and keyboard connected directly to the controller. To run the 3dns_add script 1. At the login prompt on the new controller, type root. 2. At the password prompt, type the password you configured when you ran the Setup utility. 3. To run the script, type 3dns_add at the command line.
Adding a 3-DNS Controller to an Existing Network 2. In the Server and Big3d columns, make sure the status is up, which is indicated by a green ball. 3. In the E/D column, make sure the systems are enabled. 4. If the status of any of your systems is down, unknown, or unavailable, wait a few minutes and click Refresh. If status of the systems remains down, unknown, or unavailable, contact Technical Support for assistance. To verify that the servers you configured are up 1.
Chapter 10 If the virtual servers belonging to the wide IP appear in a pattern that reflects the load balancing mode you selected, you have successfully configured your 3-DNS Controllers. Note that you can repeat the previous procedure for each wide IP you configured, and each controller in the sync group. Note This is the only verification task that you perform from the command line. The dig utility is part of DNS distributions.
Glossary
Glossary 3-DNS Distributed Traffic Controller The 3-DNS Distributed Traffic Controller is a wide area load distribution solution that intelligently allocates Internet and intranet service requests across geographically distributed network servers. The 3-DNS Distributed Traffic Controller is also most often referred to as the 3-DNS Controller. 3-DNS Maintenance menu The 3-DNS Maintenance menu is a command line utility that you use to configure the 3-DNS Controller.
Glossary CDN switching CDN switching is the functionality of the 3-DNS Controller that allows a user to redirect traffic to a third-party network, or transparently switch traffic to a CDN. The two features of the 3-DNS Controller that make CDN switching possible are geographic redirection and the pool type CDN. CNAME record A canonical name (CNAME) record acts as an alias to another domain name.
Glossary domain name A domain name is a unique name that is associated with one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.siterequest.com/index.html, the domain name is siterequest.com. dynamic load balancing modes Dynamic load balancing modes base the distribution of name resolution requests to virtual servers on live data, such as current server performance and current connection load.
Glossary Global Availability mode Global Availability is a static load balancing mode that bases connection distribution on a particular server order, always sending a connection to the first available server in the list.
Glossary to try if the preferred method fails, and the fallback method specifies the last load balancing mode to use if both the preferred and the alternate methods fail. load balancing mode A load balancing mode is the way in which the 3-DNS Controller determines how to distribute connections across an array. local DNS A local DNS is a server that makes name resolution requests on behalf of a client. With respect to the 3-DNS Controller, local DNS servers are the source of name resolution requests.
Glossary NS record A name server (NS) record is used to define a set of authoritative name servers for a DNS zone. A name server is considered authoritative for some given zone when it has a complete set of data for the zone, allowing it to answer queries about the zone on its own, without needing to consult another name server. NTP (Network Time Protocol) NTP functions over the Internet to synchronize system clocks to Universal Coordinated Time.
Glossary pool ratio A pool ratio is a ratio weight applied to pools in a wide IP. If the Pool LB mode is set to Ratio, the 3-DNS Controller uses each pool for load balancing in proportion to the weight defined for the pool. preferred method The preferred method specifies the first load balancing mode that the 3-DNS Controller uses to load balance a resolution request. See also alternate method, fallback method.
Glossary Quality of Service load balancing mode The Quality of Service load balancing mode is a dynamic load balancing mode that bases connection distribution on a configurable combination of the packet rate, completion rate, round trip time, hops, virtual server capacity, kilobytes per second, and topology information. ratio A ratio is the parameter in a virtual server statement that assigns a weight to the virtual server for load balancing purposes.
Glossary root name server A root name server is a master DNS server that maintains a complete DNS database. There are approximately 13 root name servers in the world that manage the DNS database for the World Wide Web. Round Robin mode Round Robin mode is a static load balancing mode that bases connection distribution on a set server order. Round Robin mode sends a connection request to the next available server in the order.
Glossary standby unit A standby unit is a system in a redundant system that is always prepared to become the active unit if the active unit fails. static load balancing modes Static load balancing modes base the distribution of name resolution requests to virtual servers on a pre-defined list of criteria and server and virtual server availability; they do not take current server performance or current connection load into account.
Glossary topology record A topology record specifies a score for a local DNS server location endpoint and a virtual server location endpoint. topology score The topology score is the weight assigned to a topology record when the 3-DNS Controller is filtering the topology records to find the best virtual server match for a DNS query. topology statement A topology statement is a collection of topology records.
Glossary watchdog timer card The watchdog timer card is a hardware device that monitors the 3-DNS Controller for hardware failure. wide IP A wide IP is a collection of one or more domain names that maps to one or more groups of virtual servers managed either by BIG-IP systems, EDGE-FX Caches, or by host servers. The 3-DNS Controller load balances name resolution requests across the virtual servers that are defined in the wide IP that is associated with the requested domain name.
Index
Index C /etc/hosts file 4-1 3-DNS Maintenance menu about 1-3 3-DNS modes configuring 3-11 3dns_add script about 10-1 and sync groups 10-1 running the script 10-4 verifying the configuration 10-4 A A records 2-3 active-active configurations and unit ID numbers 3-6 additional systems configuring 10-1 admin user account 3-9 administrative access IP addresses allowed 3-9 Administrator Kit, PDF versions 1-11 authentication server 1-10 auto configuration overview 5-15 auto-configuration 1-9, 5-6 B base networ
Index default IP addresses alternate address 3-2 and IP alias 3-3 overview 3-2 preferred address 3-2 default root password 3-2 default route configuration 3-8 discovery 5-16 modifying 5-15 settings for 5-15 Discovery setting 1-9 DNS master servers 2-3 root servers 2-4 DNS queries delegating to CDN providers 7-2 documentation 1-11 domain names, maximum supported 1-6 duplex mode 4-3 Dynamic Ratio about 8-6 configuring 8-6 using with QOS mode 8-6 E EDGE-FX system configuring 5-9 EDGE-FX systems defining 5-9
Index L P last resort pool using in a CDN configuration 7-9 LDAP 1-10 LED indicators 3-7 limits settings modifying thresholds 6-7 load balancing modes Global Availability 9-3 Quality of Service 8-1 Topology 6-2 load balancing, using pools 2-4 P95 Billing Estimate 1-10 packets access to VLANs 4-7 password creating for system and user accounts 1-9 passwords 3-2 default configuration 3-2 PDF versions, Administrator Kit 1-11 pools 2-4 portal 3-15 principal 3-DNS about 2-2, 5-13 adding a system to sync group
Index routers, host names 4-1 RSH configuring 3-16 rsh utilities 2-9 S sample 3-DNS configuration 2-1 sample configuration big3d agent communications 2-1 scalability 1-6 security features 1-6 self IP address, about 4-12 self IP addresses and translations 1-10 for target devices 3-7 server performance monitoring 6-8 server types 5-5 servers defining 2-7 defining a 3-DNS Controller 5-5 defining a BIG-IP system 5-6 defining additional 3-DNS Controllers 10-1 defining in the configuration 5-5 See also data cen
Index user accounts 1-9 user authorization 1-10 user authorization roles 1-10 utilities 3-DNS Maintenance menu 1-3 Configuration 1-2 Setup 1-2 V virtual servers and host names 4-1 availability settings 6-7 defining 2-7 VLAN access methods 4-7 VLAN groups 4-9 VLAN IDs 4-7 vlangroup command 4-9 VLANs configuring in Setup utility 3-7 default IP address 3-3 interfaces, assigning 3-8 managing 4-5 self IP address 3-7 W web server access adding user accounts 3-9 changing passwords 3-9 configuring 3-8 wide IPs
