Untitled - F5 Networks Inc.
Contents
1. Host I m ez XC r gt Internet Service Provider Chicago Client Figure 2 2 Name resolution process 3DNS Controller as primary DNS The transaction process is similar to that shown in Figure 2 1 The steps in Figure 2 2 are as follows 1 The client connects to an Internet Service Provider ISP and queries the local DNS to resolve the domain name www domain com 2 If the information is not already in the local DNS cache the ISP s local DNS queries a root server such as InterNIC s root servers 3 The root server returns the IP address of a DNS associated with www domain com 3DNS Controller v 1 0 6 2 7 Chapter 2 Integrating 4 The ISP s local DNS connects to the primary DNS in this case the primary DNS is the 3DNS Controller for www domain com The 3DNS Controller handles the name resolution Nn The 3DNS Controller responds to the local DNS with the IP address to use for the connection lon The local DNS passes this IP address to the client The client is connected to the selected virtual server which is managed by the BIG ip Controller in Los Angeles via the ISP In Figure 2 2 note that part of line 7 is dotted This is to indicate that the actual hardware for this step is not shown due to the number of ways ISPs can configure their networks The actual machines that handle all other transact2. EEE Node Node2 Node3 Content Servers Figure 4 10 Translating packet address the firewall Current vs Revised iQuery Message To allow iQuery packets to pass through firewalls your bigip sub statement needs to include the translate keyword When you include the translate keyword the iQuery utility includes translated IP addresses in the packets sent to the specific BIG ip Controller F5 Networks Inc Configuring a 3DNS Controller Here is an example of the appropriate syntax for iQuery firewall translation bigip address 192 168 101 40 vs address 192 168 101 50 port 80 translate address 10 0 0 50 port 80 Reference material This section describes the 3DNS Maintenance menu a configuration tool and background information that is useful in configuring 3DNS Controllers The 3DNS Maintenance menu You can use the 3DNS Maintenance menu to simplify certain tasks such as starting the big3d utility and distributing the wideip conf file Many of the menu items correspond to 3DNS Controller scripts each 3DNS Controller script is described in more detail in Appendix D Utilities and Scripts To start the 3DNS Maintenance menu enter the following command 3dnsmaint Figure 4 11 shows the 3DNS Maintenance menu 3DNS Controller v 1 0 6 4 23 Chapter 4 3 DN S Maintenance Menu Edit BIG ip List Erit S DNISESIE ES Generate RSA Authentication Gen
3. 2 00000 2 9 Working with multiple 3DNS Controllers 04 2 9 Working with international versions eese 2 15 Differences between US and international 3DNS Controllers 2 15 Configuring international 3DNS Controllers 2 16 Allowing communications between US and international 3DNS Controllers ereire ld e RE eR RUNE ERE URL 2 17 Allowing communications between international 3DNS Controllers and BIG ip Controllers 0 0 eee eee eee 2 18 Allowing communications between US 3DNS Controllers and international big3d utilities 00 cee eee ee eee 2 18 Understanding virtual servers 0 000 e eee eee eee 2 19 The iQuety protocol ss sei Lgs hte m br ase ex e E es 2 20 Setting up the big3d utility liliis eee 2 21 Table of Contents xvi Understanding probing 0 0 0 0 ee ec eee 2 21 Path probing and the discovery factory cee eee eee 2 21 The probing and discovery process 0 c cece eee eee 2 23 Port and protocol usage 0 0 eee ee 2 25 Chapter 3 Installation Procedures 3 1 Installation requirements 0 0 cece eet ee 3 2 Packing MISE i3 ust a eee dote actis ttp eid lauded os etoile gh CR eR ER wed Sas 3 2 Environmental requirements and usage guidelines 3 3 Installation tasks 250m ERES gee EERETRUECR Ee E CES 3 4 Doing a first time installation 0 0 0 cee eee ee
4. u Specifies what user to switch to after initialization when started as root The default is nobody c Specifies a pattern for CGI programs t Specifies a file of throttle settings h Specifies a host name to bind to for multi homing The default is to bind to all host names supported on the local machine l Specifies a file for logging If no file is specified thttpd logs via syslog Basic authentication The version of thttpd that is installed with the 3DNS Controller includes the basic authentication feature which is available as an option at compile time If basic authentication is enabled it uses a password file in a served directory called htpasswd by default This file is formatted as the familiar colon separated username encrypted password pair with records delimited by new lines The protection does not carry over to subdirectories htpasswd is the name of the included utility program that helps create and modify htpasswd files htpasswd uses this syntax htpasswd c passwordfile username F5 Networks Inc Utilities and Scripts Using the above command sets a user s password in an httpd style password file The c flag creates a new file Scripts This section provides information on each script that is shipped with the 3DNS Controller Most scripts correspond to items on the 3DNS Maintenance menu which is shown on page 4 23 This section provides information about how the scripts work
5. Total Picks Total Accesses Average Outstanding Requests Item Description Total Paths The number of paths used by the 3DNS Controller Paths Probed The number of paths that were successfully probed Successfully Fresh Paths The number of new paths The average of canent RTT m etrics forall paths The overall average round trip tm e forallpaths By com paring cunent versus overall averages you can tell whether on average the current RTTs are higher or lower than the accumulative average The average of current metrics for the percentage of completed packets versus lost packets The overall percentage of completed packets versus lost packets By com paring curent versus overall averages you can tell whether on average the current completion rate is higher or lower than the accumulative average The number of times for all paths where the path s data resulted in the corresponding BIG ip Controller s virtual server being chosen for a connection The number of times all paths were considered when performing dynamic load balancing The num berof iQ uery requests m ade by the 3DNS Controller to a particular BIG ip Controller that were dropped or not serviced within the timer_get_data timeframe Global variable statistics Click Globals to view information about the current and default values for each globals sub statement and to find out if any changes you made require that you restart
6. lt ip_addr gt zone in hs hesiod chaos type hint file path name check names warn fail ignore H Comments BIND 8 comments follow syntax rules that are similar to the 3DNS Controller comments syntax rules You can insert comments anywhere you would otherwise see white space in a BIND configuration file Syntax Note that the comment syntax depends on the environment in which you use the configuration file For example E 8 F5 Networks Inc This This This This is is is is BIND 8 Configuration Information This is a BIND comment as in C This is a BIND comment as in C This is a BIND comment as in common Unix shells and Perl Definition and usage The format for comments varies by programming language each format is described below C style comments C style comments start with the slash character followed by the asterisk character and end with the asterisk character followed with the slash character Because the comment is completely delimited with these characters a comment can span multiple lines Note that C style comments cannot be nested For example the following is not valid because the entire comment ends with the first the start of a comment Still part of the comment an incorrect attempt to nest a comment no longer in any comment C style comments C style comments start with two sla
7. ports 80 and 443 wideip address 192 168 101 70 port 80 http port_list 80 443 e commerce name ssl wip domain com pool lbmode rr pool name bigip_pool type vsb ratio 2 preferred qos alternate ratio address 192 168 101 70 ratio 7 address 192 168 102 60 ratio 2 pool name host pool type vsh ratio 1 preferred ratio address 192 168 104 50 ratio 2 Appendix C address 192 168 105 600 ratio 1 Mixing hosts and BIG ip virtual servers Ratio pool load balancing between bigip and hosts wideip address 192 168 102 50 service smtp name mx wip domain com pool_lbmode ratio pool name pool 1 type vsb ratio 3 preferred rtt alternate random address 192 168 101 50 address 192 168 102 50 address 192 168 103 50 pool name pool 2 type vsh ratio 1 preferred ratio address 192 168 104 50 ratio 2 address 192 168 105 50 ratio 1 Global availability pool load balancing between bigip datacenters with specialized use of preferred alternate and fallback load balancing methods null and return to dns The wideip conf File wideip address 192 168 102 70 port 80 name www domain com alias home domain com ttl 120 pool_lbmode ga pool name New York type vsb ratio 2 preferred leastconn alternate null fallback null address 192 168 101 50 ratio 2 address 192 168 101 600 ratio 1 address 192 168 101 70 ratio 1 pool name Los Angeles type vsb ratio 1
8. dinitrate Administrator Guide for the 3DNS Controller version 1 0 6 service and Support Information Product Version This manual applies to version 1 0 6 of the 3DNS Controller To obtain technical support for these products or to request product sales or customer service information refer to the contact information provided below Obtaining Technical Support Web Phone Fax Email support issues Email suggestions Contacting F5 Networks Web Toll free phone Corporate phone Fax Email Mailing Address 3DNS Controller v 1 0 6 tech f5 com 206 505 0888 206 505 0802 support f5 com feedback f5 com www f5 com 888 88BIG IP 206 505 0800 206 505 0801 sales f5 com 200 Ist Avenue West Suite 500 Seattle Washington 98119 Legal Notices Copyright Trademarks Information furnished by F5 Networks Inc F5 is believed to be accurate and reliable However no responsibility is assumed by F5 for its use nor any infringements of patents or other rights of third parties which may result from its use No license is granted by implication or otherwise under any patent copyright or other intellectual property right of F5 except as specifically describes herein F5 reserves the right to change specifications at any time without notice Copyright 1999 by F5 Networks Inc Seattle Washington All rights reserved Printed in U S A F5 3DNS and BIG ip are registered tradema
9. step guide to configuring wide IPs so that you can perform load balancing Example syntax for global availability on page 5 30 This section provides examples for common load balancing situations Chapter 7 Statements and Comments This chapter provides complete syntax for all statements The Administrator Guide for the BIG ip Controller Provides information on configuring virtual servers on the BIG ip Controller The iQuery protocol The iQuery protocol is a UDP based protocol used to communicate and exchange information between BIG ip Controllers and 3DNS Controllers All 3DNS Controllers that are configured as data collectors send queries to BIG ip Controllers via port 245 or 4353 using the iQuery protocol You can distribute return iQuery traffic across individual ephemeral ports or you can use either port 245 or 4353 as a single port for return iQuery traffic See Configuring iQuery options on page 4 20 You can enable encryption for iQuery protocol transactions See Enabling encryption on US 3DNS Controllers on page 4 3 However if you have a 3DNS Controller in a country that does not allow encryption see Working with international versions on page 2 15 F5 Networks Inc Preparing for Installation Setting up the big3d utility The big3d utility is the listener that runs on each BIG ip Controller and 3DNS Controller and it processes and responds to queries received from data collector 3DNS Controllers The
10. Controller as well as for remote backups A F Secure SSH client is pre installed on the 3DNS Controller hardware to assist with file transfer activities Please refer to the F Secure SSH User s Guide shipped with your 3DNS Controller for more information about the SSH client itself The F Secure server is started upon 3DNS Controller boot up The 3DNS First Time Boot Utility configures the F Secure SSH server based on information you provide so no further modification of the F Secure configuration is required Transferring and installing the F Secure SSH client You are licensed to install one 1 copy of the client on your administration workstation To ease the ordering and installation process both UNIX and Windows versions of F Secure SSH client are shipped with the 3DNS Controller Please contact Data Fellows if you need to purchase additional F Secure SSH clients or if you need to purchase the Mac version of the SSH client 9 Note The following F Secure SSH client is shown as an example and may not be an accurate reflection of your administration workstation To transfer the F Secure SSH client to the administration Workstation 1 Using the monitor and keyboard or serial terminal already connected to the 3DNS Controller change to the directory usr contrib fsecure where the F Secure SSH clients are located List the directory noting the file name that corresponds to the operating system of your administration workstat
11. F5makekey generates a seed key for encrypting communications Check versions of named BIG ip kernel and needed big3d Edit big3d matrix Install and Start big3d Edit BIND Configuration Fetch BIG ip Configuration between the 3DNS Controller and BIG ip Controller This item is not available in the international version of 3DNS Controller Displays version numbers for all BIG ip Controllers known to the 3DNS Controller as well as the version numbers of the big3d and named utilities running on each BIG ip Controller Opens for editing a file that lists version numbers for all BIG ip Controllers known to the 3DNS Controller and the version numbers of the big3d and named utilities running on each BIG ip Controller You do not need to edit this file unless a new BIG ip kernel or a named version create a conflict If this happens a new version of big3d must be placed on all BIG ips Controllers The big3d install command uses the matrix file to determine which version of big3d to transfer Runs the big3d install script which installs and starts the appropriate version of the big3d utility on each BIG ip Controller Opens the named conf file for editing Runs the print 3dvips script which reads the list of defined BIG ip Controllers in the bigips txt file then retrieves and saves a list of all the virtual servers owned by the listed BIG ip Controllers The generated list is saved in a file called etc bigip lst and is useful in
12. The following is an example of a 3DNS Controller configuration file Note that very few global parameters are listed You do not need to include each global parameter you should include only those parameters for which you want to specify a value other than the default Note that this sample file contains examples of common configurations and each load balancing mode Each load balancing example is further described in Example syntax for global availability starting on page 5 30 3DNS Controller v 1 0 6 C 3 Appendix C Sample etc wideip conf Related files are etc named conf var namedb db wip domain com se ok E H H H globals prober 192 168 101 2 Default prober is New York 3DNS encryption yes Encrypt iQuery paths_noclobber yes Don t overwrite metrics with zeroed results path_ttl 2400 Extend the life of path metrics rtt_probe_dynamic yes Switch to tcp probing if icmp fails multiplex_iq yes Source port is the same as destination port for iQuery use alternate iq port yes Use IANA registered port for iQuery The New York BIG ip is behind a firewall and the virtual servers need to be translated bigip New York address 192 168 101 40 vs address 192 168 101 50 port 80 translate address 10 0 0 50 port 80 The wideip conf File address 192 168 101 50 port 25 translate address 10 0 0 50 port 25 vs address 192 168 101 60 port 80 translate address
13. The number of resolutions made using the fallback load balancing method The number of name resolution requests that are returned to DNS F5 Networks Inc Web Administration Local DNS Item Description Total Local DNS The number of local DNS systems accessed by the 3DNS Controller Probed by ICMP The number of local DNS systems accessed by the 3DNS Controller that are probed by ICMP Probed by TCP The number of local DNS systems accessed by the 3DNS Controller that are probed by TCP Probed by UDP The number of local DNS systems accessed by the 3DNS Controller that are probed by UDP Not implemented for this release Needs Probe The number of local DNS systems that have not been probed Idle The number of local DNS systems that were successfully probed and are waiting for the next probe In Probe The number of local DNS systems that are currently being probed Needs The number of local DNS systems that failed a Discovery probe In Discovery Suspended Ports Discovered 3DNS Controller v 1 0 6 The number of local DNS systems that are currently being scanned The number of local DNS systems that failed the scan and are no longer eligible for probing or scanning The number of local DNS systems whose ports have been discovered enir Path Current Average RTT Overall Average RTT Current Average Completion Rate Overall Average Completion Rate
14. and lists other types of resource records Common types There are six standard types of resource records Type Description A Address Converts host names to IP addresses CNAME Canonical Defines a host alias Name MX Mail Exchange Identifies where to send mail for a given domain name NS Name Server Identifies a domain s name servers PTR Pointer Converts IP addresses to host names SOA Start of Authority Marks the beginning of a zone s data defines default parameters for a zone A Address The Address record or A name record lists the address for a given machine The name field is the machine name and the address is the network address There should be one A name record for each address of the machine The following is an example of an A name record name ittl addr class A address ucbarpa IN A 128 32 0 4 IN A 10 0 0 78 3DNS Controller v 1 0 6 F 3 Appendix F alias ttl ucbmonet name CNAME Canonical Name The Canonical Name resource record CNAME specifies an alias or nickname for the official or canonical host name This record must be the only one associated with the alias name It is usually easier to supply one A record for a given address and use CNAME records to define alias host names for that address The following is an example of a CNAME resource record addr class CNAME Canonical name IN CNAME monet MX Mail Exchange The Mail Exch
15. big3d adding to BIG ip Controller 4 5 configuring D 25 defined 2 21 installing D 24 Index BIG ip Controller adding BIG 3d to 4 5 requirements 3 2 statistics 6 3 using with 3DNS Controller 1 2 big3d_check D 24 big3d_install D 24 big3d_restart D 25 bigip statement 7 16 bigip txt D 20 BIND adding value to 1 2 requirements 3 2 BIND 8 comments E 8 configuration file E 2 converting older files E 10 overview E 2 BIND 8 statements E 2 acl E 3 include E 4 key E 4 logging E 5 options E 6 server E 7 zone E 7 Blowfish CBC encryption 1 5 booting 3DNS Controller 3 8 C CNAME resource records F 4 comments 3DNS Controller 7 29 3DNS Controller syntax 7 29 BIND 8 E 8 BIND 8 syntax E 8 completion rate load balancing mode 5 4 configuration viewing and changing 6 19 configuration file 3DNS C 2 BIND 8 E 2 1 10 example 3DNS Controller C 3 configuring 3DNS Controller 4 2 BIG 3d D 25 syslog for 3DNS messages D 11 conventions syntax 1 8 terminology 1 9 creating an empty 3DNS Controller file D 11 cur_ values C 16 D data collector 4 18 defined 1 10 2 8 data copier defined 1 10 2 8 database 3DNS C 16 defining data collectors 4 18 delegating a subdomain 4 7 delegation in name resolution 2 3 DNS primary 1 10 primary versus secondary 2 8 dynamic_wideip D 25 E e commerce 5 22 5 38 edit_wideip D 26 editing wideip conf C 2 encryption 1 5 enabling 4 3 packet validation 4 4 using f5ma
16. even though it is logically part of the previous comment Figure 7 14 Syntax for shell style comments 7 30 F5 Networks Inc pons Additional System and Network Configuration Changing passwords for the 3DNS Controller Configuring Sendmail Enabling dynamic routing Chapter 8 Changing passwords for the 3DNS Controller The First Time Boot utility prompts you to define a password that allows remote access to the 3DNS Controller and also prompts you to define a password for the 3DNS Web server You can change these passwords at any time Changing the 3DNS Controller password 1 At the 3DNS Controller command line prompt log in as root and use the passwd command 2 At the password prompt enter the password you want to use for the 3DNS Controller and press Return 3 To confirm the password retype it and press Return Changing passwords and adding new user IDs You can create new users for the 3DNS Web server change a password for an existing user or recreate the password file altogether without actually going through the 3DNS Web server configuration process 1 Start the 3DNS menu by entering the following command from usr contrib bin 3dnsmaint 2 From the 3DNS Maintenance Menu select Add 3DNS Administration Password This starts the 3dns_web_passwd script which lets you provide access to the 3DNS Web Administration site for selected users only and assigns passwords for those users If
17. home domain com cel 120 pool_lbmode ga pool name New York type vsb racio 2 preferred leastconn alternate null iE dLIUoyswe de mwili address 192 168 101 50 ratio 2 address 192 168 101 60 ratio 1 address OZN oor 0 ats om Figure 5 27 Distributing connections among three data centers continued on next page 5 36 F5 Networks Inc Load Balancing pool name Los Angeles type vsb ratio dL preferred leastconn alternate null i amp eillldeyewele molil ackrkess 192 16 1027 50 ratio 3 address 192 168 102 60 ratio 2 address 192 G63 025 rario d pool name Tokyo type vsb eee I preferred leastconn alternate null fallback return to dns address 192 168 103 50 address 192 168 103 60 address 192 168 103 70 Figure 5 28 Distributing connections among three data centers continued from previous page The pool 1bmode set at the top of the wideip statement determines how the connection requests are balanced among the three resource pools New York Los Angeles and Tokyo The 3DNS Controller first tries to resolve requests using the preferred mode If the preferred mode fails the 3DNS Controller tries the alternate mode If the alternate mode fails the 3DNS Controller tries the fallback mode If all three modes fail the 3DNS Controller returns the request to DNS 3DNSQO Controller v 1 0 6 DE Chapter 5 Note that in the resource pools above the alternate and fallback load balancing methods ar
18. logs an error in the syslog facility LOCAL2 You can configure the facility in the etc syslog conf file F5 Networks Inc Configuring a 3DNS Controller Adding big3d to a BIG ip Controller As described in Chapter 2 big3d is the listener that runs on each BIG ip Controller and answers 3DNS Controller queries You must add the big3d utility to each BIG ip Controller so that the 3DNS Controller can communicate with each BIG ip Controller To add the big3d utility to a BIG ip Controller 1 Open the 3DNS Maintenance menu by typing the following command from usr contrib bin 3dnsmaint The 3DNS Maintenance menu is described on page 4 23 N From the menu select Install and Start big3d This starts the big3d_install script which installs the big3d utility on the current BIG ip Controller You must perform this procedure from each BIG ip Controller that will be managed by the 3DNS Controller For more information see big3d_install on page D 24 Defining a wide IP You need to define a wide IP statement Each wide IP statement manages the load balancing of virtual servers on BIG ip Controllers and other host machines A wide IP statement includes the following important information Maps a domain name to a set of virtual servers Assigns a specific load balancing mode to the domain name Note You can include virtual servers managed by BIG ip Controllers and other host machines in a single wide IP definit
19. name dumpdb Dumps data metrics for wide IP addresses BIG ip Controllers hosts paths and virtual servers in the following files which are located in var run Jdns sum e 3dns paths Jdns ldns 3dns vs e 3dns bigips 3dns hosts 3dns wips 3dns lbs These files correspond to the tables displayed in the F5 Configuration utility In addition a memory representation of the 3DNS Controller is dumped to wideip dump db in wideip conf compliant format C like format Note The preceding information describes the low level mechanics of how the 3DNS Controller administration tool obtains its information This information can be useful for troubleshooting purposes ABRT name stats Dumps static information to var run 3dnsStats log F5 Networks Inc Utilities and Scripts Configuring syslog for 3DNS messages Although the syslog daemon is configured to save 3DNS Controller messages by default the information in this section is provided in case you ever need to reconfigure your system The lines listed in the following procedure are default entries for files shipped with a new 3DNS Controller Both big3d and named use the syslog daemon and all messages are written to the local2 facility To set up 3DNS Controller logging 3DNS Controller v 1 0 6 3 AR Add the following line to the etc syslog conf file local2 err var log 3dns To include warnings in normal operations also add the foll
20. preferred leastconn alternate null fallback null address 192 168 102 50 ratio 3 address 192 168 102 60 ratio 2 address 192 168 102 70 ratio 1 pool name Tokyo type vsb ratio 1 preferred leastconn alternate null Appendix C fallback return_to_dns address 192 168 103 50 ratio 3 address 192 168 103 60 ratio 2 address 192 168 103 70 ratio 1 Topological distribution and access control topology acl_threshold 1 limit_probes yes longest_match yes Server LDNS Score VALLAN LALLA C Pg M M Mg MI North American LDNS s 198 0 0 0 8 199 0 0 0 8 North America Priority List 1 New York 2 L A 3 Tokyo New York 192 168 101 0 24 198 0 0 0 8 30 192 168 101 0 24 199 0 0 0 8 30 Los Angeles 192 168 102 0 24 198 0 0 0 8 20 192 168 102 0 24 199 0 0 0 8 20 Tokyo 192 168 103 0 24 198 0 0 0 8 10 The wideip conf File 192 168 103 0 24 199 0 0 0 8 10 VMUIMUMblllll MI M P M gg ATT South American LDNS s 200 0 0 0 8 201 0 0 0 8 South America Priority List 1 Tokyo 2 L A New York excluded by acl threshold Tokyo 192 168 103 0 24 200 0 0 0 8 30 192 168 103 0 24 201 0 0 0 8 30 Los Angeles 192 168 102 0 24 200 0 0 0 8 20 192 168 102 0 24 201 0 0 0 8 20 New York 192 168 101 0 24 200 0 0 0 8 192 168 101 0 24 201 0 0 0 8 SILITA ITALLAL bg g MEM Wildcard List Record By default if a list record is
21. t lt inverval gt One option is available t interval Specifies the minimum interval in seconds between consecutive mail messages When log2mail receives a new log message it checks whether interval seconds have passed since the last time it mailed a message If at least that amount of time has passed log2mail mails the new message without delay Otherwise it saves incoming messages and sends them later after interval seconds have passed since the previous mail This prevents a large number of log messages from producing many mail messages The default interval is 300 seconds 5 minutes The thttpd server is a simple small fast and secure HTTP server It is distributed and installed with the 3DNS Controller and it supports the 3DNS Web Administration tool For more information on the thttpd server see the following Web page www acme com software thttpd thttpd uses this syntax thttpd p lt port gt d lt dir gt r nor u lt user gt 7c lt cgipat gt 7t throttles h lt host gt 1 lt logfile gt Options for the thttpd server include 3DNS Controller v 1 0 6 D 17 Appendix D P Specifies an alternate port number to listen on The default is 80 d Specifies a directory to chdir to at startup r Performs a chroot at initialization time restricting file access to the program s current directory If r is the compiled in default nor disables it
22. 28 The virtual server s default port number or service name You can use the service name if it is a WKS well known service and you enclose it in quotation marks The domain name for this wide IP for example www wip f5 com All names must be enclosed in quotation marks An alternate name for this wide IP All names must be enclosed in quotation marks Alias names are treated the same as the domain name You can specify up to 200 alias names for each wide IP The amount of time in seconds that the specified wide IP s information is used by the 3DNS Controller for name resolution and load balancing Specifies a list of ports that must be available before the 3DNS Controller can send connections to the specified address Relative weighting for each load balancing method in calculating the Quality of Service mode Each load balancing mode is described in the next table The load balancing mode to use to balance requests over all pools pool The start of the pool definition for this wide IP A pool is a set of virtual servers defined and owned by a BIG ip Controller or other host machine name As part of a pool definition defines the name of this pool All names must be enclosed in quotation marks 7 24 F5 Networks Inc Statements and Comments Parameter type ratio preferred alternate fallback address port ratio Description The type of pool vsb virtual servers owned by a BIG ip Co
23. 3DNS Controller for the first time you must perform the following tasks Start the First Time Boot utility Use the First Time Boot Utility to install the 3DNS Controller See page 3 8 Configure F Secure SSH client You must transfer and install the F Secure SSH client if you want to be able to configure 3DNS Controllers remotely See F Secure SSH client on page 3 14 Upgrading an earlier version If you are upgrading from an earlier version of the 3DNS Controller do the following 1 Download the 3dns106kit tar file from the F5 FTP site ftp ff5dupgrade ftp f5 com 3dns 3dns 1 0 6 2 Verify the integrity of the file using the sum command sum 3dns106kit tar If the file is correct the command displays the correct checksum Consult the product release notes for the correct checksum value 3 Extract the 3dns106kit tar file in the var tmp directory cd var tmp tar xvf 3dnsl106kit tar 3 4 F5 Networks Inc Installation Procedures The following table lists the files that are extracted File name Description 3 v1 0 6 tar gz 3DNS tarball gzipped 3dnsbook pdf 3DNS Controller user manual backupfile txt List of modified configuration files Again consult the product release notes for the correct checksum values for each file 4 Back up the existing configuration files on the 3DNS Controller cd var tmp usr contrib bin gtar cvf 3dbackup tar T backupfile txt 5 Stop all curren
24. Authorization RMA number marked on the outside of the package and sent prepaid insured and packaged appropriately for safe shipment The repaired or replaced item will be shipped to Purchaser at F5 s expense no later than 7 days after receipt by F5 Title to any returned Products or components will transfer to F5 3DNS Controller v 1 0 6 ix upon receipt F5 will replace defective media or documentation or at its option undertake reasonable efforts to modify the software to correct any substantial non conformance with the specifications Restrictions The foregoing limited warranties extend only to the original Purchaser and do not apply if a Product a has been altered except by F5 b has not been installed operated repaired or maintained in accordance with F5 s instructions c has been subjected to abnormal physical or electrical stress misuse negligence or accident or d has been operated outside of the environmental specifications for the Product F5 s limited software warranty does not apply to software corrections or upgrades Support Upgrades F5 provides software telephone support services at no charge for 90 days following the installation of any Product M F 6 am 6 pm Pacific time excluding F5 s holidays Such support will consist of responding to trouble calls as reasonably required to make the Product perform as described in the Specifications For advisory help requests which are calls of a more consult
25. Don t log private authentication messages err kern auth notice authpriv none dev console Log anything except mail of level info or higher Don t log private authentication messages info mail none authpriv none var log messages The authpriv file has restricted access authpriv var log secure Log all the mail messages in one place mail var log maillog Everybody gets emergency messages plus log them on another Save ftpd transactions along with mail and news ftpd var log spoolerr syslogd The syslogd daemon reads and logs messages to the system console log files other machines and or users as specified by its configuration file The syslogd daemon uses the following syntax syslogd a allowed peer d f m p s Options include the following a allowed peer Allows allowed peer to log to this syslogd using UDP datagrams Multiple a options may be specified 3DNS Controller v 1 0 6 Denis Appendix D Allowed_peer can be any of the following ipaddr masklen service Accepts datagrams from ipaddr in the usual dotted quad notation with masklen bits being taken into account when doing the address comparison If specified service is the name or number of a UDP service to which the source packet must belong A service of allows packets sent from any UDP port The default service is syslog A missing masklen is substituted by the historic clas
26. IP definition wideip address 192 168 102 70 name www domain com port 80 cur_preferred 143982 cur_alternate 108090 cur_fallback 130094 cur_returned_to_dns 23872 virtual server definitions In the above example the cur_ values indicate the following Parameter Description cur_preferred cur_alternate cur_fallback cur_returned_to_dns The number of times the specified wide IP was resolved by the preferred load balancing mode The number of times the specified wide IP was resolved by the alternate load balancing mode The number of times the specified wide IP was resolved by the fallback load balancing mode The number of times the specified wide IP couldn t find a suitable virtual server to return using the preferred alternate or fallback load balancing modes In this situation the 3DNS Controller returns the wide IP key fallback address as specified in the zone file Note To find out how many times the 3DNS Controller received resolution requests for this wide IP add the values for cur_preferred cur_alternate and cur_fallback F5 Networks Inc The wideip conf File Appendix C pons Utilities and Scripts Appendix D Utilities 3dparse 3dparse help version The 3DNS Controller includes several utilities and scripts These utilities and scripts allow you to configure the DNS and the various features of the 3DNS Controller Th
27. Inc DNS Resource Records Type NSAP NSAP PTR NXT PX RP RT SIG SRV TXT WKS X25 Description Network service access point address Obsolete Next domain Pointer to X 400 RFC822 information Responsible person Route through Cryptographic signature Server selection Text strings Well known service description X25 3DNS Controller v 1 0 6 Appendix F Jons etc aliases 8 4 etc crontab 8 3 etc daily D 12 etc sendmail 8 3 var log 3dns D 12 var log messages 4 31 var run wideip out C 16 3DNS Controller administration 6 1 as primary DNS 2 5 changing the password 8 2 comments 7 29 configuration checklist B 1 configuration file C 2 configuration tasks 4 2 data collector 4 18 data copier 4 19 defined 1 2 features 1 4 integrating 2 8 international versions 2 15 maintenance menu 4 23 planning for 2 2 statements 7 2 3DNS Controller syntax bigip statement 7 17 comments 7 29 globals statement 7 5 host statement 7 19 topology statement 7 28 wideip statement 7 22 3DNS database C 16 3DNS web server changing the password 8 2 3dns txt D 20 3dns_admin_start D 20 3dns_auth D 20 3dns_dump D 22 3dns_mode D 22 3dns sync D 23 3dns web passwd D 23 3dparse D 2 3dparse out D 2 3ndc D 5 A A resource records F 3 access to web administration tool 6 2 adding a wide IP 4 5 administering 3DNS Controllers 6 1 allocating a subdomain 4 6 availability virtual servers 6 7 B
28. NS 5 Requests ES Figure 5 4 Packet rate mode Example syntax Packet rate wideip address 192 168 101 60 port 80 name cgi wip domain com pool name mypool type vsb preferred packet rat address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Figure 5 5 Example syntax for packet rate 3DNS Controller v 1 0 6 SET Chapter 5 RTT 1500 microseconds RTT 2000 microseconds Related globals sub statements timer_get_bigip_data bigip_ttl For information on these and all globals sub statements see The globals statement on page 7 4 Round Trip Times RTT Syntax rtt Figure 5 6 shows the 3DNS Controller using the Round Trip Times load balancing mode The Round Trip Times RTT mode selects the virtual server with the fastest measured round trip time using probes from the BIG ip Controller to the client s local DNS RTT 2500 RTT 3500 microseconds microseconds Hic 0 Hc Los Angeles Tokyo Requests Data Refresh RTT 1000 RTT 3000 microseconds microseconds EN m E s New York Los Angeles Tokyo BE Requests 4 5 6 Figure 5 6 Round Trip Times mode F5 Networks Inc Load Balancing In the top half of Figure 5 6 the New York machine has the lowest score As aresult the 3DNS Cont
29. Software only will be referred to as a Software Product and a combination Software hardware product will be referred to as a Combination Product All Software is licensed not sold by F5 This License is a legal agreement between F5 and the single entity Licensee that has acquired Software from F5 under applicable terms and conditions N License Grant Subject to the terms of this License F5 grants to Licensee a non exclusive non transferable license to use the Software in object code form solely on a single central processing unit owned or leased by Licensee Other than as specifically described herein no right or license is granted to Licensee to any of F5 s trademarks copyrights or other intellectual property rights Licensee may make one back up copy of any Software Product provided the back up copy contains the same copyright and proprietary information notices as the original Software Product Licensee is not authorized to copy the Software contained in a Combination F5 Networks Inc 3DNS Controller v 1 0 6 Product The Software incorporates certain third party software which is used subject to licenses from the respective owners Restrictions The Software documentation and the associated copyrights are owned by F5 or its licensors and are protected by law and international treaties Except as provided above Licensee may not copy or reproduce the Software and may not copy or translate the wr
30. Topology The new Topology load balancing mode distributes connections based on the proximity of a local DNS to a particular data center See page 5 21 The topology mode can also be incorporated into the Quality of QOS load balancing mode New distribution method e commerce Using the port_list parameter you can configure a wide IP so that connections are not sent to a given address unless all listed services are available This feature is especially useful for e commerce transactions See E commerce on page 5 22 New versions of big3d 3DNS Controller includes a new big3d utility for all versions of BIG ip Controller Enhancements to the 3DNS Web Administration tool The 3DNS Web Administration tool now includes an Administration area where you can change the 3DNS Controller configuration and control statistics collection The original statistics screens also contain new information in several areas See Chapter 6 Web Administration 3DNS Maintenance menu changes The 3DNS Maintenance menu includes several new commands Check versions of named BIG ip kernel and needed big3d Edit big3d matrix Dump and List named database Display mode of wideip conf Use Static wideip conf F5 Networks Inc Introduction to 3DNS Controller Use Dynamic wideip conf See The 3DNS Maintenance menu on page 4 23 iQuery enhancements 3DNS Controller has three new iQuery options New port The iQuery protocol is officia
31. by Christopher G Demetriou for the NetBSD Project This product includes software developed by Adam Glass This product includes software developed by Christian E Hopps This product includes software developed by John Kohl This product includes software developed by Paul Kranenburg This product includes software developed by Terrence R Lambert This product includes software developed for the NetBSD Project by Frank Van der Linden This product includes software developed by Philip A Nelson This product includes software developed by Jochen Pohl for the NetBSD Project This product includes software developed by Chris Provenzano This product includes software developed by Theo de Raadt This product includes software developed by the David Muir Sharnoff This product includes software developed by SigmaSoft Th Lockert F5 Networks Inc This product includes software developed for the NetBSD Project by Jason R Thorpe This product includes software developed by Jason R Thorpe for And Communications http www and com This product includes software developed for the NetBSD Project by John M Vinopal This product includes software developed by Christos Zoulas This product includes software developed by Charles Hannum This product includes software developed by Charles Hannum by the University of Vermont and Stage Agricultural College and Garrett A Wollman by William F Jolitz and by the University o
32. configuration file if BIND finds more than one occurrence BIND honors the first When this happens BIND generates a warning alerting you that your configuration contains multiple options statements If BIND does not find an opt ions statement in the configuration file BIND uses an options block with each option set to its default Syntax options memstatistics file path name statistics file path name no directory path name named xfer path name dump file path name pid file path name auth nxdomain yes no deallocate on exit yes no fake iquery yes no fetch glue yes no host statistics yes multiple cnames yes no no notify yes no lt in_addr gt lt in_addr gt recursion lt yes forward only first 11H forwarders check names master slave fail allow query address match list response warn ignore allow transfer address match list listen on port ip port address ip addr in number address match list ip port LF query source port many answers max transfer tim transfer format answer on F5 Networks Inc BIND 8 Configuration Information transfers in number transfers out number transfers per
33. configuring the bigip statement in your wideip conf file 3DNS Controller v 1 0 6 Chapter 4 Menu Item Edit BIG ip Configuration Edit 3DNS Configuration Synchronize Configuration Data Description Opens the etc Digip lst file which is generated by running the print_3dvips script see the preceding description of the Fetch BIG ip Configuration menu item The etc bigip Ist file contains a list of all the virtual servers owned by the BIG ip Controllers Use this menu item to make changes to the bigip statement of your wideip conf file edit the bigip st file and then copy and paste it into your wideip conf file Runs the edit_wideip script which opens the wideip conf file for editing Runs the 3dns_sync script which distributes the wideip conf file from the current 3DNS Controller to all other 3DNS Controllers that are listed in the 3dns txt file Only use the script if you are certain that you want the same wideip conf on all machines Having the same wideip conf on all machines may not be desirable in all cases Check big3d Runs the big3d check script which checks that each BIG ip Controller listed in the bigips txt file is running the big3d utility Restart big3d Runs the big3d restart script which stops and restarts the big3d utility on each BIG ip Controller listed in the bigips txt file Change Add Users for Runs the 3dns web passwd script which lets you provide restricted or 3DNS Web
34. gt timer_get_path_data lt number gt bigip ttl number Dostat EE NUES r vs_ttl lt number gt path ttl number rtt timeout number rtt sample count number rtt packet length number iib joxele J9REGEOeOI lt seu tes gt rx buf size number tx buf size number timer check keep alive number qos coeff rtt number qos coeff completion rate number qos coeff packet rate number qos coeff topology number default alternate rr ratio ga random return to dns copolosy mwd gt default_fallback lt rr ratio ga random return_to_dns copoelecyy mailk gt Figure 7 1 Syntax for globals statement continued on next page 3DNS Controller v 1 0 6 yi Chapter 7 fb respect depends lt yes no gt fb respect acl lt yes no gt Guowesew ESO lt Wes mo encryption key file string path hi water number path lo water number path duration number em reco mule lt 9 3 prober ip addr resolver tx buf size number resolver rx buf size number use alternate iq port yes no gt multiplex iq yes no paths never die yes paths noclobber yes check dynamic depends lt yes no gt rtt probe dynamic yes no gt rtt port discovery yes no rtt discovery method short wks full all gt path max refreshe
35. hosts If you do not define a default prober and you do not define probers for all hosts you may encounter validation errors Buffer size The buffer size sub statements specify the maximum amount of UDP data that the 3DNS Controller can receive and also specify the maximum amount of TCP data that the 3DNS Controller can send Parameter Description Default resolver_rx_buf_size The UDP receive buffer size The value is overridden 8192 only if it is larger than the one first assigned by the kernel resolver_tx_buf_size The TCP send buffer size 16384 F5 Networks Inc Statements and Comments Reaping The default reaping values are adequate for most configurations Contact F5 technical support if you want to make changes to them Note The default values for path_hi_water and path_lo_water vary depending on available memory and are automatically established during the startup process Parameter Description Default path_hi_water Specifies the high water mark for reaping varies path_lo_water Specifies the low water mark for reaping varies path_duration An event is triggered every path duration seconds that 345600 calls the reaping function You can enter a value between 3600 and 2419200 seconds path reap alg Specifies the method by which unexpired paths are reaped 0 during the general reap process You can enter 0 which corresponds to least recently used or 1 which co
36. is now installed on your administration workstation You are now ready to remotely log on to the 3DNS Controller to finish configuration If you have any problems building the F Secure SSH client for the UNIX operating system on your administration workstation please contact Technical Support at F5 Networks Inc To remotely log on to 3DNS using F Secure 1 Open a connection by typing ssh 1 root 3DNS Controller IP address 2 The 3DNS Controller prompts you for the password that you set earlier After installation After the 3DNS Controller is installed you must perform several configuration tasks to implement the system These tasks are described in Chapter 4 Configuring a 3DNS Controller 3 16 F5 Networks Inc pons Configuring a 3DNS Controller Configuration overview Configuration tasks Reference material Configuration overview This chapter describes required and optional tasks for configuring 3DNS Controllers and provides relevant reference material Another good source of configuration information is Appendix C The wideip conf File which provides a sample wideip conf file Configuration tasks Section Start page Enabling encryption 4 3 Adding big3d to a BIG ip Controller 4 5 Adding a wide IP 4 5 Defining data collectors and data copiers 4 18 Configuring iQuery options 4 20 Reference material Section Start page The 3DNS Maintenance menu 4 23 Understanding the wide IP key 4 28 Un
37. mne Orao pool name pool 2 type vsb ratio JL preferred rr ewelsheexe 19241068 102 60 Taro 2 gekchesss 192 158 110 214 60 ratio i Figure 4 8 Sample wideip statement The wide IP is now in place and configured 4 16 F5 Networks Inc Configuring a 3DNS Controller Adding additional wide IPs After the first wide IP is in place you can add additional wide IPs The following procedure assumes that your virtual servers are already defined on the BIG ip Controllers and other host machines The following example describes how to add a wide IP named ftp wip domain com 1 Select a set of geographically distributed virtual servers 2 Select the IP address of one of the virtual servers in the set to be the wide IP key For more information on the wide IP key see page 4 28 3 Define the wide IP name and key within BIND by adding the following resource record to db wip domain com ftp wip IN A 192 168 102 60 4 Define the virtual server list and the wide IP key within the 3DNS Controller by adding it to etc wideip conf as follows wideip address 192 168 102 60 service ftp name ftp wip domain com pool name main_pool type vsb preferred leastconn alternate ratio address 192 168 101 60 ratio 2 New York address 192 168 102 60 ratio 4 Los Angeles address 192 168 103 60 ratio 1 Tokyo Figure 4 9 Sample wideip statement 5 Restart the 3DNS Controller by entering the following 3DNS Con
38. mode that the 3DNS Controller is currently using The conf argument determines which wideip conf mode is currently running This argument is also available on the 3DNS Maintenance menu as the Display mode of wideip conf command There are four different modes F5 Networks Inc 3dns_sync Utilities and Scripts Initial The etc wideip conf file is an plain file not a link and the 3DNS Controller has never been put into Static or Dynamic mode Static The etc wideip conf file is actually a link to var 3dns etc wideip conf static Dynamic The etc wideip conf file is actually a link to var 3dns etc wideip conf dynamic Unknown The etc wideip conf file is missing or is linked to an unknown file or is otherwise corrupt The watch argument determines whether watchdog named is currently active The script returns yes or no An invalid argument to 3dns mode returns a The 3dns sync script corresponds to the Synchronize Configuration Data item on the 3DNS Maintenance menu This script distributes the wideip conf file from the current 3DNS Controller to all other 3DNS Controllers that are listed in the Jdns txt file This synchronizes the 3DNS Controller configuration on all specified 3DNS Controllers Only use the script if you are certain that you want the same wideip conf on all machines Having the same wideip conf on all machines may not be desirable in all cases 3dns web passwd The 3dns web passwd s
39. named F5 Networks Inc Web Administration Documentation For more information on 3DNS Controllers and utilities click Man Pages Users Guide or Release Notes Note that opening the online Users Guide takes a few moments The file is rather large and the viewing software Adobe Reader must be started Administration Commands Configuration From the Administration area you can view and edit the wideip conf file change global variable settings update the current statistics and configuration settings in the wideip conf file start and stop metrics collection on paths and reset all statistics You can perform the following tasks using the buttons under Commands in the left frame Item Description Reset Statistics Sets all statistics values to zero and begins collecting new statistical data Start Metrics Activates the process of collecting statistical Collection data Stop Metrics Deactivates the process of collecting statistical Collection data In addition to viewing collected information about your network you can use the 3DNS Controller administration tool to view and change your configuration file 3DNS Controller v 1 0 6 6 19 Chapter 6 View wideip conf Displays the contents of your wideip conf file Edit wideip conf Opens the wideip conf file in an edit window Once you are finished making changes click Update There are three limitations to editing your wideip conf
40. ns number coresize size spec datasize size spec files size spec stacksize size spec cleaning interval number interface interval number Statistics interval number topology address match list server statement The server statement defines the characteristics associated with a remote name server Syntax server ip addr bogus yes no transfers number transfer format one answer many answers keys key id key id zone statement The zone statement defines a zone Syntax zone lt domain_name gt in hs hesiod chaos type master file lt path_name gt check names warn fail ignore 3DNS Controller v 1 0 6 E 7 Appendix E allow update address match list allow query address match list allow transfer address match list notify yes no also notify ip addr lt ip_addr gt zone lt domain_name gt in hs hesiod chaos type slave stub file lt path_name gt masters lt ip_addr gt lt ip_addr gt check names warn fail ignore allow update address match list allow query address match list allow transfer address match list max transfer time in number notify yes no gt also notify lt ip_addr gt
41. protocol and again probes the target on port 53 this time using the alternate probe protocol After the big3d utility runs all target local DNS servers through the probing factory the big3d utility returns the probe results to the 3DNS Controller The returned metrics include the round trip time the number of successful replies and the successful probe protocol The 3DNS Controller periodically scans the cache for targets that do not have metrics returned from a big3d utility The 3DNS Controller determines whether probing failed on port 53 for each of these targets If so the 3DNS Controller sends the targets to any available big3d for processing in the discovery factory which determines whether the target has another open port that can be used for probing For each target local DNS the big3d discovery factory scans a short list of alternate ports looking for a response The port numbers it scans include 21 22 23 25 80 110 113 139 248 1127 1524 1525 and 2105 These ports are shuffled before each scan The discovery factory stops scanning the target upon the first successful response If the discovery factory fails to get a response from all ports on the short scan list the discovery factory then scans the target one final time using the ports specified in the etc services file stored on the machine where that big3d utility resides You can edit the etc services file to control which ports are scanne
42. slave instead of primary and secondary Note You can configure a 3DNS Controller so that it handles DNS name resolution and authoritative zone information in addition to metrics collection In this case the 3DNS machine is the data collector as well as the primary DNS Virtual server The term VIP has been replaced by virtual server and it is used to refer to a specific combination of a virtual IP address and a virtual port number managed by a BIG ip Controller or other host machine Throughout this manual virtual servers managed by BIG ip Controllers are represented by vsb and virtual servers managed by other host machines are represented by vsh Node The term node refers to a specific combination of a node address and a node port number which is managed by the BIG ip Controller A BIG ip Controller maps each virtual server to one or more nodes In the 3DNS Web Administration tool Nodes Up denotes the number of nodes that are currently available for a given virtual server The 3DNS Controller monitors and collects data for nodes that are managed only by BIG ip Controllers Local DNS The term local DNS refers to a DNS server that makes name resolution requests on behalf of a client From the 3DNS Controller s perspective the local DNS is the source of the name resolution request 3DNS Controller v 1 0 6 1 11 Chapter 1 pons Preparing for Installation General network considerations Planning the
43. that live BIG ip Controllers or host machines are available You can change this behavior by setting the globals sub statement check_static_depends to no Both static and dynamic load balancing modes are available when monitoring virtual servers managed by BIG ip Controllers However when monitoring virtual servers managed by other host machines only the static load balancing modes are available Specialized Specialized modes include the following Topology access control Topology load balancing E commerce Quality of service Global availability Topology access control and e commerce go beyond simple load balancing in that they let you fine tune how connections are distributed Dynamic modes Dynamic load balancing modes use the iQuery protocol to collect the information that is used to determine how to direct client requests When you configure a wide IP for a path dependent dynamic load balancing mode such as Round Trip Times or Completion Rate the 3DNS Controller instructs each BIG ip Controller to collect path metrics for the local DNS The 3DNS Controller requests path metrics from each BIG ip Controller the first time a name resolution request is made by the local DNS and thereafter on a periodic basis You can control how often the data is refreshed the interval between updates using the globals sub statements get path data and path tt1 Path metric collection does not occur during the name resolution p
44. the following information about each BIG ip Controller in your network The administration tool generates a separate table for each BIG ip Controller Each table provides the following information Item Description Data Center The IP address or name of the BIG ip Controller This address links to a page that displays the bigip statement associated with the selected BIG ip Controller OK The current status of the specified BIG ip Controller A green light indicates that the specified BIG ip Controller is up red indicates that it is down blue indicates that the BIG ip Controller is new to the 3DNS Controller and that the 3DNS Controller has not yet collected metrics from it TTL The remaining time to live ttl before the BIG ip Controller s data needs to be refreshed Seq No The number of iQuery packets sent between the specified BIG ip Controller and the 3DNS Controller Packets Out The total number of IP packets sent by the specified BIG ip Controller 3DNS Controller v 1 0 6 6 3 Chapter 6 Item Packets In Packet Rate VS Count VS Picks Refreshes Uptime Last Reply Description The total number of IP packets received by the specified BIG ip Controller The number of packets per second in and out of the BIG ip Controller during the last sample period The number of virtual servers managed by the specified BIG ip Controller The number of times a virtual server managed
45. the rear of the 3DNS Controller 1 Fan 8 Printer port 2 Power in 9 Fail over port 3 Voltage selector 10 Video VGA port 4 Mouse port 11 Internal interface RJ 45 5 Keyboard port 12 External interface RJ 45 6 Universal serial bus ports 13 Interface indicator LEDs 7 Terminal serial port 14 Watchdog card Not to be connected to any peripheral hardware Figure 3 2 3DNS Controller rear view When the 3DNS Controller is successfully powered up you must read and agree to the conditions in the displayed license agreement before the First Time Boot utility starts and begins prompting you for configuration information 3DNS Controller v 1 0 6 3 9 Chapter 3 The configuration is not saved until after you have completely gone through the series of screens Any changes you need to make to the configuration can be made during the display of the screens to confirm each setting Note The screens in international versions of 3DNS Controller differ slightly from the screens shown in this section Running the First Time Boot configuration utility After you press any key at the initial screen the First Time Boot Utility screen is displayed as shown in Figure 3 3 To continue with the configuration press any key First Time Boot System Configuration Utility Welcome to 3DNS tm Before using your 3DNS tm you will have to configure the root pas
46. the total number of connections for each virtual server is the same t LG New York Los Angeles S tf X 2 5 4 Figure 5 11 Round Robin mode Example syntax wideip address 192 168 102 60 service ftp name ftp wip domain com pool name main pool type vsb preferred rr address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Figure 5 12 Example syntax for round robin SE F5 Networks Inc Load Balancing Null Syntax null Specifying the null load balancing mode causes the 3DNS Controller to bypass the current load balancing method It forces the 3DNS Controller to use the next load balancing method or to move on to the next available pool Return to DNS Syntax return_to_dns The return to DNS mode returns the resolution request to DNS preventing the 3DNS Controller from using the next load balancing method or using the next available pool The following example shows both null and return to DNS 3DNS Controller v 1 0 6 B 118 Chapter 5 Example syntax Global availability pool load balancing between bigip data centers with specialized use of preferred alternate and fallback load balancing methods null and return_to_dns wideip exeleheesm 192 1 6102 5 7 0 port 80 name www domain com alias home domain com ped 120 pool lbmode ga Doo name Tokyo type vsb tatio d
47. thing the cur_ value overwrites the existing information when named reads the var run wideip in file as part of the database synchronization that a data copier performs each sync db interval seconds You may notice cur values in bigip host vs path or wideip definitions Examples for each type of definition follow C 16 F5 Networks Inc The wideip conf File Example bigip definition bigip New York BIG ip Controller address 192 168 101 40 cur_packet_rate 139 cur_ok 1 virtual server definitions In the above example the cur_ values indicate the following Parameter Description cur_packet_rate The number of packets per second sent during the last sample period cur_ok The state of the specified BIG ip Controller The options are 1 Up 2 Down 3 Waiting 4 Alert and 5 Panic Example host definition host New York host address 192 168 105 40 probe_protocol icmp prober 192 168 103 40 Use the prober in Tokyo cur ok 2 virtual server definitions 3DNSQO Controller v 1 0 6 Celis Appendix C In the preceding example the cur_ value indicates the following Parameter Description cur_ok The state of the specified host machine The options are 1 Up and 2 Down Example vs definition vs address 192 168 102 50 80 cur_serv_cnt 1 cur_connections 0 cur_picks 39 cur_refreshes 783 In the above example the cur_ values indicate the f
48. to the database On a data copier specifies how often to copy and read the data collector s database file You can enter a value between 60 and 4294967295 Dependencies The dependencies sub statement specifies whether the 3DNS Controller checks the availability of virtual servers on BIG ip Controllers or hosts before the 3DNS Controller sends a connection to the virtual server This check is performed only when the 3DNS Controller uses a static load balancing mode If the 3DNS Controller is using a dynamic load balancing mode an availability check is always performed Parameter Description Default check_static_depends servers on BIG ip Controllers and hosts Change this Specifies whether to check the availability of virtual yes option to no if you want to test your configuration Periodic task intervals These sub statements define the frequency at which the 3DNS Controller refreshes the metrics information it collects F5 Networks Inc Statements and Comments Parameter Description Default timer_get_bigip_data timer_get_host_data timer_get_vs_data timer_get_path_data timer_check_keep_alive The 3DNS Controller refreshes the BIG ip Controller information at intervals determined by timer_get_bigip_data You can enter a value between 0 and 4294967295 seconds The 3DNS Controller refreshes other host machine information at intervals determined by timer_get_host_
49. 0 45 root usr sbin sendmail q gt dev null 2 amp 1 3DNS Controller v 1 0 6 8 3 Chapter 8 Including this line in the etc crontab file sets Sendmail to flush the outgoing message queue for any email that could not be delivered immediately Because the 3DNS Controller does not accept email from external sources there is no need to run the Sendmail daemon Queue flushes are issued via crontab Save and close the etc crontab file Open the etc aliases file In the etc aliases file create an entry for root to point to an administrator at your site For example root networkadmin domain com Because the 3DNS Controller does not accept local email bounces or undelivered messages go unnoticed This requires that the administrator is notified when a message is bounced or undelivered Save and close the etc aliases file Run the newaliases command to generate the new aliases database using the information you just added 9 Reboot the 3DNS Controller F5 Networks Inc Additional System and Network Configuration Enabling dynamic routing The 3DNS platform includes the GateD daemon which is disabled by default To enable the 3DNS Controller to accept dynamic routing updates from your routers you must first create the appropriate configuration file etc gated conf Enabling the GateD daemon You enable the GateD daemon on the 3DNS Controller by typing the following at the command line p
50. 10 0 0 60 port 80 vs address 192 168 101 60 port 21 translate address 10 0 0 60 port 21 vs address 192 168 101 70 port 80 translate address 10 0 0 70 port 80 vs address 192 168 101 70 Appendix C port 443 translate address 10 0 0 70 port 443 bigip Los Angeles address 192 168 102 40 vs address 192 168 102 50 80 vs address 192 168 102 50 25 vs address 192 168 102 60 80 vs address 192 168 102 60 443 vs address 192 168 102 60 21 vs address 192 168 102 70 80 The wideip conf File bigip Tokyo address 192 168 103 40 vs address 192 168 103 50 80 vs address 192 168 103 50 25 vs address 192 168 103 60 80 vs address 192 168 103 60 21 vs address 192 168 103 70 80 host Tokyo address 192 168 104 40 vs address 192 168 104 50 80 probe_protocol tcp vs address 192 168 104 50 443 probe_protocol tcp Appendix C vs address 192 168 104 50 25 probe_protocol tcp host New York address 192 168 105 40 port 80 probe_protocol tcp prober 192 168 103 40 vs address 192 168 105 50 80 probe_protocol tcp vs address 192 168 105 50 25 probe_protocol tcp vs address 192 168 105 60 80 probe_protocol icmp vs address 192 168 105 60 443 probe_protocol icmp Use the prober in Tokyo The wideip conf File wideip address 192 168 101 50 service http name www wip domain com qos coeff rtt 21 comple
51. 92 in addr arpa IN NS 3dns newyork domain com IN NS 3dns losangeles domain com TR otherbox wip domain com TR www wip domain com TR ftp wip domain com Figure 4 2 Excerpt from db 192 168 101 Note Because a virtual server is listed in each data center for a wide IP definition you need to define an entry to mapping for each class C network that is included in the wide IP definition 3DNS Controller v 1 0 6 4 11 Chapter 4 UWA Leg IZ 5 ame ele le c ceuepote c postmaster domain com 102 Tog TIZ atin erelolie auc oe c IN SOA 3dns newyork domain com 1998062914 Serial as YYYYMMDDXX 3600 Refresh 900 Retry 3600000 Expire 14000 Minimum IN NS 3dns newyork domain com IN NS 3dns losangeles domain com TR www wip domain com UR ftp wip domain com Figure 4 3 Excerpt from db 192 168 102 LOS 168 192 3m exele be eue postmaster domain com 103 168 192 tai aceh euer c IN SOA 3dns newyork domain com 1998062914 Serial as YYYYMMDDXX 3600 Refresh 900 Retry 3600000 Expire 14000 Minimum IN NS 3dns newyork domain com IN NS 3dns losangeles domain com 50 IN PTR www wip domain com 60 IN PTR ftp wip domain com Figure 4 4 Excerpt from db 192 168 103 4 12 F5 Networks Inc 3DNS Controller v 1 0 6 Configuring a 3DNS Controller Instead of a typical one to one relationship where one address map
52. BIG ip Controller s primary or shared interface IP addresses and to each host At least one BIG ip Controller and or host machine If you plan to use dynamic load balancing you must have one or more BIG ip Controllers running version 1 8 3 or later You can use static load balancing for host machines or other server array controllers For information on dynamic and static load balancing modes see Chapter 5 Load Balancing For information on configuring a BIG ip Controller see the Administrator Guide for the BIG ip Controller When you unpack the 3DNS Controller check the packing list to ensure that you received all of the following items 3DNS Controller box 1 Power cable 1 PC AT to PS 2 keyboard adapter 1 Keys for the front panel lock 2 Extra fan filter 1 Rack mounting screws F Secure SSH User s Guide 1 US products only F5 Networks Inc Installation Procedures Environmental requirements and usage guidelines A 3DNS Controller is an industrial network appliance designed to be mounted in a standard 19 inch rack To ensure safe installation and operation of the unit be sure to consider the following before you install the unit in the rack You should always install the rack according to the manufacturer s instructions and be sure to check the rack for stability before placing equipment in it You should build and position the rack so that once you install the 3DNS Controller the power suppl
53. CER E EE S 7 2 The globals statement 0 00 eee cee eee 7 4 The bigip statement 0 0 eee eee eee 7 16 The host statement llle 7 19 The wide IP statement lllelee e 7 21 The topology statement lseeeeeeee RR 7 27 Comments 2 e LIG6evrv DECR ARTPCPCEePRGULD Y Wem ed ue E Sees 7 29 3DNS Controller v 1 0 6 xvii Table of Contents xviii Chapter 8 Additional System and Network Configuration 8 1 Changing passwords for the 3DNS Controller seeeues 8 2 Changing the 3DNS Controller password 0 000004 8 2 Changing passwords and adding new user IDs 8 2 Configuring Sendmail 0 0 cece ec eee eee 8 3 Customizing the etc sendmail file 0 cece eee 8 3 Enabling dynamic routing 0 0 eee ee eee eee 8 5 Appendix A Glossary A 1 Appendix B 3DNS Controller Configuration Checklist B 1 OVERVIEW cese ee tes FG RES aN E AG CHE RED Ewe ee Eee B 2 3DNS Controller Configuration Checklist 00000005 B 3 Appendix C The wideip conf File C 1 OVERVIEW er rr adie dos oes EMG Ine t da s standin aoe eee E rior dana C 2 Working with static and dynamic wideip conf files C 2 Example 3DNS Controller configuration file 00 C 3 Understanding cur vales seee seri errre rei eee eee C 16 How cur_ values are used 1 ccc ce eee eee C 16 Appendix D Utilities and Scripts D 1 Ut
54. Controller uses to verify whether the virtual server is available The number of virtual servers managed by the specified host machine The IP address of the machine owning the currently running BIG 3d process The protocol used for this connection The number of times this host machine was chosen by a wide IP for load balancing The number of times this data was refreshed The last time the 3DNS Controller received data about the specified host Virtual server statistics Click Virtual Servers to view the following information about each configured virtual server on your network The administration tool generates a separate row for each virtual server Item Description OK TTL Type Virtual Address Virtual Port Ratio Connections Conn Limit Nodes Up Enabled Whether the specified virtual server is taken into consideration for load balancing A green light indicates that the specified virtual server is up red indicates that it is down yellow indicates that it is unavailable blue indicates that the virtual is new to the 3DNS Controller and that the 3DNS Controller has not yet collected metrics from it See Virtual server decision criteria next The remaining time to live ttl before a virtual server s metrics data needs to be refreshed Whether the specified virtual server is managed by a BIG ip Controller VSb or other host machine VSh The IP address of the specified virt
55. D probing LE Lemo fails Source port is the same as destination port for iQuery Use IANA registered port for iQuery F5 Networks Inc Configuring a 3DNS Controller host Tokyo address 192 168 104 40 vs address 192 168 104 50 80 probe protocol tcp Figure 4 7 Sample host statement If you need assistance in defining this section of the file open the 3DNS Maintenance menu and select Fetch BIG ip Configuration This menu item starts the print 3dvips script which creates a list of all virtual servers owned by your BIG ip Controllers You can use this generated list to enter the correct values for this section of the configuration file This script is described in print 3dvips on page D 27 8 Add the www wip domain com domain as a wide IP to your wideip conf file Define which load balancing mode you want to use for the wide IP and list which virtual servers are to be available for load balancing this wide IP For more information on wideip statement syntax see The wide IP statement on page 7 21 Here is an example of a wideip statement to add to wideip conf 3DNS Controller v 1 0 6 4 15 Chapter 4 Ue wideip ederess 192 168101 50 service http name www wip domain com qos_coeff TEE 21 completion_rate 7 packet_rate topology pool name pool 1 type vsb rario 2 preferred qos amp xelehesse 3 092 16S LOL a0 ratio 2 access 192 163 102 50 cereale Jb adores O Mice
56. Expire 259200 A inimum The record specific fields are defined as follows Person in charge The email address for the person responsible for the name server mon with changed toa Serial number The version number of this data file it must be a positive integer This number must be increased whenever a change is made to the data 3DNS Controller v 1 0 6 F 5 Appendix F Other types Refresh The time interval in seconds between calls that the secondary name servers make to the primary name server to see if an update is necessary Retry The time interval in seconds that a secondary server waits before retrying a failed zone transfer Expire The maximum number of seconds that a secondary name server can use the data before it expires for lack of receiving a refresh Minimum The default number of seconds to be used for the time to live TTL field on resource records which do not specify a TTL in the zone file It is also an enforced minimum on TTL if it is specified on a resource record in the zone The following is a list of less common resource record types Type Description AAAA IPv6 address AFSDB AFS database location GPOS Geographical position HINFO Host information ISDN Integrated services digital network address KEY Public key KX Key exchanger LOC Location information MB Mailbox domain name MINFO Mailbox or mail list information NULL A null RR F5 Networks
57. FC 1035 is as follows addr class record typ record specific data The fields are defined as follows name The first field name is the name of the domain record and it must always start in column 1 For all resource records that are not the first in a file the name may be left blank When the name field is left blank the record takes the previous resource record e ttl The second field ttl time to live is optional This field specifies how long this data will be stored in the database If this field is left blank the default time to live value is specified in the Start Of Authority resource record described later in this chapter address class The third field is the address class Currently only one class is supported IN for internet addresses and other internet information Limited support is included for the HS class which is for MIT Athena Hesiod information record type The fourth field record type defines the type of this resource record such as A other fields Additional fields may be present in a resource record depending on its type Although case is preserved in names and data fields when loaded into the name server comparisons and lookups in the name server database are case insensitive F5 Networks Inc DNS Resource Records Types of resource records There are many types of resource records currently in use This section provides an overview of the most common resource record types
58. IND 8 overview Although you can use earlier versions of BIND version 4 97 and later F5 Networks recommends that you use BIND 8 1 2 or later with the 3DNS Controller For more information on BIND refer to the Internet Software Consortium Web site at www isc org BIND 8 has the advantage of being more configurable than earlier versions of BIND New areas of configuration such as access control lists ACLs and categorized logging are now available You can selectively apply more options rather than being required to apply options to all zones To incorporate this new technology and provide for future enhancements BIND 8 requires a new format for configuration files A BIND 8 configuration file consists of two types of information statements and comments Both of these are described in the following sections Statements BIND statements end with a semicolon Statements can contain blocks of sub statements which are also terminated with a semicolon The following statements are supported Statement Description acl Defines a named IP address matching list for access control and other uses include Includes a file key Specifies key information for use in authentication and authorization F5 Networks Inc BIND 8 Configuration Information Statement logging options server zone Description Specifies what the server logs and where the log messages are sent This statement
59. If you plan on doing a scripted task manually you should find this section especially helpful Note Before you edit a script make a backup copy of the original 3DNS Controller v 1 0 6 D 19 Appendix D File location All scripts are located in usr contrib bin as are both data files The data files are bigips txt This file consists of a list of the physical external IP address of each BIG ip Controller that is managed by the 3DNS Controller The format is one IP address per line If you have a BIG ip redundant hardware system the IP addresses of both BIG ip machines are listed You can edit this file by using the Edit BIG ip List item on the 3DNS Maintenance menu 3dns txt This file consists of a list of administration IP addresses of 3DNS Controllers The format is one IP address per line You can edit this file by using the Edit 3DNS List item on the 3DNS Maintenance menu Note that you should not list the current 3DNS Controller s IP address in its own 3dns txt file You can use shell style also known as Perl style comments in both bigips txt and 3dns txt Shell style comments begin with a pound sign character and are no longer than one line in length 3dns admin start 3dns auth The 3dns admin start script starts the Web Administration tool provided with your 3DNS Controller For information on this tool see Chapter 6 Web Administration All 3DNS Controller scripts are easier to use when you
60. Inc Utilities and Scripts Writes its statistics to var tmp named stats It uses the IOT or ABRT signal trace Increments the tracing level by one Whenever the tracing level is not zero trace information is written to var tmp named run Higher tracing levels result in more detailed information It uses the USRI signal notrace Sets its tracing level to zero closing var tmp named run if it is open It uses the USR2 signal querylog Toggles the query logging feature which while on results in a syslog entry for each incoming query It uses the WINCH signal Note that query logging consumes log file space This directive may also be given as grylog start Starts named as long as it isn t already running stop Stops named if it is running restart Stops and restarts named Signals and dump files extending ndc As mentioned above the 3DNS Controller extends the functionality of ndc to send signals to the 3DNS Controller and dump data to the 3DNS Controller files To send signals to the 3DNS Controller name server named use one of the following commands kill signal code cat var run named pid Or ndc signal function name The following signal codes are used by the 3DNS Controller in addition to the normal BIND functionality HUP name restart 3DNS Controller v 1 0 6 D 9 Appendix D Restarts the name server Use this signal to reread the named conf and the wideip conf files INT
61. L preferred leastconn alternate null fallback return to dns adenesseio2 oo NI CINES address 192 168 103 60 ratio 2 address o2 59 03 Etc Figure 5 13 Example syntax for null and return to DNS Specialized modes This section describes the following specialized or more advanced load balancing modes Topology access control Topology load balancing E commerce Quality of service Global availability 5 14 F5 Networks Inc Load Balancing Topology access control and e commerce go beyond simple load balancing in that they let you fine tune how connections are distributed Topology based access control You can use topology based access control to implement a form of wide area IP filtering Topology based access control allows you to specify which data centers are acceptable for a given resolution request based on the proximity of the data center s IP address to the requesting local DNS server s IP address Defining the topology statement You insert the topology statement at the end of the wideip conf file The topology statement consists of three parameters acl_threshold limit_probes and longest_match followed by a list of records defining a network The syntax is as follows topology acl_threshold SUED OMS IIb limit probes yes no longest match yes no server cidr gt LDNS cidr gt score Figure 5 14 Syntax for topology statement Topology statement example It is best to expla
62. LIED WITH RESPECT TO THE SOFTWARE SPECIFICATIONS SUPPORT SERVICE OR ANYTHING ELSE F5 HAS NOT AUTHORIZED ANYONE TO MAKE ANY REPRESENTATION OR WARRANTY OTHER THAN AS PROVIDED ABOVE F5 DISCLAIMS ANY AND ALL WARRANTIES AND GUARANTEES EXPRESS IMPLIED OR OTHERWISE ARISING WITH RESPECT TO THE SOFTWARE OR SERVICES DELIVERED HEREUNDER INCLUDING BUT NOT LIMITED TO THE WARRANTY OF MERCHANTABILITY THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON INFRINGEMENT OF THE INTELLECTUAL PROPERTY F5 Networks Inc RIGHTS OF ANY THIRD PARTY F5 WILL HAVE NO OBLIGATION OR LIABILITY WHETHER ARISING IN CONTRACT INCLUDING WARRANTY TORT INCLUDING ACTIVE PASSIVE OR IMPUTED NEGLIGENCE STRICT LIABILITY OR PRODUCT LIABILITY OR OTHERWISE FOR ANY SPECIAL INCIDENTAL CONSEQUENTIAL OR INDIRECT DAMAGES INCLUDING BUT NOT LIMITED TO LOSS OF USE LOSS OF DATA BUSINESS INTERRUPTION LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SOFTWARE OR OTHER GOODS OR SERVICES FURNISHED TO LICENSEE BY F5 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Termination This License is effective until terminated and will automatically terminate if Licensee fails to comply with any of its provisions Upon termination Licensee will destroy the Software and documentation and all copies or portions thereof oo Miscellaneous This Agreement will be governed by the laws of the Sta
63. Los Angeles 192 168 102 0 24 200 0 0 0 8 20 192 168 102 0 24 201 0 0 0 8 20 New York 192 168 101 0 24 200 0 0 0 8 192 168 101 0 24 201 0 0 0 8 11 1 1 1 11 1 1 1 1 11 111 1 1111 11 Wildcard List Record By default if a list record is not found in the topology map for an LDNS the score is assumed to be 0 By including the following wildcard list record all other LDNS s not North or South America as specified above are assigned a score of 1 so the acl_threshold does not indicate that the virtual servers are down 0 0 0 0 0 0 0 0 0 0 1 Chapter 5 Understanding the list records The record list records in the topology statement define a score for pairs of known local DNS servers and data centers Essentially each record defines two network endpoints in CIDR Classless Interdomain Routing format and a score The CIDR format consists of an IP address and a number n designating a subnet bitmask The bitmask is made up of n ones followed by 32 n zeros For example for n 8 the bitmask is 11111111000000000000000000000000 8 ones 24 zeros The first endpoint A corresponds to the IP address of a server either a BIG ip Controller or a host The second endpoint B corresponds to the IP address of the local DNS Suppose a local DNS L requests a name resolution from the 3DNS Controller and the virtual server being considered as an answer is managed by a BIG ip Co
64. NS Controller v 1 0 6 Chapter 6 6 10 Item Service VSb Ratio VSh Ratio VSb LB Mode VSh LB Mode VSb Count VSh Count Preferred Alternate Fallbacks Returned to DNS Last Resolution Description The port or service used by the specified wide IP If the service is a WKS well known service the service name is shown Otherwise the port number is shown The weighting value for the virtual servers owned by BIG ip Controllers The weighting value for the virtual servers owned by other host machines The load balancing mode in use for the pool of virtual servers owned by a BIG ip Controller The load balancing mode in use for the pool of virtual servers owned by a host machine The number of virtual servers owned by a BIG ip Controller which are used to load balance the specified wide IP The number of virtual servers owned by a host machine which are used to load balance the specified wide IP The number of times a resolution request was resolved using the preferred load balancing method specified in the wideip statement The number of times a resolution request was resolved using the alternate load balancing method specified in the wideip statement The number of times a resolution request was resolved using the allback load balancing method specified in the wideip statement The number of name resolution requests that 3DNS Controller could not resolve These reques
65. OF ANY THIRD PARTY F5 WILL HAVE NO OBLIGATION OR LIABILITY WHETHER ARISING IN CONTRACT INCLUDING WARRANTY TORT INCLUDING ACTIVE PASSIVE OR IMPUTED NEGLIGENCE STRICT LIABILITY OR PRODUCT LIABILITY OR OTHERWISE FOR ANY SPECIAL INCIDENTAL CONSEQUENTIAL OR INDIRECT DAMAGES INCLUDING BUT NOT LIMITED TO LOSS OF USE LOSS OF DATA BUSINESS INTERRUPTION LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH ANY OF THE PRODUCTS OR OTHER GOODS OR SERVICES FURNISHED TO CUSTOMER BY F5 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES 3DNS Controller v 1 0 6 xi End user Software License Xii IMPORTANT READ BEFORE INSTALLING OR OPERATING THIS PRODUCT CAREFULLY READ THE TERMS AND CONDITIONS OF THIS LICENSE BEFORE INSTALLING OR OPERATING THIS PRODUCT BY INSTALLING OPERATING OR KEEPING THIS PRODUCT FOR MORE THAN THIRTY DAYS AFTER DELIVERY YOU INDICATE YOUR ACCEPTANCE OF THESE TERMS AND CONDITIONS IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT PROMPTLY CONTACT F5 NETWORKS INC F5 TO ARRANGE FOR RETURN OF THE PRODUCT FOR A REFUND 1 Scope This License applies to the software for the 3DNS Controller whether such software is provided separately or as an integral part of a hardware product As used herein the term Software will refer to all such software and the corrections updates new releases and new versions of such software A product that consists of
66. S and data collector The 3DNS Controller in Los Angeles however is a secondary DNS and data copier losangeles domain com Router Data i BIG ip Controller gia Node Node2 Node3 Content Servers tokyo domain com copier and secondary DNS newyork domain com Nr Router 8 4 3 D 3DNS Controller BIG ip Controller data collector and Internet primary DNS BH o i Nodei Node2 Node3 Content Servers Data collection Copying of collected data Figure 2 4 Multiple 3DNS Controllers 3DNS Controller v In this case the 3DNS Controller in New York performs metrics collection The 3DNS Controller in Los Angeles does not collect metrics but instead copies metrics from the 3DNS Controller in New York at specified intervals As in Example A the 3DNS Controller in New York is the authoritative source for zone information The 3DNS Controller in Los Angeles is also capable of resolving name requests but gets its zone information from the New York machine 1 0 6 2C Chapter 2 Example C Figure 2 5 shows an example where both 3DNS Controllers are data collectors The 3DNS Controller in New York is the primary DNS and the 3DNS Controller in Los Angeles is a secondary DNS losangeles domain com Router BIG ip Controller 3DNS Controller data collector and s
67. a prober than runs on a BIG ip Controller rather than on the 3DNS Controller Setting up iQuery communications to allow passing through firewalls The iQuery utility collects configuration and metric information from BIG ip Controllers on behalf of the 3DNS Controller The payload information of an iQuery packet contains information that potentially requires translation when there is an intermediate system in the path between a BIG ip Controller and the 3DNS Controller In previous versions of 3DNS Controller iQuery messages included only the configured virtual server address which was not appropriate where iQuery packets traveled through a firewall and required both the configured address and the translated address 3DNS Controller now allows iQuery packets to contain both addresses In the example configuration shown in Figure 4 10 a firewall separates the path between the BIG ip Controller and the 3DNS Controller The packet addresses are translated at the firewall However addresses within the iQuery payload are not translated and they arrive at the BIG ip Controller in their original state 3DNS Controller v 1 0 6 4 21 Chapter 4 Packet headers are translated at the firewall but payloads are not newyork domain com VS 192 168 101 50 VS 192 168 101 50 m VS 192 168 101 50 Trans 10 0 0 50 VS 192 168 101 50 Trans 10 0 0 50 4 Eu L6 BIG ip Controller Firewall 3DNS Controller
68. administrative access to the 3DNS Web Administration site for Administration selected users only and assigns passwords for those users Users with restricted access have access to the statistics area only Users with administrative access have access to all areas of the 3DNS Web Administration site If you don t use this script all users have access to the 3DNS Web Administration site Start 3DNS Runs the 3dns admin start script which starts the 3DNS Web Administration Administration tool 4 26 F5 Networks Inc Configuring a 3DNS Controller Menu Item Dump and List named Database Display mode of wideip conf Description Lets you view seven different statistics screens on the command line sum Displays summary statistics such as the 3DNS Controller version the total number of resolved requests and the load balancing methods used to resolve requests paths Displays path statistics such as round trip time and packet completion rate eldns Displays statistics collected for local DNS servers including the number of resolution requests received from a given server and the current protocol used to probe the server evs Displays statistics about BIG ip and host virtual servers such as the server state and the number of times it has received resolution requests bigips Displays statistics about all BIG ip Controllers known to the 3DNS Controller including the number of virtual servers each BIG ip Cont
69. ake it easier for you to spot and resolve any configuration problems BIND syntax If you are not well versed in BIND syntax or you need a BIND syntax reference see one of the following Appendix D of this manual The O Reilly amp Associates book DNS and BIND http www isc org bind html wideip conf syntax After making changes to wideip conf use the 3dparse tool to verify syntax before starting named To use this tool type 3dparse on the command line For details on the 3dparse tool see page D 2 For more information on wideip conf and to see an example of a wideip conf file see Appendix C The wideip conf File var log messages If you encounter an error that you cannot trace open the var log messages file on your system Using the UNIX grep utility search for named for example tail 100 var log messages grep named This log file saves verbose error information and should contain an explanation of the error 3DNS Controller administration tool The Web Administration tool described in Chapter 6 Web Administration is useful in diagnosing problems as it provides a snapshot of your 3DNS Controller network at any given time 3DNS Controller v 1 0 6 4 31 Chapter 4 pons Load Balancing How does load balancing work Load balancing modes Load balancing examples Chapter 5 How does load balancing work Load balancing is handled on a per wide IP basis When you select a l
70. ame for example fest net IP address or name of primary DNS Create and delegate new subdomain for example wip test net on the primary DNS for use by the 3DNS Controller List subdomains here 3DNS Controller v 1 0 6 B 3 Appendix B Checklist continued Identify domains to be load balanced for example www test net and ftp test net Virtual servers managed by BIG ip Controllers to be assigned to wide IPs Virtual servers managed by other host machines to be assigned to wide IPs B 4 F5 Networks Inc Eons The wideip conf File Appendix C Overview The 3DNS Controller configuration file is called etc wideip conf It consists of two types of information statements and comments You must edit the 3DNS Controller configuration file to suit your network Use the sample configuration file etc wideip conf samp which is included later in this chapter as a guide The etc wideip conf file describes the BIG ip Controllers other host machines and wide IPs that are managed by the 3DNS Controllers At the minimum your wideip conf file must contain the following At least one virtual server which can be defined in either a bigip or host statement A wideip statement Refer to Chapter 7 Statements and Comments for information on valid statements and sub statements as well as for the proper syntax Working with static and dynamic wideip conf files You have the option of maintaining
71. ange resource record MX records define the mail system s for a given domain The following is an example of an MX resource record ttl addr class MX pref value mail exchange Munnari OZ AU OIL name ttl IN MX 0 Seismo CSS GOV IN MX 0 RELAY CS NET NS Name Server The Name Server resource record NS defines the name server s for a given domain creating a delegation point and a subzone The first name field specifies the zone that is serviced by the name server that is specified by the second name Every zone needs at least two name servers The following is an example of an NS resource record addr class NS Name servers nam IN NS ucbarpa Berkeley Edu F5 Networks Inc DNS Resource Records PTR Pointer A Name Pointer record PTR associates a host name with a given IP address These records are used for reverse name lookups The following example of a PTR record is used in setting up reverse pointers for the special IN ADDR ARPA domain name ttl addr class PTR real name 7 0 IN PTR monet Berkeley Edu SOA Start of Authority The Start of Authority SOA record starts every zone file There must be exactly one SOA record per zone The following is an example of an SOA resource record name ttl addr class SOA Origin Person in charge IN SOA ucbvax Berkeley Edu kjd ucbvax Berkeley Edu 1995122103 Serial 10800 Refresh 1800 Retry 3600000
72. apter 5 Example syntax wideip address 192 168 103 60 port BO name ntp wip domain com pool name poolA type vsb preferred topology alternate rtt address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Figure 5 15 Example syntax for topology E commerce For the purposes of conducting business over the Internet you can configure the wide IP statement so that connections are not sent to a given address unless all specified ports or services are available To do so use the wideip port list sub statement 5 22 F5 Networks Inc Load Balancing For example wideip address 192 168 101 70 port 80 iy meta port_list 80 443 e commerce name ssl wip domain com pool lbmode rr pool name bigip_pool type vsb racio 2 preferred qos alternate ratio address 192 168 101 70 ratio 7 address 192 168 102 60 ratio 2 Figure 5 16 Syntax for e commerce In the above example ports 80 and 443 must be available before connections are sent to the specified address If one of the ports in the list is down the 3DNS Controller will not send traffic to any of the ports defined in the list For each virtual server address in the pool a virtual server must exist for each port in the port list In the above example the following virtual servers must exist 192 168 101 70 80 192 168 101 70 443 192 168 102 60 80 192 168 102 60 443 Use of the port list paramete
73. arse D 2 htpasswd D 18 log2mail D 17 syslogd D 15 thttpd D 17 V verifying wideip conf syntax D 2 virtual server criteria for availability 6 7 defined 1 11 2 19 statistics 6 6 W watchdog named 1 8 D 3 wide IP adding 4 5 I 13 Index statistics 6 9 wide IP key 4 28 wideip statement 7 21 wideip conf C 2 example C 3 minimum requirements C 2 modes C 2 D 22 verifying syntax D 2 Z zone files storing 3 7 zone minimums overriding 4 29 specifying 4 29
74. at they utilize US 3DNS Controllers US 3DNS Controllers allow secure remote connections via ssh secure shell and allow secure copying using scp secure copy They also support encryption for iQuery communications between the 3DNS Controller and US big3d utilities that run on BIG ip Controllers To allow US 3DNS Controllers to communicate with international 3DNS Controllers US 3DNS 3DNSQO Controller v 1 0 6 25 Chapter 2 Controllers include rsh remote shell and rcp remote copy tools but they are initially disabled If you need to configure a US 3DNS Controller to communicate with international 3DNS Controllers you must explicitly enable the rsh and rcp tools on the US 3DNS Controller If you need to configure US 3DNS Controllers to communicate with international versions of the big3d utility you must disable iQuery encryption on US 3DNS Controllers International 3DNS Controllers International 3DNS Controllers allow remote connections using rsh remote shell and allow copying using rcp remote copy International 3DNS Controllers do not encrypt iQuery communications between the 3DNS Controller and the big3d utility that runs on BIG ip Controllers However this does not prevent an international 3DNS Controller from successfully making iQuery requests to a US version of the big3d utility WARNING The Install and Start big3d item on the 3DNS Maintenance menu installs the US or international version of the big3d util
75. at you use only one comment style in your wideip conf file However all styles may be used in a single wideip conf file C style comments C style comments start with the slash character followed by the asterisk character and end with the asterisk character followed with the slash character Because the comment is completely delimited with these characters a comment can span multiple lines Note that C style comments cannot be nested For example the following is not valid because the entire comment ends with the first 3DNS Controller v 1 0 6 7 29 Chapter 7 This is the start of a comment This is still part of the comment Tais is am incorrect attempt to nest a comment This is no longer in any comment Figure 7 12 Syntax for C style comments C style comments C style comments start with two slash characters and are no longer than one line in length To have one logical comment span multiple lines each line must start with the pair For example This is the start of a comment The next line is a new comment line even though it is logically part of the previous comment Figure 7 13 Syntax for C style comments Shell style comments Shell style also known as Perl style comments start with the character and are no longer than one line in length For example This is the start of a comment The next lin is a new comment line
76. ations in which a 3DNS Controller needs to communicate with other 3DNS Controllers when you synchronize configurations between one 3DNS Controller and another and when data copiers copy metrics data from a data collector If you work in a mixed environment where you have both international and US 3DNS Controllers that need to communicate with each other you must change the US 3DNS Controller configuration by enabling the remote login tools including rsh and rcp You do not need to make any configuration changes to international 3DNS Controllers To enable the remote login tools on a US 3DNS Controller run the rsetup script from the command line The rsetup script performs several essential steps to enable access for rsh and rcp and we strongly recommend that you use the script rather than doing this manually Note Enabling rsh and rcp does not prevent US 3DNS Controllers from using encryption when they communicate with other US 3DNS Controllers 3DNS Controller v 1 0 6 2 17 Chapter 2 Allowing communications between international 3DNS Controllers and BIG ip Controllers International 3DNS Controllers use rsh and rcp to communicate with BIG ip Controllers Note that only BIG ip Controller version 2 0 1PTF 03 supports rsh and rcp and that you must explicitly enable these rlogin tools on each BIG ip Controller that the international 3DNS Controller communicates with regardless of whether the BIG ip Controller is a US or an
77. ative nature than a standard trouble call F5 will provide up to two hours of telephone service at no charge Additional service for advisory help requests may be purchased at F5 Networks then current standard service fee During this initial 90 day period Customer is entitled at no charge to updated versions of covered software such as bug fixes and incremental enhancements as designated by minor revision increases e g BIG ip V1 5 to BIG ipV1 6 In addition Customer will receive special pricing on upgraded versions of covered Products such as new clients new modules and major enhancements designated by major revision increases e g BIG ip V1 x to BIG ip V2 0 Customer may purchase a Maintenance Agreement for enhanced maintenance and support services DISCLAIMER LIMITATION OF REMEDY EXCEPT FOR THE WARRANTIES SPECIFICALLY DESCRIBED HEREIN F5 DOES NOT MAKE ANY GUARANTEE OR WARRANTY EXPRESS OR IMPLIED WITH RESPECT TO PRODUCTS SPECIFICATIONS SUPPORT SERVICE OR ANYTHING ELSE F5 HAS NOT AUTHORIZED ANYONE TO MAKE ANY REPRESENTATION OR WARRANTY OTHER THAN AS PROVIDED ABOVE F5 DISCLAIMS ANY AND ALL WARRANTIES AND GUARANTEES EXPRESS IMPLIED OR F5 Networks Inc OTHERWISE ARISING WITH RESPECT TO THE PRODUCTS OR SERVICES DELIVERED HEREUNDER INCLUDING BUT NOT LIMITED TO THE WARRANTY OF MERCHANTABILITY THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON INFRINGEMENT OF THE INTELLECTUAL PROPERTY RIGHTS
78. big3d utility can be used only with BIG ip software version 1 8 3 or later To determine which version of big3d you are using use the Check versions of named BIG ip kernel and needed big3d item on the 3DNS Maintenance menu To install and run the appropriate version of big3d on each BIG ip Controller use the Install and Start big3d item on the 3DNS Maintenance menu big3d configuration options are described in Configuring the big3d process on page D 25 Understanding probing Before you install and configure 3DNS Controllers it is helpful to understand how the probing process works This section provides an overview of the probing process and an example of a typical sequence of events Path probing and the discovery factory The 3DNS Controller collects a list of the local DNS servers that request name resolutions from the 3DNS Controller For the purpose of load balancing future connection requests the 3DNS Controller collects statistics about the paths such as round trip time and packet completion rate between each local DNS and each BIG ip Controller that the 3DNS Controller manages 3DNS Controller version 1 0 6 improves path statistics collection over older product versions in three ways Running multiple probing factories Each big3d utility runs multiple probing factories at one time and can process up to 20 times the number of probe targets than in earlier versions 3DNSQO Controller v 1 0 6 2 21 Chapter 2 D
79. bind include etc acls bind Be careful not to type include as you would in a C program because is used to start a comment Syntax include lt path_name gt key statement The key statement defines a key ID which can be used in a server statement to associate an authentication method with a particular name server The key statement is intended for future use by the server It is checked for syntax but is otherwise ignored E 4 F5 Networks Inc BIND 8 Configuration Information Syntax key lt key_id gt algorithm lt algorithm_id gt secret lt secret_string gt logging statement The logging statement configures a wide variety of logging options for the name server Syntax logging channel lt channel_name gt file lt path_name gt versions number unlimited size size spec syslog kern user mail daemon auth syslog lpr news uucp cron authpriv ftp localO locall local2 local3 local4 local5 local6 local7 null severity critical error warning notice info debug level dynamic print category yes no print severity yes no print time yes no category category name channel name channel name Appendix E options statement The options statement sets up global options to be used by BIND This statement should appear only once in a
80. bsequent connections go to the next listed virtual server in the wide IP definition 5 28 F5 Networks Inc Load Balancing wideip statement lists three virtual servers in this order New York Los Angeles Tokyo New York Los Angeles Tokyo BIG ip Controller in New York becomes available again New York Los Angeles Tokyo ae a Requests Figure 5 20 Global Availability mode 3DNS Controller v 1 0 6 5 29 Chapter 5 Example syntax Global availability wideip address 192 168 101 60 port 80 name cgi wip domain com pool name mypool type vsb preferred ga address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Figure 5 21 Example syntax for global availability Load balancing examples The following examples show only a few of the ways different load balancing modes can be used to optimize performance of your network Use these examples as a starting point for deciding how you want connections handled Configuring a standby data center Using the global availability load balancing mode you can configure one data center as your primary service and have several alternate services on standby In the wideip statement list the virtual servers in descending order of preference The first available virtual server is chosen for each resolution request For
81. by the BIG ip Controller received a resolution request from the 3DNS Controller The number of times this data was refreshed using the iQuery protocol The number of days hours minutes and seconds that the specified BIG ip Controller has been active The date and time of the last contact with the specified BIG ip Controller F5 Networks Inc Host statistics Web Administration Click Hosts to view the following information about the generic host machines in your network The administration tool generates a separate row for each host machine The host machine s IP address appears in the third column of each row the rest of the row provides the following information for that host machine Item OK TTL Interface Address Probe Port VS Count Prober Protocol Picks Refreshes Last Refresh 3DNS Controller v 1 0 6 Description The current status of the specified host machine A green light indicates that the specified host is up red indicates that it is down blue indicates that the host is new to the 3DNS Controller and that the 3DNS Controller has not yet collected metrics from it The remaining time to live ttl before a host s metrics data needs to be refreshed The IP address associated with the interface that accepts incoming connections for the host This address links to a page that displays the host statement associated with the selected host The port that the 3DNS
82. cript corresponds to the Change Add Users for 3DNS Web Administration item on the 3DNS Maintenance menu This script secures the 3DNS administration Web site using basic authentication This script lets you provide restricted or administrative access to the 3DNS Web Administration site for selected users only and assigns passwords for those users 3DNS Controller v 1 0 6 D 23 Appendix D big3d_check big3d install Users with restricted access have access to the statistics area only Users with administrative access have access to all areas of the 3DNS Web Administration site It is important to note that if you do not use this script all users have access to the 3DNS administration Web site The first time you use this script to provide access for a user name and password you block access for all other users You can run this script again any time you need to provide access for another user The big3d check script corresponds to the Check big3d item on the 3DNS Maintenance menu This script checks that each BIG ip Controller listed in the bigips txt file is running the big3d utility The big3d install script corresponds to the Install and Start big3d item on the 3DNS Maintenance menu This script installs and starts the appropriate version of the big3d utility on each BIG ip Controller This script is useful for 3DNS Controller updates big3d install performs the following procedure on each BIG ip Controller 1 Stops th
83. d when the discovery factory makes a second pass Be sure to make a backup copy of the etc services file before you edit it Again note that the port list is shuffled before each scan After all target local DNS servers have been run through the discovery factory the big3d utility returns the results back to the 3DNS Controller If the 3DNS Controller receives a failed target back from the discovery factory it switches the target local DNS system to the Suspended state The 3DNS Controller no longer F5 Networks Inc Preparing for Installation attempts to probe or scan the target nor does it use path related dynamic load balancing modes to resolve requests issued by the local DNS system If the preferred load balancing method is set to a path related dynamic mode the 3DNS Controller instead uses a load balancing mode specified by either the alternate or the fallback load balancing method in the wideip statement Port and protocol usage Table 2 1 lists all the ports and protocols used for 3DNS Controller communications 3DNS Controller v 1 0 6 Chapter 2 From To Protocol Port Purpose 3DNS BIG ip udp 245 iQuery 3DNS BIG ip udp 4353 iQuery when use alternate iq yes BIG ip 3DNS udp 21024 iQuery BIG ip 3DNS udp 245 iQuery when mult iplex_ig yes BIG ip 3DNS udp 4353 iQuery when use_alternate_igq yes and multiplex iq yes Admin 3DNS tcp 4999 Web administ
84. data You can enter a value between 0 and 4294967295 seconds The 3DNS Controller refreshes virtual server information at intervals determined by timer_get_vs_data You can enter a value between 0 and 4294967295 seconds The 3DNS Controller refreshes path information for example round trip time or ping packet completion rate at intervals determined by timer_get_path_data You can enter a value between 0 and 4294967295 seconds The 3DNS Controller queries remote BIG ip Controllers every timer check keep alive seconds You can enter a value between 0 and 4294967295 20 90 30 60 Data timeouts These sub statements set the amount of time for which metrics information is considered valid Once a timeout is reached the 3DNS Controller refreshes the information Note that on a data copier it is important that you set all TTL values to be greater than the value set for sync db interval 3DNS Controller v 1 0 6 Chapter 7 Parameter Description Default bigip_ttl host_ttl vs_ttl path_ttl The amount of time in seconds that BIG ip Controller information is to be used by the 3DNS Controller for name resolution and load balancing You can enter a value between 1 and 4294967295 The following relationship should be maintained bigip ttl timer get bigip data A 2 1 ratio is the optimal setting for this relationship The amount of time in seconds that other host machine informat
85. db 3 Restart the named process Y2K compliance To make the 3DNS Controller Y2K compliant you may need to change the serial numbering scheme you apply to zone files Use the YYYYMMDDXX serial number format where the xx portion of the number reflects a series number that is attached to the date This serial number format accommodates zone file transfers that occur more than once in a 24 hour period but does not create serial numbers that exceed a 32 bit integer For more information on zone file serial numbers see page 136 in the O Reilly amp Associates book DNS and BIND third edition Globals sub statements If you are upgrading from an earlier version of 3DNS Controller and you plan to use the RTT or QOS load balancing modes change the following globals sub statements to the values shown below paths noclobber yes path ttl 2400 3DNS Controller v 1 0 6 S Chapter 3 The First Time Boot utility To boot the 3DNS Controller turn on the power switch located on the front of the 3DNS Controller chassis The power switch is item 7 on Figure 3 1 1 Fan filter 6 Power LED 2 Keyboard lock 7 On off button 3 Reset button 8 3 5 floppy disk drive 4 Keyboard lock LED 9 CD ROM drive 5 Hard disk drive LED Figure 3 1 3DNS Controller front view 3 8 F5 Networks Inc Installation Procedures Figure 3 2 shows
86. derstanding TTL values 4 28 Troubleshooting configuration problems 4 31 Configuration tasks As part of setting up a 3DNS Controller you must do the following 1 Enable encryption and generate an encryption key This step is optional but strongly recommended See page 4 3 F5 Networks Inc Configuring a 3DNS Controller Note that some countries do not allow encryption An international version of the 3DNS Controller is available for use in these situations See Working with international versions on page 2 15 Add big3d to your BIG ip Controllers See page 4 5 Add a wide IP See page 4 5 WwW N This task requires that you edit the bigip and wideip statements in your 3DNS Controller configuration file to include the appropriate addresses on your network You must also edit the host statement if you use other hosts on your network General defaults for the globals statement have been implemented so you don t need to add or edit the globals statement unless you want to specify non default values 4 Define at least one 3DNS Controller as a data collector and configure the remaining systems as data copiers See page 4 18 Nn Configure iQuery options This step is only necessary if you want to specify a non default port for iQuery traffic or allow for iQuery traffic to pass through firewalls See page 4 20 Note The following information assumes you have read O Reilly amp Associates boo
87. ding picky Do not auto correct any validation errors Example The following example shows a 3dparse command The bold typeface indicates the command entered bighost 3dparse o 3dparse Initializing 3dparse Parsing etc wideip conf 3dparse Dumping 3dparse out 3dparse SUCCESS watchdog named Use the watchdog named utility to ensure that a version of named is always running on the 3DNS Controller If watchdog named is running do not manually start named The 3DNS Controller does not prevent more than one named process from running simultaneously and watchdog named only monitors one named process at a time Because watchdog named is not a daemon start it as a background process watchdog named performs the following functions Starts and watches a new named process if named is not running when watchdog named is started Monitors any running named process e Starts a new named process if the watched named process stops 3DNS Controller v 1 0 6 D 3 Appendix D Keeps secure any dumped named core files by renaming the core file and adding a timestamp suffix watchdog named then compresses the core file Presents an error message if you attempt to start more than one watchdog named process Logs an emergency message if the named process runs for less than one hour before stopping ten times in a row this behavior usually indicates a serious problem with named You can use the r or
88. domain name The wide IP key binds the information from DNS to the 3DNS Controller and indicates to DNS that the 3DNS Controller within the named process should attempt to handle requests to this domain name This allows the 3DNS Controller to resolve the request by making a decision based upon its metric database and returning a better answer Each wide IP definition must have its own unique address The wide IP key is sometimes referred to as the fallback address When the preferred alternate and fallback load balancing modes as specified in the wideip definition fail the 3DNS Controller instructs the DNS to issue its original answer When this happens the wide IP key is called the fallback address Understanding TTL variables Time to Live TTL variables control how long information should be saved in the cache and used to make decisions There are two important TTL values that affect 3DNS Controllers zone minimums and object limits F5 Networks Inc Configuring a 3DNS Controller Zone minimums The zone file contains a Minimum field in the SOA section of the file The Minimum value is the TTL for all resource records RR in the zone file However you can override the zone minimum for a given RR For example if you don t want a DNS to cache the answer previously issued for a domain name you can specify a very low value for the Minimum field Note For wide IP domain names specify the TTL in the wideip
89. e 3dparse tool parses and verifies the syntax of the 3DNS configuration file wideip conf You can use it to verify syntax after making any changes to wideip conf before running named The 3dparse tool can be used to validate configuration syntax 3dparse checks global value ranges and to ensure each virtual server is configured on a BIG ip Controller or other host machine The 3dparse tool also checks dependencies For example TTL values like bigip_tt1 must be greater than their corresponding timer values like timer_get_bigip_data Use the following syntax with 3dparse o if lt file_name gt of lt file_name gt sf lt file_name gt d s v1 picky The options for 3dparse include help Displays the list of available options o Writes the in memory configuration to the wideip conf file The in memory configuration is created by reading the input file and applying verification and validation if file name Specifies a file name for the input file If you don t use this option 3dparse uses the default input file wideip conf of file name Specifies a file name for the output file version Displays the version information sf lt file_name gt F5 Networks Inc Utilities and Scripts Path for output status file The default is stdout d Simulate an ndc dumpdb after parsing s Simulate data copier behavior when loading v1 Turn on syslog verbosity and path loa
90. e eee 3 4 Upgrading an earlier version 0 0 0 eee eee eee eee 3 4 The First Time Boot utility 0 0 00 eee eee 3 8 Running the First Time Boot configuration utility 3 10 F Secure SSH client sees ecs enee amr mk ehe tet RES IRR eR 3 14 Transferring and installing the F Secure SSH client 3 14 Use UNIX ient posed Sed d reta cre hee es ad E EE qe edu 3 16 After installation usen nea uaar Ea RU PRI predio ane 3 16 Chapter 4 Configuring a 3DNS Controller 4 1 Configuration overview 11 0 0 cece ccc e 4 2 Configuration tasks 2 5 esset ee ER rex bo ee ete ees 4 2 Enabling encryption on US 3DNS Controllers lusus 4 3 Adding big3d to a BIG ip Controller 0 000 00000 4 5 Defining a wide IP uec tg Sek oe ee eee eee as 4 5 Defining data collectors and data copiers 0 0005 4 18 Configuring iQuery options 0 0 0 0 eee eee eee eee eee 4 20 Reference material i n Re rere eR RUE p ah Lewd LEE 4 23 The 3DNS Maintenance menu 0 0 0 eee eee 4 23 Understanding the wide IP key lesse eee 4 28 Understanding TTL variables 0 0 0 0 eee eese 4 28 Troubleshooting configuration problems 0 4 31 Chapter 5 Load Balancing 5 1 How does load balancing work sesesseeeeeeeeeeen 5 2 Load balancing modes i2i sere rt px ED eR REP EURO LI ees we 5 2 Dynamic Modes e ee eb eee ERR ARE EPI ee
91. e globals sub statement primary ip You must add that line to each data copier s wideip conf file For more information on synchronizing wideip conf files see 3dns sync on page D 23 Generating RSA authentication To generate RSA authentication open the 3DNS Maintenance menu on a 3DNS Controller that is a data copier and select Generate RSA Authentication This menu items starts the 3Jdns auth script which generates password authentication by running the ssh keygen command and copying the key to the BIG ip Controllers and other 3DNS Controllers 3DNS Controller v 1 0 6 4 19 Chapter 4 It is important to know that this script only runs ssh keygen if no identity pub file exists An existing identity pub file indicates that ssh keygen was already run WARNING Running ssh keygen more than once will cause problems and is not recommended For more information on password authentication see 3dns_auth on page D 20 To test that you have successfully generated the ssh key use ssh to log into the data collector without a password ssh root il ip address of 3DNS Configuring iQuery options You need to configure iQuery options only if you want to specify a non default port for iQuery traffic or if you want to allow iQuery traffic to pass through firewalls Choosing ports for iQuery traffic Port 4353 is registered with the IANA as the standard port for the iQuery protocol You can use the globals sub statement
92. e of the following prog Used for compatibility with the previous syslogd for example if one is sharing syslog conf files prog Each block will be associated with calls to syslog from that specific program The action specified in the action field is taken if a message received matches the specified facility and is of the specified level or a higher level and if the first word in the message after the date matches the program To specify multiple selectors for a single action separate each selector with a semicolon character It is important to note that each selector can modify the ones preceding it To specify multiple facilities for a single level separate each selector with a comma character An asterisk can be used as a wildcard character to specify all facilities all levels or all programs 3DNS Controller v 1 0 6 D 13 Appendix D The special facility mark receives a message at info priority every 20 minutes This is not enabled by a facility field The facility command uses the following marks A comma separated list of users Selected messages are written to those users if they are logged in An asterisk Selected messages are written to all logged in users A vertical bar The vertical bar is followed by a command to which to pipe the selected messages The command is passed to a bin sh for evaluation so usual shell metacharacters or input output redirection can occur How
93. e packet rate qos coeff rtt 1 score rtt qos coe f completion rate score completion rate qos coe f topology score topology The coefficients for the score computation are defined as globals but may be overridden within a wideip statement Parameter Description Default qos coeff rtt Relative weighting for round trip time when the 20 load balancing mode is set to Quality of Service You can enter a value between 0 and 100 qos coeff completion rate Relative weighting for ping packet completion rate 5 when the load balancing mode is set to Quality of Service You can enter a value between 0 and 100 qos coeff packet rate Relative weighting for BIG ip Controller packet 3 rate when the load balancing mode is set to Quality of Service You can enter a value between 0 and 100 qos coeff topology Relative weighting for topology when the load 0 balancing mode is set to Quality of Service You can enter a value between 0 and 100 q eae F5 Networks Inc Statements and Comments Load balancing Parameter Description Default default_ Defines the default load balancing mode used for the rr alternate default_fallback fb respect depends fb respect acl alternate method formerly de ault static You can override this setting in the wideip statement Defines the default load balancing mode used for the fall return to back method You can override this settin
94. e running big3d process 2 Uses a matrix file to determine which version of big3d to copy to the BIG ip Controller The matrix file is a file that lists version numbers for all BIG ip Controllers known to the 3DNS Controller and the version numbers of the big3d and named utilities running on each BIG ip Controller UJ Adds the following to the bottom of the etc rc local file if f usr sbin big3d then echo n big3d usr sbin big3d 2 dev null fi 4 Starts usr sbin big3d F5 Networks Inc big3d_restart Utilities and Scripts Configuring the big3d process The syntax is big3d options Option Description foreground Runs the process in the foreground rather than as a daemon help Lists the available options keyfile Specifies the location of the key file for encryption rxbufsize Sets the size of the receive socket buffer txbufsize Sets the size of the transmit socket buffer version Displays version information The big3d restart script corresponds to the Restart big3d item on the 3DNS Maintenance menu This script stops and restarts the big3d utility on each BIG ip Controller that is listed in the bigips txt file dynamic wideip This script puts the 3DNS Controller into dynamic mode for wideip conf The script is also available on the 3DNS Maintenance menu as the Use Dynamic wideip conf command The script first dumps the named cache if the dump fails the 3DNS Controlle
95. e set to nu11 Specifying null mode prevents the 3DNS Controller from attempting to do load balancing for the given method Instead the 3DNS Controller either goes to the next load balancing method or if it has cycled through all three load balancing methods for the pool it then goes to the next resource pool In this case because the preferred load balancing method leastconn depends on the same metrics data as any static method for vsb virtual servers it is more efficient to perform one load balancing attempt per pool rather than trying three load balancing attempts before moving to the next available pool Also note that the fallback load balancing method in the Tokyo pool is set to return to dns instead of being set to null Because the wideip statement is set to use global availability for load balancing the pools the 3DNS Controller always utilizes the Tokyo pool last if at all If the Tokyo pool fails the 3DNS Controller returns the resolution request to DNS This would happen regardless of how the fallback method is set in the Tokyo pool but it is more efficient to set this last fallback to specifically use return to dns Configuring for e commerce In this example the administrator is setting up a site for selling a product on the Internet This site contains secure and non secure areas The non secure area contains the product catalog and the secure area is for placing orders The administrator can configure a wide IP so tha
96. econdary DNS f newyork domain com Node Node2 Node pod Content Servers 3DNS Controller BIG ip Controller data collector n and primary DNS Internet MINIM 1 E M i Node Node2 Nodes Content Servers ia tokyo domain com Jl Host Data collection Figure 2 5 Multiple 3DNS Controllers In this case both 3DNS Controllers perform metrics collection The 3DNS Controller in New York is the authoritative source for zone information The 3DNS Controller in Los Angeles is also capable of resolving name requests but gets its zone information from the New York machine 2 12 F5 Networks Inc Preparing for Installation Example D Figure 2 6 shows an example where both 3DNS Controllers are primary DNS systems The 3DNS Controller in New York is the data collector and the 3DNS Controller in Los Angeles is a data copier losangeles domain com Ea q Data copier and primary DNS newyork domain com z J i z LT Router Nodei Node2 Node3 z Content Servers mL 6j J E 8 3DNS Controller BIG ip Controlle data collector and primary DNS d Internet i B i Nodei Node2 Node3 Content Servers tokyo domain com Host Data collection Copying of collected data Fi
97. ed by the 3DNS Controller This alias is the name that is made public AR Thelocal DNS queries the 3DNS Controller in New York for the name resolution which responds with the IP address to use for the connection CA The local DNS passes this IP address back to the client oO The client connects to the selected virtual server which is managed by the BIG ip Controller in Los Angeles via the ISP Note that a portion of the line is dotted to indicate that the actual hardware for this step is not shown due to the number of ways ISPs can configure their networks The choice of data center is based on collected metrics information and load balancing algorithms This information is not collected during the actual transaction but at specified intervals Details on update intervals are given in Periodic task intervals on page 7 8 For details on the available load balancing modes see Chapter 5 Load Balancing Migrating the primary DNS to a 3DNS Controller As mentioned earlier you can configure a 3DNS Controller to act as the primary DNS for the domains it controls To migrate the primary DNS to a 3DNS Controller 1 If you are migrating from a BIND 4 system to a 3DNS Controller you must convert the named boot file using the etc named bootconf pl Perl script Run the script by typing the following on the command line etc named bootconf pl etc named boot etc named conf 2 Find the primary DNS resource records a
98. eh nee Se C RR 5 3 F5 Networks Inc Table of Contents Static modes s ee pein Re sut Aes e eut eed garmin 5 9 Specialized modes n on nunnurnar 5 14 Load balancing examples 0 0 cece eect ene 5 30 Configuring a standby data center 00 0000 esee 5 30 Configuring alternate modes 0 c ee eee eee eee 5 31 Using multiple resource pools 00 0 eee eee eee eee 5 34 Configuring for e commerce 0 0 00 c ee eee eee eee 5 38 Chapter 6 Web Administration 6 1 Starting 3DNS administration 0 0 0 eee eee 6 2 Setting user access privileges for administration and statistics 6 2 Statisties ies peg e EREKE EE ANA RS SE REESE RA Re 6 3 BIG ip Controller statistics 0 0 0 ee eee 6 3 Host statistics ick els a PR ER ERG E a RES ed ba EN 6 5 Virtual server StatistiCS 0 0 0 0 ce een teens 6 6 Path Statistics ao th das E wos naa ees EE esso EINEN 6 7 Local DNS statistics 0 0 0 ccc een nee 6 8 Wide IP statistics 2 0 ce cence nee 6 9 Summary statistics 0 hne 6 11 Global variable statistics 0 0 0 0 00 ccc ee ene 6 18 Documentation nonon unaenea narrare les 6 19 Administration eenean e a ccc ete eet hn 6 19 Command espa a ee DEO E E E aS a SH See 6 19 Confisuration ses cana tienenie one A AE E Pe EA 6 19 Chapter 7 Statements and Comments 7 1 Statements lt 5 ceccasce He dsdadd eta E was neq EER 7 2 Syntax TIES secs cay treri REB AEE
99. erate and Copy iQuery Encryption Key Check versions of named BIG ip kernel and needed big3d Edit big3d matrix tall and Start big3d t BIND Configuration ch BIG ip Configuration Edit BIG ip Configuration Edit 3DNS Configuration Synchronize Configuration Data Check big3d Restart big3d Change Add Users for 3DNS Web Administration Start 3DNS Administration Dump and List named Database Display mode of wideip conf Use Dynamic wideip conf Use Static wideip conf Enter cu cO nts Figure 4 11 3DNS Maintenance menu The following table describes the function of each menu item 4 24 F5 Networks Inc Configuring a 3DNS Controller Menu Item Description Edit BIG ip List Opens the bigips txt data file for editing For more information on this file see File location on page D 20 Edit 3DNS List Opens the 3dns txt data file for editing For more information on this file see File location on page D 20 Generate RSA Runs the 3dns_auth script which generates a password authentication Authentication by setting the RSA Authentication parameter to yes in etc sshd_config conf and copying the ssh key to each 3DNS Controller and BIG ip Controller When prompted for an RSA passphrase press the Enter key instead of typing a password This item is not available in the international version of 3DNS Controller Generate and Copy F5 Runs the install key script which then runs the F5makekey script iQuery Encryption Key
100. ervers on BIG ip Controllers and or other host machines A wide IP contains one or more pool sub statements that define individual load balancing pools A load balancing pool is a group of virtual servers that the 3DNS Controller load balances and it is limited only in that the virtual servers included in the pool must be of the same type either BIG ip virtual servers or host virtual servers A wideip statement specifies the following A domain name and a key A set of virtual servers accessing all the instances of a mirrored service Parameters configuring the algorithm which chooses the best virtual server for each transaction 3DNS Controller v 1 0 6 7 21 Chapter 7 Syntax for wide IP statement wideip address lt ip_addr gt port lt port_number gt lt service name gt name domain name alias lt alias_name gt ttl number port list port number port number dos coeff iE Sigs completion rate n packet rate n topology n kl pool lbmode rr ratio ga random pool name pool name type vsb vsh ratio pool ratio preferred rr ratio ga topology random leastconn packet rate completion rate rtt qos alternate rr ratio ga topology random return to dns null ralliack sri wee ga cogology random leastconn packet_rate completion_rate rtt qos gt address lt v
101. es the data collector for updated performance data The above example could be your entire wideip conf file for a data copier unless you want to set any other global variables to change the behavior of the data copier 4 18 F5 Networks Inc Configuring a 3DNS Controller To verify whether a 3DNS Controller is a data collector or data copier use the Summary screen of the 3DNS Web Administration tool See Summary statistics on page 6 11 Synchronizing data copiers After the data collector is defined do the following tasks Decide whether to synchronize the wideip conf files on all data collectors The wideip conf files on data copiers are short as shown above Generate password authentication on each data copier Synchronizing wideip conf files To synchronize the wideip conf files open the 3DNS Maintenance menu on the 3DNS Controller that is the data collector and select Synchronize Configuration Data This menu item starts the 3dns sync script which distributes the data collector s wideip conf file to all 3DNS Controllers listed in 3dns txt However there may be situations where you do not want the wideip conf file to be the same on all 3DNS Controllers For example if you are using the Global Availability mode as the default load balancing mode you need to customize the list of virtual servers in the wideip conf file at each location Also remember that the data collector s wideip conf file does not contain th
102. ess must precede all other possible sub statements Port specification Wherever a port specification is required in a statement it must immediately follow the address specification The exception is the host statement where the port specification follows the probe protocol sub statement In all other cases the port specification can take any of the following forms address ip addr port address ip addr port port address ip addr service wks In the above example wks stands for well known service and is a quoted string representing the name of a WKS defined in the etc services file Pool specification A pool is a set of virtual servers defined and owned by a BIG ip Controller or other host machine Acceptable values are vsb virtual servers owned by a BIG ip Controller and vsn virtual servers owned by a host machine The default is vsb You can have both types of virtual servers in the same vsh pool definition but you can only include virtual servers owned by a BIG ip Controller in a vsb pool Note that vsh pools can only use static load balancing modes cur values You may notice several cur values in your wideip conf file do not edit them unless you are instructed to do so by F5 technical support For more information see Understanding cur_ values on page C 16 3DNS Controller v 1 0 6 7 3 Chapter 7 The globals statement The globals statement sets up global options to be u
103. est match rule The 3DNS Controller uses the same type of longest match rule that is commonly used by routers If there are several IP mask items that match a particular IP address the 3DNS Controller selects the record that is most specific and thus has the longest mask is the largest For example 192 168 101 4 matches 192 168 101 4 0 192 168 101 4 8 192 168 101 4 13 192 168 101 4 24 and 192 168 101 4 32 but the longest matching IP mask is 192 168 101 4 32 When the 1ongest match parameter is set to yes the default the longest match rule is obeyed for local DNS IP addresses and also for server IP addresses when there are multiple matches for a server local DNS combination This means that for 3DNS Controller v 1 0 6 5 19 Chapter 5 the virtual server 192 168 101 50 owned by BIG ip Controller 192 168 101 40 and local DNS 198 0 0 40 the third list record is the longest match 192 168 101 0 24 198 0 0 40 24 2 192 168 101 0 8 198 0 0 40 16 0 192 168 101 0 8 198 0 0 40 27 6 Longest Match 192 168 101 0 16 198 0 0 0 24 7 192 168 101 0 32 198 0 0 0 24 3 Second Longest Match Although this is not how the search is implemented consider that all the records matching the server and local DNS IP address are gathered into a set The records in this set are sorted in descending order first by local DNS mask and then by server mask The highest record in the sorted set determines which is the shortest path between t
104. etc wideip conf file However in the current version the First Time Boot utility is triggered only if the etc netstart file is not found The etc wideip conf file is no longer used to trigger or prevent the First Time Boot utility from running at start up If you are upgrading from an earlier version you must change the appropriate lines in the etc rc file to take advantage of this change See Upgrading an earlier version on page 3 4 Comments are allowed in bigips txt and 3dns txt files You can now use shell style comments also known as Perl style comments in the bigips txt and 3dns txt files See File location on page D 20 Support for international 3DNS Controllers 3DNS Controller now supports versions for international distribution See page 2 15 New utility watchdog named You can use the new watchdog named utility to start and monitor the named process See watchdog named on page D 3 It is important to note that when your 3DNS Controller is using watchdog named you cannot use ndc to stop start or restart named Instead you must use 3ndc See 3ndc on page D 5 Conventions used in this manual This section describes the typographic and terminology conventions used in this manual Typographic conventions Understanding these conventions is especially useful in learning command syntax F5 Networks Inc Introduction to 3DNS Controller Parameters Certain characters are used to indicate whether a param
105. eter is mandatory or optional or whether you can use one parameter or another Mandatory parameters Angle brackets lt gt enclose mandatory parameters where you must type the data associated with a command Optional parameters Brackets enclose optional parameters Choice of parameters A vertical bar between two values means that either value is acceptable Typeface The courier typeface is used to distinguish user input and computer output from explanatory text Computer prompts computer output and file excerpts Computer prompts computer output and file excerpts are shown in Courier type as in globals default alternate ratio User input Text you must type is shown in bold Courier type as in big3d version Terminology conventions The following terms used in this manual require some explanation Host machine The term host machine refers to an individual network server or server array controller other than the BIG ip Controller 3DNS Controller v 1 0 6 1 9 Chapter 1 Data collector data copier You can configure a 3DNS Controller to be a data collector or a data copier Data collector A data collector is a 3DNS Controller that collects metrics information By default all 3DNS Controllers on a global network are peers meaning that they each collect metrics information A 3DNS Controller is a data collector until you specifically designate it to be data copier us
106. ever note that redirecting stdio buffered output from the invoked command can cause additional delays or even lost output data in case a logging sub process exited with a signal The command itself runs with stdout and stderr redirected to dev null Upon receipt of a SIGHUP syslog conf closes the pipe to the process If the process didn t exit voluntarily it will be sent a SIGTERM signal after a grace period of up to 60 seconds The command starts only when the data that should be piped to it arrives If the process exits later it restarts as necessary If you want the sub process to get exactly one line of input only which can be very resource consuming if there are a lot of messages flowing quickly you can do this by exiting after just one line of input If necessary a script wrapper can be written to this effect Unless the command is a full pipeline you probably want to start the command with exec so that the invoking shell process does not wait for the command to complete WARNING The process is started under the UID that invokes syslogd usually the superuser Blank lines and lines whose first non blank character is a hash character are considered to be comments and are ignored F5 Networks Inc Utilities and Scripts Example The following is an example of a configuration file Log all kernel messages authentication messages of level notice or higher and anything of level err or higher to the console
107. example 5 30 F5 Networks Inc Load Balancing wideip address 192 168 101 60 port g0 name www wip domain com pool name poolli type vsb preferred ga address 192 168 101 60 address 192 168 102 60 address 192 168 103 60 Figure 5 22 Configuring a standby data center Configuring alternate modes This section provides two examples of how you can use an alternate load balancing method Example A This example uses the Round Trip Times as the preferred mode If the preferred mode round trip times fails the 3DNS Controller uses the alternate mode In this example global availability is the alternate mode This means that if the preferred mode fails the 3DNS Controller in this example chooses the first available virtual server from the list in the wideip statement 3DNS Controller v 1 0 6 5 31 Chapter 5 From the New York wideip conf wideip address 192 168 101 60 port 80 name www wip domain com pool name poolA type vsb preferred rtt alternate ga address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Figure 5 23 Using alternate load balancing modes New York wideip conf To cause the 3DNS Controller in New York to fall back to a New York virtual server and the similar effect to take place on the 3DNS Controller in Los Angeles the virtual servers nearest to the 3DNS Controller are listed first One unique and important aspect of t
108. f California Berkeley Lawrence Berkeley Laboratory and its contributors This product includes software developed by the University of Vermont and State Agricultural College and Garrett A Wollman This product includes software developed by Dean Huxley This product includes software developed by Herb Peyerl This product includes software developed by Eric Young eay cryptsoft com This product includes software developed by Jef Poskanzer jef acme com This product includes software developed by Thomas Boutell boutell boutell com In the following statement This software refers to the Mitsumi CD ROM driver This software was developed by Holger Veit and Brian Moore for use with 386BSD and similar operating systems Similar operating systems includes mainly non profit oriented systems for research and education including but not restricted to NetBSD FreeBSD Mach by CMU In the following statement This software refers to the parallel port driver This software is a component of 386BSD developed by William F Jolitz TeleMuse 3DNS Controller v 1 0 6 vii The material included Appendix E BIND 8 Configuration Information was taken from the Internet Software Consortium s web site The ISC is a non profit group and their web address is http www isc org F5 Networks Limited Warranty This warranty will apply to any sale of goods or services or license of software collectively Pr
109. file with this tool You cannot edit a wideip conf file that is larger than 64 Kb You can only change or add items in a wideip conf file you cannot remove items from the file f you use incorrect syntax in the wideip conf file the file fails parsing and the erroneous text is displayed for review Edit Globals Lets you view and edit individual variables in your globals statement without loading the wideip conf file To edit global variables in this window 1 Click the variable name 2 Make your edits 3 Click Update The Change Requires Restart column indicates whether you must restart named for changes to take effect Update Database Creates two files var 3dns etc wideip conf dynamic This file stores the wide IP definitions path data and local DNS data F5 Networks Inc Web Administration e var 3dns etc wideip conf static This file contains only the globals bigip statements hosts statements and wideip statements For information on dynamic and static wideip conf files see Working with static and dynamic wideip conf files on page C 2 Restart Restarts the named process This is equivalent to issuing the ndc restart command If you change your configuration file click Restart for the changes to take effect When the 3DNS Controller restarts it re reads the configuration information 3DNS Controller v 1 0 6 6 21 Chapter 6 pons Statements and Comments e Statement
110. g in the wideip dns statement Determines whether the 3DNS Controller respects virtual no server status when load balancing switches to the specified fall back mode Determines whether the 3DNS Controller imposes access no control when load balancing switches to the specified fall back mode For more information on selecting a load balancing mode see Chapter 5 Encryption The encryption sub statements specify whether the communication between the 3DNS Controller and a BIG ip Controller is encrypted Parameter Description Default encryption Specifies whether to enable encryption for iQuery no events encryption key file Specifies the location and name of the iQuery etc F5key dat encryption key file 3DNS Controller v 1 0 6 7 13 Chapter 7 Prober The prober sub statement defines the IP address of the machine that pings a host system to verify whether it is available Typically you use the IP address of the 3DNS Controller itself but you can use other network servers Parameter Description Default prober The default prober for host status usually the 3DNS Controller IP 0 0 0 0 address Using this sub statement is not necessary if the 3DNS Controller only manages the BIG ip Controller This sub statement can be overridden within the host statement WARNING We recommend that you define a default prober if the 3DNS Controller manages virtual servers on
111. generate password authentication The 3dns auth script corresponds to the Generate RSA Authentication item on the 3DNS Maintenance menu Note This script is not available in the international version of the 3DNS Controller F5 Networks Inc Utilities and Scripts The 3dns_auth script generates a password authentication copying the ssh key to each 3DNS Controller and BIG ip Controller WARNING Before you use this command you must set the RSAAuthentication parameter to yes in the etc sshd_config conf file The 3dns_auth script does the following 1 If no identity pub file exists 3dns auth runs the ssh keygen command to generate root ssh identity and root ssh identity pub files that incorporate NULL passphrases An existing identity pub file indicates that ssh keygen was already run Running ssh keygen more than once will cause problems and is not recommended When you run ssh keygen press Enter when asked for a passphrase Do not type in a password Here is a sample session to generate a public key 3dns standby ssh keygen Initializing random number generator Generating p distance 364 Generating q distance 16 Computing the keys Testing the keys Key generation complete Enter file in which to save the key root ssh identity Enter passphrase Enter the same passphrase again Your identification has been saved in root ssh identity Your public key
112. gure 2 6 Multiple 3DNS Controllers In this case both 3DNS Controllers are authoritative sources for zone information The 3DNS Controller in New York is the only machine that collects metrics information 3DNS Controller v 1 0 6 Chapter 2 Advantages and disadvantages Each configuration example has its advantages and disadvantages You should evaluate each configuration option carefully before to determine which type of configuration is best suited to your network Multiple primary DNS systems Advantages Having more than one primary DNS can be useful in networks where there are a large number of secondary DNS systems Adding another primary DNS is one possible solution for an overloaded primary DNS Disadvantages Creating more primary DNS systems creates more work for the administrator As the administrator you must synchronize database files between the two systems or keep track of the differences between each system s zone files Secondary DNS Advantages Adding a secondary DNS is the simplest way to add new servers for your domain Disadvantages An overly large number of secondary DNS systems may overtax the primary DNS If this is a problem adding another primary DNS is one possible solution Multiple data collectors Advantages Having multiple 3DNS Controllers configured as data collectors adds reliability to your network because more than one machine has the most current metrics information and ca
113. has been saved in root ssh identity pub 2 Appends the contents of the root ssh identity pub file to the 3DNS root ssh authorized keys file using the following command 3DNS Controller v 1 0 6 D 21 Appendix D 3dns standby cat root ssh identity pub ssh l root ip address of 3DNS cat gt gt root ssh authorized keys 3dns dump Note that you must use a front tick mark also called a single straight quotation mark in the above syntax To test that you have successfully generated the ssh key use ssh to log into the data collector without a password data collector ssh root i ip address of 3DNS Note There may be cases where you have an existing identity pub file but you want to perform the other tasks performed by 3dns auth In these cases do not run the script again Instead perform the other tasks manually Without an argument this script simply dumps the named cache and creates new versions of the files var 3dns etc wideip conf static and var 3dns etc wideip conf dynamic using file var run wideip cmd If a wideip cmd file already exists before the 3dns dump script is called wideip cmd will temporarily be moved and then restored afterward This script prints out an error message if named does not respond to the signal to dump or read in the command file 3dns mode conf watch This script takes an argument con or watch and returns a text string that displays the wideip conf
114. hat you edit this file syslog conf The syslog conf file is the configuration file for the syslogd program It consists of blocks of lines separated by program specifications with each line containing two fields Selector field Specifies the types of messages and priorities to which the line applies Action field Specifies the action to be taken if syslogd receives a message that matches the selection criteria The selector field is separated from the action field by one or more space or tab characters The Selector function is encoded as a facility a period and a level with no intervening white space Both the facility and the level are case insensitive F5 Networks Inc Utilities and Scripts The facility describes the part of the system generating the message and is one of the following keywords auth authpriv cron daemon ftp kern lpr mail mark news ntp syslog user uucp and local0 through local7 These key words with the exception of mark correspond to the similar LoG values specified to the openlog and syslog library routines The level describes the severity of the message The severity levels include from highest to lowest emerg alert crit err warning notice info and debug These correspond to the similar LOG values specified to the syslog library routine Each block of lines in the syslog conf file is separated from the previous block by a tag The tag is a line beginning with on
115. he client and a virtual server For example if the third list record in the above example is removed then the first and fifth records tie for longest match on local DNS but the fifth wins because it has the more specific server mask Implementing topology based access control Any server local DNS matching a list record with a score below the acl threshold is interpreted as if the virtual server were unavailable For example if a local DNS 198 0 0 0 requests a name resolution any virtual server owned by BIG ip Controller 192 168 101 0 is considered down for load balancing purposes due to the first list entry This provides a hook for an administrator to set up access control to data centers based on local DNS IP address Using wildcard list records to explicitly allow or deny access to local DNS servers that do not match a specific list record You may want to define a wildcard list record that you can use to prevent users from being locked out when access control is turned on when the acl_threshold is set to a value greater than zero If the 3DNS Controller compares the local DNS server s IP address 5 20 F5 Networks Inc Load Balancing to the specific list records but does not find a match it can use a wildcard list record to determine how to handle the resolution request A wildcard list record is the last list record in the topology statement and uses the following syntax 0 0 0 0 0 0 0 0 0 0 lt score gt By using the
116. he topology statement The topology statement implements a form of wide area IP filtering Topology based access control allows you to specify which data centers are acceptable for a given resolution request based on the proximity of the data center s IP address to the requesting IP address of the local DNS server For example you can specify that requesting local DNS clients in North America are allowed access to data centers in North America but not allowed access to data centers in South America By including a topology statement in your wideip conf file you can also use the topology load balancing mode both on its own and as part of the QOS mode For more information and an example of a topology statement see Topology based access control on page 5 15 3DNS Controller v 1 0 6 7 27 Chapter 7 Syntax for topology statement topology acl threshold i 0 gt limit_probes lt yes no gt longest_match lt yes no gt lt server cidr gt lt LDNS cidr gt lt score gt Figure 7 10 Syntax for topology statement Definition of topology sub statements Parameter Description acl threshold Provides a hook for administrators to set up access control to data centers based on local DNS IP addresses by specifying a score threshold Any server local DNS matching a list record with a score below this threshold is interpreted as if the virtual server were unavailable limit_probes Specifies whether to apply acce
117. hentication generating 4 19 D 20 S scripts D 19 secondary DNS defined 2 8 F5 Networks Inc security changing passwords 8 2 sending mail from syslog D 17 Sendmail 8 3 signals sending to 3DNS Controller D 9 SOA resource records F 5 statements 3DNS Controller 7 2 bigip 7 16 BIND 8 E 2 globals 7 4 host 7 19 topology 7 27 wideip 7 21 static_wideip D 27 statistics BIG ip Controllers 6 3 collection 6 3 hosts 6 5 local DNS 6 8 path 6 7 summary 6 11 virtual servers 6 6 wide IPs 6 9 subdomain allocating 4 6 delegating 4 7 summary network statistics 6 11 synchronizing data copiers 4 19 syntax acl statement BIND 8 E 4 bigip statement 3DNS Controller 7 17 comments 3DNS Controller 7 29 comments BIND 8 E 8 conventions 1 8 globals statement 3DNS Controller 7 5 host statement 3DNS Controller 7 19 include statement BIND 8 E 4 key statement BIND 8 E 5 logging statement BIND 8 E 5 options statement BIND 8 E 6 rules 7 2 3DNS Controller v 1 0 6 Index server statement BIND 8 E 7 topology statement 3DNS Controller 7 28 wideip statement 3DNS Controller 7 22 zone statement BIND 8 E 7 syslog configuring for 3DNS messages D 11 syslog conf D 12 syslogd D 15 T thttpd D 17 topology access control 5 15 load balancing mode 5 21 topology statement 7 27 troubleshooting configuration problems 4 31 typography conventions 1 8 U upgrading from an earlier version 3 4 utilities 3dp
118. his type of configuration is that each 3DNS Controller maintains a different wideip conf file rather than working from a synchronized wideip conf file 5 32 F5 Networks Inc Load Balancing From the Los Angeles wideip conf wideip address 192 168 101 60 port 80 name www wip domain com pool name poolB type vsb preferred rtt alternate ga address 192 168 102 60 Los Angeles address 192 168 101 60 New York Figure 5 24 Using alternate load balancing modes Los Angeles wideip conf Example B In this example suppose you are releasing a new version of a software product and plan to distribute it via FTP You decide to specify the Least Connections as the preferred mode to better guarantee a connection for customers attempting to download the software You can select Ratio as the alternate mode with weights assigned to certain servers For this example assume that the Los Angeles server has the ability to process requests faster than the other servers Because of this you choose the Los Angeles server as the preferred virtual server twice as often as the New York server and three times as often as Tokyo server 3DNS Controller v 1 0 6 5633 Chapter 5 Least connections with ratio as an alternate wideip address 192 168 102 60 service ftp name ftp wip domain com pool name main_pool type vsb preferred leastconn alternate ratio address 192 168 101 60 ratio 2 New York addre
119. ilities ue eat setae VPE Reda RI PEDE D 2 Sdpatse ilv xx Lae AR URS tA oe oa TEQUE Ee ES D 2 watchdog named eee eR mee hehe D 3 SNC cesse terr n ten EREDUXPEERETESTERIA ERR RIA E E Edel D 5 IE PPM M P D 6 NOG 4i ke t ue RENE SG EM BEAR ob G4 Gerne E Dees D 8 Configuring syslog for 3DNS messages lesse D 11 TAGES 2 sods acon este upatiosea set tanta etude Ea sate E esc er DUE D 17 SENDIS Gurgaon gay sete oU RU dae Ease e t Ue edm D 19 Pile 1OCAUOM re D 20 3dns admin Statt 5 4 ssdc ee Goes ep Soda IRR Gaede eA D 20 F5 Networks Inc Table of Contents 3dns auti vocet Soe RUE ESI EOS I hie SR URS D 20 GDS QUIN PHP D 22 3dns_mode lt conf watch gt 0 0 ccc ccc tenes D 22 GMS SYNC sc te vache r m D 23 3dns web passwd 0 cece cece eee tenn e eee D 23 Bis 3 GiCheek qM D 24 big3d install ecd Via eae ae PER OP DRE Ta D 24 big3d restart 2222 bbRSERIRb REPRE Re REPETI EROS E D 25 dynamic Wwidelp szesvsrelRecRelv e4 re EP RE DRE P LES D 25 edit widelp iss eo epe E ERO Deed ede ded eaters D 26 install key and F5makekey 0 0000 esee D 26 print 3dvips iia oevelke ote r ieee aede e eka de DeC D 27 Static WIQeIp sand ache iaaa S doses ae vU eR tapes tace meow VA acm D 27 Appendix E BIND 8 Configuration Information E 1 BIND 8 OVeIVIEW Scie s c24cai rdum esee wines qe neon rie dier RR E 2 Stale MCT e EE P ain E 2 acl statement s boue b ue ended p
120. in topology access control with an example Suppose that your company maintains Spanish web sites You have data centers in New York Los Angeles and Tokyo You prefer that resolution requests made from clients located in North America are resolved by North American data centers However you don t mind if a few requests are sent to Tokyo when requests cannot be resolved in New York or Los Angeles 3DNS Controller v 1 0 6 Bails Chapter 5 However because of cost issues you do not want requests made from clients in South America to go to the New York data center To achieve this you can configure the topology statement as shown topology acl_threshold i limit probes yes longest match yes Server LDNS Score FIM MLLLlHgbllidlk l ll North American LDNS s 198 0 0 0 8 199 0 0 0 8 North America Priority List 1 New York 2 L A 3 Tokyo New York 192 168 101 0 24 198 0 0 0 8 30 192 168 101 0 24 199 0 0 0 8 30 Los Angeles 192 168 102 0 24 198 0 0 0 8 20 192 168 102 0 24 199 0 0 0 8 20 Tokyo 192 168 103 0 24 198 0 0 0 8 10 192 168 103 0 24 199 0 0 0 8 10 V MLIMMMM M METOHUTLHHl A ll lllldld d South American LDNS s 200 0 0 0 8 Load Balancing 201 0 0 0 8 South America Priority List 1 Tokyo 2 L A New York excluded by acl threshold Tokyo 192 168 103 0 24 200 0 0 0 8 30 192 168 103 0 24 201 0 0 0 8 30
121. ing the globals sub statement primary_ip See Defining data collectors and data copiers on page 4 18 Data copier A data copier is a 3DNS Controller that copies metrics from a data collector at intervals specified with the globals sub statement sync db interval Data copiers do not collect metrics themselves DNS The Domain Name System DNS is a distributed database that maps IP addresses to host names All DNS servers DNS and 3DNS resolve names The terms primary and secondary are used to differentiate between DNS systems that maintain authoritative zone information and DNS systems that copy zone information from other DNS systems Primary DNS A primary DNS is the authoritative source for zone information All DNS servers can resolve names but zone files are kept and configured only on primary DNS servers Secondary DNS A secondary DNS is a DNS server that is instructed to get its database from a primary DNS on a zone by zone basis The secondary DNS copies zone files from the primary DNS at startup when a timer expires in the SOA record or when a dynamic update occurs F5 Networks Inc Introduction to 3DNS Controller This manual assumes that you have general knowledge of DNS For complete documentation of DNS you can refer to O Reilly amp Associates book DNS and BIND second or third edition When you review DNS documentation that covers BIND 8 you will notice that BIND 8 now uses the terms master and
122. international version To enable the rlogin tools on a BIG ip Controller 1 Use ftp to copy the usr contrib bin rsetup file from the 3DNS Controller to usr contrib bin rsetup on the BIG ip Controller 2 On the BIG ip Controller update the permissions in the usr contrib bin rsetup file to match the corresponding file permissions as they are set on the 3DNS Controller 3 From the command line run the rsetup script Note You can disable rsh and rcp access at any time by changing the bigip open rsh ports system control variable to 0 Allowing communications between US 3DNS Controllers and international big3d utilities US 3DNS Controllers issue encrypted queries to big3d utilities that run on BIG ip Controllers In a mixed environment where a 3DNS Controller may have to issue queries to both US and international big3d utilities you must disable iQuery encryption on the US 3DNS Controller To disable encryption set the following global variable to no encryption no 2 18 F5 Networks Inc Preparing for Installation Understanding virtual servers The 3DNS Controller load balances DNS requests to individual virtual servers A virtual server is a specific combination of a virtual IP address and a virtual port number Virtual servers can be managed by BIG ip Controllers or they can be managed by generic host servers such as a standard network server a web server or an array controller For this reason the load ba
123. ion 3 14 F5 Networks Inc Installation Procedures 2 Start FTP by typing ftp 3 Enter passive FTP mode by typing passive 4 Open a connection to the administration workstation by typing the following command where lt ip_address gt is the IP address of the administration workstation open lt IP_address gt The following text is displayed Connected to big f5 com 220 big f5 com FTP server OSF 1 Version 5 60 ready Name big the user 331 Password required for the user Password 5 Type your user name and password to complete the connection 6 Change the transfer mode to binary by typing bin 7 Change to the directory on the administration workstation where you want to install the F Secure SSH client 8 Transfer the F secure file to the administration workstation by typing the following command where ile name is the name of the file corresponding to the operating system of your administration workstation put file name 9 Quit FTP on 3DNS by typing quit 3DNS Controller v 1 0 6 3 15 Chapter 3 Using UNIX To install the F Secure SSH client on the administration workstation 1 Log on to the administration workstation and change to the directory where you put the F Secure SSH client tar file 2 Untar the file and follow the instructions in the file INSTALL located in the current directory to build the F Secure SSH client for your workstation The F Secure SSH client
124. ion You can also specify the same host in more than one wide IP definition 3DNSQO Controller v 1 0 6 4 5 Chapter 4 The following instructions include sample wide IP statements that derive from the example configuration introduced in Chapter 2 Preparing for Installation The sample wide IP statement configures a wide IP for the www domain com domain where the IP addresses assigned to the 3DNS Controller interfaces are shown in the table below 3DNS Controller Interface IP address New York Los Angeles 192 168 101 2 192 168 102 2 To add a wide IP 1 Find or create the top level domain configuration file This file is usually found in the etc directory For BIND 4 enter the following line in the named boot file primary domain com db domain com For BIND 8 enter the following in the named conf file zone domain com IN type master file db domain com To specify a type other than master see the syntax for the zone statement on page E 7 If your network s primary DNS is not a 3DNS Controller create a new subdomain to be controlled by the 3DNS Controller For example to create a subdomain called wip domain com do one of the following F5 Networks Inc 3DNS Controller v 1 0 6 Configuring a 3DNS Controller If the 3DNS Controller manages the top level for your domain add the new subdomain to the named conf file with the following lines zone w
125. ion is to be used by the 3DNS Controller for name resolution and load balancing You can enter a value between 1 and 4294967295 The following relationship should be maintained host ttl timer get host data The amount of time in seconds that virtual server information data acquired from a BIG ip Controller or other host machine about a virtual server is to be used by the 3DNS Controller for name resolution and load balancing You can enter a value between 1 and 4294967295 The following relationship should be maintained vs ttl timer get vs data The amount of time in seconds that path information is to be used by the 3DNS Controller for name resolution and load balancing You can enter a value between 1 and 4294967295 The following relationship should be maintained path ttl timer get vs data 60 240 120 Metrics collection The metrics collection sub statements define how the 3DNS Controller collects path information F5 Networks Inc Statements and Comments Parameter Description Default rtt_timeout Specifies how long the big3d listener waits fora probe 5 You can enter a value between and 4294967295 seconds rtt_sample_count To determine path information between a local DNS and 3 a BIG ip Controller the number of packets specified by rtt_sample_count of certain length specified by rtt_packet_length is sent via ping from the BIG ip Controller to the local DNS You can ente
126. ion events are shown so all other lines are solid 3DNS Controllers This section describes issues to consider as you plan which 3DNS Controllers collect data directly from BIG ip Controllers and hosts and which 3DNS Controllers simply copy data from the collector 3DNS Controllers When you are ready to configure data collectors and data copiers see Defining data collectors and data copiers on page 4 18 Remember that a primary DNS is the DNS that is authoritative for zone information A secondary DNS can resolve names but gets its database from a primary DNS Similarly a data collector 3DNS Controller collects metrics information and a data copier 3DNS Controller copies metrics from the data collector at specified intervals Note Metrics collection occurs independently of name resolution F5 Networks Inc Preparing for Installation Working with a single 3DNS Controller If you have one 3DNS Controller you must configure it to be a data collector As a data collector it will collect metrics from the BIG ip Controllers and other host machines on your network Note that you have the option of defining the 3DNS Controller as the primary DNS Working with multiple 3DNS Controllers When you have more than one 3DNS Controller you increase the reliability and efficiency of your network However you must decide how to handle metrics collection and zone information For example suppose you have two 3DNS Controllers one i
127. ip domain com IN type master file db wip domain com If the 3DNS Controller does not manage the top level domain the subdomain must be delegated to each 3DNS Controller on your network To delegate the domain to each 3DNS Controller in your network add lines like the following to the top level domain database file db domain com in this example wip IN NS 3dns newyork IN NS 3dns losangeles 3dns newyork IN A 192 168 101 2 3dns losangeles IN A 192 168 101 2 If your network s primary DNS is not a 3DNS Controller change or add the target domain name to an alias For example you might find the target domain as an A record in your name server s DNS database as follows www IN A 192 168 101 50 Edit db domain com so that it contains following line www IN CNAME www wip In the above line www wip domain com is the domain name controlled by the 3DNS Controller Chapter 4 4 Gather your BIG ip Controller and host configuration information so that you can easily see which virtual servers have the replicated content For example create tables like the following In the first table list each data center Data center Interface address BIG ip or host New York Los Angeles Tokyo Tokyo New York 192 168 101 40 192 168 102 40 192 168 103 40 192 168 104 40 192 168 105 40 BIG ip Controller BIG ip Controller BIG ip Controller Host Host Next create a table that lists
128. itten materials without F5 s prior written consent Licensee may not copy modify reverse compile or reverse engineer the Software or sell sub license rent or transfer the Software or any associated documentation to any third party Export Control F5 s standard Software incorporates cryptographic software Licensee agrees to comply with the Export Administration Act the Export Control Act all regulations promulgated under such Acts and all other US government regulations relating to the export of technical data and equipment and products produced therefrom which are applicable to Licensee In countries other than the US Licensee agrees to comply with the local regulations regarding exporting or using cryptographic software Limited Warranty a Warranty F5 warrants that for a period of 90 days from the date of shipment i the media on which the Software is furnished will be free of defects in materials and workmanship under normal use and ii the Software substantially conforms to its published specifications Except for the foregoing the Software is provided AS IS In no event does F5 warrant that the Software is error free that it will operate with any software or hardware other than that provided by F5 or specified in the documentation or that the Software will satisfy Licensee s own specific requirements b Remedy Licensee s exclusive remedy and the entire liability of F5 under this limited warranty and a
129. ity depending on whether the 3DNS Controller from which you execute the command is a US version or an international version In a mixed environment we recommend that you manually install the appropriate version of the big3d utility on each BIG ip Controller rather than using the Install and Start big3d menu item Configuring international 3DNS Controllers When you run the First Time Boot utility to configure an international 3DNS Controller certain screens are different from those you would normally see if you were running the First Time Boot utility on a US 3DNS Controller On US 3DNS Controllers the First Time Boot utility prompts you to configure an administrative IP address from which the 3DNS Controller accepts ssh connections On international 3DNS Controllers the First Time Boot utility prompts you to configure an administrative IP address from which the 3DNS Controller accepts rsh connections F5 Networks Inc Preparing for Installation The 3DNS Controller stores the administrative IP address for rsh and rep connections in the etc hosts allow file Note that storing the administrative IP address in the etc hosts allow file may be slightly different from other common rsh configurations where it is often stored in the etc hosts equiv file All other configuration issues are automatically handled by the international 3DNS Controller Allowing communications between US and international 3DNS Controllers There are two situ
130. k DNS and BIND second or third edition You can purchase this book from a technical bookstore Enabling encryption on US 3DNS Controllers You can make iQuery protocol transactions secure by enabling encryption 3DNS Controller uses the Blowfish CBC encryption algorithm Note Encryption is not allowed in some countries See Working with international versions on page 2 15 3DNS Controller v 1 0 6 4 3 Chapter 4 To enable encryption 1 N W Open the etc wideip conf file and change the encryption parameter setting to yes the default setting is no Note that encryption_key_file is a string that identifies the name and location of the iQuery key file globals encryption yes encryption_key_file etc F5key dat Open the 3DNS Maintenance menu by typing the following from usr contrib bin 3dnsmaint From the menu select Generate and Copy F5 iQuery Encryption Key This command starts the install_key script which creates and distributes the iQuery encryption key to all BIG ip Controllers and 3DNS Controllers that are currently running big3d utilities For more information see install key and F5makekey on page D 26 Packet validation An iQuery packet must comply with CRC 32 to be valid If the packet fails the 3DNS Controller assumes that the packet is encrypted and the 3DNS Controller then decrypts and rechecks the packet If the packet fails CRC 32 once again the 3DNS Controller
131. kekey D 26 examples 3DNS Controller configuration file C 3 completion rate 5 5 global availability 5 30 least connections 5 6 F5 Networks Inc load balancing modes 5 30 multiple 3DNS Controllers 2 10 null 5 14 packet rate 5 7 random 5 10 5 12 ratio 5 11 return to DNS 5 14 RTT 5 9 syntax for bigip statement 7 18 syntax for globals statement 7 7 syntax for host statement 7 20 syntax for wideip statement 7 23 topology 5 22 F f5makekey D 26 fallback address 4 28 features 1 4 First Time Boot utility 3 9 3 10 F Secure SSH client 3 14 installing on UNIX system 3 16 G global availability load balancing mode 5 28 globals statement 7 4 H host machine defined 1 9 load balancing examples 5 34 host statement 7 19 host statistics 6 5 htpasswd D 18 I install_key D 26 installation rack mounting 3 3 requirements 3 2 installing 3DNS Controllers 3 1 3DNS Controller v 1 0 6 Index upgrade procedure 3 4 integrating 3DNS Controllers 2 8 international versions 3DNS Controller 2 15 iQuery defined 2 20 options 4 20 K key generating for encryption D 26 L least connections load balancing mode 5 5 load balancing 5 1 examples 5 30 metrics collection 5 3 load balancing modes completion rate 5 4 dynamic 5 3 global availability 5 28 least connections 5 5 null 5 13 packet rate 5 6 quality of service 5 24 random 5 10 ratio 5 10 return to DNS 5 13 round robin 5 12 round trip times 5 8 sta
132. lancing pools that you define in the 3DNS Controller configuration are broken down into two types vsb Vsb pools load balance virtual servers associated with BIG ip Controllers vsh Vsh pools load balance virtual servers associated with hosts These terms vsb and vs also appear in the Web Administration tool Note 3DNS Controllers do not collect metrics data or support dynamic load balancing for virtual servers managed by other host machines However 3DNS Controllers can perform all static load balancing modes for virtual servers managed by hosts The process of configuring virtual servers varies by type Configuring vsb pools First define each BIG ip Controller and its virtual servers in a bigip statement and then configure one or more pools in the wideip statement using that BIG ip Controller s virtual servers Configuring vsh pools First define each host and its virtual servers in a host statement and then configure one or more pools in the wideip statement using that host s virtual servers You may also want to review the following sections for more information 3DNS Controller v 1 0 6 2 19 Chapter 2 The bigip statement on page 7 16 This section provides syntax for adding BIG ip Controllers and their virtual servers The host statement on page 7 19 This section provides syntax for adding host machines and their virtual servers Defining a wide IP on page 4 5 This section provides a step by
133. lector For step by step descriptions of the name resolution process see pages 2 3 through 2 8 3DNS Controllers are installed in New York Los Angeles and Tokyo The 3DNS Controller in New York is the data collector As data collector it gathers performance data by querying the BIG ip Controllers in New York and Los Angeles and the host machine in Tokyo The 3DNS Controllers in Los Angeles and Tokyo are data copiers As data copiers they copy performance data from the data collector the 3DNS controller in New York and store the collected data in their caches in case the data collector fails The data collector resolves name resolution requests using the performance data and a load balancing algorithm For details on the available load balancing modes see Chapter 5 Load Balancing Note Some countries do not allow data encryption An international version of the 3DNS Controller is available for these situations For more information see Working with international versions on page 2 15 3DNS Controller v 1 0 6 1 3 Chapter 1 Features With 3DNS Controllers properly implemented on a geographically dispersed network the network becomes more efficient reliable and scalable Efficiency 3DNS Controllers increase efficiency of a network in the following ways Performance Maximizes access performance by providing highly available transparent IP services Intelligent routing Provides intelligent
134. ler should send network traffic for which it does not have a static route The default route is usually the IP address of a router F5 Networks Inc 1 i ar S it og Installation Procedures Writing the configuration to disk After you confirm all of your configuration entries the Finished screen opens as shown in Figure 3 4 BIND 8 and 3DNS tm are set up You are ready to configure 3DNS Once your 3DNS has re booted login and run usr contrib bin 3dnsmaint press any key to continue Figure 3 4 Finished screen At this point the 3DNS Controller writes your configuration to the disk A status window shows the progress as each of the listed configuration files are saved Rebooting the system Once the First Time Boot utility is done press any key to start the 3DNS Controller At the login prompt log in as root and halt the system using the halt command After the system halts set the power switch to the Off position You must completely power down the 3DNS Controller before attaching it to a network as described in the next section 3DNS Controller v 1 0 6 3 13 Chapter 3 F Secure SSH client This section applies only to products sold in the U S If you want to configure the 3DNS Controller from a remote workstation you need to install the F Secure SSH client on your remote administration workstation Note that you can also use the F Secure SSH suite for file transfer to and from the 3DNS
135. lers BIG ip Controllers and other network equipment Consult Port and protocol usage on page 2 25 for details Planning the primary DNS As mentioned in Chapter 1 all DNS servers can resolve names but only primary DNS servers are an authoritative source for zone information This section provides examples of name resolution transactions for the following situations The primary DNS is located outside of your network F5 Networks Inc Preparing for Installation The primary DNS is migrated to a 3DNS Controller The migration procedure is also provided The name resolution process for either situation is similar The difference is that when the primary DNS is outside of your network name resolution requests for specified domains are delegated from the primary DNS to the 3DNS Controller When a 3DNS Controller is the primary DNS there is no delegation process Working with a primary DNS outside of your network If you re adding 3DNS Controllers into an existing network you probably have an existing primary DNS in place Figure 2 1 is an example of the name resolution process where the primary DNS is located outside of the 3DNS network The numbers in the illustration correspond to the steps of the process that follows 3DNS Controller v 1 0 6 2 3 Chapter 2 losangeles domain com root servers net Router 3DNS Controller T data copier E D L8 BIG ip Controller Root Le
136. lly registered with the IANA for port 4353 and you can run iQuery on either that port or on the original port 245 Port selection You can distribute return iQuery traffic across individual ephemeral ports or you can use either port 245 or 4353 asa single port for return iQuery traffic Translation You can now set iQuery to include translated IP addresses in iQuery packets useful for configurations where iQuery communication between a BIG ip Controller and a 3DNS Controller passes through a firewall See Configuring iQuery options on page 4 20 Improved path probing 3DNS Controller now has advanced path probing schemes which determine path attributes such as round trip time and packet completion rate See Understanding probing on page 2 21 Storing dynamic and static copies of the wideip conf file You can now store your original wideip conf file separately from a wideip conf file that stores current path and local DNS information See Working with static and dynamic wideip conf files on page C 2 Increasing storage space for zone files You now have the option of storing zone files in a var namedb directory which offers substantially more storage space than the etc namedb directory See Storing zone files on page 3 7 3DNS Controller v 1 0 6 1 7 Chapter 1 New First Time Boot utility trigger In previous versions of 3DNS Controller the First Time Boot utility ran at start up if the system did not detect the
137. ly the network interface devices that it detects during boot up Configuring the interface Enter the IP address for the interface used in configuration 3DNS Controller v 1 0 6 3 11 Chapter 3 Entering a netmask In this screen you can either accept the default netmask 255 255 255 255 or you can define a custom netmask for the interface Enter a broadcast In this screen you can either accept the default broadcast address the combination of the IP address and the netmask or you can define a custom broadcast address for the interface Select interface media type Move the cursor to highlight the media type to be used for the interface then press Enter The options for the Interface Media Type are dependent on the NIC being used An example of media type is as follows auto e 10baseT 10baseT FDX 100baseTX 100baseTX FDX Setting the remote administrative IP address Enter the IP address from which you want to perform all remote configuration administration and monitoring tasks Note that you can use an asterisk as a wildcard to specify a range of IP addresses For 3DNS Controllers distributed in the US administrative command line tasks are conducted using the F Secure SSH client which is a secure shell For international 3DNS Controllers administrative command line tasks are conducted via Telnet Configuring the default route The default route is used to determine where the 3DNS Control
138. may only be used once per configuration Controls global server configuration options and sets defaults for other statements This statement may only be used once per configuration Sets certain configuration options on a per server basis Defines a zone acl statement The acl statement creates a named address match list It gets its name from a primary use of address match lists Access Control Lists ACLs Note that an address match list s name must be defined with acl before it can be used elsewhere no forward references are allowed The following ACLs are built in ACL Description any none localhost localnets Allows all hosts Denies all hosts Allows the IP addresses of all interfaces on the system Allows any host on a network for which the system has an interface 3DNS Controller v 1 0 6 Appendix E Syntax acl lt name gt address_match_list include statement The include statement inserts the specified file at the point where the include statement is encountered It cannot be used within another statement though so a line such as the following is not allowed acl internal_hosts include internal_hosts acl Use include to break the configuration up into easily managed chunks For example the following lines could be inserted at the top of a BIND configuration file in order to include ACL and key information include etc security keys
139. me server administrator to send various signals to the name server or to restart it 3ndc is should be used in place of ndc on 3DNS Controllers that use watchdog named Only use 3ndc if watchdog named is being used on your 3DNS Controller The syntax for 3ndc is as follows 3ndc directive When you use 3ndc you can specify directives Directives are not required Directives for 3ndc include status Display the current status of named as shown by ps 1 dumpdb Write named s database and cache to var tmp named dump db It uses the INT signal reload Checks the serial numbers of all primary and secondary zones and reloads those that have changed Uses the HUP signal stats Writes statistics to var tmp named stats Uses the IOT or ABRT signal trace Increments the tracing level by one Whenever the tracing level is not zero trace information is written to var tmp named run Higher tracing levels result in more detailed information Uses the USR1 signal notrace cmd Rereads the var run widip cmd file and set its tracing level to zero The var tmp named run closes if it is open Uses the USR2 signal Using notrace or cmd has the same effect and can be used in addition to using the same argument with ndc 3DNS Controller v 1 0 6 D 5 Appendix D named querylog Toggles the query logging feature which while on results in a syslog 3 entry for each incoming query It uses the WINCH signal Note tha
140. n New York and one in Los Angeles The following are some of the ways you can configure these two 3DNS Controllers Although you can have more than two 3DNS Controllers the purpose of these examples is to serve as a starting point in the planning process These examples all assume that the primary DNS is a 3DNS Controller Note that the example figures in this section show only how metrics collection is handled and not the name resolution process Figures 2 1 on page 2 4 and 2 2 on page 2 7 illustrate the name resolution process 3DNS Controller v 1 0 6 2 9 Chapter 2 Example A Figure 2 3 shows an implementation where both 3DNS Controllers act as primary DNS systems as well as data collectors losangeles domain com Router wom BIG ip Controller 3DNS Controller data collector a ae and primary DNS newyork domain com a i Router Node Node2 Node3 L 9 i Content Servers 3DNS Controller BIG ip Controller data collector and primary DNS gpa Internet B B l JH tokyo domain com Node Node Nodes Content Servers Host Data collection Figure 2 3 Multiple 3DNS Controllers In this case both 3DNS Controllers perform metrics collection and both are authoritative sources for zone information Preparing for Installation Example B Figure 2 4 shows an example where the 3DNS Controller in New York is the primary DN
141. n answer queries most intelligently Disadvantages Having multiple data collectors means that more than one machine is collecting metrics from the BIG ip Controllers and host machines they manage This is not a problem unless you F5 Networks Inc Preparing for Installation have a large number of data collectors In this case the BIG ip Controllers and host machines may be overloaded having to respond to queries from multiple 3DNS Controller Data copiers Advantages Configuring a 3DNS Controller as a data copier can reduce the load on the managed BIG ip Controllers and host machines because it reduces the number of queries that the controllers and hosts need to respond to Disadvantages Data copiers may not have the most current metrics information Working with international versions Using an international version of the 3DNS Controller the version for use in countries that do not allow encryption requires additional planning This section explains how to configure an international 3DNS Controller and also discusses configuration issues that you must address if you have a mixed environment where international 3DNS Controllers need to communicate with US 3DNS Controllers and with US and international versions of the BIG ip Controller and the big3d utility Differences between US and international 3DNS Controllers US 3DNS Controllers are different from international 3DNS Controllers only in the communication tools th
142. n override the database s global TTL value for an individual name The following is an example of an entire zone file The next to last line is the A record Chapter 4 wip domain com IN SOA 3dns newyork domain com postmaster domain com 1998062914 Serial as YYYYMMDDXX 3600 Refresh 900 Retry 3600000 Expire 2 Minimum default ttl for entire file Domain DNS servers wip domain com IN NS 3dns newyork domain com IN NS 3dns losangeles domain com Glue records 3dns newyork domain com IN JA L9 5 Loe 101 2 3dns losangeles domain com IN A 192 168 102 2 Mail servers domain com IN MX 10 mx newyork domain com domain com IN MX 20 mx losangeles domain com Regular Host otherbox IN A TIZ LSS gs LOL 20 domain name IRANIE Wide IP key www 1 IN A UZ c IMSS LOL 50 TLD IN A WV LES a LOL GO Figure 4 1 Sample zone file for wip domain com The following example is provided for reference only If you need help establishing reverse domains address to name mappings refer to the DNS and BIND book mentioned at the start of this procedure The following sample screens 4120 F5 Networks Inc Configuring a 3DNS Controller show the reverse domain mapping files on the New York 3DNS Controller 101 168 192 in addr arpa IN SOA 3dns newyork domain com postmaster domain com 1998062914 Serial as YYYYMMDDXX 3600 Refresh 900 Retry 3600000 Expire 14000 Minimum 101 168 1
143. n request The administration tool generates a separate row for each BIG ip Controller to local DNS path The total number of paths is shown at the bottom of the table 3DNS Controller v 1 Item Description TTL The remaining time to live ttl before a path s metrics data needs to be refreshed Local DNS The IP address of the local DNS associated with this path BIG ip The IP address of the BIG ip Controller associated with this path 0 6 om Chapter 6 Item RTT Delta RTT Completion Rate Picks Accesses Refreshes Description The average round trip time in microseconds for transactions between the specified BIG ip Controller and local DNS The difference in microseconds between the current known round trip time and the average round trip time The percentage of completed packets versus lost packets multiplied by 100 The number of times the specified path was chosen by a wide IP for load balancing The number of times the specified path was evaluated to be chosen The number of data refreshes for each path Local DNS statistics Click Local DNS to view the following information about each configured local DNS on your network The administration tool generates a separate row for each local DNS Item Description Rank A measure of how often this local DNS made resolution requests 7 indicates the local DNS that was used most often and 2 indicates the next m
144. ncryption 3DNS Controllers distributed only in the US provide support for Blowfish CBC encryption which keeps iQuery protocol transactions secure The iQuery protocol is the protocol used to communicate and exchange information between BIG ip Controllers and 3DNS Controllers Note that 3DNS Controllers distributed outside the US do not support encryption Scalability 3DNS Controllers provide the flexibility to effectively manage changing network demands With 3DNS Controllers in place your network becomes more scalable by Allowing servers and BIG ip Controller clusters to be transparently added or removed Supporting an unlimited number of distributed content servers and array controllers Leveraging BIG ip Controller s ability to handle all servers in a local array as a single IP address Whats new in this version The following features are new in version 1 0 6 of the 3DNS Controller New load balancing options The 3DNS Controller now supports three hierarchical load balancing methods For each pool in a wideip statement you can specify a preferred method an alternate method and a fallback method See The wide IP statement on page 7 21 3DNS Controller v 1 0 6 1 5 Chapter 1 Topology based access control 3DNS Controller can now control access to specific data centers based on the IP address of the requesting local DNS See Topology based access control on page 5 15 New static load balancing mode
145. nd copy them to a directory of the same name on the 3DNS Controller 3DNS Controller v 1 0 6 2 5 Chapter 2 3 Give the old DNS machine s IP address to the 3DNS Controller or modify all the domains managed by the 3DNS Controller at InterNIC by replacing or adding the IP address to each domain s registration record with a modify domain request Note InterNIC changes typically take approximately 24 hours to process and confirm and another 24 hours to propagate after your configuration becomes active To avoid outages always keep a secondary system configured and running during this transition Using a 3DNS Controller as your primary DNS Figure 2 2 shows a typical 3DNS transaction where the primary DNS is located on the 3DNS Controller that is the data collector The numbers in the illustration correspond to the steps of the process described below 2 6 F5 Networks Inc Preparing for Installation losangeles domain com root servers net Router 3DNS Controller data copier D BIG ip Controller Root Level DNS Server A a y newyork domain com mum um H c 2 Router Nodei Node2 Node3 aD a L ContentServers 3DNS Controller BIG ip Controller data collector and Primary DNS Internet www domain com BE i tokyo domain com Node Node2 Node3 Content Servers Router 3DNS Controller data copier
146. nology Using the 3DNS Controller you can provide clients with optimal performance the most current data safe data access high availability and protection from failed systems Figure 1 1 shows how 3DNS Controllers fit into a global network losangeles domain com mr oe Router 3DNS Controller data copier BIG ip Controller d H Router Nodei Node2 Node3 3 ote PEL Content Servers Z7 X 3DNS Controller BIG ip Controller 7 data collector P d 7 Internet z g P d E tokyo domain com 7 Nodei Node2 Node3 Content Servers N newyork domain com o lt P d Router 3DNS Controller data copier Host Data collection Copying of collected data Figure 1 1 Using 3DNS Controllers on a global network 1 2 F5 Networks Inc Introduction to 3DNS Controller The network in Figure 1 1 uses the following configuration The client machine uses an Internet Service Provider ISP located in Chicago to connect to the local DNS which in turn connects to the primary DNS The primary DNS can be outside of the customer network as shown here or you can configure a 3DNS Controller to be the primary DNS within the customer network In this example name resolution requests for specified domains are delegated from the primary DNS to the 3DNS Controller that is the data col
147. not found in the topology map for an LDNS the score is assumed to be 0 By including the following wildcard list record all other LDNS s not North or South America as specified above are assigned a score of 1 so the acl threshold does not indicate that the virtual servers are down Appendix C 0 0 0 0 0 0 0 0 0 0 dl Understanding cur_ values You may notice several cur_ values in your wideip conf file The purpose of cur_ values is to pre load the database with previously collected statistics and metrics The collected statistics and metrics are useful if you want to quickly restart a 3DNS Controller without a temporary loss of intelligence Do not edit these statements unless you are a very experienced 3DNS Controller user or you are instructed to do so by F5 technical support How cur_ values are used To understand how cur_ values are used you must first have a basic understanding of the 3DNS database The 3DNS database contains collected statistics and metrics This collected information and the specified load balancing mode is used to determine how to distribute client requests At each interval specified in the globals sync_db_interval sub statement the database is updated with a new configuration dump file called var run wideip out The wideip out file contains the most recent statistics including cur_ values If both a cur_ value and an existing statistic or metric refer to the same
148. ntroller S The list record that matches is the one where the following equation is TRUE S amp A mask A amp A mask amp amp L amp B mask B amp B mask Referring to the example topology statement above say that the local DNS 198 0 0 0 requested name resolution for www domain com and a virtual server in the vsb pool belonged to the BIG ip Controller 192 168 101 0 In this scenario the 3DNS Controller considers the first list record to be a match F5 Networks Inc 192 192 192 192 192 192 192 168 168 168 168 168 168 168 101 101 101 101 TO 101 101 0 24 0 8 0 24 0 24 0 24 0 8 0 24 Load Balancing Understanding the topology score Each list record includes a score which is used both in topology based load balancing and in topology based access control If multiple list records in a topology statement have the exact same server IP mask and local DNS IP mask but have different scores only the last record is declared valid For example the following 198 0 0 0 24 6 198 0 0 0 8 1 198 0 0 0 24 89 replaces 1st record 198 0 0 0 24 0 replaces previous record 198 0 0 0 24 3 replaces previous record Is equivalent to 198 0 0 0 8 1 198 0 0 0 24 3 Note The term list record server local DNS refers to the longest matching record for the BIG ip Controller or host IP address and the local DNS IP address Using the long
149. ntroller and vsh virtual servers owned by a host machine The default is vsb You cannot include both types of virtual servers in the same pool definition As part of a pool definition rat io specifies the default weighting to use with respect to other pool types The load balancing mode to use for the specified pool Each acceptable value is described in the next table The load balancing mode to use for the specified pool if the preferred mode fails The default is rr Also see the description of default alternate a globals sub statement on page 7 13 The load balancing mode to use for the specified pool if the alternate mode fails If the fallback mode fails the 3DNS Controller returns the request to DNS The default is ret urn_to_dns Also see the description of default_fallback a globals sub statement on page 7 13 As part of a pool definition address specifies the IP address of each virtual server in this pool You can use the same virtual server in multiple pools but not within the same pool An optional part of specifying a virtual server A port specified here overrides the wide IP s port setting If a port is not specified here the wide IP s port value is assumed As part of a virtual server s address specification ratio defines the default weighting to use with respect to all virtual servers in this pool when the ratio load balancing mode is employed The default is 1 Load balancing mode The load balancing s
150. ny other guarantee made by F5 is at F5 s option to repair or replace any F5 product that fails during the warranty period at no cost to Licensee Any products returned to xiii xiv F5 must be pre authorized by F5 with a Return Material Authorization RMA number marked on the outside of the package and sent prepaid insured and packaged appropriately for safe shipment The repaired or replaced item will be shipped to Licensee at F5 s expense no later than 7 days after receipt by F5 Title to any returned or components will transfer to F5 upon receipt F5 will replace defective media or documentation or at its option undertake reasonable efforts to modify the Software to correct any substantial non conformance with the specifications c Restrictions The foregoing limited warranties extend only to the original Licensee and do not apply if a Software Product or Combination Product a has been altered except by F5 b has not been installed operated repaired or maintained in accordance with F5 s instructions c has been subjected to abnormal physical or electrical stress misuse negligence or accident or d has been operated outside of the environmental specifications for the product F5 s limited software warranty does not apply to software corrections or upgrades 6 DISCLAIMER LIMITATION OF REMEDY EXCEPT FOR THE WARRANTIES SPECIFICALLY DESCRIBED HEREIN F5 DOES NOT MAKE ANY GUARANTEE OR WARRANTY EXPRESS OR IMP
151. o Figure 5 8 Example syntax for random Ratio Syntax ratio Figure 5 9 shows the 3DNS Controller using the Ratio load balancing mode The Ratio mode also known as Weighted or Administrative Cost is useful for sites that have servers of varying capabilities You specify what proportion of connections should go to each virtual server Over a long period of time the number of requests resolved to each virtual server in the set is in proportion to 5 10 F5 Networks Inc Load Balancing the specified weights This load balancing mode is similar to Round Robin but with weights assigned to each server The default ratio for all servers is 1 Ratio 2 Ratio 4 Ratio 1 ic New York Figure 5 9 Ratio mode Example syntax Least connections with ratio as an alternate wideip address 192 168 102 60 service ftp name ftp wip domain com pool name main_pool type vsb preferred leastconn alternate ratio address 192 168 101 60 ratio 2 New York address 192 168 102 60 ratio 4 Los Angeles address 192 168 103 60 ratio 1 Tokyo Figure 5 10 Example syntax for ratio 3DNS Controller v 1 0 6 5 11 Chapter 5 Round Robin Syntax rr round_robin Figure 5 11 shows the 3DNS Controller using the Round Robin load balancing mode The Round Robin mode distributes client requests in a circular and sequential pattern Over a long period of time
152. o the next pool Valid only in an alternate or fallback sub statement Least packets per second the BIG ip Controller is processing Valid for vsb pools only and only in a preferred or fallback sub statement User definable metric that includes a combination of packet rate completion rate RTT and topology Valid for vsb pools only and only ina preferred or fallback sub statement Virtual server chosen at random from the wide IP set of virtual servers Valid for both vsb and vsh pools Distributed percentages Valid for both vsb and vsh pools Retums the resolution request to DN S preventing the 3D NS Controller from using the next load balancing m ethod orusing the next availabe pool Valid only in an alternate or fallback sub statement F5 Networks Inc Statements and Comments Parameter bgt aj rtt topology Description Circular and sequential Valid for both vsb and vsh pools Shortest timed ICMP packet from a virtual server s BIG ip Controller to the requestor s local DNS Valid for vsb pools only and only in a preferred Or fallback sub statement Distributes connections based on the proximity of a local DNS to a particular data center A 1 packet rate Use the following equation to configure the QOS load balancing mode B 1 rtt C completion rate D topology For more information on each mode and some load balancing examples see Chapter 5 Load Balancing T
153. oad balancing mode for a given wide IP you specify how 3DNS Controllers determine which virtual servers to use for connections To set a mode of load balancing for a given wide IP edit the corresponding wideip statement in your 3DNS Controller configuration file You can make global load balancing changes using the globals statement in the 3DNS Controller configuration file See Chapter 7 Statements and Comments for more information on all statements and sub statements Load balancing modes There are three types of load balancing modes static dynamic and specialized Dynamic Dynamic load balancing modes rely on the iQuery protocol to collect important performance information such as Round Trip Times RTT which calculates the time a local DNS takes to respond to a ping issued by a BIG ip Controller or Least Connections which calculates the current number of current connections for virtual servers on BIG ip Controllers Static Static load balancing modes do not require network communications other than ensuring server availability and exhibit more predictable load distribution Static load balancing modes only use the iQuery protocol to collect server status to determine how connections are made By incorporating server status into the name resolution and load balancing processes the 3DNS Controller always sends requests to 5 2 F5 Networks Inc Load Balancing a live BIG ip Controller or host machine assuming
154. oducts from F5 Networks Inc F5 Any additional or different terms including terms in any purchase order or order confirmation will have no effect unless expressly agreed to in writing by F5 Any software provided to a Customer is subject to the terms of the End User License Agreement delivered with the Product Limited Warranty Software F5 warrants that for a period of 90 days from the date of shipment i the media on which the software is furnished will be free of defects in materials and workmanship under normal use and ii the software substantially conforms to its published specifications Except for the foregoing the software is provided AS IS In no event does F5 warrant that the Software is error free that the Product will operate with any software or hardware other than that provided by F5 or specified in the documentation or that the Product will satisfy Purchaser s own specific requirements Hardware F5 warrants that the hardware component of any Product will for a period of one year from the date of shipment from F5 be free from defects in material and workmanship under normal use Remedy Purchaser s exclusive remedy and the entire liability of F5 under this limited warranty and any other guarantee made by F5 is at F5 s option to repair or replace any Product or component that fails during the warranty period at no cost to Purchaser Products returned to F5 must be pre authorized by F5 with a Return Material
155. ollowing Parameter Description cur_nodes_up The number of active servers serving the specified virtual server cur connections The number of connections to the specified virtual server cur picks The number of times the specified virtual server was returned by the 3DNS Controller cur refreshes The number of times the server and connection counts were refreshed with new data from a BIG ip Controller C 18 F5 Networks Inc The wideip conf File Example path definition path address 10 25 50 100 LDNS cur_rtt 102382 cur_completion_rate 10000 cur_picks 239 cur_accesses 302 In the above example the cur_ values indicate the following Parameter Description cur rtt cur completion rate cur picks Cur accesses The round trip time RTT which is a calculation of the time in microseconds that the specified machine takes to respond to a probe issued by the 3DNS Controller The percentage of completed packets versus lost packets using this equation 1 packets received sent X 10000 The number of times this path s data resulted in the corresponding BIG ip Controller s virtual server being chosen for a connection This only applies if a wide IP is doing dynamic load balancing using path data The number of times this path was considered when performing dynamic load balancing 3DNS Controller v 1 0 6 Cans Appendix C Example wide
156. on The following global variables let you control the behavior of the probing and discovery mechanisms and the way in which the 3DNS Controller uses path data to make load balancing decisions For information on these variables and all other global variables see The globals statement on page 7 4 rtt_probe_dynamic rtt_port_discovery rtt_discovery_method rtt_sample_count rtt_packet_length rtt_probe_protocol timer_get_path_data path_max_refreshes path_ttl paths_never_die paths_noclobber check_dynamic_depends The probing and discovery process The following steps outline the typical sequence of events for probing and discovery of a local DNS server Note In this example rtt_probe_protocol is set to icmp and rtt probe dynamic is set to yes 1 The 3DNS Controller sends a new set of target local DNS servers to the big3d utility for probing The more often a target local DNS requests name resolutions from the 3DNS Controller the more frequently the 3DNS Controller probes the target and refreshes the target s path metrics 2 The big3d utility begins running the target local DNS servers through its probing factories 3 For each target local DNS server the target is first probed using the rtt probe protocol set by the administrator 3DNSQO Controller v 1 0 6 2 23 Chapter 2 4 CA ON oo No If the first probe fails the big3d utility switches the rtt probe protocol to the alternate probe
157. or bigip statement 3DNS Controller v 1 0 6 Wald Chapter 7 Example bicio 4 New York address 192 168 101 40 vs addressee 2 ehoer Ole S10 port 80 translate address 10 0 0 50 port 80 Figure 7 5 Example syntax for bigip statement Definition of bigip sub statements The bigip sub statements specify information about the virtual servers managed by a BIG ip Controller Parameter Description address In the context of a bigip statement address specifies the IP address of the BIG ip Controller vs Indicates the start of a virtual server definition Once you define a virtual server here including specifying the address and port you can then use this virtual server in a wideip definition 7 18 F5 Networks Inc Statements and Comments Parameter Description address As part of a virtual server vs definition address specifies the IP address of a virtual server owned by this BIG ip Controller Note that the virtual server s address must be listed first before port service or ratio values port or The virtual server s port number or service name You can add the port service number preceded by a colon on the same line as the virtual server s address or you can enter it on the next line You can use the service name if it is a WKS well known service and you enclose it in quotation marks translate Specifies that iQuery packets sent to the BIG ip Controller include transla
158. or editing in pico or vi Once the edits are completed and you close the text editor wideip conf static is read as a command to reload into named install key and F5bmakekey The install key script corresponds to the Generate and Copy F5 iQuery Encryption Key item on the 3DNS Maintenance menu This script starts the F5makekey script and generates a seed key for encrypting communications between the 3DNS Controller and BIG ip Controller The install key script creates and distributes the iQuery key to all BIG ip Controllers and other 3DNS Controllers on your network 9 Note This script is not available in the international version of 3DNS Controller F5 Networks Inc print 3dvips static wideip Utilities and Scripts To start the F5makekey script type the following from usr contrib bin f5makekey The seed value is located in etc F5key dat and contains a random length 12 52 of random content 1 255 created by F5makekey This array of values is used by MD 160 a one way hash function to generate a key 20 characters in length for the Blowfish encryption algorithm The print 3dvips script corresponds to the Fetch BIG ip Configuration item on the 3DNS Maintenance menu This script reads the list of defined BIG ip Controllers in the bigips txt file then retrieves and saves a list of all the virtual servers owned by the listed BIG ip Controllers The print 3dvips script saves the list of virtual servers in a format
159. ost popular and so on Local DNS The IP address of the local DNS 3DNS Requests The number of times the 3DNS Controller received a resolution request from this local DNS F5 Networks Inc Web Administration Item Probe Protocol Port State Description The protocol either TCP or ICMP used in communicating with the selected local DNS The port number used in communicating with the local DNS Path probing and path discovery state information The states are Needs Probe The target has never been probed or scanned Idle Target was successfully probed and is waiting for next probe In Probe Target is currently being probed Needs Discovery Target failed a probe and now needs to be scanned In Discovery Target is currently being scanned Suspended Target failed the scan and is no longer eligible for probing or scanning Wide IP statistics Click Wide IPs to view the following information about each configured wide IP on your network The administration tool generates a separate row for each wide IP Item Description Domain Name TTL DNS Address The domain name for the specified wide IP This name links to a page that displays the wideip statement associated with the selected domain The tt1 value specified in the wideip statement that is passed back to the local DNS with the A record The A record for the specified domain 3D
160. ow access on all these ports on your network because you may not need all services For example unless you have an international version of 3DNS Controller you won t use RSH RCP which is the only service that requires port 514 Figure 2 7 shows a subset of the information in the table For legibility purposes the specific services are not shown in the figure 3DNS Controller v 1 0 6 Chapter 2 D gt 4353 21025 9 ydpl24 A023 BIG ip Controller S ae 4024 volo icmp j Es K 4 tcp 2000 2300 C tcp 22 1023 24 tcp 53 tcp 514 gt 1024 Web Administration tcp 2000 2300 tcp 53 a 3DNS Controller udp 53 ll lt Swi 1024 as Local DNS Figure 2 7 Ports used for 3DNS Controller communications gis Installation Procedures nstallation requirements Packing list Installation tasks The First Time Boot utility F Secure SSH client After installation Chapter 3 Installation requirements Before you install and use a 3DNS Controller you must have the following Packing list BIND The primary DNS which can be a 3DNS Controller must use BIND version 4 97 or later However we recommend that you use the more current version of BIND version 8 1 2 or later that is shipped with 3DNS Controller Path or route A path or route to each of the
161. owing line local2 warning var log 3dns For full debugging add the following line local2 debug var log 3dns The above lines are somewhat equivalent to local2 var log 3dns As an alternative you can use a different file to capture a session without affecting the default files For example you could use a line like the following local2 debug var log 3dns debug To switch logging levels or specify another file name edit the etc syslog conf file and restart syslogd or issue it a SIGHUP Create an empty 3DNS Controller file in var log by typing the following on the command line touch 3dns Dewi Appendix D Note that in the above example 3dns is the name of the file you are creating You can use this command to create other files for the 3DNS Controller with different names You need only create other 3DNS Controller files when solving configuration problems You must touch each file that you create Continuing with the examples in step 1 type the following entry touch 3dns debug CA Restart syslog by typing the following on the command line kill HUP cat var run syslog pid Log rotation The 3DNS Controller s log file is called var log 3dns The 3DNS Controller uses log rotation to keep log files from becoming overly large A script included with the 3DNS Controller etc daily automatically runs each night compressing the existing information in the log file We do not recommend t
162. pe the following command from usr contrib bin 3dns admin start The Web Administration tool is divided into two areas Statistics Presents current statistics for your network Administration Provides a method of viewing and changing your current configuration Setting user access privileges for administration and statistics You can control user access to the statistics and administration areas using the Change Add Users for 3DNS Web Administration command on the 3DNS Maintenance menu This menu item opens a script that prompts you to define a user name and password and also prompts to choose which area s the user can access You can specify that the user has access only to the statistics area or you can specify the user has access to both the statistics and the administration areas F5 Networks Inc Statistics Web Administration With the 3DNS Controller administration tool you can immediately view information about BIG ip Controllers other host machines virtual servers paths and wide IPs on your network The 3DNS Controller installation includes an HTTP server called thttpd which is used in the Web Administration tool s display of data It runs transparently and requires no action on your part However if you d like to change the port to something other than the default of 4999 or make other changes to thttpd see thttpd on page D 17 BIG ip Controller statistics Click BIG ip Controllers to view
163. played if the current 3DNS Controller is configured as a data collector Each 3DNS Controller is a data collector until you designate it a data copier with the globals sub statement primary_ip in the wideip conf file Item Description Sync DB Interval The value for sync_db_interval as specified in the 3DNS machine s wideip conf file Last Dump The date and time of the last time the data collector s data was successfully sent to a dump file Dump File The name of the file to which the data was sent Total Dumps The number of times that the data collector successfully dumped its data to a file Total Dump The number of times that the data collector was Errors unsuccessful in dumping its data to a file Secondary 3DNS This table is displayed if the current 3DNS Controller is configured as a data copier A 3DNS Controller is a data copier if its wideip conf file contains the globals sub statement primary_ip Item Description Sync DB Interval Last Sync The value for sync_db_interval as specified in the 3DNS machine s wideip conf file The date and time of the last time the data copier successfully copied the data collector s data the dump file oc e F5 Networks Inc Web Administration Item Sync Primary IP Total Syncs Total Sync Errors Description The IP address of the data collector from which this data copier copies data It is the value for primar
164. primary DNS Integrating 3DNS Controllers Working with international versions Understanding virtual servers The iQuery protocol Setting up the big3d utility Understanding probing Port and protocol usage Chapter 2 General network considerations Before you install a 3DNS Controller you should do some careful planning for your network The issues you need to consider vary depending on your network environment Decide where the primary DNS should be located Should it remain on its own machine inside or outside of your network or do you want to migrate the existing primary DNS to a 3DNS machine See the following section Planning the primary DNS Decide how to integrate 3DNS Controllers and where to locate data collectors and data copiers Note that all 3DNS Controllers are data collectors until you specify otherwise See Integrating 3DNS Controllers on page 2 8 If you are preparing to install BIG ip Controllers for the first time as well as 3DNS Controllers you ll need to do additional planning To start review both this chapter and Chapter 2 Preparing for Installation in the Administrator Guide for the BIG ip Controller If you are preparing to incorporate single network servers or other server array controllers there may be additional issues to consider depending on the different products requirements and configuration Allow access to the necessary ports for communications between 3DNS Control
165. probing the host This IP address points to either a BIG ip Controller or a 3DNS Controller that runs the big3d utility The big3d utility actually probes the host and virtual servers to verify whether the host or a particular virtual server is currently available to accept connections If you omit this parameter in the host sub statement the 3DNS Controller uses the prober lt ip_addr gt parameter defined in the globals statement 7 20 F5 Networks Inc Statements and Comments Parameter vs address port or service Description Indicates the start of a virtual server definition Once you define a virtual server here including specifying the address port and probe protocol values you can then use this virtual server in a wide IP definition Each host statement can include multiple virtual servers but must always include at least one virtual server As part of a virtual server vs definition address specifies the IP address of a virtual server owned by this host machine The virtual server s port number or service name You can add the port number preceded by a colon on the same line as the virtual server s address or you can enter it on the next line You can use the service name if itis a WKS well known service and you enclose it in quotation marks The wide IP statement The wideip statement defines a wide IP A wide IP maps a domain name to a load balancing mode and a set of virtual s
166. r a value between 1 and 25 rtt packet length To determine path information between a local DNS and 64 a BIG ip Controller the number of packets specified by rtt sample count of certain length specified by rtt packet length is sent via ping from the BIG ip Controller to the local DNS You can enter a value between 64 and 500 rtt probe protocol Specifies a probe method to calculate RTT times You icmp can specify the ICMP or TCP protocol Resource limits The resource limits sub statements define the amount of memory allocated to sending and receiving metrics information Parameter Description Default rx buf size Specifies the maximum amount of socket buffer data 16384 memory the server can use when receiving data You can enter a value between 8192 and 4294967295 tx buf size Specifies the maximum amount of socket buffer data 8192 memory the server can use when transmitting data You can enter a value between 8192 and 4294967295 3DNS Controller v 1 0 6 7 11 Chapter 7 QOS values The Quality of Service QOS load balancing mode distributes connections based on a path evaluation score Using the equation below the QOS mode compares paths between the local DNS and each virtual server included in the wideip statement The 3DNS Controller load balances each new connection to the virtual server associated with the best path score score_path qos_coeff_packet_rate 1 scor
167. r is not restricted to e commerce purposes you can use port list in any situation where you want multiple services to be available for resolving requests 3DNSQO Controller v 1 0 6 5 23 Chapter 5 Quality of Service QOS Syntax qos In essence the QOS mode lets you define a custom load balancing mode The Quality of Service QOS score is a user definable metric that includes a configurable combination of the RTT Completion Rate Packet Rate and Topology modes The virtual server with the highest metric is used for the connection Use this equation to configure QOS A l packet rate B 1 rtt C completion rate D topology You specify the coefficients A B C and D You can set the coefficients on a global basis You can also override global values for each wide IP by using a qos coef f declaration in the wide IP definition The following table shows the user configurable values that correspond to the coefficients Coefficient Global Wide IP override for qos coeff qos coeff packet rate qos coeff rtt qos coeff completion rate qos coeff topology packet rate rtt completion rate topology The global coefficient settings define default values for all wide IPs that use the QOS load balancing mode Figure 5 17 shows sample default settings F5 Networks Inc Load Balancing globals GOS Coe rie 20 qos_coeff_completion_rate 5 qos_coeff_packet_rate 3 qos coeff
168. r prompts you to choose whether to continue the script or exit the script We recommend that you exit the script if this error occurs Once the dump is complete one of the following events happens If you are switching the 3DNS Controller from Initial mode to Dynamic mode the script backs up the etc wideip conf file to var 3dns etc wideip conf ORIG and changes etc wideip conf to link to var 3dns etc wideip conf dynamic 3DNS Controller v 1 0 6 D 25 Appendix D edit_wideip If you are switching the 3DNS Controller from Static mode to Dynamic mode the script simply changes etc wideip conf to link to var 3dns etc wideip conf dynamic In Static mode the link points to var 3dns etc wideip conf static Note Running this script while the system is already in dynamic mode is ineffective and does not change the state of the system The edit_wideip script corresponds to the Edit 3DNS Configuration item on the 3DNS Maintenance menu This script opens the current wideip conf file in pico and allows you to edit it In Initial mode the script edits etc wideip conf In either Dynamic or Static mode the script first dumps the named cache if the dump fails the 3DNS Controller prompts the user to choose whether to continue the script or exit the script we recommend that you exit the script if this error occurs Once the dump is complete the script opens var 3dns etc wideip conf static even if in dynamic mode f
169. ration HTTP 3DNS Admin tcp 21024 Web administration HTTP BIG ip 3DNS tcp 22 SSH SCP 3DNS BIG ip tcp 1023 SSH SCP 3DNS BIG ip tcp 22 SSH SCP BIG ip 3DNS tcp 1023 SSH SCP 3DNS 3DNS tcp 22 SSH SCP 3DNS 3DNS tcp 1023 SSH SCP BIG ip 3DNS tcp 514 RSH RCP 3DNS BIG ip tcp 21024 RSH RCP 3DNS BIG ip tcp 5 4 RSH RCP BIG ip 3DNS tcp 21024 RSH RCP 3DNS 3DNS tcp 5 4 RSH RCP 3DNS 3DNS tcp 21024 RSH RCP LDNS 3DNS udp 53 DNS resolution 3DNS LDNS udp 21024 DNS resolution LDNS 3DNS tcp 53 DNS resolution and zone transfers 3DNS LDNS tcp 21024 DNS resolution and zone transfers BIG ip LDNS icmp Probing 3DNS LDNS icmp Probing F5 Networks Inc Preparing for Installation From BIG ip LDNS 3DNS LDNS To LDNS BIG ip LDNS 3DNS Protocol tcp tcp tcp tcp Port 53 2000 2300 53 2000 2300 Purpose Probing rtt_probe_protocol tcp or rtt_probe_dynamic yes CISCO routers should allow establish Probing rtt_probe_protocol tcp or rtt_probe_dynamic yes CISCO routers should allow establish Probing rtt_probe_protocol tcp or rtt_probe_dynamic yes CISCO routers should allow establish Probing rtt_probe_protocol tcpor rtt_probe_dynamic yes CISCO routers should allow establish Table 2 1 Ports used for 3DNS Controller communications Note that you might not need to all
170. re er sam ke E 3 include statement 0 0 cee eee eee ee E 4 key statement 1 orb Se b bae dO beaten eee aware E 4 logging statement nex ed aes ed ede EIE Y TEES E 5 options statement 2 yl E La Ep RUE RE REDE RET RER E 6 server statem rit 6 iscsi divlos deer ee eee ata eb d ee ERRETRUREE E 7 ZONE StateMENl csl ganged eee Er Ee Mae me ch eee gh EE EU E 7 Comments beers e REDE ee Een a Rada CU SUPER ag EET E EE E 8 Converting older configuration files to BIND 8 format E 10 Appendix F DNS Resource Records F 1 What are resource records 2 0 cece eee eee F 2 Types of resource records 0 eee eee cee eens F 3 COMMON TYPES 2ieiien sae eek ieee OR ER EU IUE ERE REDE F 3 Othertypes ceo eek e ede ea eG x Y rh ERR eR F 6 3DNS Controller v 1 0 6 xix Table of Contents Jons Introduction to 3DNS Controller Welcome to the 3DNS Controller Features e What s new in this version Conventions used in this manual Chapter 1 Welcome to the 3DNS Controller The 3DNS Controller is a wide area load distribution solution It works in tandem with BIG ip Server Array Controllers other server array controllers and single network servers to intelligently allocate Internet and intranet service requests across a geographically distributed array of network servers The 3DNS Controller provides intelligent name resolution and adds load balancing intelligence to the latest BIND tech
171. rking directory of the server The directory clause of the configuration file s options statement overrides any value specified on the command line The default working directory is the current directory config file Any additional argument is taken as the name of the configuration file for compatibility with older implementations as noted above this argument overrides any configuration file specified by the b and c options If no further argument is given the default configuration file is used etc named conf For more information on named see the named man page The name daemon control interface command ndc allows a name server administrator to send signals to the name server This section describes ndc a sub section describes the value that the 3DNS platform adds to the normal ndc functionality present in BIND WARNING Do not use ndc with watchdog named Instead use 3ndc The syntax for ndc is as follows ndc directive When you use ndc you can specify directives Directives are not required The directives available for 3ndc include status Display the current status of named as shown by ps dumpdb Write the database and cache to var tmp named dump db It uses the INT signal reload Checks the serial numbers of all primary and secondary zones and reloads those that have changed Uses the HUP signal Use this directive with caution as it sometimes starts two copies of ndc stats F5 Networks
172. rks of F5 Networks Inc Other product and company names are registered trademarks or trademarks of their respective holders Export Regulation Notice The 3DNS Controller is shipped with cryptographic software Therefore under the Export Administration Act the United States government may consider it a criminal offense to export this 3DNS Controller from the United States FCC Compliance This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can 3DNS Controller v 1 0 6 V radiate radio frequency energy and if not installed and used in accordance with this instruction manual may cause harmful radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense Acknowledgments vi This product includes software developed by the University of California Berkeley and its contributors This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory This product includes software developed by the NetBSD Foundation Inc and its contributors This product includes software developed
173. rocess The 3DNS platform supports these dynamic load balancing modes 3DNS Controller v 1 0 6 5 3 Chapter 5 Completion Rate Least Connections Packet Rate Round Trip Times RTT Completion Rate Syntax completion rate Figure 5 1 shows the 3DNS Controller using the Completion Rate load balancing mode The Completion Rate mode selects a virtual server on the BIG ip Controller which currently maintains the least number of dropped or timed out packets for transactions between itself and the local DNS Completion rate Completion rate Completion rate 3 3 100 2 3 6696 1 3 3396 New York Los Angeles Tokyo i Requests lw 2 Data Refresh Completion rate Completion rate Completion rate 2 3 6696 1 3 33 3 3 100 New York Los Angeles Tokyo Requests P 5 6 d Figure 5 1 Completion rate mode 5 4 F5 Networks Inc Load Balancing Example syntax Completion rate wideip address 192 168 101 60 port 80 name cgi wip domain com pool name mypool type vsb preferred completion_rate address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Figure 5 2 Example syntax for completion rate Related globals sub statements timer_get_path_data path_ttl rtt_timeout rtt_sample_count rtt_packet_length For information on the
174. roller manages and the number of times that the 3DNS Controller resolves requests to those virtual servers hosts Displays statistics about all hosts known to the 3DNS Controller including the number of times that the 3DNS Controller resolves requests to the host wips Displays statistics about each wide IP defined on the 3DNS Controller including load balancing information and the remaining time to live before the wide IP s metrics data needs to be refreshed Displays the current wideip conf mode Initial Static or Dynamic Corresponds to the 3dns mode script 3DNSQO Controller v 1 0 6 4 27 Chapter 4 Menu Item Use Dynamic wideip conf Use Static wideip conf Enter q to Quit Description Creates a static copy of the original wideip conf file and also creates a dynamic copy of the wideip conf file that includes the path and local DNS data as well as changes you make using the Edit wideip conf feature in the 3DNS Web Administration tool Corresponds to the dynamic _wideip script See Working with static and dynamic wideip conf files on page C 2 Returns to a single wideip conf file using the wideip conf static version created when you originally switched the mode to Dynamic Corresponds to the static_wideip script See Working with static and dynamic wideip conf files on page C 2 Closes the 3DNS Maintenance menu Understanding the wide IP key The wide IP key is the same address as the
175. roller selects New York for connections until the round trip times are recalculated After the data was refreshed the Los Angeles machine had the lowest score so subsequent requests were sent to Los Angeles Example syntax Round trip time load balancing with topology as alternate load balancing wideip address 19 25 EGGS c 10S port 80 name ntp wip domain com pool name poolA type vsb preferred rtt alternate topology address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Figure 5 7 Example syntax for round trip time Static modes Related globals sub statements timer_get_path_data path_ttl rtt_timeout rtt_sample_count rtt_packet_length For information on these and all globals sub statements see The globals statement on page 7 4 The 3DNS platform supports these static load balancing modes Random 3DNS Controller v 1 0 6 5 9 Chapter 5 e Ratio Round Robin Null Return to DNS Random Syntax random When you specify a Random load balancing mode the 3DNS Controller selects a virtual server for the connection at random from the wide IP set of virtual servers Example syntax Random wideip address 192 168 101 60 port 80 name cgi wip domain com pool name mypool type vsb preferred random address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Toky
176. rompt 3dns gated Editing the etc netstart file Next you need to edit the etc netstart file and change the definition of the gated variable as shown below gated YES The 3DNS Controller is now configured to accept dynamic route updates from your router Note Certain network environments may require that you modify the routing tables or your router If you have communication problems between your router and the 3DNS Controller please contact Technical Support at F5 Networks Inc 3DNS Controller v 1 0 6 8 5 Chapter 8 gis Glossary Appendix A Term Definition BIG ip Controller A Service Array Controller that monitors each server for application availability and performance and automatically routes incoming queries to the most available server big3d The listener that runs on each BIG ip Controller and BIND Berkley Internet Name Domain daemon data collector data copier DNS Domain Name System DNS server encryption key fallback address FDDI Fiber Distributed Data Interface F Secure SSH gateway host responds to 3DNS Controller queries The most common implementation of DNS which provides a system for matching domain names to IP addresses A program that runs in the background on UNIX systems and responds to requests from services or from other hosts on a network Any 3DNS Controller that collects data Each 3DNS Controller is a data collector until you designa
177. rresponds to least number of hits iQuery port options Parameter Description Default use Determines whether the 3DNS Controller runs iQuery traffic no alternate on port 245 the port used in older configurations or on the iq port new registered iQuery port 4353 The default setting no uses port 245 To use port 4353 change this setting to yes multiplex Determines whether the 3DNS Controller uses the no iq ephemeral ports for iQuery traffic returned from the big3d utility To force iQuery traffic to use port 4353 for all incoming iQuery traffic change this setting to yes 3DNS Controller v 1 0 6 Hos Chapter 7 Probing Parameter Description Default paths_never_ Specifies that dynamic load balancing modes can use path no die data even after the TTL for the path data has expired We recommend that you change this setting to yes which has the effect of requiring that the 3DNS Controller always uses path data even if the path s TTL expires paths_ Specifies whether the 3DNS Controller overwrites existing no noclobber path data with blank data when a path probe fails We recommend that you change this setting to yes which has the effect of requiring that the 3DNS Controller does not overwrite existing path data with blank data when a path probe fails check_dynamic_ Specifies that the 3DNS Controller checks the availability of yes depends a path before it uses the path for load balancing
178. rtt_probe_ Determines whether the 3DNS Controller attempts a second no dynamic probe using the alternate probe protocol if the probe protocol specified by xtt probe protocol fails during the first probe rtt port Determines whether the 3DNS Controller uses the discovery no discovery factory to find an alternate port to be used by the probing factory if probing on port 53 fails rtt Determines which ports to scan short discovery method path max Determines the maximum number of times the 3DNS 0 refreshes Controller requests new data for the path no limit The bigip statement The bigip statement defines the characteristics associated with a particular BIG ip Controller A bigip statement contains the following information F5 Networks Inc Statements and Comments The IP address of the BIG ip Controller The set of virtual servers that are available on the specified BIG ip Controller Dynamically collected information about the BIG ip Controller its virtual servers and ports and the paths between the BIG ip Controller and local DNS Syntax for bigip statement The bigip statement syntax includes the following sub statements biga address lt ip_addr gt vs address lt ip_addr gt lt port_number gt port lt port_number gt service lt service_name gt ratio number translate address ip addr port port number service service name Figure 7 4 Syntax f
179. ry name servers to update its secondary zones An Internet communications protocol This protocol provides information relevant to IP packet processing and error correction A BIND name server signal It saves a copy of the name server s database to a file called named_dump db This file is located in var tmp or usr tmp depending on your configuration A US organization that registers domain names and IP addresses and distributes information about the Internet The InterNIC Internet address is rs internic net A UDP based protocol used to communicate and exchange information between BIG ip Controllers and 3DNS Controllers A DNS server making the name resolution request on behalf of a client From the perspective of the 3DNS Controller the local DNS is the source of the name resolution request A computer that can answer DNS queries Name servers contain information about some part of the DNS and they make that information available to clients Also called DNS server The name server daemon which manages domain name server software A specific server in the array managed by a BIG ip Controller A logical route between a BIG ip Controller and a local DNS Appendix A Term pool primary DNS QOS Quality of Service resolution resolvers resource record RTT Round Trip Time secondary DNS TTL Time to Live virtual address virtual port virtual server wide IP Definition A group of
180. s Comments Chapter 7 Statements Syntax rules A top level 3DNS Controller statement begins with a keyword and may be followed by either a value or by a block of sub statements enclosed in braces You can find an example of a complete configuration file in Appendix C The wideip conf File The 3DNS platform supports the following top level statements globals Controls global 3DNS Controller configuration options and sets defaults for other statements This statement may be used only once per configuration bigip Defines a BIG ip Server Array Controller managed by the 3DNS Controller host Defines a single network server or other server array controller wideip Defines a wide IP Wide IPs map a domain name to a load balancing mode and a set of virtual servers on BIG ip Controllers and or other host machines topology Implements and defines topology based access control and makes it possible for you to use the new topology load balancing mode on its own and as part of the QOS mode Keep the following rules in mind when creating and editing statements in your wideip conf file Statement order The globals statement should appear first in the wideip conf file followed by bigip and host statements The wideip statements should appear next following by the topology statement F5 Networks Inc Statements and Comments Address specification Wherever an address is required in a statement the addr
181. s number Figure 7 2 Syntax for globals statement continued from previous page 7 6 F5 Networks Inc Example Statements and Comments globals prober Ie Gis Oi encryption yes paths_noclobber yes path_ttl 2400 rtt_probe_dynamic yes multiplex_iq yes use alternate iq port yes Ve Lit M ml Hi Ui Default prober is New York 3DNS Encrypt iQuery Don t overwrite metrics with zeroed results Extend the life of path metrics Gwiten t CED probing LE Lemo fails Source port is the same as destination port for iQuery Use IANA registered port for iQuery Figure 7 3 Example syntax for globals statement Definition of globals sub statements Each globals sub statement supports the parameters described below Primary IP address You include this sub statement only when configuring a 3DNS Controller as a data copier Parameter Description Default primary_ip 3DNS Controller v 1 0 6 Specifies the IP address of the data collector from which 0 the current data copier retrieves metrics information Chapter 7 Synchronization The synchronization sub statement specifies how the current 3DNS Controller handles synchronizing its database with the other 3DNS Controllers in the network Parameter Description Default sync_db_interval On a data collector specifies the amount of time in 600 seconds between updates
182. s A or class B netmasks if ipaddr belongs to the address range of class A or B respectively or by 24 otherwise e domainname service Accepts datagrams where the reverse address lookup yields the domainname for the sender s address The meaning of service is described above domainname service Same as above except that any source host whose name ends in domainname will get permission d Puts syslogd into debugging mode This is useful for troubleshooting f Specifies the path name of an alternate configuration file the default is etc syslog conf m Selects the number of minutes between mark messages the default is 20 minutes P Specifies the path name of an alternate log socket the default is var run log s Operates in secure mode Does not listen for log message from remote machines D 16 F5 Networks Inc Utilities and Scripts log2mail The log2mail program gathers system log messages from the syslogd daemon and mails a copy to each specified address It is intended to be invoked by syslogd using the construct in the etc syslog conf file as in the following example err auth notice usr sbin log2mail root remote site com thttpd The log2mail program begins each mail message with a line of context taken from the previous mail message The context clarifies the meaning of the last message repeated n times messages that are generated by syslogd itself log2mail uses this syntax log2mail
183. s arguments when you start watchdog named to change the time parameters These arguments are described later in this section Parses named conf to find the directory command in order to find in which directory to run and where to dump and find named cores If more that one directory command is found in named conf watchdog named uses the last one it finds When your 3DNS Controller is using watchdog named you cannot use ndc to stop start or restart named Instead you must use 3ndc See 3ndc on page D 5 If you are using a ps command followed by a grep named command to find all named process on a 3DNS Controller add the ww argument to the ps command This causes ps to print out long lines ensuring that watchdog named appears in the output A 3DNS Controller does not have to use watchdog named You can instead use named and ndc See named on page D 6 and ndc on page D 8 watchdog named uses the following syntax watchdog named c lt path gt r lt number gt s lt number gt The options for watchdog named include c path Specifies the path for the named conf file to use The default is etc named conf r number Specifies the number of times named can be restarted before a warning is logged The default is 10 s number F5 Networks Inc 3ndc Utilities and Scripts Specifies the number of seconds between restarts that is considered excessive The default is 3600 3ndc allows the na
184. s to one name the following addresses all map to www wip 192 168 101 50 192 168 102 50 192 168 103 50 Configure the globals bigip and host statements in etc wideip conf For the globals statement you need only change parameters if you want to override default values For the bigip statements you must identify each BIG ip Controller and the virtual servers it owns In cases where you are using a redundant BIG ip Controller system enter the IP address that the redundant system shares between the two units Do not use the actual address of each BIG ip Controller in the redundant system For the host statement identify each host machine and its virtual servers Continuing with the example here are sample globals bigip and host statements Note that each sample is only a snippet of the complete configuration file For an example of a complete configuration file see Appendix C The wideip conf File aoa Chapter 4 globals pu5olocHe592 N15 mT kOm encryption yes paths noclobber yes path ttl 2400 rtt probe dynamic yes multiplex iq yes use alternate iq port yes Figure 4 5 Sample globals statement bigip New York address 192 168 101 40 ya 4 address 192 168 101 50 port 80 translate address 10 0 0 50 port 80 Figure 4 6 Sample bigip statement Default prober is New York 3DNS Encrypt iQuery Don t overwrite metrics with zeroed results Extend the life of path metrics Gwiten t CE
185. s_addr gt lt port gt ratio lt weight gt Figure 7 8 Syntax for wideip statement 7 22 F5 Networks Inc Statements and Comments Example Hi wideip ederess 192 168101 50 service http name www wip domain com qos_coeff TEE 21 completion_rate 7 packet_rate topology pool name pool 1 type vsb rario 2 preferred qos amp xelehesse 3 092 16S LOL a0 ratio 2 access 192 163 102 50 cereale Jb adores O Mice mne Orao pool name pool 2 type vsb ratio JL preferred rr address 192 168 102 60 ratio 2 address 192 168 103 60 ratio 1 Figure 7 9 Example syntax for wideip statement 3DNS Controller v 1 0 6 US Chapter 7 Definition of wideip sub statements Wide IP sub statements defines groups virtual servers to be load balanced and they assign load balancing characteristics such as the load balancing mode to each group Address information The address information sub statements specifies the wide IP key see Understanding the wide IP key on page 4 28 They also specify the pool of virtual servers that the wide IP load balances Parameter Description address port or service name alias ttl port list qos coeff pool lbmode A key that represents one valid virtual server IP address from the set which services this wide IP This key is also listed as the A record in the zone file for the domain See Understanding the wide IP key on page 4
186. se and all globals sub statements see The globals statement on page 7 4 Least Connections Syntax leastconn The Least Connections mode selects a virtual server on the BIG ip Controller which currently maintains the least number of connections 3DNS Controller v 1 0 6 555 Chapter 5 Example syntax Least connections with ratio as an alternate wideip address 192 168 102 60 service ftp name ftp wip domain com pool name main_pool type vsb preferred leastconn alternate ratio address 192 168 101 60 ratio 2 New York address 192 168 102 60 ratio 4 Los Angeles address 192 168 103 60 ratio 1 Tokyo Figure 5 3 Example syntax for least connections Related globals sub statements timer get vs data vs ttl For information on these and all globals sub statements see The globals statement on page 7 4 Packet Rate Syntax packet rate Figure 5 4 shows the 3DNS Controller using the Packet Rate load balancing mode The Packet Rate mode selects a virtual server which corresponds to the BIG ip Controller that is currently processing the least packets per second 5 6 F5 Networks Inc Load Balancing 200 packets second 100 packets second 500 packets second Hr New York Los Angeles Requests t 1 2 3 Data Refresh 200 packets second 700 packets second 500 packets second Sur lt New York Los Angeles os
187. sed by the 3DNS Controller and must appear before any bigip host or wideip statements in the wideip conf file Each globals sub statement has a default setting You do not need to edit the globals statement unless you want to change a sub statement s default setting If the 3DNS Controller does not find a globals statement in the configuration file the 3DNS Controller uses a globals block with each option set to its default The globals statement should appear only once in a configuration file if the 3DNS Controller finds more than one occurrence the 3DNS Controller generates an error alerting you that your configuration contains multiple g1obals statements However if you use a globals sub statement more than once within the globals block the 3DNS Controller uses the last listed value and does not generate an error For example if your globals block contains the following lines the 3DNS Controller uses the value 50 globals host ttl 100 host ttl 50 F5 Networks Inc Statements and Comments Syntax for globals statement The globals statement supports the following sub statements When you define a globals statement you need to include only those sub statements that you want to change from the default globals primary Api peadra sync_db_interval lt number gt check_static_depends lt yes no gt timer_get_bigip_data lt number gt timer_get_host_data lt number gt timer_get_vs_data lt number
188. sh characters and are no longer than one line in length To have one logical comment span multiple lines each line must start with the pair For example This is the start of a comment The next lin is a new comment line even though it is logically part of the previous comment 3DNS Controller v 1 0 6 E 9 Appendix E Shell style comments Shell style also known as Perl style comments start with the character and are no longer than one line in length For example This is the start of a comment The next line is a new comment line even though it is logically part of the previous comment WARNING You cannot use the semicolon character to start a comment such as you would in a zone file The semicolon indicates the end of a configuration statement Text following a semicolon is interpreted as the start of the next statement Converting older configuration files to BIND 8 format You can convert BIND 4 9 x configuration files to the BIND 8 format using src bin named named bootconf pl a Perl script that is part of the BIND 8 1 source kit E 10 F5 Networks Inc Jons DNS Resource Records Appendix F What are resource records name ttl A resource record RR consists of a name a type and data that is specific to the type These resource records in a hierarchical structure make up the DNS The standard resource record format specified in R
189. sizes based on the amount of memory installed We recommend that you remove or comment out datasize statements from etc named conf files because they are no longer necessary System control variables on BIG ip Controllers If you configure the 3DNS Controller to use the registered iQuery port 4353 for iQuery traffic you must change the corresponding bigip open 3dns lockdown ports sysctl variable on all BIG ip Controllers running version 2 0 and earlier The default setting for this variable is 0 but if iQuery traffic is set to run on port 4353 you must change the variable setting to 1 The big3d utility All versions of the big3d utility must be updated on BIG ip Controllers The 3DNS Controller includes big3d utilities for BIG ip Controller version 1 8 3 version 2 0 and version 2 0 4 Use F5 Networks Inc Installation Procedures the Install and Start big3d command on the 3DNS Maintenance menu to automatically copy and install the appropriate version of the big3d utility to all BIG ip Controllers in your environment Note The big3d utility version 2 0 1 is compatible with BIG ip Controller version 2 0 2 Storing zone files Move zone files to the var namedb directory which offers substantially more storage space than the etc namedb directory 1 Change the directory etc namedb line in the etc named conf file to instead point to the var namedb directory directory var namedb 2 Move etc namedb to var name
190. ss 192 168 102 60 ratio 4 Los Angeles address 192 168 103 60 ratio 1 Tokyo Figure 5 25 Using alternate load balancing modes Using multiple resource pools To help you address common issues this section provides several examples that offer a variety of solutions Example A In this example suppose you are a network administrator of a large network Your network includes a large number of Sendmail servers to help distribute the mail traffic For example you ve configured one Sendmail server to serve the human resources department another to serve the engineering group and another to serve the sales staff Some Sendmail servers are virtual servers managed by BIG ip Controllers while others are virtual servers managed by a host machine Maintaining this configuration is time consuming since you must configure each client workstation with the address of the appropriate Sendmail server You must also decide how to deal with issues like disproportionate growth or traffic 5 34 F5 Networks Inc Load Balancing To resolve these problems you can configure one Sendmail service to manage all the other Sendmail servers You can configure a super service using the 3DNS Controller and all your individual Sendmail servers This service load balances traffic across all of your Sendmail servers and sends connections to the fastest performing server at any given time This allows you as the administrator to configure all clien
191. ss control to the probing of paths If this parameter is set to yes the 3DNS Controller requests a given BIG ip Controller to probe only those local DNS servers that can connect to it according to the acl_threshold value and the topology map scores longest match Incases where there are several IP mask items that match a particular IP address longest_match specifies whether the 3DNS Controller selects the record that is most specific and thus has the longest mask mask virtual The server mask for a given data center This is one of two values used to server determine the longest match mask LDNS The local DNS mask This is one of two values used to determine the longest match mask score The mask score which is used for the comparison of virtual servers when the topology load balancing mode is employed 7 28 F5 Networks Inc Statements and Comments Comments You can insert comments anywhere you would otherwise see white space in the 3DNS Controller configuration file Syntax Note that the comment syntax depends on the environment in which you use the configuration file For example This is a 3DNS comment as in C This is a 3DNS comment as in C This is a 3DNS comment as in common Unix shells and Perl Figure 7 11 Comment syntax Definition and usage The format for comments varies by programming language each format is described below To avoid comment nesting problems we recommend th
192. st machines controlled by the 3DNS Controller currently marked up Down The number of other host machines controlled by the 3DNS Controller currently marked down F5 Networks Inc Web Administration Virtual Servers Item Description Total Virtual The total number of virtual servers Servers Total BIG ip The number of virtual servers managed by BIG ip Virtual Servers Controllers Up The number of BIG ip virtual servers that are up Down The number of BIG ip virtual servers that are down Total Host The number of virtual servers managed by a host Virtual Servers machine Up The number of host virtual servers that are up Down The number of host virtual servers that are down 3DNS Controller v 1 0 6 6 15 Chapter 6 5 TS Wide IP Item Description Total Wide IPs The number of defined wide IPs Total Requests The number of name resolution requests sent to the Total Non Wide IP Requests Total Wide IP Requests Total Resolved By Preferred By Alternate By Fallback Total Returned to DNS 3DNS Controller The number of regularD N S requestnot intended to be load balanced The number of requests sent to a wide IP for resolution and load balancing The number of successful name resolutions The number of resolutions made using the preferred load balancing method The number of resolutions made using the alternate load balancing method
193. statement See The wide IP statement on page 7 21 In the following zone file excerpt the specified Minimum value is 30 seconds for every entry The exception is the domain name www wip which is overridden and is not saved in any DNS cache The result is that a new query is made each time a name resolution request is made for www wip This allows the 3DNS Controller to respond with the most intelligent answer for each request wip domain com IN SOA 3dns newyork domain com postmaster domain com 1998062914 Serial as YYYYMMDDXX 3600 Refresh S00 p Ieucxew 3600000 Expire 30 Minimum default ttl for entire file www wip 0 IN A LEZ WGI o LOL G0 Figure 4 12 Zone minimums Object Limits Each 3DNS object has an associated TTL When an object s TTL expires the 3DNS Controller stops using a dynamic load balancing method and reverts to a static method You set an object TTL with the globals statement For example 3DNS Controller v 1 0 6 4 29 Chapter 4 globals bigip ttl 60 host ttl 240 vs ttl 120 path ttl 600 Relating 3DNS TTL values to persistence values set on the BIG ip Controller You can also configure a TTL value for each wide IP definition The tt1 value in a wideip statement specifies the amount of time in seconds that the specified wide IP s information is to be used by the 3DNS Controller for name resolution and load balancing Depending on your situation you may want to take yo
194. subnet bitmask values 0 in the wildcard list record this record will always be chosen last by the longest match rule The lt score gt parameter setting either allows or denies access depending on whether its value is set greater than or less than the acl_threshold setting A lt score gt value that is greater than or equal to the acl_threshold setting allows access A lt score gt value that is less than the acl_threshold setting denies access If no wildcard list record is provided the following is assumed 0 0 0 0 0 0 0 0 0 0 0 Using access control to limit path probing The limit probes parameter specifies whether to apply access control to the probing of paths If this parameter is set to yes the 3DNS Controller requests a given BIG ip Controller to probe only those local DNS servers that can connect to it according to the acl threshold value and the topology map scores In the example topology statement above the 3DNS Controller would not send a local DNS 200 0 0 0 connection to the BIG ip Controller 192 168 101 0 for probing but would send it to the BIG ip Controller 192 168 103 0 Topology load balancing mode Syntax topology The topology mode distributes connections based on the proximity of a local DNS to a particular data center Proximity is determined by network IP addresses of the local DNS compared to that of the data centers and not necessarily by geographical location 3DNS Controller v 1 0 6 5 21 Ch
195. sword 3DNS tm hostname and interface cards This uciility will teke you taronaga Cais process step by step Before any configuration files are written to disk you will be asked to confirm all your selections Press ctrl E to exit and configure manually press any key to continue Figure 3 3 First Time Boot Utility 3 10 F5 Networks Inc Installation Procedures Entering the password At the Set Root Password screen enter the password that you want to assign to the root user account The password should be a minimum of six characters a maximum of 128 and should contain a combination of uppercase lowercase and punctuation characters Next you are prompted to reset the root password Press any key to continue Confirm password You are prompted to confirm your new password by typing it again at the second Set Root Password screen Press any key to continue Entering the host name Enter a fully qualified domain name for the 3DNS Controller for example 3dns seattle domain com and press Enter Note If you need to change the host name later edit the hostname name line in the etc netstart script Setting the interface for the network In the next series of screens you set and configure the interface and netmask To select the interface as either expO de0 or fddi0 move the cursor to highlight your selection and press Enter 9 Note The 3DNS Controller First Time Boot utility lists on
196. t clients are only sent to a virtual server if both the secure and non secure areas are available The key entry here is port list The port list entry specifies that requests can only be sent to virtual servers in this pool if ports 80 non secure area and 443 secure area are available F5 Networks Inc Load Balancing wideip address 192 168 101 70 port 80 JJ MEES port list 80 443 e commerce name ssl wip domain com pool lbmode rx pool name bigip pool type vsb aLL 2 preferred qos alternate ratio address 192 168 101 70 ratio 7 address 192 168 102 60 ratio 2 pool name host_pool type vsh ratio Ji preferred ratio address 192 168 104 50 ratio 2 address 192 168 105 60 ratio 1 Figure 5 29 Configuring for e commerce 3DNS Controller v 1 0 6 5 39 Chapter 5 gis Web Administration Starting 3DNS administration e Statistics Administration Chapter 6 Starting 3DNS administration The 3DNS Controller comes with a Web Administration tool This tool gives you a snapshot of your 3DNS Controller network at any given time With this tool you can view current information about your network s BIG ip Controllers other host machines virtual servers paths and wide IPs This tool is primarily designed to assist in troubleshooting You can start 3DNS Controller administration in either of the following ways From the 3DNS Maintenance Menu select Start 3DNS Administration Ty
197. t is not overly taxed at the moment The following table lists each coefficient its scale a likely upper limit for each and whether a higher or lower value is more efficient Coefficient Packet rate Round trip times Completion rate Topology How measured Example upper limit Higher or lower Packets per second 700 Lower Microseconds 2 000 000 Lower 0 100 100 Higher 0 off or 1 on N A N A 3 You can adjust coefficients to emphasize one normalized metric over another 3DNS Controller v 1 0 6 Chapter 5 For example by changing the coefficients to the values shown below you are putting the most emphasis on round trip times globals gos_coeff_rtt 100 qos coeff completion rate 20 qos coeff packet rate 50 qos coeff topology 0 Figure 5 19 Balancing QOS coefficients to emphasize round trip time In the above example if round trip times for two virtual servers are close the virtual server with the best packet rate is chosen If both round trip times and packet rates are close the completion rate breaks the tie 4 If you need help in customizing a QOS equation contact F5 technical support Global Availability Syntax global availability ga Figure 5 20 shows the 3DNS Controller using the global availability load balancing mode The global availability mode selects the first available virtual server in a wide IP definition If that virtual server becomes unavailable su
198. t query logging consumes log file space This directive may also be given as qrylog start Starts watchdog named if it is not running watchdog named starts named If a named process is already running watchdog named starts and watches the current named process stop Stops watchdog named and named if they are running restart Stops and restarts watchdog named and named named is the Internet domain name server If no arguments are specified named opens the default boot file etc named conf reads any initial data and listens for queries named uses the following syntax named b c config file d lt debuglevel gt g group name p lt port gt q r t directory u user name v w directory config file The options for named include b Specifies an alternate boot file This argument is overridden by any configuration file which is specified at the end of the command line The default value is etc named conf d Prints debugging information The number specified after this option determines the level of printed messages f Runs the process in the foreground 9g F5 Networks Inc Utilities and Scripts Specifies which group the server should run as after it initializes You can specify a group name or a numeric group ID P Use the specified remote port number this is the port number to which named sends queries The default
199. t workstations to use the same domain name wideip address 192 168 102 50 service smtp name mx wip domain com pool_lbmode ratio pool name pool 1 type vsb rario S preferred rtt alternate random address 192 168 101 50 address 192 168 102 50 address 192 168 103 50 pool name pool 2 type vsh ratio i preferred ratio address 192 168 104 50 ratio 2 ackiress 192 Lar 0S 50a c Figure 5 26 Configuring one Sendmail service to manage all other Sendmail servers 3DNS Controller v 1 0 6 51 35 Chapter 5 Example B The following example uses multiple resource pools to determine how to distribute connections among three data centers New York Los Angeles and Tokyo The administrator wants resolution requests that are made to the 3DNS Controller in New York to be resolved to virtual servers in the data center in New York If the data center in New York fills up and becomes unavailable the administrator wants to send those resolution requests to virtual servers in the data center in Los Angeles If both the New York and Los Angeles data centers are full the administrator wants to send resolution requests to virtual servers in the data center in Tokyo Note the use of the null and return to DNS load balancing modes If requests cannot be resolved using the least connections load balancing mode those requests are ultimately returned to DNS wideip ediress 192 168 102 10 port 80 name www domain com alias
200. te it a data copier with the globals sub statement primary_ip A 3DNS Controller that copies data from data collectors at intervals specified with the globals sub statement sync db interval Any 3DNS Controller that contains the globals sub statement primary ip is a data copier A distributed database that maps IP addresses to host names See name server The sequence of data that prevents unauthorized access to other data See wide IP key A multi mode protocol for transmitting data on optical fiber cables up to 100Mbps An encryption utility that allows secure shell SSH connections to a remote system such as the BIG ip Controller Hardware and or software that forwards data between two networks Any computer on a network that makes services available to other computers on the network F5 Networks Inc Term host machine ICMP Internet Control Message Protocol INT InterNIC iQuery local DNS Name server named name server daemon node path 3DNS Controller v 1 0 6 Glossary Definition For the purposes of this manual host machine refers to a single network server or a server array controller other than a BIG ip Controller A BIND name server signal It causes the name server to reload configuration files Use this signal after modifying the name server s boot file or one of its database files for the changes to take effect You can also send this signal to BIND 4 93 seconda
201. te of Washington USA without regard to its choice of law rules The provisions of the U N Convention for the International Sale of Goods will not apply Any provisions found to be unenforceable will not affect the enforceability of the other provisions contained herein but will instead be replaced with a provision as similar in meaning to the original as possible This Agreement constitutes the entire agreement between the parties with regard to its subject matter No modification will be binding unless in writing and signed by the parties 3DNS Controller v 1 0 6 XV DNS Chapter 1 Introduction to 3DNS Controller 1 1 Welcome to the 3DNS Controller 2 0 2 nananana ce cece eee eee 1 2 Heat res pege sete b optet ER pedi oae tdv tee eb a pd 1 4 What s new in this version llle ee 1 5 Conventions used in this manual 00 00 cece eese 1 8 Typographic conventions 0 cece cece eee eee eee eee 1 8 Terminology conventions sse 1 9 Chapter 2 Preparing for Installation 2 1 General network considerations 0 0 0 eee eese 2 2 Planning the primary DNS isuseeseseeeseeeee eee 2 2 Working with a primary DNS outside of your network 2 3 Migrating the primary DNS to a 3DNS Controller 2 5 Using a 3DNS Controller as your primary DNS 2 6 Integrating 3DNS Controllers 2 0 0 0 0 eee esee 2 8 Working with a single 3DNS Controller
202. ted IP addresses required if the packets must pass through a firewall When you use this keyword you must then include name and port service information for the translated IP addresses The host statement The host statement defines information about the host itself including its IP address and also defines information about the individual virtual servers associated with it Syntax for host statement Posti address lt ip_addr gt probe_protocol lt tcp icmp gt Orc ponta prober lt ip_addr gt we address lt ip_addr gt lt port_number gt port lt port_number gt service lt service_name gt probe_protocol lt tcp icmp gt Figure 7 6 Syntax for host statement 3DNS Controller v 1 0 6 7 19 Chapter 7 Example host Tokyo address 192 168 104 40 vs address 192 168 104 50 80 probe_protocol tcp Figure 7 7 Example syntax for host statement Definition of host sub statements The host sub statements define information about the virtual servers managed by a host server The host sub statements also define the method used to ping the host server to verify if it is available Parameter Description address In the context of a host statement address specifies the host machine s IP address probe_protocol The protocol method to use for probing this host TCP or ICMP port The port used to probe this host if probe_protocol is set to TCP prober The IP address of the machine
203. that is acceptable by the 3DNS Controller and etc wideip conf The generated list is saved in a file called etc bigip lst and is useful in configuring the bigip statement in your wideip conf file See page 4 5 Note This script is not available in the international version of 3DNS Controller This script puts the 3DNS Controller into Static mode for wideip conf The script is also available on the 3DNS Maintenance menu as the Use Static wideip conf command The script first dumps the named cache if the dump fails the 3DNS Controller prompts you to choose whether to continue the script or exit the script We recommend that you exit the script if this error occurs Once the dump is complete one of the following events happens 3DNS Controller v 1 0 6 D 27 Appendix D If you are switching the 3DNS Controller from Initial mode to Static mode the script backs up the etc wideip conf file to var 3dns etc wideip conf ORIG and changes etc wideip conf to link to var 3dns etc wideip conf static If you are switching the 3DNS Controller from Dynamic mode to Static mode the script simply changes etc wideip conf to link to var 3dns etc wideip conf static In Dynamic mode the link points to var 3dns etc wideip conf dynamic Note Running this script while the system is already in Static mode does not change the state of the system F5 Networks Inc gis BIND 8 Configuration Information Appendix E B
204. the virtual servers managed by each BIG ip Controller include only those that host content for the domain you are load balancing For example each virtual server in the following table is owned by a different BIG ip Controller yet each contains identical content BIG ip Controller Virtual server Virtual port New York Los Angeles Tokyo 192 168 101 50 192 168 102 50 192 168 103 50 80 80 80 You configure virtual servers as part of the BIG ip Controller configuration process See the BIG ip Installation and Users Guide for more information F5 Networks Inc 3DNS Controller v 1 0 6 Configuring a 3DNS Controller In the third table list the other host machines and the IP addresses of the virtual servers that contain the same content For example Host Virtual server Virtual port Tokyo 192 168 104 50 80 New York 192 168 105 50 80 Next you need to choose a wide IP key Select one of the virtual servers in the group and use its IP address as the wide IP key In this example 192 168 101 50 is the wide IP key for www wip domain com See Understanding the wide IP key on page 4 28 Configure the load balanced name on the 3DNS Controller Locate or create a subdomain database file for wip domain com Select one IP address from the set and add an A record for the www wip domain Use the IP address as the wide IP key In the new A record specify a low TTL value You ca
205. tic 5 9 topology 5 21 local DNS defined 1 11 statistics 6 8 log rotation D 12 log2mail D 17 logging configuring D 11 Al Index M mail relay 8 3 maintenance menu 4 23 metrics collection overview 4 18 used with load balancing 5 3 MS resource records 4 10 multiple 3DNS Controllers examples 2 10 MX resource records F 4 N named D 6 ndc D 8 network statistics 6 11 node defined 1 11 NS resource records F 4 null load balancing mode 5 13 load balancing mode example 5 38 P packet rate load balancing mode 5 6 packing list 3 2 password authentication D 20 passwords 3DNS Controller 8 2 3DNS web server 8 2 path statistics 6 7 periodic task intervals 7 9 persistence 4 30 planning 3DNS Controller network 2 2 pool defined 7 3 7 24 port list 5 22 ports used in a 3DNS networks 2 25 primary DNS defined 1 10 2 8 iil migrating to 3DNS Controller 2 5 print 3dvips D 27 PTR resource records F 5 Q quality of service balancing coefficients 5 27 load balancing mode 5 24 R rack mounting 3 3 random load balancing mode 5 10 ratio load balancing mode 5 10 requirements installation 3 2 resource records F 1 A F 3 CNAME F 4 defined F 2 MX F 4 NS F 4 PTR F 5 SOA F 5 return to DNS load balancing mode 5 13 load balancing mode example 5 38 reverse domains 4 10 round robin load balancing mode 5 12 round trip times load balancing mode 5 8 routing enabling dynamic routing 8 5 RSA aut
206. tion rate 7 packet rate topology pool name pool 1 type vsb ratio 2 preferred qos address 192 168 101 50 ratio 2 address 192 168 102 50 ratio 1 address 192 168 103 50 ratio 1 pool name pool 2 type vsb ratio 1 preferred rr address 192 168 102 60 ratio 2 address 192 168 103 60 ratio 1 Global availability wideip address 192 168 101 60 Appendix C port 80 name cgi wip domain com pool name mypool type vsb preferred ga address 192 168 101 60 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Round trip time load balancing with topology as alternate load balancing see topology below wideip address 192 168 103 60 port 80 name ntp wip domain com pool name poolA type vsb preferred rtt alternate topology address 192 168 101 600 New York address 192 168 102 60 Los Angeles address 192 168 103 60 Tokyo Least connections with ratio as an alternate wideip address 192 168 102 60 service ftp name ftp wip domain com pool The wideip conf File name main_pool type vsb preferred leastconn alternate ratio address 192 168 101 60 ratio 2 New York address 192 168 102 60 ratio 4 Los Angeles address 192 168 103 60 ratio 1 Tokyo Round robin pool load balancing between bigip and hosts This site runs a catalog and shopping cart and only wishes to send client to a datacenter if services are up on both
207. tly running 3DNS Controller processes nde stop kill cat var run big3d pid kill cat var run syslog pid ps aux grep thttpd kill pid 6 Extract the 3 v 0 6 tar gz file in the var tmp directory cd usr contrib bin gtar zxvpUf var tmp 3 v1 0 6 tar gz 7 Run 3dparse to update the etc wideip conf file 3dparse 8 Restart the 3DNS Controller sync reboot Note Once you install the 3DNS software you must install new versions of the BIG3d utility on all BIG ip Controllers managed by the 3DNS Controller See Setting up the big3d utility on page 2 21 3DNS Controller v 1 0 6 3 5 Chapter 3 Once you install the software update you must make the required configuration changes described in the following section Required configuration changes The following configuration changes are required All other configuration changes in this release are optional First Time Boot utility To check whether the First Time Boot utility has run the 3DNS Controller now looks for the etc netstart file rather than etc wideip conf If the etc netstart file exists the 3DNS Controller does not run the First Time Boot utility at start up If the 3DNS Controller does not find the etc netstart file it runs the First Time Boot utility at start up and saves the etc netstart file upon completion Datasize settings The 3DNS Controller now automatically manages all datasize statements including process data and stack
208. topology 0 Figure 5 17 Global settings In a wide IP definition you can override the global coefficient settings Figure 5 18 displays a wide IP definition that uses overrides for the global settings shown in Figure 5 17 3DNS Controller v 1 0 6 5 25 Chapter 5 Ue wideip ederess 192 168101 50 service http name www wip domain com qos_coeff TEE 21 completion_rate 7 packet_rate topology pool name pool 1 type vsb rario 2 preferred qos amp xelehesse 3 092 16S LOL a0 ratio 2 access 192 163 102 50 cereale Jb adores O Mice mne Orao pool name pool 2 type vsb ratio JL preferred rr ewelsheexe 19241068 102 60 Taro 2 gekchesss 192 158 LOS 60 ratio i Figure 5 18 QOS coefficient settings that override the global default settings 5 26 F5 Networks Inc Load Balancing Balancing QOS coefficients Before you change QOS coefficients from their default values note the following 1 The raw metrics for each coefficient are not on the same scale For example completion rate is measured in percentages while the packet rate is measured in packets per second 3DNS Controller normalizes the raw metrics on the order of 0 to 10 As the QOS value is calculated a high measurement for completion rate is good because a high percentage of completed connections are being made but a high value for packet rate is not desirable because you are trying to find a virtual server tha
209. traffic routing with advanced load balancing algorithms Completion Rate Global Availability Least Connections Packet Rate Quality of Service QOS Random Ratio also known as Weighted or Administrative Cost Round Robin RR Round Trip Time RTT and Topology Ease of integration Integrates seamlessly with BIG ip Controllers Also integrates with other array controllers as well as individual network servers Collecting information The 3DNS Controller collects information allowing the 3DNS Controller to answer subsequent requests from a local DNS more intelligently Answers are returned immediately The 3DNS Controller does not collect information as a result of or during the name resolution process Instead the 3DNS Controller collects information at pre configured intervals With the 3DNS Controller you can specify how long data is saved in the cache For example by specifying low time to live TTL values you ensure that client requests are satisfied with the most current data rather than with existing data from the cache Reliability It is important to ensure that clients have access to the services they need at all times The following features ensure the reliability of a network F5 Networks Inc Introduction to 3DNS Controller Adherence to standards The 3DNS Controller is based on industry standard DNS Transparent distribution The 3DNS Controller allows transparent distribution of all IP services E
210. troller v 1 0 6 4 17 Chapter 4 ndc restart Defining data collectors and data copiers When you configure a 3DNS Controller you configure it as a data collector or data copier Data collector A data collector is a 3DNS Controller that collects performance data by issuing queries to big3d utilities that run on BIG ip Controllers or on other 3DNS Controllers The big3d utilities calculate performance data and return the data to the requesting data collector The data collector stores the performance data in its cache and periodically updates the data Data copier A data copier is a 3DNS Controller that copies performance data from a data collector The data copier stores the copied performance data in its cache We recommend that you configure the first two 3DNS Controllers in your network to be data collectors and that you configure any additional 3DNS Controllers as data copiers For help in planning your network see Integrating 3DNS Controllers on page 2 8 Each 3DNS Controller is a data collector until you designate it as a data copier To designate a 3DNS Controller as a data copier revise the globals statement in its etc wideip conf file as follows globals primary ip ip addr sync db interval value The primary ip line defines the IP address of the data collector from which the current data copier copies the performance data The sync db interval line sets the frequency at which the data copier queri
211. ts are returned to DNS The last time this name was resolved F5 Networks Inc Summary statistics Web Administration Click Summary to view the following information about your network The administration tool generates a summary table for each aspect of your network General Item 3DNS Version Max Datasize Start Time Current Time Last Reload Last Dump Total Requests Seconds Up Average Requests Per Second Since Start Time Average Requests Per Second Since Last Dump Description The version number of the 3DNS Controller in use The maximum amount of memory that is available for the 3DNS Controller to use The date and time that the system was booted The current date and time The date and time of the last HUP signal Corresponds to ndc reload The date and time of the last INT signal Corresponds to ndc dumpdb The number of requests made The number of seconds elapsed since the last reboot The average number of requests per second since the system was booted Depending on your site s traffic 3DNS Controller may be capable of handling a greater number of requests per second The average number of requests per second since the last refresh of summary statistics Depending on your site s traffic 3DNS Controller may be capable of handling a greater number of requests per second 3DNS Controller v 1 0 6 Ol Chapter 6 Primary 3DNS This table is dis
212. ual server The port number of the specified virtual server The weighting value for the specified virtual server The number of current connections to the specified virtual server Whether the connection limit for this virtual server has been reached Open indicates that the connection limit has not been reached and Full indicates that it has The number of nodes currently servicing the specified virtual server Whether the specified virtual server is available F5 Networks Inc Web Administration Item Description Picks The number of times this virtual server was chosen by a wide IP for load balancing Refreshes The number of times this data was refreshed Last Refresh The last time the 3DNS Controller received data about the specified virtual server Virtual server decision criteria A virtual server is available to be used in a load balancing decision if the following conditions are met Path statistics The BIG ip Controller or host machine that governs the virtual server is available The virtual server is enabled The virtual server s connection limit is not exceeded The number of nodes servicing the virtual server is greater than 0 The data was refreshed within the specified TTL the TTL is specified with the globals sub statement vs_tt1 Click Paths to view the following path information for your network Paths are dynamically created by the 3DNS Controller for each name resolutio
213. ub statements specify the load balancing modes to use for the wide IP in this order The 3DNS Controller attempts to load balance requests using the preferred mode If the preferred mode fails the 3DNS Controller tries the alternate mode If the alternate mode fails the 3DNS Controller tries the fallback mode 3DNS Controller v 1 0 6 7 25 Chapter 7 If the fallback mode fails the request is returned to DNS As noted in the table below not all modes are valid for the alternate sub statement Also note that the alternate and fallback sub statements accept two additional values return_to_dns and null If you do not specify a load balancing mode the wide IP uses the load balancing mode defined in the globals statement see page 7 13 Parameter Description completion_rate global_availability leastconn null packet_rate qos random ratio return_to_dns Least packets dropped or timed out Valid for vsb pools only and only ina preferred or fallback sub statement First virtual server listed in the wide IP definition Valid for both vsb and vsh pools Least number of current connections for a virtual server Valid for vsb pools only and only in a preferred or fallback sub statement Bypasses the current load balancing method and forces the 3DNS Controller to use the next load balancing method or if it has cycled through all load balancing sub statements for the pool t
214. ur configured BIG ip Controller persistence behavior into account as you configure a wide IP s TTL value To find out how a BIG ip Controller s persistence behavior is configured check its etc rc sysctl file Search for the following line sysctl w bigip persist time used as limit The above command ends with a value of either 1 or 0 1 Specifies that the persistence time starts when a connection is first made by the client and runs until the persistence time value expires 0 Specifies that the persistence timer resets itself upon receipt of each packet The timer keeps resetting as the client generates traffic over their connection Once traffic stops on the connection the timer runs out as the above value When you configured your BIG ip Controller you specified this behavior using the following command bigpipe vip virtual address port gt persist persistence timeout If you specified 1 for the above command configure the corresponding wideip statement so that the tt 1 is at least 10 seconds higher than the BIG ip Controller s persist value F5 Networks Inc Configuring a 3DNS Controller If you specified 0 for the above command set the wide IP s tt1 value to the maximum value for which you want client connections to persist Troubleshooting configuration problems Adding a wide IP is a process that requires careful planning and use of correct syntax The following recommendations are intended to m
215. use alternate iq port to specify whether outbound iQuery traffic runs on port 4353 or on port 245 Port 245 is used in earlier versions of 3DNS Controller and is the current default in order to support backward compatibility However we recommend that yousetuse alternate iq port to yes which specifies that the configuration uses the new standard iQuery port 4353 9 Note If you use port 4353 for iQuery traffic you must set the corresponding bigip open 3dns lockdown ports sysctl variable to 1 the default setting is 0 on all BIG ip Controllers running version 2 0 and earlier F5 Networks Inc Configuring a 3DNS Controller The 3DNS Controller supports another global sub statement associated with iQuery traffic The multiplex iq sub statement determines whether 3DNS Controller allows all returning iQuery traffic to run only on port 4353 or port 253 depending on the use alternate iq port setting or allows returning iQuery traffic to run on individual ephemeral ports The default setting for this variable is no which specifies that returning iQuery traffic runs on individual ephemeral ports Note You cannot run the big3d utility on the 3DNS Controller to manage path probing on behalf of hosts if you also want returning iQuery traffic to use a single port The returning iQuery traffic and the big3d utility create a conflict because they both need to use the same port To resolve this problem you should set each host to use
216. value is the standard port number as returned by the getservby name command for the service domain In earlier versions of named the syntax p port localport was supported The first port was used when contacting remote servers and the second one was the service port bound by the local instance of named The current usage is equivalent to the old usage without the localport specified this functionality can be specified with the listen on clause of the configuration file s options statement q Traces all incoming queries if named was compiled with the QRYLOG defined command Note that this option is deprecated in favor of the boot file directive options query log r Turns off recursion on the server Answers can come only from local primary or secondary zones This option can be used on root servers Note that this option is deprecated in favor of the boot file directive options no recursion t Specifies the directory the server should chroot 2 into as soon as it finishes processing command line arguments u Specifies the user the server should run as after it initializes You can specify a user name or a numeric user ID If you did not use the g option the group ID used is the primary group of the specified user initgroups 3 is called so all of the user s groups are available to the server vV Displays the version information W 3DNS Controller v 1 0 6 D 7 Appendix D ndc Sets the wo
217. vel DNS Server A M po newyork domain com i Node Node2 Node3 i Content Servers i Router EE 5 3DNS Controller BIG ip Controller data collector Internet B E BR tokyo domain com Nodei Node2 Node3 Content Servers _ Router 3DNS Controller B B data copier Host o A 5 Primary DNS domain com Local DNS 1 5 o 3 Internet Service Provider Chicago Client Figure 2 1 Name resolution process primary DNS outside of 3DNS network The transaction process is as follows 1 The client connects to an Internet Service Provider ISP and queries the local DNS to resolve the domain name www domain com 2 If the information is not already in the local DNS cache the ISP s local DNS queries a root server such as InterNIC s root servers The root server returns the IP address of a DNS associated with domain com 3 The ISP s local DNS connects to the primary DNS to resolve domain com The primary DNS refers the local DNS to the 3DNS Controller in New York because a subdomain was delegated to the 3DNS Controller making the 3DNS 2 4 F5 Networks Inc Preparing for Installation Controller the authoritative source for this subdomain The primary DNS created an alias CNAME for the domain name to a name in the subdomain that is manag
218. virtual address and virtual port associated with a content site that is managed by a BIG ip Controller or other host machine Manages and balances information on BIG ip Controllers or other host machines by mapping a domain name to a load balancing method and a set of virtual servers F5 Networks Inc Term wide IP key WKS Well Known Services zone files 3DNS Controller v 1 0 6 Glossary Definition The wide IP key is sometimes referred to as the fallback address The wide IP key is the same address as the domain name address the DNS A record and the wide IP address A type of resource record that describes the services usually provided by a particular protocol on a particular port A DNS term A database file that stores domains with one or many domain names designated mail servers a list of other name servers that can answer resolution requests and a set of zone attributes called SOA Start Of Authority Appendix A pons 3DNS Controller Configuration Checklist Appendix B Overview This appendix provides a configuration checklist which you should complete before you begin to install a 3DNS Controller You may want to make photocopies of the checklist and use one form for each 3DNS Controller in your network Keep the completed checklists for future reference 3DNS Controller Configuration Checklist Jus 3DNS Controller Configuration Checklist Interface IP Address Domain n
219. virtual servers defined and owned by BIG ip Controllers and other host machines that are load balanced as part of a wide IP The name server that manages the authoritative domain name information for a zone A dynamic load balancing mode that bases connection distribution on a configurable combination of the packet rate completion rate round trip time and topology modes In DNS terminology the process by which a name server retrieves data that is requested by a resolver and sends it to the resolver In DNS terminology the clients that accesses name servers A resolver queries a name server interprets the responses and returns the information to the program that requested it The building blocks of the DNS A resource record RR consists of a name a type and data that is specific to the type These resource records in a hierarchical structure make up the DNS A calculation of the time in microseconds that the local DNS takes to respond to a probe issued by the big3d utility A name server that gets DNS data from the name server that is authoritative for the DNS zone A variable that controls how long information is kept in the cache and used in making decisions An IP address associated with one or more virtual servers managed by the BIG ip Controller One component of a virtual server The virtual port number should be the same TCP or UDP port number that is known to client programs A specific combination of a
220. y and the vents on both the front and back of the unit remain unobstructed The 3DNS Controller must have adequate ventilation around the unit at all times Do not allow the air temperature in the room to exceed 50 C Internal temperatures should be considered for continued safe operation Make sure that the branch circuit into which you plug the unit is not shared by more electronic equipment than it is designed to manage safely at one time If you are installing the 3DNS Controller in a location outside of the United States you need to verify that the voltage selector is set appropriately before connecting the power cable to the unit WARNING The unit must be connected to Earth ground and it should have a reliable ground path maintained at all times WARNING The 3DNS Controller contains a lithium battery There is danger of an explosion if you replace the lithium battery incorrectly We recommend that you replace the battery only with the same type of battery originally installed in the unit or with an equivalent type recommended by the battery manufacturer Be sure to discard all used batteries according to the manufacturer s instructions 3DNS Controller v 1 0 6 3 3 Chapter 3 Installation tasks The procedures for installation vary depending on whether you are installing a 3DNS Controller for the first time or upgrading an earlier version Doing a first time installation If you are installing the
221. y_ip as specified in the 3DNS machine s wideip conf file The number of times the data copier successfully copied the data collector s dump file The number of times the data copier was unsuccessful in copying the data collector s dump file 3DNS Controller v 1 0 6 6 13 Chapter 6 6 14 BIG ip Item Description Total Servers Unknown Up Down Waiting Alert Panic Average Packet Rate The number of BIG ip Controllers controlled by the 3DNS Controller The number of BIG ip Controllers for which the status is not known The number of BIG ip Controllers controlled by the 3DNS Controller currently marked up The number of BIG ip Controllers controlled by the 3DNS Controller currently marked down The number of BIG ip Controllers controlled by the 3DNS Controller currently in waiting mode The number of BIG ip Controllers controlled by the 3DNS Controller currently in alert mode The number of BIG ip Controllers controlled by the 3DNS Controller currently in panic mode The average number of packets per second in and out of the BIG ip Controller Average The average number of connections from the start Connections time to the current time Average Nodes The number of total nodes up divided by the number of BIG ip Controllers Host Item Description Total Hosts The number of other host machines controlled by the 3DNS Controller Up The number of other ho
222. ynamic probe protocol switching The big3d utility dynamically switches to the alternate probe protocol specified by rtt_probe_dynamic in an effort to generate a successful response if the initial probe on a local DNS fails Implementing the discovery factory The big3d utility supports a discovery factory If the probing factories fail to get a response from port 53 on a given local DNS using either probe protocol the 3DNS Controller sends the target local DNS to the discovery factory The discovery factory scans the target looking for an open port on which it can receive and respond to a probe If the discovery factory finds an open port the 3DNS Controller uses that port for future probes If it cannot find an open port the target is no longer probed For each requesting local DNS you can view the current state of probing and discovery in the 3DNS Web Administration tool see the Local DNS screen There are six different probe and discovery states as shown in the following table State Description Needs Probe Target has never been probed or scanned Idle Target has been successfully probed and is waiting for next probe In Probe Target is currently being probed Needs Discovery Target failed a probe and now needs to be scanned In Discovery Target is currently being scanned Suspended Target failed the scan and is no longer eligible for probing or scanning F5 Networks Inc Preparing for Installati
223. you don t use this script all users have access to the Web Administration site 8 2 F5 Networks Inc Additional System and Network Configuration Configuring Sendmail You can configure the 3DNS Controller to allow electronic mail to be sent from the system This configuration must be completed if the 3DNS Controller is to send electronic mail to the administration workstation or to an alphanumeric pager The 3DNS platform includes an example configuration file that is suitable for most sites Before you use this configuration file however you do have to customize it for your network environment Customizing the etc sendmail file When you customize this file you enter the name of the mail relay server Finding the mail relay in your network 1 From a machine capable of name resolution type the following on the command line 3dns etc nslookup N The command returns a default server name and corresponding IP address Default Server lt server name gt Address lt server w Next query for the mail relay server for your domain using the following command set q mx lt domain name gt The information returned includes the name of the mail exchanger Setting up Sendmail 1 Copy etc sendmail cf off to etc sendmail cf 2 Edit etc sendmail cf and set the DS variable to the name of the mail exchange server 3 Open the etc crontab file and change the last line of the file to read 0 15 3
224. your original wideip conf file separately from a dynamic wideip conf file that includes the most recent path and local DNS information The 3DNS Maintenance menu includes two commands to support this feature Use Dynamic wideip conf and Use Static wideip conf Use Dynamic wideip conf Renames the existing etc wideip conf file to var 3dns etc wideip conf ORIG if it is found to be in the Initial state and it also creates a link from etc wideip conf to var 3dns etc wideip conf dynamic F5 Networks Inc The wideip conf File Use Static wideip conf Renames the existing etc wideip conf file to var 3dns etc wideip conf ORIG if it is found to be in the Initial state and it also creates a link from etc wideip conf to var 3dns etc wideip conf static You can manually edit the etc wideip conf file in a text editor and the correct file is modified in preparation for a restart 9 Note You must restart the system before implementing any other dynamic commands to avoid losing changes to the edited wideip conf To avoid any possible loss of any changes use the Edit 3DNS Configuration command from the menu or the edit wideip script To open the etc wideip conf file 1 From the command prompt change to the etc directory by typing cd etc 2 Use a text editor such as vi or pico to open the wideip conf file For example if you use vi type the following vi wideip conf Example 3DNS Controller configuration file
Download Pdf Manuals
Related Search