BIG-IP Global Traffic Manager Concepts
BIG-IP Global Traffic Manager Concepts
BIG-IP Global Traffic Manager Concepts
Concepts
Version 11.5
Table of Contents
Table of Contents
Legal Notices.....................................................................................................7
Acknowledgments.............................................................................................9
Chapter 1: About Global Server Load Balancing..................................................................13
Introducing the Global Traffic Manager............................................................................14
About global server load balancing..................................................................................14
Static load balancing methods..............................................................................14
Dynamic load balancing methods.........................................................................16
About load balancing and resource availability................................................................17
About virtual server dependency...........................................................................18
Configuring virtual server availability to be dependent on the status of other
virtual servers...................................................................................................18
Limit settings for resource availability....................................................................18
About wide IP-level load balancing..................................................................................19
About the Global Availability load balancing method.............................................19
About the Ratio load balancing method................................................................19
About the Round Robin load balancing method....................................................20
About Topology load balancing..............................................................................21
About pool-level load balancing.......................................................................................21
About the Drop Packet load balancing method.....................................................21
About the Virtual Server Score load balancing method.........................................21
About the Virtual Server Capacity load balancing method....................................22
About the Round Trip Times load balancing method.............................................22
About the Packet Rate load balancing method.....................................................22
About the Least Connections load balancing method...........................................22
About the Kilobyte/Second load balancing method...............................................22
About the Hops load balancing method................................................................22
About the Completion Rate load balancing method..............................................23
About the CPU load balancing method.................................................................23
About the Return to DNS load balancing method.................................................23
About Static Persist load balancing.......................................................................23
About the Fallback IP load balancing method.......................................................23
About the None load balancing method................................................................24
About the QoS load balancing method..................................................................24
About dynamic ratio load balancing......................................................................26
Using the preferred load balancing method when metrics are unavailable...........27
Configuring the resources in a pool for manual resume........................................27
Restoring availability of a pool member manually.................................................28
Table of Contents
Table of Contents
About named.conf.................................................................................................50
Creating a master DNS zone................................................................................51
Creating a hint zone..............................................................................................51
Configuring GTM to allow zone file transfers.........................................................52
About DNS views..................................................................................................53
Types of DNS zone files........................................................................................54
Types of DNS resource records............................................................................55
About DNSSEC................................................................................................................56
About DNSSEC keys.............................................................................................56
About enhancing DNSSEC key security...............................................................56
Viewing DNSSEC records in ZoneRunner............................................................57
Protocols supported by the BIG-IP system......................................................................57
Table of Contents
Legal Notices
Publication Date
This document was published on January 27, 2014.
Publication Number
MAN-0346-05
Copyright
Copyright 2013-2014, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes
no responsibility for the use of this information, nor any infringement of patents or other rights of third
parties which may result from its use. No license is granted by implication or otherwise under any patent,
copyright, or other intellectual property right of F5 except as specifically described by applicable user
licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
AAM, Access Policy Manager, Advanced Client Authentication, Advanced Firewall Manager, Advanced
Routing, AFM, APM, Application Acceleration Manager, Application Security Manager, ARX, AskF5,
ASM, BIG-IP, BIG-IQ, Cloud Extender, CloudFucious, Cloud Manager, Clustered Multiprocessing, CMP,
COHESION, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express, DSC, DSI, Edge Client,
Edge Gateway, Edge Portal, ELEVATE, EM, Enterprise Manager, ENGAGE, F5, F5 [DESIGN], F5 Certified
[DESIGN], F5 Networks, F5 SalesXchange [DESIGN], F5 Synthesis, f5 Synthesis, F5 Synthesis [DESIGN],
F5 TechXchange [DESIGN], Fast Application Proxy, Fast Cache, FirePass, Global Traffic Manager, GTM,
GUARDIAN, iApps, IBR, Intelligent Browser Referencing, Intelligent Compression, IPv6 Gateway,
iControl, iHealth, iQuery, iRules, iRules OnDemand, iSession, L7 Rate Shaping, LC, Link Controller, Local
Traffic Manager, LTM, LineRate, LineRate Systems [DESIGN], LROS, LTM, Message Security Manager,
MSM, OneConnect, Packet Velocity, PEM, Policy Enforcement Manager, Protocol Security Manager,
PSM, Real Traffic Policy Builder, SalesXchange, ScaleN, Signalling Delivery Controller, SDC, SSL
Acceleration, software designed applications services, SDAC (except in Japan), StrongBox, SuperVIP,
SYN Check, TCP Express, TDR, TechXchange, TMOS, TotALL, Traffic Management Operating System,
Traffix Systems, Traffix Systems (DESIGN), Transparent Data Reduction, UNITY, VAULT, vCMP, VE
F5 [DESIGN], Versafe, Versafe [DESIGN], VIPRION, Virtual Clustered Multiprocessing, WebSafe, and
ZoneRunner, are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and
may not be used without F5's express written consent.
All other product and company names herein may be trademarks of their respective owners.
Patents
This product may be protected by one or more patents indicated at:
http://www.f5.com/about/guidelines-policies/patents
Export Regulation Notice
This product may include cryptographic software. Under the Export Administration Act, the United States
government may consider it a criminal offense to export this product from the United States.
Legal Notices
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority
to operate this equipment under part 15 of the FCC rules.
Canadian Regulatory Compliance
This Class A digital apparatus complies with Canadian ICES-003.
Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to
Information Technology products at the time of manufacture.
Acknowledgments
This product includes software developed by Gabriel Fort.
This product includes software developed by Bill Paul.
This product includes software developed by Jonathan Stone.
This product includes software developed by Manuel Bouyer.
This product includes software developed by Paul Richards.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by the Politecnico di Torino, and its contributors.
This product includes software developed by the Swedish Institute of Computer Science and its contributors.
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.
This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
This product includes software developed by Balazs Scheidler ([email protected]), which is protected under
the GNU Public License.
Acknowledgments
This product includes software developed by Niels Mueller ([email protected]), which is protected under
the GNU Public License.
In the following statement, This software refers to the Mitsumi CD-ROM driver: This software was developed
by Holger Veit and Brian Moore for use with 386BSD and similar operating systems. Similar operating
systems includes mainly non-profit oriented systems for research and education, including but not restricted
to NetBSD, FreeBSD, Mach (by CMU).
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
This product includes the standard version of Perl software licensed under the Perl Artistic License ( 1997,
1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard
version of Perl at http://www.perl.com.
This product includes software developed by Jared Minch.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/).
This product includes cryptographic software written by Eric Young ([email protected]).
This product contains software based on oprofile, which is protected under the GNU Public License.
This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)
and licensed under the GNU General Public License.
This product contains software licensed from Dr. Brian Gladman under the GNU General Public License
(GPL).
This product includes software developed by the Apache Software Foundation (http://www.apache.org/).
This product includes Hypersonic SQL.
This product contains software developed by the Regents of the University of California, Sun Microsystems,
Inc., Scriptics Corporation, and others.
This product includes software developed by the Internet Software Consortium.
This product includes software developed by Nominum, Inc. (http://www.nominum.com).
This product contains software developed by Broadcom Corporation, which is protected under the GNU
Public License.
This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser General
Public License, as published by the Free Software Foundation.
This product includes unbound software from NLnetLabs. Copyright 2007. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of NLnetLabs nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
10
11
Chapter
1
About Global Server Load Balancing
Description
Drop
Packet
BIG-IP GTM drops the DNS request. Use Drop Packet for
No
the Alternate load
balancing method when
you want to ensure that
GTM does not offer in
a response a virtual
server that is potentially
unavailable.
Yes
Yes
Yes
No
No
Yes
Global
BIG-IP GTM distributes DNS name
Availability resolution requests to the first
available virtual server in a pool.
BIG-IP GTM starts at the top of a
manually configured list of virtual
servers and sends requests to the first
Yes
Yes
Yes
14
Name
Description
No
Yes
Yes
Ratio
Yes
Yes
Yes
Yes
Return to
DNS
Yes
Yes
Yes
Round
Robin
Yes
Yes
Yes
Static
Persist
Yes
Yes
Yes
15
Name
Description
Yes
Yes
Yes
Description
Alternate
method
Fallback
method
Completion Rate
Yes
No
Yes
CPU
Yes
No
Yes
Hops
Yes
No
Yes
Yes
No
Yes
16
Wide IP
Preferred
load
method
balancing
No
Name
Description
Wide IP
Preferred
load
method
balancing
Alternate
method
Fallback
method
Yes
No
Yes
Packet Rate
Yes
Yes
Yes
Yes
No
Yes
Yes
No
Yes
Virtual Server
Score
No
Yes
Yes
Yes
Virtual Server
Capacity
Yes
Yes
Yes
17
Configuring virtual server availability to be dependent on the status of other virtual servers
Ensure that multiple virtual servers are configured on the server. Determine the virtual servers upon which
you want the availability of a virtual server to be dependent.
Configure a virtual server to be available based on the availability of other virtual servers by configuring a
Dependency List for the virtual server.
1. On the Main tab, click DNS > GSLB > Servers.
The Server List screen opens.
2. In the Server List, click a server name.
The server settings and values display.
3. On the menu bar, click Virtual Servers.
A list of the virtual servers configured on the server displays.
4. In the Virtual Servers list, click a virtual server name.
The virtual server settings and values display.
5. From the Configuration list, select Advanced.
Additional controls display on the screen.
6. In the Dependency List area, from the Virtual Servers list, select each virtual server on which you want
the virtual server to be dependent, and then click Add.
The virtual servers display in the list as you add them.
7. Click Finished.
The virtual server is now available only when the virtual servers on the dependency list are also available.
18
Server-level Pool-level
Virtual
BIG-IP
Server-level Systems
Maximum
Y
allowable
throughput in
bits per
second
Packets
Limit
setting
Server-level Pool-level
Virtual
BIG-IP
Server-level Systems
Current
connections
Connection
CPU
Memory
Testing global server load balancing without verifying availability of virtual servers
You can configure BIG-IP GTM load balancing in a staging environment to load balance DNS name
resolution requests to virtual servers without verifying the availability of the virtual servers.
1. On the Main tab, click DNS > Settings > GSLB > Load Balancing.
The Load Balancing configuration screen opens.
2. Deselect the Verify Virtual Server Availability check box.
3. Click Update.
19
Using the Ratio method, you can configure BIG-IP GTM to send twice as many connections to a fast, new
server, and half as many connections to an older, slower server.
About wide IPs and weighting pools for the Ratio load balancing method
When you configure a wide IP to use the Ratio load balancing method, BIG-IPGTM load balances DNS
name resolution requests across the pools in the wide IP based on the weight assigned to each pool. BIG-IP
GTM uses pool weight as a percentage of the total of the weights of all the pools in the wide IP to determine
the frequency at which a pool receives connection requests.
Consider the fictional company SiteRequest, where the wide IP www.siterequest.com contains three
pools, with the following weight assignments:
Pool 1: weight 50
Pool 2: weight 25
Pool 3: weight 25
Each time GTM selects this wide IP, it load balances DNS name resolution requests across all three pools.
Over time, the load balancing statistics for this wide IP appear as follows:
About pools and weighting pool members for the Ratio load balancing method
When you configure a pool to use the Ratio load balancing method, the Global Traffic Manager load
balances requests across the pool members based on the weight assigned to each pool member (virtual
server). The system uses pool member weight as a percentage of the total of the weights of all the members
assigned to the pool to determine the frequency at which a pool member receives connection requests.
Consider the fictional company SiteRequest, where the wide IP www.siterequest.com contains a pool
named poolMain. This pool contains three members, with the following weight assignments:
Each time the Global Traffic Manager selects this pool, it load balances across all three members. Over
time, the load balancing statistics for this pool appear as follows:
20
21
22
Verifying the availability of virtual servers when using the fallback load balancing method
You can configure BIG-IP GTM to verify that a virtual server is up before returning the IP address of the
virtual server in a response to a DNS name resolution request. Do this when the preferred and alternate load
balancing methods assigned to a pool do not return a valid response and BIG-IP GTM begins to use the
configured fallback load balancing method.
1. On the Main tab, click DNS > Settings > GSLB > Load Balancing.
23
Pool members (virtual servers) inherit the QoS settings from the pool. In the equation, the value of
POOL_CONFIG->"setting name" can be found in the properties of a pool, the value of GLOBALS->"setting
name" in the global BIG-IP GTM setting, and the value of path->"setting name" These are measured values
that come from path metrics. If there are no path metrics, the system does not perform path metric calculations
and computes the QoS score using the other calculations. vs->"field" These are measured values that come
from measurements the system makes on virtual servers. If there are no measurements, the system does not
perform these calculations and computes the QoS score using the other calculations. Each QoS coefficient,
its scale, default value, upper limit, and whether a higher or lower value is more efficient are defined in the
table.
24
Scale
Default value
Upper limit
Is higher or
lower value more
efficient?
50
2,000,000
100%
Hops
Number of
0
intermediate
systems transitions
64
Packet rate
700
bits/second
15000
Topology
100
Virtual server
capacity (vs
capacity)
Number of nodes up 0
20
100
2,000,000
25
Note: You can set a value for either RTT or hops. If you set both, BIG-IP GTM incorporates the RTT and
resets the hops to 0 (zero).
Coefficient
Value
50
Hops
Topology
Completion Rate
Packet Rate
10
VS Capacity
Bits/second
35
Link Capacity
30
10
Kilobytes/Second (KBPS)
26
requests to memberOne as it sends to memberTwo, because the round trip time for memberOne is twice as
fast as the round trip time for memberTwo.
Using the preferred load balancing method when metrics are unavailable
Configure BIG-IP GTM to use the preferred load balancing method assigned to a pool even when metrics
for the pool are unavailable. BIG-IP GTM uses old metrics, rather than the alternate load balancing method
assigned to the pool.
1. On the Main tab, click DNS > Settings > GSLB > Load Balancing.
The Load Balancing configuration screen opens.
2. Select the Ignore Path TTL check box.
3. Click Update.
BIG-IP GTM uses path information gathered during metrics collection even if the time-to-live (TTL) value
of that information has expired.
27
After a virtual server in this pool goes offline, you must manually enable the virtual server before BIG-IP
GTM can resume sending requests to the virtual server.
28
Chapter
2
Communications Between BIG-IP GTM and Other Systems
When to run
gtm_add
big3d_install
bigip_add
About iQuery
BIG-IP systems use an XML protocol named iQuery to communicate with other BIG-IP systems using
gzip compression. BIG-IP systems must exchange SSL certificates and be members of the same configuration
synchronization group before the systems can share information using iQuery.
Tip: iqdump is a command you can use to view the data transmitted between systems using iQuery.
Important: BIG-IP systems send iQuery communications only on the VLAN on which the systems receive
incoming messages.
30
iQuery Reconnects
Bytes In
Bytes Out
Backlogs
Bytes Dropped
To view information about the iQuery connections between a different BIG-IP GTM and the BIG-IP
systems in your network, log in to that BIG-IP GTM and repeat this procedure.
31
32
Chapter
3
Configuration Synchronization
Configuration Synchronization
When a change is made to a BIG-IP GTM configuration, the system broadcasts the change to the other
systems in the GTM synchronization group.
When a configuration synchronization is in progress, the process must either complete or timeout, before
another configuration synchronization can occur.
34
Chapter
4
BIG-IP GTM Configuration
About listeners
About Prober pools
About probes
About wide IPs
About data centers
About servers
About pools and pool members
About links
About distributed applications
About ZoneRunner
About DNSSEC
Protocols supported by the BIG-IP system
About listeners
A listener is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address
you assign to the listener. When a DNS query is sent to the IP address of the listener, BIG-IP GTM either
handles the request locally or forwards the request to the appropriate resource.
Managing and responding to requests for two wide IPs configured on the external VLAN:
www.siterequest.com
downloads.siterequest.com
A listener with an IP address that is on an external VLAN to manage DNS traffic destined for the wide
IPs.
A listener with the IP address of the local DNS server 10.2.5.37 to which the system can forward
incoming traffic destined for that server.
36
37
About probes
A probe is an action a BIG-IP system takes to acquire data from other network resources. BIG-IP Global
Traffic Manager (GTM) uses probes to track the health and availability of network resources.
38
path information BIG-IP GTM requires when conducting Quality of Service, Round Trip Time, Completion
Rate, and Hops load balancing methods.
The big3d agent on the BIG-IP GTM that is delegated to probe the resource, sends a probe to the LDNS.
The LDNS responds to the probe.
BIG-IP GTM updates the LDNS entry, assigning it an Active state.
The big3d agent then broadcasts the results of the probe to all BIG-IP GTM systems in the GTM
synchronization group.
39
Protocols and ports used by big3d during communications with local DNS servers
This table describes the protocols and ports the big3d agent uses to communicate with an LDNS when
collecting path data for the local DNS servers.
Table 2: Communication between big3d agents and local DNS servers
40
From
To
Protocol
From port
To port
Purpose
big3d agent
LDNS
ICMP
n/a
n/a
Probe using
ICMP pings
big3d agent
LDNS
TCP
>1023
53
Probe using
TCP (Cisco
routers: allow
establish)
LDNS
big3d agent
TCP
53
1023
Replies using
TCP (Cisco
routers: allow
establish)
big3d agent
LDNS
UDP
53
33434
Probe using
UDP or the
traceroute utility
LDNS
big3d agent
ICMP
n/a
n/a
Replies to
ICMP, UDP
From
To
Protocol
From port
To port
Purpose
pings, or
traceroute utility
probes
big3d agent
LDNS
dns_rev,
dns_dot
>1023
53
Probe using
DNS rev or
DNS dot
big3d agent
LDNS
dns_rev,
dns_dot
53
>1023
Replies to DNS
rev or DNS dot
probes
???.mydomain.net
www.??.domain.net
www.my*.net
www.??*.net
www.my*.*
???.my*.*
*.*.net
www.*.??
41
1. On the Main tab, click DNS > GSLB > Wide IPs.
The Wide IP List screen opens.
2. Click Create.
The New Wide IP screen opens.
3. In the Name field, type a name for the wide IP.
Tip: You can use two different wildcard characters in the wide IP name: asterisk (*) to represent several
characters and question mark (?) to represent a single character. This reduces the number of aliases
you have to add to the configuration.
4. From the Pool list, select the pools that this wide IP uses for load balancing.
The system evaluates the pools based on the wide IP load balancing method configured.
a) From the Pool list, select a pool.
A pool can belong to more than one wide IP.
b) Click Add.
5. Click Finished.
42
7. In the Persistent TTL field, type the number of seconds the persistence entry is valid.
This value can range from 0 to 4294967295 seconds.
8. Click Finished.
Once a resource has sent a response to a DNS name resolution request, BIG-IP GTM sends subsequent
requests from the same connection to that same resource until the current session is completed.
43
About servers
A server defines a physical system on the network. Servers contain the virtual servers that are the ultimate
destinations of DNS name resolution requests. BIG-IP Global Traffic Manager (GTM) supports three
types of server,s as shown in the table.
BIG-IP systems
Any member of the BIG-IP system product line.
Third-party load balancing systems
A third-party load balancing system is any system, other than a BIG-IP system, that supports and manages
virtual servers on the network.
Third-party host servers
A third-party host server is a resource to which the BIG-IP system load balances DNS traffic, for example,
a web server, file server, or SQL server.
44
CacheFlow
NetApp
Sun Solaris
Windows 2000 Server (You can monitor the Windows Vista Enterprise Server using the Windows
2000 Server.)
Windows NT 4.0
Configuring virtual server availability to be dependent on the status of other virtual servers
Ensure that multiple virtual servers are configured on the server. Determine the virtual servers upon which
you want the availability of a virtual server to be dependent.
Configure a virtual server to be available based on the availability of other virtual servers by configuring a
Dependency List for the virtual server.
1. On the Main tab, click DNS > GSLB > Servers.
The Server List screen opens.
2. In the Server List, click a server name.
The server settings and values display.
3. On the menu bar, click Virtual Servers.
A list of the virtual servers configured on the server displays.
4. In the Virtual Servers list, click a virtual server name.
The virtual server settings and values display.
5. From the Configuration list, select Advanced.
Additional controls display on the screen.
6. In the Dependency List area, from the Virtual Servers list, select each virtual server on which you want
the virtual server to be dependent, and then click Add.
The virtual servers display in the list as you add them.
7. Click Finished.
The virtual server is now available only when the virtual servers on the dependency list are also available.
45
About links
A link is a logical representation of a physical device (router) that connects your network to the Internet.
BIG-IP Global Traffic Manager (GTM) tracks the performance of links, which influence the availability
of pools, data centers, wide IPs, and distributed applications.
46
Defining a link
Ensure that at least one data center exists in the configuration.
Gather information about the routers that you want to define as links, including:
IP addresses
Data center location
Define links to aid BIG-IP Global Traffic Manager (GTM) in determining resource availability.
1. On the Main tab, click DNS > GSLB > Links..
The Links list screen opens.
2. Click Create.
The New Link screen opens.
3. Type a name for the link.
Important: Link names are limited to 63 characters.
4. Specify whether the link uses address translation when communicating between the network and the
Internet.
Important: If you enable this setting, the BIG-IP Link monitor cannot monitor outbound traffic through
this link.
5. Type the IP address of a router in the Address field, and then click Add.
You can add more than one IP address, depending on how the server on which you are creating the link
interacts with the rest of your network.
6. Select the data center where the router that the link represents resides.
7. In the Uplink Address field, specify the IP address of the router on the ISP side of the link.
When you configure an uplink address, the BIG-IP system sends SNMP requests to the IP addresses
configured in the Router Address List. The system uses the statistics that the router returns to distinguish
between internal-only traffic and traffic destined for the Internet.
8. Assign the BIG-IP Link monitor to the link by moving it from the Available list to the Selected list.
9. Click Create.
The big3d agent can now gather and analyze path and metrics information about outbound traffic passing
through the router the link represents.
IP addresses
Data Center location
When you want to avoid sending too much outbound traffic to a router with lower bandwidth, configure
the links that represent your routers for ratio weighting.
Important: You must use the same weighting option for all of the links on your network.
47
Specifies that BIG-IP uses the ratio you specify in the Link Ratio field
when selecting a link.
12. If you selected Ratio from the Weighting list, in the Link Ratio field, type the frequency at which the
system sends traffic through the link.
13. Click Create.
The BIG-IP system can now load balance outbound traffic through your routers based on bandwidth.
Load balancing outbound traffic over the least expensive link first
Ensure that at least one data center exists in the configuration.
Gather the following information about the routers that you want to define as links:
48
IP addresses
Data Center location
When you want to load balance outbound traffic to a router with the lowest fees first, configure the links
that represent your routers for price weighting.
Important: You must use the same weighting option for all of the links on your network.
1. On the Main tab, click DNS > GSLB > Links..
The Links list screen opens.
2. Click Create.
The New Link screen opens.
3. Type a name for the link.
Important: Link names are limited to 63 characters.
4. Specify whether the link uses address translation when communicating between the network and the
Internet.
Important: If you enable this setting, the BIG-IP Link monitor cannot monitor outbound traffic through
this link.
5. Type the IP address of a router in the Address field, and then click Add.
You can add more than one IP address, depending on how the server on which you are creating the link
interacts with the rest of your network.
6. Select the data center where the router that the link represents resides.
7. In the Uplink Address field, specify the IP address of the router on the ISP side of the link.
When you configure an uplink address, the BIG-IP system sends SNMP requests to the IP addresses
configured in the Router Address List. The system uses the statistics that the router returns to distinguish
between internal-only traffic and traffic destined for the Internet.
8. From the Configuration list, select Advanced.
Additional controls display on the screen.
9. Assign the BIG-IP Link monitor to the link by moving it from the Available list to the Selected list.
10. From the Weighting list, select Price, when you want BIG-IP to direct outbound traffic through the
link with the lowest cost first.
11. Click Create.
The BIG-IP system can now load balance outbound traffic through your routers based on cost.
49
4. Select the Duplex Billing check box when the ISP that provides the link bills for bandwidth usage based
on a maximum amount of inbound or outbound traffic (whichever is higher), rather than billing for
bandwidth usage based on the total inbound and outbound traffic.
5. Click Create.
The Link List screen displays.
You can organize logical network components into groups that represent a business environment.
You can configure a distributed application to be dependent upon the availability of a data center, server,
or link. This dependency ensures that a user cannot access a distributed application when a portion of
the resources are unavailable.
You can define persistence for the distributed application, ensuring that a user, who accesses the
distributed application uses the same resources during a single session.
If the New York data center goes offline, a wide IP in that data center becomes unavailable. A distributed
application associated with that wide IP also becomes unavailable. Consequently, the system does not send
resolution requests to any of the distributed application resources, until the entire application becomes
available again.
About ZoneRunner
You can use the ZoneRunner utility to create and manage DNS zone files and configure the BIND instance
on BIG-IP Global Traffic Manager (GTM). With the ZoneRunner utility, you can:
About named.conf
named.conf contains the primary operational characteristics of BIND, including DNS views, access control
list definitions, and zones. The ZoneRunner utility updates named.conf when you modify the local BIND
instance.
50
Use ZoneRunner to edit named.conf, to decrease the risk of a syntax error that prevents the BIND system
from performing as expected. Zonerunner provides an automatic syntax check and displays error messages
to help you write the correct syntax.
1. On the Main tab, click DNS > Zones > ZoneRunner > named Configuration.
The named Configuration screen opens.
2. In the Options area, type additional configurations per your network design.
3. Click Update.
51
The external view is a default view to which you can assign zones.
4. In the Zone Name field, type a period character (.).
5. From the Zone Type list, select Hint.
6. Clear the Zone File Name field, and type the zone file name.
db.external.siterequest.com
view "external" {
match-clients {
"zrd-acl-000-000";
any;
};
52
6. Click Update.
To verify that zone transfers are working properly, modify this Linux command and run it on an external
computer:dig @<IP address> es.net. axfr
The command should return a response similar to this:
; <<>> DiG? 9.5.0-P2 <<>> @192.17.1.253 es.net. axfr
; (1 server found)
;; global options: printcmd
es.net. 500 IN SOA siterequest.com.
hostmaster.siterequest.com. 6 10800 3600 604800 60
es.net. 500 IN NS siterequest.com.
a.es.net. 30 IN A 192.17.1.100
b.es.net. 30 IN A 192.18.1.100
es.net. 500 IN SOA siterequest.com.
hostmaster.siterequest.com. 6 10800 3600 604800 60
;; Query time: 6 msec
;; SERVER: 192.17.1.253#53(192.17.1.253)
;; WHEN: Fri Mar 11 17:20:25 2011
;; XFR size: 5 records (messages 1, bytes 180)
53
Create an additional DNS view to modify the local nameserver configuration to allow a specific community
to access it.
1. On the Main tab, click DNS > Zones > ZoneRunner > View List.
The View List screen opens.
2. Click Create.
3. In the View Name field, type a name for the view.
4. From the View Order list, make a selection.
Option
Description
First
Last
After
In the view hierarchy, this view is listed immediately following the view that
you select from the View List.
5. In the Options area, modify the match-clients statement based on your configuration.
View configuration type
Add to match-clients statement
Single view configuration
view "external" {
match-clients {
"zrd-acl-000-000";
any;
};
6. In the Options area, type additional configurations per your network design.
7. Click Finished.
54
Zone files for a primary zone contain, at minimum, the start of authority (SOA) and
nameserver (NS) resource records for the zone. Primary zones are authoritative, that is,
Zone files for a secondary zone are copies of the principal zone files. At an interval
specified in the SOA record, secondary zones query the primary zone to check for and
obtain updated zone data. A secondary zone responds authoritatively for the zone provided
that the zone data is valid.
Stub
Stub zones are similar to secondary zones, except that stub zones contain only the NS
records for the zone. Note that stub zones are a specific feature of the BIND
implementation of DNS. F5 Networks recommends that you use stub zones only if you
have a specific requirement for this functionality.
Forward
The zone file for a forwarding zone contains only information to forward DNS queries
to another nameserver on a per-zone (or per-domain) basis.
Hint
The zone file for a hint zone specifies an initial set of root nameservers for the zone.
Whenever the local nameserver starts, it queries a root nameserver in the hint zone file
to obtain the most recent list of root nameservers. Zone file import.
Description
SOA (Start of authority) The start of authority resource record, SOA, starts every zone file and indicates
that a nameserver is the best source of information for a particular zone. The
SOA record indicates that a nameserver is authoritative for a zone. There must
be exactly one SOA record per zone. Unlike other resource records, you create
a SOA record only when you create a new master zone file.
A (Address)
The Address record, or A record, lists the IP address for a given host name. The
name field is the hosts name, and the address is the network interface address.
There should be one A record for each IP address of the machine.
AAAA (IPv6 Address) The IPv6 Address record, or AAAA record, lists the 128-bit IPv6 address for a
given host name.
CNAME (Canonical
Name)
DNAME (Delegation of The Delegation of Reverse Name resource record, DNAME, specifies the reverse
Reverse Name)
lookup of an IPv6 address. These records substitute the suffix of one domain
name with another. The DNAME record instructs Global Traffic Manager
(GTM) (or any DNS server) to build an alias that substitutes a portion of the
requested IP address with the data stored in the DNAME record.
HINFO (Host
Information)
MX (Mail Exchanger)
The Mail Exchange resource record, MX, defines the mail system(s) for a given
domain.
NS (nameserver)
The nameserver resource record, NS, defines the nameservers for a given domain,
creating a delegation point and a subzone. The first name field specifies the zone
55
Description
that is served by the nameserver that is specified in the nameservers name field.
Every zone needs at least one nameserver.
PTR (Pointer)
A name pointer resource record, PTR, associates a host name with a given IP
address. These records are used for reverse name lookups.
SRV (Service)
The Service resource record (SRV) is a pointer with which an alias for a given
service is redirected to another domain. For example, if the fictional company
Site Request has an FTP archive hosted on archive.siterequest.com, the IT
department can create an SRV record with which the alias ftp.siterequest.com is
redirected to archive.siterequest.com.
TXT (Text)
The Text resource record, TXT, allows you to supply any string of information,
such as the location of a server or any other relevant information that you want
available.
About DNSSEC
Domain Name System Security Extensions (DNSSEC) is an industry-standard protocol that functions as an
extension to the Domain Name System (DNS) protocol. BIG-IP Global Traffic Manager (GTM) uses
DNSSEC to guarantee the authenticity of DNS responses, including zone transfers, and to return Denial of
Existence responses thus protecting your network against DNS protocol and DNS server attacks.
56
Description
iQuery protocol
The gtmd agent on BIG-IP Global Traffic Manager (GTM) uses iQuery to
communicate with the local big3d agent and the big3d agents installed on other
BIG-IP systems.
57
58
Protocol
Description
DNS
BIG-IP supports the Domain Name System (DNS) for distribution of DNS name
resolution requests from clients and their local DNS servers to resources on your
global network.
DNSSEC
BIG-IP GTM supports the DNS Security Extensions for secure zone signing and
authentication of DNS responses.
HTTPS
BIG-IP supports Hypertext Transfer Protocol Secure (HTTPS) for secure web browsing.
SSL
The web server, which hosts the web-based Configuration utility, supports Secure
Sockets Layer (SSL) connections as well as user authentication.
SNMP
BIG-IP supports the Simple Network Management Protocol (SNMP) for monitoring
network resources.
SMTP
BIG-IP supports the Simple Mail Transfer Protocol (SMTP) for email transmission
across the Internet.
SSH
TCP wrappers
BIG-IP supports the use of TCP wrappers to provide an extra layer of security for
network connections.
FTP
BIG-IP supports the File Transfer Protocol (FTP) for secure access to BIG-IP system
software downloads from a web server.
Index
Index
B
big3d agent
and communication with an LDNS 40
and iQuery 30
and monitor timeout values 46
communicating with an LDNS 38
BIG-IP systems, and iQuery connections 31
C
canonical names
and pools 46
clusters, configuring 46
CNAME records
about 46
communications, about establishing inter-device 30
Completion Rate load balancing method, about 23
configuration synchronization, about 34
connections
viewing iQuery statistics 31
viewing status 31
CPU load balancing method, about 23
D
data acquisition
and BIG-IP system probe responsibility 40
and iQuery 30
and probes 38
data centers
about 44
dependencies, and virtual server status 18, 45
distributed applications, defined 50
DNSSEC, about 56
DNSSEC keys, about 56
DNSSEC records, viewing 41, 57
DNS servers, and zone transfers 52
DNS views, creating 53
DNS zone files, described 5455
Drop Packet load balancing method, about 21
duplex billing, and links 49
dynamic load balancing methods 16
dynamic ratio load balancing 27
Dynamic Ratio setting, about 26
F
Fallback IP load balancing method, about 23
fallback load balancing method, and verifying virtual server
availability 23
G
Global Availability load balancing method, about 19
global server load balancing, and virtual server dependency
18
H
Hint zone, configuring using ZoneRunner 51
Hops load balancing method, about 22
hosts, defined 44
I
iQuery
about 30
and big3d agent 30
and gtmd agent 30
and probes 38
viewing statistics about connections 31
viewing status of connections 31
K
Kilobyte/Second load balancing method, about 22
L
last resort pool
about 43
assigning to a wide IP 43
LDNS, and communication with the big3d agent 38
LDNS entries, and state of BIG-IP GTM 40
Least Connections load balancing method, about 22
limit settings, defined 18
links
and duplex billing 49
and monitoring of outbound traffic 47
and price weighting 48
and ratio weighting 47
defined 46
listeners
about wildcard 37
and network traffic 36
defined 36
load balancing
about pool-level 21
about Topology 21
about wide IPs and pool order 19
and limit settings 18
and resource availability 17
and virtual server dependency 18
using tiered 14
59
Index
M
manual resume feature
and pools 27
and virtual servers 28
monitor timeout, and virtual server status 46
N
named.conf
configuring using ZoneRunner 50
defined 50
network traffic
listeners 36
None load balancing method, about 24
NTP servers, and GTM synchronization groups 34
P
Packet Rate load balancing method, about 22
persistent connections
about 42
configuring 42
physical network components
about virtual servers 45
and links 46
defining servers 44
pool-level load balancing, about 21
60
Q
QoS equation
26
about customizing 25
understanding 24
QoS method
about 24
customizing equation 26
R
Ratio load balancing method
about 19
and pool member weighting 20
and pool weighting in wide IPs 20
ratio weighting, and links 47
resource availability, and load balancing 17
Return to DNS load balancing method, about 23
Round Robin load balancing method, about 20
Round Trip Times load balancing method, about 22
S
servers
about 44
about third-party hosts 44
about third-party load balancing 45
as pool members 50
SSL, and iQuery 30
static load balancing methods 14
Static Persist load balancing method
about 23
statistics, and Prober pools 38
status, and Prober pools 38
synchronization
about 34
and NTP servers 34
system upgrades, and Prober pools 39
Index
U
upgrades, and Prober pools 39
V
verifying virtual server availability, and fallback load balancing
method 23
views
creating for DNS in ZoneRunner 53
defined 53
virtual server availability, verifying 23
Virtual Server Capacity load balancing method, about 22
virtual server dependency, and load balancing 18
virtual servers
and configuring dependencies 18, 45
and weighting of pool members 20
as pool members 46
configuring status dependency 46
defined 45
restoring availability manually 28
Virtual Server Score load balancing method, about 21
virtual server status, setting for clusters 46
Z
ZoneRunner
about 50
and configuring a hint zone 51
and configuring a zone 51
and configuring named 50
and creating DNS views 53
and viewing DNSSEC records 41, 57
zones
configuring hint 51
configuring using ZoneRunner 51
zone transfers, and GTM 52
61
Index
62