manualshive.com logo in svg

Dell 3-DNS, Administrator'S Manual

The Dell 3-DNS Administrator's Manual is a comprehensive guide for users seeking to maximize the potential of their Dell 3-DNS product. Available for free download from manualshive.com, this manual provides in-depth instructions, troubleshooting tips, and advanced configurations, allowing users to optimize their network performance effortlessly.

Share
Download
background image

Using the Setup Utility

3-DNS

® 

Administrator Guide

3 - 11

Configuring the 3-DNS mode

The 3-DNS Controller can run in three different modes: node, bridge, and 
router.

Node mode

The 

node mode

 is the traditional installation of the 3-DNS Controller. 

The 3-DNS Controller replaces a DNS server in a network and uses the 
DNS server’s IP address. All DNS traffic is directed at the 3-DNS 
Controller because it is registered with InterNIC as authoritative for the 
domain. In node mode, you usually run BIND on the system to manage 
DNS zone files. In node mode, you may also use the NameSurfer 
application available to manage your zone files.

Bridge mode

In 

bridge mode

, the 3-DNS Controller acts as an IP bridging device by 

forwarding packets between two LAN segments (usually on the same IP 
subnet). The system usually has one IP address, and is installed between 
the router or switch, and the authoritative DNS server. The 3-DNS 
Controller does not replace the authoritative DNS server. 
The 3-DNS Controller filters all DNS packets that match wide IPs, and 
forwards the remaining packets to the authoritative DNS server for 
resolution. Note that this may be the preferred method of using the 
3-DNS Controller because you do not have to replace the authoritative 
DNS server, and you can perform out-of-band testing before you deploy 
3-DNS software upgrades.

Router mode

In 

router mode

, the 3-DNS Controller acts as a router by forwarding 

packets between two different IP subnets. You can put the 3-DNS 
Controller anywhere in the network topology so that packets destined for 
the authoritative DNS server have to pass through it. Router mode 
requires at least two IP addresses and two VLANs. Router mode is 
probably most useful for Internet service providers (ISPs) that want to 
redirect traffic to local content servers. For example, by using the 3-DNS 
Controller in router mode, an ISP can redirect requests for 

ads.siterequest.net

 to a local ad server. 

Configuring user authentication

When you run the Setup utility, you can configure authentication for 3-DNS 
user accounts either through an external LDAP or RADIUS server, or 
locally on the 3-DNS Controller. The following sections describe these two 
authentication options.

Note

The 

root

 and 

admin

 accounts are always authenticated locally.

Summary of Contents for 3-DNS

Page 1: ...3 DNS Administrator Guide version 4 5 MAN 0046 02 ...

Page 2: ......

Page 3: ...T EDGE FX FireGuard Internet Control Architecture and IP Application Switch are registered trademarks or trademarks of F5 Networks Inc in the U S and certain other countries All other product and company names are registered trademarks or trademarks of their respective holders F5 trademarks may not be used in connection with any product or service except as permitted in writing by F5 Export Regula...

Page 4: ...ware developed for the NetBSD Project by John M Vinopal This product includes software developed by Christos Zoulas This product includes software developed by Charles Hannum This product includes software developed by Charles Hannum by the University of Vermont and Stage Agricultural College and Garrett A Wollman by William F Jolitz and by the University of California Berkeley Lawrence Berkeley L...

Page 5: ...includes open SSH software developed by Niels Provos 1999 This product includes SSH software developed by Mindbright Technology AB Stockholm Sweden www mindbright se info mindbright se 1998 1999 This product includes free SSL software developed by Object Oriented Concepts Inc St John s NF Canada 2000 This product includes software developed by Object Oriented Concepts Inc Billerica MA USA 2000 Thi...

Page 6: ...iv ...

Page 7: ...Table of Contents ...

Page 8: ......

Page 9: ... a basic 3 DNS configuration 2 1 Synchronizing configurations and broadcasting performance metrics 2 2 Using a 3 DNS Controller as a standard DNS server 2 3 Load balancing connections across the network 2 4 Working with 3 DNS Controllers and other products 2 4 Planning issues for the network setup 2 6 Configuring the base network 2 6 Defining data centers and servers 2 7 Planning a sync group 2 7 ...

Page 10: ...or interfaces 4 2 Setting the media type 4 3 Setting the duplex mode 4 3 Working with VLANs 4 4 Default VLAN configuration 4 4 Creating renaming and deleting VLANs 4 5 Configuring packet access to VLANs 4 7 Setting up security for VLANs 4 9 Setting fail safe timeouts for VLANs 4 10 Setting the MAC masquerade address 4 11 Configuring a self IP address 4 12 5 Essential Configuration Tasks Reviewing ...

Page 11: ...ler in a CDN 7 1 Reviewing a sample CDN configuration 7 2 Deciding to use a CDN provider 7 4 Setting up a CDN provider configuration 7 5 Adding data centers 7 5 Adding 3 DNS Controllers 7 5 Adding load balancing servers 7 6 Adding wide IPs and pools 7 6 Adding a topology statement 7 8 Ensuring resource availability 7 9 Monitoring the configuration 7 10 8 Working with Quality of Service Overview of...

Page 12: ...Table of Contents x Running the 3dns_add script 10 4 Verifying the configuration 10 4 Glossary Index ...

Page 13: ...1 Introduction IMPORTANT HARDWARE INFORMATION Getting started Using the Administrator Kit What is the 3 DNS Controller What s new in version 4 5 Finding help and technical support resources ...

Page 14: ......

Page 15: ...ains the following chapters Planning the 3 DNS Configuration This chapter describes the network and configuration planning you need to do before you install the 3 DNS Controller in your network Working with the Setup Utility This chapter describes the Setup utility and its functions The Setup utility runs automatically the first time you turn on the 3 DNS Controller Post Setup Tasks This chapter d...

Page 16: ... for DNS zone file management Configuration utility The Configuration utility is a web based application that you use to configure and monitor the 3 DNS Controller Using the Configuration utility you can define the load balancing configuration along with the network setup including data centers sync groups and servers used for load balancing and path probing In addition you can configure advanced ...

Page 17: ...it The 3 DNS Administrator Kit provides simple steps for quick basic configuration and also provides detailed information about more advanced features and tools such as the 3dnsmaint command line utility The following printed documentation is included with the 3 DNS unit Configuration Worksheet This worksheet provides you with a place to plan the basic configuration for the 3 DNS Controller The fo...

Page 18: ...vers that host the domain s content Identifying references to products We refer to all products in the BIG IP product family as the BIG IP system We refer to the 3 DNS Controller and the 3 DNS module as the 3 DNS Controller If specific configuration information relates to a specific platform we note the platform Identifying references to objects names and commands We apply bold text to a variety o...

Page 19: ... configurable and its web based and command line configuration utilities allow for easy system setup and monitoring The 3 DNS Controller provides a variety of features that meet special needs For example with this product you can Configure a content delivery network with a CDN provider Guarantee multiple port availability for e commerce sites Ensure wide area persistence by maintaining a mapping b...

Page 20: ...provides detailed data such as current connections being handled by each virtual server Security features The 3 DNS Controller offers a variety of security features that can help prevent hostile attacks on your site or equipment Secure administrative connections The 3 DNS Controller supports Secure Shell SSH administrative connections using the Mindterm SSH Client for browser based remote administ...

Page 21: ...at the 3 DNS Controller load balances It also monitors the integrity of the network paths between the servers that host the domain and the various local DNS servers that attempt to connect to the domain The big3d agent runs on any of the following platforms 3 DNS Controller BIG IP systems EDGE FX Cache and GLOBAL SITE Controller Each big3d agent broadcasts its collected data to all of the 3 DNS Co...

Page 22: ...unit fails If a client has queried the failed 3 DNS unit and not received an answer it automatically re issues the request after 5 seconds and the standby unit functioning as the active unit responds Monitoring the 3 DNS Controller and the network The 3 DNS Controller includes sophisticated monitoring tools to help you monitor the 3 DNS Controller the traffic it manages and the Internet The follow...

Page 23: ... configuration on page 5 16 Easy system account and password creation With this release the 3 DNS Controller now offers one screen in the web based Setup utility where you can set the passwords for the three system accounts root admin and support On this screen you can also specify whether to allow command line access web access or both for the support account You can view the User Access screen b...

Page 24: ... more self IP addresses and translations for the controller itself as well as for any BIG IP systems host servers or routers that are configured as part or the controller s network For information on working with the self IP addresses and network address translations refer to the online help for the Self IP List which is available from the toolbar for each server type Security enhancements You can...

Page 25: ...tility has online help for each screen Click the Help button on the toolbar Individual commands have online help including command syntax and examples in standard UNIX man page format Type the command followed by h or help and the 3 DNS Controller displays the syntax and usage associated with the command You can also type man command to display the man page for the command Third party documentatio...

Page 26: ...Chapter 1 1 12 ...

Page 27: ...he 3 DNS Configuration Managing traffic on a global network Planning issues for the network setup Choosing the 3 DNS mode Planning issues for the load balancing configuration Using advanced traffic control features ...

Page 28: ......

Page 29: ...n with the BIG IP systems EDGE FX systems and host servers that also sit in your network data centers All 3 DNS Controllers in the network can receive and respond to DNS resolution requests from the LDNS servers that clients use to connect to the domain Figure 2 1 illustrates the layout of the 3 DNS Controller BIG IP system and host servers in the three data centers The Los Angeles data center hou...

Page 30: ...es load balancing configuration settings In a sync group any system that has new configuration changes can broadcast the changes to any other system in the sync group allowing for easy administrative maintenance To distribute metrics data among the systems in a sync group the principal 3 DNS Controller sends requests to the big3d agents in the network asking them to collect specific performance an...

Page 31: ...ain name an LDNS sends the request to one of the 3 DNS Controllers that is authoritative for the zone The 3 DNS Controller first chooses the best available virtual server out of a pool to respond to the request and then returns a DNS resource record to the requesting local DNS server The LDNS server uses the answer for the period of time defined within the resource record Once the answer expires h...

Page 32: ...of virtual servers When a client requests a DNS resolution the 3 DNS Controller uses the specified load balancing mode to choose a virtual server from a pool of virtual servers The resulting answer to this resolution request is returned as a standard A record Although some load balancing configurations can get complex most load balancing configurations are relatively simple whether you use a stati...

Page 33: ...ent intervals Generic host A host virtual server can be an IP address or an IP alias that hosts the content Other load balancing hosts Other load balancing hosts map virtual servers to a series of content hosts Figure 2 3 illustrates the hierarchy of how the 3 DNS Controller manages virtual servers Figure 2 3 Load balancing management on a 3 DNS Controller ...

Page 34: ... the base network installs the 3 DNS Controller in your physical network Data centers Data centers are the physical locations that house the equipment you use for load balancing Data center servers The data center servers that you define in the network setup include the 3 DNS Controller BIG IP systems EDGE FX systems and host systems that you use for load balancing and probing Sync group A sync gr...

Page 35: ... the server runs You do this by choosing a data center from the list of data centers you have already defined To define a data center you need only specify the data center name To define a server however you need to specify the following items Server type 3 DNS Controller BIG IP system EDGE FX system router or host Server IP address or shared IP alias for redundant systems Name of the data center ...

Page 36: ...n 3 DNS Controllers the 3 DNS Controller with the latest file broadcasts the file to all of the other 3 DNS Controllers in the group Understanding how the time tolerance variable affects a sync group The time tolerance variable is a global variable that defines the number of seconds that the time setting on one 3 DNS Controller can be ahead or behind the time setting on another 3 DNS Controller If...

Page 37: ...tools set up by the Setup utility are all you need If your network is a mixed environment that is composed of both crypto and non crypto systems you need to enable the rsh and rcp utilities on the crypto systems Though the rsh and rcp utilities come pre installed on the crypto systems you must explicitly enable these utilities You can enable the utilities using the Setup utility Table 2 1 shows th...

Page 38: ...place your DNS servers with 3 DNS Controllers you can use the extensive wide area traffic management capabilities of the 3 DNS Controller in conjunction with the standard DNS protocol When the 3 DNS Controller receives a request that matches a wide IP it routes that request to the best virtual server in your network When a 3 DNS Controller receives a non matching request that request is handled by...

Page 39: ...format your BIND files in the NameSurfer format For more information refer to the NameSurfer documentation available from the home screen in the Configuration utility Running a 3 DNS Controller in bridge mode or router mode Running the 3 DNS Controller in bridge mode or router mode offers the following benefits You gain the wide area traffic management capabilities of the 3 DNS Controller without ...

Page 40: ...s such as topology load balancing and production rules We have included two popular 3 DNS configurations in this Administrator Guide in Chapter 6 Configuring a Globally Distributed Network and in Chapter 7 Configuring a Content Delivery Network Using advanced traffic control features The 3 DNS Controller offers two advanced features that you can configure to further control the distribution and fl...

Page 41: ...ng the initial software configuration with the Setup utility Connecting to the 3 DNS Controller for the first time Using the Setup utility for the first time Running the Setup utility after creating the initial software configuration ...

Page 42: ......

Page 43: ... DNS Controller Note that the screens you see are tailored to the specific hardware and software configuration that you have For example if you have a stand alone system the Setup utility skips the redundant system screens Once you have configured the base network elements with the Setup utility you might want to further enhance the configuration of these elements For additional information about ...

Page 44: ...e or serial terminal by typing the command setup Running the Setup utility remotely You can run the Setup utility remotely only from a workstation that is on the same LAN as the unit To allow remote connections for the Setup utility the 3 DNS software comes with two pre defined IP addresses and a pre defined root password The default root password is default and the preferred default IP address is...

Page 45: ...you configure an IP alias on the administrative workstation in the same IP network as the 3 DNS Controller and you turn the system on the 3 DNS software sends ARPs on the internal VLAN to see if the preferred 192 168 1 245 IP address is in use If the address is appropriate for your network and is currently available the 3 DNS software assigns it to the internal VLAN You can immediately use it to c...

Page 46: ...ine based Setup utility setup 3 Fill out each screen using the information from the Configuration worksheet After you complete the Setup utility the 3 DNS Controller uses the new settings you defined To start the Setup utility from the command line from a remote administrative workstation 1 Start an SSH client on a workstation connected to the same IP network as the internal VLAN of the unit See C...

Page 47: ...andard 101 key default United Kingdom Root password A root password allows you command line administrative access to the 3 DNS Controller We recommend that the password contain a minimum of 6 characters but no more than 32 characters Passwords are case sensitive and we recommend that your password contain a combination of upper and lower case characters as well as numbers and special characters fo...

Page 48: ...r redundant systems unit IDs fail over IP addresses and fail over type Unit IDs The default unit ID number is 1 If this is the first unit in the redundant system use the default When you configure the second unit in the system type 2 These unit IDs are used for active active redundant configuration Choosing a fail over IP address A fail over IP address is the IP address of the unit that takes over...

Page 49: ...tch or hub documentation for this information The Setup utility lists only the network interface devices that it detects during system boot If the utility lists fewer interface devices than you expected a network adapter may have come loose during shipping Check the LED indicators on the network adapters to ensure that they are working and are connected Configuring VLANs and IP addresses You can c...

Page 50: ...me Configuring a default gateway pool If a 3 DNS Controller does not have a predefined route for network traffic the unit automatically sends traffic to the pool that you define as the default gateway pool You can think of the default gateway pool as a pool of default routes Typically a default gateway pool is set to two or more gateway IP addresses If you type more than one default gateway IP add...

Page 51: ...ses from which web interface connections are allowed After you type the IP addresses that are allowed to access the unit with the admin account the certification screen prompts you for country state city company and division If you ever change the IP addresses or host names on the 3 DNS interfaces you must reconfigure the 3 DNS web server and the portal to reflect your new settings You should add ...

Page 52: ...ould like to activate a support access account to allow your vendor access to the 3 DNS unit type a password for the support account Next select the access type you want for the support account Setting the time zone Next you need to specify your time zone This ensures that the clock for the 3 DNS Controller is set correctly and that dates and times recorded in log files correspond to the time zone...

Page 53: ...s and forwards the remaining packets to the authoritative DNS server for resolution Note that this may be the preferred method of using the 3 DNS Controller because you do not have to replace the authoritative DNS server and you can perform out of band testing before you deploy 3 DNS software upgrades Router mode In router mode the 3 DNS Controller acts as a router by forwarding packets between tw...

Page 54: ... the event that authentication fails with an external LDAP or RADIUS server you can log in with accounts locally such as the root and admin accounts Configuring external LDAP authentication When you configure the unit to use an external LDAP server for user authentication you need the following information The IP address of the LDAP server or the IP address of the primary server if you have more t...

Page 55: ...er a password for these users For detailed instructions on setting roles for users see Managing user accounts in Chapter 6 Administration and Monitoring in the 3 DNS Reference Guide Configuring NameSurfer for zone file management You can configure NameSurfer to handle DNS zone file management We strongly recommend that you configure NameSurfer to handle zone file management by selecting NameSurfer...

Page 56: ...existing settings at any time This section describes running the Setup utility to change settings after you run it initially To run the Setup utility from the command line type in the following command setup After you complete the initial configuration the Setup utility presents a menu of individual configuration options The Setup utility menu is divided into two different sections Required and Op...

Page 57: ...you for a list of IP addresses or host names you lqq I N I T I A L S E T U P M E N U qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x Choose the desired configuration function from the list below x x x x A Configure all services R Steps for redundant systems x x x x REQUIRED x x E Set default gateways V Configure VLANs networking x x H Set host name W Configure web servers x x P Set root password x x ...

Page 58: ...urrently configured this utility configures inetd for the remote shell server rshd If the service port for rsh is closed this utility opens the service port to permit rsh connections to the system Configuring Telnet Use this option to configure the Telnet server only on a 3 DNS Controller The Setup utility prompts you to configure each service independently This allows you to enable Telnet The uti...

Page 59: ... the service port for FTP is closed this utility opens the service port to permit FTP connections to the 3 DNS Controller Although you can configure FTP and Telnet on a 3 DNS Controller we recommend that you leave these services disabled for security reasons ...

Page 60: ...Chapter 3 3 18 ...

Page 61: ...4 Post Setup Tasks Introduction Configuring the interfaces Working with VLANs Configuring a self IP address ...

Page 62: ......

Page 63: ...p are Interfaces You can set the media type and the duplex mode for an interface as well as display interface status VLANs VLAN options include tagging and assigning interfaces to VLANs In addition you can group separate VLANs together for the purpose of bridging packets between them Self IP addresses You can change self IP addresses or create any number of additional self IP addresses for a VLAN ...

Page 64: ...right as shown in Figure 4 1 Figure 4 1 Rear view of a 3 DNS Controller with two interface ports Displaying status for interfaces Use the following syntax to display the current status and the settings for the installed interface cards b interface show Figure 4 2 is an example of the output you see when you issue this command Use the following syntax to display the current status and the setting f...

Page 65: ...itch To accomplish this it is best to specify the setting explicitly and not rely on automatic detection using auto Setting the duplex mode You can set duplex mode to full or half duplex If the media type does not allow duplex mode to be set this is indicated by an onscreen message If media type is set to auto or if setting duplex mode is not supported for the interface the duplex setting is not s...

Page 66: ...LANs You can create rename or delete a VLAN Configure packet access to VLANs Through an option called tagging you can direct packets from multiple VLANs to a specific 3 DNS interface or direct traffic from a single VLAN to multiple interfaces Manage the L2 forwarding table You can edit the L2 forwarding table to enter static MAC address assignments Create VLAN groups You can create a VLAN group to...

Page 67: ...ut have been made to behave like a single network This is accomplished using a feature called VLAN bridging Your default VLAN configuration is created using the Setup utility On a typical unit with two interfaces you create an internal and external VLAN Creating renaming and deleting VLANs Typically if you use the default configuration one VLAN is assigned to each interface However if you need to ...

Page 68: ...mand line To create a VLAN from the command line use the following syntax b vlan vlan name interfaces add if name if name For example if you want to create a VLAN named myvlan that contains the interfaces 1 1 and 1 2 type the following command b vlan myvlan interfaces add 1 1 1 2 To rename an existing VLAN use the following syntax b vlan vlan name rename new vlan name For example if you want to re...

Page 69: ...pe command you can add an interface to that VLAN as either an untagged or a tagged interface The following two sections describe these two methods of providing packet access to a VLAN Port based access to VLANs Port based access to VLANs occurs when an interface is added to a VLAN as an untagged interface In this case the interface can be added only to that VLAN and to no others This limits the in...

Page 70: ...iguration utility or the bigpipe vlan command You can configure tag based access either when you create a VLAN and add member interfaces to it or by modifying the properties of an existing VLAN In the latter case you simply change the status of one or more member interfaces from untagged to tagged To create a VLAN that supports tag based access using the Configuration utility Creating a VLAN that ...

Page 71: ...ID of 1209 b vlan external tag 1209 2 Add the interfaces to the VLAN external as tagged interfaces This is done by specifying the VLAN name the tagged keyword and the interfaces to be tagged For example b vlan external interfaces add tagged 4 1 5 1 5 2 The effect of this command is to associate a tag with interfaces 4 1 and 5 1 which in turn allows packets with that tag access to the external VLAN...

Page 72: ...ame port_lockdown disable Setting fail safe timeouts for VLANs For redundant 3 DNS units you can enable a failsafe mechanism that will fail over when loss of traffic is detected on a VLAN and traffic is not restored during the fail over timeout period for that VLAN You can enable a fail safe mechanism to attempt to generate traffic when half the timeout has elapsed If the attempt is successful the...

Page 73: ...e slow to respond to the network changes Interoperability with switches that are configured to ignore network changes Note For sensible operation you must set the MAC masquerade address to be the same on both the active and standby units To do this configure the shared MAC address manually by editing the bigip_base conf file on both units Do not use the bigpipe config sync command The MAC address ...

Page 74: ...ou do not configure mac_masq on startup or when transitioning from standby mode to active mode the 3 DNS Controller sends gratuitous ARP requests to notify the default router and other machines on the local Ethernet segment that its MAC address has changed See RFC 826 for more details on ARP Note The MAC masquerade information is stored in the bigip_base conf file Configuring a self IP address A s...

Page 75: ... IP address to a VLAN from the command line Use the following syntax b self addr vlan vlan_name netmask ip_mask broadcast broadcast_addr unit id You can add any number of additional self IP addresses to a VLAN to create aliases For example b self 11 11 11 4 vlan external b self 11 11 11 5 vlan external b self 11 11 11 6 vlan external b self 11 11 11 7 vlan external Also any one self IP address may...

Page 76: ...Chapter 4 4 14 ...

Page 77: ...onfiguration Tasks Reviewing the configuration tasks Setting up a basic configuration Setting up a data center Setting up servers Working with sync groups Overview of auto configuration Configuring global variables ...

Page 78: ......

Page 79: ...ete regardless of the chosen load balancing solution Configure the physical aspects of your load balancing network which includes the following Data centers Data center servers and their virtual servers Communications between the 3 DNS Controller and other servers 3 DNS synchronization if you have more than one 3 DNS Controller in your network Configure the logical aspects of your load balancing n...

Page 80: ...le in Figure 5 1 on page 5 4 the Tokyo data center contains a 3 DNS Controller and a host while the New York and Los Angeles data centers contain 3 DNS Controllers and BIG IP systems For information about configuring data centers see Setting up a data center on page 5 3 Servers The data center servers that you define in the network setup include 3 DNS Controllers BIG IP systems EDGE FX systems hos...

Page 81: ...ng global variables see Configuring global variables on page 5 17 Setting up a data center The first step in configuring your 3 DNS network is to create data centers A data center defines the group of 3 DNS Controllers BIG IP systems EDGE FX systems and host systems that reside in a single physical location For each data center that contains a 3 DNS Controller or a BIG IP system you can also defin...

Page 82: ...gation pane click Data Centers 2 On the toolbar click Add Data Center The Add New Data Center screen opens 3 Add the new data center settings For help on defining data centers click Help on the toolbar The data center is added to your configuration 4 Repeat this process for each data center in your network Note To configure a data center from the command line refer to Appendix A 3 DNS Configuratio...

Page 83: ...add the Link Controller as a BIG IP system If you want the 3 DNS Controller to be aware of and manage the links on the Link Controller then you add the Link Controller as a 3 DNS system also Defining 3 DNS Controllers The purpose of defining a 3 DNS Controller in the configuration is to establish in which data center the 3 DNS Controller resides and if necessary to change big3d agent settings Befo...

Page 84: ...l servers To define a BIG IP system using the Configuration utility 1 In the navigation pane expand the Servers item and then click BIG IP 2 On the toolbar click Add BIG IP The Add New BIG IP screen opens 3 Add the new BIG IP system settings Note that if you want the 3 DNS Controller to discover the BIG IP system s virtual servers select ON for the Discovery setting For help on defining BIG IP sys...

Page 85: ...iguration you treat the BIG IP system and the 3 DNS Controller module as if they were separate devices You can add the two server types either by using the Configuration utility or by editing the wideip conf file The following instructions describe how to add a BIG IP system with the 3 DNS Controller module with the name combo siterequest net and the IP address 192 168 100 100 to the configuration...

Page 86: ...ide Defining a router Routers do not manage virtual servers rather they manage the links to the Internet for your network Before you define a router in the 3 DNS configuration you should have the following information The name of the router The IP address of the router this is the gateway IP address The IP addresses of the links that the router manages Note If you have a Link Controller or BIG IP ...

Page 87: ... information about auto configuration see Overview of auto configuration on page 5 15 To define an EDGE FX system using the Configuration utility 1 In the navigation pane expand the Servers item then click EDGE FX 2 On the toolbar click Add EDGE FX The Add New EDGE FX screen opens 3 Add the new EDGE FX system settings Note that if you want the 3 DNS Controller to discover the EDGE FX system s virt...

Page 88: ...n individual network server or server array controller other than a 3 DNS Controller BIG IP system EDGE FX Cache GLOBAL SITE Controller or router Before configuring a host you should have the following information Address information The IP address and service name or port number of each virtual server to be managed by the host SNMP information for host probing To implement host probing and to col...

Page 89: ...ration Important Auto configuration collects the virtual server information for any host systems you have in your network if you turn on Discovery when you add the host to the configuration For more information about auto configuration see Overview of auto configuration on page 5 15 If you do not turn on Discovery step 3 in previous procedure when you add the host to the configuration then use the...

Page 90: ...MP Agent Description Generic A generic SNMP agent is an SNMP agent that collects metrics provided by object identifiers OIDs as specified in the RFC 1213 document UCD This free SNMP agent is provided by the University of California at Davis It is available on the web at http net snmp sourceforge net Solstice This SNMP agent is a product of Sun Microsystems NTServ This SNMP matrix agent is distribu...

Page 91: ...ond when you define the host servers you configure specific SNMP agent settings for each host For example you need to specify the type of agent running on the host as well as the community string that allows access to the SNMP agent Last you configure the SNMP agent on the host itself We recommend that you use the documentation originally provided with host to configure the SNMP agent Note For mor...

Page 92: ...ler s time setting is allowed to be out of sync with another 3 DNS Controller s time setting We recommend that you leave the time tolerance variable at the default setting of 10 To check the value for the time tolerance setting using the Configuration utility 1 In the navigation pane click System The System General screen opens 2 On the toolbar click Timers and Task Intervals 3 Note the value in t...

Page 93: ... almost immediately in the 3 DNS configuration The 3 DNS Controller also synchronizes the changes among the sync group members Once the 3 DNS Controller has retrieved the initial configuration you modify the auto configuration settings for each server type using the Configuration utility Auto configuration has three settings ON When the Discovery setting is set to ON the 3 DNS Controller polls the...

Page 94: ...owing settings ON ON NO DELETE or OFF 4 Click Update The configuration updates with the new setting To modify the auto configuration setting for a host using the Configuration utility 1 In the navigation pane expand the Servers item and then click Host The Host List screen opens 2 Click the name of the host for which you want to modify the auto configuration setting The Modify Host screen opens 3 ...

Page 95: ...st load balancing situations To configure global parameters using the Configuration utility 1 In the navigation pane click System The System General screen opens Note that global parameters are grouped into several categories on this screen Each category has its own toolbar item and online help is available for each parameter 2 Make general global changes at the System General screen or to make ch...

Page 96: ...Chapter 5 5 18 ...

Page 97: ...ring a Globally Distributed Network Understanding a globally distributed network Using Topology load balancing Setting up a globally distributed network configuration Additional configuration settings and tools ...

Page 98: ......

Page 99: ... distribute requests in an efficient and seamless manner using Topology load balancing When you use Topology load balancing the 3 DNS Controller compares the location information derived from the DNS query message to the topology records in the topology statement The system then distributes the request according to the topology record that best matches the location information Figure 6 1 Topology ...

Page 100: ...ers in IP subnets wide IP pools or data centers You can set up Topology load balancing either between wide IP pools or within a wide IP pool For the example in Figure 6 1 we configure Topology load balancing between wide IP pools Setting up a globally distributed network configuration By going through the following setup tasks you can configure the 3 DNS Controller to process requests using Topolo...

Page 101: ... DC and Europe DC Adding 3 DNS Controllers to the globally distributed network configuration Once you have added all of your data centers to the 3 DNS configuration you are ready to notify the 3 DNS Controller that you are configuring about the 3 DNS Controllers in your network including the 3 DNS Controller you are configuring Note Please note that when you are working with more than one 3 DNS Co...

Page 102: ...t you have in your network Remember that the 3 DNS Controller load balances requests to the virtual servers managed by the BIG IP systems EDGE FX systems or host servers in your network In this example configuration we set up BIG IP systems For information on adding EDGE FX systems or host servers to your network please refer to Setting up servers on page 5 6 The following steps outline how to add...

Page 103: ...n utility 1 In the navigation pane click Wide IPs The Wide IP List screen opens 2 Click Add Wide IP on the toolbar The Add a New Wide IP screen opens 3 Specify the wide IP address name and port information 4 For the Pool LB Mode select Topology and click Next The Configure Load Balancing for New Pool screen opens 5 Specify the pool name and click Next The Select Virtual Servers screen opens 6 In t...

Page 104: ...nt or if the scores returned for two or more records are equal the 3 DNS Controller load balances the virtual servers using the Random load balancing mode The following procedure explains how to configure topology records in the Configuration utility For more information on how the 3 DNS Controller uses the topology records and how to configure topology in the wideip conf file please review Chapte...

Page 105: ... tasks that may be time critical require high bandwidth or put high demand on system resources The system resources for which you can set limits are CPU Disk Memory Packet rate Kilobytes per second throughput rate Current connections To set limits thresholds for BIG IP systems 1 In the navigation pane expand the Servers item and click BIG IP 2 In the Limits Settings column of the BIG IP system for...

Page 106: ... Chapter 6 Administration and Monitoring Viewing your configuration The Network Map provides an interactive map of your configuration You can see how the data centers servers and virtual servers you configured are related to the wide IPs and pools you created for load balancing You can also make real time changes to your configuration from the Network Map For more information see the 3 DNS Referen...

Page 107: ...figuring a Content Delivery Network Introducing the content delivery network Deciding to use a CDN provider Setting up a CDN provider configuration Ensuring resource availability Monitoring the configuration ...

Page 108: ......

Page 109: ...work The two features of the 3 DNS Controller that make CDN switching possible are Geographic redirection The 3 DNS Controller uses the Topology load balancing mode to redirect DNS requests based on location information derived from the DNS query message You can set up wide IPs so that the 3 DNS Controller delegates DNS queries either to a data center by responding with A records or to a CDN provi...

Page 110: ... siterequest com 1A Based on the location information in the query packet header the 3 DNS Controller in the content provider s North American data center resolves the query to the best virtual server in that data center and sends an A record response to the Seattle LDNS 1B Figure 7 1 DNS query resolution based on Topology load balancing mode In Figure 7 2 a local DNS server in London sends a quer...

Page 111: ...ponds with the IP address of the best virtual server for resolution among those in the CDN 2D The CDN provider s cache servers resolve to the origin site virtual servers for cache refreshes using a different domain name origin download siterequest com Figure 7 2 DNS query resolution to content delivery network provider ...

Page 112: ...oritative for the content provider s domain Content providers manage this by creating logical groupings of their content under different domains For example an investment firm might have a CDN host their news content at news domain cdn net while they serve their stock quotes content with quote siterequest com from their corporate data center The CDN provider sets its billing rates based on megabit...

Page 113: ...enters screen opens 2 Click Add Data Center on the toolbar The Add Data Centers screen opens 3 Add the data center information For our example we add the two data centers labeled Data Center 1 and Data Center 2 4 Repeat the previous steps to add all of your data centers to the configuration Adding 3 DNS Controllers Once you have added all of your data centers to the 3 DNS configuration you are rea...

Page 114: ...ding wide IPs and pools Once you have added all the physical elements to the 3 DNS configuration you can begin configuring wide IPs and pools for the CDN configuration In addition to setting up the wide IPs and pools for your origin site you also set up a pool for the CDN provider Before you start adding wide IPs verify that you have configured all the virtual servers you need for load balancing f...

Page 115: ...the navigation pane click Wide IPs The Wide IP List screen opens 2 In the Wide IP List screen click 1 Pools in the Pools column for the wide IP www download siterequest com The Modify Wide IP Pools screen opens 3 On the toolbar click Add Pool The Configure Load Balancing for New Pool opens 4 Update these settings a Add the pool name For our example the CDN provider pool name is cdn_pool b In the P...

Page 116: ... Configuring a Globally Distributed Network in this guide To set up topology records using the Configuration utility 1 In the navigation pane click Topology The Manage Topology Records screen opens 2 For the first topology record select Continent in the upper LDNS box 3 In the lower LDNS box select North America 4 In the upper Server box select Wide IP Pool 5 In the lower Server box select origin ...

Page 117: ...ity settings you may want to use with your CDN configuration are Last resort pool You can designate a pool as the last resort pool so in the event that all other pools become unavailable for load balancing the 3 DNS Controller can direct DNS queries to the virtual servers in this pool For information on configuring a last resort pool see Using the last resort pool designation in Chapter 2 Load Bal...

Page 118: ... Statistics screens in the Configuration utility For more information on specific Statistics screens click Help on the toolbar You can view your configuration using the Network Map in the Configuration utility You can also make modifications to the configuration from the Network Map Click Help on the toolbar if you have questions on how to use the Network Map You can review detailed information on...

Page 119: ...8 Working with Quality of Service Overview of Quality of Service Understanding QOS coefficients Customizing the QOS equation Using the Dynamic Ratio option ...

Page 120: ......

Page 121: ...n an equation that takes each of these performance factors into account When the 3 DNS Controller selects a virtual server it chooses the server with the best overall score The Quality of Service mode has default settings that make it easy to use simply specify Quality of Service as your preferred load balancing mode There is no need to configure Quality of Service but if you want to change the se...

Page 122: ...ntage of completed connections are being made but a high value for packet rate is not desirable because the packet rate load balancing mode attempts to find a virtual server that is not overly taxed at the moment Coefficient How measured Default value Example upper limit Higher or lower Packet rate Packets per second 1 700 Lower Round trip time Microseconds 50 2 000 000 Lower Completion rate Perce...

Page 123: ...izing the QOS equation You can customize the QOS equation globally meaning that the equation applies to all wide IPs that use the Quality of Service mode You can also customize individual wide IPs in which case the global QOS equation settings are overwritten To modify global QOS coefficients using the Configuration utility 1 In the navigation pane click System The System General screen opens 2 On...

Page 124: ...OS coefficients from the command line 1 Type the following command to ensure that the configuration files contain the same information as the memory cache 3ndc dumpdb 2 Open the wideip conf file in a text editor either vi or pico 3 Locate or add the globals statement The globals statement should be at the top of the file 4 Refer to the example syntax shown in Figure 8 2 to define a global QOS equa...

Page 125: ... wide IP definition that overrides the global QOS equation settings shown in Figure 8 2 5 Save and close the file 6 Commit the changes to the configuration by typing 3ndc reload wideip address 192 168 101 50 service http name www wip siterequest com ttl 60 increase the domain default ttl qos_coeff rtt 21 hops 0 completion_rate 7 packet_rate 5 topology 1 vs_capacity 0 kbps 0 pool name Pool_1 ratio ...

Page 126: ... the navigation pane click Wide IPs 2 In the Wide IP column click a wide IP name The Modify Wide IP screen opens 3 On the toolbar click Modify Pool The Modify Wide IP Pools screen opens 4 In the Pool Name column click the name of a pool The Modify Load Balancing screen opens 5 Check Use Dynamic Ratio 6 Click Update To turn on the Dynamic Ratio option from the command line 1 To ensure that the conf...

Page 127: ..._rate ga hops kbps leastconn packet_rate qos random ratio return_to_dns rr rtt static_persist topology vs_capacity null alternate ga kbps null random ratio return_to_dns rr static_persist topology vs_capacity fallback completion_rate ga hops kbps leastconn packet_rate qos random ratio return_to_dns rr rtt static_persist topology vs_capacity null address vs_addr port ratio weight Figure 8 4 Enablin...

Page 128: ...Chapter 8 8 8 ...

Page 129: ...9 Working with Global Availability Load Balancing Overview of the Global Availability load balancing mode Configuring the Global Availability mode ...

Page 130: ......

Page 131: ...in the wide IP When the first pool is available again the 3 DNS Controller stops sending requests to the second pool and starts sending them to the first pool again If you have an origin site and an overflow network such as a CDN you can use Global Availability to load balance between the two networks When you use the Global Availability mode to load balance virtual servers within a pool the load ...

Page 132: ...Chapter 9 9 2 Figure 9 1 shows the 3 DNS Controller using the Global Availability load balancing mode Figure 9 1 Global Availability mode ...

Page 133: ...s screen opens 6 In the Order column specify the order in which you want to list the pools for Global Availability 7 Click Update To configure the Global Availability load balancing mode among pools from the command line 1 To ensure that the configuration files contain the same information as the memory cache type the following command 3ndc dumpdb 2 Open the wideip conf file in a text editor eithe...

Page 134: ...al servers for Global Availability 9 Click Update To configure the Global Availability load balancing mode within a pool from the command line 1 To ensure that the configuration files contain the same information as the memory cache type the following command 3ndc dumpdb 2 Open the wideip conf file in a text editor either vi or pico 3 Locate the wideip statement you want to edit 4 Define Global Av...

Page 135: ...obal Availability is the preferred load balancing mode within a pool The first listed virtual server 192 168 101 60 in this example receives all resolution requests unless it becomes unavailable If the first listed virtual server does become unavailable then the 3 DNS Controller sends resolution requests to the second listed virtual server until the first listed virtual server becomes available ag...

Page 136: ...Chapter 9 9 6 ...

Page 137: ... Adding a 3 DNS Controller to an Existing Network Working with multiple 3 DNS Controllers Preparing to add a second 3 DNS Controller to your network Running the 3dns_add script Verifying the configuration ...

Page 138: ......

Page 139: ...l of the settings between the systems For more information about sync groups see Working with sync groups on page 5 14 The following sections of this chapter describe the procedures you follow to add a 3 DNS Controller into a network that already has at least one 3 DNS Controller configured and working properly If you are adding the first 3 DNS Controller to your network refer to Chapter 5 Essenti...

Page 140: ... the new 3 DNS Controller to the sync group of the existing 3 DNS Controller Completing these tasks ensures that when you run the 3dns_add script the second 3 DNS Controller successfully copies the configuration information from the first 3 DNS Controller If you are using a sync group we strongly recommend that you run the 3dns_add script to add additional 3 DNS Controllers to your network If you ...

Page 141: ... center where you installed the new system and click Update 2 Add the second 3 DNS Controller to the configuration a In the navigation pane expand the Servers item and click 3 DNS The 3 DNS List screen opens b Click Add 3 DNS on the toolbar The Add New 3 DNS screen opens c Add the information for the new system and click Update 3 Add the new controller to the existing controller s sync group a In ...

Page 142: ... controller and the big3d agents are secure Gives you the option of synchronizing the named conf file and any existing zone files Verifying the configuration Once the script finishes we recommend that you verify the following aspects of your configuration Verify that each 3 DNS Controller has the necessary agents and daemons running Verify that any servers you configured are up and available to re...

Page 143: ...unknown or unavailable wait a few minutes and click Refresh If status of the servers remains down unknown or unavailable contact Technical Support for assistance To verify that the virtual servers you configured are up 1 In the navigation pane expand the Statistics item and click Virtual Servers The Virtual Servers Statistics screen opens 2 In the OK column make sure that the status of each virtua...

Page 144: ...gured your 3 DNS Controllers Note that you can repeat the previous procedure for each wide IP you configured and each controller in the sync group Note This is the only verification task that you perform from the command line The dig utility is part of DNS distributions For more information on the dig utility type man dig at the command line to view the man page ...

Page 145: ...Glossary ...

Page 146: ......

Page 147: ...ame access control list ACL An access control list is a list of local DNS server IP addresses that are excluded from path probing or hops queries active unit In a redundant system an active unit is a 3 DNS Controller that currently load balances name resolution requests If the active unit in the redundant system fails the standby unit assumes control and begins to load balance requests alternate m...

Page 148: ...ncing mode that distributes connections based on which network path drops the fewest packets or allows the fewest number of packets to time out Configuration utility The Configuration utility is the browser based application that you use to configure the 3 DNS Controller content delivery network CDN A content delivery network CDN is an architecture of Web based network components that helps dramat...

Page 149: ...of a port or service such as HTTP on port 80 external interface An external interface is the network interface that can be accessed across a wide area network WAN See also internal interface fail over Fail over is the process whereby a standby unit in a redundant system takes over when a software failure or hardware failure is detected on the active unit fail over cable The fail over cable is the ...

Page 150: ...ual servers managed by 3 DNS Controllers and BIG IP systems internal interface An internal interface is a network interface that can be accessed from a local area network LAN See also external interface iQuery The iQuery protocol is used to exchange information between 3 DNS Controllers BIG IP systems EDGE FX Caches and GLOBAL SITE Controllers The iQuery protocol is officially registered with IANA...

Page 151: ...time packet rate and packet loss MindTerm SSH MindTerm SSH is the third party application on 3 DNS Controllers that uses SSH for secure remote communications SSH encrypts all network traffic including passwords to effectively eliminate eavesdropping connection hijacking and other network level attacks SSH also provides secure tunneling capabilities and a variety of authentication methods name reso...

Page 152: ...ntly processes the fewest packets per second path A path is a logical network route between a data center server and a local DNS server path probing Path probing is the collection of metrics data such as round trip time and packet rate for a given path between a requesting LDNS server and a data center server persistence On a 3 DNS Controller persistence is a series of related requests received fr...

Page 153: ... used for path probing of a given set of paths prober factory A prober factory is a utility that collects metrics data such as round trip time and packet rate for a given path between a requesting LDNS and a data center server Prober factories are managed by the big3d agent which reports the path probing metrics to the 3 DNS Controller Prober factories can run on BIG IP systems EDGE FX Caches and ...

Page 154: ... systems that are configured for fail over In a redundant system one system runs as the active unit and the other system runs as the standby unit If the active unit fails the standby unit takes over and manages resolution requests remote administrative IP address A remote administrative IP address is an IP address from which a system allows shell connections such as SSH RSH or Telnet resolver The ...

Page 155: ...ed by the big3d agent running on a data center server The 3 DNS Controller takes RTT values into account when it uses dynamic load balancing modes secondary DNS The secondary DNS is a name server that retrieves DNS data from the name server that is authoritative for the DNS zone Setup utility The Setup utility is a utility that takes you through the initial system configuration process The Setup u...

Page 156: ... with a closed brace Everything between those braces is part of the sub statement Sub statements typically define a group of related variables such as the calculation coefficients used in Quality of Service load balancing sync group A sync group is a group of 3 DNS Controllers that share system configurations and path metrics for data center servers and virtual servers Sync groups have one princip...

Page 157: ... is a status used for data center servers and virtual servers When a data center server or virtual server is unavailable the 3 DNS Controller does not use it for load balancing unknown The unknown status is used for data center servers and virtual servers When a data center server or virtual server is new to the 3 DNS Controller and does not yet have metrics information the 3 DNS Controller marks ...

Page 158: ...known services Well known services are protocols on ports 0 through 1023 that are widely used for certain types of data Some examples of some well known services and their corresponding ports are HTTP port 80 HTTPS port 443 and FTP port 20 WKS record A WKS record is a DNS resource record that describes the services usually provided by a particular protocol on a specific port zone In DNS terms a zo...

Page 159: ...Index ...

Page 160: ......

Page 161: ...bout 3 11 browsers supported versions 1 3 C CDN configuration example 7 2 configuring 7 5 delegating DNS queries 7 2 described 7 1 managing with 3 DNS 7 1 using pool type CDN 7 1 using topology load balancing 7 1 CDN configuration adding 3 DNS Controllers 7 5 adding a topology statement 7 8 adding data centers 7 5 adding pool type CDN 7 7 adding servers 7 6 adding wide IPs and pools 7 6 monitoring...

Page 162: ...oad balancing among pools 9 3 global variables configuring 5 17 enabling encryption 5 17 globally distributed network adding 3 DNS Controllers 6 3 adding BIG IP systems 6 4 adding data centers 6 3 configuring 6 2 using Topology load balancing 6 2 GLOBAL SITE Controller See EDGE FX system H hardware based fail over 1 8 help online 1 11 host names BIG IP host name 3 6 changing 3 9 primary IP address...

Page 163: ...Network Time Protocol NTP 3 10 network based fail over 1 8 node mode about 3 11 O online help 1 11 openssl conf file 3 9 P P95 Billing Estimate 1 10 packets access to VLANs 4 7 password creating for system and user accounts 1 9 passwords 3 2 default configuration 3 2 PDF versions Administrator Kit 1 11 pools 2 4 portal 3 15 principal 3 DNS about 2 2 5 13 adding a system to sync group 10 3 planning...

Page 164: ...ents and supported hosts 5 12 SNMP host probing 5 12 SNMP MIB 1 2 SNMP prober 5 12 SSH MindTerm SSH console 1 6 ssh utilities 2 9 SSL 1 6 statistics screens 1 10 stylistic conventions 1 4 sync group about 1 7 2 8 and 3dns_add script 10 1 and time tolerance variable 2 8 and zone files 2 11 broadcasting configurations 2 6 configuring 5 13 defined 2 7 planning 2 6 planning configurations 2 7 sample c...

Page 165: ...ethods 4 7 VLAN groups 4 9 VLAN IDs 4 7 vlangroup command 4 9 VLANs configuring in Setup utility 3 7 default IP address 3 3 interfaces assigning 3 8 managing 4 5 self IP address 3 7 W web server access adding user accounts 3 9 changing passwords 3 9 configuring 3 8 wide IPs and DNS zone files 2 10 and QOS coefficients 8 4 wide area traffic manager WATM 7 4 Z zone file management using NameSurfer 1...

Reviews:

No comments

Related manuals for 3-DNS

PIETRO FIORENTINI DELTAFLUX MT100 Technical Manual preview
DELTAFLUX MT100
Brand: PIETRO FIORENTINI Pages: 16
Ubisys J1 Manual preview
J1
Brand: Ubisys Pages: 2
Zolix Instruments SC300 Operation Manual preview
SC300
Brand: Zolix Instruments Pages: 22
Banner SC22-3 Quick Start Manual preview
SC22-3
Brand: Banner Pages: 15
bar PCS Series Quick Start preview
PCS Series
Brand: bar Pages: 2
Harmonic Drive LA Series Manual preview
LA Series
Brand: Harmonic Drive Pages: 25
Nelson MR Technical Application Manual preview
MR
Brand: Nelson Pages: 8
Eaton i-on Compact Quick Setup Manual preview
i-on Compact
Brand: Eaton Pages: 12
Hama Flashlight Blue Operating Instruction preview
Flashlight Blue
Brand: Hama Pages: 10
Hama Air Grip Operating Instruction preview
Air Grip
Brand: Hama Pages: 4
Hama 62863 Operating Instruction preview
62863
Brand: Hama Pages: 14
Hama 62875 Operating Instruction preview
62875
Brand: Hama Pages: 5
Newport MM4005 User Manual preview
MM4005
Brand: Newport Pages: 417
Xylem CentriPro Aquavar SOLO Instruction Manual preview
CentriPro Aquavar SOLO
Brand: Xylem Pages: 48
Mosa EAS 15-806 Use And Maintenance Manual preview
EAS 15-806
Brand: Mosa Pages: 28
KEB COMBIVERT F4-S/1.2 Applications Manual preview
COMBIVERT F4-S/1.2
Brand: KEB Pages: 96
Phoenix Contact 2297031 Manual preview
2297031
Brand: Phoenix Contact Pages: 56
Dantherm HCP 11 Installation And User Manual preview
HCP 11
Brand: Dantherm Pages: 36

Brands by name

Popular brands

Load more brands