Professional Documents
Culture Documents
version 10.2
MAN-0305-01
Product Version
This manual applies to product version 10.2 of the BIG-IP Global Traffic Manager.
Publication Date
This manual was published on October 21, 2011.
Legal Notices
Copyright
Copyright 2011, F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
3DNS, Access Policy Manager, Acopia, Acopia Networks, Advanced Client Authentication, Advanced Routing, APM, Application Security Manager, ARX, AskF5, ASM, BIG-IP, Cloud Extender, CloudFucious, CMP, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express, DSC, DSI, Edge Client, Edge Gateway, Edge Portal, EM, Enterprise Manager, F5, F5 [DESIGN], F5 Management Pack, F5 Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass, Global Traffic Manager, GTM, IBR, Intelligent Browser Referencing, Intelligent Compression, IPv6 Gateway, iApps, iControl, iHealth, iQuery, iRules, iRules OnDemand, iSession, IT agility. Your way., L7 Rate Shaping, LC, Link Controller, Local Traffic Manager, LTM, Message Security Module, MSM, Netcelera, OneConnect, Packet Velocity, Protocol Security Module, PSM, Real Traffic Policy Builder, ScaleN, SSL Acceleration, StrongBox, SuperVIP, SYN Check, TCP Express, TDR, TMOS, Traffic Management Operating System, TrafficShield, Transparent Data Reduction, VIPRION, vCMP, WA, WAN Optimization Manager, WANJet, WebAccelerator, WOM, and ZoneRunner, are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent. All other product and company names herein may be trademarks of their respective owners.
Patents
This product may be protected by U.S. Patents 6,374,300; 6,473,802; 6,970,733; 7,047,301; 7,707,289. This list is believed to be current as of October 21, 2011.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules.
Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture.
Acknowledgments
This product includes software developed by Gabriel Fort. This product includes software developed by Bill Paul. This product includes software developed by Jonathan Stone. This product includes software developed by Manuel Bouyer. This product includes software developed by Paul Richards. This product includes software developed by the NetBSD Foundation, Inc. and its contributors. This product includes software developed by the Politecnico di Torino, and its contributors. This product includes software developed by the Swedish Institute of Computer Science and its contributors. This product includes software developed by the University of California, Berkeley and its contributors. This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory. This product includes software developed by Christopher G. Demetriou for the NetBSD Project. This product includes software developed by Adam Glass. This product includes software developed by Christian E. Hopps. This product includes software developed by Dean Huxley. This product includes software developed by John Kohl. This product includes software developed by Paul Kranenburg. This product includes software developed by Terrence R. Lambert. This product includes software developed by Philip A. Nelson. This product includes software developed by Herb Peyerl. This product includes software developed by Jochen Pohl for the NetBSD Project. This product includes software developed by Chris Provenzano. This product includes software developed by Theo de Raadt. This product includes software developed by David Muir Sharnoff. This product includes software developed by SigmaSoft, Th. Lockert. This product includes software developed for the NetBSD Project by Jason R. Thorpe. This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com. This product includes software developed for the NetBSD Project by Frank Van der Linden. This product includes software developed for the NetBSD Project by John M. Vinopal. This product includes software developed by Christos Zoulas. This product includes software developed by the University of Vermont and State Agricultural College and Garrett A. Wollman. In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems. "Similar operating systems" includes mainly non-profit oriented systems for research and education, including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU). This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/). This product includes software licensed from Richard H. Porter under the GNU Library General Public License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
ii
This product includes the standard version of Perl software licensed under the Perl Artistic License ( 1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at http://www.perl.com. This product includes software developed by Jared Minch. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product contains software based on oprofile, which is protected under the GNU Public License. This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html) and licensed under the GNU General Public License. This product contains software licensed from Dr. Brian Gladman under the GNU General Public License (GPL). This product includes software developed by the Apache Software Foundation <http://www.apache.org/>. This product includes Hypersonic SQL. This product contains software developed by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation, and others. This product includes software developed by the Internet Software Consortium. This product includes software developed by Nominum, Inc. (http://www.nominum.com). This product contains software developed by Broadcom Corporation, which is protected under the GNU Public License. This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser General Public License, as published by the Free Software Foundation. This product includes the GeoPoint Database developed by Quova, Inc. and its contributors. This product includes software developed by Balazs Scheidler <bazsi@balabit.hu>, which is protected under the GNU Public License. This product includes software developed by NLnet Labs and its contributors. This product includes software written by Steffen Beyer and licensed under the Perl Artistic License and the GPL. This product includes software written by Makamaka Hannyaharamitu 2007-2008.
iii
iv
Table of Contents
Table of Contents
1
Overview of the Global Traffic Manager
Introducing the Global Traffic Manager .................................................................................... 1-1 Security features .................................................................................................................... 1-2 Introducing Local Traffic Manager resources ................................................................. 1-2 Internet protocol and network management support ................................................. 1-3 System synchronization options ........................................................................................ 1-3 Configuring data collection for server status and network path data ...................... 1-3 Redundant system configurations ..................................................................................... 1-4 Introducing the Configuration utility ......................................................................................... 1-5 Introducing the Traffic Management Shell ................................................................................ 1-5
2
Introducing Global Traffic Manager Components
Defining Global Traffic Manager components ......................................................................... 2-1 Introducing physical network components .............................................................................. 2-2 Data centers ........................................................................................................................... 2-2 Servers ..................................................................................................................................... 2-2 Links ......................................................................................................................................... 2-3 Virtual servers ........................................................................................................................ 2-3 Introducing logical network components ................................................................................. 2-4 Listeners .................................................................................................................................. 2-4 Pools ......................................................................................................................................... 2-4 Wide IPs .................................................................................................................................. 2-5 Distributed applications ....................................................................................................... 2-5 Locating a component using the search feature ..................................................................... 2-6
3
Setting Up and Configuring the Global Traffic Manager
Setting up the Global Traffic Manager ....................................................................................... 3-1 Configuring the Global Traffic Manager .................................................................................... 3-1 Defining the Global Traffic Manager ................................................................................. 3-2 Establishing system communications ................................................................................ 3-4 Configuring synchronization settings ................................................................................ 3-9 Configuring auto-discovery ............................................................................................... 3-14 Configuring global monitor settings ................................................................................ 3-15 Configuring domain validation ......................................................................................... 3-18
4
Working with Listeners
Introducing listeners ...................................................................................................................... 4-1 Creating a listener for local resolution ..................................................................................... 4-3 Configuring listeners for traffic forwarding .............................................................................. 4-4 Configuring a wildcard listener ................................................................................................... 4-5 Modifying listeners ......................................................................................................................... 4-5 Deleting listeners ........................................................................................................................... 4-6 Using listeners with VLANs ......................................................................................................... 4-6 Configuring a listener for all VLANs ................................................................................ 4-6 Configuring a listener for specific VLANs ....................................................................... 4-7 Disabling a listener for specific VLANs ............................................................................ 4-8
vii
Table of Contents
5
Defining the Physical Network
Introducing physical network components .............................................................................. 5-1 Managing data centers ................................................................................................................... 5-2 Configuring data centers ..................................................................................................... 5-2 Modifying data centers ......................................................................................................... 5-3 Deleting data centers ........................................................................................................... 5-4 Enabling and disabling data centers ................................................................................... 5-4 Managing servers ............................................................................................................................ 5-5 Defining BIG-IP systems ...................................................................................................... 5-5 Defining third-party load balancing servers .................................................................... 5-9 Defining third-party host servers .................................................................................... 5-10 Searching for a specific server ......................................................................................... 5-12 Assigning monitors to servers ......................................................................................... 5-13 Specifying thresholds for availability ............................................................................... 5-13 Discovering resources automatically .............................................................................. 5-17 Managing virtual servers ............................................................................................................. 5-19 Adding virtual servers manually ....................................................................................... 5-19 Modifying virtual servers ................................................................................................... 5-20 Removing virtual servers ................................................................................................... 5-20 Managing links ............................................................................................................................... 5-21 Defining links ........................................................................................................................ 5-21 Adding and removing routers .......................................................................................... 5-22 Assigning monitors to links ............................................................................................... 5-22 Removing monitors from links ........................................................................................ 5-23 Configuring link weighting and billing properties ........................................................ 5-23
6
Defining the Logical Network
Introducing logical network components ................................................................................. 6-1 Understanding logical components ................................................................................... 6-1 Managing pools ............................................................................................................................... 6-2 Defining pools ........................................................................................................................ 6-3 Adding virtual servers to pools ......................................................................................... 6-3 Removing virtual servers from pools ............................................................................... 6-4 Organizing virtual servers within pools ........................................................................... 6-4 Weighting virtual servers within pools ............................................................................ 6-5 Disabling and enabling pools ............................................................................................... 6-7 Defining pools using a canonical name ............................................................................. 6-8 Managing wide IPs .......................................................................................................................... 6-9 Defining wide IPs ................................................................................................................... 6-9 Searching for a specific wide IP ........................................................................................ 6-10 Adding pools to wide IPs .................................................................................................. 6-11 Removing pools from wide IPs ........................................................................................ 6-12 Organizing pools within wide IPs .................................................................................... 6-12 Weighting pools within wide IPs ..................................................................................... 6-13 Disabling and enabling wide IPs ....................................................................................... 6-15 Incorporating iRules ........................................................................................................... 6-15 Implementing the NoError response for IPv6 resolution ......................................... 6-18 Managing distributed applications ............................................................................................. 6-19 Defining distributed applications ..................................................................................... 6-19 Adding wide IPs to distributed applications .................................................................. 6-20 Removing wide IPs from distributed applications ....................................................... 6-21 Setting dependencies for distributed applications ....................................................... 6-21
viii
Table of Contents
Enabling and disabling distributed application traffic ................................................... 6-23 Enabling persistent connections ...................................................................................... 6-24
7
Load Balancing with the Global Traffic Manager
Understanding load balancing on the Global Traffic Manager ............................................. 7-1 Using static load balancing modes .............................................................................................. 7-3 Drop Packet mode ............................................................................................................... 7-3 Fallback IP mode .................................................................................................................... 7-4 Global Availability mode ...................................................................................................... 7-4 None mode ............................................................................................................................ 7-4 Ratio mode ............................................................................................................................. 7-5 Return to DNS mode .......................................................................................................... 7-5 Round Robin mode ............................................................................................................... 7-5 Static Persist mode ............................................................................................................... 7-5 Topology mode ..................................................................................................................... 7-6 Using dynamic load balancing modes ......................................................................................... 7-6 Types of dynamic load balancing modes .......................................................................... 7-7 Implementing the Quality of Service load balancing mode ......................................... 7-9 Using the Dynamic Ratio option ..................................................................................... 7-12 Configuring load balancing ......................................................................................................... 7-14 Configuring load balancing methods for wide IPs ....................................................... 7-14 Configuring load balancing methods for pools ............................................................. 7-15 Using the fallback load balancing method ............................................................................... 7-16 Configuring the fallback load balancing method .......................................................... 7-16 Employing additional load balancing options .......................................................................... 7-17
8
Managing Connections
Introducing connection management ........................................................................................ 8-1 Determining resource health ...................................................................................................... 8-2 Determining resource availability ............................................................................................... 8-3 Establishing limit settings ..................................................................................................... 8-3 Using monitors to determine availability ......................................................................... 8-4 Managing dependencies for virtual servers ..................................................................... 8-7 Resuming connections to resources ........................................................................................ 8-10 Establishing persistent connections .......................................................................................... 8-11 Draining persistent requests ............................................................................................ 8-12 Setting the last resort pool ........................................................................................................ 8-13
9
Load Balancing Connection Requests Using Topologies
Overview of topologies ................................................................................................................ 9-1 Understanding topology records ...................................................................................... 9-1 Understanding user-defined regions ................................................................................. 9-4 Configuring the Global Traffic Manager to route connection requests to the c losest data center ........................................................................................................................... 9-5 Configuring Topology load balancing at the wide IP level ........................................... 9-5 Configuring Topology load balancing at the pool level ................................................ 9-7 Configuring Topology load balancing at both the wide IP and pool levels .............. 9-8 Implementing topologies ............................................................................................................ 9-10 Downloading and installing updates to the IP geolocation data ............................... 9-10 Creating a topology record .............................................................................................. 9-11
ix
Table of Contents
Configuring a wide IP for Topology load balancing ..................................................... 9-12 Configuring a pool for Topology load balancing .......................................................... 9-12 Reloading default geolocation data .......................................................................................... 9-13 Removing topology records ...................................................................................................... 9-14 Disabling the Longest Match option ........................................................................................ 9-15
10
Working with DNSSEC Keys and Zones
About DNSSEC ............................................................................................................................ 10-1 Introducing DNSSEC keys and zones ...................................................................................... 10-1 Understanding DNSSEC keys .......................................................................................... 10-1 Managing DNSSEC keys ............................................................................................................. 10-4 Creating DNSSEC zone-signing and key-signing keys ................................................ 10-4 Modifying DNSSEC keys ................................................................................................... 10-6 Deleting DNSSEC keys ...................................................................................................... 10-6 Modifying generations of a DNSSEC key ...................................................................... 10-7 Performing a manual rollover of a key ........................................................................... 10-8 Managing DNSSEC zones .........................................................................................................10-11 Creating DNSSEC zones .................................................................................................10-11 Viewing the status of DNSSEC zones ..........................................................................10-12 Modifying DNSSEC zones ...............................................................................................10-12 Deleting DNSSEC zones .................................................................................................10-13 Viewing DNSSEC resource records ......................................................................................10-14
11
Configuring Monitors
Introducing monitors .................................................................................................................. 11-1 Summary of monitor types ............................................................................................... 11-2 Overview of monitor settings .......................................................................................... 11-4 Understanding pre-configured and custom monitors ................................................ 11-5 Creating a custom monitor ....................................................................................................... 11-7 Configuring monitor settings ..................................................................................................... 11-8 Simple monitors .................................................................................................................. 11-8 Extended Content Verification (ECV) monitors .......................................................11-10 External Application Verification (EAV) monitors ....................................................11-12 Special configuration considerations ......................................................................................11-35 Setting destinations ...........................................................................................................11-35 Using transparent and reverse modes .........................................................................11-35 Configuring when a virtual server is marked down ..................................................11-37 Configuring an ECV monitor to ignore a down response ......................................11-37 Associating monitors with resources ....................................................................................11-38 Types of monitor associations .......................................................................................11-38 Managing monitors .....................................................................................................................11-40 Displaying monitor settings ............................................................................................11-40 Deleting monitors .............................................................................................................11-40 Enabling and disabling monitor instances .....................................................................11-41
12
Viewing Statistics
Introducing statistics .................................................................................................................... 12-1 Accessing statistics ....................................................................................................................... 12-2 Viewing the Status Summary screen ........................................................................................ 12-3 Understanding the types of statistics ....................................................................................... 12-4
Table of Contents
Distributed application statistics ..................................................................................... 12-5 Wide IP statistics ................................................................................................................. 12-6 Pool statistics ....................................................................................................................... 12-8 Data center statistics ......................................................................................................... 12-9 Link statistics ......................................................................................................................12-10 Server statistics ..................................................................................................................12-11 Virtual server statistics ....................................................................................................12-12 Paths statistics ....................................................................................................................12-13 Local DNS statistics ..........................................................................................................12-15 Understanding persistence records .......................................................................................12-16
13
Collecting Metrics
Introducing metrics collection .................................................................................................. 13-1 Defining metrics ........................................................................................................................... 13-2 Assigning probes to local domain name systems .................................................................. 13-3 Configuring TTL and timer values ............................................................................................ 13-5 Excluding an LDNS from probes .............................................................................................. 13-6 Removing an LDNS from the address exclusion list .................................................. 13-7
14
Viewing Performance Data
Introducing performance data graphs ..................................................................................... 14-1 Viewing performance data ......................................................................................................... 14-1 About the GTM Performance graph .............................................................................. 14-1 About the GTM Request Breakdown graph ................................................................. 14-1
15
Managing iRules
Introducing iRules for the Global Traffic Manager ............................................................... 15-1 What is an iRule? ................................................................................................................. 15-1 Creating iRules .............................................................................................................................. 15-2 Assigning iRules ............................................................................................................................ 15-3 Controlling iRule evaluation ...................................................................................................... 15-4 Specifying events ................................................................................................................. 15-4 Using the when keyword .................................................................................................. 15-5 Listing iRules on wide IPs .................................................................................................. 15-5 Using statement commands ....................................................................................................... 15-6 Using wide IP commands ............................................................................................................ 15-7 Using utility commands ............................................................................................................... 15-8 Parsing and manipulating content .................................................................................... 15-8 Ensuring data integrity ....................................................................................................... 15-8 Retrieving resource information ..................................................................................... 15-9 Using protocol commands ......................................................................................................... 15-9 IP commands ......................................................................................................................15-10 TCP commands .................................................................................................................15-10 UDP commands .................................................................................................................15-10 Removing iRules .........................................................................................................................15-11
xi
Table of Contents
16
Managing DNS Files with ZoneRunner
Introducing ZoneRunner ............................................................................................................ 16-1 Working with DNS and BIND ......................................................................................... 16-1 Understanding ZoneRunner tasks .................................................................................. 16-1 Working with zone files ............................................................................................................. 16-2 Types of zone files .............................................................................................................. 16-2 Creating zone files .............................................................................................................. 16-3 Importing zone files ............................................................................................................ 16-7 Searching for a specific zone ..........................................................................................16-10 Modifying zones .................................................................................................................16-10 Deleting zones ...................................................................................................................16-11 Working with resource records ............................................................................................16-12 Types of resource records .............................................................................................16-12 Creating resource records .............................................................................................16-13 Modifying a resource record ..........................................................................................16-21 Working with views ..................................................................................................................16-22 Adding views ......................................................................................................................16-23 Modifying views .................................................................................................................16-23 Deleting views ....................................................................................................................16-24 Adding zones to views .....................................................................................................16-24 Managing the named.conf file ..................................................................................................16-25
A
Working with the big3d Agent
Introducing the big3d agent .........................................................................................................A-1 Collecting path data and server performance metrics ..........................................................A-2 Setting up data collection with the big3d agent .............................................................A-3 Understanding the data collection and broadcasting sequence .................................A-3 Setting up communication between Global Traffic Manager systems and other servers ..............................................................................................................................................A-5 Setting up iQuery communications for the big3d agent ..............................................A-5 Allowing iQuery communications to pass through firewalls .....................................A-6 Communications between Global Traffic Manager systems, big3d agents, and local DNS servers .................................................................................................................A-7
B
Understanding Probes
Introducing probes ......................................................................................................................... B-1 Understanding iQuery ................................................................................................................... B-2 Determining probe responsibility ............................................................................................... B-3 Selecting a big3d agent .................................................................................................................. B-5 Designating a specific server ........................................................................................................ B-7 Managing LDNS probes ................................................................................................................ B-8 Using log entries to tune probes ..............................................................................................B-10 Enabling probe logs .............................................................................................................B-10 Understanding the probe information in the log file ..................................................B-10
Glossary Index
xii
1
Overview of the Global Traffic Manager
Introducing the Global Traffic Manager Introducing the Configuration utility Introducing the Traffic Management Shell
BIG-IP Systems: Getting Started Guide This guide provides detailed information about installing upgrades to the BIG-IP system. It also provides information about licensing the BIG-IP system software, and connecting the system to a management workstation or network. TMOS Management Guide for BIG-IP Systems This guide contains the information you need to configure and maintain the network and system-related components for the BIG-IP system. With this guide, you can perform tasks such as configuring routes and VLANs, assigning self IP addresses, creating administrative user accounts, and managing a redundant system configuration. Configuration Guide for BIG-IP Local Traffic Manager This guide contains any information you need for configuring the BIG-IP system to manage local network traffic. With this guide, you can perform tasks such as creating virtual servers and load balancing pools, configuring application and persistence profiles, implementing health monitors, and setting up remote authentication.
The Global Traffic Manager provides a variety of features that meet special needs. For example, with this product you can: Ensure wide-area persistence by maintaining a mapping between a local domain name server (LDNS) and a virtual server in a wide IP pool Direct local clients to local servers for globally-distributed sites using Topology mode load balancing Change the load balancing configuration according to current traffic patterns or time of day Customize load balancing modes Set up global load balancing among Local Traffic Manager systems and other load balancing hosts Monitor real-time network conditions
1-1
Chapter 1
Configure a content delivery network with a CDN provider Guarantee multiple port availability for e-commerce sites When you install a Global Traffic Manager system on the network, the actions you take to integrate it into the network fall into two categories: setup tasks and configuration tasks.
Setup tasks are tasks in which you create or modify settings that apply to the Global Traffic Manager itself, or that apply universally to all other configuration components, such as servers, data centers, or wide IPs that you create later. Examples of setup tasks include running the Setup utility, assigning self IP address, and enabling high-availability functions. For more information about setup tasks, see Setting up the Global Traffic Manager, on page 3-1. Configuration tasks are tasks in which you define a specific aspect of the Global Traffic Manager, such as load balancing methods, pools and pool members, or iRules. These configuration tasks, while important, only affect specific aspects of how you manage Domain Name System (DNS) traffic with the Global Traffic Manager. For more information about the components of the Global Traffic Manager that you can configure, see Configuring the Global Traffic Manager, on page 3-1.
Security features
The Global Traffic Manager offers a variety of security features that can help prevent hostile attacks on your site or equipment.
Secure administrative connections The Global Traffic Manager supports Secure Shell (SSH) administrative connections for remote administration from the command line. The web server, which hosts the web-based Configuration utility, supports SSL connections as well as user authentication. Secure iQuery communications The Global Traffic Manager supports web certificate authentication for iQuery communications between itself and other systems running the big3d agent. TCP wrappers The Global Traffic Manager supports the use of TCP wrappers to provide an extra layer of security for network connections.
1-2
Self IP address A self IP address is an IP address that you define on a VLAN of a BIG-IP system. Note that this concept does not apply to the management IP address of a BIG-IP system or to IP addresses on other devices. Node A node is a logical object on the BIG-IP system that identifies the IP address of a physical resource on the network, such as a web server. You define a node object in the Local Traffic Manager. For more information about nodes, see the Configuring Nodes chapter in the Configuration Guide for BIG-IP Local Traffic Manager.
Configuring data collection for server status and network path data
The Global Traffic Manager includes the big3d agent, which is an integral part of its load balancing operations. The big3d agent continually monitors the availability of the servers that the Global Traffic Manager load balances. The agent also monitors the integrity of the network paths between the servers that host the domain, and the various local DNS servers that attempt to connect to the domain. The big3d agent runs on many of the F5 Networks
1-3
Chapter 1
products, including the Global Traffic Manager, Local Traffic Manager, and Link Controller. Each big3d agent broadcasts its collected data to all of the Global Traffic Manager systems and Link Controller systems in your network, ensuring that all Global Traffic Manager systems work with the latest information. The big3d agent offers a variety of configuration options that allow you to choose the data collection methods you want to use. For example, you can configure the big3d agent to track the number of router hops (intermediate system transitions) along a given network path, and you can also set the big3d agent to collect host server performance information using the SNMP protocol. For further details on the big3d agent, see Appendix A, Working with the big3d Agent.
Hardware-based failover In a redundant system configuration that has been set up with hardware-based failover, the two units in the system are connected to each other directly using a failover cable attached to the serial ports. The standby unit checks on the status of the active unit once every second using this serial link. Network-based failover In a redundant system configuration that has been set up with network-based failover, the two units in the system communicate with each other across an Ethernet network instead of across a dedicated failover serial cable. Using the Ethernet connection, the standby unit checks on the status of the active unit once every second. Note that network-based failover is disabled by default. For information about how to enable this feature, see Enabling high availability for network-based failover, on page 3-3.
Note
In a network-based failover configuration, the standby Global Traffic Manager immediately takes over if the active unit fails. If a client has queried the failed Global Traffic Manager, and has not received an answer, it automatically re-issues the request (after five seconds) and the standby unit, functioning as the active unit, responds.
1-4
1-5
Chapter 1
1-6
2
Introducing Global Traffic Manager Components
Defining Global Traffic Manager components Introducing physical network components Introducing logical network components Locating a component using the search feature
2-1
Chapter 2
Data centers
Data centers are the top level of your physical network setup. You must configure one data center for each physical location in your global network. When you create a data center in the Global Traffic Manager, you define the servers (Global Traffic Manager systems, Local Traffic Manager systems, Link Controller systems, hosts, and routers) that reside at that location. A data center can contain any type of server. For example, one data center can contain a Global Traffic Manager and a host, while another might contain two Global Traffic Manager systems and eight Local Traffic Manager systems.
Important
The data center name is limited to 63 characters. For information about configuring data centers, see Managing data centers, on page 5-2.
Servers
A server is a physical device on which you can configure one or more virtual servers. The servers that you define for the Global Traffic Manager to manage can include both BIG-IP systems and third-party servers, for example, Local Traffic Manager systems and Windows 2000 Servers. One server that you must define is the Global Traffic Manager. This places the system on the network map. You can also define Local Traffic Manager systems, and the virtual servers that these servers manage.
Important
The server name is limited to 63 characters. For information about configuring servers, see Managing servers, on page 5-5.
2-2
Links
A link is a logical representation of a physical device (router) that connects your network to the Internet. You can assign multiple links to each data center by logically attaching links to a collection of servers in order to manage access to your data sources. Configuring links is optional, although they are very useful when determining resource availability.
Important
The link name is limited to 63 characters. For information about configuring links, see Managing links, on page 5-21.
Virtual servers
Servers, excluding Global Traffic Manager systems and Link Controller systems, contain at least one virtual server. A virtual server, in the context of the Global Traffic Manager, is a combination of an IP address and a port number that points to a resource that provides access to an application or data source on your network. In the case of host servers, this IP address and port number likely point to the resource itself. With load balancing systems, such as the Local Traffic Manager, these virtual servers are often proxies that allow the load balancing server to manage the resource request across a multitude of resources. Virtual servers are the ultimate destination for connection requests.
Important
The virtual server name is limited to 63 characters. For information about configuring virtual servers, see Managing virtual servers, on page 5-19.
2-3
Chapter 2
Listeners
To communicate with the rest of your network, you must configure the Global Traffic Manager so that it can correctly identify the resolution requests for which it is responsible. A listener is an object that monitors the network for DNS queries, and thus is critical for global traffic management. The listener instructs the system to monitor the network traffic destined for a specific IP address. In most installations, when you define a listener for the Global Traffic Manager, you use the IP address of the Global Traffic Manager; however, there are many different ways you can configure listeners so that the system handles DNS traffic correctly. For more information on configuring listeners, see Chapter 4, Working with Listeners.
Pools
A pool is a collection of virtual servers that can reside on multiple network servers. When you define the virtual servers to which the Global Traffic Manager directs DNS traffic, you combine those virtual servers into pools. You can then configure the Global Traffic Manager to direct traffic to a specific virtual server within a pool, using a specific load balancing method. You can apply a different set of options to the same resources as a virtual server. When you add a virtual server to a pool, it becomes a pool member to which you can apply monitors, iRules, and other configuration options.
Important
The pool name is limited to 63 characters. For more information about configuring pools and pool members, see Defining pools, on page 6-3.
2-4
Wide IPs
One of the most common logical components you create in the Global Traffic Manager is a wide IP. A wide IP maps a fully-qualified domain name to one or more pools of virtual servers that host the domains content. When an LDNS requests a connection to a specific domain name, the wide IP definition specifies which pools of virtual servers are eligible to answer the request, and which load balancing modes to use in choosing a pool. The Global Traffic Manager then load balances the request across the virtual servers within that pool to resolve the request. For information about configuring wide IPs, see Managing wide IPs, on page 6-9.
Distributed applications
A distributed application is a collection of one or more wide IPs, data centers, and links that serve as a single application to a web site visitor. A distributed application is the highest-level component that the Global Traffic Manager supports. You can configure the Global Traffic Manager so that the availability of distributed applications is dependent on a specific data center, link, or server. For example, if the New York data center goes offline, this information causes the wide IP and its corresponding distributed application to become unavailable. Consequently, the system does not send resolution requests to any of the distributed application resources, until the entire application becomes available again. For more information about configuring distributed applications, see Managing distributed applications, on page 6-19.
2-5
Chapter 2
If you do not specify at least one wildcard character in a search pattern, the Global Traffic Manager automatically adds a wildcard character to each side of the search pattern; therefore, the search patterns www.do and *www.do* return the same results.
2-6
3
Setting Up and Configuring the Global Traffic Manager
Setting up the Global Traffic Manager Configuring the Global Traffic Manager
3-1
Chapter 3
In existing version 9.x systems, by default, the IP addresses of the system servers are in the default route domain. As part of specifying this network topology, you must configure the Global Traffic Manager itself, as described in Defining the current Global Traffic Manager, on page 5-6. You specify the role of the Global Traffic Manager within the network, as well as what interactions it can and cannot have with other network components. Without this configuration, many of the capabilities of the Global Traffic Manager cannot operate effectively. Additionally, if you are defining a Global Traffic Manager redundant system configuration that uses network-based failover, you must manually enable high availability on both Global Traffic Manager systems, as described in Enabling high availability for network-based failover, on page 3-3. Before you define a Global Traffic Manager, you must first specify the data center in which it resides. This step is important because all network components that the system manages must belong to a data center. For more information, see Configuring data centers, on page 5-2.
3-2
3-3
Chapter 3
Hardware-based failover In a redundant system configuration that has been set up with hardware-based failover, the two units in the system are connected to each other directly using a failover cable attached to the serial ports. The standby unit checks on the status of the active unit once every second using this serial link. Network-based failover In a redundant system configuration that has been set up with network-based failover, the two units in the system communicate with each other across an Ethernet network instead of across a dedicated failover serial cable. Using the Ethernet connection, the standby unit checks on the status of the active unit once every second. In a network-based failover configuration, if a client queries a failed Global Traffic Manager, and does not receive an answer, the client automatically re-issues the request (after five seconds), and the standby unit, functioning as the active unit, responds. Network-based failover is disabled by default. To enable high availability on both units in the redundant system configuration, use the tmsh command sequence: tmsh run / util bigpipe daemon gtmd running enable Important: If you remove provisioning for a Global Traffic Manager, and you want to re-enable high availability for network-based failover after you re-provision the Global Traffic Manager, you must run the tmsh command sequence again.
For more information about provisioning a Global Traffic Manager, see the TMOS Management Guide for BIG-IP Systems. For specific information about using tmsh commands to configure the system, see the Traffic Management Shell (tmsh) Reference Guide.
3-4
If the Global Traffic Manager is instead communicating with another Global Traffic Manager, it uses a different utility, called gtmd, which is designed for that purpose. Part of the process when establishing communications between the Global Traffic Manager and other BIG-IP systems is to open port 22 and port 4353 between the two systems. Port 22 allows the Global Traffic Manager to copy the newest version of the big3d utility to existing systems, while iQuery requires the port 4353 for its normal communications. In order for other BIG-IP systems to communicate with Global Traffic Manager, F5 Networks recommends that you update the big3d utility on older BIG-IP systems by running the big3d_install script from Global Traffic Manager. For more information about running the big3d_install script, see Installing the big3d agent, on page A-3, and SOL8195 on AskF5.com.
Note
The Global Traffic Manager supports web certificate authentication for iQuery communications between itself and other systems running the big3d agent. Table 3.1 lists the requirements for each communication component between the Global Traffic Manager and other BIG-IP systems.
Communication Component Ports Requirements Port 22, for secure file copying of entities like big3d. Port 4353, for iQuery communication. Utilities big3d, for Global Traffic Manager to BIG-IP system communication. iQuery
Protocols
Table 3.1 Requirements for communication components (BIG-IP system) When the Global Traffic Manager communicates with third-party systems, whether that system is a load balancing server or a host, it can use SNMP to send and receive information. For details on how the Global Traffic Manager uses SNMP, see the TMOS Management Guide for BIG-IP Systems.
3-5
Chapter 3
Table 3.2 lists the requirements for each communication component between the big3d agent and other external systems.
Communication Component Ports Protocols Requirements Port 161 SNMP
Table 3.2 Requirements for communication components (third-party systems) When you configure the Global Traffic Manager to communicate with external systems, you must complete one or more of the following tasks: Define the systems in the Global Traffic Manager. This task applies regardless of whether the system is a BIG-IP system, or a third-party system. Run the gtm_add utility. This utility is designed for situations in which you are installing the system in a network that already has one or more Global Traffic Manager systems running. Run the big3d_install utility. This utility ensures that the Global Traffic Manager and other BIG-IP systems use the same version of the big3d utility, and establishes that these systems are authorized to exchange information. Run the bigip_add utility. If you are certain that the other BIG-IP systems on the network use the same version of the big3d utility as the Global Traffic Manager, you can run the bigip_add utility instead of the big3d_install utility. The bigip_add utility authorizes communications between the Global Traffic Manager and other BIG-IP systems on the network.
3-6
the self IP address of an existing Global Traffic Manager in the synchronization group from which you want the new device to acquire configuration files. The utility accesses the specified system and copies its configuration files to the new Global Traffic Manager. The gtm_add script acquires all configuration files, including SSL certificates. As a result, it is ideal for acquiring SSL certificates for a new Global Traffic Manager.
3-7
Chapter 3
The utility logs on to the specified Global Traffic Manager and acquires its configuration files, including relevant SSL certificates.
You can now add the Global Traffic Manager to the appropriate synchronization group, as described in Creating synchronization groups, on page 3-13.
If the existing BIG-IP systems use an older version of the big3d agent than the one that comes with the new Global Traffic Manager you are connecting to the network, you must instead run the big3d_install utility. For more information, see Running the big3d_install utility, following.
3. Press the Enter key. The utility exchanges the appropriate SSL certificates, and authorizes communications between the systems. You can now add the Global Traffic Manager to the appropriate synchronization group, as described in Creating synchronization groups, on page 3-13.
3-8
The big3d_install utility modifies the big3d agent that is already present on existing BIG-IP systems.
3-9
Chapter 3
In network configurations that contain more than one Global Traffic Manager, synchronization means that each Global Traffic Manager regularly compares the timestamps of its configuration files with the timestamps of configuration files on other Global Traffic Manager systems. If a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests. With synchronization, you can change settings on one system and have that change distributed to all other systems. You can separate the Global Traffic Manager systems on your network into separate groups, called synchronization groups. A synchronization group is a collection of multiple Global Traffic Manager systems that share and synchronize configuration settings. These groups are identified by a synchronization group name, and only systems that share this name also shares configuration settings. These synchronization groups allow you to customize the synchronization behavior. For example, the Global Traffic Manager systems residing in data centers in Europe might belong to one synchronization group, while the systems in North America belong to another group. The following pages provide additional information on synchronization, and specifically cover the following topics: Defining servers Activating synchronization Controlling file synchronization Synchronizing DNS zone files Creating synchronization groups
Activating synchronization
Activating synchronization for the Global Traffic Manager has an immediate effect on its configurations, provided that another Global Traffic Manager is already available on the network. F5 Networks recommends that you activate synchronization only after you have finished configuring one of the systems.
3 - 10
To activate synchronization
1. On the Main tab of the navigation pane, expand System and then click Configuration. The general properties screen opens. 2. From the Global Traffic menu, choose General. The general global properties screen opens. 3. Check the Synchronization box. 4. Click the Update button to save your changes.
If you are using NTP to synchronize the time of the Global Traffic Manager with a time server, leave the Synchronization Time Tolerance setting at the default value of 10. In the event that NTP fails, the Global Traffic Manager uses the time_tolerance variable to maintain synchronization.
3 - 11
Chapter 3
In the event that you need to deactivate file synchronization, you can do so at any time. Situations in which you want to disable synchronization include updating the data center in which the Global Traffic Manager resides, or when you are testing a new configuration change.
3 - 12
It is important to note that when a Global Traffic Manager is a member of a synchronization group, the configuration of each Global Traffic Manager in the group automatically synchronizes with the group member that has the newest user configuration set (UCS). Therefore, if you roll back the configuration of a member of the synchronization group to a UCS that contains DNS configuration files that are dated earlier than the same file on another system in the group, the system that you roll back synchronizes with that other system, effectively losing the configuration to which it was rolled back. You can stop the automatic synchronization of the DNS files by clearing the Synchronize DNS Zone Files box on the system before you roll it back to an earlier configuration.
Chapter 3
configuration, SiteRequest enables synchronization for the New York and Los Angeles data centers, and assigns them a synchronization group name of United States. The remaining data centers are also synchronized, but with a group name of Rest Of World. As a result, a configuration change at the Paris Global Traffic Manager immediately modifies the Tokyo system, but does not affect the systems in the United States.
Configuring auto-discovery
A large network may consist of hundreds of virtual servers. Keeping track of these virtual servers can be a time-consuming process itself. The Global Traffic Manager includes a means of simplifying the addition of new virtual servers into a network: auto-discovery. Auto-discovery is a process through which the Global Traffic Manager automatically identifies resources that it manages. The Global Traffic Manager can discover two types of resources: virtual servers and links. Each resource is discovered on a per-server basis, so you can employ auto-discovery only on the servers you specify. The auto-discovery feature of the Global Traffic Manager has three modes that control how the system identifies resources. These modes are: Disabled In this mode, the Global Traffic Manager does not attempt to discover any resources. Auto-discovery is disabled on the Global Traffic Manager by default. Enabled In this mode, the Global Traffic Manager regularly checks the server to discover any new resources. If a previously-discovered resource cannot be found, the Global Traffic Manager deletes it from the system.
3 - 14
Enabled (No Delete) In this mode, the Global Traffic Manager constantly checks the server to discover any new resources. Unlike the Enabled mode, the Enabled (No Delete) mode does not delete resources, even if the system cannot currently verify their presence. If you want to use the auto-discovery feature, you must globally enable the feature and configure the frequency at which the system queries for new resources in the general properties screen. When enabled, by default, the system queries servers for new resources every 30 seconds.
Important
You must also enable auto-discovery at both the server and link levels. For information about enabling auto-discovery on virtual servers and links, see Discovering resources automatically, on 5-17.
To globally enable the auto-discovery feature and configure the auto-discovery frequency
1. On the Main tab of the navigation pane, expand System and click Configuration. The general properties screen opens. 2. From the Global Traffic menu, choose General. The general global properties screen opens. 3. Check the Auto-Discovery check box. 4. In the Auto-Discovery Request Interval box, type the frequency at which you want the system to attempt to discover new resources. 5. Click the Update button to save your changes.
3 - 15
Chapter 3
Heartbeat Interval Indicates how often the Global Traffic Manager communicates with other BIG-IP systems on the network. Maximum Synchronous Monitor Requests Indicates how many monitors can query a resource at any given time. Monitor Disabled Objects Indicates whether monitors continue to check the availability of a resource that you disabled through the Global Traffic Manager. While monitors supply information you need to ensure that network traffic moves efficiently across the network, they do so at the cost of increasing that network traffic. These settings allow you to control this increase.
F5 Networks recommends that, when configuring resource monitors, you ensure that the frequency at which the monitor attempts to query a resource is greater than the value of the Heartbeat Interval setting. Otherwise, the monitor might acquire out-of-date data during a query. For more information about configuring monitors, see Chapter 11, Configuring Monitors.
3 - 16
By default, the Monitor Disabled Objects setting is disabled for the Global Traffic Manager. F5 Networks recommends that you enable it only if you are certain you want the Global Traffic Manager to continue monitoring resources that you have manually disabled.
3 - 17
Chapter 3
3 - 18
4
Working with Listeners
Introducing listeners Creating a listener for local resolution Configuring listeners for traffic forwarding Configuring a wildcard listener Modifying listeners Deleting listeners Using listeners with VLANs
Introducing listeners
Before you can fully configure the Global Traffic Manager to handle name resolution requests, you must determine how you want the system to integrate with the existing network. Specifically, you must identify what network traffic you want the Global Traffic Manager to handle and how. In general, the system performs global traffic management in two ways:
Node mode The Global Traffic Manager receives the traffic, processes it locally, and sends the appropriate Domain Name System (DNS) response back to the querying server. Bridge or Router mode The Global Traffic Manager receives the traffic and forwards it; either to another part of the network or another DNS server.
To control how the Global Traffic Manager handles network traffic, you configure one or more listeners. A listener is a specialized resource to which you assign a specific IP address and port 53, the DNS query port. When traffic is sent to that IP address, the listener alerts the Global Traffic Manager, allowing it to either handle the traffic locally or forward the traffic to the appropriate resource.
Tip
If you are familiar with the Local Traffic Manager, it might be helpful to consider a listener as a specialized type of virtual server that is responsible for handling traffic for the Global Traffic Manager.
Note
If you configure user accounts on the Local Traffic Manager, you can assign listeners, like other virtual servers, to specific partitions. However, because listeners play an important role in global traffic management, F5 Networks recommends that you assign all listeners to partition Common. You control how the Global Traffic Manager responds to network traffic on a per-listener basis. For example, a single Global Traffic Manager can be the authoritative server for one domain, while forwarding other requests to a separate DNS server. Regardless of how many listeners you configure, the system manages and responds to requests for the wide IPs that are configured on it. To further illustrate how you configure listeners to control how the Global Traffic Manager responds to DNS traffic, consider the fictional company SiteRequest. At this company, a Global Traffic Manager is being integrated into a network with the following characteristics: A DNS server already exists at IP address 10.2.5.37. There are two VLANs, named external and guests. There are two wide IPs: www.siterequest.com and downloads.siterequest.com.
4-1
Chapter 4
Once integrated into the network, the Global Traffic Manager is responsible for the following actions: Managing and responding to requests for the wide IPs Forwarding other DNS traffic to the existing DNS server Forwarding any traffic from the guests VLAN to the rest of the network To implement this configuration, the Global Traffic Manager requires three listeners: A listener with an IP address that is the same as the self IP address of the Global Traffic Manager. This listener allows the system to manage DNS traffic that pertains to its wide IPs. A listener with an IP address of 10.2.5.37, the IP address of the existing DNS server. This listener allows the system to forward incoming traffic to the existing DNS server. A wildcard listener enabled on the guests VLAN. This listener allows the Global Traffic Manager to forward traffic sent from the guests VLAN to the rest of the network. As you can see from this example, the role that the Global Traffic Manager plays in managing DNS traffic varies depending on the listener through which the traffic arrives. As a result, the Global Traffic Manager becomes a flexible system for managing DNS traffic in a variety of ways.
4-2
4-3
Chapter 4
4-4
Modifying listeners
After you create a listener, you can modify it as necessary, for example, when you add an additional VLAN to the system, or when you want to change the IP address of a listener
To modify a listener
1. On the Main tab of the navigation pane, expand Global Traffic and click Listeners. The main listeners screen opens. 2. Click the name of the listener. The properties screen for that listener appears. 3. Modify the settings for the listener as required. 4. Click the Update button to save your changes to the listener.
4-5
Chapter 4
Deleting listeners
In the event that you no longer need a listener, you can delete it.
To delete a listener
1. On the Main tab of the navigation pane, expand Global Traffic and click Listeners. The main listeners screen opens. 2. Check the box that corresponds to the listener that you want to delete. 3. Click the Delete button. A confirmation screen appears. 4. Click the Delete button to delete the listener.
For more information about BIG-IP systems and VLANs, see the TMOS Management Guide for BIG-IP Systems.
4-6
4-7
Chapter 4
4-8
5
Defining the Physical Network
Introducing physical network components Managing data centers Managing servers Managing virtual servers Managing links
5-1
Chapter 5
5-2
Contact Specifies the name of the individual responsible for managing the network at the data center. State Specifies whether the data center is Enabled or Disabled.
5-3
Chapter 5
5-4
Managing servers
A server defines a specific physical system on the network. Within the Global Traffic Manager, servers are not only physical entities that you can configure and modify as needed; they also contain the virtual servers that are the ultimate destinations of name resolution requests. When you configure a server on the Global Traffic Manager, unless the server is either a Global Traffic Manager or a Link Controller, the server must contain at least one virtual server. The Global Traffic Manager supports three types of servers:
BIG-IP systems A BIG-IP system can be a Global Traffic Manager, a Local Traffic Manager, a Link Controller, or a VIPRION system. Third-party load balancing systems A third-party load balancing system is any system, other than a BIG-IP system, that supports and manages virtual servers on the network. See Defining third-party load balancing servers, on page 5-9, for a list of supported load balancing servers and instructions on how to define these servers. Third-party host servers A third-party host system is any server on the network that does not support virtual servers. See Defining third-party host servers, on page 5-10, for a list of supported host servers and instructions on how to define these servers.
At a minimum, you must define the following servers on the Global Traffic Manager: The current Global Traffic Manager A managed server (either a load balancing server or a host) The following procedures describe how to define each server type in your network. These procedures assume that the servers are up and running in the network, and that they already have virtual servers defined (if the server manages virtual servers).
5-5
Chapter 5
You must use a self IP address when you define a Global Traffic Manager. You cannot use the management IP address.
5-7
Chapter 5
6. From the Data Center list, select a data center to which the Local Traffic Manager belongs. Note: A server must belong to a data center. See Managing data centers, on page 5-2, for additional information. 7. Configure the remaining server settings, including the virtual servers managed by the Local Traffic Manager. For additional assistance with these settings, see the online help. 8. Click the Create button to create the new server.
5-8
If your network uses a load balancing server that is not found on this list, you can use the Generic Load Balancer option. See Defining a generic load balancing server, on page 5-10.
5-9
Chapter 5
6. From the Data Center list, select a data center to which the server belongs. Note: A server must belong to a data center. See Managing data centers, on page 5-2, for additional information. 7. Configure the remaining server settings. For additional assistance on these settings, see the online help. 8. Click the Create button to create the new server.
5 - 10
The Global Traffic Manager supports the following host servers: CacheFlow NetApp Sun Solaris Windows 2000 Server (You can monitor the Windows Vista Enterprise Server using the Windows 2000 Server-based computer.) Windows Server 2003 Windows NT 4.0
Note
If your network uses a host server that is not on this list, you can use the Generic Host option. See Defining a generic host server, on page 5-12.
5 - 11
Chapter 5
5 - 12
3. Click the name of the server that you want to view or modify. The properties screen for that server opens. 4. Make changes to the server properties as required. 5. Click the Update button to save your changes.
5 - 13
Chapter 5
You can also set limits for virtual server resources. For more information see, Setting thresholds for virtual servers, on page 5-15. If a server meets or exceeds its limits, both the server and the virtual servers it manages are marked as unavailable for load balancing. You can quickly review the availability of any of your servers or virtual servers on the Statistics screens.
5 - 14
5 - 15
Chapter 5
You can also set limits for pool members. For more information, see Setting thresholds for pool members, following. If a pool meets or exceeds its limits, both the pool and the pool members it manages are marked as unavailable for load balancing. You can quickly review the availability of any of your pools or pool members on the Statistics screens.
5 - 16
6. For Limit Settings, select Enabled from the list that corresponds to the threshold you want to use. A new box appears. 7. Type the appropriate value for each threshold. 8. Click the Update button to save your changes.
The Global Traffic Manager requires that each virtual server has a unique name. In instances where the auto-discovery process finds two virtual servers with the same name, the system modifies the name by creating a new name using the pattern, <server name>_<bigip system name>. In the event that this does not resolve the name conflict, the system appends a number to the name, for example, <server name>_<bigip system name>_1.
5 - 17
Chapter 5
4. From the Virtual Server Discovery list, select the appropriate setting. If you select Disabled, the virtual server list appears, which provides options for adding virtual servers manually. 5. Click the Update button to save your changes.
To discover links
You can enable discovery for links only on BIG-IP systems. 1. On the Main tab of the navigation pane, expand Global Traffic and click Servers. The main screen for servers opens. 2. Click the name of the server for which you want to discover links. The properties screen for that server opens. 3. On the menu bar, click Links. The virtual servers screen opens. 4. From the Link Discovery list, select the appropriate setting. 5. Click the Update button to save your changes.
5 - 18
Each virtual server that you add to the Global Traffic Manager must have a unique name.
5 - 19
Chapter 5
8. For the Dependency List option, select a virtual server from the Virtual Servers list, and then click Add. For more information on these options, see the online help. 9. Click the Create button to save the new virtual server.
5 - 20
Managing links
A link defines a physical connection to the Internet that is associated with one or more routers on the network. The Global Traffic Manager tracks the performance of links, which in turn can dictate the overall availability of a given pool, data center, wide IP, or distributed application. To configure the links that you want the Global Traffic Manager to load balance, you add a link entry, and then associate one or more routers with that entry. You can also configure monitors to check certain metrics associated with a link, and modify how the system load balances network traffic across links. You can manage links by: Defining a link Adding routers to a link Assigning monitors to a link Configuring link weighting and billing properties
Defining links
Before you can load balance inbound and outbound traffic, you must configure basic link properties. The following procedure describes how to configure the basic properties of a link.
To configure a link
1. On the Main tab of the navigation pane, expand Global Traffic and click Links. The main screen for links opens. 2. Click the Create button. The New Link screen opens. 3. In the Name box, type a name that identifies the link. 4. In the Address box, type the router address of the link, and then click Add. Note: You can add more than one address to any given link, depending on how that server interacts with the rest of your network. 5. From the Data Center list, select the data center to which you want to associate the link. Note: A link must be associated with a data center. 6. Configure the other link options as needed. For detailed information on these options, see the online help. 7. Click the Create button to create the link.
5 - 21
Chapter 5
5 - 22
4. For Health Monitors, use the Move buttons (<< >>) to move monitors from the Available list to the Enabled list. Monitors in the Enabled list are active for the link. 5. Click the Update button to save your changes.
Ratio Weighting If you have links of varying bandwidth sizes, and you want to load balance the traffic to the controller based on a ratio, you can select the Ratio option from the Weighting list. You use this configuration to avoid oversaturating a smaller link with too much traffic. Price Weighting If you pay varying fees for the bandwidth usage associated with the links, you can select the Price (Dynamic Ratio) option from the Weighting list. You use this configuration to direct traffic over the least expensive link first and to avoid the costs associated with exceeding a prepaid bandwidth.
5 - 23
Chapter 5
Duplex Billing If your ISP provider uses duplex billing, you can configure the Duplex Billing setting so that the statistics and billing report screens accurately reflect the bandwidth usage for the link.
Important
You can use either the Ratio or Price (Dynamic Ratio) weighting option to load balance the traffic through all of your links. You must use the same weighting option for all links.
5 - 24
6
Defining the Logical Network
Introducing logical network components Managing pools Managing wide IPs Managing distributed applications
If a virtual server is managed by a load balancing server that is not in the BIG-IP product family, the IP address and port number of the virtual server often point to a proxy on which the load balancing server listens for connection requests. In that case, the load balancing server remains in the communication directing the connection to the appropriate resource.
6-1
Chapter 6
For administration purposes, the wide IPs downloads.siterequest.com and search.siterequest.com are added to a single distributed application, siterequest_download_store. This configuration provides the IT staff the ability to track the performance of the distributed application, as performance has an immediate impact on the users that visit the web sites.
Managing pools
A pool represents one or more virtual servers that share a common role on the network. A virtual server, in the context of the Global Traffic Manager, is a combination of IP address and port number that points to a specific resource on the network. The Global Traffic Manager considers any virtual servers that you add to a pool to be pool members. A pool member is a virtual server that has specific attributes that pertain to the virtual server only in the context of that pool. Through this differentiation, you can customize settings, such as thresholds, dependencies, and health monitors, for a given virtual server on a per-pool basis. As an example of the difference between pool members and virtual servers, consider the fictional company SiteRequest. In the London data center, the IT team has a virtual server that acts as a proxy for a Local Traffic Manager. This virtual server is the main resource for name resolution requests for the companys main web page that originate from Europe. This same virtual server is the backup resource for name resolution requests that originate from the United States. Because these are two distinctly different roles, the virtual server is a pool member in two different pools. This configuration allows the IT team to customize the virtual server for each pool to which it belongs, without modifying the actual virtual server itself. As described in Chapter 5, Defining the Physical Network, before you can add virtual servers to the Global Traffic Manager, you must define a server that represents a physical component of your network. Then you can add virtual servers to the server, and group the virtual servers in pools. You manage pools in the following ways: Define pools Add virtual servers to pools Remove virtual servers from pools Organize virtual servers within pools Weight virtual servers within pools Disable or enable pools
6-2
Defining pools
When you create a pool, you name it and add at least one virtual server as a member of the pool. You can also assign specific load balancing methods, a fallback IP address, and one or more health monitors to the pool. You assign a fallback IP address in the event that the load balancing methods you assign to the pool fail to return a valid virtual server. The health monitors that you assign to the pool use various methods to determine if the virtual servers within the pool are available.
To define a pool
1. On the Main tab of the navigation pane, expand Global Traffic and click Pools. The main pools screen opens. 2. Click the Create button. The New Pool screen opens. 3. In the Name box, type a name for the pool. 4. For Member List, from the Virtual Server list, select the virtual servers that you want to include in this pool, and then click Add. Note: A virtual server can belong to more than one pool. 5. Configure the remaining pool settings. For additional assistance with these settings, see the online help. 6. Click the Finished button to save the new pool.
Repeat this process for each pool that you want to create.
6-3
Chapter 6
5. For the Member List setting, from the Virtual Server list, select the appropriate virtual server, and then click Add. Repeat this step for each virtual server that you want to add to the pool. 6. Click Finished to update the pool with the new virtual server.
Global Traffic Manager to select the first virtual server in the pool until it reaches capacity or goes offline, at which point it selects the next virtual server until the first pool becomes available again.
Note
For more information on the load balancing methods that the Global Traffic Manager supports, see Chapter 7, Load Balancing with the Global Traffic Manager. If you use a load balancing method that selects virtual servers based on the order in which they are listed in the pool, you may want to change the order in which the virtual servers are listed in the Member List. When you organize your virtual servers in conjunction with these load balancing methods, you can ensure that your most robust virtual server always receives resolution requests, while the other virtual servers act as backups in case the primary virtual server becomes unavailable.
6-5
Chapter 6
To illustrate the use of weights in connection load balancing, consider the fictional company SiteRequest. One of SiteRequests wide IPs, www.siterequest.com, contains a pool labeled poolMain. This pool uses the Ratio load balancing mode and contains three virtual servers, with the following weight assignments: Virtual server 1: weight 50 Virtual server 2: weight 25 Virtual server 3: weight 25 Notice that the total of all the weights in this pool is 100. Each time the Global Traffic Manager selects this pool, it load balances across all three virtual servers. Over time, the load balancing statistics for this pool appear as follows: Virtual server 1: selected 50 percent of the time Virtual server 2: selected 25 percent of the time Virtual server 3: selected 25 percent of the time This pattern exists because the weight value, 50, is 50 percent of the total weight for all virtual servers (100), while the weight value, 25, is 25 percent of the total.
Note
For information on the Ratio mode and other load balancing methods, see Chapter 7, Load Balancing with the Global Traffic Manager.
6-6
6. In the Ratio box, type a numerical value that represents the weight of the virtual server as compared to other virtual servers within the same pool. The higher the value in this setting, the greater the frequency at which the Global Traffic Manager selects the virtual server. 7. Click the Add button to add the virtual server, with ratio value, to the pool. 8. Click the Finished button to save your changes.
To disable a pool
1. On the Main tab of the navigation pane, expand Global Traffic and click Pools. The main pools screen opens. 2. Check the Select box for the pool that you want to disable. 3. Click the Disable button. After a few seconds, the pool becomes disabled. You can verify that the pool is disabled by looking at its status icon, located in the Status column in the table of pools. The status of a disabled pool is a black square.
To enable a pool
1. On the Main tab of the navigation pane, expand Global Traffic and click Pools. The main pools screen opens. 2. Check the Select box for the pool that you want to enable. 3. Click the Enable button. After a few seconds, the pool becomes enabled. The status icon of the pool, located in the Status column in the table of pools, changes to reflect the current availability of the pool. For example, a pool that is enabled and verified as available by the Global Traffic Manager has a status icon of a green circle.
6-7
Chapter 6
6-8
To define a wide IP
1. On the Main tab of the navigation pane, expand Global Traffic and click Wide IPs. The wide IP screen opens. 2. Click the Create button. The New Wide IP screen opens. 3. In the Name box, type the fully-qualified domain name for the wide IP. 4. In the Pools section, use the Pool List option to add the pools that belong to this wide IP. Note that a pool can belong to more than one wide IP. 5. Configure the remaining wide IP settings. For additional assistance with these settings, see the online help. 6. Click the Finish button to save the new wide IP. Repeat this process for each wide IP that you want to create.
6-9
Chapter 6
The question mark ( ? ) Use the question mark to replace a single character, with the exception of dots ( . ). Use more than one question mark in a wide IP name or alias. Use both the question mark and the asterisk in the same wide IP name or alias.
The asterisk ( * ) Use the asterisk to replace multiple consecutive characters, with the exception of dots ( . ). Use more than one asterisk in a wide IP name or alias. Use both the question mark and the asterisk in the same wide IP name or alias.
The following examples are all valid uses of the wildcard characters for the wide IP name, www.mydomain.net. ???.mydomain.net www.??domain.net www.my*.net www.??*.net www.my*.* ???.my*.* *.*.net www.*.???
6 - 10
Repeat this process for each pool that you want to add to the wide IP.
6 - 11
Chapter 6
Repeat this process for each pool that you want to remove from the wide IP.
For more information on load balancing methods that the Global Traffic Manager supports, see Chapter 7, Load Balancing with the Global Traffic Manager. If you use a load balancing method that selects pools based on the order in which they are listed in a wide IP, you may want to change the order in which the pools are listed in the Pools List. When you organize your pools in conjunction with these load balancing methods, you can ensure that your most robust pool always receives resolution requests, while the other pools act as backups in case the primary pool becomes unavailable.
6 - 12
6 - 13
Chapter 6
This pattern exists because the weight value, 50, is 50 percent of the total weight for all pools, while the weight value, 25, is 25 percent of the total.
Note
For information on the Ratio mode and other load balancing methods, see Chapter 7, Load Balancing with the Global Traffic Manager.
6 - 14
To disable a wide IP
1. On the Main tab of the navigation pane, expand Global Traffic and click Wide IPs. The Wide IPs screen opens. 2. Check the Select box for the wide IP that you want to disable. 3. Click the Disable button. After a few seconds, the wide IP becomes disabled. You can verify that the wide IP is disabled by looking at its status icon, located in the Status column in the table of wide IPs. The status of a disabled wide IP is a black square.
To enable a wide IP
1. On the Main tab of the navigation pane, expand Global Traffic and click Wide IPs. The wide IP screen opens. 2. Check the Select box for the wide IP that you want to enable. 3. Click the Enable button. After a few seconds, the wide IP becomes enabled. The status icon of the pool, located in the Status column in the table of wide IP, changes to reflect the current availability of the wide IP. For example, a wide IP that is enabled and verified as available by the Global Traffic Manager has a status icon of a green circle.
Incorporating iRules
An iRule is a set of one or more Tcl-based expressions that you can use with wide IPs to customize how the Global Traffic Manager handles network connection requests. You can use iRules with wide IPs in the following ways: Add an iRule to a wide IP Remove an iRule from a wide IP Organize multiple iRules assigned to a wide IP For information on creating iRules, see Chapter 15, Managing iRules.
6 - 15
Chapter 6
Repeat this process for each iRule that you want to add to the wide IP.
6 - 16
5. Use the iRules List option to select the iRule that you want to remove and click Remove. 6. Click the Update button to save your changes to the wide IP.
Repeat this process for each iRule that you want to remove from the wide IP.
Repeat this process until the iRules are listed in the necessary order.
6 - 17
Chapter 6
6 - 18
You can organize logical network components into groups that represent the business environment for which these components were designed. You can configure a distributed application so that it is dependent on a physical component of your network, such as a data center, server, or link. If this physical component becomes unavailable, the Global Traffic Manager flags the distributed application as unavailable as well. These dependencies ensure that a user cannot access a distributed application that does not have all of its resources available. You can define persistence for a distributed application, ensuring that a user accessing the distributed application uses the same network resources until they end their session.
You can manage distributed applications in the following ways: Define distributed applications Add wide IPs to distributed applications Remove wide IPs from distributed applications Set dependencies Enable and disable distributed application traffic Enable persistent connections
6 - 19
Chapter 6
4. Use the Member List settings to add the wide IPs that belong to this distributed application. Note: A wide IP can belong to only one distributed application. For more information on wide IPs, see Managing wide IPs, on page 6-9. 5. Configure the remaining distributed application settings. For assistance with these settings, see the online help. 6. Click the Finish button to create the distributed application.
Repeat this process for each distributed application that you want to create.
6 - 20
Repeat this process for each wide IP that you want to add to the distributed application.
6 - 21
Chapter 6
distributed application can access. In each example, a lightning storm caused the New York data center to lose power. Although the emergency power starts immediately, one of the wide IPs, one of the virtual servers, and one of the Internet links used by the application are offline, and thus unavailable.
Example 1: Data Center Dependency If the application uses data center dependency, the Global Traffic Manager considers the entire data center to be unavailable to the application, even if other virtual servers for the application remain available at the data center. Other connection requests, independent of the application, can still be sent to the data center. Example 2: Server Dependency Level If the application uses server dependency, the Global Traffic Manager considers the server hosting the virtual server to be unavailable to the application, even if other virtual servers on that server are online. Other connection requests, independent of the application, can still be sent to the server. Example 3: Link Dependency Level If the application uses link dependency, the Global Traffic Manager considers all resources for the application that use that link to be unavailable to the application. Other connection requests, independent of the application, can still be sent to these resources through other links. Example 4: Wide IP Dependency Level If the application uses wide IP dependency, the Global Traffic Manager considers all wide IPs that host that application to be unavailable, even if only one of the wide IPs is unavailable. Other connection requests, independent of the application, can still be sent to the data center.
Note
You do not have to set a dependency for a distributed application. You can accept the default value of None. If you do not set a dependency, then the Global Traffic Manager considers the application available as long as there is at least one wide IP to which it can load balance a name resolution request.
6 - 22
4. From the Dependency Level list, select the physical component on which you want the distributed application to depend. Note: If the component you select becomes unavailable, the Global Traffic Manager considers the distributed application to be unavailable as well. 5. Click the Update button to save the changes to the application.
When you add a physical component to a distributed application, by default, distributed application traffic is enabled for that component.
6 - 23
Chapter 6
4. Check the box for each physical component for which you want to enable application traffic. 5. Click Enable Distributed Application Traffic.
6 - 24
7
Load Balancing with the Global Traffic Manager
Understanding load balancing on the Global Traffic Manager Using static load balancing modes Using dynamic load balancing modes Configuring load balancing Using the fallback load balancing method Employing additional load balancing options
Wide IP-level load balancing A wide IP contains two or more pools. The Global Traffic Manager load balances requests, first to a specific pool, and then to a specific virtual server in the selected pool. If the preferred, alternate, and fallback load balancing methods that are configured for the pool or virtual server fail, then the requests fail, or the system falls back to DNS. Pool-level load balancing A pool contains one or more virtual servers. After the Global Traffic Manager uses wide IP-level load balancing to select the best available pool, it uses a pool-level load balancing to select a virtual server within that pool. If the first virtual server within the pool is unavailable, the Global Traffic Manager selects the next best virtual server based on the load balancing mode assigned to that pool.
For each pool that you manage, the Global Traffic Manager supports three types of load balancing methods: preferred, alternate, and fallback. The preferred load balancing method is the load balancing mode that the system attempts to use first. If the preferred method fails to provide a valid resource, the system uses the alternate load balancing method. Should the alternate load balancing method also fail to provide a valid resource, the system uses the fallback method. One of the key differences between the alternate methods and the other two load balancing methods is that only static load balancing modes are available from the alternate load balancing list. This limitation exists because dynamic load balancing modes, by definition, rely on metrics collected from different resources. If the preferred load balancing mode does not return a valid resource, it is likely that the Global Traffic Manager was
7-1
Chapter 7
unable to acquire the proper metrics to perform the load balancing operation. By limiting the alternate load balancing options to static methods only, the Global Traffic Manager can better ensure that, should the preferred method prove unsuccessful, the alternate method returns a valid result.
Note
You can select static or dynamic load balancing modes for the fallback load balancing method. Table 7.1 shows a list of the supported static load balancing modes. Table 7.2 shows a list of the supported dynamic load balancing modes. Both tables indicate where you can use each mode in the Global Traffic Manager configuration. The following sections in this chapter describe how each load balancing mode works.
Use for wide IP load balancing Use for preferred method X X X X Use for alternate method X X X X X X X X X X X X X X X X X Use for fallback method X X X X X X X X X
Load Balancing mode Drop Packet Fallback IP Global Availability None Ratio Return to DNS Round Robin Static Persist Topology
Load Balancing mode Completion Rate CPU Hops Kilobytes/Second Least Connections
7-2
Load Balancing mode Packet Rate Quality of Service Round Trip Time Virtual Server Score VS Capacity
X X
X X
A typical LDNS iteratively queries other authoritative nameservers when it times out on a query.
7-3
Chapter 7
Fallback IP mode
When you specify the Fallback IP load balancing mode, the Global Traffic Manager returns the IP address that you specify as the fallback IP, as an answer to the query. Note that you can specify both an IPv4 and an IPv6 address as the fallback IP address. The IP address that you specify is not monitored for availability before being returned as an answer. When you use the Fallback IP mode, you can specify a disaster recovery site to return when no load balancing mode returns an available virtual server. F5 Networks recommends that you use the Fallback IP load balancing mode only for the fallback method. The Global Traffic Manager uses the fallback method when the preferred and alternate load balancing modes do not provide at least one virtual server to return as an answer to a query.
None mode
The None load balancing mode is a special mode you can use if you want to skip the current load balancing method, or skip to the next pool in a multiple pool configuration. For example, if you set an alternate method to None in a pool, the Global Traffic Manager skips the alternate method and immediately tries the load balancing mode specified as the fallback method. If the fallback method is set to None, and you have multiple pools configured, the Global Traffic Manager uses the next available pool. If all pools become unavailable, the Global Traffic Manager returns an aggregate of the IP addresses of all pool members using BIND.
Tip
If you do not want the Global Traffic Manager to return multiple addresses that are potentially unavailable, F5 Networks recommends that you set the alternate method to Drop Packet. You can also use the None mode to limit each pool to a single load balancing mode. For example, you can set the preferred method in each pool to the desired load balancing mode, and then you can set both the alternate and fallback methods to None in each pool. If the preferred method fails, the None value for both the alternate and fallback methods forces the Global Traffic Manager to go to the next pool for a load balancing answer.
7-4
Ratio mode
The Ratio load balancing mode distributes connections among a pool of virtual servers as a weighted round robin. Weighted round robin refers to a load balancing pattern in which the Global Traffic Manager rotates connection requests among several resources based on a priority level, or weight, assigned to each resource. For example, you can configure the Ratio mode to send twice as many connections to a fast, new server, and only half as many connections to an older, slower server. The Ratio load balancing mode requires that you define a ratio weight for each virtual server in a pool, or for each pool if you are load balancing requests among multiple pools. The default ratio weight for a server or a pool is set to 1.
7-5
Chapter 7
This hash algorithm orders the pool members in the list differently for each LDNS that is passing traffic to the system taking into account the specified CIDR of the LDNS. Thus, while each LDNS (and thus each client) generally resolves to the same virtual server, the Global Traffic Manager system distributes traffic across all of the virtual servers.
Note
When the selected virtual server becomes unavailable, the system resolves requests to another virtual server. When the original virtual server becomes available again, the system resolves requests to that virtual server.
Topology mode
The Topology load balancing mode allows you to direct or restrict traffic flow by adding topology records to a topology statement in the configuration file. When you use the Topology load balancing mode, you can develop proximity-based load balancing. For example, a client request in a particular geographic region can be directed to a data center or server within that same region. The Global Traffic Manager determines the proximity of servers by comparing location information derived from the DNS message to the topology records. This load balancing mode requires you to do some advanced configuration planning, such as gathering the information you need to define the topology records. The Global Traffic Manager contains an IP classifier that accurately maps the LDNS, so when you create topology records, you can refer to continents and countries, instead of IP subnets. See Chapter 9, Load Balancing Connection Requests Using Topologies, for detailed information about working with this and other topology features.
7-6
CPU mode
The CPU load balancing mode selects the virtual server that currently has the most CPU processing time available to handle name resolution requests.
Hops mode
The Hops load balancing mode is based on the traceroute utility, and tracks the number of intermediate system transitions (router hops) between a clients LDNS and each data center. Hops mode selects a virtual server in the data center that has the fewest router hops from the LDNS.
Kilobyte/Second mode
The Kilobytes/Second load balancing mode selects a virtual server that is currently processing the fewest number of kilobytes per second. You can use this mode only with servers for which the Global Traffic Manager can collect the kilobytes per second metric. See Chapter 13, Collecting Metrics, for details on the metrics the Global Traffic Manager collects.
7-7
Chapter 7
Figure 7.1 Equation for calculating overall QoS score The Quality of Service load balancing mode is a customizable load balancing mode. For simple configurations, you can easily use this load balancing mode with its default settings. For more advanced configurations, you can specify different weights for each performance factor in the equation.
7-8
You can also configure the Quality of Service load balancing mode to use the dynamic ratio feature. With the dynamic ratio feature turned on, the Quality of Service mode becomes similar to the Ratio mode, where the connections are distributed in proportion to ratio weights assigned to each virtual server. The ratio weights are based on the QoS scores: the better the score, the higher percentage of connections the virtual server receives. For details about customizing the Quality of Service mode, see Implementing the Quality of Service load balancing mode, on page 7-9.
VS Capacity mode
The VS Capacity load balancing mode creates a list of the virtual servers, weighted by capacity, then picks one of the virtual servers from the list. The virtual servers with the greatest capacity are picked most often, but over time all virtual servers are returned. If more than one virtual server has the same capacity, then the Global Traffic Manager load balances using the Round Robin mode among those virtual servers.
7-9
Chapter 7
When the Global Traffic Manager selects a virtual server, it chooses the server with the best overall score. In the event that one or more resources has an identical score based on the Quality of Service criteria, the Global Traffic Manager load balances connections between those resources using the Round Robin methodology. If the system cannot determine a Quality of Service score, it load balances connections across all pool members using the Round Robin load balancing mode, as well. The Quality of Service mode has default settings that make it easy to use. There is no need to customize this mode; however, you can change the equation to put more or less weight on each individual factor. The following topics explain how to use and adjust the various settings of this mode.
How measured Percentage of successfully transferred packets (0-100%) Number of intermediate systems transitions (hops) Kilobytes per second throughput Based on the target dynamic ratio Packets per second Microseconds Score that defines network proximity by comparing server and LDNS IP addresses (0-232)
Default value 5
Hops
64
Lower
3 30 1 50 0
100
Higher
VS Capacity
20
Higher
If you change the default QoS coefficients, keep the following issues in mind.
Scale The raw metrics for each coefficient are not on the same scale. For example, completion rate is measured in percentages, while the packet rate is measured in packets per second.
7 - 10
Normalization The Global Traffic Manager normalizes the raw metrics to values in the range of 0 to10. As the QoS value is calculated, a high measurement for completion rate is good, because a high percentage of completed connections are being made, but a high value for packet rate is not desirable because the packet rate load balancing mode attempts to find a virtual server that is not overly taxed at the moment.
Emphasis You can adjust coefficients to emphasize one normalized metric over another. For example, consider the following QoS configuration: Round Trip Time: 50 Hops: 0 Topology: 0 Completion Rate: 5 Packet Rate: 10 VS Capacity: 0 Bits/second: 35 Link Capacity: 30 Virtual Server Score: 10 In this configuration, if the completion rates for two virtual servers are close, the system chooses the virtual server with the best packet rate. If both the completion rates and the packet rates are close, the round trip time (RTT) breaks the tie. In this example, the metrics for Topology, Hops, Link Capacity, VS Capacity, and Kilobytes/Second modes are not used in determining how to distribute connections.
Note
You cannot set a value for both the Round Trip Time and Hops settings simultaneously. In situations where the Global Traffic Manager has a value for both settings, the round trip time is incorporated, while the value for the Hops setting is reset to 0.
7 - 11
Chapter 7
By default, the Dynamic Ratio setting is disabled (cleared). To illustrate how the Dynamic Ratio setting works, consider a pool, primaryOne, that contains several pool members. This pool is configured so that the Global Traffic Manager load balances name resolution requests based on the Round Trip Time load balancing mode. The primaryOne pool contains two pool members: memberOne and memberTwo. For this example, the Global Traffic Manager determines that the round trip time for memberOne is 50 microseconds, while the round trip time for memberTwo is 100 microseconds. If the primaryOne pool has the Dynamic Ratio setting disabled (the default setting), the Global Traffic Manager always load balances to the pool with the best value. In this case, this results in requests going to memberOne, because it has the lowest round trip time value.
7 - 12
If the primaryOne pool has the Dynamic Ratio setting enabled, however, the Global Traffic Manager treats the round trip time values as ratios and divide requests among pool members based on these ratios. In this case, this results in memberOne getting twice as many connections as memberTwo, because the round trip time for memberOne is twice as fast as the round trip time for memberTwo. Note that, with the Dynamic Ratio option enabled, both pool members are employed to handle connections, while if the option is disabled, only one pool member receives connections.
7 - 13
Chapter 7
Wide IP When you define a wide IP, and you have multiple pools in your wide IP, you specify which load balancing mode to use in selecting a pool in the wide IP. To configure load balancing for a wide IP, see Configuring load balancing methods for wide IPs, following. Pool After the Global Traffic Manager selects a pool of virtual servers, it then employs the settings you specified as the preferred, alternate, and fallback load balancing methods to select a virtual server within the selected pool. To configure load balancing for a pool, see Configuring load balancing methods for pools, on page 7-15.
There may be situations (for example, e-commerce, and other sites with multiple services) where you need to configure a wide IP so that connections are not sent to a given address unless multiple ports or services are available. You configure this behavior after you define the wide IP. For details, see Employing additional load balancing options, on page 7-17.
7 - 14
7 - 15
Chapter 7
If you do not want the Global Traffic Manager to return an address that is potentially unavailable, F5 Networks recommends that you set the alternate load balancing method to Drop Packet. The Global Traffic Manager contains several options that help you control how the system responds when using a fallback load balancing setting. These options allow you to: Configure the fallback load balancing method Configure the fallback IP load balancing mode
By default, the Respect Fallback Dependency option is disabled. When you enable it, the system verifies that the virtual server is available for using it for fallback load balancing.
7 - 16
To use the fallback load balancing method without verifying virtual server availability
1. On the Main tab of the navigation pane, expand System and click Configuration. The general properties screen opens. 2. From the Global Traffic menu, choose Load Balancing. The load balancing properties screen opens. 3. Verify that the Respect Fallback Dependency box is clear. 4. Click the Update button to save your changes.
To access the Ignore Path TTL and Verify Virtual Server Availability options
1. On the Main tab of the navigation pane, expand System and click Configuration. The general properties screen opens. 2. From the Global Traffic menu, choose Load Balancing. The load balancing properties screen opens. 3. Enable or disable the Ignore Path TTL and Verify Virtual Server Availability options as needed. 4. Click the Update button to save your changes.
7 - 17
Chapter 7
7 - 18
8
Managing Connections
Introducing connection management Determining resource health Determining resource availability Resuming connections to resources Establishing persistent connections Setting the last resort pool
Managing Connections
Resource health Resource health refers to the ability of a given resource to handle incoming connection requests. For example, the Configuration utility uses a green circle to identify a resource, such as a wide IP, that has available pools and virtual servers, while a pool that is down appears as a red diamond. These visual clues can help you identify connection issues quickly and efficiently. Resource availability Resource availability refers to the settings within the Configuration utility that you use to control when a resource is available for connection request. For example, you can establish limit settings, which instruct the Global Traffic Manager to consider a resource as unavailable when a statistical threshold (such as CPU usage) is reached. Restoring availability When a resource goes offline, the Global Traffic Manager immediately sends incoming connection requests to the next applicable resource. When you bring that resource online again, you can control how to restore its availability to the Global Traffic Manager, ensuring that connections are sent to the resource only when it is fully ready to receive them. Persisting connections Certain interactions with your network require that a given user access the same virtual server resource until their connection is completed. An example of this situation is an online store, in which you want the user to access the same virtual server for their shopping cart until they place their order. With the Global Traffic Manager, you can configure your load balancing operations to take persistent connections into account. Selecting a last resort pool The Global Traffic Manager includes the ability to create a last resort pool. A last resort pool is a collection of virtual servers that are not used during normal load balancing operations. Instead, these virtual servers are held in reserve unless all other pools for a given wide IP become unavailable.
In addition, it is important to understand what happens when the Global Traffic Manager cannot find an available resource with which to respond to a connection request. You can find more information on this topic in Determining resource health, following.
8-1
Chapter 8
Blue A blue status code indicates that the resource has not been checked. This status often appears when you first add a resource into the Configuration utility. Green A green status code indicates that the resource is available and operational. The Global Traffic Manager uses this resource to manage traffic as appropriate. Red A red status code indicates that the resource did not respond as expected to a monitor. The Global Traffic Manager uses this resource only when two conditions are met: The Global Traffic Manager is using the load balancing mode specified in the Fallback load balancing setting. The Fallback load balancing setting for the pool is not None. Yellow A yellow status code indicates that the resource is operational, but has exceeded one of its established bandwidth thresholds. The Global Traffic Manager uses a resource that has a yellow status code only if no other resource is available. Black A black status code indicates that the resource has been manually disabled and is no longer available for load balancing operations.
As the preceding list illustrates, the health of a resource does not necessarily impact the availability of that resource. For example, the Global Traffic Manager can select a virtual server that has a red status code.
8-2
Managing Connections
8-3
Chapter 8
4. For each limit setting you want to configure, select Enabled from the corresponding list. The screen refreshes to show a box in which you can type a value for the limit setting. 5. Type the value for each limit setting in the corresponding box. 6. Click the Update button to save your changes.
8-4
Managing Connections
6. Determine the availability requirements for the virtual server: If you want the Global Traffic Manager to consider the virtual server only if all monitors assigned to the virtual server are successful, select All Health Monitors from the Availability Requirements list. If you want the Global Traffic Manager to consider the virtual server as available only if some monitors assigned to it are successful, select At Least from the Availability Requirements list. When you select At Least, a box appears where you can type the number of monitors that must be successful for the virtual server to be available. 7. Click the Update button to save your changes.
You can also assign monitors to a specific server. In most cases, when you assign a monitor to a server, that monitor checks all virtual servers associated with that server. An exception to this guideline is the SNMP monitor. If you assign an SNMP monitor to a Cisco, Alteon, Extreme Networks, Foundry, or Radware server, that monitor obtains information on the virtual servers associated with that server. If you assign the SNMP monitor to any other server type, that monitor obtains data on the server itself.
Note
For more information on the SNMP monitor, see Chapter 11, Configuring Monitors. In cases where you assign a monitor to a virtual server both directly and to its parent server, the availability information acquired from the monitor directly assigned to the virtual server takes precedence over any other data.
8-5
Chapter 8
4. Determine the availability requirements for the virtual servers: If you want the Global Traffic Manager to consider a virtual server only if all monitors assigned to the virtual server are successful, select All Health Monitors from the Availability Requirements list. If you want the Global Traffic Manager to consider the virtual server as available only if some monitors assigned to it are successful, select At Least from the Availability Requirements list. When you select At Least, a box appears where you can type the number of monitors that must be successful for the virtual server to be available. 5. Click the Update button to save your changes.
8-6
Managing Connections
4. Determine the availability requirements for the link: If you want the Global Traffic Manager to consider the link only if all monitors assigned to the link are successful, select All Health Monitors from the Availability Requirements list. If you want the Global Traffic Manager to consider the link as available only if some monitors assigned to it are successful, select At Least from the Availability Requirements list. When you select At Least, a box appears where you can type the number of monitors that must be successful for the link to be available. 5. Click the Update button to save your changes.
8-7
Chapter 8
6. For the Dependency List setting, select a virtual server from the Virtual Servers list, and then click Add. The virtual server appears in the list. 7. Add additional virtual servers as needed. 8. Click the Update button to save your changes.
8-8
Managing Connections
8-9
Chapter 8
8 - 10
Managing Connections
8 - 11
Chapter 8
8 - 12
Managing Connections
8 - 13
Chapter 8
8 - 14
9
Load Balancing Connection Requests Using Topologies
Overview of topologies Configuring the Global Traffic Manager to route connection requests to the closest data center Implementing topologies Reloading default geolocation data Removing topology records Disabling the Longest Match option
Overview of topologies
You can configure the BIG-IP Global Traffic Manager to load balance incoming connection requests to a resource based on the physical proximity of the resource to the client making the request. You can also configure the system to deliver region specific content such as news and weather to a client making a request from a specific location. This can be accomplished by configuring the Global Traffic Manager to perform Topology load balancing. The Topology load balancing mode helps ensure that connection requests are answered and managed in the fastest possible time.
Each topology record contains the following elements: A request source statement that defines the origin of a connection request. A destination statement that defines the resource to which the Global Traffic Manager directs the connection request. A weight (topology score) that the system assigns to a server object during the load balancing process. By default, each time the system configuration is loaded, the Global Traffic Manager automatically sorts the topology records into an ordered list based on the topology longest match sorting algorithm. Before you create topology records, it is essential that you understand how the system sorts the topology record list, and then uses the ordered list to load balance connection requests.
Configuration Guide for BIG-IP Global Traffic ManagerTM
9-1
Chapter 9
Important
The topology records list in the Configuration utility are not displayed in a sorted list.
9-2
Understanding how the system load balances connection requests based on topology longest match
When Topology load balancing is enabled, by default the Global Traffic Manager load balances connection requests using the longest match sorting algorithm. When a connection request comes into the system the load balancing decision is based on the following process: For each server object that the Global Traffic Manager load balances connection requests to, the system iterates through an ordered list of topology records from first to last and assigns a weight to every server object. The system locates the first topology record that most specifically matches both the LDNS and the server object and assigns the topology score in the record to the server object. If the iteration through the list does not find a topology record that matches both the LDNS and the server object, then that server object is assigned a zero score. The Global Traffic Manager routes the connection request to the server object with the highest score. When server objects have equal scores, the Global Traffic Manager distributes connection requests among those server objects in a round robin fashion. To understand the default behavior when Topology load balancing is configured, consider the following scenario. The company Site Request has internal and external customers. The IT department wants to route all connection requests from internal customers on the 10.15.0.0/16 IP subnet to the internal_customer_pool, and all connection requests from external customers on the 10.0.0.0/8 IP subnet to the external_customer_pool. To do this the system administrator creates two topology records as shown in Figure 9.2. Note that the weights of the topology records are different. This instructs the Global Traffic Man aa ger to route the connection requests correctly.
9-3
Chapter 9
When a connection request arrives from a source with an IP address of 10.15.65.8, the Global Traffic Manager assigns a weight of 200 to the internal_customer_pool and a weight of 100 to the external_customer_pool. This is because the LDNS 10.15.65.8 matches both request sources 10.15.0.0/16 and 10.0.0.0/8. However, the system load balances the request to the internal_customer_pool, because the weight assigned to that server object is higher.
9-4
Configuring the Global Traffic Manager to route connection requests to the closest data center
You can configure the Global Traffic Manager to route connection requests to the closest data center using the Topology load balancing mode across pools at the wide IP level and across virtual servers (pool members) at the pool level.
Important: To use Topology load balancing at the wide IP level to route connections to a specific data center, you must create pools that have all of their members in the same data center. Figure 9.3 shows siterequest.net configured for Topology load balancing at the wide IP level. All connection requests from a local domain name server (LDNS) in South America with an IP address of 10.0.0.1 are directed to Pool2 in SouthAmericaDC. All connection requests from an LDNS in North America with an IP address of 11.0.0.1 are directed to Pool1 in NorthAmericaDC. In this example, the Global Traffic Manager selects a pool to which to direct a connection based on topology records that match an LDNS (request source) to a pool (destination). How the system distributes the connections to the members is based on the load balancing mode that you set for each pool.
Chapter 9
Figure 9.4 shows the topology records that the Site Request administrator created. Based on these records, when a connection request comes in from the LDNS with an IP address of 10.0.0.1, the Global Traffic Manager assigns a weight of 100 to Pool2 and routes the request to Pool2. When a connection request comes in from the LDNS with an IP address of 11.0.0.1, the Global Traffic Manager assigns a weight of 100 to Pool1 and routes the request to Pool1.
Figure 9.4 Example of topology records for load balancing at the wide IP level
9-6
9-7
Chapter 9
Figure 9.6 shows the topology records that the Site Request administrator created. Based on these records, when a connection request comes in from the LDNS with an IP address of 10.0.0.1, the Global Traffic Manager assigns a weight of 100 to SouthAmericaDC and routes the request to SouthAmericaDC. When a connection request comes in from the LDNS with an IP address of 10.1.0.1, the Global Traffic Manager assigns a weight of 100 to NorthAmericaDC and routes the request to NorthAmericaDC.
Figure 9.6 Example of topology records for load balancing at the pool level
Configuring Topology load balancing at both the wide IP and pool levels
When you configure the Global Traffic Manager for Topology load balancing at both the wide IP and pool levels, the system first load balances the requests to a pool assigned to the wide IP and then to a member of the pool. Figure 9.7 shows siterequest.net configured for Topology load balancing at both the wide IP and pool levels with connection requests being directed from an LDNS in Buenos Aires to the SpanishPool in SouthAmericaDC. In this example, the Global Traffic Manager selects a pool to which to direct a connection based on topology records that match an LDNS (request source) to a pool (destination). How the system distributes the connections to the members of SpanishPool is based on topology records that match a specific LDNS (request source) to a specific virtual server (destination).
9-8
Figure 9.7 Example of topology load balancing at the wide IP and pool levels
Figure 9.8 shows the topology records that the Site Request administrator created. Based on these records, when a connection request comes in from an LDNS in Buenos Aires, the Global Traffic Manager assigns a weight of 100 to SpanishPool and SouthAmericaDC. The system routes the request to the SpanishPool pool members that are in SouthAmericaDC.
Figure 9.8 Example of topology records for load balancing at both the wide IP and pool levels
9-9
Chapter 9
Implementing topologies
To implement Topology load balancing, complete these tasks: Download and install updates to the IP geolocation data. Create topology records for the Global Traffic Manager to use for handling connection requests. Configure the Topology load balancing mode at the wide IP level, pool level, or both.
You can access the ISP and organization-level geolocation data for IPv4 addresses only using the iRules whereis command.
10. Install and load one of the RPM files using the following command, where the path and file name are case-sensitive: geoip_update_data -f </path to RPM file and file name> The system installs and loads the specified database file. 11. Repeat step 10 for each of the RPM files that you saved to the system in step 9.
9 - 11
Chapter 9
Repeat this process for each wide IP that you want to configure for Topology load balancing.
Repeat this process for each pool that you want to configure for Topology load balancing.
9 - 12
Before you reload the default geolocation data, delete the RPM files that are in the /shared/GeoIP directory.
9 - 13
Chapter 9
9 - 14
9 - 15
Chapter 9
9 - 16
10
Working with DNSSEC Keys and Zones
About DNSSEC Introducing DNSSEC keys and zones Managing DNSSEC keys Managing DNSSEC zones Viewing DNSSEC resource records
About DNSSEC
The Domain Name System Security Extensions (DNSSEC) is an industry-standard protocol that functions as an extension to the Domain Name System (DNS) protocol. The BIG-IP Global Traffic Manager uses DNSSEC to guarantee the authenticity of DNS responses to queries and to return Denial of Existence responses. You can use the DNSSEC feature of the Global Traffic Manager to protect your network infrastructure from DNS protocol and DNS server attacks such as spoofing, ID hacking, cache poisoning, and denial of service.
10 - 1
Chapter 10
Figure 10.1 illustrates this, and shows how over time each generation of a key overlaps the previous generation of the key.
The value that you assign to the TTL (time-to-live) setting for a key specifies how long a client resolver can cache the key. As shown in Figure 10.1, the value you assign to the TTL setting of the key must be less than the difference between the values of the Rollover Period and Expiration Period settings of the key; otherwise, a client can make a query and the system can send a valid key that the client cannot recognize.
Important
To ensure that each Global Traffic Manager system is referencing the same time when generating keys, you must synchronize the time setting on each system with the Network Time Protocol (NTP) servers that the Global Traffic Manager references. For information, see Defining NTP servers, on page 3-10.
10 - 2
10 - 3
Chapter 10
Only users with Administrator or Resource Administrator roles can create, modify, and delete DNSSEC keys. In order for the Global Traffic Manager to use the keys that you create to sign requests, you must assign the keys to a zone. For more information, see Creating DNSSEC zones, on page 10-11.
Setting Name
Description Type a name that contains any characters except a pound sign (#), dollar sign ($), caret (^), or exclamation point (!). Accept the default value. There is only one algorithm available.
Default Value
Algorithm
RSA/SHA1
10 - 4
Description Type the size of the key. The allowed values are determined by your hardware platform or the FIPS hardware security module (HSM), if your system contains one. These three options are valid: 1024 and 2048
Use FIPS
If your system contains a FIPS HSM on which you store the DNSSEC keys to protect the keys from physical and software attacks, select Enabled. Note: If your system does not contain a FIPS HSM, and you set this option to Enabled, the system automatically resets the value to Disabled.
Disabled
Type
If you are creating a key to sign all of the record sets in a zone, select Zone Signing Key. If you are creating a key to sign only the DNSKEY record set, select Key Signing Key.
State
Select Enabled when you are creating a key-signing or zone-signing key that you plan to associate with a zone as an active key. Important: You can assign both enabled and disabled key-signing and zone-signing keys to a zone; however, the system uses only enabled keys to sign requests.
Enabled
TTL
Type the number of seconds that client resolvers can cache the key. 0 seconds indicates that the key is not cached by client resolvers. The value of the TTL must be less than the difference between the values of the rollover and expiration periods.
86400
Rollover Period
Type the number of seconds after which the system creates a new generation of the key. 0 seconds indicates not set, and thus the key does not roll over. The value of the rollover period must be greater than or equal to one third of the value of the expiration period, and strictly less than the value of the expiration period. Additionally, the difference between the values of the rollover and expiration periods must be more than the value of the TTL.
Expiration Period
Type the number of seconds after which the system deletes an expired generation of the key. 0 seconds indicates not set, and thus the key does not expire. The value of the expiration period must be more than the value of the rollover period. Additionally, the difference between the values of the rollover and expiration periods must be more than the value of the TTL. Tip: The National Institute of Standards and Technology (NIST) recommends that a key-signing key expire once a year.
Type the number of seconds after which the system no longer uses the expired signature. 0 seconds indicates not set, and thus the server verifying the signature never succeeds, because the signature is always expired. The value of this setting must be more than the value of the signature publication period.
Type the number of seconds after which the system creates a new signature. 0 seconds indicates not set, and thus the system does not cache the signature. The value of this setting must be less than the value of the signature validity period.
10 - 5
Chapter 10
To modify a key
1. On the Main tab of the navigation pane, expand Global Traffic. 2. Click DNSSEC Key List. 3. Click the name of the key. 4. Modify the settings of the key as required. For example, to disable the key, select Disabled from the State list. 5. Click Update.
If you delete a key that is associated with a zone that is available (enabled and online), if there are no other enabled keys of that type associated with the zone, the status of the zone immediately becomes offline.
To delete a key
1. On the Main tab of the navigation pane, expand Global Traffic. 2. Click DNSSEC Key List. 3. Check the Select box next to the key that you want to delete. 4. Click Delete. 5. Click Delete again to delete the key.
10 - 6
F5 Networks recommends that you modify only the Rollover Time and Expiration Time settings of a generation of a key. Modifying the ID or Public Key settings can cause the system to return denial of service messages rather than signed responses.
Description Important: Do not modify this setting. Important: Do not modify this setting. This is the public key that the Global Traffic Manager is currently using to sign responses.
Rollover Time
Type the exact time that you want the system to create and begin to use a new generation of the key. Note: Modifying this setting does not affect the value of the rollover and expiration periods of the key.
Expiration Time
Type the exact time that you want this generation of the key to expire. Note: Modifying this setting does not affect the value of the rollover and expiration periods of the key.
10 - 7
Chapter 10
Performing a manual rollover of a key for which you have a standby key
To perform a manual rollover of a key-signing key for which you have a standby key
1. On the Main tab of the navigation pane, expand Global Traffic. 2. Click DNSSEC Key List. 3. Click the name of the standby key-signing key. 4. From the State list, select Enabled. 5. Click Update. 6. Provide the records for the compromised key and the newly enabled key to the administrator of the parent zone. After the administrator has loaded the newly active key records to the zone and the records have been signed, complete the remainder of the steps in this procedure. 7. Expand Global Traffic and click DNSSEC Key List. 8. Check the Select box next to the name of the compromised key. 9. Click Delete. 10. Click Delete again to delete the key.
To perform a manual rollover of a zone-signing key for which you have a standby key
1. On the Main tab of the navigation pane, expand Global Traffic. 2. Click DNSSEC Key List. 3. Click the name of the standby zone-signing key. 4. From the State list, select Enabled. 5. Click Update. 6. Click DNSSEC Key List. 7. Check the Select box next to the name of the compromised key. 8. Click Delete. 9. Click Delete again to delete the key.
10 - 8
The system rolls over this generation of the key at the time specified in the Rollover Time setting. The system removes the old generation of the key at the time specified in the Expiration Time setting.
10 - 9
Chapter 10
Important: This date must be no sooner than the maximum TTL of the zone. Additionally, this date must also allow time for you to perform step 6. Your BIND administrator can provide you with the maximum TTL of the key. 7. Click Update.
The system rolls over this generation of the key at the time specified in the Rollover Time setting. The system removes the old generation of the key at the time specified in the Expiration Time setting.
10 - 10
Only users with Administrator or Resource Administrator roles can create, modify, and delete DNSSEC zones.
Setting Name
Description Type a the name of the zone for which you want the system to sign responses. The name should be a subset of the name of the wide IP within which the zone resides. For example, if the wide IP is named www.siterequest.com, name the zone siterequest.com. If you want the zone to be live, select Enabled. If you do not want the zone to be live, select Disabled.
State
Enabled
10 - 11
Chapter 10
Description Move the zone-signing keys that you want to assign to this zone from the Available list to the Active list. Note: You can associate the same zone-signing key with multiple zones.
Default Value
Move the key-signing keys that you want to assign to this zone from the Available list to the Active list. Note: You can associate the same key-signing key with multiple zones.
To modify a zone
1. On the Main tab of the navigation pane, expand Global Traffic. 2. Click DNSSEC Zone List. 3. Click the name of the zone. 4. Modify the settings for the zone as required. Refer to the online help or Table 10.3, on page 10-11 for specifics. 5. Click Update.
10 - 12
To delete a zone
1. On the Main tab of the navigation pane, expand Global Traffic. 2. Click DNSSEC Zone List. 3. Check the Select box next to the name of the zone that you want to delete. 4. Click Delete. 5. Click Delete again to delete the zone.
10 - 13
Chapter 10
10 - 14
11
Configuring Monitors
Introducing monitors Creating a custom monitor Configuring monitor settings Special configuration considerations Associating monitors with resources Managing monitors
Configuring Monitors
Introducing monitors
An important feature of the Global Traffic Manager is set of load balancing tools called monitors. Monitors verify connections on pools and virtual servers. A monitor can be either a health monitor or a performance monitor. Monitors are designed to check the status of a pool or virtual server on an ongoing basis, at a set interval. If a pool or virtual server being checked does not respond within a specified timeout period, or the status of a pool or virtual server indicates that performance is degraded, then the Global Traffic Manager can redirect the traffic to another resource. Some monitors are included as part of the Global Traffic Manager, while other monitors are user-created. Monitors that the Global Traffic Manager provides are called pre-configured monitors. User-created monitors are called custom monitors. For more information on pre-configured and custom monitors, see Understanding pre-configured and custom monitors, on page 11-5. Before configuring and using monitors, it is helpful to understand some basic concepts regarding monitor types, monitor settings, and monitor implementation. For more information on monitor types, see Summary of monitor types, on page 11-2, and Configuring monitor settings, on page 11-8.
Monitor types Every monitor, whether pre-configured or custom, belongs to a certain category, or monitor type. Each monitor type checks the status of a particular protocol, service, or application. For example, an HTTP monitor allows you to monitor the availability of the HTTP service on a pool member (that is a virtual server). Monitor settings Every monitor consists of settings with values. The settings and their values differ depending on the type of monitor. In some cases, the Global Traffic Manager assigns default values. For example, the following are the default values for the HTTP monitor: Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Reverse: No Transparent: No These settings specify that an HTTP monitor is configured to check the status of an IP address every 30 seconds, to time out after 120 seconds, to timeout the probe request every 5 seconds, and specifies that the monitor does not operate in either Reverse or Transparent mode.
Monitor implementation The task of implementing a monitor varies depending on whether you are using a pre-configured monitor or creating a custom monitor. If you want to implement a pre-configured monitor, you need only associate the
11 - 1
Chapter 11
monitor with a pool or virtual server. If you want to implement a custom monitor, you must first create the custom monitor, and then associate it with a pool or virtual server.
Simple monitors check the health of a resource by sending a packet using the specified protocol, and waiting for a response from the resource. If the monitor receives a response, then the health check is successful and the resource is considered up. For information about configuring monitor settings for Simple monitors, see Simple monitors, on page 11-8. ECV monitors check the health of a resource by sending a query for content using the specified protocol, and waiting to receive the content from the resource. If the monitor receives the correct content, then the health check is successful and the resource is considered up. For information about configuring monitor settings for ECV monitors, see Extended Content Verification (ECV) monitors, on page 11-10. EAV monitors check the health of a resource by accessing the specified application. If the monitor receives the correct response, then the health check is successful and the resource is considered up. For information about configuring monitor settings for EAV monitors, see External Application Verification (EAV) monitors, on page 11-12.
Table 11.1 briefly describes the types of monitors that you can apply to your load balancing resources.
Monitor Category Simple Monitor Type Gateway ICMP Possible Object Associations link, pool member, server, virtual server pool member, server, virtual server
Description Uses Internet Control Message Protocol (ICMP) to make a simple resource check. The check is successful if the monitor receives a response to an ICMP_ECHO datagram.
Monitors the associated service by sending a TCP SYN packet to the service. As soon as the monitor receives the SYN-ACK packet, the monitor marks the service as up.
11 - 2
Configuring Monitors
Description Verifies the Hypertext Transfer Protocol (HTTP) service by attempting to receive specific content from a web page.
Possible Object Associations pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server server, virtual server
HTTPS
Verifies the Hypertext Transfer Protocol Secure (HTTPS) service by attempting to receive specific content from a web page protected by Secure Socket Layer (SSL) security. Verifies the Transmission Control Protocol (TCP) service by attempting to receive specific content from a resource.
TCP
EAV
BIG IP
Acquires data captured through monitors managed by a Local Traffic Manager. Note: You cannot configure the Ignore Down Response setting of this monitor to configure a BIG-IP system to allow more than one probe attempt per interval.
BIG IP Link
Acquires data captured through monitors managed by a Link Controller. Allows users to monitor services using their own programs.
link, node pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server
External
FTP
Verifies the File Transfer Protocol (FTP) service by attempting to download a specific file to the /var/tmp directory on the system. Once downloaded successfully, the file is not saved. Verifies the Internet Message Access Protocol (IMAP) by attempting to open a specified mail folder on a server. This monitor is similar to the POP3 monitor. Verifies the Lightweight Directory Access Protocol (LDAP) service by attempting to authenticate the specified user.
IMAP
LDAP
MSSQL
NNTP
Verifies the Usenet News protocol (NNTP) service by attempting to retrieve a newsgroup identification string from the server.
Oracle
POP3
Verifies the Post Office Protocol version 3 (POP3) service by attempting to connect to a pool, pool member, or virtual server, log on as the specified user, and log off.
11 - 3
Chapter 11
Monitor Category
Description Verifies the Remote Access Dial-in User Service (RADIUS) service by attempting to authenticate the specified user.
Possible Object Associations pool member, server, virtual server node, pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server node, pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server pool member, server, virtual server node, pool member, virtual server
Real Server
Checks the performance of a pool, pool member, or node that is running the RealServer data collection agent, and then dynamically load balances traffic accordingly.
Scripted
Generates a simple script that reads a file that you create. The file contains Send and Expect strings to specify lines that you want to send or that you expect to receive. Checks the status of Session Initiation Protocol (SIP) Call-ID services on a device. The SIP protocol enables real-time messaging, voice, data, and video. Checks the status of a pool, pool member, or virtual server by issuing standard Simple Mail Transport Protocol (SMTP) commands. Checks the current CPU, memory, and disk usage of a pool, pool member, or virtual server that is running an SNMP data collection agent, and then dynamically load balances traffic accordingly.
SIP
SMTP
SNMP Link
SOAP
Tests a web service based on the Simple Object Access Protocol (SOAP).
UDP
Verifies the User Datagram Protocol (UDP) service by attempting to send UDP packets to a pool, pool member, or virtual server and receiving a reply. Requests the URL specified in the Send setting, and finds the string specified in the Recv setting somewhere in the data returned by the URL response. Checks the performance of a pool, pool member, or virtual server that is running the Windows Management Infrastructure (WMI) data collection agent and then dynamically load balances traffic accordingly.
WAP
WMI
11 - 4
Configuring Monitors
values, or modify them to suit your needs. You can find details about the settings for each monitor type in Configuring monitor settings, on page 11-8.
11 - 5
Chapter 11
For procedures on selecting and configuring a monitor, see Creating a custom monitor, on page 11-7.
11 - 6
Configuring Monitors
11 - 7
Chapter 11
Simple monitors These are health monitors that monitor the status of a resource. Extended Content Verification (ECV) monitors These are health monitors that verify service status by retrieving specific content from pool members or virtual servers. External Application Verification (EAV) monitors These are health or performance monitors that verify service status by accessing remote applications, using an external service-checker program.
Simple monitors
Simple monitors are those that check the status of a resource. The simple monitor types are: Gateway ICMP TCP Half Open The Global Traffic Manager provides a set of pre-configured simple monitors: gateway_icmp and tcp_half_open. You can either use these pre-configured monitors as is, or create custom monitors of these types. The following sections describe each type of simple monitor and show the pre-configured monitor settings and their values.
Gateway ICMP
You can use a Gateway ICMP monitor for a virtual server, a server (that is, all of the virtual servers on a specified server), a pool member, a pool (that is, all of the pool members of a specified pool), or a link. This monitor uses the Internet Control Message Protocol (ICMP) to perform a simple resource check. The check is successful if the monitor receives a response to an ICMP_ECHO datagram.
11 - 8
Configuring Monitors
The following list shows the settings and their values for the pre-configured gateway_icmp monitor. Type: Gateway ICMP Import Settings: Gateway ICMP Interval: 30 seconds Timeout: 120 seconds Probe Interval: 1 second Probe Timeout: 5 seconds Probe Attempts: 3 Ignore Down Response: No Transparent: No Alias Address: * All Addresses Alias Service Port: * All Ports
11 - 9
Chapter 11
HTTP
You use an HTTP monitor to check the status of Hypertext Transfer Protocol (HTTP) traffic. Like a TCP monitor, an HTTP monitor attempts to receive specific content from a web page, and unlike a TCP monitor, may send a user name and password. The check is successful when the content matches the Receive String value. An HTTP monitor uses a send string, a receive string, a user name, a password, and optional Reverse and Transparent modes. (If there is no password security, you must use blank strings [""] for the Username and Password settings.) For more information on transparent and reverse modes, see Using transparent and reverse modes, on page 11-35. The following list shows the settings of the pre-configured monitor http: Import Settings: http Type: HTTP Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No Send String: Get / Receive String: (empty) User Name: (empty) Password: (empty) Reverse: No Transparent: No Alias Address: * All Addresses Alias Service Port: * All Ports
11 - 10
Configuring Monitors
HTTPS
You use an HTTPS monitor to check the status of Hypertext Transfer Protocol Secure (HTTPS) traffic. An HTTPS monitor attempts to receive specific content from a web page protected by SSL security. The check is successful when the content matches the Receive String value. HTTPS monitors use a send string, a receive string, a user name, a password, and an optional Reverse setting. (If there is no password security, you must use blank strings [""] for the Username and Password settings.) For more information on the Reverse setting, see Using transparent and reverse modes, on page 11-35. HTTP monitors also include the settings Cipher List, Compatibility, and Client Certificate. If you do not specify a cipher list, the monitor uses the default cipher list DEFAULT:+SHA:+3DES:+kEDH. When you set the Compatibility setting to Enabled, this sets the SSL options to ALL. You use the Client Certificate setting to specify a certificate file that the monitor then presents to the server. The following list shows the settings of the pre-configured monitor https: Type: HTTPS Import Settings: https Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No Send String: Get / Receive String: (empty) Cipher List: DEFAULT:+SHA:+#DES:+kEDH User Name: (empty) Password: (empty) Compatibility: Enabled Client Certificate: (empty) Client Key: (empty) Reverse: No Transparent: No Alias Address: * All Addresses Alias Service Port: * All Ports The Reverse setting is an option for monitors that import settings from the https monitor. In most monitor settings, the Global Traffic Manager considers the resource available when the monitor successfully probes it. However, in some cases you may want the resource to be considered unavailable after a successful monitor test. You accomplish this configuration with the Reverse setting. For more information on Reverse mode, see Using transparent and reverse modes, on page 11-35.
11 - 11
Chapter 11
TCP
The TCP monitor attempts to receive specific content sent over TCP. The check is successful when the content matches the Receive String value. A TCP monitor takes a Send String value and a Receive String value. If the Send String value is blank and a connection can be made, the service is considered up. A blank Receive String value matches any response. Both Transparent and Reverse modes are options. For more information about Transparent and Reverse modes, see Using transparent and reverse modes, on page 11-35. The following list shows the settings for the pre-configured monitor tcp. Type: TCP Import Settings: tcp Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No Send String: (empty) Receive String: (empty) Reverse: No Transparent: No Alias Address: * All Addresses Alias Service Port: * All Ports
11 - 12
Configuring Monitors
Real Server Scripted SIP SMTP SNMP SNMP Link SOAP UDP WAP WMI The Global Traffic Manager provides pre-configured monitors for several of these monitor types. In cases where a pre-configured monitor does not meet your needs or does not exist, you can create a custom monitor. For more information on custom monitors, see Creating a custom monitor, on page 11-7. The following sections describe each type of EAV monitor and show the pre-configured monitor settings and their values.
BIG-IP
When you use the Global Traffic Manager in a network that contains a Local Traffic Manager, you must assign a BIG-IP monitor to the Local Traffic Manager. This monitor is automatically assigned to the Local Traffic Manager if you do not manually assign it. The BIG-IP monitor gathers metrics and statistics information that the Local Traffic Manager acquires through the monitoring of its own resources. In general, it is sufficient to assign only the BIG-IP monitor to a Local Traffic Manager. In situations where you want to verify the availability of a specific resource managed by the Local Traffic Manager, F5 Networks recommends that you first assign the appropriate monitor to the resource through the Local Traffic Manager, and then assign a BIG-IP monitor to the Local Traffic Manager through the Global Traffic Manager. This configuration provides the most efficient means of tracking resources managed by a BIG-IP system. The following list shows the settings and default values of a BIG-IP monitor. Type: BIG-IP Import Settings: bigip Interval: 30 seconds Timeout: 90 seconds Probe Timeout: 1 second Ignore Down Response: No Note that F5 recommends that you leave this setting at the default value for the BIG-IP monitor.
Configuration Guide for BIG-IP Global Traffic ManagerTM 11 - 13
Chapter 11
Alias Address: * All Addresses Alias Service Port: * All Ports Aggregate Dynamic Ratios: None
Note
If the Global Traffic Manager and the Local Traffic Manager are on the same machine, you must still assign a BIG-IP monitor to the server that you added to your configuration that represents the Global Traffic Manager/Local Traffic Manager system. See Chapter 5, Defining the Physical Network, for more information.
BIG-IP Link
When you use the Global Traffic Manager in a network that contains a Link Controller, you must assign a BIG-IP Link monitor to the Link Controller. This monitor is automatically assigned to the Link Controller if you do not manually assign it. The BIG-IP Link monitor gathers metrics and statics information that the Link Controller acquires through the monitoring of its own resources. The following list shows the settings and default values of a BIG-IP Link monitor. Type: BIG-IP Link Import Settings: bigip_link Interval: 10 seconds Timeout: 30 seconds Probe Timeout: 1 second Ignore Down Response: No Note that F5 recommends that you leave this setting at the default value for BIG-IP Link monitor. Alias Address: * All Addresses
Note
If the Global Traffic Manager and the Link Controller systems are on the same machine, you must still assign a BIG-IP Link monitor to the server that represents these two systems. See Chapter 5, Defining the Physical Network, for more information.
External
You can use an External monitor to create your own monitor type. To do this, you create a custom External monitor and within it, specify a user-supplied monitor to run.
11 - 14
Configuring Monitors
The External Program setting specifies the name of your user-supplied monitor program. An External monitor searches the directory /config/monitors for that monitor name. The Arguments setting allows you to specify any command-line arguments that are required. The following list shows the settings and default values of an External monitor. Type: External Import Settings: external Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No External Program: (empty) Arguments: (empty) Variables: (empty) Alias Address: * All Addresses Alias Service Port: * All Ports
FirePass
You use a FirePass monitor to verify FirePass traffic. This monitor checks the health of FirePass systems. The following list shows the settings and default values of a FirePass type monitor. Type: FirePass Import Settings: firepass_gtm Interval: 30 seconds Timeout: 90 seconds Probe Timeout: 5 seconds Ignore Down Response: No Cipher List: HIGH:!ADH Max Load Average: 20 Concurrency Limit: 95 User Name: gtmuser Password: (empty) Alias Address: * All Addresses Alias Service Port: * All Ports
11 - 15
Chapter 11
FTP
You use an FTP monitor to verify File Transfer Protocol (FTP) traffic. A monitor of this type attempts to download a specified file to the /var/tmp directory, and if the file is retrieved, the check is successful. An FTP monitor specifies a user name, a password, and a full path to the file to be downloaded.
Note
Once an FTP file is successfully downloaded, the Global Traffic Manager does not save it. The following list shows the settings and default values of an FTP monitor. Type: FTP Import Settings: ftp Interval: 10 seconds Probe Timeout: 5 seconds Ignore Down Response: No User Name: (empty) Password: (empty) Path/Filename: (empty) Mode: Passive Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
IMAP
You use an IMAP monitor to check the status of Internet Message Access Protocol (IMAP) traffic. An IMAP monitor is essentially a POP3 monitor with the addition of the Folder setting. The check is successful if the monitor is able to log onto a server and open the specified mail folder. An IMAP monitor requires that you specify a user name and password. The following list shows the settings and default values of an IMAP monitor. Type: IMAP Import Settings: imap Interval: 10 seconds Timeout: 31 seconds Probe Timeout: 5 seconds Ignore Down Response: No User Name: (empty) Password: (empty) Folder: INBOX
11 - 16
Configuring Monitors
Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
Note
Servers checked by an IMAP monitor typically require special configuration to maintain a high level of security, while also allowing for monitor authentication.
LDAP
You use an LDAP monitor to check the status of Lightweight Directory Access Protocol (LDAP) servers. The LDAP protocol implements standard X.500 for email directory consolidation. A check is successful if entries are returned for the base and filter specified. An LDAP monitor requires a user name, a password, and base and filter strings. The following list shows the settings and default values of an LDAP monitor. Type: LDAP Import Settings: ldap Interval: 10 seconds Timeout: 31 seconds Probe Timeout: 5 seconds Ignore Down Response: No User Name: (empty) Password: (empty) Base: (empty) Filter: (empty) Security: None Mandatory Attributes: No Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No The User Name setting specifies a distinguished name, that is, an LDAP-format user name. The Base setting specifies the starting place in the LDAP hierarchy from which to begin the query. The Filter setting specifies an LDAP-format key of the search item. The Security setting specifies the security protocol to be used. Acceptable values are SSL, TLS, or None.
11 - 17
Chapter 11
MSSQL
You use an MSSQL monitor to perform service checks on Microsoft SQL Server-based services such as Microsoft SQL Server versions 6.5 and 7.0. The remainder of this section on MSSQL monitors describes prerequisite tasks, the default monitor settings, and troubleshooting tips.
Receive String The Receive String setting is an optional parameter that specifies the value expected to be returned for the row and column specified with the Receive Row and Receive Column settings. An example of a Receive String value is ALAN SMITH. You can only configure this setting when you configure the Send String setting.
11 - 18
Configuring Monitors
Receive Row The Receive Row setting is optional, and is useful only if the Receive String setting is specified. This setting specifies the row in the returned table that contains the Receive String value. You can only configure this setting when you configure the Send String setting. Receive Column The Receive Column setting is optional and is useful only if the Receive String setting is specified. This setting specifies the column in the returned table that contains the Receive String value. You can only configure this setting when you configure the Send String setting.
Verify that you can log on using another tool. For example, the server program Microsoft NT SQL Server version 6.5 includes a client program named ISQL/w. This client program performs simple logons to SQL servers. Use this program to test whether you can log on to the server using the ISQL/w program. Add logon accounts using the Microsoft SQL Enterprise Manager. On the Microsoft SQL Server, you can run the SQL Enterprise Manager to add logon accounts. When first logging on the SQL Enterprise Manager, you may be prompted for the SQL server that you want to manage. You can register servers by specifying the machine name, user name, and password. If these names are correct, the server is registered, and then you can click an icon for the server. When you expand the subtree for the server, there is an icon for logon accounts. Beneath this subtree, you can find the SQL logons. To change passwords or add new logons, right-click the Logins icon. Click this icon to access the Add login option. After you open this option, type the user name and password for the new logon, as well as which databases the logon is allowed to access. You must grant the test account access to the database you specify in the EAV configuration.
NNTP
You use an NNTP monitor to check the status of Usenet News traffic. The check is successful if the monitor retrieves a newsgroup identification line from the server. An NNTP monitor requires a newsgroup name (for example, alt.cars.mercedes) and, if necessary, a user name and password. The following list shows the settings and default values of an NNTP monitor. Type: NNTP Import Settings: nntp
11 - 19
Chapter 11
Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No User Name: (empty) Password: (empty) Newsgroup: (empty) Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
Oracle
You use an Oracle monitor to check the status of an Oracle database server. The check is successful if the monitor is able to connect to the server, log on as the indicated user, and log off. The following list shows the settings and default values of an Oracle monitor. Type: Oracle Import Settings: oracle Interval: 30 seconds Timeout: 91 seconds Probe Timeout: 5 seconds Ignore Down Response: No Send String: (empty) Receive String: (empty) User Name: (empty) Password: (empty) Database: (empty) Receive Row: (empty) Receive Column: (empty) Count: 0 Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No The Send String setting specifies a SQL statement that the Global Traffic Manager should send to the Oracle server. An example is SELECT * FROM sales.
11 - 20
Configuring Monitors
The Receive String setting is an optional parameter that specifies the value expected to be returned for a specific row and column of the table that the Send String setting retrieved. An example of a Receive String value is SMITH. In an Oracle monitor, the Database setting specifies the name of the data source on the Oracle server. Examples are sales and hr. The Receive Row setting is optional, and is useful only if the Receive String setting is specified. This setting specifies the row in the returned table that contains the Receive String value. The Receive Column setting is optional and is useful only if the Receive String setting is specified. This setting specifies the column in the returned table that contains the Receive String value.
POP3
You use a POP3 monitor to check the status of Post Office Protocol version 3 (POP3) traffic. The check is successful if the monitor is able to connect to the server, log on as the indicated user, and log off. A POP3 monitor requires a user name and password. The following list shows the settings and default values of a POP3 monitor. Type: POP3 Import Settings: pop3 Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No User Name: (empty) Password: (empty) Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
RADIUS
You use a RADIUS monitor to check the status of Remote Access Dial-in User Service (RADIUS) servers. The check is successful if the server authenticates the requesting user. A RADIUS monitor requires a user name, a password, and a shared secret string for the code number.
Note
Configure the servers to be checked by a RADIUS monitor to maintain a high level of security while also allowing for monitor authentication.
11 - 21
Chapter 11
The following list shows the settings and default values of a RADIUS monitor. Type: RADIUS Import Settings: radius Interval:10 seconds Timeout: 31 seconds Probe Timeout: 5 seconds Ignore Down Response: No User Name: (empty) Password: (empty) Secret: (empty) NAS IP Address: (empty) Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
Real Server
You use a Real Server monitor to check the performance of a pool or virtual server that is running the RealSystem Server data collection agent and dynamically load balances traffic accordingly. Performance monitors are generally used with dynamic ratio load balancing. For more information on performance monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.
Note
Unlike health monitors, performance monitors do not report on the status of a pool, pool member, or virtual server. The Global Traffic Manager provides a pre-configured Real Server monitor named real_server. The following list shows the settings and default values of the real_server monitor. Type: Real Server Import Settings: real_server Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No Method: GET Command: GetServerStats Metrics: ServerBandwidth: 1.5, CPUPercentUsage, MemoryUsage, TotalClientCount Agent: Mozilla/4.0 (compatible: MSIE 5.0, Windows NT)
11 - 22
Configuring Monitors
Like all pre-configured monitors, the real_server monitor is not user-modifiable. However, if you want to modify the Metrics setting, you can create a custom Real Server monitor, to which you can add metrics and modify metric values.
Note
When creating a custom Real Server monitor, you cannot modify the values of the Method, Command, and Agent settings. Table 11.2 shows the complete set of server-specific metrics and metric setting default values that apply to the command GetServerStats.
Metric ServerBandwidth (Kbps) CPUPercentUsage MemoryUsage (Kb) TotalClientCount RTSPClientCount HTTPClientCount PNAClientCount UDPTransportCount TCPTransportCount MulticastTransportCount Default Coefficient 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 Default Threshold 10,000 80 100,000 1,000 500 500 500 500 500 500
The metric coefficient is a factor determining how heavily the metrics value counts in the overall ratio weight calculation. The metric threshold is the highest value allowed for the metric if the metric is to have any weight at all. To understand how to use these values, it is necessary to understand how the overall ratio weight is calculated. The overall ratio weight is the sum of relative weights calculated for each metric. The relative weights, in turn, are based on three factors: The value for the metric returned by the monitor The coefficient value The threshold value Given these values, the relative weight is calculated as follows: w=((threshold-value)/threshold)*coefficient
11 - 23
Chapter 11
You can see that the higher the coefficient, the greater the relative weight calculated for the metric. Similarly, the higher the threshold, the greater the relative weight calculated for any metric value that is less than the threshold. (When the value reaches the threshold, the weight goes to zero.) Note that the default coefficient and default threshold values shown in Table 11.2 are metric defaults, not monitor defaults. The monitor defaults take precedence over the metric defaults, just as user-specified values in the custom real_server monitor take precedence over the monitor defaults. For example, the monitor shown specifies a coefficient value of 1.5 for ServerBandwidth and no value for the other metrics. This means that the monitor uses the monitor default of 1.5 for the ServerBandwidth coefficient and the metric default of 1 for the coefficients of all other metrics. However, if a custom monitor my_real_server were configured specifying 2.0 as the ServerBandwidth coefficient, this user-specified value overrides the monitor default. Metric coefficient and threshold are the only non-monitor defaults. If a metric not in the monitor is to be added to the custom monitor, it must be added to the list of metrics for the Metrics setting. The syntax for specifying non-default coefficient or threshold values is:
<metric>:<coefficient |<*>:<threshold>
Scripted
You use the Scripted monitor to generate a simple script that reads a file that you create. The file contains send and expect strings to specify lines that you want to send or that you expect to receive. For example, Figure 11.1 shows a sample file that specifies a simple SMTP sequence. Note that the system always reads the lines of the file in the specified sequence.
expect 220 send HELLO bigip1.siterequest.com\r\n expect 250 send quit\r\n
Figure 11.1 A sample file specifying an SMTP sequence Using a Scripted monitor, you can generate a script that acts on the above file. When the Scripted monitor script reads this file, the script examines each line, and if the line has no quotation marks, the line is sent or expected as is. If the line is surrounded by quotation marks, the script strips off the quotation marks, and examines the line for escape characters, treating them accordingly. The following list shows the settings and default values of a Scripted monitor. Type: Scripted Import Settings: scripted Interval: 10 seconds Timeout: 31 seconds
11 - 24
Configuring Monitors
Probe Timeout: 5 seconds Ignore Down Response: No File name: (empty) Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
Note
When you create a file containing send and expect strings, store the file in the directory /config/eav.
SIP
You use a SIP monitor to check the status of SIP Call-ID services. This monitor type uses UDP to issue a request to a server device. The request is designed to identify the options that the server device supports. If the proper request is returned, the device is considered to be up and responding to commands. The following list shows the settings and default values of a SIP monitor. Type: SIP Import Settings: sip Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No Mode: UDP Additional Accepted Status Codes: None Additional Rejected Status Codes: Status Code List... Rejected Status Code List: (empty) Header List: (empty) SIP Request: (empty) Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No Possible values for the Mode setting are TCP and UDP. Possible values for the Additional Accepted Status Codes setting are Any, None, and Status Code List. The Status Code List setting specifies one or more status codes, in addition to status code 200, that are acceptable in order to indicate an up status. Multiple status codes should be separated by spaces. Specifying an asterisk (*) indicates that all status codes are acceptable.
11 - 25
Chapter 11
SMTP
You use an SMTP monitor to check the status of Simple Mail Transport Protocol (SMTP) servers. This monitor is a basic monitor that checks only that the server is up and responding to commands. The check is successful if the mail server responds to the standard SMTP HELO and QUIT commands. An SMTP monitor requires a domain name. The following list shows the settings and default values of an SMTP monitor. Type: SMTP Import Settings: smtp Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No Domain: (empty) Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
SNMP
You use an SNMP monitor to check the performance of a server running an SNMP agent such as UC Davis, for the purpose of load balancing traffic to that server. This monitor conducts an SNMP query for a specific number of times, counting the number of times the query is successful. If the number of successful queries matches the number that you set when configuring the monitor, the Global Traffic Manager considers the resource available. Performance monitors are generally used with dynamic ratio load balancing. For more information on performance monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager. Unlike health monitors, performance monitors do not report on the status of a pool, pool member, or virtual server; they report on the status of the server itself. The exception to this is when you assign the monitor to a Cisco, Alteon, Extreme, or Radware server. In those situations, the monitor can obtain availability information on the virtual servers associated with that server. On Foundry servers, you can only obtain the administrative status of the virtual server. The Global Traffic Manager provides a pre-configured SNMP monitor named snmp_gtm. The following list shows the settings and values of the snmp_gtm pre-configured monitor. Type: SNMP Import Settings: snmp_gtm Interval: 90 seconds Timeout: 180 seconds Probe Interval: 1 second
11 - 26
Configuring Monitors
Probe Timeout: 1 second Probe Attempts: 1 Ignore Down Response: No Community: public Version: v1 Port: 161 Alias Address: * All Addresses Alias Service Port: * All Ports Pre-configured monitors are not user-modifiable. Thus, if you want to change the values for the SNMP monitor settings, you must create an SNMP custom monitor. Possible values for the Version setting are v1, v2c, and Other.
11 - 27
Chapter 11
SNMP Link
You use an SNMP Link monitor to check the performance of links that are running an SNMP agent. The Global Traffic Manager provides a pre-configured SNMP monitor named snmp_link. The following list shows the settings and values of the snmp_link pre-configured monitor. Type: SNMP Link Import Settings: snmp_link Interval: 10 seconds Timeout: 30 seconds Probe Interval: 1 second Probe Timeout: 5 seconds Probe Attempts: 3 Ignore Down Response: No Community: public Version: v1 Port: 161 Alias Address: * All Addresses Unlike health monitors, performance monitors do not report on the status of pool, pool member, or virtual server. Performance monitors are generally used with dynamic ratio load balancing. For more information on performance monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager. Pre-configured monitors are not user-modifiable. Thus, if you want to change the values for the SNMP Link monitor settings, you must create an SNMP Link custom monitor.
SOAP
You use a SOAP monitor to test a web service based on the Simple Object Access protocol (SOAP). More specifically, the monitor submits a request to a SOAP-based web service, and optionally, verifies a return value or fault. The following list shows the settings and default values of a SOAP monitor. Type: SOAP Import Settings: soap Interval: 30 seconds Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No User Name: (empty) Password: (empty)
11 - 28
Configuring Monitors
Protocol: HTTP Possible values are HTTP and HTTPS. URL Path: (empty) Namespace: (empty) Method: (empty) Parameter Name: (empty) Parameter Type: bool Possible values are: bool, int, long, and string. Parameter Value: (empty) Return Type: bool Possible values are: bool, int, short, long, float, double, and string. Return Value: (empty) Expect Fault: No Possible values are No and Yes. Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
UDP
You use a UDP monitor to check the status of User Datagram Protocol (UDP) packets. A UDP monitor sends one or more UDP packets to a target pool, pool member, or virtual server. The following list shows the settings and default values of a UDP monitor. Type: UDP Import Settings: udp Interval: 30 seconds Timeout: 120 seconds Probe Interval: 1 second Probe Timeout: 5 seconds Probe Attempts: 3 Ignore Down Response: No Send String: default send string Transparent: No Send Packets: 2 Timeout Packets: 2 Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No
11 - 29
Chapter 11
Important
The value in seconds of the Timeout Packets setting must be lower than the value of the Interval setting. When using a UDP monitor to check a pool or virtual server, you must also enable another monitor type, such as HTTP, to monitor the pool or virtual server. Until both a UDP monitor and another type of monitor report the status of the UDP service as up, the UDP service receives no traffic. See Table 11.3 for details.
If a UDP monitor reports status as up up down down And another monitor reports status as up down up down Then the UDP service is up down down down
WAP
You use a WAP monitor to check Wireless Application Protocol (WAP) servers. The WAP monitor requests a URL (the Send String setting), finds the string in the Receive String setting in the data returned by the URL response. The following list shows the settings and default values of a WAP monitor. Type: WAP Import Settings: wap Interval: 10 seconds Timeout: 31 seconds Probe Timeout: 5 seconds Ignore Down Response: No Send String: (empty) Receive String: (empty) Secret: (empty) Accounting Node: (empty) Accounting Port: (empty) Server ID: (empty) Call ID: (empty) Session ID: (empty) Framed Address: (empty)
11 - 30
Configuring Monitors
Alias Address: * All Addresses Alias Service Port: * All Ports Debug: No The Secret setting is the RADIUS secret, a string known to both the client and the RADIUS server, and is used in computing the MD5 hash. The Accounting Node setting specifies the RADIUS resource. If this a null string and RADIUS accounting has been requested (accounting port is non-zero), then the WAP server resource is assumed to also be the RADIUS resource. If set to non-zero, the Accounting Port setting requests RADIUS accounting and uses the specified port. The Server ID setting specifies the RADIUS NAS-ID of the requesting server (that is, the BIG-IP system). It is a string used as an alias for the FQDN. See the section on testing WAP_monitor just below. The Call ID setting is an identifier similar to a telephone number, that is, a string of numeric characters. For testing purposes, this value is usually a string of eleven characters. The Session ID setting is a RADIUS session ID, used to identify this session. This is an arbitrary numeric character string, often something like 01234567. The Framed Address setting is a RADIUS framed IP address. The setting has no special use and is usually specified simply as 1.1.1.1. RADIUS accounting is optional. To implement RADIUS accounting, you must set the accounting port to a non-zero value. If you set the Accounting Port setting to a non-zero value, then the monitor assumes that RADIUS accounting is needed, and an accounting request is sent to the specified accounting node and port to start accounting. This is done before the URL is requested. After the successful retrieval of the URL with the correct data, an accounting request is sent to stop accounting.
WMI
You use a WMI monitor to check the performance of a pool or virtual server that is running the Windows Management Infrastructure (WMI) data collection agent and then dynamically load balances traffic accordingly. Unlike health monitors, performance monitors do not report on the status of a pool, pool member, or virtual server. You generally use performance monitors such as a WMI monitor with dynamic ratio load balancing. For more information on performance monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager. The following list shows the settings and default values of a WMI monitor. Type: WMI Import Settings: wmi Interval: 30 seconds
Configuration Guide for BIG-IP Global Traffic ManagerTM
11 - 31
Chapter 11
Timeout: 120 seconds Probe Timeout: 5 seconds Ignore Down Response: No User Name: (empty) Password: (empty) Method: POST URL: /scripts/F5lsapi.dll Command: GetCPUInfo, GetDiskInfo, GetOSInfo Metrics: LoadPercentage, DiskUsage, PhsyicalMemoryUsage Agent: Mozilla/4.0 (compatible: MSIE 5.0; Windows NT) Post: RespFormat=HTML Note that when creating a custom WMI monitor, the only default values that you are required to change are the null values for user name and password. Also note that you cannot change the value of the Method setting. Table 11.4 shows the complete set of commands and metrics that you can specify with the Command and Metrics settings. Also shown are the default metric values.
Default Coefficient 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 Default Threshold 80 80 80 100 90 10,000 500 500 500 500 500 500 500
GetDiskInfo GetPerfCounters
DiskUsage (%) TotalKBytesPerSec ConnectionAttemptsPerSec CurrentConnections GETRequestsPerSec PUTRequestsPerSec POSTRequestsPerSec AnonymousUsersPerSec CurrentAnonymousUsers
11 - 32
Configuring Monitors
Command
Default Threshold 500 500 500 500 500 500 10,000 Kbps 10,000 Kbps 1000 1000 1000 1000 10,000 Kbps 1000 100 1000 100 500 500 1000 500 500 100 100
GetWinMediaInfo
AggregateReadRate
AggregateSendRate
1.0
AuthenticationRequests AuthenticationsDenied AuthorizationRequests AuthorizationsRefused ConnectedClients ConnectionRate HTTPStreams HTTPStreamsReadingHeader HTTPStreamsStreamingBody LateReads PendingConnections
1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0
11 - 33
Chapter 11
Command
11 - 34
Configuring Monitors
Setting destinations
By default, the value for the Alias Address setting for most monitors is set to the wildcard * Addresses, and the Alias Service Port setting is set to the wildcard * Ports (exceptions to this rule are the WMI and Real Server monitors). This value causes the monitor instance created for a pool or virtual server to take that resources address or address and port as its destination. You can, however, replace either or both wildcard symbols with an explicit destination value, by creating a custom monitor. An explicit value for the Alias Address and/or Alias Service Port setting is used to force the instance destination to a specific address and/or port which may not be that of the pool or virtual server. The ECV monitors http, https, and tcp have the settings Send String and Receive String for the send string and receive expression, respectively. The most common Send String value is GET /, which retrieves a default HTML page for a web site. To retrieve a specific page from a web site, you can enter a Send String value that is a fully qualified path name:
"GET /www/support/customer_info_form.html"
The Receive String expression is the text string the monitor looks for in the returned resource. The most common Receive String expressions contain a text string that is included in a particular HTML page on your site. The text string can be regular text, HTML tags, or image names. The sample Receive expression below searches for a standard HTML tag:
"<HEAD>"
You can also use the default null Receive String value [""]. In this case, any content retrieved is considered a match. If both the Send String and Receive String are left empty, only a simple connection check is performed. For HTTP monitors, you can use the special settings get or hurl in place of Send String and Receive String statements, respectively.
11 - 35
Chapter 11
Transparent setting Sometimes it is necessary to ping the aliased destination through a transparent pool or virtual server. When you create a custom monitor and set the Transparent setting to Yes, the Global Traffic Manager forces the monitor to ping through the pool or virtual server with which it is associated (usually a firewall) to the pool or virtual server. (In other words, if there are two firewalls in a load balancing pool, the destination pool or virtual server is always pinged through the pool or virtual server specified and not through the pool or virtual server selected by the load balancing method.) In this way, the transparent pool or virtual server is tested: if there is no response, the transparent pool or virtual server is marked as down. Common examples are checking a router, or checking a mail or FTP server through a firewall. For example, you might want to check the router address 10.10.10.53:80 through a transparent firewall 10.10.10.101:80. To do this, you create a monitor called http_trans in which you specify 10.10.10.53:80 as the monitor destination address, and set the Transparent setting to Yes. Then you associate the monitor http_trans with the transparent firewall (10.10.10.101:80). This causes the monitor to check the address 10.10.10 53:80 through 10.10.10.101:80. (In other words, the Global Traffic Manager routes the check of 10.10.10.53:80 through 10.10.10.101:80.) If the correct response is not received from 10.10.10.53:80, then 10.10.10.101:80 is marked down. For more information on associating monitors with virtual servers, see Associating monitors with resources, on page 11-38.
Reverse setting In most monitor settings, the Global Traffic Manager considers the resource available when the monitor successfully probes it. However, in some cases you may want the resource to be considered unavailable after a successful monitor test. You accomplish this configuration with the Reverse setting. With the Reverse setting set to Yes, the monitor marks the pool or virtual server down when the test is successful. For example, if the content on your web site home page is dynamic and changes frequently, you may want to set up a reverse ECV service check that looks for the string: Error. A match for this string means that the web server was down.
Table 11.5 shows the monitors that contain the Transparent setting, the Reverse setting, or both.
Monitor Type Gateway ICMP TCP HTTP HTTPS Transparent Transparent Transparent Transparent Setting N/A Reverse Reverse Reverse
Configuring Monitors
Monitor Type TCP TCP Half Open UDP Transparent Transparent Transparent
For information about the command syntax you use to change this variable, see the gtm settings component in the Traffic Management Shell (tmsh) Reference Guide.
11 - 37
Chapter 11
Monitor-to-pool association Links a monitor with an entire load balancing pool. In this case, the monitor checks all members of the pool. For example, you can create an instance of the monitor http for the pool my_pool, thus ensuring that all members of that pool are checked.
11 - 38
Configuring Monitors
Monitor-to-pool member association Links a monitor with a pool member within a given pool. For example, you can create an instance of the monitor FTP for specific pools within the pool my_pool, ensuring that only specific pool members are verified as available through the FTP monitor. Monitor-to-virtual server association Links a monitor with a specific virtual server. In this case, the monitor checks only the virtual server itself, and not any services running on that virtual server. For example, you can create an instance of the monitor http for virtual server 10.10.10.10. In this case, the monitor checks the specific virtual server only, and not any services running on that virtual server.
11 - 39
Chapter 11
Managing monitors
The procedures for adding and removing monitors are specific to the resource. See Chapter 5, Defining the Physical Network, and Chapter 6, Defining the Logical Network, for information on adding and removing monitors from a resource. In addition to adding and removing monitors from network resources, you can interact with monitors in the following ways: Displaying monitor settings Deleting monitors Enabling and disabling monitor instances
Deleting monitors
In the event that your configuration of the Global Traffic Manager no longer requires a specific monitor, you can delete the monitor. You cannot delete a monitor that has one or more instances assigned to resources on your network. See Chapter 5, Defining the Physical Network, and Chapter 6, Defining the Logical Network, for information on adding and removing monitors from a resource.
To delete a monitor
1. On the Main tab of the navigation pane, expand Global Traffic and click Monitors. The main monitors screen opens. 2. Check the Select box for the monitor that you want to delete. 3. Click the Delete button. A confirmation message opens. 4. Click the Delete button to delete the monitor.
11 - 40
Configuring Monitors
11 - 41
Chapter 11
11 - 42
12
Viewing Statistics
Introducing statistics Accessing statistics Viewing the Status Summary screen Understanding the types of statistics Understanding persistence records
Viewing Statistics
Introducing statistics
One of the most important aspects of managing a network is timely access to accurate information on network performance. This information can verify that the Global Traffic Manager is handling your name resolution requests as efficiently as possible, as well as provide data on the overall performance of a specific resource, such as a data center or distributed application. The Global Traffic Manager gathers statistical data on multiple aspects of your network. You access these statistics through the statistics screen. The types of statistics you can select from this screen include: A summary of network components, as defined in the Global Traffic Manager Distributed applications Wide IPs Pools Data centers Links Servers Virtual servers iRules Paths Local DNS The Global Traffic Manager also contains persistence records. A persistence record provides information on network load balancing when the persistence option is enabled for a given pool or virtual server. This option ensures that the system sends name resolution from the same source within a given session to the same resource on your network. The Global Traffic Manager gathers statistics through a software component called the big3d agent. This agent probes the various monitors that you assign to your network components, and returns statistics based on those monitors. The gtmd utility manages those monitors, determining when to probe and when to time out the probe attempts. Statistics are often paired with metrics collection; however, the two have different roles. Statistics pertain to a broad set of data that focuses on how often a given set of resources are used and how well those resources are performing. Metrics collection, on the other hand, focuses specifically on data that relates to overall communication between the Global Traffic Manager and an LDNS. Unlike statistics, metrics collection is designed to provide performance data, as opposed to usage or historical data. See Chapter 13, Collecting Metrics, for more information on metrics.
12 - 1
Chapter 12
Accessing statistics
You can access Global Traffic Manager statistics in two ways: Through the Statistics option on the Main tab of the navigation pane Through the Statistics menu from various main screens for different components Both methods take you to the same screen within the Global Traffic Manager. When you access statistics through a menu on the main screen for a given network component, the Statistics screen is pre-configured for the given network element, although you can switch to a different set of statistics at any time. Additionally, you can use the search feature to locate a specific component or group of components. The default search value is an asterisk (*), which instructs the system to display all relevant components in a list. You can type a string in the box, and when you click the Search button, the system modifies the list to show only those components that match the string. For more information about how the search feature works, see Locating a component using the search feature, on page 2-6.
Tip
You can also access statistics from the command line using the tmsh command show. For more information about viewing statistics using tmsh, see the Traffic Management Shell (tmsh) Reference Guide.
12 - 2
Viewing Statistics
Object Type The Object Type column describes the specific resource type. These types are: distributed application, wide IPs, pools, data centers, links, and servers. Total The Total column describes the total number of resources of the type corresponding to the Object Type column, regardless of whether the resource is available. Available The Available column describes the total number of resources of the type corresponding to the Object Type column that the Global Traffic Manager can verify as available. Unavailable The Unavailable column describes the total number of resources of the type corresponding to the Object Type column that the Global Traffic Manager can verify as unavailable.
12 - 3
Chapter 12
Offline The Offline column describes the total number of resources of the type corresponding to the Object Type column that the Global Traffic Manager can verify as offline. Unknown The Available column describes the total number of resources of the type corresponding to the Object Type column that the Global Traffic Manager can verify as available.
Each value within the Total, Available, Unavailable, Offline, and Unknown columns is a link. When you click the link, you access the main screen for that resource, with the list of resources filtered to show only those resources with the corresponding status. For example, if the Available column for data centers has a value of 5, clicking the 5 brings up a filtered main screen for data centers that shows only the five data centers that are available.
Distributed applications The statistics for distributed applications provide you with information on what distributed applications exist, what wide IPs make up that application, and how the Global Traffic Manager has load balanced traffic to the application. Wide IPs The statistics for wide IPs provide you with information on what wide IPs exist and how the Global Traffic Manager has load balanced traffic to the wide IP. Pools The statistics for pools provide details on how the Global Traffic Manager has load balanced traffic to each pool. Data centers The statistics for data centers revolve around the amount of traffic flowing to and from each data center. Links The statistics for links focus on how much traffic is flowing in and out through a specific link to the Internet. Servers The statistics for servers display the amount of traffic flowing to and from each server. Virtual servers The statistics for virtual servers provide information on the amount of traffic flowing to and from each virtual server.
12 - 4
Viewing Statistics
Paths The statistics for paths provide information on how quickly traffic moves between an LDNS and a resource for which the Global Traffic Manager is responsible. Local DNS The Local DNS statistics provide location details related to the different local DNS servers that communicate with the Global Traffic Manager.
Status The Status column indicates the current status of the wide IP. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle. Distributed Application The Distributed Application column displays the name of an application for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the distributed application opens. Members The Members column provides a link that opens a wide IP details screen for the distributed application. This screen displays load balancing
12 - 5
Chapter 12
statistics for each pool within the distributed application. You can return to the main distributed application statistics screen by clicking the Back button in the Display Options area of the screen.
Requests The Requests column displays the cumulative number of Domain Name System (DNS) requests sent to the distributed application. Load Balancing The Load Balancing column provides information on how the Global Traffic Manager load balanced connection requests to this resource. This column consists of four subcolumns: The Preferred subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the preferred load balancing method. The Alternate subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the alternate load balancing method. The Fallback subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the Fallback load balancing method. The Returned to DNS subcolumn displays the cumulative number of requests that the Global Traffic Manager did not resolve and returned to the DNS.
Wide IP statistics
The Global Traffic Manager captures several statistics related to the performance of a wide IP. These statistics primarily focus on how many resolution requests have been sent for the wide IP, and how the Global Traffic Manager has load balanced these requests. You can access the wide IP statistics by selecting Wide IPs from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 12-2. As an example of wide IP statistics, consider the fictional company SiteRequest. The IT department at SiteRequest has a wide IP, www.siterequest.com, which uses the Global Availability load balancing mode. This mode sends all name resolution requests for this wide IP to a specific pool until that pool is unavailable. Because the wide IP, www.siterequest.com, is critical to SiteRequests operations, the IT department wants to track traffic to the wide IP and ensure that the primary pool is not at risk of getting overloaded. The wide IP statistics provide the IT department the information they need to see how many requests are being sent for the wide IP, allowing them to plan additional resource allocations more effectively.
12 - 6
Viewing Statistics
The wide IP statistics screen consists of a Wide IP Statistics table. This table contains the following information:
Status The Status column indicates the current status of the wide IP. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle. Wide IP The Wide IP column displays the name of a wide IP for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the wide IP opens. Pools The Pools column provides a link that opens a pool details screen for the wide IP. This screen displays load balancing statistics for each pool within the wide IP. You can return to the main wide IP statistics screen by clicking the Back button in the Display Options area of the screen. Requests The Requests column displays the cumulative number of DNS requests sent to the wide IP. Requests Persisted The Requests Persisted column displays the cumulative number of requests that persisted. Persisted requests use the same pool during a connection session. Load Balancing The Load Balancing column provides information on how the Global Traffic Manager load balanced connection requests to this resource. This column consists of four subcolumns: The Preferred subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the preferred load balancing method. The Alternate subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the alternate load balancing method. The Fallback subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the Fallback load balancing method. The Returned to DNS subcolumn displays the cumulative number of requests that the Global Traffic Manager did not resolve and returned to the DNS.
12 - 7
Chapter 12
Pool statistics
The pool statistics available through the Global Traffic Manager focus on how the Global Traffic Manager has load balanced name resolution requests. You can access the pool statistics by selecting Pools from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 12-2. As an example of pool statistics, consider the fictional company SiteRequest. The IT department at SiteRequest has a wide IP, www.siterequest.com, which contains pools that use the dynamic load balancing mode, Quality of Service. This mode acquires statistical data on response times between the Global Traffic Manager and an LDNS sending a name resolution request. There has been some concern of late as to how well this new load balancing mode is working and if the Global Traffic Manager is able to gather the statistical information it needs to load balance with this mode, or if it has to resort to an alternate or fallback method. By using the pool statistics screen, the IT department can track how many name resolution requests are load balanced using the preferred Quality of Service method, and how many are load balanced using another method. The pool statistics screen consists of a Pool Statistics table. This table contains the following information:
Status The Status column indicates the current status of the pool. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle. Pool The Pool column displays the name of a wide IP for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the pool opens. Members The Members column provides a link that opens a virtual server details screen for the pool. This screen displays connection statistics for each virtual server within the pool, including the number of times the virtual server was selected for a name resolution request and the amount of traffic flowing from and to the virtual server. You can return to the main wide IP statistics screen by clicking the Back button in the Display Options area of the screen. Load Balancing The Load Balancing column provides information on how the Global Traffic Manager load balanced connection requests to this resource. This column consists of four subcolumns: The Preferred subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the preferred load balancing method. The Alternate subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the alternate load balancing method.
12 - 8
Viewing Statistics
The Fallback subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the Fallback load balancing method. The Returned to DNS subcolumn displays the cumulative number of requests that the Global Traffic Manager did not resolve and returned to the DNS.
Status The Status column indicates the current status of the data center. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle. Data Center The Data Center column displays the name of a data center. Each name appears as a link. When you click the link, the properties screen for the data center opens. Servers The Servers column provides a link that opens a server details screen for the data center. This screen displays connection statistics for each server at a data center, including the number of times the server was selected for a name resolution request and the amount of traffic flowing from and to the server. You can return to the main data center statistics screen by clicking the Back button in the Display Options area of the screen. Connections The Connections column displays the cumulative number of requests that the Global Traffic Manager resolved using a resource from the corresponding data center.
12 - 9
Chapter 12
Throughput (bits/sec) The Throughput (bits/sec) column contains two subcolumns: The In column displays the cumulative number of bits per second sent to the data center. The Out column displays the cumulative number of bits per second sent from the data center.
Throughput (packets/sec) The Throughput (packets/sec) column contains two subcolumns: The In column displays the cumulative number of packets per second sent to the data center. The Out column displays the cumulative number of packets per second sent from the data center.
Link statistics
Link statistics focus on how much traffic is flowing in and out through a specific link to the Internet. This information can help you prevent a link from getting over-used, saving your organization from higher bandwidth costs. You can access the link statistics by selecting Links from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 12-2. As an example of how the statistics for data centers can help you manage your network resources, consider the fictional company SiteRequest. SiteRequest has two links with two different Internet Service Providers (ISPs). The primary ISP is paid in advance for a specific amount of bandwidth usage. This allows SiteRequest to save money, but if the bandwidth exceeds the prepaid amount, the costs increase considerably. As a result, the IT department uses a second ISP, which has a slower connection but considerably lower costs. By using the links statistics, the IT department can ensure that links to the Internet are used as efficiently as possible. The link statistics screen consists of a Link Statistics table. This table contains the following information:
Status The Status column indicates the current status of the link. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle. Link The Link column displays the name of a link for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the link opens. Throughput (bits/sec) The Throughput (bits/sec) column contains four subcolumns: The In column displays the cumulative number of bits per second sent to the data center.
12 - 10
Viewing Statistics
The Out column displays the cumulative number of bits per second sent from the data center. The Total column displays the cumulative number of both incoming and outgoing bits per second for the link. The Over Prepaid column displays the amount of traffic, in bits per second, that has exceeded the prepaid traffic allotment for the link. In addition to viewing the link data as a table, you can also view it in a graph format. To use this format, click the Graph button. A graph screen opens, which shows the amount of traffic used over time. You can change the amount of time shown in the graph by selecting a value from the Graph Interval list, located in the Display Options area of the screen.
Server statistics
With server statistics, you can analyze the amount of traffic flowing to and from each server. This information can tell you if your resources are distributed appropriately for your network. You can access the server statistics by selecting Servers from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 12-2. As an example of how the statistics for servers can help you manage your network resources, consider the fictional company SiteRequest. The IT department at SiteRequest is considering whether it needs a few more servers to better manage name resolution requests; however, there is some debate as to whether the servers should be consolidated at the New York data center (which the New York team prefers) or spread out over all of the data centers. It is also possible that an under-utilized server at one data center might be moved to another data center. By using the server statistics, the IT department can look at how much traffic is handled by each server, giving them the information they need to decide where these new servers, if any, should go. The server statistics screen consists of a Server Statistics table. This table contains the following information:
Status The Status column indicates the current status of the server. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle. Server The Server column displays the name of a server for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the server opens. Virtual Servers The Virtual Servers column provides a link that opens a virtual server details screen for the server. This screen displays connection statistics for each virtual server at a data center, including the number of times the
12 - 11
Chapter 12
virtual server was selected for a name resolution request and the amount of traffic flowing from and to the server. You can return to the main data center statistics screen by clicking the Back button in the Display Options area of the screen.
Picks The Picks column displays the cumulative number of times the Global Traffic Manager picked a server to handle a name resolution request. Connections The Connections column displays the cumulative number of requests that the Global Traffic Manager resolved using a resource from the corresponding data center. Throughput (bits/sec) The Throughput (bits/sec) column contains two subcolumns: The In column displays the cumulative number of bits per second sent to the server. The Out column displays the cumulative number of bits per second sent from the server.
Throughput (packets/sec) The Throughput (packets/sec) column contains two subcolumns: The In column displays the cumulative number of packets per second sent to the server. The Out column displays the cumulative number of packets per second sent from the server.
12 - 12
Viewing Statistics
Status The Status column indicates the current status of the server. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle. Virtual Server The Virtual Server column displays the name of a virtual server for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the virtual server opens. Server The Servers column provides a link that opens a server details screen for the data center. This screen displays connection statistics for each server at a data center, including the number of times the server was selected for a name resolution request and the amount of traffic flowing from and to the server. You can return to the main data center statistics screen by clicking the Back button in the Display Options area of the screen. Picks The Picks column displays the cumulative number of times the Global Traffic Manager picked a server to handle a name resolution request. Connections The Connections column displays the cumulative number of requests that the Global Traffic Manager resolved using a resource from the corresponding data center. Throughput (bits/sec) The Throughput (bits/sec) column contains two subcolumns: The In column displays the cumulative number of bits per second sent to the server. The Out column displays the cumulative number of bits per second sent from the server.
Throughput (packets/sec) The Throughput (packets/sec) column contains two subcolumns: The In column displays the cumulative number of packets per second sent to the server. The Out column displays the cumulative number of packets per second sent from the server.
Paths statistics
The paths statistics captured by the Global Traffic Manager provide information on how quickly traffic moves between an LDNS and a resource for which the Global Traffic Manager is responsible. Information presented in the paths statistics screen includes details on round trip times (RTT),
12 - 13
Chapter 12
hops, and completion rates. You can access the paths statistics by selecting Paths from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 12-2. Paths statistics are primarily used when you employ a dynamic load balancing mode for a given wide IP or pool. You can use the information in the Paths statistics to get an overall sense of how responsive your wide IPs are in relation to the local DNS servers that have been sending name resolution requests to a wide IP. The paths statistics screen consists of a paths statistics table. This table contains the following information:
Local DNS Address The Local DNS Address column displays the IP address of each LDNS that has sent a name resolution request for a wide IP for which the Global Traffic Manager is responsible. Link The Link column displays the ISP link that the Global Traffic Manager used to send and receive data from the LDNS. Round Trip Time (RTT) The Round Trip Time (RTT) column contains two subcolumns: The Current subcolumn displays the current round trip time between the LDNS and the Global Traffic Manager. The Average subcolumn displays the average round trip time between the LDNS and the Global Traffic Manager.
Hops The Hops column contains two subcolumns: The Current subcolumn displays the current number of hops between the LDNS and the Global Traffic Manager. The Average subcolumn displays the average number of hops between the LDNS and the Global Traffic Manager.
Completion Rate The Completion Rate column contains two subcolumns: The Current subcolumn displays the current completion rate of transactions between the LDNS and the Global Traffic Manager. The Average subcolumn displays the average completion rate of transactions between the LDNS and the Global Traffic Manager.
Last Probe Time The Last Probe Time column displays the last time the Global Traffic Manager probed the LDNS for metrics data.
12 - 14
Viewing Statistics
IP Address The IP Address column displays the IP address of each LDNS that has sent a name resolution request for a wide IP for which the Global Traffic Manager is responsible. Requests The Requests column displays the number of times this LDNS has made a name resolution request that the Global Traffic Manager handled. Last Accessed The Last Accessed column displays the last time the LDNS attempted a connection to the Global Traffic Manager. Location The Location column contains four subcolumns: The Continent subcolumn displays the continent on which the LDNS resides. The Country subcolumn displays the country in which the LDNS is located. The State subcolumn displays the state in which the LDNS is located. The City subcolumn displays the city in which the LDNS is located.
12 - 15
Chapter 12
Local DNS Address The LDNS Address column displays the IP address of each LDNS that has sent a name resolution request for a wide IP for which the Global Traffic Manager is responsible. Level The Level column displays the level at which the persistent connection is based. Available types are wide IPs and distributed applications. Destination The Destination column displays the wide IP or distributed application to which the name resolution request was directed. Target Type The Target Type column displays the type of resource on which persistence is based. Examples of target types include data centers, servers, pools, and virtual servers. Target Name The Target Name column displays the name of the resource on which persistence is based. Expires The Expires column displays the time at which the persistence for the given LDNS request expires.
12 - 16
13
Collecting Metrics
Introducing metrics collection Defining metrics Assigning probes to local domain name systems Configuring TTL and timer values Excluding an LDNS from probes
Collecting Metrics
13 - 1
Chapter 13
Defining metrics
When you decide to use the Global Traffic Manager to collect metrics on the local DNS servers that attempt to access your network resources, you can define the following characteristics: Types of metrics collected (either hops, paths, both, or disabled) Time-to-live (TTL) values for each metric Frequency at which the system updates the data Size of a packet sent (relevant for hop metrics only) Length of time that can pass before the system times out the collection attempt Number of packets sent for each collection attempt While each of these settings is important, the ones that perhaps require the most planning beforehand are the TTL values. In general, the lower the TTL value, the more often the Global Traffic Manager probes an LDNS. This improves the accuracy of the data, but increases bandwidth usage. Conversely, increasing the TTL value for a metric lowers the bandwidth your network uses, but increases the chance that the Global Traffic Manager is basing its load balancing operations off of stale data An additional consideration is the number of local DNS servers that the Global Traffic Manager queries. The more local DNS servers that the system queries, the more bandwidth is required to ensure those queries are successful. Therefore, setting the TTL values for metrics collection can require incremental fine-tuning. F5 Networks recommends that you periodically check the TTL values, and verify that they are appropriate for your network.
To define metrics
1. On the Main tab of the navigation pane, expand System and click Configuration. The General properties screen opens. 2. From the Global Traffic menu, choose Metrics Collection. The metrics collection screen opens. 3. In the Configuration area, assign values to the metrics-related settings. For detailed information about these settings, see the online help. 4. Click the Update button.
13 - 2
Collecting Metrics
DNS_REV The DNS_REV probe sends a DNS message to the probe target LDNS querying for a resource record of class IN, type PTR. Most versions of DNS answer with a record containing their fully-qualified domain name. The system makes these requests only to measure network latency and packet loss; it does not use the information contained in the responses. DNS_DOT The DNS.DOT probe sends a DNS message to the probe target LDNS querying for a dot (.). If the LDNS is not blocking queries from unknown addresses, it answers with a list of root nameservers. The system makes these requests only to measure network latency and packet loss; it does not use the information contained in the responses. UDP The UDP probe uses the user datagram protocol (UDP) to query the responsiveness of an LDNS. The UDP protocol provides simple but unreliable datagram services. The UDP protocol adds a checksum and additional process-to-process addressing information. UDP is a connectionless protocol which, like TCP, is layered on top of IP. UDP neither guarantees delivery nor requires a connection. As a result, it is lightweight and efficient, but the application program must take care of all error processing and retransmission. TCP The TCP probe uses the transmission control protocol (TCP) to query the responsiveness of an LDNS. The TCP protocol is the most common transport layer protocol used on Ethernet and Internet. The TCP protocol adds reliable communication, flow-control, multiplexing, and connection-oriented communication. It provides full-duplex, process-to-process connections. TCP is connection-oriented and stream-oriented. ICMP The ICMP probe uses the Internet control message protocol (ICMP) to query the responsiveness of an LDNS. The ICMP protocol is an extension to the Internet Protocol (IP). The ICMP protocol generates error messages, test packets, and informational messages related to IP.
With these probes, it does not matter whether the Global Traffic Manager receives a valid response, such as the name of the LDNS as queried by the DNS_REV probe, or a request refused statement. The relevant information is the metrics generated between the probe request and the response. For example, the Global Traffic Manager uses the DNS_REV probe to query
Configuration Guide for BIG-IP Global Traffic ManagerTM
13 - 3
Chapter 13
two local DNS servers. The first LDNS responds to the probe with its name, as per the request. The second LDNS, however, responds with a request refused statement, because it is configured to not allow such requests. In both cases, the probe was successful, because the Global Traffic Manager was able to acquire data on how long it took for both local DNS servers to respond to the probe. You can configure the Global Traffic Manager to use a select number of probes, or you can assign all five. The more probes that the Global Traffic Manager uses, the more bandwidth is required.
To assign a probe
1. On the Main tab of the navigation pane, expand System and click Configuration. The General screen opens. 2. From the Global Traffic menu, choose Metrics Collection. The metrics collection screen opens. 3. In the Local DNS (LDNS) area, use the options provided in the Metrics Collection Protocol option to assign the relevant probes. 4. In the Metrics Caching box, define the number of seconds for which the Global Traffic Manager keeps the collected metrics data. This value determines how often the system probes a given LDNS. The default value is 3600 seconds, or one hour. 5. In the Inactive Local DNS TTL box, define the number of seconds for which an LDNS can be inactive before the Global Traffic Manager considers it inactive. The Global Traffic Manager stops probing local DNS servers that are considered inactive. The default value is 2419200, or 28 days. 6. Click the Update button to save your changes.
13 - 4
Collecting Metrics
Hops TTL
Specifies how often the Global Traffic Manager probes paths. Specifies the number of seconds that a path remains in the cache after its last access. Specifies the number of seconds that an LDNS remains in the cache after its last access.
Each resource also has a timer value. A timer value defines the frequency (measured in seconds) at which the Global Traffic Manager refreshes the metrics information it collects. In most cases, the default values for the TTL and timer parameters are adequate. However, if you make changes to any TTL or timer values, keep in mind that an objects TTL value must be greater than its timer value. Table 13.2 describes each timer value, as well as its default setting.
Parameter Metrics Caching Description Specifies the interval (in seconds) at which the Global Traffic Manager archives the paths and metrics data. This setting is available in the Local DNS (LDNS) section at the bottom of the Configuration: Global Traffic: Metrics Collection screen. Paths retry Specifies how long (in seconds) the BIG-IP system waits before attempting another probe, if a previous probe failed. Specifies the number of seconds that the big3d agent waits for a probe. 120 Default 3600
Timeout
13 - 5
Chapter 13
13 - 6
Collecting Metrics
13 - 7
Chapter 13
13 - 8
14
Viewing Performance Data
14 - 1
Chapter 14
14 - 2
15
Managing iRules
Introducing iRules for the Global Traffic Manager Creating iRules Assigning iRules Controlling iRule evaluation Using statement commands Using wide IP commands Using utility commands Using protocol commands Removing iRules
Managing iRules
What is an iRule?
An iRule is a script that you write if you want individual connections to target a pool other than the default pool defined for a virtual server. iRules allow you to more directly specify the pools to which you want traffic to be directed. Using iRules, you can send traffic not only to pools, but also to individual pool members or hosts. The iRules you create can be simple or sophisticated, depending on your content-switching needs. Figure 15.1 shows an example of a simple iRule.
when DNS_REQUEST { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { pool my_pool } }
Figure 15.1 Example of an iRule This iRule is triggered when a DNS request has been detected, causing the Global Traffic Manager to send the packet to the pool my_pool, if the IP address of the local DNS making the request matches 10.10.10.10. iRules can direct traffic not only to specific pools, but also to individual pool members, including port numbers and URI paths, either to implement persistence or to meet specific load balancing requirements.
15 - 1
Chapter 15
The syntax that you use to write iRules is based on the Tool Command Language (Tcl) programming standard. Thus, you can use many of the standard Tcl commands, plus a set of extensions that the Global Traffic Manager provides to help you further increase load balancing efficiency. For information about standard Tcl syntax, see the Tcl Reference Manual at http://tmml.sourceforge.net/doc/tcl/index.html.
Creating iRules
You can create an iRule using the Configuration utility.
To create an iRule
1. On the Main tab of the navigation pane, expand Global Traffic and click iRules. The iRules screen opens. 2. Click the Create button. 3. In the Name box, type a 1- to 31-character name. 4. In the Definition box, type the syntax for your iRule. 5. If you want to expand the length of the Definition box, check Extend Text Area. Also, if you want the contents of the iRule to wrap within the box, check Wrap Text. 6. Click the Finished button to save your changes.
For detailed syntax information on writing iRules, see pages 15-4 through 15-9.
15 - 2
Managing iRules
Assigning iRules
Within the Global Traffic Manager, you assign iRules to the wide IPs in your network configuration.
To assign an iRule
1. On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs. The main screen for wide IPs opens. 2. Click the name of the wide IP to which you want to assign an iRule. The properties screen for the wide IP opens. 3. On the menu bar, click iRules. The main iRules screen for the wide IP opens. 4. Click the Manage button. The Manage iRules screen opens. 5. From the iRule list, select an appropriate iRule. 6. Click the Add button. The new rule appears in the list of assigned iRules. 7. Click the Finished button to save your changes.
15 - 3
Chapter 15
Specifying events
The iRules feature includes several types of event declarations that you can make in an iRule. Specifying an event declaration determines when the Global Traffic Manager evaluates the iRule. The following sections list and describe these event types. Also described is the concept of iRule context and the use of the when keyword.
Event types
The event declarations that you can make in an iRule are listed in Table 15.1.
iRule Event DNS_REQUEST LB_SELECTED LB_FAILED Description Triggered when a DNS request is received from a client. Triggered when the Global Traffic Manager has selected a target node. Triggered when a connection to the server was unable to complete. This might occur if the pool has no available members or a selected pool member is otherwise not available. Triggered when an iRule that contains the RULE_INIT event is changed, or when the gtmd utility restarts. Note that only the following commands are valid with this event: whoami, whereami, crc32, findstr, log, substr, and whereis.
RULE_INIT
15 - 4
Managing iRules
15 - 5
Chapter 15
if { <expression> } { <statement_command> } elseif { <expression> } { <statement_command> } log [<facility>.<level>] <message> [use] host <addr> [<port>]
Generates and logs the specified message to the Syslog facility. Causes the server host, as identified by IP address and, optionally, port number, to be used directly, thus bypassing any load balancing. Causes the Global Traffic Manager to load balance traffic to the named pool. This statement must be conditionally associated with an if statement. Optionally, you can specify a specific pool member to which you want to direct the traffic. Causes the connection to be rejected, returning a reset as appropriate for the protocol. Terminates running of the iRule event.
reject
return
15 - 6
Managing iRules
ttl <value>
whereis <ip_addr> [ [continent] | [country] | [state] | [abbrev] | [city] | [zip] | [area_code] | [latitude] | [longitude] | [isp] | [org] | [country_cf] | [state_cf] | [city_cf] | [proxy_type] ]
15 - 7
Chapter 15
substr
findclass
host
Description Returns the crc32 checksum for the provided string, or if an error occurs, an empty string. Used to ensure data integrity. Returns the RSA Data Security, Inc. MD5 Message Digest Algorithm (md5) message digest of the provided string, or if an error occurs, an empty string. Used to ensure data integrity.
md5 <string>
15 - 8
Managing iRules
Returns the number or list of pool members in the specified pool that are in the specified state. If you do not specify a state, returns all pool members. Returns the number of up nodes behind a virtual server. Local Traffic Manager virtual servers can have a pool with multiple nodes. If there is not a monitor on the Local Traffic Manager side, the server is blue. However, the Global Traffic Manager interprets this blue virtual server as green, and the nodes_up value is 1. Returns the number of seconds the local Global Traffic Manager has been up. Returns the datacenter name for the local Global Traffic Manager. Returns the server name for the local Global Traffic Manager.
15 - 9
Chapter 15
IP commands
The Global Traffic Manager supports the following IP commands.
Protocol Command IP::remote_addr Description Returns the IP address of the client for a given name resolution request. Equivalent to IP::client_addr. Returns the IP address of the server for a given name resolution request. Equivalent to IP::server_addr. Returns the IP address of the client for a given name resolution request. Equivalent to IP::remote_addr. Returns the IP address of the server for a given name resolution request. Equivalent to IP::local_addr. Returns the IP protocol value, such as TCP or UDP.
IP::local_addr
IP::client_addr
IP::server_addr
IP::protocol
TCP commands
The Global Traffic Manager supports the following TCP commands.
Protocol Command TCP::client_port TCP::server_port Description Returns the clients TCP port/service number. Returns the servers TCP port/service number.
UDP commands
The Global Traffic Manager supports the following UDP commands.
Protocol Command UDP::client_port UDP::server_port Description Returns the clients UDP port/service number. Returns the servers UDP port/service number.
15 - 10
Managing iRules
Removing iRules
Within the Global Traffic Manager, you can remove an iRule from a wide IP at any time.
To remove an iRule
1. On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs. The main screen for wide IPs opens. 2. Click the name of the wide IP to which you want to assign an iRule. The properties screen for the wide IP opens. 3. On the menu bar, click iRules. The main iRules screen for the wide IP opens. 4. Click the Manage button The Manage iRules screen opens. 5. Select the iRule that you want to remove, and then click Remove. 6. Click the Finished button to save your changes.
15 - 11
Chapter 15
15 - 12
16
Managing DNS Files with ZoneRunner
Introducing ZoneRunner Working with zone files Working with resource records Working with views Managing the named.conf file
Introducing ZoneRunner
One of the modes in which you can operate the Global Traffic Manager system is the node mode. In node mode, the Global Traffic Manager is responsible not only for load balancing name resolution requests and monitoring the health of your physical and logical network; it is also responsible for maintaining the DNS zone files that map name resolution requests to the appropriate network resource. In the Global Traffic Manager, you create, manage, and maintain DNS files using the ZoneRunner utility. The ZoneRunner utility is a zone file management utility that can manage both DNS zone files and your BIND configuration. With the ZoneRunner utility, you can: Manage the DNS zones and zone files for your network, including importing and transferring zone files Manage the resource records for those zones Manage views (a BIND 9 feature) Manage a local nameserver and its configuration file, named.conf
In the Configuration utility, you must configure a zone before you configure any other objects in the ZoneRunner utility. The remainder of this chapter discusses these tasks in detail.
16 - 1
Chapter 16
Primary (Master) Zone files for a primary zone contain, at minimum, the start of authority (SOA) and nameserver (NS) resource records for the zone. Primary zones are authoritative, that is, they respond to DNS queries for the domain or sub-domain. A zone can have only one SOA record, and must have at least one NS record. Secondary (Slave) Zone files for a secondary zone are copies of the principal zone files. At an interval specified in the SOA record, secondary zones query the primary zone to check for and obtain updated zone data. A secondary zone responds authoritatively for the zone as long as the zone data is valid. Stub Stub zones are similar to secondary zones, except that stub zones contain only the NS records for the zone. Note that stub zones are a specific feature of the BIND implementation of DNS. F5 Networks recommends that you use stub zones only if you have a specific requirement for this functionality. Forward The zone file for a forwarding zone contains only information to forward DNS queries to another nameserver on a per-zone (or per-domain) basis. Hint The zone file for a hint zone specifies an initial set of root nameservers for the zone. Whenever the local nameserver starts, it queries a root nameserver in the hint zone file to obtain the most recent list of root nameservers.
16 - 2
To create a zone
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. On the menu bar, click Zone List. The Zone List screen opens. 3. Click the Create button. The New Zone screen opens. 4. From the View Name list, select a view with which to associate the new zone. 5. In the Zone Name box, type a fully-qualified domain name for the zone. Note: Do not forget the trailing dot ( . ) at the end of the name. 6. From the Zone Type list, select the type of zone that you are configuring. The screen refreshes to display the configuration settings for the zone type.
Each zone type has unique characteristics. The following sections describe how to create each zone type.
16 - 3
Chapter 16
5. In the Zone Name box, type a name for the zone. 6. From the Zone Type list, select Master. The screen refreshes to display the configuration options and records creation options for a primary zone. 7. From the Records Creation Method list, select Manual. The configuration options in the Records Creation section in the following procedure change, depending on the record creation method that you select in this step. Note: The Records Creation Method list has two additional options: Load From File and Transfer from Server. These options are discussed in Importing zone files, on page 16-7. 8. In the Zone File Name box, type the name you want to use for the zone file. 9. In the Options box, you can type any additional statements that the zone requires. Do not delete the allow-update statement as the system needs this to maintain compatibility with the wide IP information. Important: Use caution when typing in the Options box. The system writes any changes you make directly to the named.conf file. For information on available options and syntax, refer to the BIND documentation mentioned at the beginning of this chapter. 10. Check the Create Reverse Zone box to specify that the system creates a reverse zone for this zone. 11. In the Reverse Zone Name box, type a name for the reverse zone, and then select whether the reverse zone applies to IPv4 or IPv6 networks. 12. In the Reverse Zone File Name box, type the name you want to use for the reverse zone file. 13. In the SOA Record section, supply the relevant configuration for the Start of Authority (SOA) record associated with this zone. 14. In the NS Record section, supply the information for the first nameserver associated with this zone. See Creating NS resource records, on page 16-18 for more information. 15. Click the Finished button to save your changes.
16 - 4
16 - 5
Chapter 16
5. In the Zone Name box, type a name for the zone. 6. From the Zone Type list, select Stub. The screen refreshes to display the configuration options for a stub zone. 7. In the Zone File Name box, type the name you want to use for the zone file. 8. In the Options box, you can type any additional statements that the zone requires. Do not delete the allow-update statement, as the system needs this to maintain compatibility with the wide IP information. Important: Use caution when typing in the Options box. The system writes any changes you make directly to the named.conf file. For information on available options and syntax, refer to the BIND documentation mentioned at the beginning of this chapter. 9. Click the Finished button to save your changes.
16 - 7
Chapter 16
16 - 8
16 - 9
Chapter 16
Modifying zones
You can use the ZoneRunner utility to modify zones on an as-needed basis. For example, you can increase or decrease the time-to-live (TTL) value for the zone, or change the master server for the zone. You can also add resource records to an existing zone file. For more information, see Working with resource records, on page 16-12.
To modify a zone
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. On the menu bar, click Zone List. The main screen for the zone opens. 3. Click the name of the zone that you want to modify. The properties screen for the zone opens. 4. Modify the settings for the zone as needed. 5. Click the Update button to save your changes.
16 - 10
Deleting zones
With the ZoneRunner utility, you can delete zones that either have become obsolete or are no longer relevant to the Global Traffic Manager due to a network configuration change. For example, you might adjust your nameservers, after which the Global Traffic Manager is no longer responsible for a specific zone.
To delete a zone
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. On the menu bar, click Zone List. The main screen for the zone opens. 3. Click the Select box next to the zone name that you want to delete. 4. Click the Delete button. A confirmation screen opens. 5. Click the Delete button again to delete the zone.
16 - 11
Chapter 16
Although case is preserved in names and data fields when loaded into the nameserver, comparisons and lookups in the nameserver database are not case-sensitive.
SOA (Start of authority) The start of authority resource record, SOA, starts every zone file and indicates that a nameserver is the best source of information for a particular zone. The SOA record indicates that a nameserver is authoritative for a zone. There must be exactly one SOA record per zone. Unlike other resource records, you create a SOA record only when you create a new master zone file. A (Address) The Address record, or A record, lists the IP address for a given host name. The name field is the hosts name, and the address is the network interface address. There should be one A record for each IP address of the machine. AAAA (IPv6 Address) The IPv6 Address record, or AAAA record, lists the 128-bit IPv6 address for a given host name. CNAME (Canonical Name) The Canonical Name resource record, CNAME, specifies an alias or nickname for the official, or canonical, host name. This record must be the only one associated with the alias name. It is usually easier to supply one A record for a given address and use CNAME records to define alias host names for that address. DNAME (Delegation of Reverse Name) The Delegation of Reverse Name resource record, DNAME, specifies the reverse lookup of an IPv6 address. These records substitute the suffix of one domain name with another. The DNAME record instructs the Global Traffic Manager (or any DNS server) to build an alias that substitutes a portion of the requested IP address with the data stored in the DNAME record.
16 - 12
HINFO (Host Information) The Host Information resource record, HINFO, contains information on the hardware and operating system relevant to the Global Traffic Manager (or other DNS). MX (Mail Exchanger) The Mail Exchange resource record, MX, defines the mail system(s) for a given domain. NS (Nameserver) The nameserver resource record, NS, defines the nameservers for a given domain, creating a delegation point and a subzone. The first name field specifies the zone that is served by the nameserver that is specified in the nameservers name field. Every zone needs at least one nameserver. PTR (Pointer) A name pointer resource record, PTR, associates a host name with a given IP address. These records are used for reverse name lookups. SRV (Service) The Service resource record, SRV, is a pointer that allows an alias for a given service to be redirected to another domain. For example, if the fictional company SiteRequest had an FTP archive hosted on archive.siterequest.com, the IT department can create an SRV record that allows an alias, ftp.siterequest.com to be redirected to archive.siterequest.com. TXT (Text) The Text resource record, TXT, allows you to supply any string of information, such as the location of a server or any other relevant information that you want available.
16 - 13
Chapter 16
7. From the Type list, select the type of resource record that you are configuring. The screen refreshes to display the configuration settings for the resource record type. 8. Configure settings as needed. 9. Click the Finished button to save your changes.
Each resource record type has unique characteristics. The following sections describe how to create each resource record type, using the steps listed in this procedure, and specifying details for each record type.
To create an A record
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. Click the Create button. The New Resource Record screen opens. 3. From the View Name list, select a view with which to associate the new zone. 4. In the Zone Name box, select the zone with which this record is associated. 5. In the Name box, type the name for the resource record. 6. In the TTL box, type the time-to-live value for the record. 7. From the Type list, select A. The screen refreshes to display the configuration options for an A resource record. 8. In the IP Address box, type the IP address for the A record. 9. If you want to create a reverse record that corresponds to this record, for the Create Reverse Record option, check the Enable box. 10. Click the Finished button to save your changes.
16 - 14
16 - 15
Chapter 16
7. From the Type list, select CNAME. The screen refreshes to display the configuration options for a CNAME resource record. 8. In the CNAME box, type the appropriate alias for the resource record. 9. Click the Finished button to save your changes.
16 - 16
16 - 17
Chapter 16
To create an MX record
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. Click the Create button. The New Resource Record screen opens. 3. From the View Name list, select a view with which to associate the new zone. 4. In the Zone Name box, select the zone with which this record is associated. 5. In the Name box, type the name for the resource record. 6. In the TTL box, type the time-to-live value for the record. 7. From the Type list, select MX. The screen refreshes to display the configuration options for an MX resource record. 8. In the Preference box, type the preference for the mail server. Preference is a numeric value for the preference of this mail exchange host relevant to all other mail exchange hosts for the domain. Lower numbers indicate a higher preference, or priority. 9. In the Mail Server box, type the appropriate domain name for the mail server. 10. Click the Finished button to save your changes.
To create an NS record
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. Click the Create button. The New Resource Record screen opens. 3. From the View Name list, select a view with which to associate the new zone. 4. In the Zone Name box, select the zone with which this record is associated.
16 - 18
5. In the Name box, type the name for the resource record. 6. In the TTL box, type the time-to-live value for the record. 7. From the Type list, select NS. The screen refreshes to display the configuration options for an NS resource record. 8. In the Name Server box, type the appropriate domain name for the resource record. 9. Click the Finished button to save your changes.
16 - 19
Chapter 16
16 - 20
16 - 21
Chapter 16
16 - 22
Adding views
If you have a DNS that is accessed from multiple communities, you can create a view for each community. Depending on the community, the nameserver uses a different configuration for resolving name requests.
To add a view
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. On the menu bar, click View List. The View List screen opens. 3. Click the Create button. The New View screen opens. 4. In the View Name box, type a name for the view. 5. From the View Order list, select where the view resides in the view hierarchy for the nameserver. 6. In the Options box, specify the criteria that determines when the DNS should use the zone files associated with this view. 7. Click the Finished button to save your changes.
Modifying views
As the needs change for the communities attempting to access the Global Traffic Manager as a DNS, you might need to modify your views. Through the ZoneRunner utility, you can modify a view at any time.
To modify a view
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. On the menu bar, click View List. The View List screen opens. 3. Click the name of the view you want to modify. The properties screen for the view opens. 4. Modify the view settings as needed. Note that you cannot change the name of the view. 5. Click Update to apply your changes.
16 - 23
Chapter 16
Deleting views
If a view is no longer necessary for your name resolutions, you can delete it from the ZoneRunner utility.
To delete a view
1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner. The Resource Records List screen opens. 2. On the menu bar, click View List. The View List screen opens. 3. Click the Select box next to the name of the view that you want to delete. 4. Click the Delete button. A confirmation screen opens. 5. Click the Delete button again to delete the view.
16 - 24
In the following procedure, we assume that you are fully familiar with the named.conf file and the syntax of its contents. Modifying the named.conf file carries a high level of risk, as a syntax error can prevent the entire BIND system from performing as expected. For this reason, F5 Networks recommends that you use the user interface of the ZoneRunner utility whenever possible, and that you exercise caution when editing the named.conf file.
16 - 25
Chapter 16
16 - 26
A
Working with the big3d Agent
Introducing the big3d agent Collecting path data and server performance metrics Setting up communication between Global Traffic Manager systems and other servers
F5 Networks recommends that you have at least one BIG-IP system running the big3d agent in each data center in your network. This ensures that the Global Traffic Manager has timely access to the metrics associated with network traffic.
Important
When you set up a Global Traffic Manager to communicate with other BIG-IP systems, you must use IP addresses that are defined within the default route domain on the BIG-IP system. IP addresses within the default route domain are the only addresses that can process Global Traffic Manager traffic. For more information about configuring route domains, see the TMOS Management Guide for BIG-IP systems.
A-1
Appendix A
Network path round trip time The big3d agent calculates the round trip time for the network path between the agents data center and the clients LDNS that is making the resolution request. The Global Traffic Manager uses round trip time to determine the best virtual server to answer the request when a pool uses a dynamic load balancing mode, such as Round Trip Time, or Quality of Service. Network path packet loss The big3d agent calculates the packet completion percentage for the network path between the agents data center and the clients LDNS that is making the resolution request. The Global Traffic Manager uses the packet completion rate to determine the best virtual server to answer the request when a wide IP or pool uses either the Completion Rate or the Quality of Service load balancing modes. Router hops along the network path The big3d agent calculates the number of intermediate system transitions (router hops) between the agents data center and the clients LDNS. The Global Traffic Manager uses hops to determine the best virtual server to answer the request when a pool uses the Hops or the Quality of Service load balancing modes. Server performance The big3d agent returns server metrics, such as the packet rate, for BIG-IP systems or SNMP-enabled hosts. The Global Traffic Manager uses packet rate to determine the best virtual server to answer the request when a pool uses the Packet Rate, KBPS, Least Connections, or Quality of Service load balancing modes. Virtual server availability and performance The big3d agent queries virtual servers to verify whether they are up and available to receive connections, and uses only those virtual servers that are up for load balancing. The big3d agent also determines the number of current connections to virtual servers that are defined on BIG-IP systems or SNMP-enabled hosts. The Global Traffic Manager uses the number of current connections to determine the best virtual server when a pool uses the Least Connections or VS Capacity load balancing mode.
A-2
Installing big3d agents on BIG-IP systems Each new version of the Global Traffic Manager software includes the latest version of the big3d agent. You need to distribute that copy of the big3d agent to each BIG-IP system in the network. See the release notes provided with the Global Traffic Manager software for information about which versions of the BIG-IP software the current big3d agent supports. For details on installing the big3d agent, see Installing the big3d agent, following. Setting up communications between big3d agents and other systems Before the big3d agents can communicate with the Global Traffic Manager systems in the network, you need to configure the appropriate ports and tools to allow communication between the devices running the big3d agent and Global Traffic Manager systems in the network. These planning issues are discussed in Setting up communication between Global Traffic Manager systems and other servers, on page A-5.
A-3
Appendix A
A-4
Setting up communication between Global Traffic Manager systems and other servers
In order to copy big3d agents from a Global Traffic Manager to BIG-IP systems, the Global Traffic Manager must be able to communicate with these other systems. Specifically, every BIG-IP system, which you define as a server on the Global Traffic Manager, must have sufficient network privileges and configured routes to be able to probe the virtual servers that it hosts, as well as the virtual servers hosted by other servers defined on the Global Traffic Managers in a synchronization group. In the following configuration, every big3d agent that the Global Traffic Manager synchronization group recognizes must be able to probe the virtual server 10.1.0.1:80 via TCP.
server { // datacenter=DC1, #VS=1 name type box { address 10.1.0.1 unit_id 1 } monitor "http" vs { name address } } "Generic_VS1" 10.1.0.1:80 // http "Generic Host Server 1" generic
Table A.1 Communication between big3d agents and Global Traffic Manager systems
A-5
Appendix A
Table A.2 shows the protocols and corresponding ports used for iQuery communications between big3d agents and SNMP agents that run on host servers.
From big3d agent To host SNMP agent Protocol UDP From Port >1023 To Port 161 Purpose Ephemeral ports used to make SNMP queries for host statistics Ephemeral ports used to receive host statistics using SNMP
big3d agent
UDP
161
>1023
Table A.2 Communication between big3d agents and SNMP agents on hosts
Table A.3 shows the ports used for communications between big3d agents and virtual servers that are not hosted by a BIG-IP system.
From big3d agent To virtual server Protocol UDP From Port >1024 To Port Service Port Service Port Purpose Ephemeral ports used to monitor host virtual server Ephemeral ports used to monitor host virtual servers
big3d agent
virtual server
TCP
>1024
Table A.3 Communication between big3d agents and virtual servers not hosted by BIG-IP systems
A-6
Communications between Global Traffic Manager systems, big3d agents, and local DNS servers
Table A.4 shows the protocols and ports that the big3d agent uses when collecting path data for local DNS servers.
From big3d big3d To LDNS LDNS Protocol ICMP TCP From Port N/A >1023 To Port N/A 53 Purpose Probe using ICMP pings Probe using TCP (Cisco routers: allow establish) Replies using TCP (Cisco routers: allow establish) Probe using UDP or traceroute utility Replies to ICMP, UDP pings, or traceroute probes Probe using DNS rev or DNS dot
LDNS
big3d
TCP
53
>1023
big3d LDNS
LDNS big3d
UDP ICMP
53 N/A
33434 N/A
big3d
LDNS
>1023
53
LDNS
big3d
53
>1023
Table A.4 Communications between big3d agents and local DNS servers
A-7
Appendix A
A-8
B
Understanding Probes
Introducing probes Understanding iQuery Determining probe responsibility Selecting a big3d agent Designating a specific server Managing LDNS probes Using log entries to tune probes
Understanding Probes
Introducing probes
When you install a Global Traffic Manager in a network, that system typically works within a larger group of BIG-IP products. These products include other Global Traffic Manager systems, Link Controller systems, and Local Traffic Manager systems. The Global Traffic Manager must be able to communicate with these other systems to maintain an accurate assessment of the health and availability of different network components. For example, the Global Traffic Manager must be able to acquire statistical data from resources that are managed by a Local Traffic Manager in a different data center. BIG-IP systems acquire this information through the use of probes. A probe is an action a BIG-IP system takes to acquire data from other network resources. Probes are an essential means by which the Global Traffic Manager tracks the health and availability of network resources; however, it is equally important that the responsibility for conducting probes be distributed across as many BIG-IP products as possible. This distribution ensures that no one system becomes overloaded with conducting probes, which can cause a decrease in performance in the other tasks for which a BIG-IP system is responsible. To distribute probe requests effectively across multiple BIG-IP systems, Global Traffic Manager systems employ several different technologies and methodologies, including: iQuery, which is the communication protocol used between Global Traffic Manager systems and the big3d agents that reside on other BIG-IP systems A selection methodology that determines which Global Traffic Manager is responsible for managing the probe request A selection methodology that determines which big3d agent actually conducts the probe One of the important concepts to remember when understanding how the Global Traffic Manager acquires network data is that the process consists of several tasks: A Global Traffic Manager is chosen to be responsible for the probe. The Global Traffic Manager delegates the probe to a big3d agent. The big3d agent conducts the probe. The big3d agent broadcasts the results of the probe, allowing all Global Traffic Manager systems to receive the information.
B-1
Appendix B
Understanding iQuery
At the heart of probe management with Global Traffic Manager systems is iQuery, the communications protocol that these systems use to send information from one system to another. With iQuery, Global Traffic Manager systems in the same synchronization group can share configuration settings, assign probe requests to big3d agents, and receive data on the status of network resources. The iQuery protocol is an XML protocol that is sent between each system using gzip compression and SSL. These communications can only be allowed between systems that have a trusted relationship established, which is why configuration tools such as big3d_install, bigip_add, and gtm_add are critical when installing or updating Global Traffic Manager systems. If two systems have not exchanged their SSL certificates, they cannot share information with each other using iQuery. In addition to requiring trusted relationships, systems send iQuery communications only on the VLAN in which the system received the incoming message. Also, iQuery communications occur only within the same synchronization group. If your network consists of two synchronization groups, with each group sharing a subset of network resources, these groups both probe the network resources and communicate with iQuery separately. Generally, iQuery communications require no user intervention; however, on occasion it can be necessary to view the data transmitted between each system. For example, you might be troubleshooting the reason that a Global Traffic Manager is exhibiting a particular behavior. In such a situation, you can use the command, iqdump.
One of the first pieces of information the system displays when running iQuery is the version of the remote big3d agent. This allows you to determine if a system is running the latest version of the big3d agent.
B-2
Understanding Probes
Now, consider that you want to acquire statistical data from a resource in the New York data center. First, the Global Traffic Manager systems, based on their iQuery communications with each other, identify whether there is a Global Traffic Manager that belongs to the New York data center. In this case, the answer is yes; the New York data center contains a Global Traffic Manager. Next, the systems determine if more than one Global Traffic Manager belongs to the New York data center. In this case, the answer is no; the New York data center has only a stand-alone system. Consequently, the Global Traffic Manager in the New York data center assumes responsibility for conducting the probe on this particular resource.
B-3
Appendix B
In situations where more than one Global Traffic Manager belongs to a data center, the systems use an algorithm to distribute the responsibility for probes equally among Global Traffic Manager systems. This distribution ensures that each Global Traffic Manager has an equal chance of being responsible for managing a probe request. To demonstrate how probe requests are delegated between two Global Traffic Manager systems at the same data center, consider again the network configuration at SiteRequest. This time, the company needs to acquire data from a resource that resides at the Los Angeles data center. As with the previous example, the first step identifies whether the Los Angeles data center has any Global Traffic Manager systems; in this case, the answer is yes. The next criteria is whether there is more than one Global Traffic Manager at that data center; in this case, the answer is also yes: the Los Angeles data center has a redundant system configuration that consists of two Global Traffic Manager systems. Because there are two Global Traffic Manager systems at this data center, each system compares the hash value of the resource with its own information; whichever Global Traffic Manager has the closest value to the resource becomes responsible for managing the probe request. A final consideration is if a data center does not have any Global Traffic Manager systems at all, such as the London data center in the configuration for SiteRequest. In these situations, the responsibility for probing a resource at that data center is divided among the other Global Traffic Manager systems; much in the same way as the responsibility is divided among Global Traffic Manager systems within the same data center. Once a Global Traffic Manager becomes responsible for managing a probe, it remains responsible for that probe until the network configuration changes in one of the following ways: The Global Traffic Manager goes offline. A new Global Traffic Manager is added to the data center. The network configuration of the resource (such as its IP address) changes.
B-4
Understanding Probes
Now, consider that a Global Traffic Manager in the Los Angeles data center has assumed responsibility for managing a probe for a network resource. At this data center, the system can assign the probe to one of four big3d agents: one for each BIG-IP system at the data center. To select a big3d, the Global Traffic Manager looks to see which big3d agent has the fewest number of
B-5
Appendix B
probes for which it is responsible. The big3d agent with the lowest number of probes is tasked with conducting the probe. The Global Traffic Manager checks this statistic each time it needs to delegate the probe; as a result, the big3d select can change from probe instance to probe instance. In situations where a big3d agent does not reside in the same data center as the resource, the designated Global Traffic Manager selects a big3d from all available big3d agents on the network. Again, the agent selected is the agent with the fewest number of probe requests, and this check occurs each time the probe is conducted. For example, SiteRequest adds a new set of web servers in Tokyo. At this location, the company has yet to install its BIG-IP systems; however, the current set of Global Traffic Manager systems in Los Angeles and New York are managing traffic to these web servers. When initiating a probe request to determine the availability of one of these servers, a Global Traffic Manager is selected to manage the probe request. Then, that system chooses a big3d agent to probe the web server, selecting any big3d agent located in Los Angeles, New York, or London.
B-6
Understanding Probes
The Global Traffic Manager uses the specified BIG-IP system to conduct probes on this server unless that system becomes unavailable.
B-7
Appendix B
If you do not use Quality of Service load balancing, the Global Traffic Manager does not conduct probes of local DNS servers. When a given LDNS makes a DNS request for a wide IP, that request is sent to a single Global Traffic Manager. The Global Traffic Manager then creates an LDNS entry, and assigns that entry one of the following states: New: the Global Traffic Manager has not come across this particular LDNS before Active: the Global Traffic Manager already has an existing entry for this LDNS Pending: the Global Traffic Manager has been contacted by this LDNS before, however, this server has yet to respond to a probe from a Global Traffic Manager on this network In general, the New and Pending states are temporary states; an LDNS remains in one of these states only until it responds to the first probe request from a Global Traffic Manager. Once the Global Traffic Manager receives a response, the LDNS entry is moved to the Active state. Each Global Traffic Manager within a given synchronization group shares the LDNS entries that are assigned this state, resulting in the synchronization group having a common list of known local DNS servers. Unlike internal probes, LDNS probes are not load balanced across Global Traffic Manager systems. Instead, the Global Traffic Manager that the LDNS first queries becomes responsible for the initial probe to that LDNS. These probes are load balanced, however, across the multiple big3d agents, with preference given to big3d agents that either belong to the same data center as the responding Global Traffic Manager, or belong to the same link through which the Global Traffic Manager received the LDNS query. After the initial probe, an algorithm is used to load balance subsequent probes across the available Global Traffic Manager systems.
B-8
Understanding Probes
The process for identifying and managing LDNS probe requests is as follows: 1. An LDNS sends a DNS request to a Global Traffic Manager. 2. The Global Traffic Manager that responds to the request determines if it already has an entry for the LDNS. If it does not, it creates an entry with a status of New. 3. The Global Traffic Manager delegates the probe of the LDNS to a big3d agent; preferably a big3d agent that resides in the same data center as the Global Traffic Manager. 4. When the LDNS responds to the probe, it sends its information to the Global Traffic Manager. 5. The Global Traffic Manager updates its entry for the LDNS, assigning it an Active status. 6. The Global Traffic Manager synchronizes its list of active local DNS servers with the other members of its synchronization group.
If you do not use Quality of Service load balancing modes, the Global Traffic Manager systems do not conduct LDNS server probes.
B-9
Appendix B
For information about the command syntax you use to change this variable, see the Traffic Management Shell (tmsh) Reference Guide and the Bigpipe Utility Reference Guide.
For monitors: The time in microseconds that each monitor spends in the active queue For each active monitor, the log file displays the following information: Base name Monitor name Number of total instances
B - 10
Understanding Probes
Number of up instances and the average and maximum probe time for each up instance Number of down instances, the average probe time for each down instance, and a sorted list of reasons that the instance is down. Each reason in the list is followed the number of instances that were marked down for this reason.
For each Global Traffic Manager and Local Traffic Manager: Datacenter name Server name IP address Current tmm CPU usage Number of virtual servers in each state: up or down Active and pending queue sizes for monitors, SNMP monitors, and paths Number of monitors that have received a down response from the system
For each host server: Datacenter name Server name IP address CPU usage Memory usage Note: This value is -1, unless an SNMP monitor is assigned to the server. Number of virtual servers in each state: up or down
B - 11
Appendix B
B - 12
Glossary
Glossary
3-DNS Controller See Global Traffic Manager. A record The A record is the ADDRESS resource record that a Global Traffic Manager returns to a local DNS server in response to a name resolution request. The A record contains a variety of information, including one or more IP addresses that resolve to the requested domain name. access control list (ACL) An access control list is a list of local DNS server IP addresses that are excluded from path probing or hops queries. active unit In a redundant system configuration, an active unit is a system that currently load balances name resolution requests. If the active unit in the redundant system fails, the standby unit assumes control and begins to load balance requests. alternate method The alternate method specifies the load balancing mode that the Global Traffic Manager uses to pick a virtual server if the preferred method fails. See also fallback method, preferred method. auto-discovery Auto-discovery is a process through which the Global Traffic Manager identifies a resource automatically so you can manage it. big3d agent The big3d agent is a monitoring agent that collects metrics information about server performance and network paths between a data center and a specific local DNS server. The Global Traffic Manager uses the information collected by the big3d agent for dynamic load balancing. BIG-IP system A BIG-IP system can be a Global Traffic Manager (including the current Global Traffic Manager), a Local Traffic Manager, or a Link Controller. BIND (Berkeley Internet Name Domain) BIND is the most common implementation of the Domain Name System (DNS). BIND provides a system for matching domain names to IP addresses. For more information, refer to http://www.isc.org/products/BIND.
Glossary - 1
Glossary
bridge mode Bridge mode instructs the Global Traffic Manager to forward the traffic it receives to another part of the network. CIDR (Classless Inter-Domain Routing) Classless Inter-Domain Routing (CIDR) is an expansion of the IP address system that allows a single IP address to be used to designate many unique IP addresses. A CIDR IP address looks like a standard IP address except that it ends with a slash followed by a number, which is the IP network prefix. For example: 172.200.0.0/16 CNAME record A canonical name (CNAME) record acts as an alias to another domain name. A canonical name and its alias can belong to different zones, so the CNAME record must always be entered as a fully qualified domain name. CNAME records are useful for setting up logical names for network services so that they can be easily relocated to different physical hosts. completion rate The completion rate is the percentage of packets that a server successfully returns during a given session. Completion Rate mode The Completion Rate mode is a dynamic load balancing mode that distributes connections based on which network path drops the fewest packets, or allows the fewest number of packets to time out. Configuration utility The Configuration utility is the browser-based application that you use to configure the BIG-IP system. content delivery network (CDN) A content delivery network (CDN) is an architecture of web-based network components that helps dramatically reduce the wide-area network latency between a client and the content they wish to access. A CDN includes some or all of the following network components: wide-area traffic managers, Internet service providers, content server clusters, caches, and origin content providers. custom monitor A custom monitor is a user-created monitor. See also monitor, health monitor, performance monitor, pre-configured monitor. data center A data center is a physical location that houses one or more Global Traffic Manager systems, BIG-IP systems, or host machines.
Glossary - 2
Glossary
data center server A data center server is any server recognized in the Global Traffic Manager configuration. A data center server can be any of the following: a Global Traffic Manager, a BIG-IP system, or a host. destination statement A destination statement defines the resource to which the Global Traffic Manager directs the name resolution request. distributed application A distributed application is a collection of wide IPs, data center, and links. It is the highest level component that the Global Traffic Manager supports. DNSSEC (DNS Security Extensions) DNSSEC is a set of extensions to DNS that protects a computer network against most of the threats to the Domain Name System. DNSSEC zones DNSSEC zones are containers that map a domain name to a set of DNSSEC keys. domain name A domain name is a unique name that is associated with one or more IP addresses. Domain names are used in URLs to identify particular web pages. For example, in the URL http://www.f5.com/index.html, the domain name is f5.com. draining requests Draining requests refers to allowing existing sessions to continue accessing a specific set of resources while disallowing new connections. Drop Packet load balancing mode Drop Packet load balancing mode instructs the Global Traffic Manager to do nothing with a packet, and simply drop the request. dynamic load balancing modes Dynamic load balancing modes base the distribution of name resolution requests to virtual servers on the matrix of live data, such as current server performance and current connection load. Dynamic Ratio weighting Dynamic Ratio weighting is a methodology in which the system continuously checks the performance of each link and sends traffic through the link with the best performance data.
Glossary - 3
Glossary
dynamic site content Dynamic site content is a type of site content that is automatically generated each time a user accesses the site. Examples are current stock quotes or weather satellite images. EAV (Extended Application Verification) EAV is a health check that verifies an application on a node by running that application remotely. EAV health check is only one of the three types of health checks available on an Link Controller. See also health monitor, external monitor. EAV monitor An EAV monitor checks the health of a resource by accessing the specified application. ECV (Extended Content Verification) On the Global Traffic Manager, ECV is a service monitor that checks the availability of actual content, (such as a file or an image) on a server, rather than just checking the availability of a port or service, such as HTTP on port 80. ECV monitor An ECV monitor checks the health of a resource by sending a query for content using the specified protocol, and waiting to receive the content from the resource. See also monitor, health monitor, external monitor. external monitor An external monitor is a user-supplied health monitor. See also health monitor. external system An external system is any server with which the Global Traffic Manager must exchange information to perform its functions. failover Failover is the process whereby a standby unit in a redundant system configuration takes over when a software failure or hardware failure is detected on the active unit. failover cable The failover cable is the cable that directly connects the two system units in a hardware-based redundant system configuration.
Glossary - 4
Glossary
fallback method The fallback method is the third method in a load balancing hierarchy that the Global Traffic Manager uses to load balance a resolution request. The Global Traffic Manager uses the fallback method only when the load balancing modes specified for the preferred and alternate methods fail. Unlike the preferred method and the alternate method, the fallback method uses neither server nor virtual server availability for load balancing calculations. See also preferred method, alternate method. Global Availability mode Global Availability is a static load balancing mode that bases connection distribution on a particular server order, always sending a connection to the first available server in the list. This mode differs from Round Robin mode in that it searches for an available server always starting with the first server in the list, while Round Robin mode searches for an available server starting with the next server in the list (with respect to the server selected for the previous connection request). Global Traffic Manager The Global Traffic Manager provides wide-area traffic management and high availability of IP applications/services running across multiple data centers. gtmd The gtmd utility processes communications between two Global Traffic Manager systems. health monitor A health monitor checks a node to see if it is up and functioning for a given service. If the node fails the check, it is marked down. Different monitors exist for checking different services. See also monitor, custom monitor, pre-configured monitor, performance monitor. host A host is a network server that manages one or more virtual servers that the Global Traffic Manager uses for load balancing. ICMP (Internet Control Message Protocol) ICMP is an Internet communications protocol used to determine information about routes to destination addresses, such as nodes that are managed by BIG-IP systems. iQuery The iQuery protocol is used to exchange information between Global Traffic Manager systems and BIG-IP systems. The iQuery protocol is officially registered with IANA for port 4353, and works on UDP and TCP connections.
Glossary - 5
Glossary
iRule An iRule is a user-written script that controls the behavior of a connection passing through the Global Traffic Manager. iRules are an F5 Networks feature and are frequently used to direct certain connections to a non-default load balancing pool. However, iRules can perform other tasks, such as implementing secure network address translation and enabling session persistence. key-signing key The Global Traffic Manager uses key signing keys to sign only the DNSKEY record of a DNSSEC record set. See also DNSSEC (DNS Security Extensions), DNSSEC zones, and zone-signing key. Kilobytes/Second mode The Kilobytes/Second mode is a dynamic load balancing mode that distributes connections based on which available server currently processes the fewest kilobytes per second. LDNS (local DNS) An LDNS is a server that makes name resolution requests on behalf of a client. With respect to the Global Traffic Manager, local DNS servers are the source of name resolution requests. Least Connections mode The Least Connections mode is a dynamic load balancing mode that bases connection distribution on which server currently manages the fewest open connections. link A link is a logical representation of a physical device (router), which connects your network to the rest of the Internet. Link Controller The Link Controller is an IP application switch that manages traffic to and from a site across multiple links, regardless of connection type or provider. listener A listener is an object that listens for DNS queries. A listener instructs the Global Traffic Manager to listen for network traffic destined for a specific IP address. load balancing methods Load balancing methods are the settings that specify the hierarchical order in which the Global Traffic Manager uses three load balancing modes. The preferred method specifies the first load balancing mode that the Global Traffic Manager tries, the alternate method specifies the next load balancing
Glossary - 6
Glossary
mode to try if the preferred method fails, and the fallback method specifies the last load balancing mode to use if both the preferred and the alternate methods fail. load balancing mode A load balancing mode is the way in which the Global Traffic Manager determines how to distribute connections across an array. logical network components Logical components are abstractions of network resources, such as a virtual servers. See also physical network components. metrics information Metrics information is the data that is typically collected about the paths between BIG-IP systems and local DNS servers. Metrics information is also collected about the performance and availability of virtual servers. Metrics information is used for load balancing, and it can include statistics such as round trip time, packet rate, and packet loss. monitor A monitor is a software utility that specializes in a specific metric of a Global Traffic Manager resource. A monitor tests to see if a given resource responds as expected. See also custom monitor, pre-configured monitor, health monitor, performance monitor. monitor template A monitor template is an abstraction that exists within the Global Traffic Manager for each monitor type, and contains a group of settings and default values. named The named daemon manages domain nameserver software. nameserver A nameserver is a server that maintains a DNS database, and resolves domain name requests to IP addresses using that database. name resolution Name resolution is the process by which a nameserver matches a domain name request to an IP address, and sends the information to the client requesting the resolution. Network Time Protocol (NTP) Network Time Protocol functions over the Internet to synchronize system clocks to Universal Coordinated Time. NTP provides a mechanism to set and maintain clock synchronization within milliseconds.
Glossary - 7
Glossary
node A node is a logical object on the BIG-IP system that identifies the IP address of a physical resource on the network, such as a web server. Node mode The Node mode instructs the Global Traffic Manager to process traffic locally, and send the appropriate DNS response back to the querying server. NS record A nameserver (NS) record is used to define a set of authoritative nameservers for a DNS zone. A nameserver is considered authoritative for some given zone when it has a complete set of data for the zone, allowing it to answer queries about the zone on its own, without needing to consult another nameserver. packet rate The packet rate is the number of data packets per second processed by a server. Packet Rate mode The Packet Rate mode is a dynamic load balancing mode that distributes connections based on which available server currently processes the fewest packets per second. path A path is a logical network route between a data center server and a local DNS server. path probing Path probing is the process of collecting metrics data, such as round trip time and packet rate, for a given path between a requesting LDNS and a data center server. performance monitor Performance monitors check the performance of a pool or virtual server, and dynamically load balance traffic accordingly. See also monitor, pre-configured monitor, custom monitor, health monitor. persistence On a Global Traffic Manager, persistence is a series of related requests received from the same local DNS server for the same wide IP name. When persistence is turned on, a Global Traffic Manager sends all requests from a particular local DNS server for a specific wide IP to the same virtual server, instead of load balancing the requests.
Glossary - 8
Glossary
physical network components Physical network components have a direct correlation with one or more physical entities on the network. See also logical network components. picks Picks represent the number of times a particular virtual server is selected to receive a load balanced connection. pool A pool is a group of virtual servers managed by a BIG-IP system, or a host. The Global Traffic Manager load balances among pools (using the Pool LB Mode), as well as among individual virtual servers. pool-level load balancing With pool-level load balancing, after the Global Traffic Manager uses wide IP-level load balancing to select the best available pool, it uses a pool-level load balancing to select a virtual server within that pool. If the first virtual server within the pool is unavailable, the Global Traffic Manager selects the next best virtual server based on the load balancing mode assigned to that pool. See also tiered load balancing and wide IP-level load balancing. pool ratio A pool ratio is a ratio weight applied to pools in a wide IP. If the Pool LB mode is set to Ratio, the Global Traffic Manager uses each pool for load balancing in proportion to the weight defined for the pool. preferred method The preferred method specifies the first load balancing mode that the Global Traffic Manager uses to load balance a resolution request. See also alternate method, fallback method. pre-configured monitor Pre-configured monitors are monitors that the Global Traffic Manager provides. See also monitor, custom monitor, health monitor. probe A probe is a specific query, initiated by a big3d agent, that attempts to gather specific data from a given network resource. Probes are most often employed when a health monitor attempts to verify the availability of a resource. QoS equation The QoS equation is the equation on which the Quality of Service load balancing mode is based. The equation calculates a score for a given path between a data center server and a local DNS server. The Quality of Service
Glossary - 9
Glossary
mode distributes connections based on the best path score for an available data center server. You can apply weights to the factors in the equation, such as round trip time and completion rate. Quality of Service mode The Quality of Service load balancing mode is a dynamic load balancing mode that bases connection distribution on a configurable combination of the packet rate, completion rate, round trip time, hops, virtual server capacity, kilobytes per second, link capacity, and topology information. ratio A ratio is the parameter in a virtual server statement that assigns a weight to the virtual server for load balancing purposes. Ratio mode The Ratio load balancing mode is a static load balancing mode that distributes connections across an pool of virtual servers in proportion to the ratio weight assigned to each individual virtual server. Ratio weighting Ratio weighting is a methodology in which the system uses a frequency that you set to determine to which link to send traffic. redundant system configuration A redundant system configuration is a pair of units that are configured for failover. One system runs as the active unit and the other system runs as the standby unit. If the active unit fails, the standby unit takes over and manages resolution requests. region A region is a customized collection of topologies. See topology. request source statement A request source statement defines the origin of a name resolution request for a connection. resource record A resource record is a record in a DNS database that stores data associated with domain names. A resource record typically includes a domain name, a TTL, a record type, and data specific to that record type. See also A record, CNAME record, NS record. reverse domain A reverse domain is a type of DNS resolution request that matches a given IP address to a domain name. The more common type of DNS resolution request starts with a given domain name and matches that to an IP address.
Glossary - 10
Glossary
root nameserver A root nameserver is a master DNS server that maintains a complete DNS database. There are approximately 13 root nameservers in the world that manage the DNS database for the World Wide Web. Round Robin mode Round Robin mode is a static load balancing mode that bases connection distribution on a set server order. Round Robin mode sends a connection request to the next available server in the order. round trip time (RTT) Round trip time is the calculation of the time (in microseconds) that a local DNS server takes to respond to a ping issued by the big3d agent running on a data center server. The Global Traffic Manager takes RTT values into account when it uses dynamic load balancing modes. Round Trip Time mode Round Trip Time is a dynamic load balancing mode that bases connection distribution on which virtual server has the fastest measured round trip time between the data center server and the local DNS server. router hops Router hops are intermediate system transitions along a given network path. Router mode Router mode instructs the Global Traffic Manager to forward the traffic it receives to another DNS server. secondary DNS The secondary DNS is a nameserver that retrieves DNS data from the nameserver that is authoritative for the DNS zone. See also nameserver. self IP address A self IP address is an IP address that you define on a VLAN of a BIG-IP system. This term does not apply to the management IP address of a BIG-IP system, or to IP addresses on other devices. server A server is a physical device on which you can configure one or more virtual servers. Setup utility The Setup utility is a utility that takes you through the initial system configuration process. The Setup utility runs automatically when you turn on a system for the first time.
Glossary - 11
Glossary
Simple monitor A Simple monitor checks the health of a resource by sending a packet using the specified protocol, and waiting for a response from the resource. See also health monitor. SNMP (Simple Network Management Protocol) SNMP is the Internet standard protocol, defined in STD 15, RFC 1157, that was developed to manage nodes on an IP network. standby unit A standby unit is the system in a redundant system configuration that is always prepared to become the active unit if the active unit fails. static load balancing modes Static load balancing modes base the distribution of name resolution requests to virtual servers on a pre-defined list of criteria and server and virtual server availability; they do not take current server performance or current connection load into account. See also dynamic load balancing modes. subdomain A subdomain is a sub-section of a higher level domain. For example, .com is a high level domain, and F5.com is a subdomain within the .com domain. synchronization Synchronization means that each Global Traffic Manager regularly compares the timestamps of its configuration files with the timestamps of the configuration files on the other Global Traffic Manager systems on the network. synchronization group A synchronization group is a group of Global Traffic Manager systems that synchronize system configurations and zone files (if applicable). All synchronization group members receive broadcasts of metrics data from the big3d agents throughout the network. All synchronization group members also receive broadcasts of updated configuration settings from the Global Traffic Manager that has the latest configuration changes. tiered load balancing Tiered load balancing is load balancing that occurs at more than one point during the resolution process. See also wide IP-level load balancing and pool-level load balancing. tmsh The Traffic Management Shell (tmsh) is a command-line utility that you can use to configure the Global Traffic Manager.
Glossary - 12
Glossary
topology A topology is a set of characteristics that identify the origin of a given name resolution request. Topology mode The Topology mode is a static load balancing mode that bases the distribution of name resolution requests on the weighted scores for topology records. Topology records are used by the Topology load balancing mode to redirect DNS queries to the closest virtual server, geographically, based on location information derived from the DNS query message. topology record A topology record specifies a score for a local DNS server location endpoint and a virtual server location endpoint. topology score The topology score is the weight assigned to a topology record when the Global Traffic Manager is filtering the topology records to find the best virtual server match for a DNS query. topology statement A topology statement is a collection of topology records. TTL (Time to Live) The TTL is the number of seconds for which a DNS record or metric is valid, or for which a DNSSEC key is cached by a client resolver. When a TTL expires, the server usually must refresh the information before using it again. See also DNSSEC (DNS Security Extensions). unavailable The unavailable status is used for data center servers and virtual servers. When a data center server or virtual server is unavailable, the Global Traffic Manager does not use it for load balancing. unknown The unknown status is used for data center servers and virtual servers. When a data center server or virtual server is new to the Global Traffic Manager and does not yet have metrics information, the Global Traffic Manager marks its status as unknown. The Global Traffic Manager can use unknown servers for load balancing, but if the load balancing mode is dynamic, the Global Traffic Manager uses default metrics information for the unknown server until it receives live metrics data. up The up status is used for data center servers and virtual servers. When a data center server or virtual server is up, the data center server or virtual server is available to respond to name resolution requests.
Configuration Guide for BIG-IP Global Traffic ManagerTM Glossary - 13
Glossary
user configuration set (UCS) A user configuration set is a backup file that you create for the BIG-IP system configuration data. When you create a UCS, the BIG-IP system assigns a .ucs extension to the file name. virtual server A virtual server, in the context of the Global Traffic Manager, is a combination of an IP address and a port number that, together, provide access to an application or data source on your network. wide IP A wide IP is a collection of one or more domain names that maps to one or more groups of virtual servers managed either by BIG-IP systems, or by host servers. The Global Traffic Manager load balances name resolution requests across the virtual servers that are defined in the wide IP that is associated with the requested domain name. wide IP-level load balancing With wide IP-level load balancing, the Global Traffic Manager load balances requests, first to a specific pool, and then to a specific virtual server in the selected pool. If the preferred, alternate, and fallback load balancing methods that are configured for the pool or virtual server fail, then the requests fail, or the system falls back to DNS. See also tiered load balancing and pool-level load balancing. wildcard listener A wildcard listener monitors all traffic coming into your network, regardless of the destination IP address of the given DNS request. zone In DNS terms, a zone is a subset of DNS records for one or more domains. zone file In DNS terms, a zone file is a database set of domains with one or many domain names, designated mail servers, a list of other nameservers that can answer resolution requests, and a set of zone attributes, which are contained in an SOA record. zone-signing key The Global Traffic Manager uses a zone-signing key to sign all of the record sets in a DNSSEC zone. See also DNSSEC (DNS Security Extensions), DNSSEC zones, and key-signing key. ZoneRunner ZoneRunner is the utility that allows you manage your resource records, zone files, and named configuration associated with your implementation of DNS and BIND.
Glossary - 14
Index
Index
A
A record creating 16-14 defined 16-12 AAAA record creating 16-15 defined 16-12 address exclusion list 13-7 alias addresses 11-35 alternate load balancing method 7-2 applications See distributed applications. auto-discovery described 3-14 setting polling frequency 3-15 availability, defined 8-3
communications and big3d A-5 and probes B-1 system 3-4 Completion Rate load balancing mode 7-7 Configuration utility introducing 1-5 connections, resuming 8-10 CPU load balancing mode 7-7 custom monitors importing from another custom monitor 11-6 importing from pre-configured monitor 11-6 importing from template 11-6 using 11-5 using pre-configured 11-5
D B
big3d agent and broadcasting sequence A-3 and configuration trade-offs A-4 and data collection A-3 and dynamic load balancing 7-6 and iQuery A-5, B-2 and metrics A-2 defined 1-4 getting version number B-2 installing A-3 introducing A-1 selecting for probe requests B-3, B-5 setting up A-3 using with system communications 3-4 big3d_install script and setup tasks 3-6, 3-9 running 3-8, 3-9 BIG-IP health monitor 11-13 BIG-IP Link health monitor 11-14 bigip_add script and setup tasks 3-6, 3-8 billing, and links 5-23 BIND configuration and DNSSEC 10-14 Bridge mode and listeners 4-1 configuring listeners for traffic forwarding 4-4 defined 4-1 broadcast sequence and big3d agent A-3 data center statistics 12-9 data centers and defining physical network components 5-1 configuring 5-2 defined 2-2 deleting 5-4 disabling 5-4 enabling 5-4 managing 5-2 modifying 5-3 data collection, and big3d agent A-3 data graphs, performance 14-1 denial of service, preventing 10-1 dependencies creating for virtual servers 8-7 organizing for virtual servers 8-9 removing from virtual servers 8-8 setting 6-21 setting for virtual servers 8-7 destination statements 9-1 distributed applications adding wide IPs 6-20 and dependencies 6-21 and persistent connections 6-24 and statistics for 12-5 and wide IPs 2-5 defined 6-19 defining in Global Traffic Manager 6-19 disabling traffic 6-23 enabling traffic 6-23 introducing 2-5 managing 6-19 removing wide IPs 6-21 removing wide IPs from 6-21 DNAME record creating 16-16 defined 16-12
C
cache poisoning, preventing 10-1 CNAME record creating 16-15 defined 16-12
Index - 1
Index
DNS zone files adding to views 16-24 synchronizing 3-13 DNSSEC and independence from BIND 10-14 DNSSEC key expiration 10-2 DNSSEC keys about generations of 10-1 about key-signing keys 10-4 about zone-signing keys 10-4 creating 10-4 deleting 10-6 introducing 10-1 manually rolling over a generation of 10-8 modifying 10-6 modifying generations of 10-7 setting TTL for 10-2 DNSSEC resource records 10-14 DNSSEC zones creating 10-11 deleting 10-13 introducing 10-1 managing 10-11 modifying 10-12 domain names configuring system validation 3-18 domain validation, configuring 3-18 domains, about providing DS records to parent 10-3 Drain Persistent Requests option 8-12 Drop Packet load balancing mode 7-3 DS records, providing to parent domains 10-3 dynamic load balancing modes and big3d agents 7-6 and fallback load balancing method 7-2 defined 7-1 listing of types 7-7 overview 7-6 using 7-6 See also Completion Rate load balancing mode. See also CPU load balancing mode. See also Hops load balancing mode. See also Kilobyte/Second load balancing mode. See also Least Connections load balancing mode. See also Packet Rate load balancing mode. See also Quality of Service load balancing mode. See also Round Trip Times load balancing mode. See also Virtual Server Score load balancing mode. See also VS Capacity load balancing mode. dynamic ratio and Quality of Service mode 7-9 introducing 7-12 using with Quality of Service mode 7-12 Dynamic Ratio option, enabling for pools 7-13
E
EAV monitors 11-2 ECV monitors 11-2 event declarations 15-4 event execution, terminating 15-5 event-based traffic management 15-4 External health monitor 11-14
F
failover enabling network-based 3-3 for hardware-based 1-4, 3-4 for network-based 1-4, 3-4 Fallback IP load balancing mode 7-4 fallback load balancing and load balancing mode usage 7-2 configuring 7-16 introducing 7-16 selecting 7-2 features of Global Traffic Manager 1-1 FirePass health monitors 11-15 firewalls and iQuery A-6 forward zone files creating 16-6 defined 16-2 FTP health monitors 11-16
G
Gateway ICMP health monitor 11-8 generations modifying for DNSSEC keys 10-7 geolocation data, reloading default data 9-13 GeoPoint database and whereis iRule command 15-7 Global Availability load balancing mode 7-4 Global Traffic Manager and components 2-1 and DNSSEC keys and zones 10-1 and operation modes 4-1 defining current 3-2, 5-6 selecting for probe requests B-3 graphs for performance data 14-1 GTM Performance graph 14-1 GTM Request Breakdown graph 14-1 gtm_add script and setup tasks 3-6 running 3-6 gtmd 3-5
H
hardware-based failover 1-4, 3-4 health monitor settings 11-1 health monitor types 11-38 health monitors
Index - 2
Index
and alias addresses 11-35 and default settings 11-1 and disabled resources 3-17 and extended content verification 11-10 and external application verification 11-12 and health monitor types 11-2 and links 5-22, 5-23 and number of queries 3-17 and reverse mode 11-35 and simple monitors 11-8 and transparent mode 11-35 assigning heartbeat intervals 3-16 assigning servers to 5-13 associating resources to 11-38 configuring 11-8 creating 11-7 creating custom health monitors 11-5 defined 11-2 deleting 11-40 determining availability with 8-4 disabling 11-40 displaying 11-40 enabling 11-40 introducing 11-1 managing 11-40 using BIG-IP Link monitor 11-14 using BIG-IP monitor 11-13 using External 11-14 using FirePass 11-15 using FTP 11-16 using Gateway ICMP 11-8 using HTTP 11-10 using HTTPS 11-11 using IMAP 11-16 using LDAP 11-17 using MSSQL 11-18 using NNTP 11-19 using Oracle 11-20 using POP3 11-21 using pre-configured 11-5 using RADIUS 11-21 using Real Server 11-22 using Scripted 11-24 using SIP 11-25 using SMTP 11-26 using SNMP 11-26 using SNMP Link 11-28 using SOAP 11-28 using TCP 11-12 using TCP Half Open 11-9 using UDP 11-29 using WAP 11-30 using WMI 11-31 heartbeat interval 3-16
HINFO record creating 16-17 defined 16-13 HINT zone files creating 16-6 defined 16-2 Hops load balancing mode 7-7 host 5-10 host servers defined 5-10 using Generic Host option 5-12 HTTP health monitor 11-10 HTTPS health monitor 11-11
I
ID hacking, preventing 10-1 if statement and syntax 15-6 nesting 15-6 ignore path TTL option 7-17 IMAP health monitor 11-16 internet protocols 1-3 IP geolocation database downloading and installing updates 9-10 iqdump command, using B-2 iQuery and firewalls A-6 and probes B-1 and VLANs B-2 defined A-5 using with system communications 3-4 iRule evaluation, controlling 15-4 iRule event types 15-4 iRule functions 15-8 iRule statement syntax using IP commands 15-10 using statement commands 15-6 using TCP commands 15-10 using UDP commands 15-10 using utility commands 15-8, 15-9 using wide IP commands 15-7 iRules adding to wide IPs 6-16 and statement commands 15-6 and wide IPs 6-15 assigning 15-5 creating 15-2 introducing 15-1 organizing within wide IPs 6-17 removing from wide IPs 6-16
Index - 3
Index
K
key expiration 10-2 key generations rolling over DNSSEC 10-8 understanding DNSSEC keys 10-1 keys, DNSSEC 10-4 key-signing keys about 10-5 managing 10-4 Kilobytes/Second load balancing mode 7-7
L
last resort pool 8-13 LDAP health monitor 11-17 LDNS probes B-8 Least Connections load balancing mode 7-8 limit setting defined 8-3 establishing 8-3 using Kilobytes 8-3 using Packets 8-3 limit settings See limit thresholds. limit thresholds and BIG-IP systems 8-3 and pool members 5-16 and pools 5-15 and servers 5-14 and virtual servers 5-15 introducing 5-13 using Total Connections 8-3 Link Controller, defined 5-8 link statistics 12-10 links adding 5-21, 5-22 and defining physical network components 5-1 and monitors 5-22, 5-23 billing 5-23 defined 2-3 determining availability 8-6 managing 5-21 removing 5-22 weighting 5-23 listeners deleting 4-6 introducing 4-1 modifying 4-5 load balancing and dynamic modes 7-6 and pools 7-1, 7-15 and static modes 7-3 and wide IPs 7-1, 7-14 configuring 7-14 enabling ignore path TTL option 7-17 introducing 7-1
using alternate methods 7-1 using dynamic load balancing modes 7-1 using fallback method 7-16 using pool-level 7-1 using static load balancing modes 7-1 using tiered 7-1 using Topology mode 9-12 using wide IP-level 7-1 verifying virtual server availability 7-17 load balancing methods defined 7-1 using fallback load balancing 7-2 load balancing mode usage 7-2 load balancing modes and name resolution requests 7-1 defined 7-2 using Completion Rate 7-7 using CPU 7-7 using Drop Packet 7-3 using Fallback IP 7-4 using Global Availability 7-4 using Hops 7-7 using Kilobytes/Second 7-7 using Least Connections 7-8 using None 7-3, 7-4 using Packet Rate 7-8 using Quality of Service 7-10 using Ratio 7-5 using Return to DNS 7-3, 7-5 using Round Robin 7-5 using Round Trip Times 7-9 using static 7-3 using Static Persist 7-5 using Topology 7-6 using Virtual Server Score 7-9 using VS Capacity 7-9 load balancing servers defined 5-9 using generic load balancing server option 5-10 local DNS excluding from probes 13-6 removing from probes 13-7 local DNS statistics 12-15 Local Traffic Manager and resources 1-2 defined 5-7 log statements 15-6 logical network components and distributed applications 2-5 and listeners 2-4 and pools 2-4 and wide IPs 2-5 defined 2-4, 5-1 introducing 6-1 reviewing 2-4
Index - 4
Index
M
manual resume 8-10 master zone files See primary zone files. metrics defined 13-2 introducing 13-1 metrics collection and big3d agent A-2 and probes 13-6 and TTL and timers 13-5 excluding local DNS from probes 13-6 removing local DNS from probes 13-7 sequence A-3 setting TTL and timer values 13-5 monitors checking virtual servers associated with servers 8-5 configuring global 3-15 defined 8-4 determining availability of links 8-6 determining availability of pools 8-6 determining availability of virtual servers 8-4 See also health monitors. summary of types 11-2 using custom 11-5 MSSQL health monitor troubleshooting 11-19 using to perform service checks 11-18 mx record creating 16-18 defined 16-13
O
Oracle health monitor 11-20
P
Packet Rate load balancing mode 7-8 parent domains, about providing DS records 10-3 paths statistics 12-13 performance data, viewing 14-1 performance monitors 11-8 persistence records 12-16 persistent connections and distributed applications 6-24 and persistent records 12-16 draining 8-12 introducing 8-11 physical network components and virtual servers 2-3 configuring data centers 5-2 introducing 5-1 using data centers 2-2 using links 2-3 using servers 2-2 pool members, using with limit thresholds 5-16 pool statistics 12-8 pool-level load balancing 7-1 pools adding to wide IPs 6-11 and configuring topologies 9-7, 9-8 and limit thresholds 5-15 and load balancing 7-15 and topology load balancing 9-12 and virtual servers 6-3 defined 6-3, 6-8 determining availability 8-6 disabling 6-7 enabling 6-7 organizing virtual servers 6-4 organizing within wide IPs 6-12 removing from wide IPs 6-12 removing virtual servers 6-4 weighting virtual servers 6-5 weighting within wide IPs 6-13 POP3 health monitor 11-21 preconfigured health monitors 11-5 preferred load balancing method 7-2 primary zone files creating 16-3 defining 16-2 probes and information in log file B-10 and LDNS B-8 defined B-1 designating servers B-7 determining responsibility for B-3 enabling logging B-10
N
named.conf file 16-25 network management tools 1-3 network traffic flows, graphs 14-1 network-based failover and redundant system configurations 1-4, 3-4 enabling 3-3 NIST, and standards for DNSSEC zone-signing keys 10-5 NNTP health monitor 11-19 Node mode and listeners 4-1, 4-3 defined 4-1 NoError response, implementing 6-18 None load balancing mode using 7-4 using to skip load balancing 7-3 NS record creating 16-18 defined 16-13 NTP defining 3-10 synchronizing systems 3-10
Index - 5
Index
selecting big3d agents B-5 selecting Global Traffic Manager systems B-3 using log entries to tune B-10 PTR record creating 16-19 defined 16-13
Q
QoS See Quality of Service load balancing mode. Quality of Service coefficients 7-10 Quality of Service load balancing mode and default settings 7-10 and values of coefficients 7-10 customizing 7-8, 7-12 introducing 7-10 using dynamic ratio 7-9, 7-12
reverse mode 11-35 Round Robin load balancing mode 7-5 Round Trip Times load balancing mode 7-9 Router mode and listeners 4-1 configuring listeners for traffic forwarding 4-4 defined 4-1 rule statement syntax using IP commands 15-10 using statement commands 15-6 using TCP commands 15-10 using UDP commands 15-10 using utility commands 15-8, 15-9 using wide IP commands 15-7
S
Scripted health monitor 11-24 search feature locating components 2-6 using to find servers 5-12 using to find wide IPs 6-10 using to find zones 16-10 secondary zone files creating 16-4 defined 16-2 security features 1-2 server statistics 12-11 server weight, and topologies 9-1 servers about 2-2 and BIG-IP systems defined 5-5 and defining physical network components 5-1 and limit thresholds 5-14 defining current Global Traffic Manager 5-6 defining host servers 5-10 defining Link Controller systems 5-8 defining load balancing servers 5-9 defining Local Traffic Managers 5-7 defining NTP 3-10 introducing 5-5 service checks, troubleshooting 11-19 setup tasks 1-2 Setup Utility, using 3-1 simple monitors 11-2 SIP health monitor 11-25 slave zone files See secondary zone files. SMTP 1-3 SMTP health monitor 11-26 SNMP health monitor 11-26 SNMP Link health monitor 11-28 SNMP MIB 1-5 SNMP, using for system communications 3-5 SOA record, defined 16-12 SOAP health monitor 11-28
R
RADIUS health monitor 11-21 Ratio load balancing mode 7-5 Real Server health monitor 11-22 regions 9-4 request source statements 9-1 requests draining 8-12 on performance graph 14-1 resolutions, on performance graph 14-1 resource availability and limit settings 8-3 and monitor availability requirements 8-3 and monitors 11-2 and virtual server dependencies 8-3 defined 8-3 resource health, determining 8-2 resource records about DNSSEC and BIND 10-14 adding to zone files 16-22 and CNAME records 16-15 and HINFO records 16-17 and MX records 16-18 and NS records 16-13 and PTR records 16-13 and SOA records 16-12 and SRV records 16-20 and TXT records 16-21 and types of records 16-12 modifying 16-21 viewing DNSSEC 10-14 resources discovering automatically 5-17 monitoring disabled 3-17 Return to DNS load balancing mode using 7-5 using to skip load balancing 7-3 Index - 6
Index
spoofing, preventing 10-1 SQL Enterprise Manager 11-19 SQL Server-based services 11-18 SRV record creating 16-20 defined 16-13 SSL 1-2 statement commands, specifying 15-6 static load balancing modes and alternate load balancing methods 7-1 and fallback load balancing method 7-2 defined 7-1 described 7-3 using 7-3 using Drop Packet 7-3 using Fallback IP 7-4 using Global Availability 7-4 using None 7-3, 7-4 using Ratio 7-5 using Return to DNS 7-3, 7-5 using Round Robin 7-5 using Static Persist 7-5 using Topology 7-6 Static Persist load balancing mode 7-5 statistics accessing 12-2 and data centers 12-9 and distributed applications 12-5 and links 12-10 and local DNS servers 12-15 and paths 12-13 and pools 12-8 and servers 12-11 and status summary 12-3 and virtual servers 12-12 and wide IPs 12-6 described 12-4 introducing 12-1 status code, defined 8-2 status summary 12-3 strings, returning 15-8 stub zone files creating 16-5 defined 16-2 synchronization activating 3-10 and DNS zone files 3-13 and NTP 3-10 and time 3-10 configuring 3-9 controlling 3-11 creating groups 3-13 deactivating 3-12 defined 3-10 described 3-9 using other synchronization options 1-3
synchronization groups 3-10, 3-13 syntax for iRule statements using IP commands 15-10 using statement commands 15-6 using TCP commands 15-10 using UDP commands 15-10 using utility commands 15-8, 15-9 using wide IP commands 15-7 system communications 3-4 system resources and dependencies 8-7 associating health monitors to 11-38 determining availability 8-3 resuming connections to 8-10 systems availability 8-3 defining BIG-IP 3-6 discovering automatically 5-17
T
tasks, setup 1-2 Tcl syntax 15-2 TCP Half Open health monitor 11-9 TCP health monitor 11-12 test accounts 11-19 tiered load balancing 7-1 timer values and metrics collection 13-5 introducing 13-5 Tools Command Language syntax 15-2 topologies and destination statements 9-1 and pools 9-12 and regions 9-4 and request source statements 9-1 and server weight 9-1 and wide IPs 9-12 configuring for pools 9-7 configuring for wide IPs 9-5 configuring for wide IPs and pools 9-8 implementing 9-10 introducing 9-1 Topology load balancing mode using 7-6 topology records creating 9-11 removing 9-14 topology score, and topology records transparent mode 11-35 TTL values and metrics collection 13-5 introducing 13-5 TTL, setting for DNSSEC keys 10-2
Index - 7
Index
U
UDP health monitor 11-29 use pool statement syntax 15-6
V
validation, domain 3-18 Verify Virtual Server Availability option 7-17 views adding 16-23 adding zones to 16-24 and BIND 9 16-22 deleting 16-24 modifying 16-23 Virtual Server Score load balancing mode 7-9 virtual server statistics 12-12 virtual servers about 2-3 adding 5-19 adding to pools 6-3 and defining physical network components 5-1 and iRules 15-5 and limit thresholds 5-15 creating dependencies 8-7 determining availability 8-4 editing 5-20 managing 5-19 organizing dependencies 8-9 organizing within pools 6-4 removing 5-20 removing dependencies 8-8 removing from pools 6-4 setting dependencies 8-7 weighting within pools 6-5 VS Capacity load balancing mode 7-9
and iRules 6-15 and load balancing 7-14 and persistent connections 8-11 and topology load balancing 9-12 creating 6-9 disabling 6-15 enabling 6-15 maintaining 6-10 organizing iRules 6-17 organizing pools 6-12 removing from distributed applications 6-21 removing iRules from 6-16 removing pools from 6-12 setting up 1-2 weighting pools 6-13 wildcard characters and wide IPs 6-10 examples 6-10 wildcard listener, defined 4-5 Wireless Application Protocol monitor See WAP health monitor. WMI health monitor 11-31
Z
zone files adding to views 16-24 synchronizing 3-13 zones creating 16-3 creating DNSSEC 10-11 deleting DNSSEC 10-13 managing DNSSEC 10-11 modifying DNSSEC 10-12 zone-signing keys about 10-5 managing 10-4
W
WAP health monitor 11-30 weight See topology score, and topology records. weighting, using with links 5-23 when keyword, using with iRules 15-5 whereis iRule command 15-7 wide IP load balancing, and load balancing modes 7-2 wide IP statistics 12-6 wide IP-level load balancing 7-1 wide IPs adding iRules to 6-16 adding pools to 6-11 adding to distributed applications 6-20 and configuring topologies 9-5, 9-8
Index - 8