Configuration Guidefor BIG-IP Global Traffic Manager

Configuration Guide
for BIG-IP
Global Traffic Manager

version 10.1
MAN-0305-00
Configuration Guide for BIG-IP

TM
i
Product Version
This manual applies to product version 10.1 of the BIG-IP
Global Traffic Manager.

Publication Date
This manual was published on October 26, 2011.
Legal Notices
Copyright
Copyright 2011, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicable
user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
3DNS, Access Policy Manager, Acopia, Acopia Networks, Advanced Client Authentication, Advanced
Routing, APM, Application Security Manager, ARX, AskF5, ASM, BIG-IP, Cloud Extender,
CloudFucious, CMP, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express, DSC, DSI, Edge
Client, Edge Gateway, Edge Portal, EM, Enterprise Manager, F5, F5 [DESIGN], F5 Management Pack, F5
Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass, Global Traffic Manager, GTM, IBR,
Intelligent Browser Referencing, Intelligent Compression, IPv6 Gateway, iApps, iControl, iHealth,
iQuery, iRules, iRules OnDemand, iSession, IT agility. Your way., L7 Rate Shaping, LC, Link Controller,
Local Traffic Manager, LTM, Message Security Module, MSM, Netcelera, OneConnect, Packet Velocity,
Protocol Security Module, PSM, Real Traffic Policy Builder, Scale
N
, SSL Acceleration, StrongBox,
SuperVIP, SYN Check, TCP Express, TDR, TMOS, Traffic Management Operating System,
TrafficShield, Transparent Data Reduction, VIPRION, vCMP, WA, WAN Optimization Manager,
WANJet, WebAccelerator, WOM, and ZoneRunner, are trademarks or service marks of F5 Networks, Inc.,
in the U.S. and other countries, and may not be used without F5's express written consent.
All other product and company names herein may be trademarks of their respective owners.
Patents
This product may be protected by U.S. Patents 6,374,300; 6,473,802; 6,970,733; 7,047,301; 7,707,289.
This list is believed to be current as of October 26, 2011.
Export Regulation Notice
This product may include cryptographic software. Under the Export Administration Act, the United States
government may consider it a criminal offense to export this product from the United States.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
ii
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's
authority to operate this equipment under part 15 of the FCC rules.
Canadian Regulatory Compliance
This class A digital apparatus complies with Canadian I CES-003.
Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to
Information Technology products at the time of manufacture.
Acknowledgments
This product includes software developed by Gabriel Fort.
This product includes software developed by Bill Paul.
This product includes software developed by Jonathan Stone.
This product includes software developed by Manuel Bouyer.
This product includes software developed by Paul Richards.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by the Politecnico di Torino, and its contributors.
This product includes software developed by the Swedish Institute of Computer Science and its
contributors.
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications,
http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.
This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was
developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.
"Similar operating systems" includes mainly non-profit oriented systems for research and education,
including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.

TM
iii
This product includes the standard version of Perl software licensed under the Perl Artistic License (
1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current
standard version of Perl at http://www.perl.com.
This product includes software developed by Jared Minch.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product contains software based on oprofile, which is protected under the GNU Public License.
This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)
and licensed under the GNU General Public License.
This product contains software licensed from Dr. Brian Gladman under the GNU General Public License
(GPL).
This product includes software developed by the Apache Software Foundation <http://www.apache.org/>.
This product includes Hypersonic SQL.
This product contains software developed by the Regents of the University of California, Sun
Microsystems, Inc., Scriptics Corporation, and others.
This product includes software developed by the Internet Software Consortium.
This product includes software developed by Nominum, Inc. (http://www.nominum.com).
This product contains software developed by Broadcom Corporation, which is protected under the GNU
Public License.
This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser
General Public License, as published by the Free Software Foundation.
This product includes the GeoPoint Database developed by Quova, Inc. and its contributors.
This product includes software developed by Balazs Scheidler <bazsi@balabit.hu>, which is protected
under the GNU Public License.
This product includes software developed by NLnet Labs and its contributors.
This product includes software written by Steffen Beyer and licensed under the Perl Artistic License and
the GPL.
This product includes software written by Makamaka Hannyaharamitu 2007-2008.
iv
Table of Contents
Table of Contents

TM
vii
1
Overview of the Global Traffic Manager
Introducing the Global Traffic Manager .................................................................................... 1-1
Security features .................................................................................................................... 1-2
Introducing Local Traffic Manager resources ................................................................. 1-2
Internet protocol and network management support ................................................. 1-2
System synchronization options ........................................................................................ 1-3
Configuring data collection for server status and network path data ...................... 1-3
Redundant system configurations ..................................................................................... 1-3
Introducing the Configuration utility ......................................................................................... 1-4
Introducing the Traffic Management Shell ................................................................................ 1-5
2
Introducing Global Traffic Manager Components
Defining Global Traffic Manager components ......................................................................... 2-1
Introducing physical network components .............................................................................. 2-2
Data centers ........................................................................................................................... 2-2
Servers ..................................................................................................................................... 2-2
Links ......................................................................................................................................... 2-3
Virtual servers ........................................................................................................................ 2-3
Introducing logical network components ................................................................................. 2-4
Listeners .................................................................................................................................. 2-4
Pools ......................................................................................................................................... 2-4
Wide IPs .................................................................................................................................. 2-5
Distributed applications ....................................................................................................... 2-5
Locating a component using the search feature ..................................................................... 2-6
3
Setting Up and Configuring the Global Traffic Manager
Setting up the Global Traffic Manager ....................................................................................... 3-1
Configuring the Global Traffic Manager .................................................................................... 3-1
Defining the Global Traffic Manager ................................................................................. 3-2
Establishing system communications ................................................................................ 3-4
Configuring synchronization settings ................................................................................ 3-9
Configuring auto-discovery ............................................................................................... 3-14
Configuring global monitor settings ................................................................................ 3-15
Configuring domain validation ......................................................................................... 3-18
4
Working with Listeners
Introducing listeners ...................................................................................................................... 4-1
Creating a listener for local resolution ..................................................................................... 4-3
Configuring listeners for traffic forwarding .............................................................................. 4-4
Configuring a wildcard listener ................................................................................................... 4-5
Modifying listeners ......................................................................................................................... 4-5
Deleting listeners ........................................................................................................................... 4-6
Using listeners with VLANs ......................................................................................................... 4-6
Configuring a listener for all VLANs ................................................................................ 4-6
Configuring a listener for specific VLANs ....................................................................... 4-7
Disabling a listener for specific VLANs ............................................................................ 4-8
Table of Contents
viii
5
Defining the Physical Network
Introducing physical network components .............................................................................. 5-1
Managing data centers ................................................................................................................... 5-2
Configuring data centers ..................................................................................................... 5-2
Modifying data centers ......................................................................................................... 5-3
Deleting data centers ........................................................................................................... 5-4
Enabling and disabling data centers ................................................................................... 5-4
Managing servers ............................................................................................................................ 5-5
Defining BIG-IP systems ...................................................................................................... 5-5
Defining third-party load balancing servers .................................................................... 5-9
Defining third-party host servers .................................................................................... 5-10
Searching for a specific server ......................................................................................... 5-12
Assigning monitors to servers ......................................................................................... 5-13
Specifying thresholds for availability ............................................................................... 5-13
Discovering resources automatically .............................................................................. 5-17
Managing virtual servers ............................................................................................................. 5-19
Adding virtual servers manually ....................................................................................... 5-19
Modifying virtual servers ................................................................................................... 5-20
Removing virtual servers ................................................................................................... 5-20
Managing links ............................................................................................................................... 5-21
Defining links ........................................................................................................................ 5-21
Adding and removing routers .......................................................................................... 5-22
Assigning monitors to links ............................................................................................... 5-22
Removing monitors from links ........................................................................................ 5-23
Configuring link weighting and billing properties ........................................................ 5-23
6
Defining the Logical Network
Introducing logical network components ................................................................................. 6-1
Understanding logical components ................................................................................... 6-1
Managing pools ............................................................................................................................... 6-2
Defining pools ........................................................................................................................ 6-3
Adding virtual servers to pools ......................................................................................... 6-3
Removing virtual servers from pools ............................................................................... 6-4
Organizing virtual servers within pools ........................................................................... 6-4
Weighting virtual servers within pools ............................................................................ 6-5
Disabling and enabling pools ............................................................................................... 6-7
Defining pools using a canonical name ............................................................................. 6-8
Managing wide IPs .......................................................................................................................... 6-9
Defining wide IPs ................................................................................................................... 6-9
Searching for a specific wide IP ........................................................................................ 6-10
Adding pools to wide IPs .................................................................................................. 6-11
Removing pools from wide IPs ........................................................................................ 6-12
Organizing pools within wide IPs .................................................................................... 6-12
Weighting pools within wide IPs ..................................................................................... 6-13
Disabling and enabling wide IPs ....................................................................................... 6-15
Incorporating iRules ........................................................................................................... 6-15
Implementing the NoError response for IPv6 resolution ......................................... 6-18
Managing distributed applications ............................................................................................. 6-19
Defining distributed applications ..................................................................................... 6-19
Adding wide IPs to distributed applications .................................................................. 6-20
Removing wide IPs from distributed applications ....................................................... 6-21
Setting dependencies for distributed applications ....................................................... 6-21
Table of Contents

TM
ix
Enabling and disabling distributed application traffic ................................................... 6-23
Enabling persistent connections ...................................................................................... 6-24
7
Load Balancing with the Global Traffic Manager
Understanding load balancing on the Global Traffic Manager ............................................. 7-1
Using static load balancing modes .............................................................................................. 7-3
Drop Packet mode ............................................................................................................... 7-3
Fallback IP mode .................................................................................................................... 7-4
Global Availability mode ...................................................................................................... 7-4
None mode ............................................................................................................................ 7-4
Ratio mode ............................................................................................................................. 7-5
Return to DNS mode .......................................................................................................... 7-5
Round Robin mode ............................................................................................................... 7-5
Static Persist mode ............................................................................................................... 7-5
Topology mode ..................................................................................................................... 7-6
Using dynamic load balancing modes ......................................................................................... 7-6
Types of dynamic load balancing modes .......................................................................... 7-6
Implementing the Quality of Service load balancing mode ......................................... 7-9
Using the Dynamic Ratio option ..................................................................................... 7-12
Configuring load balancing ......................................................................................................... 7-14
Configuring load balancing methods for wide IPs ....................................................... 7-14
Configuring load balancing methods for pools ............................................................. 7-15
Using the fallback load balancing method ............................................................................... 7-16
Configuring the fallback load balancing method .......................................................... 7-16
Employing additional load balancing options .......................................................................... 7-17
8
Managing Connections
Introducing connection management ........................................................................................ 8-1
Determining resource health ...................................................................................................... 8-2
Determining resource availability ............................................................................................... 8-3
Establishing limit settings ..................................................................................................... 8-3
Using monitors to determine availability ......................................................................... 8-4
Managing dependencies for virtual servers ..................................................................... 8-7
Resuming connections to resources ........................................................................................ 8-10
Establishing persistent connections .......................................................................................... 8-11
Draining persistent requests ............................................................................................ 8-12
Setting the last resort pool ........................................................................................................ 8-13
9
Load Balancing Connection Requests Using Topologies
Overview of topologies ................................................................................................................ 9-1
Understanding topology records ...................................................................................... 9-1
Understanding user-defined regions ................................................................................. 9-4
Configuring the Global Traffic Manager to route connection requests to the
closest data center ......................................................................................................................... 9-5
Configuring Topology load balancing at the wide IP level ........................................... 9-5
Configuring Topology load balancing at the pool level ................................................ 9-7
Configuring Topology load balancing at both the wide IP and pool levels .............. 9-8
Implementing topologies ............................................................................................................ 9-10
Downloading and installing updates to the IP geolocation data ............................... 9-10
Creating a topology record .............................................................................................. 9-11
Table of Contents
x
Configuring a wide IP for Topology load balancing ..................................................... 9-12
Configuring a pool for Topology load balancing .......................................................... 9-12
Reloading default geolocation data .......................................................................................... 9-13
Removing topology records ...................................................................................................... 9-14
Disabling the Longest Match option ........................................................................................ 9-15
10
Working with DNSSEC Keys and Zones
About DNSSEC ............................................................................................................................ 10-1
Introducing DNSSEC keys and zones ...................................................................................... 10-1
Understanding DNSSEC keys .......................................................................................... 10-1
Providing DS records to the parent domain ................................................................ 10-3
Managing DNSSEC keys ............................................................................................................. 10-4
Creating DNSSEC keys ..................................................................................................... 10-4
Modifying DNSSEC keys ................................................................................................... 10-6
Deleting DNSSEC keys ...................................................................................................... 10-6
Modifying generations of a DNSSEC key ...................................................................... 10-6
Performing a manual rollover of a key ........................................................................... 10-7
Managing DNSSEC zones .........................................................................................................10-10
Creating DNSSEC zones .................................................................................................10-10
Viewing the status of DNSSEC zones ..........................................................................10-11
Modifying DNSSEC zones ...............................................................................................10-11
Deleting DNSSEC zones .................................................................................................10-11
Viewing DNSSEC resource records that you have added to your BIND
configuration ................................................................................................................................10-12
11
Configuring Monitors
Introducing monitors .................................................................................................................. 11-1
Summary of monitor types ............................................................................................... 11-2
Overview of monitor settings .......................................................................................... 11-4
Understanding pre-configured and custom monitors ................................................ 11-5
Creating a custom monitor ....................................................................................................... 11-7
Configuring monitor settings ..................................................................................................... 11-8
Simple monitors .................................................................................................................. 11-8
Extended Content Verification (ECV) monitors .......................................................11-10
External Application Verification (EAV) monitors ....................................................11-12
Special configuration considerations ......................................................................................11-35
Setting destinations ...........................................................................................................11-35
Using transparent and reverse modes .........................................................................11-35
Configuring when a virtual server is marked down ..................................................11-37
Configuring an ECV monitor to ignore a down response ......................................11-37
Associating monitors with resources ....................................................................................11-38
Types of monitor associations .......................................................................................11-38
Managing monitors .....................................................................................................................11-40
Displaying monitor settings ............................................................................................11-40
Deleting monitors .............................................................................................................11-40
Enabling and disabling monitor instances .....................................................................11-41
12
Viewing Statistics
Introducing statistics .................................................................................................................... 12-1
Accessing statistics ....................................................................................................................... 12-2
Table of Contents

TM
xi
Viewing the Status Summary screen ........................................................................................ 12-3
Understanding the types of statistics ....................................................................................... 12-4
Distributed application statistics ..................................................................................... 12-5
Wide IP statistics ................................................................................................................. 12-6
Pool statistics ....................................................................................................................... 12-8
Data center statistics ......................................................................................................... 12-9
Link statistics ......................................................................................................................12-10
Server statistics ..................................................................................................................12-11
Virtual server statistics ....................................................................................................12-12
Paths statistics ....................................................................................................................12-13
Local DNS statistics ..........................................................................................................12-15
Understanding persistence records .......................................................................................12-16
13
Collecting Metrics
Introducing metrics collection .................................................................................................. 13-1
Defining metrics ........................................................................................................................... 13-2
Assigning probes to local domain name servers ................................................................... 13-3
Configuring TTL and timer values ............................................................................................ 13-5
Excluding LDNS servers from probes ..................................................................................... 13-6
Removing LDNS servers from the address exclusion list ......................................... 13-7
14
Viewing Performance Data
Introducing performance data graphs ..................................................................................... 14-1
Viewing performance data ......................................................................................................... 14-1
About the GTM Performance graph .............................................................................. 14-1
About the GTM Request Breakdown graph ................................................................. 14-1
15
Managing iRules
Introducing iRules for the Global Traffic Manager ............................................................... 15-1
What is an iRule? ................................................................................................................. 15-1
Creating iRules .............................................................................................................................. 15-2
Assigning iRules ............................................................................................................................ 15-3
Controlling iRule evaluation ...................................................................................................... 15-4
Specifying events ................................................................................................................. 15-4
Using the when keyword .................................................................................................. 15-5
Listing iRules on wide IPs .................................................................................................. 15-5
Using statement commands ....................................................................................................... 15-6
Using wide IP commands ............................................................................................................ 15-7
Using utility commands ............................................................................................................... 15-8
Parsing and manipulating content .................................................................................... 15-8
Ensuring data integrity ....................................................................................................... 15-8
Retrieving resource information ..................................................................................... 15-9
Using protocol commands ......................................................................................................... 15-9
IP commands ......................................................................................................................15-10
TCP commands .................................................................................................................15-10
UDP commands .................................................................................................................15-10
Removing iRules .........................................................................................................................15-11
Table of Contents
xii
16
Managing DNS Files with ZoneRunner
Introducing ZoneRunner ............................................................................................................ 16-1
Working with DNS and BIND ......................................................................................... 16-1
Understanding ZoneRunner tasks .................................................................................. 16-1
Working with zone files ............................................................................................................. 16-2
Types of zone files .............................................................................................................. 16-2
Creating zone files .............................................................................................................. 16-3
Importing zone files ............................................................................................................ 16-7
Searching for a specific zone ..........................................................................................16-10
Modifying zones .................................................................................................................16-10
Deleting zones ...................................................................................................................16-11
Working with resource records ............................................................................................16-12
Types of resource records .............................................................................................16-12
Creating resource records .............................................................................................16-13
Modifying a resource record ..........................................................................................16-21
Working with views ..................................................................................................................16-22
Adding views ......................................................................................................................16-23
Modifying views .................................................................................................................16-23
Deleting views ....................................................................................................................16-24
Adding zones to views .....................................................................................................16-24
Managing the named.conf file ..................................................................................................16-25
A
Working with the big3d Agent
Introducing the big3d agent .........................................................................................................A-1
Collecting path data and server performance metrics ..........................................................A-2
Setting up data collection with the big3d agent .............................................................A-3
Understanding the data collection and broadcasting sequence .................................A-3
Setting up communication between Global Traffic Manager systems and other
servers ..............................................................................................................................................A-5
Setting up iQuery communications for the big3d agent ..............................................A-5
Allowing iQuery communications to pass through firewalls .....................................A-6
Communications between Global Traffic Manager systems, big3d agents, and
local DNS servers .................................................................................................................A-7
B
Understanding Probes
Introducing probes ......................................................................................................................... B-1
Understanding iQuery ................................................................................................................... B-2
Determining probe responsibility ............................................................................................... B-3
Selecting a big3d agent .................................................................................................................. B-5
Designating a specific server ........................................................................................................ B-7
Managing LDNS probes ................................................................................................................ B-8
Using log entries to tune probes ..............................................................................................B-10
Enabling probe logs .............................................................................................................B-10
Understanding the probe information in the log file ..................................................B-10
Glossary
Index
1
Introducing the Global Traffic Manager
Introducing the Configuration utility
Introducing the Traffic Management Shell
Global Traffic Management 1 - 1

Introducing the Global Traffic Manager
You can use the BIG-IP
Global Traffic Manager system to monitor the

availability and performance of global resources and use that information to
manage network traffic patterns. The Global Traffic Manager uses load
balancing algorithms, topology-based routing, and iRules
to control and
distribute traffic according to specific policies.
The Global Traffic Manager provides a variety of features that meet special
needs. For example, with this product you can:
Ensure wide-area persistence by maintaining a mapping between a local
DNS server and a virtual server in a wide IP pool
Direct local clients to local servers for globally-distributed sites using
Topology mode load balancing
Change the load balancing configuration according to current traffic
patterns or time of day
Customize load balancing modes
Set up global load balancing among Local Traffic Manager systems
and other load balancing hosts
Monitor real-time network conditions
Configure a content delivery network with a CDN provider
Guarantee multiple port availability for e-commerce sites
The Global Traffic Manager is one of several products that constitute the
BIG-IP product family. All products in the BIG-IP product family run on the
powerful Traffic Management Operating System
, commonly referred to as
TMOS
.
When you install a Global Traffic Manager system on the network, the
actions you take to integrate it into the network fall into two categories:
setup tasks and configuration tasks.
Setup tasks are tasks in which you create or modify settings that apply to
the Global Traffic Manager itself, or that apply universally to all other
configuration components, such as servers, data centers, or wide IPs that
you create later. Examples of setup tasks include running the Setup
utility, assigning self IP address, and enabling high-availability
functions. For more information about setup tasks, see Setting up the
Global Traffic Manager, on page 3-1.
Configuration tasks are tasks in which you define a specific aspect of the
Global Traffic Manager, such as load balancing methods, pools and pool
members, or iRules. These configuration tasks, while important, only
affect specific aspects of how you manage DNS traffic with the Global
Traffic Manager. For more information about the components of the
Global Traffic Manager that you can configure, see Configuring the
Global Traffic Manager, on page 3-1.
Chapter 1
1 - 2
Security features
The Global Traffic Manager offers a variety of security features that can
help prevent hostile attacks on your site or equipment.
Secure administrative connections
The Global Traffic Manager supports Secure Shell (SSH) administrative
connections for remote administration from the command line. The web
server, which hosts the web-based Configuration utility, supports SSL
connections as well as user authentication.
Secure iQuery
communications
The Global Traffic Manager supports web certificate authentication for
iQuery communications between itself and other systems running the
big3d agent.
TCP wrappers
The Global Traffic Manager supports the use of TCP wrappers to provide
an extra layer of security for network connections.
Introducing Local Traffic Manager resources
If you use the Global Traffic Manager in conjunction with a Local Traffic
Manager, it is important to understand the following network resources. You
do not manage these resources directly through the Global Traffic Manager,
but understanding their role in your network configuration can assist you in
optimizing your networks availability and performance:
Self IP address
A self IP address is an IP address that you define on a VLAN of a
BIG-IP system. Note that this concept does not apply to the management
IP address of a BIG-IP system or to IP addresses on other devices.
Node
A node is a logical object on the BIG-IP system that identifies the IP
address of a physical resource on the network, such as a web server. You
define a node object in the Local Traffic Manager. For more information
about nodes, see the Configuring Nodes chapter in the Configuration
Guide for BIG-IP
Local Traffic Manager.

Internet protocol and network management support
The Global Traffic Manager supports both the standard DNS protocol and
the BIG-IP iQuery protocol (a protocol used for collecting dynamic load
balancing information). The Global Traffic Manager also supports
administrative protocols, such as Simple Network Management Protocol
(SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for
performance monitoring and notification of system events. For
administrative purposes, you can use SSH, RSH, Telnet, and FTP. The
Configuration utility supports HTTPS, for secure web browser connections
using SSL, as well as standard HTTP connections.

You can use the proprietary SNMP agent to monitor status and current
traffic flow using popular network management tools. This agent provides
detailed data such as current connections being handled by each virtual
server.
System synchronization options
The synchronization feature offers a high degree of administrative control
by allowing you to automatically synchronize configurations from one
Global Traffic Manager to any other Global Traffic Manager or Link
Controller in the network; thus, simplifying administrative management.
For example, you can set the Global Traffic Manager to synchronize a
specific configuration to specific systems on the network.
Configuring data collection for server status and network path
data
The Global Traffic Manager includes the big3d agent, which is an integral
part of its load balancing operations. The big3d agent continually monitors
the availability of the servers that the Global Traffic Manager load balances.
The agent also monitors the integrity of the network paths between the
servers that host the domain, and the various local DNS servers that attempt
to connect to the domain. The big3d agent runs on many of the F5 Networks
products, including the Global Traffic Manager, Local Traffic Manager, and
Link Controller. Each big3d agent broadcasts its collected data to all of the
Global Traffic Manager systems and Link Controller systems in your
network, ensuring that all Global Traffic Manager systems work with the
latest information.
The big3d agent offers a variety of configuration options that allow you to
choose the data collection methods you want to use. For example, you can
configure the big3d agent to track the number of router hops (intermediate
system transitions) along a given network path, and you can also set the
big3d agent to collect host server performance information using the SNMP
protocol. For further details on the big3d agent, see Appendix A, Working
with the big3d Agent.
Redundant system configurations
A redundant system configuration is a set of two Global Traffic Manager
systems: one operating as the active unit, the other operating as the standby
unit. If the active unit goes offline, the standby unit immediately assumes
responsibility for managing DNS traffic. The new active unit remains active
until another event occurs that causes the unit to go offline, or you manually
reset the status of each unit.
Chapter 1
1 - 4
The Global Traffic Manager supports two methods of checking the status of
the peer system in a redundant system configuration:
Hardware-based failover
In a redundant system configuration that has been set up with
hardware-based failover, the two units in the system are connected to
each other directly using a failover cable attached to the serial ports. The
standby unit checks on the status of the active unit once every second
using this serial link.
Network-based failover
network-based failover, the two units in the system communicate with
each other across an Ethernet network instead of across a dedicated
failover serial cable. Using the Ethernet connection, the standby unit
checks on the status of the active unit once every second.
Note that network-based failover is disabled by default. For information
about how to enable this feature, see Enabling high availability for
network-based failover, on page 3-3.
Note
In a network-based failover configuration, the standby Global Traffic
Manager immediately takes over if the active unit fails. If a client has
queried the failed Global Traffic Manager, and has not received an answer,
it automatically re-issues the request (after five seconds) and the standby
unit, functioning as the active unit, responds.
Introducing the Configuration utility
The Configuration utility is a browser-based graphical user interface that
you use to configure and monitor the Global Traffic Manager. Using the
Configuration utility, you can define the load balancing configuration along
with the network setup, including data centers, synchronization groups, and
servers used for load balancing and path probing. In addition, you can
configure advanced features, such as Topology mode settings and SNMP
agents. The Configuration utility also monitors network traffic, current
connections, load balancing statistics, performance metrics, and the
operating system itself. The Welcome screen of the Configuration utility
provides convenient access to downloads such as the SNMP MIB, and
documentation for third-party applications, such as ZebOS
.
For the most current list of the supported browsers for the Configuration
utility, see the current release note on the AskF5 Knowledge Base web
site, https://support.f5.com.

Introducing the Traffic Management Shell
The Traffic Management Shell (tmsh) is a utility that you can use to
configure the Global Traffic Manager from the command line. Using tmsh,
you can set up your network and configure local and global traffic
management. In addition, you can configure advanced features, such as
Topology mode settings and SNMP agents. You can also use tmsh to
display information about performance, load balancing decisions, network
traffic, and the operating system itself. For information about using tmsh to
configure the system, see the Traffic Management Shell (tmsh) Reference
Guide.
Chapter 1
1 - 6
2
Introducing Global Traffic Manager
Components
Defining Global Traffic Manager components
Introducing physical network components
Introducing logical network components
Locating a component using the search feature

TM
2 - 1
Defining Global Traffic Manager components
For the BIG-IP
Global Traffic Manager system to operate effectively,

you need to define the components that make up the segments of your
network. These components include physical components, such as data
centers and servers, as well as logical components, such as wide IPs,
addresses, and pools. By defining these components, you essentially build a
network map that the Global Traffic Manager can use to direct DNS traffic
to the best available resource.
The most basic configuration of the Global Traffic Manager includes:
A listener that is a specific virtual server that identifies network traffic
for global traffic management
A data center that contains at least one server
A server that contains at least one resource, or virtual server
Once this basic configuration is complete, the Global Traffic Manager has
enough information available to begin directing DNS traffic. You can
increase the systems capabilities by adding additional network components
as appropriate.
The components that you define in the Global Traffic Manager can be
divided into two basic categories:
Physical components
Logical components
Chapter 2
2 - 2
Several components within the Global Traffic Managers configuration have
direct correlation to a physical location or device on the network. These
components include:
Data centers
Servers
Links
Virtual servers
Data centers
Data centers are the top level of your physical network setup. You must
configure one data center for each physical location in your global network.
When you create a data center in the Global Traffic Manager, you define the
servers (Global Traffic Manager systems, Local Traffic Manager systems,
Link Controller systems, hosts, and routers) that reside at that location.
A data center can contain any type of server. For example, one data center
can contain a Global Traffic Manager and a host, while another might
contain two Global Traffic Manager systems and eight Local Traffic
Manager systems.
For information about configuring data centers, see Managing data centers,
on page 5-2.
Servers
A server is a physical device on which you can configure one or more
virtual servers. The servers that you define for the Global Traffic Manager
to manage can include both BIG-IP systems and third-party servers, for
example, Local Traffic Manager systems and Windows
2000 Servers.
One server that you must define is the Global Traffic Manager. This places
the system on the network map. You can also define Local Traffic Manager
systems, and the virtual servers that these servers manage.
For information about configuring servers, see Managing servers, on page
5-5.

TM
2 - 3
Links
A link is a logical representation of a physical device (router) that connects
your network to the Internet. You can assign multiple links to each data
center by logically attaching links to a collection of servers in order to
manage access to your data sources. Configuring links is optional, although
they are very useful when determining resource availability.
For information about configuring links, see Managing links, on page 5-21.
Virtual servers
Servers, excluding Global Traffic Manager systems and Link Controller
systems, contain at least one virtual server. A virtual server, in the context
of the Global Traffic Manager, is a combination of an IP address and a port
number that points to a resource that provides access to an application or
data source on your network. In the case of host servers, this IP address and
port number likely point to the resource itself. With load balancing systems,
such as the Local Traffic Manager, these virtual servers are often proxies
that allow the load balancing server to manage the resource request across a
multitude of resources. Virtual servers are the ultimate destination for
connection requests.
For information about configuring virtual servers, see Managing virtual
servers, on page 5-19.
Chapter 2
2 - 4
In addition to the physical components of your network, the Global Traffic
Manager also handles DNS traffic over logical components. Logical
network components consist of network elements that may not represent a
physical location or device. These components include:
Listeners
Pools
Wide IPs
Distributed applications
Listeners
To communicate with the rest of your network, you must configure the
Global Traffic Manager so that it can correctly identify the resolution
requests for which it is responsible. A listener is an object that monitors the
network for DNS queries, and thus is critical for global traffic management.
The listener instructs the system to monitor the network traffic destined for a
specific IP address.
In most installations, when you define a listener for the Global Traffic
Manager, you use the IP address of the Global Traffic Manager; however,
there are many different ways you can configure listeners so that the system
handles DNS traffic correctly.
For more information on configuring listeners, see Chapter 4, Working with
Listeners.
Pools
A pool is a collection of virtual servers that can reside on multiple network
servers. When you define the virtual servers to which the Global Traffic
Manager directs DNS traffic, you combine those virtual servers into pools.
You can then configure the Global Traffic Manager to direct traffic to a
specific virtual server within a pool, using a specific load balancing method.
You can apply a different set of options to the same resources as a virtual
server. When you add a virtual server to a pool, it becomes a pool member
to which you can apply monitors, iRules
, and other configuration options.

For more information about configuring pools and pool members, see
Defining pools, on page 6-3.

TM
2 - 5
Wide IPs
One of the most common logical components you create in the Global
Traffic Manager is a wide IP. A wide IP maps a fully-qualified domain
name to one or more pools of virtual servers that host the domains content.
When a local DNS server requests a connection to a specific domain name,
the wide IP definition specifies which pools of virtual servers are eligible to
answer the request, and which load balancing modes to use in choosing a
pool. The Global Traffic Manager then load balances the request across the
virtual servers within that pool to resolve the request.
For information about configuring wide IPs, see Managing wide IPs, on
page 6-9.
A distributed application is a collection of one or more wide IPs, data
centers, and links that serve as a single application to a web site visitor. A
distributed application is the highest-level component that the Global Traffic
Manager supports. You can configure the Global Traffic Manager so that
the availability of distributed applications is dependent on a specific data
center, link, or server. For example, if the New York data center goes
offline, this information causes the wide IP and its corresponding distributed
application to become unavailable. Consequently, the system does not send
resolution requests to any of the distributed application resources, until the
entire application becomes available again.
For more information about configuring distributed applications, see
Managing distributed applications, on page 6-19.
Chapter 2
2 - 6
Locating a component using the search feature
The Global Traffic Manager has a search feature that allows you to search
for a specific component or group of components that you want to manage
or configure. The search feature can be especially useful for companies with
large networks that contain numerous physical and logical components as
defined earlier in this chapter.
You can find the search feature on the main screen for each type of
component. When the main screen opens, an asterisk displays in the box
next to the Filter button, and the list of components that displays below the
box includes all of the components of that type. You use the search feature
to limit the number of components that display in the list.
When you use the search feature, the system always does a wildcard search.
For example, when you search for a wide IP, you can use the search criteria
www.do, and the system returns wide IPs with names that include those
characters, such as www.domain.net and www.domain2.net.
Additionally, you can use wildcard characters in your search criteria;
however, in this case, the system tries to match the search pattern exactly.
For example, if you search for wide IPs using *www.do, the system does
not return the wide IPs www.domain.net and www.domain2.net, because
the search pattern has the wildcard character on its left side. The system
matches only wide IPs with names ending with www.do.
Note
If you do not specify at least one wildcard character in a search pattern, the
Global Traffic Manager automatically adds a wildcard character to each
side of the search pattern; therefore, the search patterns www.do and
*www.do* return the same results.
3
Setting Up and Configuring the Global
Traffic Manager
Setting up the Global Traffic Manager
Configuring the Global Traffic Manager

Setting up the Global Traffic Manager
After you install the BIG-IP
Global Traffic Manager, you should run the

Setup utility. This utility guides you through licensing the product, assigning
an IP address to the management port of the system, and configuring the
passwords for your root and administrator accounts. The Setup utility can
also assist you in configuring some of the basic settings of the Global
Traffic Manager, such as its IP address and the VLAN to which it belongs.
After you finish using the Setup utility, the next step is to configure the
network and system settings that apply to the Global Traffic Manager.
Because these settings have a variety of applications, they are discussed in a
separate guide: the TMOS
Management Guide for BIG-IP
Systems.
F5 Networks recommends that you review this guide to ensure that you
configure the basic network and system settings in a way that best fits the
needs of your network and your DNS traffic. You can access this guide by
visiting the F5 Technical Support web site: https://support.F5.com.
Configuring the Global Traffic Manager
Once you have the basic network settings configured, you can work on
configuring the Global Traffic Manager itself. Specifically, you complete
the following tasks:
Define the Global Traffic Manager
For more information, see Defining the Global Traffic Manager, on page
3-2.
Establish system communications
For more information, see Establishing system communications, on page
3-4.
Configure synchronization settings
For more information, see Configuring synchronization settings, on page
3-9.
Configure auto-discovery
For more information, see Configuring auto-discovery, on page 3-14.
Configure global monitoring options
For more information, see Configuring global monitor settings, on page
3-15.
Configure domain validation
For more information, see Configuring domain validation, on page 3-18.
Once you complete these tasks, you are ready to work on the configuration
tasks that allow your network to get the full benefit of the features of the
Chapter 3
3 - 2
Defining the Global Traffic Manager
The Global Traffic Manager is designed to manage DNS traffic as it moves
from outside the network, to the appropriate resource, and back again. The
management capabilities of the system require that it has an accurate
definition of the sections of the network over which it has jurisdiction. You
must define network elements such as data centers, servers (including
BIG-IP systems), and virtual servers in the Global Traffic Manager.
Defining these elements is similar to drawing a network diagram; you must
include all of the relevant components in such a diagram in order to have an
accurate depiction of how the system works as a whole.
When you configure a Global Traffic Manager to communicate with other
BIG-IP systems, the IP addresses of the system servers must reside within
the default route domain on the BIG-IP system. Otherwise, the Global
Traffic Manager cannot communicate with those systems. For more
information about configuring route domains, see the TMOS
Management
Guide for BIG-IP
Systems.
Note
In existing version 9.x systems, by default, the IP addresses of the system
servers are in the default route domain.
As part of specifying this network topology, you must configure the Global
Traffic Manager itself, as described in Defining the current Global Traffic
Manager, on page 5-6. You specify the role of the Global Traffic Manager
within the network, as well as what interactions it can and cannot have with
other network components. Without this configuration, many of the
capabilities of the Global Traffic Manager cannot operate effectively.
Additionally, if you are defining a Global Traffic Manager redundant
system configuration that uses network-based failover, you must manually
enable high availability on both Global Traffic Manager systems, as
described in Enabling high availability for network-based failover, on page
3-3.
Before you define a Global Traffic Manager, you must first specify the data
center in which it resides. This step is important because all network
components that the system manages must belong to a data center. For more
information, see Configuring data centers, on page 5-2.
To create a data center
1. On the Main tab of the navigation pane, expand Global Traffic and
click Data Centers.
The main screen for data centers opens.
2. Click the Create button.
The New Data Center screen opens
3. Specify settings for the new data center.
For additional assistance with these settings, see the online help.
4. Click the Finished button.

To define the Global Traffic Manager
click Servers.
The main screen for servers opens.
The New Server screen opens.
3. In the Name box, type a name that identifies the Global Traffic
Manager.
4. From the Product list, select the appropriate server product.
If the server is composed of a single physical system, select
BIG-IP System (Single).
If the system is a redundant system configuration, select BIG-IP
System (Redundant).
5. Add IP addresses to the Address List.
For BIG-IP System (Single), type the self IP address in the
Address box, and then click Add.
For BIG-IP System (Redundant), type the self IP address in the
Address box, and then click Add. Then, add the self IP address
of the backup system to the Peer Address List, by typing the self
IP address in the Address box, and then click Add.
Note: You can add more than one address to any given server,
depending on how that server interacts with the rest of your
network. However, you must use a self IP address when you define a
Global Traffic Manager. You cannot use the management IP
address of the system.
6. From the Data Center list, select a data center to which the Global
Traffic manager belongs. For additional information, see Managing
data centers, on page 5-2.
7. Configure the remaining server settings.
8. Click the Create button to create the new server.
Enabling high availability for network-based failover
A redundant system configuration is a set of two Global Traffic Manager
systems: one operating as the active unit, the other operating as the standby
unit. If the active unit goes offline, the standby unit immediately assumes
responsibility for managing DNS traffic. The new active unit remains active
until another event occurs that causes the unit to go offline, or until you
manually reset the status of each unit.
The Global Traffic Manager supports two methods of checking the status of
the peer system in a redundant system configuration:
Chapter 3
3 - 4
Hardware-based failover
hardware-based failover, the two units in the system are connected to
each other directly using a failover cable attached to the serial ports. The
standby unit checks on the status of the active unit once every second
using this serial link.
Network-based failover
network-based failover, the two units in the system communicate with
each other across an Ethernet network instead of across a dedicated
failover serial cable. Using the Ethernet connection, the standby unit
checks on the status of the active unit once every second.
In a network-based failover configuration, if a client queries a failed
Global Traffic Manager, and does not receive an answer, the client
automatically re-issues the request (after five seconds), and the standby
unit, functioning as the active unit, responds.
Network-based failover is disabled by default. To enable high
availability on both units in the redundant system configuration, use the
tmsh command sequence:
tmsh run / util bigpipe daemon gtmd running enable
Important: If you remove provisioning for a Global Traffic Manager,
and you want to re-enable high availability for network-based failover
after you re-provision the Global Traffic Manager, you must run the
tmsh command sequence again.
For more information about provisioning a Global Traffic Manager, see the
TMOS
Systems. For specific information

about using tmsh commands to configure the system, see the Traffic
Management Shell (tmsh) Reference Guide.
Establishing system communications
Before the Global Traffic Manager can operate as an integrated component
within your network, you must first establish how it can communicate with
other external systems. An external system is any server with which the
Global Traffic Manager must exchange information to perform its functions.
In general, system communications are established for the purpose of:
Communicating with other BIG-IP systems
Communicating with third-party systems
When the Global Traffic Manager communicates with other BIG-IP
systems, such as Local Traffic Manager systems or Link Controller
systems, it uses a proprietary protocol called iQuery
to send and receive

information. If the Global Traffic Manager is communicating with another
BIG-IP system, it uses the big3d utility to handle the communication traffic.

If the Global Traffic Manager is instead communicating with another Global
Traffic Manager, it uses a different utility, called gtmd, which is designed
for that purpose.
Part of the process when establishing communications between the Global
Traffic Manager and other BIG-IP systems is to open port 22 and port 4353
between the two systems. Port 22 allows the Global Traffic Manager to copy
the newest version of the big3d utility to existing systems, while iQuery
requires the port 4353 for its normal communications.
In order for other BIG-IP systems to communicate with the Global Traffic
Manager, F5 Networks recommends that you update the big3d utility on
older BIG-IP systems by running the big3d_install script from the Global
Traffic Manager. For more information about running the big3d_install
script, see Installing the big3d agent, on page A-3, and SOL8195 on
AskF5.com.
Note
The Global Traffic Manager supports web certificate authentication for
iQuery communications between itself and other systems running the big3d
agent.
Table 3.1 lists the requirements for each communication component
between the Global Traffic Manager and other BIG-IP systems.
When the Global Traffic Manager communicates with third-party systems,
whether that system is a load balancing server or a host, it can use SNMP to
send and receive information. For details on how the Global Traffic
Manager uses SNMP, see the TMOS
Systems.
Communication Component Requirements
Ports Port 22, for secure file copying of entities like
big3d.
Port 4353, for iQuery communication.
Utilities big3d, for Global Traffic Manager to BIG-IP
system communication.
Protocols iQuery
Table 3.1 Requirements for communication components (BIG-IP system)
Chapter 3
3 - 6
Table 3.2 lists the requirements for each communication component
between the big3d agent and other external systems.
When you configure the Global Traffic Manager to communicate with
external systems, you must complete one or more of the following tasks:
Define the systems in the Global Traffic Manager.
This task applies regardless of whether the system is a BIG-IP system, or
a third-party system.
Run the gtm_add utility.
This utility is designed for situations in which you are installing the
system in a network that already has one or more Global Traffic Manager
systems running.
Run the big3d_install utility.
This utility ensures that the Global Traffic Manager and other BIG-IP
systems use the same version of the big3d utility, and establishes that
these systems are authorized to exchange information.
Run the bigip_add utility.
If you are certain that the other BIG-IP systems on the network use the
same version of the big3d utility as the Global Traffic Manager, you can
run the bigip_add utility instead of the big3d_install utility. The
bigip_add utility authorizes communications between the Global Traffic
Manager and other BIG-IP systems on the network.
Defining the systems in the Global Traffic Manager
As described in Defining the Global Traffic Manager, on page 3-2, the
Global Traffic Manager needs to have information on the different systems
with which it interacts when managing DNS traffic. These systems include
other Global Traffic Manager systems, BIG-IP systems, and third-party
systems.
When you configure a Global Traffic Manager, you must add these systems
into the configuration for the Global Traffic Manager to communicate with
these systems. For information about defining these systems, see Managing
servers, on page 5-5.
Running the gtm_add utility
If you are integrating a new Global Traffic Manager into a Global Traffic
Manager synchronization group on your network, you must run the
gtm_add utility on the new device. When you run this utility, you specify
Communication Component Requirements
Ports Port 161
Protocols SNMP
Table 3.2 Requirements for communication components (third-party
systems)

the self IP address of an existing Global Traffic Manager in the
synchronization group from which you want the new device to acquire
configuration files. The utility accesses the specified system and copies its
configuration files to the new Global Traffic Manager.
The gtm_add script acquires all configuration files, including SSL
certificates. As a result, it is ideal for acquiring SSL certificates for a new
Chapter 3
3 - 8
To run the gtm_add utility
1. Log on to the command-line interface for the system that hosts the
new Global Traffic Manager.
2. At the command prompt, type the following command:
gtm_add <Global Traffic Manager IP address>
The utility logs on to the specified Global Traffic Manager and
acquires its configuration files, including relevant SSL certificates.
You can now add the Global Traffic Manager to the appropriate
synchronization group, as described in Creating synchronization groups, on
page 3-13.
Running the bigip_add utility
If your network includes existing BIG-IP systems, such as Local Traffic
Manager systems, and this is the first Global Traffic Manager you are
connecting to the network, you must establish a communication between the
new device and the existing systems. If all of the existing BIG-IP systems
use the same version of the big3d agent that comes with the new Global
Traffic Manager, you run the bigip_add utility. This utility exchanges SSL
certificates so that each system is authorized to communicate with each
other.
Note
If the existing BIG-IP systems use an older version of the big3d agent than
the one that comes with the new Global Traffic Manager you are connecting
to the network, you must instead run the big3d_install utility. For more
information, see Running the big3d_install utility, following.
To run the bigip_add utility
2. At the prompt, type the following command:
bigip_add <IP address of existing BIG-IP systems>
3. Press the Enter key.
The utility exchanges the appropriate SSL certificates, and
authorizes communications between the systems.
page 3-13.

Running the big3d_install utility
If your network includes existing BIG-IP systems, such as Local Traffic
Manager systems, which are of an earlier version than the first Global
Traffic Manager you are connecting to the network, you must run the
big3d_install utility to establish a communication between the new device
and the existing systems.
When you run the big3d_install utility, it connects to each existing BIG-IP
system, extracts the IP addresses of the devices, and automatically updates
the big3d agents on all the devices. If you specify IP addresses when you
run the utility, it connects to the system associated with each IP address, and
prompts you to supply the appropriate logon information to access that
system.
Note
The big3d_install utility modifies the big3d agent that is already present on
existing BIG-IP systems.
To run the big3d_install utility
2. At the prompt, type one of the following commands:
big3d_install
big3d_install <IP addresses of existing BIG-IP systems>
3. Press the Enter key.
The utility connects to each existing BIG-IP system, extracts the IP
addresses of the devices, exchanges the appropriate SSL certificates,
authorizes communications between the systems, and automatically
updates the big3d agents on all the devices.
page 3-13.
Configuring synchronization settings
The primary goal of the Global Traffic Manager is to ensure that name
resolution requests are sent to the best available resource on the network.
Consequently, it is typical for multiple Global Traffic Manager systems to
reside in several locations within a network. For example, a standard
installation might include a Global Traffic Manager at each data center
within an organization.
Chapter 3
3 - 10
When a Local Domain Name Server (LDNS) submits a name resolution
request, you cannot control to which Global Traffic Manager the request is
sent. As a result, you often want multiple Global Traffic Manager systems to
share the same configuration values, and maintain those configurations over
time. This process is called synchronization.
In network configurations that contain more than one Global Traffic
Manager, synchronization means that each Global Traffic Manager
regularly compares the timestamps of its configuration files with the
timestamps of configuration files on other Global Traffic Manager systems.
If a Global Traffic Manager determines that its configuration files are older
than those on another system, it acquires the newer files and begins using
them to load balance name resolution requests. With synchronization, you
can change settings on one system and have that change distributed to all
other systems.
You can separate the Global Traffic Manager systems on your network into
separate groups, called synchronization groups. A synchronization group is
a collection of multiple Global Traffic Manager systems that share and
synchronize configuration settings. These groups are identified by a
synchronization group name, and only systems that share this name also
shares configuration settings. These synchronization groups allow you to
customize the synchronization behavior. For example, the Global Traffic
Manager systems residing in data centers in Europe might belong to one
synchronization group, while the systems in North America belong to
another group.
The following pages provide additional information on synchronization, and
specifically cover the following topics:
Defining servers
Activating synchronization
Controlling file synchronization
Synchronizing DNS zone files
Creating synchronization groups
Defining NTP servers
Before you can synchronize Global Traffic Manager systems, you must
define the Network Time Protocol (NTP) servers that the Global Traffic
Manager references. These servers ensure that each Global Traffic Manager
is referencing the same time when verifying timestamps for configuration
files.
If you have already used the TMOS
Systems, you may have already configured a list of NTP servers for the
Global Traffic Manager. If you have not yet done so, you can find detailed
information on configuring these settings in that guide.

Activating synchronization
Activating synchronization for the Global Traffic Manager has an
immediate effect on its configurations, provided that another Global Traffic
Manager is already available on the network. F5 Networks recommends that
you activate synchronization only after you have finished configuring one of
the systems.
To activate synchronization
1. On the Main tab of the navigation pane, expand System and then
click Configuration.
The general properties screen opens.
2. From the Global Traffic menu, choose General.
The general global properties screen opens.
3. Check the Synchronization box.
4. Click the Update button to save your changes.
Controlling file synchronization
When you synchronize multiple Global Traffic Manager systems, you are
instructing each system to share its configuration files with the other
systems on the network. These files are synchronized based on their
timestamp: if a Global Traffic Manager determines that its configuration
files are older than those on another system, it acquires the newer files and
begins using them to load balance name resolution requests.
By default, the value for the synchronization time tolerance is set to 10
seconds. The minimum value you can set for this value is 5 seconds, while
the maximum you can set is 600 seconds. The time tolerance specifies how
many seconds of difference there can be between the time settings on the
Global Traffic Manager systems in a synchronization group. The lower the
value of the Synchronization Time Tolerance setting, the more often the
local system makes an entry in the log indicating that there is a difference in
the time settings of the systems in the synchronization group.
Note
If you are using NTP to synchronize the time of the Global Traffic Manager
with a time server, leave the Synchronization Time Tolerance setting at the
default value of 10. In the event that NTP fails, the Global Traffic Manager
uses the time_tolerance variable to maintain synchronization.
Chapter 3
3 - 12
To specify a value for synchronization time tolerance
3. Check the Synchronization box.
4. In the Synchronization Time Tolerance box, type the maximum
number of seconds that the time setting on one system is allowed to
be out of synchronization with the time setting on another system
that is in the same synchronization group.
In the event that you need to deactivate file synchronization, you can do so
at any time. Situations in which you want to disable synchronization include
updating the data center in which the Global Traffic Manager resides, or
when you are testing a new configuration change.
To deactivate file synchronization
3. Clear the Synchronization box.

Synchronizing DNS zone files
During synchronization operations, the Global Traffic Manager verifies that
it has the latest configuration files available and, if it does not, the Global
Traffic Manager downloads the newer files from the appropriate system.
You can expand the definition of the configuration files to include the DNS
zone files used to respond to name resolution requests by using the
Synchronize DNS Zone Files setting. This setting is enabled by default.
To synchronize DNS zone files
3. Check the Synchronize DNS Zone Files box.
It is important to note that when a Global Traffic Manager is a member of a
synchronization group, the configuration of each Global Traffic Manager in
the group automatically synchronizes with the group member that has the
newest user configuration set (UCS). Therefore, if you roll back the
configuration of a member of the synchronization group to a UCS that
contains DNS configuration files that are dated earlier than the same file on
another system in the group, the system that you roll back synchronizes with
that other system, effectively losing the configuration to which it was rolled
back. You can stop the automatic synchronization of the DNS files by
clearing the Synchronize DNS Zone Files box on the system before you
roll it back to an earlier configuration.
Creating synchronization groups
Each Global Traffic Manager that you synchronize must belong to a specific
group of systems, called a synchronization group. A synchronization group
is a collection of multiple Global Traffic Manager systems that share and
synchronize configuration settings. Initially, when you enable
synchronization for a Global Traffic Manager, the system belongs to a
synchronization group called default. However, you can create new groups
at any time to customize the synchronization process, ensuring that only
certain sets of Global Traffic Manager systems share configuration values.
To illustrate how synchronization groups work, consider the fictional
company, SiteRequest. SiteRequest has decided to add a new data center in
Los Angeles. As part of bringing this data center online, SiteRequest has
decided that it wants the Global Traffic Manager systems installed in New
York and in Los Angeles to share configurations, and the Paris and Tokyo
data centers to share configurations. This setup exists because SiteRequests
network optimization processes require slightly different settings within the
United States than the rest of the world. To accommodate this new network
Chapter 3
3 - 14
configuration, SiteRequest enables synchronization for the New York and
Los Angeles data centers, and assigns them a synchronization group name
of United States. The remaining data centers are also synchronized, but
with a group name of Rest Of World. As a result, a configuration change at
the Paris Global Traffic Manager immediately modifies the Tokyo system,
but does not affect the systems in the United States.
To create a synchronization group
3. In the Synchronization Group Name box, type a name of either an
existing synchronization group, or a new group.
Note: When you change the name of a synchronization group, the
new name is synchronized to all systems that belong to that
synchronization group.
Configuring auto-discovery
A large network may consist of hundreds of virtual servers. Keeping track of
these virtual servers can be a time-consuming process itself. The Global
Traffic Manager includes a means of simplifying the addition of new virtual
servers into a network: auto-discovery. Auto-discovery is a process through
which the Global Traffic Manager automatically identifies resources that it
manages.
The Global Traffic Manager can discover two types of resources: virtual
servers and links. Each resource is discovered on a per-server basis, so you
can employ auto-discovery only on the servers you specify.
The auto-discovery feature of the Global Traffic Manager has three modes
that control how the system identifies resources. These modes are:
Disabled
In this mode, the Global Traffic Manager does not attempt to discover
any resources. Auto-discovery is disabled on the Global Traffic Manager
by default.
Enabled
In this mode, the Global Traffic Manager regularly checks the server to
discover any new resources. If a previously-discovered resource cannot
be found, the Global Traffic Manager deletes it from the system.

Enabled (No Delete)
In this mode, the Global Traffic Manager constantly checks the server to
discover any new resources. Unlike the Enabled mode, the Enabled (No
Delete) mode does not delete resources, even if the system cannot
currently verify their presence.
If you want to use the auto-discovery feature, you must globally enable the
feature and configure the frequency at which the system queries for new
resources in the general properties screen. When enabled, by default, the
system queries servers for new resources every 30 seconds.
Important
You must also enable auto-discovery at both the server and link levels. For
information about enabling auto-discovery on virtual servers and links, see
Discovering resources automatically, on 5-17.
To globally enable the auto-discovery feature and configure
the auto-discovery frequency
1. On the Main tab of the navigation pane, expand System and click
Configuration.
3. Check the Auto-Discovery check box.
4. In the Auto-Discovery Request Interval box, type the frequency at
which you want the system to attempt to discover new resources.
Configuring global monitor settings
As you employ the Global Traffic Manager to load balance DNS traffic
across different network resources, you must acquire information on these
resources. You acquire this information by applying monitors to each
resource. A monitor is a component of the Global Traffic Manager that tests
to see if a given resource responds as expected. These tests can range from
verifying that a connection to the resource is available, to conducting a
database query. The Global Traffic Manager uses the information it gathers
from monitors not only to inform you of what resources are available, but to
determine which resource is the best candidate to handle incoming DNS
requests.
For detailed information on monitors and the Global Traffic Manager, see
Chapter 11, Configuring Monitors.
In most cases, you apply specific monitors to resources, depending on the
type of resource and its importance. However, the following Global Traffic
Manager settings affect all monitors:
Chapter 3
3 - 16
Heartbeat Interval
Indicates how often the Global Traffic Manager communicates with
other BIG-IP systems on the network.
Maximum Synchronous Monitor Requests
Indicates how many monitors can query a resource at any given time.
Monitor Disabled Objects
Indicates whether monitors continue to check the availability of a
resource that you disabled through the Global Traffic Manager.
While monitors supply information you need to ensure that network traffic
moves efficiently across the network, they do so at the cost of increasing
that network traffic. These settings allow you to control this increase.
Configuring a heartbeat interval
In daily operations, the Global Traffic Manager frequently acquires much of
its network data from other BIG-IP systems that you employ, such as Local
Traffic Manager systems. For example, the Local Traffic Manager system
monitors the resources it manages. When the Global Traffic Manager
requires this same information for load balancing DNS requests, it can query
the Local Traffic Manager, instead of each resource itself. This process
ensures that the system efficiently acquires the information it needs.
Because the Global Traffic Manager queries other BIG-IP systems to gather
information, you can configure the frequency at which these queries occur,
by configuring the Heartbeat Interval setting. Based on the value you
specify for this setting, the Global Traffic Manager queries other BIG-IP
systems more or less often. F5 Networks recommends the default value of
10 seconds for this setting; however, you can configure this setting to best
suit the configuration of your network.
Tip
F5 Networks recommends that, when configuring resource monitors, you
ensure that the frequency at which the monitor attempts to query a resource
is greater than the value of the Heartbeat Interval setting. Otherwise, the
monitor might acquire out-of-date data during a query. For more
information about configuring monitors, see Chapter 11, Configuring
Monitors.
To specify a value for the Heartbeat Interval setting
3. In the Heartbeat Interval box, type the frequency at which you
want the system to attempt to discover new resources.

Limiting the number of synchronous monitor queries
Another aspect of resource monitoring that you want to control is how many
monitors can query a resource at any given time. Network resources often
serve many different functions at the same time and it is likely you want
more than one monitor checking the availability of these resources in
different ways. You might monitor a single resource, for example, to verify
that the connection to the resource is available, that you can reach a specify
HTML page on that resource, and that a database query returns an expected
result. If this resource is used in more than one context, you might have
many more monitors assigned to it, each one performing an important check
to ensure the availability of the resource.
While these monitors are helpful in determining availability, it is equally
helpful to control how many monitors can query a resource at any given
time. This control ensures that monitor requests are more evenly distributed
during a given period of time.
To specify the number of synchronous monitor requests
3. In the Maximum Synchronous Monitor Requests box, type the
number of queries that resources can accept from monitors at any
given time.
F5 Networks recommends the default value of 20 requests.
Monitoring disabled resources
One of the ways in which a given network resource becomes unavailable
during the load balancing of DNS traffic occurs when you manually disable
the resource. You might disable a resource because you are upgrading its
server, or because you are modifying the resource itself and need to remove
it temporarily from service.
You can control whether the Global Traffic Manager monitors these
disabled resources. In some network configurations, for example, you might
want to continue monitoring these resources when you put them offline.
Note
By default, the Monitor Disabled Objects setting is disabled for the Global
Traffic Manager. F5 Networks recommends that you enable it only if you
are certain you want the Global Traffic Manager to continue monitoring
resources that you have manually disabled.
Chapter 3
3 - 18
To monitor disabled resources
3. Check the Monitor Disabled Objects box.
Configuring domain validation
The Global Traffic Manager handles traffic using the Domain Name System
(DNS) and BIND to translate domain names into IP addresses. By
configuring the Domain Validation setting, you can specify which domain
names the Global Traffic Manager recognizes. You can configure the
system so that it accepts all domain names, or you can restrict the use of
certain characters in domain names.
To configure domain validation
3. From the Domain Validation list, select how the Global Traffic
Manager validates domain names:
None
Specifies that the system does not restrict the use of any
characters in domain names.
Strict
Specifies that the system allows only the most narrow
interpretation of DNS names; that is, alphanumeric characters
and the dash ( - ) character.
Allow Underscores
Specifies that the system follows the Strict validation rules, and
also allows the underscore ( _ ) character.
4
Introducing listeners
Creating a listener for local resolution
Configuring listeners for traffic forwarding
Configuring a wildcard listener
Modifying listeners
Deleting listeners
Using listeners with VLANs

TM
4 - 1
Introducing listeners
Before you can fully configure the Global Traffic Manager to handle
name resolution requests, you must determine how you want the system to
integrate with the existing network. Specifically, you must identify what
network traffic you want the Global Traffic Manager to handle and how. In
general, the system performs global traffic management in two ways:
Node mode
The Global Traffic Manager receives the traffic, processes it locally, and
sends the appropriate DNS response back to the querying server.
Bridge or Router mode
The Global Traffic Manager receives the traffic and forwards it; either to
another part of the network or another DNS server.
To control how the Global Traffic Manager handles network traffic, you
configure one or more listeners. A listener is a specialized resource to which
you assign a specific IP address and port 53, the DNS query port. When
traffic is sent to that IP address, the listener alerts the Global Traffic
Manager, allowing it to either handle the traffic locally or forward the traffic
to the appropriate resource.
Tip
If you are familiar with the Local Traffic Manager, it might be helpful to
consider a listener as a specialized type of virtual server that is responsible
for handling traffic for the Global Traffic Manager.
Note
If you configure user accounts on the Local Traffic Manager, you can assign
listeners, like other virtual servers, to specific partitions. However, because
listeners play an important role in global traffic management, F5 Networks
recommends that you assign all listeners to partition Common.
You control how the Global Traffic Manager responds to network traffic on
a per-listener basis. For example, a single Global Traffic Manager can be the
authoritative server for one domain, while forwarding other requests to a
separate DNS server. Regardless of how many listeners you configure, the
system manages and responds to requests for the wide IPs that are
configured on it.
To further illustrate how you configure listeners to control how the Global
Traffic Manager responds to DNS traffic, consider the fictional company
SiteRequest. At this company, a Global Traffic Manager is being integrated
into a network with the following characteristics:
A DNS server already exists at IP address 10.2.5.37.
There are two VLANs, named external and guests.
There are two wide IPs: www.siterequest.com and
downloads.siterequest.com.
Chapter 4
4 - 2
Once integrated into the network, the Global Traffic Manager is responsible
for the following actions:
Managing and responding to requests for the wide IPs
Forwarding other DNS traffic to the existing DNS server
Forwarding any traffic from the guests VLAN to the rest of the network
To implement this configuration, the Global Traffic Manager requires three
listeners:
A listener with an IP address that is the same as the self IP address of the
Global Traffic Manager. This listener allows the system to manage DNS
traffic that pertains to its wide IPs.
A listener with an IP address of 10.2.5.37, the IP address of the existing
DNS server. This listener allows the system to forward incoming traffic
to the existing DNS server.
A wildcard listener enabled on the guests VLAN. This listener allows the
Global Traffic Manager to forward traffic sent from the guests VLAN to
the rest of the network.
As you can see from this example, the role that the Global Traffic Manager
plays in managing DNS traffic varies depending on the listener through
which the traffic arrives. As a result, the Global Traffic Manager becomes a
flexible system for managing DNS traffic in a variety of ways.

TM
4 - 3
Creating a listener for local resolution
Often, when you add a Global Traffic Manager to your network, you want
the system to respond to at least a subset of your incoming DNS requests.
You can configure the system to direct the requests to the wide IPs that are
configured on the Global Traffic Manager; however, you can also configure
the system to respond to DNS requests for other network resources that are
not associated with a wide IP, such as other DNS servers.
When a Global Traffic Manager is responsible for managing and responding
to DNS traffic locally, it is operating in Node mode. In this situation, you
create a listener that corresponds to an IP address on the system. If the
Global Traffic Manager operates as a standalone unit, this IP address is the
self IP address of the system. If the Global Traffic Manager is part of a
redundant system configuration for high availability purposes, this IP
address is the floating IP address that belongs to both systems.
To configure a listener for local resolution
click Listeners.
The main listeners screen opens.
The new listener screen opens.
3. In the Destination box, type the IP address on which the Global
Traffic Manager listens for network traffic.
In this case, the IP address that you add is either the self IP address
of the system, or, in the case of a redundant system configuration,
the floating IP address that corresponds to both systems.
4. From the VLAN Traffic list, select a VLAN setting appropriate for
this listener.
Note: Typically, if the Global Traffic Manager is handling traffic on
this IP address locally, you select All VLANs for this option.
5. Click the Finished button to save the new listener.
Chapter 4
4 - 4
Configuring listeners for traffic forwarding
Another common way to use the Global Traffic Manager is to integrate it
with the existing DNS servers. In this scenario, the Global Traffic Manager
handles any traffic related to the wide IPs you assign to it, while sending
other DNS requests to a separate DNS server on the network. When
forwarding traffic in this manner, the Global Traffic Manager is operating in
Bridge or Router mode, depending on how the traffic was initially sent to
the system. In this configuration, you assign to the Global Traffic Manager a
listener that corresponds to the IP address of the DNS server to which you
want to forward to traffic.
You can create multiple listeners to forward network traffic. The number of
listeners you create is based on your network configuration and the ultimate
destination to which you want to send specific DNS requests.
To configure a listener for traffic forwarding
click Listeners.
3. In the Destination box, type the IP address on which the Global
Traffic Manager listens for network traffic.
In this case, the IP address that you add is the IP address of the DNS
server that you want to handle the DNS request.
this listener.
5. Click the Finished button to save the new listener.

TM
4 - 5
Configuring a wildcard listener
In some cases, you might want the Global Traffic Manager to handle the
traffic coming into your network, regardless of the destination IP address of
the given DNS request. In this configuration, the Global Traffic Manager
continues to process and respond to requests for the wide IPs that you
configure, but in addition it is responsible for forwarding other DNS
requests to other network resources, such as other DNS servers. To
accomplish this type of configuration, you create a wildcard listener.
To configure a wildcard listener
click Listeners.
3. In the Destination box, type: 0.0.0.0.
this listener.
5. Click the Finished button to save the new wildcard listener.
Modifying listeners
After you create a listener, you can modify it as necessary, for example,
when you add an additional VLAN to the system, or when you want to
change the IP address of a listener
To modify a listener
click Listeners.
2. Click the name of the listener.
The properties screen for that listener appears.
3. Modify the settings for the listener as required.
4. Click the Update button to save your changes to the listener.
Chapter 4
4 - 6
Deleting listeners
In the event that you no longer need a listener, you can delete it.
To delete a listener
click Listeners.
2. Check the box that corresponds to the listener that you want to
delete.
3. Click the Delete button.
A confirmation screen appears.
4. Click the Delete button to delete the listener.
Using listeners with VLANs
On BIG-IP systems you can create one or more VLANs and assign specific
interfaces to the VLANs of your choice. By default, each BIG-IP system
includes at least two VLANs, named internal and external. However, you
can create as many VLANs as the needs of your network demand.
When you assign listeners to the Global Traffic Manager, you must take into
account the VLANs that are configured on the system. For example, a
listener that forwards traffic to another DNS server might only be
appropriate for a specific VLAN, while a wildcard listener might be
applicable to all VLANs. You can configure a listener to be applicable to all
VLANs, or enabled only on specific VLANs.
Note
For more information about BIG-IP systems and VLANs, see the TMOS
Systems.
Configuring a listener for all VLANs
When you configure a listener, set the VLAN Traffic setting to All VLANs
if either of these conditions exist:
The IP address you assign as a listener is valid for all VLANs for which
the Global Traffic Manager is responsible.
The Global Traffic Manager handles locally the traffic on the IP address
you assign as a listener.

TM
4 - 7
To configure a listener for all available VLANs
click Listeners.
3. In the Destination box, type the IP address on which you want the
Global Traffic Manager to listen for network traffic.
4. From the VLAN Traffic list, select All VLANs.
5. Click the Finished button to save your changes.
Configuring a listener for specific VLANs
If the Global Traffic Manager is configured with multiple VLANs, and you
want the system to handle traffic for only specific VLANs, use the Enabled
on setting.
To configure a listener for specific VLANs
click Listeners.
3. In the Destination box, type the IP address on which you want the
Global Traffic Manager to listen for network traffic.
4. From the VLAN Traffic list, select Enabled on.
A new setting, VLAN List, appears on the screen.
5. Select the appropriate VLANs from the Available list and use the
Move buttons (<< >>) to move them to the Selected list.
The listener alerts the Global Traffic Manager about traffic on only
the VLANs in the Selected list.
Chapter 4
4 - 8
Disabling a listener for specific VLANs
If the Global Traffic Manager is configured with multiple VLANs, and you
want to exclude some of these VLANs from the listener, set the VLAN
Traffic option to Disabled on.
To disable a listener for specific VLANs
click Listeners.
3. From the VLAN Traffic list, select Disabled on.
A new option, VLAN List, appears on the screen.
4. Select the appropriate VLANs from the Available list and use the
Move buttons (<< >>) to move them to the Selected list.
The listener alerts the Global Traffic Manager about traffic on all
VLANs except those listed in the Selected list.
5
Managing data centers
Managing servers
Managing virtual servers
Managing links

TM
5 - 1
The components that make up the Global Traffic Manager can be divided
into two categories: logical network components and physical networks
components. Logical network components are abstractions of network
resources, such as virtual servers. Physical network components have a
direct correlation with one or more physical entities on the network. This
chapter deals with the physical components of the Global Traffic Manager.
For information on the logical components, see Chapter 6, Defining the
Logical Network.
This chapter describes how to use the Global Traffic Manager to define the
physical network components that make up your network:
Data centers
Servers
Virtual servers
Links
Chapter 5
5 - 2
Managing data centers
A data center defines the servers and links that share the same subnet on the
network. All resources on your network, whether physical or logical, are
associated in some way with a data center. The Global Traffic Manager
consolidates the paths and metrics data collected from servers, virtual
servers, and links into the data center, and uses that data to conduct load
balancing operations.
When you create a data center on the Global Traffic Manager, you must add
at least one server and one link. It is important to note that you must
configure at least one data center before you can add servers to the Global
Traffic Manager system configuration. Additionally, each server or link can
belong to one, and only one, data center.
While working with data centers, you can perform several common tasks:
Configuring data centers
Modifying data centers
Deleting data centers
Enabling and disabling data centers
Configuring data centers
Depending on your router configuration, the following data center
configurations are available:
One data center in one physical location
One data center that includes servers in multiple physical locations
Multiple data centers in one physical location
For example, the fictional company SiteRequest has a network operation
center in New York, which contains two subnets: 192.168.11.0/24 and
192.168.22.0/24. Because there are two subnets, the IT team needs to create
two data centers: New York 1 and New York 2, within the Global Traffic
Manager.
On the opposite side of the country, SiteRequest has three operational
centers, but they all share the same subnet of 192.168.33.0/24. Therefore,
the IT team needs to create only a single data center: West Coast.
Within the Global Traffic Manager, you define a data center by configuring
the following settings:
Name
Specifies a descriptive name for the data center, such as New York 1 or
West Coast.
Location
Specifies the geographical area in which the data center resides, such as
New York City - Building A.

TM
5 - 3
Contact
Specifies the name of the individual responsible for managing the
network at the data center.
State
Specifies whether the data center is Enabled or Disabled.
To configure a data center
click Data Centers.
The New Data Center screen opens.
3. Specify the settings for the new data center.
4. Click the Finished button.
Repeat this process for each data center in your network.
Modifying data centers
After you create a data center, you can change its settings, as needed.
To modify a data center
click Data Centers.
2. Click the name of the data center that you want to modify.
The properties screen for that data center appears.
3. Modify the settings for the data center.
Chapter 5
5 - 4
Deleting data centers
You can delete data centers that you no longer need.
To delete a data center
click Data Centers.
2. Check the Select box that corresponds to the data center that you
want to delete.
A confirmation screen opens.
4. Click the Delete button to delete the selected data center.
Enabling and disabling data centers
When you create a data center, it is enabled by default. You can disable a
data center manually, which allows you to temporarily remove it from
global traffic management load balancing operations; for example, during a
maintenance period. When the maintenance period ends, you can once again
enable the data center.
The resources associated with a data center are available only when the data
center is also available, based on the metrics collected by the Global Traffic
Manager.
To enable or disable a data center
click Data Centers.
2. Check the Select box that corresponds to the data center that you
want to either enable or disable.
3. Click the button that performs the action that you want to
accomplish:
Click the Enable button to enable the data center.
The icon representing the availability of the data center changes
to a blue square, indicating that it is enabled.
Click the Disable button to disable the data center.
The icon representing the availability of the data center changes
to a black square, indicating that it is disabled.

TM
5 - 5
Managing servers
A server defines a specific physical system on the network. Within the
Global Traffic Manager, servers are not only physical entities that you can
configure and modify as needed; they also contain the virtual servers that
are the ultimate destinations of name resolution requests. When you
configure a server on the Global Traffic Manager, unless the server is either
a Global Traffic Manager or a Link Controller, the server must contain at
least one virtual server.
The Global Traffic Manager supports three types of servers:
BIG-IP systems
A BIG-IP
system can be a Global Traffic Manager, a Local Traffic

Manager, a Link Controller, or a VIPRION
system.
Third-party load balancing systems
A third-party load balancing system is any system, other than a BIG-IP
system, that supports and manages virtual servers on the network. See
Defining third-party load balancing servers, on page 5-9, for a list of
supported load balancing servers and instructions on how to define these
servers.
Third-party host servers
A third-party host system is any server on the network that does not
support virtual servers. See Defining third-party host servers, on page
5-10, for a list of supported host servers and instructions on how to
define these servers.
At a minimum, you must define the following servers on the Global Traffic
Manager:
The current Global Traffic Manager
A managed server (either a load balancing server or a host)
The following procedures describe how to define each server type in your
network. These procedures assume that the servers are up and running in the
network, and that they already have virtual servers defined (if the server
manages virtual servers).
Defining BIG-IP systems
When you configure a Global Traffic Manager, you first define the system
itself. Then you define the other BIG-IP systems in the physical network,
such as backup systems on the current network segment, or systems that
reside at other data centers.
Chapter 5
5 - 6
Defining the current Global Traffic Manager
Global Traffic Manager systems are load balancing servers that are part of
your physical network. You first configure the settings of a Global Traffic
Manager itself, and then you can add other Global Traffic Manager systems
to the configuration.
If the Global Traffic Manager that you are configuring has multiple links
(that is, multiple network devices that connect it to the internet), you can add
the self IP addresses of these devices to the system. After you configure
these systems, the agents and other utilities, such as the big3d agent, can
gather and analyze network traffic path and metrics information.
After you configure the additional servers and links, you can synchronize
the settings of a specific Global Traffic Manager to other Global Traffic
Managers on the physical network.
Important
You must use a self IP address when you define a Global Traffic Manager.
You cannot use the management IP address.
To define the current Global Traffic Manager
click Servers.
3. In the Name box, type a name that identifies the Global Traffic
Manager.
4. From the Product list, specify the type of system that is required:
BIG-IP System (Single) specifies a primary system.
BIG-IP System (Redundant) specifies a backup system.
Address box, and then click Add. Then add the self IP address of
the backup system to the Peer Address List, by typing the self IP
address in the Address box, and click Add.
6. From the Data Center list, select a data center to which the Global
Traffic Manager belongs.
Note: A server must belong to a data center. See Managing data
centers, on page 5-2, for additional information.
7. Configure the remaining server settings, and then click the Create
button to create the new server.

TM
5 - 7
Defining Local Traffic Manager systems
Local Traffic Manager systems are load balancing servers that manage
virtual servers on the network. There are two standard configurations for a
Local Traffic Manager:
A stand-alone system on the network
A component module residing on the same hardware as the Global
Traffic Manager
Regardless of whether the Local Traffic Manager shares the same hardware
as the Global Traffic Manager, you should ensure that you have the
following information available before you define the system:
The self IP addresses and translations of the Local Traffic Manager
systems interfaces
Note: When you define a Local Traffic Manager, you must use a self IP
address. You cannot use a management IP address.
The IP address and service name or port number of each virtual server
managed by the Local Traffic Manager, unless you want to use
auto-configuration to discover the virtual servers on the Local Traffic
Manager system
Note: If your installation of the Global Traffic Manager resides on the
same system as a Local Traffic Manager, you define only one BIG-IP
server. This server entry represents both the Global Traffic Manager and
Local Traffic Manager modules.
To define a Local Traffic Manager
click Servers.
3. In the Name box, type a name that identifies the Local Traffic
Manager.
4. From the Product list, specify the type of system that is required:
BIG-IP System (Single) specifies a primary system.
BIG-IP System (Redundant) specifies a backup system.
Address box, and then click Add. Then add the self IP address of
the backup system to the Peer Address List, by typing the self IP
address in the Address box, and click Add.
Chapter 5
5 - 8
6. From the Data Center list, select a data center to which the Local
Traffic Manager belongs.
7. Configure the remaining server settings, including the virtual
servers managed by the Local Traffic Manager.
Defining Link Controller Systems
The Link Controller is also part of the BIG-IP product family. Link
Controller systems monitor the performance and availability of wide-area
connections.
To define a Link Controller
click Servers.
3. In the Name box, type a name that identifies the Link Controller.
4. From the Product list, select BIG-IP System (Single).
5. Type the IP address in the Address box, and then click Add.
network.
6. From the Data Center list, select a data center to which the Link
Controller belongs.
For additional assistance on these settings, see the online help.

TM
5 - 9
Defining third-party load balancing servers
In addition to BIG-IP systems, the Global Traffic Manager can interact with
other load balancing servers to determine availability and performance
metrics for load balancing connection requests.
The Global Traffic Manager supports these load balancing servers:
Alteon
Ace Director
Cisco
CSS
Cisco
LocalDirector v2
Cisco
LoadDirector v3
Cisco
SLB
Extreme
Foundry
ServerIron
Radware WSD
Note
If your network uses a load balancing server that is not found on this list,
you can use the Generic Load Balancer option. See Defining a generic load
balancing server, on page 5-10.
Adding load balancing servers
You can add as many third-party load balancing servers as you need into
your configuration of the Global Traffic Manager.
To add a load balancing server
click Servers.
3. In the Name box, type a name that identifies the server.
4. From the Product list, select the appropriate load balancing server.
If your network uses a load balancing server that is not on this list,
you can use the Generic Load Balancer option. See Defining a
generic load balancing server, on page 5-10.
5. Type the IP address of the server in the Address box, and then click
Add.
network.
Chapter 5
5 - 10
6. From the Data Center list, select a data center to which the server
belongs.
Defining a generic load balancing server
In the event that your network uses a load balancing server that is not
explicitly supported by the Global Traffic Manager, you can define a
generic load balancer.
To define a generic load balancing server
click Servers.
4. From the Product list, select Generic Load Balancer.
Add.
network.
belongs.
Defining third-party host servers
Another server type that you might include as part of your network is a host.
A host is an individual network resource, such as web page or a database,
that is not a part of the BIG-IP product family and does not provide load
balancing capabilities for the resources it supports.

TM
5 - 11
The Global Traffic Manager supports the following host servers:
CacheFlow
NetApp
Sun Solaris
Windows 2000 Server (You can monitor the Windows Vista
Enterprise
Server using the Windows 2000 Server-based computer.)
Windows Server
2003
Windows NT 4.0
Note
If your network uses a host server that is not on this list, you can use the
Generic Host option. See Defining a generic host server, on page 5-12.
To define a host server
click Servers.
4. From the Product list, select the appropriate host server.
Add.
network.
belongs.
Chapter 5
5 - 12
Defining a generic host server
In the event that your network uses a host server that is not explicitly
supported by the Global Traffic Manager, you can add a generic host server.
To define a generic host server
click Servers.
4. From the Product list, select Generic Host.
Add.
network.
belongs.
Searching for a specific server
If you want to view or modify the properties of a server, you can locate that
specific server using the search feature. You can search by either the full or
partial name or the IP address of the server. The search feature can be
especially useful for companies with large networks that contain numerous
servers. For more information about how the search feature works see
Locating a component using the search feature, on page 2-6.
To search for a specific a server
click Servers.
2. In the selection criteria box, type the name or IP address of the
server that you want to modify, and then click Filter.
A list of servers that matches the criteria you entered displays.

TM
5 - 13
3. Click the name of the server that you want to view or modify.
The properties screen for that server opens.
4. Make changes to the server properties as required.
Assigning monitors to servers
Each server that you add to the Global Traffic Manager, whether it is a
BIG-IP system, a third-party load balancing server, or a host server, has a
variety of monitors available. You can assign these monitors to track
specific data, and use that data to determine load balancing or other actions.
Detailed information about monitors is available in Chapter 11, Configuring
Monitors.
To add monitors to a server
click Servers.
2. Click the name of the server to which you want to add monitors.
3. From the Configuration list, select Advanced.
Additional fields display with default settings.
4. For Health Monitors, use the Move buttons (<< >>) to move
monitors from the Available list to the Selected list.
Monitors in the Selected list are active for the server.
Specifying thresholds for availability
When you set thresholds for availability, the Global Traffic Manager can
detect when a managed server is low on resources, and redirect the traffic to
another server. Setting limits can help eliminate any negative impact on a
server's performance of tasks that may be time critical, require high
bandwidth, or put high demand on system resources. The system resources
vary depending on the monitors you assign to the server.
You can specify thresholds for the following components:
Servers
Virtual servers
Pools
Pool members
Chapter 5
5 - 14
Setting thresholds for servers
When you configure a server, you can set limits for specific elements
depending upon whether the server is part of the BIG-IP product family,
such as a Local Traffic Manager, or another server type. If the server is part
of the BIG-IP product family, you can base thresholds on:
Bits (per second)
Packets (per second)
Current Connections
If the server is not part of the BIG-IP product family, such as a generic host
server, you can base thresholds on:
CPU
Memory
Bits
Packets
Current Connections
The following procedure provides general instructions for configuring
thresholds. For detailed information about these settings, see the online help.
To set thresholds for servers
click Servers.
2. Click the name of the server for which you want to set the threshold.
Additional fields display with default settings. For more information
about the settings, see the online help.
4. For Limit Settings, select Enabled from the list that corresponds to
the threshold you want to use.
A new box appears.
5. Type the appropriate value for each threshold.
You can also set limits for virtual server resources. For more information
see, Setting thresholds for virtual servers, on page 5-15. If a server meets or
exceeds its limits, both the server and the virtual servers it manages are
marked as unavailable for load balancing. You can quickly review the
availability of any of your servers or virtual servers on the Statistics screens.

TM
5 - 15
Setting thresholds for virtual servers
When you configure a virtual server, you can set thresholds for:
Bits (per second)
Current connections
The following procedure provides general instructions for configuring these
thresholds. For detailed information about Limit Settings, see the online
help.
To set thresholds for virtual servers
click Servers.
2. Click the name of the server that contains the virtual server.
3. On the menu bar, click Virtual Servers.
The virtual servers screen opens.
4. Click the name of the virtual server for which you want to set limits.
A new box appears.
Setting thresholds for pools
When you configure a pool, you can set thresholds for:
Bits (per second)
Current connections
thresholds. For detailed information about setting thresholds, see the online
help.
Chapter 5
5 - 16
To set thresholds for pools
click Pools.
The main screen for pools opens.
2. Click the name of the pool for which you want to set limits.
The properties screen for that pool appears.
A new box appears.
You can also set limits for pool members. For more information, see Setting
thresholds for pool members, following. If a pool meets or exceeds its
limits, both the pool and the pool members it manages are marked as
unavailable for load balancing. You can quickly review the availability of
any of your pools or pool members on the Statistics screens.
Setting thresholds for pool members
When you configure a pool member, you can set thresholds for:
Bits (per second)
Current Connections
thresholds. For detailed information on these thresholds, see the online help.
To set thresholds for pool members
click Pools.
2. Click the name of the pool that contains the pool member.
The properties screen for that pool appears.
3. On the menu bar, click Members.
The members screen opens.
4. Click the name of the pool member for which you want to set limits.

TM
5 - 17
A new box appears.
Discovering resources automatically
You can configure the Global Traffic Manager to automatically discover
virtual servers and links that are associated with any member of the BIG-IP
product family. This capability is available by enabling the Virtual Server
Discovery option, which identifies virtual servers, and the Link Discovery
option, which discovers links. When you enable either virtual server or link
discovery, the system automatically searches for resources of the specified
type, and adds them to its configuration. You configure discovery of virtual
servers and links at the server level. For more information on discovery
options, see Configuring auto-discovery, on page 3-14.
Depending on the server you are configuring, you have two discovery
options available:
On Local Traffic Manager systems, you can enable discovery for both
virtual servers and links.
On load balancing servers, you can only enable discovery for virtual
servers.
Note
The Global Traffic Manager requires that each virtual server has a unique
name. In instances where the auto-discovery process finds two virtual
servers with the same name, the system modifies the name by creating a new
name using the pattern, <server name>_<bigip system name>. In the event
that this does not resolve the name conflict, the system appends a number to
the name, for example, <server name>_<bigip system name>_1.
To discover virtual servers
click Servers.
2. Click the name of the server for which you want to discover virtual
servers.
The properties screen for that server appears.
Chapter 5
5 - 18
4. From the Virtual Server Discovery list, select the appropriate
setting.
If you select Disabled, the virtual server list appears, which
provides options for adding virtual servers manually.
To discover links
You can enable discovery for links only on BIG-IP systems.
click Servers.
2. Click the name of the server for which you want to discover links.
3. On the menu bar, click Links.
4. From the Link Discovery list, select the appropriate setting.

TM
5 - 19
Managing virtual servers
Servers, excluding Global Traffic Manager systems and Link Controller
systems, contain at least one virtual server. A virtual server, in the context
of the Global Traffic Manager, is a specific IP address and port number that
points to a resource on the network. In the case of host servers, this IP
address and port number likely point to the resource itself. With load
balancing systems, such as the Local Traffic Manager, these virtual servers
are often proxies that allow the load balancing server to manage the resource
request across a multitude of resources.
You can add virtual servers in two ways:
Automatically, through the use of the discovery feature. For more
information on automatically discovering virtual servers, see Discovering
resources automatically, on page 5-17.
Manually, through the properties screens of the given server.
Adding virtual servers manually
You can manually add a virtual server to a given server using the following
procedure. If you want to add virtual servers through the use of the
discovery feature, see Discovering resources automatically, on page 5-17.
Important
Each virtual server that you add to the Global Traffic Manager must have a
unique name.
To add a virtual server
click Servers.
2. Click the name of the server to which you want to add virtual
servers.
4. From the Virtual Server Discovery list, select Disabled.
5. Click the Update button to implement this change.
6. Click the Add button to begin adding a new virtual server.
The new virtual server screen opens.
This displays additional fields, and allows you to modify additional
default settings.
Chapter 5
5 - 20
8. For the Dependency List option, select a virtual server from the
Virtual Servers list, and then click Add.
For more information on these options, see the online help.
9. Click the Create button to save the new virtual server.
Modifying virtual servers
You can modify the configuration of a virtual server at any time; for
example, when you want to change the IP address and port number of the
virtual server, or when you want to modify the IP address translation
settings.
To edit a virtual server
click Servers.
2. Click the name of the server on which the virtual server you want to
edit resides.
4. Click the name of the virtual server that you want to modify.
The properties page of the virtual server opens.
5. Edit the virtual server as needed.
For more information on these options, see the online help.
Removing virtual servers
You can remove a virtual server from the system configuration at any time.
To remove a virtual server
click Servers.
2. Click the name of the server from which you want to remove virtual
servers.
The properties screen for that server appears.
4. Check the box that corresponds to the virtual server that you want to
remove, and then click Remove.

TM
5 - 21
Managing links
A link defines a physical connection to the Internet that is associated with
one or more routers on the network. The Global Traffic Manager tracks the
performance of links, which in turn can dictate the overall availability of a
given pool, data center, wide IP, or distributed application.
To configure the links that you want the Global Traffic Manager to load
balance, you add a link entry, and then associate one or more routers with
that entry. You can also configure monitors to check certain metrics
associated with a link, and modify how the system load balances network
traffic across links.
You can manage links by:
Defining a link
Adding routers to a link
Assigning monitors to a link
Configuring link weighting and billing properties
Defining links
Before you can load balance inbound and outbound traffic, you must
configure basic link properties. The following procedure describes how to
configure the basic properties of a link.
To configure a link
click Links.
The main screen for links opens.
The New Link screen opens.
3. In the Name box, type a name that identifies the link.
4. In the Address box, type the router address of the link, and then
click Add.
Note: You can add more than one address to any given link,
network.
5. From the Data Center list, select the data center to which you want
to associate the link.
Note: A link must be associated with a data center.
6. Configure the other link options as needed.
For detailed information on these options, see the online help.
7. Click the Create button to create the link.
Chapter 5
5 - 22
Adding and removing routers
You can add or remove routers associated with a link at any time.
To add a router to a link
click Links.
2. Click the name of the link to which you want to add a router.
The properties screen for that link opens.
3. In the Address box, type the router address of the link, and then
click Add.
Note: You can add more than one address to any given link,
network.
To remove a router from a link
click Links.
2. Click the name of the link from which you want to remove a router.
The Properties screen for that link opens.
3. For Router Address List, select a router, and then click Remove.
Repeat this step for any other routers that you want to remove.
Assigning monitors to links
After you configure a link, you can assign to the link monitors that track
specific data. The system can use this data to manage global traffic. For
detailed information about monitors, see Chapter 11, Configuring Monitors.
To add monitors to a link
click Links.
2. Click the name of the link to which you want to add monitors.

TM
5 - 23
monitors from the Available list to the Enabled list.
Monitors in the Enabled list are active for the link.
Removing monitors from links
You can remove a monitor association from a link at any time. For detailed
information about monitors, see Chapter 11, Configuring Monitors.
To remove a monitor from a link
click Links.
2. Click the name of the link from which you want to remove
monitors.
monitors from the Enabled list to the Available list.
Monitors in the Available list are not active for the link.
Configuring link weighting and billing properties
You can configure how the system manages and distributes traffic for a
given link on the properties screen for the link, using these settings:
Ratio Weighting
If you have links of varying bandwidth sizes, and you want to load
balance the traffic to the controller based on a ratio, you can select the
Ratio option from the Weighting list. You use this configuration to
avoid oversaturating a smaller link with too much traffic.
Price Weighting
If you pay varying fees for the bandwidth usage associated with the links,
you can select the Price (Dynamic Ratio) option from the Weighting
list. You use this configuration to direct traffic over the least expensive
link first and to avoid the costs associated with exceeding a prepaid
bandwidth.
Chapter 5
5 - 24
Duplex Billing
If your ISP provider uses duplex billing, you can configure the Duplex
Billing setting so that the statistics and billing report screens accurately
reflect the bandwidth usage for the link.
Important
You can use either the Ratio or Price (Dynamic Ratio) weighting option to
load balance the traffic through all of your links. You must use the same
weighting option for all links.
To configure Ratio or Price weighting properties for a link
click Links.
2. Click the name of the link for which you want to configure link
weighting properties.
Additional fields, including the Weighting list, display.
4. From the Weighting list, select either Ratio or Price (Dynamic
Ratio), depending on how you want to weight the link.
5. Configure additional options as needed.
For more information, see the online help.
To configure duplex billing properties
click Links.
2. Click the name of the link for which you want to configure duplex
billing properties.
Additional fields display, including the Duplex Billing setting.
4. Check the Duplex Billing box.
6
Managing pools
Managing wide IPs
Managing distributed applications

TM
6 - 1
After you define the physical components of your network, such as data
centers, servers, and links, you can configure the Global Traffic Manager
with the logical components of your network. Logical components are
abstractions of network resources, such as a virtual servers. Unlike physical
components, the logical network can often span multiple physical devices,
or encompass a subsection of a single device.
Through the Global Traffic Manager, you define three primary types of
logical network components:
Pools
Wide IPs
Understanding logical components
To better understand the interactions between pools, wide IPs, and data
centers, consider the fictional company of SiteRequest. SiteRequest is an
online application repository. Currently, its presence on the World Wide
Web consists of a main site, www.siterequest.com; a download area,
downloads.siterequest.com; and a search area, search.siterequest.com.
These three fully-qualified domain names (FQDNs), www.siterequest.com,
downloads.siterequest.com, and search.siterequest.com, are wide IPs.
Each of these wide IPs contain several pools of virtual servers. For example,
www.siterequest.com contains two pools of virtual servers: poolMain, and
poolBackup. When the Global Traffic Manager receives a connection
request for www.siterequest.com, it applies its load balancing logic to
select the appropriate pool to handle the request.
Once the Global Traffic Manager selects a pool, it then load balances the
request to the appropriate virtual server. For example, mainPool contains
three virtual servers: 192.168.3.10:80, 192.168.4.20:80, and
192.168.5.30:80. The Global Traffic Manager responds to the system that
made the connection request with the selected virtual server. From then on,
the Global Traffic Manager steps out of the communication, and the system
requesting the resource communicates directly with the virtual server.
Note
If a virtual server is managed by a load balancing server that is not in the
BIG-IP
product family, the IP address and port number of the virtual

server often point to a proxy on which the load balancing server listens for
connection requests. In that case, the load balancing server remains in the
communication directing the connection to the appropriate resource.
Chapter 6
6 - 2
For administration purposes, the wide IPs downloads.siterequest.com and
search.siterequest.com are added to a single distributed application,
siterequest_download_store. This configuration provides the IT staff the
ability to track the performance of the distributed application, as
performance has an immediate impact on the users that visit the web sites.
Managing pools
A pool represents one or more virtual servers that share a common role on
the network. A virtual server, in the context of the Global Traffic Manager,
is a combination of IP address and port number that points to a specific
resource on the network.
The Global Traffic Manager considers any virtual servers that you add to a
pool to be pool members. A pool member is a virtual server that has specific
attributes that pertain to the virtual server only in the context of that pool.
Through this differentiation, you can customize settings, such as thresholds,
dependencies, and health monitors, for a given virtual server on a per-pool
basis.
As an example of the difference between pool members and virtual servers,
consider the fictional company SiteRequest. In the London data center, the
IT team has a virtual server that acts as a proxy for a Local Traffic
Manager. This virtual server is the main resource for name resolution
requests for the companys main web page that originate from Europe. This
same virtual server is the backup resource for name resolution requests that
originate from the United States. Because these are two distinctly different
roles, the virtual server is a pool member in two different pools. This
configuration allows the IT team to customize the virtual server for each
pool to which it belongs, without modifying the actual virtual server itself.
As described in Chapter 5, Defining the Physical Network, before you can
add virtual servers to the Global Traffic Manager, you must define a server
that represents a physical component of your network. Then you can add
virtual servers to the server, and group the virtual servers in pools.
You manage pools in the following ways:
Define pools
Add virtual servers to pools
Remove virtual servers from pools
Organize virtual servers within pools
Weight virtual servers within pools
Disable or enable pools

TM
6 - 3
Defining pools
When you create a pool, you name it and add at least one virtual server as a
member of the pool. You can also assign specific load balancing methods, a
fallback IP address, and one or more health monitors to the pool. You assign
a fallback IP address in the event that the load balancing methods you assign
to the pool fail to return a valid virtual server. The health monitors that you
assign to the pool use various methods to determine if the virtual servers
within the pool are available.
To define a pool
click Pools.
The main pools screen opens.
The New Pool screen opens.
3. In the Name box, type a name for the pool.
4. For Member List, from the Virtual Server list, select the virtual
servers that you want to include in this pool, and then click Add.
Note: A virtual server can belong to more than one pool.
5. Configure the remaining pool settings.
6. Click the Finished button to save the new pool.
Repeat this process for each pool that you want to create.
Adding virtual servers to pools
A pool is one or more virtual servers (pool members) that share a common
role on the network. As your network changes, you might find that you need
to add new virtual servers to a pool.
To add a virtual server to a pool
click Pools.
2. Click the name of the pool to which you want to add a virtual server.
The properties screen of that pool opens.
The pool members screen opens displaying the virtual servers
currently assigned to the pool.
4. Click the Manage button.
The manage members screen opens.
Chapter 6
6 - 4
5. In the Member List area, from the Virtual Server list, select the
appropriate virtual server, and then click Add.
Repeat this step for each virtual server that you want to add to the
pool.
6. Click Finished to update the pool with the new virtual server.
Removing virtual servers from pools
Networks often change over time. As a result, you might find that you need
to remove virtual servers from a pool. For example, a virtual server might
become obsolete due to an upgrade, or you might reconfigure a pool to
perform a different role, and certain virtual servers may no longer be
needed.
You can remove a virtual server from a pool at any time. Removing a virtual
server does not delete it from the Global Traffic Manager; the virtual server
still exists and remains associated with its physical server. However, if you
remove a pool member from a pool, the customizations of the virtual server
that pertain to the pool member no longer exist.
If you want to delete a virtual server completely from the Global Traffic
Manager, see Removing virtual servers, on page 5-20.
To remove a virtual server from a pool
click Pools.
2. Click the name of the pool from which you want to remove a virtual
server.
5. From the Member List, select the virtual server you want to
remove, and click Remove.
Repeat this step for each virtual server that you want to remove
from the pool.
6. Click the Finished button to update the pool.
Organizing virtual servers within pools
Certain load balancing methods within the Global Traffic Manager select
virtual servers based on the order in which they are listed in the pool. For
example, the load balancing method, Global Availability, instructs the

TM
6 - 5
Global Traffic Manager to select the first virtual server in the pool until it
reaches capacity or goes offline, at which point it selects the next virtual
server until the first pool becomes available again.
Note
For more information on the load balancing methods that the Global Traffic
Manager supports, see Chapter 7, Load Balancing with the Global Traffic
Manager.
If you use a load balancing method that selects virtual servers based on the
order in which they are listed in the pool, you may want to change the order
in which the virtual servers are listed in the Member List. When you
organize your virtual servers in conjunction with these load balancing
methods, you can ensure that your most robust virtual server always
receives resolution requests, while the other virtual servers act as backups in
case the primary virtual server becomes unavailable.
To organize virtual servers within a pool
click Pools.
2. Click the name of the pool for which you want to organize virtual
servers.
The Manage Members screen opens.
5. From the Member List, select a virtual server and click either the
Up or Down button to change its position in the list.
Repeat this step for each virtual server that you want to reposition in
the list.
6. Click the Finished button to update the pool.
Weighting virtual servers within pools
One of the load balancing methods that the Global Traffic Manager supports
is the Ratio mode. This mode instructs the system to load balance network
requests based on the weights assigned to a specific resource. If you use the
Ratio mode to load balance across virtual servers in a pool, you must assign
weights to the virtual servers. A weight is a value assigned to a resource,
such as a pool, that the Global Traffic Manager uses to determine the
frequency at which the resource receives connection requests. The Global
Traffic Manager selects a resource based on the weight of that resource as a
percentage of the total of all weights in that resource group.
Chapter 6
6 - 6
To illustrate the use of weights in connection load balancing, consider the
fictional company SiteRequest. One of SiteRequests wide IPs,
www.siterequest.com, contains a pool labeled poolMain. This pool uses
the Ratio load balancing mode and contains three virtual servers, with the
following weight assignments:
Virtual server 1: weight 50
Notice that the total of all the weights in this pool is 100. Each time the
Global Traffic Manager selects this pool, it load balances across all three
virtual servers. Over time, the load balancing statistics for this pool appear
as follows:
Virtual server 1: selected 50 percent of the time
This pattern exists because the weight value, 50, is 50 percent of the total
weight for all virtual servers (100), while the weight value, 25, is 25 percent
of the total.
Note
For information on the Ratio mode and other load balancing methods, see
Chapter 7, Load Balancing with the Global Traffic Manager.
To weight virtual servers within a pool
click Pools.
2. Click the name of the pool with which the virtual server that you
want to assign a weight is associated.
5. From the Virtual Server list, select the virtual server to which you
want to assign a weight.
Note: If the virtual server already belongs to the pool, you must first
remove the virtual server from the pool, and then add it back in
again. For more information, see Removing virtual servers from
pools, on page 6-4.

TM
6 - 7
6. In the Ratio box, type a numerical value that represents the weight
of the virtual server as compared to other virtual servers within the
same pool. The higher the value in this setting, the greater the
frequency at which the Global Traffic Manager selects the virtual
server.
7. Click the Add button to add the virtual server, with ratio value, to
the pool.
Repeat this process for each virtual server.
Disabling and enabling pools
By default, any pool that you create in the Global Traffic Manager is
enabled. This means that the pool is accessible to the Global Traffic
Manager as it balances connection requests. You can temporarily disable a
pool, such as for a maintenance period, and then re-enable the pool when it
is ready to receive name resolution requests.
To disable a pool
click Pools.
2. Check the Select box for the pool that you want to disable.
3. Click the Disable button.
After a few seconds, the pool becomes disabled. You can verify that
the pool is disabled by looking at its status icon, located in the
Status column in the table of pools. The status of a disabled pool is a
black square.
To enable a pool
click Pools.
2. Check the Select box for the pool that you want to enable.
3. Click the Enable button.
After a few seconds, the pool becomes enabled. The status icon of
the pool, located in the Status column in the table of pools, changes
to reflect the current availability of the pool. For example, a pool
that is enabled and verified as available by the Global Traffic
Manager has a status icon of a green circle.
Chapter 6
6 - 8
Defining pools using a canonical name
When you create a pool, instead of adding virtual servers to the pool, you
can instead provide a canonical name (CNAME) that the system returns in
responses to requests for that pool. In this case, you do not add members to
the pool, because the CNAME always takes precedence over pool members.
The health monitors that you assign to the pool use various methods to
determine if this pool is available for load balancing.
To define a pool using a CNAME
click Pools.
The New Pool screen opens.
3. In the Name box, type a name for the pool.
4. For CNAME box, type the canonical name of the zone that the
system uses for CNAME dynamic delegation. The name should be a
subset of the name of the wide IP within which the zone resides. For
example, if the wide IP is named www.siterequest.com, use
siterequest.com.
5. Configure the remaining pool settings.
6. Click the Finished button to save the new pool.

TM
6 - 9
Managing wide IPs
A wide IP is a mapping of a fully-qualified domain name (FQDN) to a set of
virtual servers that host the domains content, such as a web site, an
e-commerce site, or a content delivery network (CDN). Wide IPs use pools
to organize virtual servers, which creates a tiered load balancing effect: the
Global Traffic Manager first load balances requests to the appropriate pool
of a wide IP, and then load balances within the pool to the appropriate
virtual server.
You can interact with wide IPs in many ways. You can:
Define a wide IP
Add pools to wide IPs
Remove pools from wide IPs
Organize pools within wide IPs
Weight pools within wide IPs
Disable and enable wide IPs
Incorporate iRules
Defining wide IPs

When you create a wide IP, you name it and add at least one pool. You can
also assign specific load balancing methods to the wide IP. Additionally,
you can assign iRules, which are scripts that programmatically control how
the Global Traffic Manager handles name resolution requests, to the wide
IP.
To define a wide IP
click Wide IPs.
The wide IP screen opens.
The New Wide IP screen opens.
3. In the Name box, type the fully-qualified domain name for the wide
IP.
4. In the Pools section, use the Pool List option to add the pools that
belong to this wide IP.
Note that a pool can belong to more than one wide IP.
5. Configure the remaining wide IP settings.
6. Click the Finish button to save the new wide IP.
Repeat this process for each wide IP that you want to create.
Chapter 6
6 - 10
Using wildcard characters in wide IP names
The Global Traffic Manager supports wildcard characters in both wide IP
names and wide IP aliases. If you have a large quantity of wide IP names
and aliases, you can use wildcard characters to simplify your maintenance
tasks. The wildcard characters you can use are: the question mark ( ? ), and
the asterisk ( * ).
The guidelines for using the wildcard characters are as follows:
The question mark ( ? )
Use the question mark to replace a single character, with the
exception of dots ( . ).
Use more than one question mark in a wide IP name or alias.
Use both the question mark and the asterisk in the same wide IP name
or alias.
The asterisk ( * )
Use the asterisk to replace multiple consecutive characters, with the
exception of dots ( . ).
Use more than one asterisk in a wide IP name or alias.
Use both the question mark and the asterisk in the same wide IP name
or alias.
The following examples are all valid uses of the wildcard characters for the
wide IP name, www.mydomain.net.
???.mydomain.net
www.??domain.net
www.my*.net
www.??*.net
www.my*.*
???.my*.*
*.*.net
www.*.???
Searching for a specific wide IP
When you want to modify a wide IP, you can locate that specific wide IP
using the search feature. You can search either by the full or partial name or
alias of the wide IP. The search feature can be especially useful for
companies with large networks that contain numerous wide IPs. For more
information about how the search feature works see Locating a component
using the search feature, on page 2-6.

TM
6 - 11
To search for a specific wide IP
click Wide IPs.
The main screen for wide IPs opens.
2. In the Filter box, type the name or alias of the wide IP that you want
to modify, and then click Filter.
A list of wide IPs that matches the criteria you entered displays. For
information about using a search pattern that includes a wildcard,
see Locating a component using the search feature, on page 2-6.
3. Click the name of the wide IP that you want to modify.
The properties screen for that wide IP opens.
4. Make changes to the wide IP properties as required.
Adding pools to wide IPs
A wide IP must contain at least one pool, which must contain at least one
pool member. This hierarchal configuration allows the Global Traffic
Manager to load balance connection requests for a wide IP at two levels:
first, the connection is load balanced across the pools assigned to the wide
IP; second, the connection is load balanced across the pool members within
the given pool.
Tip
You can assign the same pool to multiple wide IPs.
To add a pool to a wide IP
click Wide IPs.
The Wide IPs screen opens.
2. Click the name of the wide IP to which you want to add a pool.
The properties screen of that wide IP opens.
3. On the menu bar, click Pools.
The pools screen opens displaying a list of the pools currently
assigned to the wide IP.
The manage pools screen opens.
5. Use the Pool List settings to add a pool to the wide IP.
6. Click the Finished button to save your changes to the wide IP.
Repeat this process for each pool that you want to add to the wide IP.
Chapter 6
6 - 12
Removing pools from wide IPs
When you remove a pool from a wide IP, the Global Traffic Manager ceases
to use that pool when load balancing name resolution requests. Removing a
pool does not delete it from the Global Traffic Manager; the pool remains
available, and you can add it to another wide IP.
To remove a pool from a wide IP
click Wide IPs.
2. Click the name of the wide IP from which you want to remove a
pool.
The Pools screen opens displaying a list of the pools currently
5. Use the Pools List option to select the pool that you want to
remove, and then click Remove.
6. Click the Update button to save your changes to the wide IP.
Repeat this process for each pool that you want to remove from the wide IP.
Organizing pools within wide IPs
Certain load balancing methods within the Global Traffic Manager select
pools based on the order in which they are listed in the wide IP. For
example, the load balancing method, Global Availability, instructs the
Global Traffic Manager to select the first pool in the wide IP until it
becomes unavailable, at which point it selects the next pool until the first
pool becomes available again.
Note
For more information on load balancing methods that the Global Traffic
Manager supports, see Chapter 7, Load Balancing with the Global Traffic
Manager.
If you use a load balancing method that selects pools based on the order in
which they are listed in a wide IP, you may want to change the order in
which the pools are listed in the Pools List. When you organize your pools
in conjunction with these load balancing methods, you can ensure that your
most robust pool always receives resolution requests, while the other pools
act as backups in case the primary pool becomes unavailable.

TM
6 - 13
To organize pools within a wide IP
click Wide IPs.
2. Click the name of the wide IP in which you want to organize pools.
The properties page of that wide IP opens.
5. Use the Pools List settings to select the pool and click either the Up
or Down button to change its sequence.
Repeat this process until the pools are listed in the necessary order.
Weighting pools within wide IPs
One of the load balancing methods that the Global Traffic Manager supports
is the Ratio mode. This mode instructs the system to load balance network
requests based on the weights assigned to a specific resource. If you use the
Ratio mode to load balance across pools in a wide IP, you must assign
weights to those pools. A weight is a value assigned to a resource, such as a
pool, that the Global Traffic Manager uses to determine the frequency at
which the resource receives connection requests. The Global Traffic
Manager selects a resource based on the weight of that resource as a
percentage of the total of all weights in that resource group.
To illustrate the use of weights in connection load balancing, consider the
fictional company SiteRequest. One of SiteRequests wide IPs,
www.siterequest.com, uses the Ratio load balancing mode and contains
three pools, with the following weight assignments:
Pool 1: weight 50
Pool 2: weight 25
Pool 3: weight 25
Notice that the total of all the weights in this wide IP is 100. Each time the
Global Traffic Manager selects this wide IP, it load balances across all three
pools. Over time, the load balancing statistics for this wide IP appear as
follows:
Pool 1: selected 50 percent of the time
Chapter 6
6 - 14
This pattern exists because the weight value, 50, is 50 percent of the total
weight for all pools, while the weight value, 25, is 25 percent of the total.
Note
For information on the Ratio mode and other load balancing methods, see
Chapter 7, Load Balancing with the Global Traffic Manager.
To weight pools within a wide IP
click Wide IPs.
2. Click the name of the wide IP in which you want to weight pools.
The Manage Pools screen opens.
5. Use the Pool List to select the pool to which you want to assign a
ratio value.
Note: If the pool already belongs to the wide IP, you must first
remove the pool from the wide IP, and then add it back in again.
6. In the Ratio box, type a numerical value that represents the weight
of the pool as compared to other pools within the same pool. The
higher the value in this box, the greater the frequency at which the
Global Traffic Manager selects the pool.
7. Click the Add button to add the pool, with ratio value, to the pool.
Repeat this process for each pool.

TM
6 - 15
Disabling and enabling wide IPs
By default, any wide IP that you create in the Global Traffic Manager is
enabled. This means that the wide IP is accessible to the Global Traffic
Manager as it balances connection requests. You can temporarily disable a
wide IP, such as for a maintenance period, and then re-enable the wide IP
when it is ready to receive name resolution requests.
To disable a wide IP
click Wide IPs.
2. Check the Select box for the wide IP that you want to disable.
3. Click the Disable button.
After a few seconds, the wide IP becomes disabled. You can verify
that the wide IP is disabled by looking at its status icon, located in
the Status column in the table of wide IPs. The status of a disabled
wide IP is a black square.
To enable a wide IP
click Wide IPs.
The wide IP screen opens.
2. Check the Select box for the wide IP that you want to enable.
3. Click the Enable button.
After a few seconds, the wide IP becomes enabled. The status icon
of the pool, located in the Status column in the table of wide IP,
changes to reflect the current availability of the wide IP. For
example, a wide IP that is enabled and verified as available by the
Global Traffic Manager has a status icon of a green circle.
Incorporating iRules
An iRule is a set of one or more Tcl-based expressions that you can use with
wide IPs to customize how the Global Traffic Manager handles network
connection requests.
You can use iRules with wide IPs in the following ways:
Add an iRule to a wide IP
Remove an iRule from a wide IP
Organize multiple iRules assigned to a wide IP
For information on creating iRules, see Chapter 15, Managing iRules.
Chapter 6
6 - 16
Adding iRules to wide IPs
You can add an iRule to a wide IP at any time. When you add an iRule to a
wide IP, the Global Traffic Manager uses the iRule to determine how to load
balance name resolution requests.
To add an iRule to a wide IP
click Wide IPs.
2. Click the name of the wide IP in which you want to add an iRule.
3. On the menu bar, click iRules.
The iRules screen opens displaying a list of the iRules currently
The manage iRules screen opens.
5. Use the iRules List option to add an iRule to the wide IP.
6. Click the Finished button to save your iRule to the wide IP.
Repeat this process for each iRule that you want to add to the wide IP.
Removing iRules from wide IPs
When you remove an iRule from a wide IP, the Global Traffic Manager no
longer uses the iRule to determine how to load balance a name resolution
request. Removing an iRule does not delete it from the Global Traffic
Manager; you can still access the iRule by clicking iRules in the Global
Traffic section of the Main tab.
To remove an iRule from a wide IP
click Wide IPs.
2. Click the name of the wide IP in which you want to remove an
iRule.

TM
6 - 17
5. Use the iRules List option to select the iRule that you want to
remove and click Remove.
Repeat this process for each iRule that you want to remove from the wide
IP.
Organizing iRules within wide IPs
You can customize a wide IP using more than one iRule. For example, a
wide IP might have an iRule that focuses on the geographical source of the
name resolution request, and another that focuses on redirecting specific
requests to a different wide IP. If you assign more than one iRule to a wide
IP, the Global Traffic Manager applies iRules in the order in which they are
listed in the iRules List for the wide IP.
You can change the order in which the Global Traffic Manager applies
iRules to network connection requests at any time.
To organize iRules within a wide IP
click Wide IPs.
2. Click the name of the wide IP in which you want to organize iRules.
5. Use the iRules List to select the iRule, and click either the Up or
Down button to reposition the iRule in the list.
Repeat this process until the iRules are listed in the necessary order.
Chapter 6
6 - 18
Implementing the NoError response for IPv6 resolution
In networks that use IPv6 addresses, a system receiving a DNS request for a
zone is required to send a specific response, called a NoError response, any
time it receives an IPv6 request for a zone that does not contain a
corresponding AAAA record. After receiving this response, the client
making the request can re-send the request for an equivalent IPv4 A record
instead. Using the NoError response allows the client to send the equivalent
request sooner and receive the name resolution faster.
By default, the Global Traffic Manager does not send a NoError response
when it does not have a AAAA record for a given zone. However, you can
enable this response on a per-wide IP basis.
To implement the IPv6 NoError response
click Wide IPs.
2. Click the name of the wide IP to which you want to implement the
NoError response.
3. From the General Properties list, select Advanced.
4. From the IPv6 NoError Response list, select Enabled.
5. Click Update to save your changes.

TM
6 - 19
Managing distributed applications
A distributed application is a collection of wide IPs that serves as a single
application to a site visitor. Within the Global Traffic Manager, distributed
applications provide you with several advantages:
You can organize logical network components into groups that represent
the business environment for which these components were designed.
You can configure a distributed application so that it is dependent on a
physical component of your network, such as a data center, server, or
link. If this physical component becomes unavailable, the Global Traffic
Manager flags the distributed application as unavailable as well. These
dependencies ensure that a user cannot access a distributed application
that does not have all of its resources available.
You can define persistence for a distributed application, ensuring that a
user accessing the distributed application uses the same network
resources until they end their session.
You can manage distributed applications in the following ways:
Define distributed applications
Add wide IPs to distributed applications
Remove wide IPs from distributed applications
Set dependencies
Enable and disable distributed application traffic
Enable persistent connections
Defining distributed applications
When you create a distributed application, you name it and add at least one
wide IP. You can also configure the distributed application so that its
availability depends on the availability of specific servers, virtual servers, or
data centers. Additionally, you can configure whether the system routes
requests coming from the same source during a specific time period to the
same pool, or to a different pool. This is known as persistence.
To define a distributed application
click Distributed Applications.
The distributed applications screen opens.
The New Distributed Application screen opens.
3. In the Name box, type a name for the distributed application.
Chapter 6
6 - 20
4. Use the Member List settings to add the wide IPs that belong to this
distributed application.
Note: A wide IP can belong to only one distributed application. For
more information on wide IPs, see Managing wide IPs, on page
6-9.
5. Configure the remaining distributed application settings.
For assistance with these settings, see the online help.
6. Click the Finish button to create the distributed application.
Repeat this process for each distributed application that you want to create.
Adding wide IPs to distributed applications
A distributed application typically consists of multiple wide IPs that,
collectively, provide a common set of functions for end-users. Through the
Global Traffic Manager, you can add wide IPs to a distributed application.
Note
A wide IP can belong to only one distributed application.
To add a wide IP to a distributed application
2. Click the name of the distributed application to which you want to
add a wide IP.
The members screen opens displaying a list of the wide IPs
currently assigned to the distributed application.
The manage wide IPs screen opens.
5. Use the Member List settings to add a wide IP to the distributed
application.
6. Click the Finished button to save the distributed application.

TM
6 - 21
Removing wide IPs from distributed applications
You can remove a wide IP from a distributed application at any time. For
example, the role of a distributed application might change, resulting in one
of its associated wide IPs being unnecessary. Alternatively, you might
remove a wide IP from a distributed application, because it has been
replaced with a newer one. Removing a wide IP does not delete it from the
Global Traffic Manager; it remains available to the Global Traffic Manager
when load balancing connection requests.
To remove a wide IP from a distributed application
2. Click the name of the distributed application from which you want
to remove a wide IP.
The Manage Wide IPs screen opens.
5. Use the Member List settings to select the wide IP that you want to
6. Click the Finished button to save the distributed application.
Repeat this process for each wide IP that you want to add to the distributed
application.
Setting dependencies for distributed applications
When you create a distributed application on the Global Traffic Manager,
the system acquires information about the data centers, servers, and links
that make up the application, including the status of each of these
components. You have the option of setting the status of the distributed
application to be dependent upon the status of one of these types of
components. For example, when you configure the distributed application
for server dependency, and a specified server becomes unavailable, the
Global Traffic Manager considers the distributed application to be
unavailable as well.
The following examples illustrate how dependencies can affect the
availability of a given distributed application. These examples involve the
fictional company SiteRequest. This company has a distributed application
that consists of two wide IPs: www.siterequest.com and
downloads.siterequest.com. The company also has data centers in New
York, Paris, and Tokyo, each of which provides resources that the
Chapter 6
6 - 22
distributed application can access. In each example, a lightning storm
caused the New York data center to lose power. Although the emergency
power starts immediately, one of the virtual servers and one of the Internet
links used by the application are offline and thus unavailable.
Example 1: Data Center Dependency
If the application uses data center dependency, the Global Traffic
Manager considers the entire data center to be unavailable to the
application, even if other virtual servers for the application remain
available at the data center. Other connection requests, independent of
the application, can still be sent to the data center.
Example 2: Server Dependency
If the application uses server dependency, the Global Traffic Manager
treats the server hosting the virtual server to be unavailable to the
application, even if other virtual servers on that server are online. Other
connection requests, independent of the application, can still be sent to
the server.
Example 3: Link Dependency
If the application uses link dependency, the Global Traffic Manager
treats all resources for the application that use that link to be unavailable
to the application. Other connection requests, independent of the
application, can still be sent to these resources through other links.
Note
You do not have to set a dependency for a distributed application. If you do
not set a dependency, then the Global Traffic Manager considers the
application available as long as there is at least one resource to which it
can load balance a name resolution request.
To set a dependency for a distributed application
2. Click the name of the distributed application for which you want to
set a dependency.
4. From the Dependency Level list, select the physical component on
which you want the distributed application to depend.
Note: If the component you select becomes unavailable, the Global
Traffic Manager considers the distributed application to be
unavailable as well.
5. Click the Update button to save the changes to the application.

TM
6 - 23
Enabling and disabling distributed application traffic
Distributed applications often consist of many data centers, servers, and
links. You might find that you need to remove a given physical component
without interrupting access to the application. For example, you might want
to take a server down to update it, yet do not want its absence to affect the
application. To accommodate this and similar situations, the Global Traffic
Manager provides options so you can enable and disable distributed
application traffic for a specific physical component on the network.
Note
When you add a physical component to a distributed application, by default,
distributed application traffic is enabled for that component.
To disable distributed application traffic
2. Click the name of distributed application for which you want to
disable traffic.
The properties screen for that application opens.
3. On the menu bar, click Data Centers, Links, or Servers.
A screen listing the available physical components opens.
4. Check the box for each physical component for which you want to
disable application traffic.
5. Click Disable Distributed Application Traffic.
To enable distributed application traffic
enable traffic.
3. On the menu bar, click either Data Centers, Links, or Servers.
A screen listing the available physical components opens.
4. Check the box for each physical component for which you want to
enable application traffic.
5. Click Enable Distributed Application Traffic.
Chapter 6
6 - 24
Enabling persistent connections
Many distributed applications require that users access a single set of
resources until they complete their transaction. For example, customers
purchasing a product online might need to remain with the same data center
until they finish their order. In the context of the Global Traffic Manager,
this requirement is called persistence. Persistence is the state in which a user
of the system remains with the same set of resources until the customer
closes the connection.
When you enable persistence for a distributed application, and a local DNS
server makes repetitive requests on behalf of a client, the system reconnects
the client to the same resource to which it was connected for previous
requests. For persistence to work correctly for a distributed application, you
must also specify a dependency level. This is because a connection to the
distributed application persists to the dependency object you specify (that is,
the specified server, data center, or link), and not to a specific pool member.
To enable persistence for a distributed application
enable persistent connections.
The Members screen appears.
4. From the Dependency Level list, select the type of resource to
which you want connections to persist.
5. Click the Persistence box.
6. In the Persistence TTL box, type the number of seconds that you
want the system to maintain a connection between a local DNS and
a particular virtual server.
7. Click the Update button to save your changes to the application.
7
Load Balancing with the Global Traffic
Manager
Understanding load balancing on the Global Traffic
Manager
Using static load balancing modes
Using dynamic load balancing modes
Configuring load balancing
Using the fallback load balancing method
Employing additional load balancing options

TM
7 - 1
Understanding load balancing on the Global Traffic
Manager
When the Global Traffic Manager receives a name resolution request, the
system employs a load balancing mode to determine the best available
virtual server to which to send the request. Once the Global Traffic Manager
identifies the virtual server, it constructs a DNS answer and sends that
answer back to the requesting clients local DNS server. The DNS answer,
or resource record, can be either an A record that contains the IP address of
the virtual server, or a CNAME record that contains the canonical name for
a DNS zone.
Within the Global Traffic Manager, there are two categories of load
balancing modes from which to select: static and dynamic. A static load
balancing mode selects a virtual server based on a pre-defined pattern. A
dynamic load balancing mode selects a virtual server based on current
performance metrics.
The Global Traffic Manager provides a tiered load balancing system. A
tiered load balancing system is a load balancing system that occurs at more
than one point during the resolution process. The tiers within the Global
Traffic Manager are as follows:
Wide IP-level load balancing
A wide IP contains two or more pools. The Global Traffic Manager load
balances requests, first to a specific pool, and then to a specific virtual
server in the selected pool. If the preferred, alternate, and fallback load
balancing methods that are configured for the pool or virtual server fail,
then the requests fail, or the system falls back to DNS.
Pool-level load balancing
A pool contains one or more virtual servers. After the Global Traffic
Manager uses wide IP-level load balancing to select the best available
pool, it uses a pool-level load balancing to select a virtual server within
that pool. If the first virtual server within the pool is unavailable, the
Global Traffic Manager selects the next best virtual server based on the
load balancing mode assigned to that pool.
For each pool that you manage, the Global Traffic Manager supports three
types of load balancing methods: preferred, alternate, and fallback. The
preferred load balancing method is the load balancing mode that the system
attempts to use first. If the preferred method fails to provide a valid
resource, the system uses the alternate load balancing method. Should the
alternate load balancing method also fail to provide a valid resource, the
system uses the fallback method.
One of the key differences between the alternate methods and the other two
load balancing methods is that only static load balancing modes are
available from the alternate load balancing list. This limitation exists
because dynamic load balancing modes, by definition, rely on metrics
collected from different resources. If the preferred load balancing mode does
not return a valid resource, it is likely that the Global Traffic Manager was
Chapter 7
7 - 2
unable to acquire the proper metrics to perform the load balancing
operation. By limiting the alternate load balancing options to static methods
only, the Global Traffic Manager can better ensure that, should the preferred
method prove unsuccessful, the alternate method returns a valid result.
Note
You can select static or dynamic load balancing modes for the fallback load
balancing method.
Table 7.1 shows a list of the supported static load balancing modes. Table
7.2 shows a list of the supported dynamic load balancing modes. Both tables
indicate where you can use each mode in the Global Traffic Manager
configuration. The following sections in this chapter describe how each load
balancing mode works.
Load Balancing mode
Use for wide IP
load balancing
Use for preferred
method
Use for alternate
method
Use for fallback
method
Drop Packet X X X
Fallback IP X X X
Global Availability X X X X
None X X
Ratio X X X X
Return to DNS X X X
Round Robin X X X X
Static Persist X X X
Topology X X X X
Table 7.1 Static load balancing mode usage
Load Balancing mode
Use for wide IP
load balancing
Use for preferred
method
Use for alternate
method
Use for fallback
method
Completion Rate X X
CPU X X
Hops X X
Kilobytes/Second X X
Least Connections X X
Table 7.2 Dynamic load balancing mode usage

TM
7 - 3
Using static load balancing modes
Static load balancing modes distribute connections across the network
according to predefined patterns, and take server availability into account.
The Global Traffic Manager supports the following static load balancing
modes:
Drop Packet
Fallback IP
Global Availability
None
Ratio
Return to DNS
Round Robin
Static Persist
Topology
The None and Return to DNS load balancing modes are special modes that
you can use to skip load balancing under certain conditions. The other static
load balancing modes perform true load balancing as described in the
following sections.
Drop Packet mode
When you specify the Drop Packet load balancing mode, the Global Traffic
Manager does nothing with the packet, and simply drops the request.
Note
A typical Local DNS server iteratively queries other authoritative name
servers when it times out on a query.
Packet Rate X X X
Quality of Service X X
Round Trip Time X X
Virtual Server Score X X X
VS Capacity X X X
Load Balancing mode
Use for wide IP
load balancing
Use for preferred
method
Use for alternate
method
Use for fallback
method
Table 7.2 Dynamic load balancing mode usage
Chapter 7
7 - 4
F5 Networks recommends that you use the Drop Packet load balancing
mode only for the fallback method. The Global Traffic Manager uses the
fallback method when the preferred and alternate load balancing modes do
not provide at least one virtual server to return as an answer to a query.
Fallback IP mode
When you specify the Fallback IP load balancing mode, the Global Traffic
Manager returns the IP address that you specify as the fallback IP, as an
answer to the query. Note that you can specify both an IPv4 and an IPv6
address as the fallback IP address. The IP address that you specify is not
monitored for availability before being returned as an answer. When you use
the Fallback IP mode, you can specify a disaster recovery site to return when
no load balancing mode returns an available virtual server. F5 Networks
recommends that you use the Fallback IP load balancing mode only for the
fallback method. The Global Traffic Manager uses the fallback method
when the preferred and alternate load balancing modes do not provide at
least one virtual server to return as an answer to a query.
Global Availability mode
The Global Availability load balancing mode uses the virtual servers
included in the pool in the order in which they are listed. For each
connection request, this mode starts at the top of the list and sends the
connection to the first available virtual server in the list. Only when the
current virtual server is full or otherwise unavailable does Global
Availability mode move to the next virtual server in the list. Over time, the
first virtual server in the list receives the most connections and the last
virtual server in the list receives the least number of connections.
None mode
The None load balancing mode is a special mode you can use if you want to
skip the current load balancing method, or skip to the next pool in a multiple
pool configuration. For example, if you set an alternate method to None in a
pool, the Global Traffic Manager skips the alternate method and
immediately tries the load balancing mode specified as the fallback method.
If the fallback method is set to None, and you have multiple pools
configured, the Global Traffic Manager uses the next available pool.
Tip
If you do not want the Global Traffic Manager to return multiple addresses
that are potentially unavailable, F5 Networks recommends that you set the
alternate method to Drop Packet.

TM
7 - 5
You can also use the mode to limit each pool to a single load balancing
mode. For example, you can set the preferred method in each pool to the
desired load balancing mode, and then you can set both the alternate and
fallback methods to None in each pool. If the preferred method fails, the
None mode in both the alternate and fallback methods forces the Global
Traffic Manager to go to the next pool for a load balancing answer.
Ratio mode
The Ratio load balancing mode distributes connections among a pool of
virtual servers as a weighted round robin. Weighted round robin refers to a
load balancing pattern in which the Global Traffic Manager rotates
connection requests among several resources based on a priority level, or
weight, assigned to each resource. For example, you can configure the Ratio
mode to send twice as many connections to a fast, new server, and only half
as many connections to an older, slower server.
The Ratio load balancing mode requires that you define a ratio weight for
each virtual server in a pool, or for each pool if you are load balancing
requests among multiple pools. The default ratio weight for a server or a
pool is set to 1.
Return to DNS mode
The Return to DNS load balancing mode is another special mode that you
can use to immediately return connection requests to the Local DNS for
resolution. This mode is particularly useful if you want to temporarily
remove a pool from service, or if you want to limit a pool in a single pool
configuration to only one or two load balancing attempts.
Round Robin mode
The Round Robin load balancing mode distributes connections in a circular
and sequential pattern among the virtual servers in a pool. Over time, each
virtual server receives an equal number of connections.
Static Persist mode
The Static Persist load balancing mode uses the persist mask with the LDNS
source IP address in a deterministic algorithm to map to a specific pool
member in a pool. Unless the order or number of the pool members changes,
the LDNS address is always mapped to the same pool member. Note that the
pool and wide IP configurations must be the same on all Global Traffic
Manager systems.
Chapter 7
7 - 6
Topology mode
The Topology load balancing mode allows you to direct or restrict traffic
flow by adding topology records to a topology statement in the
configuration file. When you use the Topology load balancing mode, you
can develop proximity-based load balancing. For example, a client request
in a particular geographic region can be directed to a data center or server
within that same region. The Global Traffic Manager determines the
proximity of servers by comparing location information derived from the
DNS message to the topology records.
This load balancing mode requires you to do some advanced configuration
planning, such as gathering the information you need to define the topology
records. The Global Traffic Manager contains an IP classifier that accurately
maps local DNS servers, so when you create topology records, you can refer
to continents and countries, instead of IP subnets.
See Chapter 9, Load Balancing Connection Requests Using Topologies, for
detailed information about working with this and other topology features.
Using dynamic load balancing modes
Dynamic load balancing modes distribute connections to servers that show
the best current performance. The performance metrics taken into account
depend on the particular dynamic mode you are using.
All dynamic load balancing modes make load balancing decisions based on
the metrics collected by the big3d agents running in each data center. The
big3d agents collect the information at set intervals that you define when
you set the global timer variables. If you want to use the dynamic load
balancing modes, you must run one or more big3d agents in each of your
data centers, to collect the required metrics.
Types of dynamic load balancing modes
The Global Traffic Manager supports the following dynamic load balancing
modes:
Completion Rate
CPU
Hops
Kilobytes/Second
Least Connections
Packet Rate
Quality of Service (QoS)

TM
7 - 7
Round Trip Times (RTT)
Virtual Server Score
VS Capacity
Completion Rate mode
The Completion Rate load balancing mode selects the virtual server that
currently maintains the least number of dropped or timed-out packets during
a transaction between a data center and the client LDNS.
CPU mode
The CPU load balancing mode selects the virtual server that currently has
the most CPU processing time available to handle name resolution requests.
Hops mode
The Hops load balancing mode is based on the traceroute utility, and tracks
the number of intermediate system transitions (router hops) between a client
LDNS and each data center. Hops mode selects a virtual server in the data
center that has the fewest router hops from the Local DNS.
Kilobyte/Second mode
The Kilobytes/Second load balancing mode selects a virtual server that is
currently processing the fewest number of kilobytes per second. You can
use this mode only with servers for which the Global Traffic Manager can
collect the kilobytes per second metric. See Chapter 13, Collecting Metrics,
for details on the metrics the Global Traffic Manager collects.
Least Connections mode
The Least Connections load balancing mode is used for load balancing to
virtual servers managed by a load balancing server, such as a Local Traffic
Manager. The Least Connections mode selects the virtual server that
currently hosts the fewest connections.
Packet Rate mode
The Packet Rate load balancing mode selects a virtual server that is
currently processing the fewest number of packets per second.
Chapter 7
7 - 8
Quality of Service mode
The Quality of Service load balancing mode uses current performance
information to calculate an overall score for each virtual server, and then
distributes connections based on each virtual servers score. The
performance factors that the Global Traffic Manager takes into account
include:
Round Trip Time
Hops
Virtual Server Score
Packet Rate
Topology
Link Capacity
VS Capacity
Kilobytes/Second
Figure 7.1 illustrates the equation that Global Traffic Manager uses to
calculate the overall QoS score.
The Quality of Service load balancing mode is a customizable load
balancing mode. For simple configurations, you can easily use this load
balancing mode with its default settings. For more advanced configurations,
you can specify different weights for each performance factor in the
equation.
You can also configure the Quality of Service load balancing mode to use
the dynamic ratio feature. With the dynamic ratio feature turned on, the
Quality of Service mode becomes similar to the Ratio mode, where the
connections are distributed in proportion to ratio weights assigned to each
virtual server. The ratio weights are based on the QoS scores: the better the
score, the higher percentage of connections the virtual server receives.
For details about customizing the Quality of Service mode, see
Implementing the Quality of Service load balancing mode, on page 7-9.
QoS_RTT * (QoSFACTOR_RTT / rtt) * 10 +
QoS_HOPS * (QoSFACTOR_HOPS / hops) +
QoS_HIT_RATIO * (hit_ratio / QoSFACTOR_HIT_RATIO) +
QoS_PACKET_RATE * (QoSFACTOR_PACKET_RATE / packet_rate) * 100 +
QoS_BPS * (QoSFACTOR_BPS / bps ) +
QoS_TOPOLOGY * (topology/ QoSFACTOR_TOPOLOGY) +
QoS_VS_CAPACITY * vs_capacity_score +
QoS_VS_SCORE * vs_score + 10 *
QoS_LCS * lcs_score
Figure 7.1 Equation for calculating overall QoS score

TM
7 - 9
Round Trip Times mode
The Round Trip Times (RTT) load balancing mode selects the virtual server
with the fastest measured round trip time between a data center and a client
LDNS.
Virtual Server Score mode
The Virtual Server Score load balancing mode instructs the Global Traffic
Manager to assign connection requests to virtual servers based on a
user-defined ranking system. This load balancing mode is available only for
managing connections between virtual servers controlled by Local Traffic
Manager systems.
Unlike other settings that affect load balancing operations, you cannot
assign a virtual server score to a virtual server through the Global Traffic
Manager. Instead, you assign this setting through the Local Traffic Manager
that is responsible for the virtual server. For more information, see the F5
DevCentral web site: http://devcentral.f5.com.
VS Capacity mode
The VS Capacity load balancing mode creates a list of the virtual servers,
weighted by capacity, then picks one of the virtual servers from the list. The
virtual servers with the greatest capacity are picked most often, but over
time all virtual servers are returned. If more than one virtual server has the
same capacity, then the Global Traffic Manager load balances using the
Round Robin mode among those virtual servers.
Implementing the Quality of Service load balancing mode
The Quality of Service mode is a dynamic load balancing mode that
includes a configurable combination of the Round Trip Time (RTT),
Completion Rate, Packet Rate, Topology, Hops, Link Capacity, VS
Capacity, and Kilobytes/Second (KBPS) modes. The Quality of Service
mode is based on an equation that takes each of these performance factors
into account.
When the Global Traffic Manager selects a virtual server, it chooses the
server with the best overall score. In the event that one or more resources
has an identical score based on the Quality of Service criteria, the Global
Traffic Manager load balances connections between those resources using
the Round Robin methodology. If the system cannot determine a Quality of
Service score, it load balances connections across all pool members using
the Round Robin load balancing mode, as well.
The Quality of Service mode has default settings that make it easy to use.
There is no need to customize this mode; however, you can change the
equation to put more or less weight on each individual factor. The following
topics explain how to use and adjust the various settings of this mode.
Chapter 7
7 - 10
Understanding QoS coefficients
Table 7.3 lists each Quality of Service (QoS) coefficient, its scale, a likely
upper limit for each, and whether a higher or lower value is more efficient.
If you change the default QoS coefficients, keep the following issues in
mind.
Scale
The raw metrics for each coefficient are not on the same scale. For
example, completion rate is measured in percentages, while the packet
rate is measured in packets per second.
Normalization
The Global Traffic Manager normalizes the raw metrics to values in the
range of 0 to10. As the QoS value is calculated, a high measurement for
completion rate is good, because a high percentage of completed
connections are being made, but a high value for packet rate is not
desirable because the packet rate load balancing mode attempts to find a
virtual server that is not overly taxed at the moment.
Emphasis
You can adjust coefficients to emphasize one normalized metric over
another. For example, consider the following QoS configuration:
Coefficient How measured Default value
Example
upper limit
Higher or
lower?
Completion rate Percentage of successfully
transferred packets (0-100%)
5 100% Higher
Hops Number of intermediate systems
transitions (hops)
0 64 Lower
Kilobytes/second Kilobytes per second throughput 3 15000 Lower
Link Capacity Based on the target dynamic ratio 30 2,000,000 Higher
Packet rate Packets per second 1 700 Lower
Round trip time Microseconds 50 2,000,000 Lower
Topology Score that defines network
proximity by comparing server and
LDNS IP addresses (0-2
32
)
0 100 Higher
Virtual Server Score User-defined ranking of virtual
servers
0 100 Higher
VS Capacity Number of nodes up 0 20 Higher
Table 7.3 QoS coefficients: Default values, ranges, and limits

TM
7 - 11
Round Trip Time: 50
Hops: 0
Topology: 0
Completion Rate: 5
Packet Rate: 10
VS Capacity: 0
Bits/second: 35
Link Capacity: 30
Virtual Server Score: 10
In this configuration, if the completion rates for two virtual servers are
close, the system chooses the virtual server with the best packet rate. If both
the completion rates and the packet rates are close, the round trip time
(RTT) breaks the tie. In this example, the metrics for Topology, Hops, Link
Capacity, VS Capacity, and Kilobytes/Second modes are not used in
determining how to distribute connections.
Note
You cannot set a value for both the Round Trip Time and Hops settings
simultaneously. In situations where the Global Traffic Manager has a value
for both settings, the round trip time is incorporated, while the value for the
Hops setting is reset to 0.
Chapter 7
7 - 12
Customizing the QoS equation
You can establish your own custom settings for the Quality of Service load
balancing method; however, you can customize the Quality of Service
equation only at the pool level.
To customize the QoS equation
click Pools.
2. Click the name of the pool for which you want to modify the QoS
equation.
The properties screen for that pool opens.
The members screen opens.
4. From either the Preferred or Fallback list, select Quality of
Service.
5. Define the global QoS coefficients in the appropriate fields.
Using the Dynamic Ratio option
The dynamic load balancing modes also support the Dynamic Ratio option.
When you activate this option, the Global Traffic Manager treats dynamic
load balancing values as ratios, and it uses each server in proportion to the
ratio determined by this option. When the Dynamic Ratio option is
disabled, the Global Traffic Manager uses only the server with the best
result based on the dynamic load balancing mode you implemented (in
which case it is a winner-takes-all situation), until the metrics information is
refreshed.
Note
By default, the Dynamic Ratio setting is disabled (cleared).
To illustrate how the Dynamic Ratio setting works, consider a pool,
primaryOne, that contains several pool members. This pool is configured
so that the Global Traffic Manager load balances name resolution requests
based on the Round Trip Time load balancing mode. The primaryOne pool
contains two pool members: memberOne and memberTwo. For this
example, the Global Traffic Manager determines that the round trip time for
memberOne is 50 microseconds, while the round trip time for
memberTwo is 100 microseconds.
If the primaryOne pool has the Dynamic Ratio setting disabled (the
default setting), the Global Traffic Manager always load balances to the
pool with the best value. In this case, this results in requests going to
memberOne, because it has the lowest round trip time value.

TM
7 - 13
If the primaryOne pool has the Dynamic Ratio setting enabled, however,
the Global Traffic Manager treats the round trip time values as ratios and
divide requests among pool members based on these ratios. In this case, this
results in memberOne getting twice as many connections as memberTwo,
because the round trip time for memberOne is twice as fast as the round trip
time for memberTwo. Note that, with the Dynamic Ratio option enabled,
both pool members are employed to handle connections, while if the option
is disabled, only one pool member receives connections.
To enable the Dynamic Ratio option for a pool
click Pools.
2. Click the name of the pool for which you want to enable the
Dynamic Ratio option.
The properties screen for the pool opens.
4. Check the Dynamic Ratio box.
Chapter 7
7 - 14
Configuring load balancing
You configure load balancing at the wide IP and pool levels:
Wide IP
When you define a wide IP, and you have multiple pools in your wide IP,
you specify which load balancing mode to use in selecting a pool in the
wide IP. To configure load balancing for a wide IP, see Configuring load
balancing methods for wide IPs, following.
Pool
After the Global Traffic Manager selects a pool of virtual servers, it then
employs the settings you specified as the preferred, alternate, and
fallback load balancing methods to select a virtual server within the
selected pool. To configure load balancing for a pool, see Configuring
load balancing methods for pools, on page 7-15.
There may be situations (for example, e-commerce, and other sites with
multiple services) where you need to configure a wide IP so that
connections are not sent to a given address unless multiple ports or services
are available. You configure this behavior after you define the wide IP. For
details, see Employing additional load balancing options, on page 7-17.
Configuring load balancing methods for wide IPs
The Global Traffic Manager supports a wide variety of load balancing
methods for distributing network connection requests across the pools in a
wide IP. For information on these load balancing methods, see
Understanding load balancing on the Global Traffic Manager, on page 7-1.
To configure load balancing methods for a wide IP
click Wide IPs.
2. Click the name of the wide IP for which you want to configure a
load balancing method.
The properties screen for the wide IP opens.
4. Select the appropriate load balancing options.
For additional information on these load balancing options, see the
online help.
Repeat this process for each wide IP as needed.

TM
7 - 15
Configuring load balancing methods for pools
The Global Traffic Manager supports a wide variety of load balancing
methods for distributing network connection requests across the virtual
servers in a pool. For information on these load balancing modes, see
Understanding load balancing on the Global Traffic Manager, on page 7-1.
For each pool that you manage, the Global Traffic Manager supports three
types of load balancing methods: preferred, alternate, and fallback. The
preferred load balancing method is the load balancing method that the
system attempts to use first. If the preferred method fails to provide a valid
resource, the system uses the alternate load balancing method. Should the
alternate load balancing method also fail to provide a valid resource, the
system uses the fallback method.
To configure load balancing methods for a pool
click Pools.
2. Click the name of the pool for which you want to configure load
balancing methods.
The properties screen for that pool opens.
The members screen opens displaying a list of the virtual servers
4. Select the appropriate load balancing options.
For additional information on these load balancing options, see the
online help.
5. Click the Update button to save your changes to the pool.
Repeat this process for each pool as needed.
Chapter 7
7 - 16
Using the fallback load balancing method
The Global Traffic Manager supports three types of load balancing methods
at the pool level: preferred, alternate, and fallback. The preferred load
balancing method is the load balancing method that the system attempts to
use first. If the preferred method fails to provide a valid resource, the system
uses the alternate load balancing method. Should the alternate load
balancing method also fail to provide a valid resource, the system uses the
fallback method.
The fallback load balancing method is unique among the three load
balancing method that you can apply to a pool. Unlike the preferred and
alternate methods, the fallback method ignores the availability status of a
resource. This occurs to ensure that the Global Traffic Manager returns a
response to the DNS request. For more information on the determining
resource health and availability, see Chapter 8, Managing Connections.
Note
If you do not want the Global Traffic Manager to return an address that is
potentially unavailable, F5 Networks recommends that you set the alternate
load balancing method to Drop Packet.
The Global Traffic Manager contains several options that help you control
how the system responds when using a fallback load balancing setting.
These options allow you to:
Configure the fallback load balancing method
Configure the fallback IP load balancing mode
Configuring the fallback load balancing method
When you assign a load balancing mode to the fallback load balancing
method for a pool, the Global Traffic Manager uses the mode differently
than for the preferred and alternate methods. With the fallback load
balancing method, the Global Traffic Manager load balances the name
resolution request after verifying that the virtual server address returned is
up or down. However, unlike with other load balancing methods, you can
opt to use the fallback load balancing method to resolve a name resolution
request without verifying the status of the virtual server.
Note
By default, the Respect Fallback Dependency option is disabled. When you
enable it, the system verifies that the virtual server is available for using it
for fallback load balancing.

TM
7 - 17
To use the fallback load balancing method without verifying
virtual server availability
Configuration.
2. From the Global Traffic menu, choose Load Balancing.
The load balancing properties screen opens.
3. Verify that the Respect Fallback Dependency box is clear.
Employing additional load balancing options
The Global Traffic Manager supports additional options that affect how the
system load balances name resolution requests. These options are:
Ignore path TTL
Verify virtual server availability
The Ignore Path TTL option instructs the Global Traffic Manager to use
path information gathered during metrics collection even if the time-to-live
value for that information has expired. This option is often used when you
want the system to continue using a dynamic load balancing mode even if
some metrics data is temporarily unavailable, and you want the Global
Traffic Manager to use old metric data rather than employ an alternate load
balancing method. This option is disabled by default.
The Verify Virtual Server Availability option instructs the Global Traffic
Manager to verify that a virtual server is available before returning it as a
response to a name solution request. If this option is disabled, the system
responds to a name resolution request with the virtual servers IP address
regardless of whether the server is up or down. This option is rarely
deactivated outside of a test or staging environment, and is enabled by
default.
To access the Ignore Path TTL and Verify Virtual Server
Availability options
Configuration.
3. Enable or disable the Ignore Path TTL and Verify Virtual Server
Availability options as needed.
Chapter 7
7 - 18
8
Introducing connection management
Determining resource health
Determining resource availability
Resuming connections to resources
Establishing persistent connections
Setting the last resort pool

TM
8 - 1
Introducing connection management
When you integrate a Global Traffic Manager into your network, one of
its primary responsibilities is to load balance incoming connection requests
to the virtual server resource that best fits the configuration parameters you
defined. However, load balancing is only one part of managing connections
to your network resources. Additional issues that you must consider include:
Resource health
Resource health refers to the ability of a given resource to handle
incoming connection requests. For example, the Configuration utility
uses a green circle to identify a resource, such as a wide IP, that has
available pools and virtual servers, while a pool that is down appears as a
red diamond. These visual clues can help you identify connection issues
quickly and efficiently.
Resource availability
Resource availability refers to the settings within the Configuration
utility that you use to control when a resource is available for connection
request. For example, you can establish limit settings, which instruct the
Global Traffic Manager to consider a resource as unavailable when a
statistical threshold (such as CPU usage) is reached.
Restoring availability
When a resource goes offline, the Global Traffic Manager immediately
sends incoming connection requests to the next applicable resource.
When you bring that resource online again, you can control how to
restore its availability to the Global Traffic Manager, ensuring that
connections are sent to the resource only when it is fully ready to receive
them.
Persisting connections
Certain interactions with your network require that a given user access
the same virtual server resource until their connection is completed. An
example of this situation is an online store, in which you want the user to
access the same virtual server for their shopping cart until they place
their order. With the Global Traffic Manager, you can configure your
load balancing operations to take persistent connections into account.
Selecting a last resort pool
The Global Traffic Manager includes the ability to create a last resort
pool. A last resort pool is a collection of virtual servers that are not used
during normal load balancing operations. Instead, these virtual servers
are held in reserve unless all other pools for a given wide IP become
unavailable.
In addition, it is important to understand what happens when the Global
Traffic Manager cannot find an available resource with which to respond to
a connection request. You can find more information on this topic in
Determining resource health, following.
Chapter 8
8 - 2
Determining resource health
In the Global Traffic Manager, resource health refers to the ability of a
given resource to handle incoming connection requests. The Global Traffic
Manager determines this health through the use of limit settings, monitors,
and dependencies on other network resources.
The health of a resource is indicated by a status code in the Configuration
utility. A status code is a visual representation of the availability of a given
resource. The Global Traffic Manager displays these status codes in the
main screens for a given resource. The types of status codes available for a
resource are:
Blue
A blue status code indicates that the resource has not been checked. This
status often appears when you first add a resource into the Configuration
utility.
Green
A green status code indicates that the resource is available and
operational. The Global Traffic Manager uses this resource to manage
traffic as appropriate.
Red
A red status code indicates that the resource did not respond as expected
to a monitor. The Global Traffic Manager uses this resource only when
two conditions are met:
The Global Traffic Manager is using the load balancing mode
specified in the Fallback load balancing setting.
The Fallback load balancing setting for the pool is not None.
Yellow
A yellow status code indicates that the resource is operational, but has
exceeded one of its established bandwidth thresholds. The Global Traffic
Manager uses a resource that has a yellow status code only if no other
resource is available.
Black
A black status code indicates that the resource has been manually
disabled and is no longer available for load balancing operations.
As the preceding list illustrates, the health of a resource does not necessarily
impact the availability of that resource. For example, the Global Traffic
Manager can select a virtual server that has a red status code.
To view the resource health of a given resource
1. On the Main tab of the navigation pane, expand Global Traffic
Manager.
2. Click the resource type that you want to view, such as Wide IPs.
The main screen for the resource opens displaying a list of the
resources of that type currently managed through the Global Traffic
Manager, including the latest status code for each resource.

TM
8 - 3
Determining resource availability
To load balance effectively, the Global Traffic Manager must determine
whether the appropriate resources are available. In the context of the
Global Traffic Manager, availability means that the resource meets one or
more sets of pre-defined requirements. These requirements can be a set of
statistical thresholds, a dependency on another resource, or set of values
returned by a monitoring agent. If a resource fails to meet one or more of
these requirements, the Global Traffic Manager considers it unavailable
and attempts to select the next resource based on the load balancing
methodology you defined.
The Global Traffic Manager includes three methods of determining resource
availability:
Limit settings
Monitor availability requirements
Virtual server dependencies
The following sections describe each of these methods and how you can
configure them within the Global Traffic Manager.
Establishing limit settings
One of the methods for determining the availability of a resource is to
establish limit settings. A limit setting is a threshold for a particular statistic
associated with a system.
The Global Traffic Manager supports the following limit settings:
Kilobytes
Packets
Total Connections
For BIG-IP systems, the Global Traffic Manager also supports a
Connections limit setting.
For hosts, the Global Traffic Manager also supports CPU and Memory limit
settings.
To establish limit settings for a BIG-IP system
click Servers.
2. Click the name of the server that you want to configure.
The properties screen for the server appears.
Chapter 8
8 - 4
4. For each limit setting you want to configure, select Enabled from
the corresponding list.
The screen refreshes to show a box in which you can type a value
for the limit setting.
5. Type the value for each limit setting in the corresponding box.
Using monitors to determine availability
Another method for determining the availability of a given resource is
through the use of monitors. A monitor is a software utility that specializes
in a specific metric of a Global Traffic Manager resource. You can
customize monitors to be as specific or as general as needed.
To illustrate the use of monitors to determine the availability of a resource,
consider the fictional company SiteRequest. One of the servers at
SiteRequests Paris data center, serverWeb1, contains the main web site
content for the wide IP, www.siterequest.com. To ensure that this server is
available, SiteRequest configures an HTTP monitor within the Global
Traffic Manager and assigns it to serverWeb1. This monitor periodically
accesses the server to verify that the main index.html page is available. If
the monitor cannot access the page, it notifies the Global Traffic Manager,
which then considers the server unavailable until the monitor is successful.
Monitors provide a robust, customizable means of determining the
availability of a given resource with the Global Traffic Manager. The
following procedure describes how to control the impact that a set of
monitors has on the availability of a resource.
For more detailed information on the types of monitors available to the
Global Traffic Manager and how to configure them, see Chapter 11,
Configuring Monitors.
To control how monitors determine the availability of a
virtual server
click Servers.
2. Click the name of the server that contains the virtual server you
want to configure.
The virtual server screen opens.
4. Click the name of the virtual server that you want to configure.
The properties screen for the virtual server appears.

TM
8 - 5
6. Determine the availability requirements for the virtual server:
If you want the Global Traffic Manager to consider the virtual
server only if all monitors assigned to the virtual server are
successful, select All Health Monitors from the Availability
Requirements list.
server as available only if some monitors assigned to it are
successful, select At Least from the Availability Requirements
list. When you select At Least, a box appears where you can type
the number of monitors that must be successful for the virtual
server to be available.
You can also assign monitors to a specific server. In most cases, when you
assign a monitor to a server, that monitor checks all virtual servers
associated with that server.
An exception to this guideline is the SNMP monitor. If you assign an SNMP
monitor to a Cisco
, Alteon
, Extreme Networks
, Foundry
, or Radware
server, that monitor obtains information on the virtual servers associated
with that server. If you assign the SNMP monitor to any other server type,
that monitor obtains data on the server itself.
Note
For more information on the SNMP monitor, see Chapter 11, Configuring
Monitors.
In cases where you assign a monitor to a virtual server both directly and to
its parent server, the availability information acquired from the monitor
directly assigned to the virtual server takes precedence over any other data.
To assign a monitor to check virtual servers associated with
a server
click Servers.
2. Click the name of the server that you want to configure.
Chapter 8
8 - 6
4. Determine the availability requirements for the virtual servers:
If you want the Global Traffic Manager to consider a virtual
server only if all monitors assigned to the virtual server are
successful, select All Health Monitors from the Availability
Requirements list.
server as available only if some monitors assigned to it are
successful, select At Least from the Availability Requirements
list. When you select At Least, a box appears where you can type
the number of monitors that must be successful for the virtual
server to be available.
To control how monitors determine the availability of a
pool
click Pools.
2. Click the name of the pool that you want to configure.
The properties screen for the pool appears.
4. Determine the availability requirements for the pool:
If you want the Global Traffic Manager to consider the pool only
if all monitors assigned to the pool are successful, select All
Health Monitors from the Availability Requirements list.
If you want the Global Traffic Manager to consider the pool as
available only if some monitors assigned to it are successful,
select At Least from the Availability Requirements list. When
you select At Least, a box appears where you can type the
number of monitors that must be successful for the pool to be
available.
To control how monitors determine the availability of a link
click Links.
2. Click the name of the link that you want to configure.
The properties screen for the link appears.

TM
8 - 7
4. Determine the availability requirements for the link:
If you want the Global Traffic Manager to consider the link only
if all monitors assigned to the link are successful, select All
Health Monitors from the Availability Requirements list.
If you want the Global Traffic Manager to consider the link as
available only if some monitors assigned to it are successful,
select At Least from the Availability Requirements list. When
you select At Least, a box appears where you can type the
number of monitors that must be successful for the link to be
available.
Managing dependencies for virtual servers
Within the Global Traffic Manager, you can configure a virtual server to be
dependent on one or more virtual servers. In such a configuration, the virtual
server is available only if all of the resources in its Dependency List are
available as well.
For an example of virtual server dependencies, consider the fictional
company SiteRequest. One of the servers, serverMain, at the Tokyo data
center has two virtual servers: vsContact, which points to the contacts page
of SiteRequests web site, and vsMail, which points to their mail system.
The vsContact virtual server has vsMail added in its Dependency List. As
a result, the Global Traffic Manager considers the vsContact virtual server
available only if the vsMail virtual server is also available.
Setting virtual server dependencies
You can set dependencies for a virtual server at any time.
To set the dependency of a virtual server
click Servers.
want to configure.
Chapter 8
8 - 8
6. In the Dependency List area, select a virtual server from the Virtual
Servers list, and then click Add.
The virtual server appears in the list.
7. Add additional virtual servers as needed.
Removing virtual server dependencies
You can remove a virtual server from another virtual servers Dependency
List at any time.
To remove a virtual server from a Dependency List
click Servers.
want to configure.
The properties screen for the server opens.
The properties screen for the virtual server opens.
6. In the Dependency List area, select a virtual server from the
Virtual Servers list, and then click Remove.
7. Remove additional virtual servers as needed.

TM
8 - 9
Organizing virtual server dependencies
When you configure the Dependency List option for a virtual server, the
Global Traffic Manager checks each virtual server in the order in which you
added it to the Configuration utility. You can change this order at any time.
To organize virtual server dependencies
click Servers.
want to configure.
6. In the Dependency List option, use the buttons provided to move
the listed virtual servers up or down in the list.
Chapter 8
8 - 10
Resuming connections to resources
When a network resource, such as a virtual server, goes offline, the Global
Traffic Manager considers that resource to be unavailable and proceeds to
send name resolution requests to other resources based on the configured
load balancing mode. By default, the Global Traffic Manager resumes
sending requests to an offline resource as soon as that the resource becomes
available again, provided that the resource meets the appropriate load
balancing requirements.
Under certain circumstances, you might not want the Global Traffic
Manager to resume connections to a resource immediately. For example, a
server for the fictional company, SiteRequest, goes offline. The Global
Traffic Manager detects that the virtual servers associated with this server
are unavailable, and proceeds to send name resolution requests to other
virtual servers as appropriate. When the server is online again, it must still
run several synchronization processes before it is fully ready to handle name
resolution requests. However, the Global Traffic Manager might detect that
the server is available before these processes are complete, and send
requests to the server before that server can handle them.
To avoid this possibility, you can configure pools to use the manual resume
feature. The manual resume feature ensures that the Global Traffic
Manager does not load balance requests to a virtual server within a pool
until you manually re-enable it.
To activate the manual resume feature
click Pools.
2. Click the name of the pool.
The properties screen of the pool opens.
4. Check Manual Resume.

TM
8 - 11
Establishing persistent connections
Most load balancing modes divide name resolution requests among
available pools or virtual servers. Each time the Global Traffic Manager
receives a request, it sends that request to the most appropriate resource
based on the configuration of your network. For example, when a user visits
a web site, it results in multiple name resolution requests as that user moves
from page to page. Depending on the load balancing mode selected, the
system sends each request to a completely different server, virtual server, or
data center.
In certain circumstances, you might want to ensure that a user remains with
a given set of resources throughout the session. For example, a user
attempting to conduct a transaction through an online bank needs to remain
with the same set of resources to ensure the transaction is completed
successfully.
To ensure that users stay with a specific set of resources, the Global Traffic
Manager includes a persistence option. The persistence option instructs the
system to send a user to the same set of resources until a specified period of
time has elapsed.
To establish persistent connections to a wide IP
click Wide IPs.
The main wide IP screen opens.
2. Click the name of the wide IP.
The Properties screen for the wide IP opens.
The Pools List screen opens.
4. From the Persistence list, select Enabled.
A new option, Persistent TTL, appears in which you can state how
long a connection should persist to the same resources.
5. In the Persistent TTL box, type the time-to-live value, in seconds.
Chapter 8
8 - 12
Draining persistent requests
If you elect to use persistent connections with a load balancing mode, you
must decide how to handle connection requests when you need to take a
specific pool of virtual servers offline. By default, the Global Traffic
Manager immediately sends connection requests to other pools when you
take that pool offline, even if persistent connections are enabled. In some
situations, this behavior might not be desirable. For example, consider an
online store. You might need to take a pool of virtual servers for this store
offline; however, you do not want to interrupt shoppers currently purchasing
any products. In this situation, you want to drain persistent requests.
Draining requests refers to allowing existing sessions to continue accessing
a specific set of resources while disallowing new connections. In the Global
Traffic Manager, you configure this capability through the Drain Persistent
Requests option. This option applies only when you manually disable the
pool. It does not apply when the pool goes offline for any other reason.
To drain persistent requests
Configuration.
The General Global Properties screen opens.
3. Check Drain Persistent Requests.

TM
8 - 13
Setting the last resort pool
When the Global Traffic Manager load balances name resolution requests, it
considers any pool associated with a given wide IP as a potential resource.
You can, however, modify this behavior by creating a last resort pool. A last
resort pool is a pool of virtual servers to which the system sends connection
requests in the event that all other pools are unavailable.
It is important to remember that any pool you assign as the last resort pool is
not a part of the normal load balancing operations of the Global Traffic
Manager. Instead, this pool is kept in reserve. The system uses the resources
included in this pool only if no other resources are available to handle the
name resolution request.
To set the last resort pool
click Wide IPs.
The main wide IP screen opens.
2. Click the name of the Wide IP for which you want to set the last
resort pool.
The properties screen for the Wide IP opens.
4. From the Last Resort Pool list, select a pool to be used as the last
resort pool.
Chapter 8
8 - 14
9
Load Balancing Connection Requests Using
Topologies
Overview of topologies
Configuring the Global Traffic Manager to route
connection requests to the closest data center
Implementing topologies
Reloading default geolocation data
Removing topology records
Disabling the Longest Match option

TM
9 - 1
Overview of topologies
You can configure the BIG-IP
Global Traffic Manager to load balance

incoming connection requests to a resource based on the physical proximity
of the resource to the client making the request. You can also configure the
system to deliver region specific content such as news and weather to a
client making a request from a specific location.
This can be accomplished by configuring the Global Traffic Manager to
perform Topology load balancing. The Topology load balancing mode
helps ensure that connection requests are answered and managed in the
fastest possible time.
Understanding topology records
A topology record is a set of characteristics that maps the origin of a
connection request to a specific destination. You create topology records in
the Global Traffic Manager that instruct the system where to route
connection requests when Topology load balancing is enabled.
Figure 9.1 shows the Topology record creation screen in the Configuration
utility.
Figure 9.1 Topology Record Builder
Each topology record contains the following elements:
A request source statement that defines the origin of a connection
request.
A destination statement that defines the resource to which the Global
Traffic Manager directs the connection request.
A weight (topology score) that the system assigns to a server object
during the load balancing process.
By default, each time the system configuration is loaded, the Global Traffic
Manager automatically sorts the topology records into an ordered list based
on the topology longest match sorting algorithm. Before you create topology
records, it is essential that you understand how the system sorts the topology
record list, and then uses the ordered list to load balance connection
requests.
Chapter 9
9 - 2
Understanding how the system sorts topology records
By default, the Global Traffic Manager automatically sorts topology records
using the longest match sorting algorithm. The system sorts the records in
the following manner:
First by the request source statement (LDNS or right-side of the record).
If the LDNS match priority is the same in multiple topology records, the
system sorts these records by the server match priority (server object or
left-side of the record).
The system sorts both the LDNS and server objects using the following
priority from highest to lowest:
Important
The topology records list in the Configuration utility are not displayed in a
sorted list.
Topology priority (highest to lowest)
IP subnet in CIDR format (most specific IP subnet placed at top of list)
For example, the following IP subnets are ordered as follows:
10.15.1.0/24
10.15.0.0/16
10.0.0.0/8
Data Center
Pool
Region (customized collection of topologies)
ISP
State
Country
Continent
Server negation (record excludes server object)
LDNS negation (record excludes LDNS)
Wildcard records (least specific record placed at bottom of list)
Table 9.1 Topologies ordered by priority

TM
9 - 3
Understanding how the system load balances connection requests based on
topology longest match
When Topology load balancing is enabled, by default the Global Traffic
Manager load balances connection requests using the longest match sorting
algorithm. When a connection request comes into the system the load
balancing decision is based on the following process:
For each server object that the Global Traffic Manager load balances
connection requests to, the system iterates through an ordered list of
topology records from first to last and assigns a weight to every server
object.
The system locates the first topology record that most specifically
matches both the LDNS and the server object and assigns the
topology score in the record to the server object.
If the iteration through the list does not find a topology record that
matches both the LDNS and the server object, then that server object
is assigned a zero score.
The Global Traffic Manager routes the connection request to the server
object with the highest score.
When server objects have equal scores, the Global Traffic Manager
distributes connection requests among those server objects in a round
robin fashion.
To understand the default behavior when Topology load balancing is
configured, consider the following scenario. The company Site Request has
internal and external customers. The IT department wants to route all
connection requests from internal customers on the 10.15.0.0/16 IP subnet
to the internal_customer_pool, and all connection requests from external
customers on the 10.0.0.0/8 IP subnet to the external_customer_pool.
To do this the system administrator creates two topology records as shown
in Figure 9.2. Note that the weights of the topology records are different.
This instructs the Global Traffic Man aa ger to route the connection requests
correctly.
Figure 9.2 Example topology records
Chapter 9
9 - 4
When a connection request arrives from a source with an IP address of
10.15.65.8, the Global Traffic Manager assigns a weight of 200 to the
internal_customer_pool and a weight of 100 to the
external_customer_pool. This is because the LDNS 10.15.65.8 matches
both request sources 10.15.0.0/16 and 10.0.0.0/8. However, the system load
balances the request to the internal_customer_pool, because the weight
assigned to that server object is higher.
Understanding user-defined regions
To further refine the Topology load balancing capabilities of the Global
Traffic Manager, you can create regions. A region is a customized
collection of topologies that defines a specific geographical location that has
meaning for your network. For example, you can create a custom region
called Scandinavia that includes Denmark, Iceland, Finland, Norway, and
Sweden. After you create a region, you can create a topology record based
on that region.
The Global Traffic Manager is much more efficient when using the region
topology for load balancing, because when setting load balancing scores for
server objects the system iterates through the topology records in order from
first to last. Table 9.1 shows how the use of topology regions improves the
load balancing performance of the Global Traffic Manager.
The system tests region membership for CIDR-based region members using
a (log N) route lookup-based method; for topology record matches, the
system uses a linear (N squared) search-based method.
Faster Load Balancing
Configuration
Slower Load Balancing
Configuration
2 data centers
1000 pool members in each data
center
2 regions with 5000 CIDR entries each
2 topology records:
1 entry routes all requests from region1
to data center1
1 entry routes all requests from region2
to data center2
2 data centers
1000 pool members in each data
center
10,000 topology records:
5000 CIDR topology records route
requests to data center1
5000 CIDR topology records route
requests to data center2
Table 9.2 Comparing configurations with and without using regions

TM
9 - 5
Configuring the Global Traffic Manager to route
connection requests to the closest data center
You can configure the Global Traffic Manager to route connection requests
to the closest data center using the Topology load balancing mode across
pools at the wide IP level and across virtual servers (pool members) at the
pool level.
Configuring Topology load balancing at the wide IP level
When you configure the Global Traffic Manager for Topology load
balancing at the wide IP level, the system load balances connection requests
to the pools that are associated with the wide IP. This configuration allows
you to route connection requests to the data center that is closest to the
requestor, and then to use another load balancing mode to route these
connections among the resources in that data center.
Important
Important: To use Topology load balancing at the wide IP level to route
connections to a specific data center, you must create pools that have all of
their members in the same data center.
Figure 9.3 shows siterequest.net configured for Topology load balancing at
the wide IP level. All connection requests from a local domain name server
(LDNS) in South America with an IP address of 10.0.0.1 are directed to
Pool2 in SouthAmericaDC. All connection requests from an LDNS in
North America with an IP address of 11.0.0.1 are directed to Pool1 in
NorthAmericaDC. In this example, the Global Traffic Manager selects a
pool to which to direct a connection based on topology records that match
an LDNS (request source) to a pool (destination). How the system
distributes the connections to the members is based on the load balancing
mode that you set for each pool.
Figure 9.3 Example of topology load balancing at the wide IP level
Chapter 9
9 - 6
Figure 9.4 shows the topology records that the Site Request administrator
created. Based on these records, when a connection request comes in from
the LDNS with an IP address of 10.0.0.1, the Global Traffic Manager
assigns a weight of 100 to Pool2 and routes the request to Pool2. When a
connection request comes in from the LDNS with an IP address of 11.0.0.1,
the Global Traffic Manager assigns a weight of 100 to Pool1 and routes the
request to Pool1.
Figure 9.4 Example of topology records for load balancing at the wide IP
level

TM
9 - 7
Configuring Topology load balancing at the pool level
balancing at the pool level, the system load balances connection requests to
the members of a pool. This configuration allows you to set the weight of
pool members in different data centers at different levels, and instruct the
system to direct traffic to the pool members in a specific data center.
the pool level with all connection requests being directed from an LDNS
with an IP address of 10.0.0.1 to pool members that are located in
SouthAmericaDC, and all connection requests being directed from an
LDNS with an IP address of 10.1.0.1 to pool members that are located in
NorthAmericaDC. In this example, the Global Traffic Manager selects a
pool member to which to direct a request based on topology records that
match a specific LDNS (request source) to a specific virtual server
(destination).
Figure 9.5 Example of topology load balancing at the pool level
Chapter 9
9 - 8
the LDNS with an IP address of 10.0.0.1, the Global Traffic Manager
assigns a weight of 100 to SouthAmericaDC and routes the request to
SouthAmericaDC. When a connection request comes in from the LDNS
with an IP address of 10.1.0.1, the Global Traffic Manager assigns a weight
of 100 to NorthAmericaDC and routes the request to NorthAmericaDC.
Figure 9.6 Example of topology records for load balancing at the pool level
Configuring Topology load balancing at both the wide IP and pool
levels
balancing at both the wide IP and pool levels, the system first load balances
the requests to a pool assigned to the wide IP and then to a member of the
pool.
both the wide IP and pool levels with connection requests being directed
from an LDNS in Buenos Aires to the SpanishPool in SouthAmericaDC.
In this example, the Global Traffic Manager selects a pool to which to direct
a connection based on topology records that match an LDNS (request
source) to a pool (destination). How the system distributes the connections
to the members of SpanishPool is based on topology records that match a
specific LDNS (request source) to a specific virtual server (destination).

TM
9 - 9
Figure 9.7 Example of topology load balancing at the wide IP and pool
levels
an LDNS in Buenos Aires, the Global Traffic Manager assigns a weight of
100 to SpanishPool and SouthAmericaDC. The system routes the request
to the SpanishPool pool members that are in SouthAmericaDC.
Figure 9.8 Example of topology records for load balancing at both the wide
IP and pool levels
Chapter 9
9 - 10
Implementing topologies
To implement Topology load balancing, complete these tasks:
Download and install updates to the IP geolocation data.
Create topology records for the Global Traffic Manager to use for
handling connection requests.
Configure the Topology load balancing mode at the wide IP level, pool
level, or both.
Downloading and installing updates to the IP geolocation data
The Global Traffic Manager uses an IP geolocation database to determine
the origin of connection requests. The database that comes with the Global
Traffic Manager provides geolocation data for IPv6 addresses at the
continent and country levels. It also provides geolocation data for IPv4
addresses at the continent, country, state, ISP, and organization levels. The
state-level data is worldwide, and thus includes designations in other
countries that correspond to the U.S. state-level in the geolocation hierarchy,
such as, provinces in Canada. You can download a monthly update to the IP
geolocation database from F5 Networks.
If you require geolocation data at the city-level, contact your F5 Networks
sales representative to purchase additional database files.
Note
You can access the ISP and organization-level geolocation data for IPv4
addresses only using the iRules
whereis command.
To download and install an update to the IP geolocation
database
1. Log in to the F5 Networks customer web site at
https://downloads.f5.com, and click Find a Download.
2. In the F5 Product Family column, find BIG-IP, and then in the
Product Line column, click BIG-IP v10.x.
3. Select a version from the list preceding the table.
4. In the Name column, click Quova-GeolocationUpdates.
5. Click I Accept to accept the license.
6. In the Filename column, click the name of the most recent
compressed file that you want to download.
7. In the Ready to Download table, click the download method that
you want to use.
8. In the dialog box, click OK.
9. Select the directory in which you want to save the compressed file,
and then decompress the file to save the RPM files on the system.

TM
9 - 11
10. Install and load one of the RPM files using the following command,
where the path and file name are case-sensitive:
geoip_update_data -f </path to RPM file and file name>
The system installs and loads the specified database file.
11. Repeat step 10 for each of the RPM files that you saved to the
system in step 9.
Creating a topology record
To create a topology record
click Topology.
The new record screen opens.
3. To create a request source statement, use the Request Source
settings:
a) Select an origin type from the first list.
b) Select an operator, either is or is not.
c) Define the criteria for the request source statement based on the
request source type you selected.
4. To create a destination statement, use the Destination settings:
a) Select a destination type from the first list.
b) Select an operator, either is or is not.
c) Define the criteria for the destination statement based on the
destination type you selected.
5. In the Weight box, specify the priority this record has over other
topology records.
6. Click the Create button to save the new topology record.
Chapter 9
9 - 12
Configuring a wide IP for Topology load balancing
You can use the Topology load balancing mode to distribute traffic among
the pools in a wide IP. To do this, you must have at least two pools
configured in the wide IP.
To configure a wide IP for Topology load balancing
click Wide IPs.
2. Click the name of the wide IP for which you want to assign
topology-based load balancing.
The wide IP properties screen opens.
4. From the Load Balancing Method list, select Topology.
Repeat this process for each wide IP that you want to configure for
Topology load balancing.
Configuring a pool for Topology load balancing
In addition to setting up the Topology load balancing mode to select a pool
within a wide IP, you can also set up the Topology load balancing mode to
select a virtual server within a pool.
To configure a pool for Topology load balancing
click Pools.
2. Click the name of the pool to which you want to assign
topology-based load balancing.
The pool properties screen opens.
The Members screen opens displaying a list of the virtual servers
4. In the Load Balancing Method option, select Topology from the
Preferred list.
Repeat this process for each pool that you want to configure for Topology
load balancing.

TM
9 - 13
Reloading default geolocation data
To uninstall an update to the IP geolocation database, reload the default
geolocation database files using either the Configuration utility or tmsh.
Important
Before you reload the default geolocation data, delete the RPM files that are
in the /shared/GeoIP directory.
To reload the default geolocation data using the
Configuration utility
1. Log on to the Configuration utility.
Configuration.
3. In the Geolocation area, click the Reload button in the Operations
setting.
The system reloads the default geolocation database files that are
stored in /usr/share/GeoIP.
To reload the default geolocation data from tmsh
1. Log on to tmsh.
2. Run the command sequence: load / sys geoip
The system reloads the default geolocation database files that are
stored in /usr/share/GeoIP.
Chapter 9
9 - 14
Removing topology records
As your network changes, you might need to refine your existing topology
records, or remove outdated topology records. For example, the fictional
company SiteRequest has an existing topology statement that routes all
traffic originating from the United States to the New York data center. Last
week, a new data center in Los Angeles came online. As a result, the
topology record that the Global Traffic Manager was using to direct traffic
became obsolete, and needed to be removed.
To remove a topology record
click Topology.
2. Select the topology record that you want to remove from the
topology records list by selecting the corresponding Select box.
A confirmation screen appears.
4. Click the Delete button again to confirm that you want to delete the
record.

TM
9 - 15
Disabling the Longest Match option
You can create topology records and order the records manually. To do this,
you must disable the Longest Match option.
To access the Longest Match option
Configuration.
3. Using the Topology Options settings, select or clear the check box
to enable or disable the Longest Match option, as needed.
Chapter 9
9 - 16
10
About DNSSEC
Introducing DNSSEC keys and zones
Managing DNSSEC keys
Managing DNSSEC zones
Viewing DNSSEC resource records that you have
added to your BIND configuration

TM
10 - 1
About DNSSEC
The Domain Name System Security Extensions (DNSSEC) is an
industry-standard protocol that functions as an extension to the Domain
Name System (DNS) protocol. The BIG-IP
Global Traffic Manager uses

DNSSEC to guarantee the authenticity of DNS responses to queries and to
return Denial of Existence responses.
You can use the DNSSEC feature of the Global Traffic Manager to protect
your network infrastructure from DNS protocol and DNS server attacks
such as spoofing, ID hacking, cache poisoning, and denial of service.
Introducing DNSSEC keys and zones
The Global Traffic Manager responds to DNS requests to a specific zone by
returning signed name server responses based on the currently available
generations of a key. Before you can configure the Global Traffic Manager
to handle name server responses that are DNSSEC-compliant, you must
create DNSSEC keys and zones.
There are two kinds of DNSSEC keys: zone-signing keys and key-signing
keys. The Global Traffic Manager uses a zone-signing key to sign all of the
records in a DNSSEC record set, and a key-signing key to sign only the
DNSKEY record of a DNSSEC record set.
DNSSEC zones are containers that map a domain name to a set of keys.
You can create a DNSSEC zone, but before the Global Traffic Manager can
sign requests to that zone, you must assign at least one enabled zone-signing
and one enabled key-signing key to the zone.
Additionally, after you create a DNSSEC zone, you must submit the DS
record for the zone to the administrators of your parent zone, who sign the
DS record with their own key and upload it to their zone. You can find the
DS record for your zone in /config/gtm/dsset-<dnssec.zone.name>.
Understanding DNSSEC keys
To enhance key security, the BIG-IP
system has an automatic key rollover

feature that uses overlapping generations of a key to ensure that the system
can always respond to requests with a signature. The system dynamically
creates new generations of each key based on the values of the Rollover
Period and Expiration Period settings of the key. The first generation of a
key has an ID of 0 (zero). Each time the system dynamically creates a new
generation of the key, the ID increments by 1. Once the expiration time of a
generation of a key is reached, the system automatically removes that
generation of the key from the configuration.
Figure 10.1 illustrates this, and shows how over time each generation of a
key overlaps the previous generation of the key.
Chapter 10
10 - 2
Figure 10.1 Overlapping generations of a key and TTL value
The value that you assign to the TTL (time-to-live) setting for a key
specifies how long a client resolver can cache the key. As shown in Figure
10.1, the value you assign to the TTL setting of the key must be less than
the difference between the values of the Rollover Period and Expiration
Period settings of the key; otherwise, a client can make a query and the
system can send a valid key that the client cannot recognize.
Important
To ensure that each Global Traffic Manager system is referencing the same
time when generating keys, you must synchronize the time setting on each
system with the Network Time Protocol (NTP) servers that the Global
Traffic Manager references. For information, see Defining NTP servers, on
page 3-10.

TM
10 - 3
Providing DS records to the parent domain
Each time a new generation of a key-signing key is created, you must
provide the updated DS record to the administrators of the parent zone. For
example, in Figure 10.1, the value of the Rollover Period of the key is 30
days, and the value of the Expiration Period of the key is 37 days. In the
case of a key-signing key, a new generation of the key is created every 30
days, and you have seven days before the old generation of the key expires
to provide the new DS record to the administrators of the parent zone. These
administrators sign the new DS record with their own key and upload it their
zone.
There are numerous ways to provide the new DS record to the
administrators of the parent zone, including secure FTP or use of a secure
web site for this purpose. Provide the new DS record to the administrators of
the parent zone according to your company policy.
Chapter 10
10 - 4
Managing DNSSEC keys
You can create, modify, and delete both zone-signing and key-signing keys.
F5 Networks recommends that for emergency rollover purposes, when you
create a key, you create a duplicate version of the key with a similar name,
but do not enable that version. For example, create a key-signing key called
ksk1a that is enabled. Then create a duplicate key, but name it ksk1b, and
change the state to disabled. When you associate both of these keys with the
same zone, you are prepared to easily perform a manual rollover of the key,
if necessary. For more information about emergency rollover, see
Performing a manual rollover of a key, on page 10-7.
Note
Only users with Administrator or Resource Administrator roles can create,
modify, and delete DNSSEC keys.
In order for the Global Traffic Manager to use the keys that you create to
sign requests, you must assign the keys to a zone. For more information, see
Creating DNSSEC zones, on page 10-10.
Creating DNSSEC keys
You can create a DNSSEC key, but before the Global Traffic Manager can
sign requests using the key, you must also assign the key to a zone. For more
information about DNSSEC zones, see Managing DNSSEC zones, on page
10-10.
To create a key
1. Expand Global Traffic and click DNSSEC Key List.
2. Click Create.
3. Configure the properties of the key using the information in Table
10.1 or the online help.
4. Click Finished.
Setting Description Default Value
Name Type a name that contains any characters except a pound sign (#), dollar sign
($), caret (^), or exclamation point (!).
Algorithm Accept the default value. There is only one algorithm available. RSA/SHA1
Bit Width Type the size of the key.
The allowed values are determined by your hardware platform or the FIPS
hardware security module (HSM), if your system contains one. These three
options are valid: 1024 and 2048
1024
Table 10.1 DNSSEC key settings

TM
10 - 5
Use FIPS If your system contains a FIPS HSM on which you store the DNSSEC keys to
protect the keys from physical and software attacks, select Enabled.
Note: If your system does not contain a FIPS HSM, and you set this option to
Enabled, the system automatically resets the value to Disabled.
Disabled
Type If you are creating a key to sign all of the record sets in a zone, select Zone
Signing Key.
If you are creating a key to sign only the DNSKEY record set, select Key
Signing Key.
Zone Signing
Key
State Select Enabled when you are creating a key-signing or zone-signing key that
you plan to associate with a zone as an active key.
Important: You can assign both enabled and disabled key-signing and
zone-signing keys to a zone; however, the system uses only enabled keys to
sign requests.
Enabled
TTL Type the number of seconds that client resolvers can cache the key.
0 seconds indicates that the key is not cached by client resolvers.
The value of the TTL must be less than the difference between the values of the
rollover and expiration periods.
86400
Rollover
Period
Type the number of seconds after which the system creates a new generation of
the key. 0 seconds indicates not set, and thus the key does not roll over.
The value of the rollover period must be greater than or equal to one third of the
value of the expiration period, and strictly less than the value of the expiration
period. Additionally, the difference between the values of the rollover and
expiration periods must be more than the value of the TTL.
0
Expiration
Period
Type the number of seconds after which the system deletes an expired
generation of the key. 0 seconds indicates not set, and thus the key does not
expire.
The value of the expiration period must be more than the value of the rollover
period. Additionally, the difference between the values of the rollover and
expiration periods must be more than the value of the TTL.
Tip: The National Institute of Standards and Technology (NIST) recommends
that a key-signing key expire once a year.
0
Signature
Validity
Period
Type the number of seconds after which the system no longer uses the expired
signature. 0 seconds indicates not set, and thus the server verifying the
signature never succeeds, because the signature is always expired.
The value of this setting must be more than the value of the signature
publication period.
604800
(one week)
Signature
Publication
Period
Type the number of seconds after which the system creates a new signature. 0
seconds indicates not set, and thus the system does not cache the signature.
The value of this setting must be less than the value of the signature validity
period.
403200
(two-thirds of a
week)
Setting Description Default Value
Table 10.1 DNSSEC key settings
Chapter 10
10 - 6
Modifying DNSSEC keys
After you create a DNSSEC key, you can modify it as necessary. For
example, if you created a disabled key that you are now ready to put into
production, you can change the state of the key to enabled.
To modify a key
2. Click the name of the key.
3. Modify the settings of the key as required.
For example, to disable the key, select Disabled from the State list.
4. Click Update.
Deleting DNSSEC keys
You can delete a DNSSEC key, for example, when you perform an
emergency rollover of a compromised key. For more information about
emergency rollover, see Performing a manual rollover of a key, on page
10-7.
WARNING
If you delete a key that is associated with a zone that is available (enabled
and online), if there are no other enabled keys of that type associated with
the zone, the status of the zone immediately becomes offline.
To delete a key
2. Check the Select box next to the key that you want to delete.
3. Click Delete.
4. Click Delete again to delete the key.
Modifying generations of a DNSSEC key
You can modify a generation of a DNSSEC key, for example, when you
perform an emergency rollover of a compromised key for which you do not
have a standby key. For more information about emergency rollover, see
Performing a manual rollover of a key, on page 10-7.
WARNING
F5 Networks recommends that you modify only the Rollover Time and
Expiration Time settings of a generation of a key. Modifying the ID or
Public Key settings can cause the system to return denial of service
messages rather than signed responses.

TM
10 - 7
To modify a generation of a DNSSEC key
2. Click the name of the key that you want to modify, and then on the
menu bar click Generations.
3. Modify the Rollover Time or Expiration Time settings of a
generation of a key, using the information in Table 10.2 or the
online help to assist you.
4. Click Update.
Performing a manual rollover of a key
If necessary, you can manually perform an emergency rollover of a
compromised key. If, when you created the key, you created a duplicate of
the key (a standby key) with a different name and disabled the standby key,
manually rolling over the key is easier.
Performing a manual rollover of a key for which you have a standby key
To perform a manual rollover of a key-signing key for which
you have a standby key
2. Click the name of the standby key-signing key.
3. From the State list, select Enabled.
4. Click Update.
Setting Description
ID Important: Do not modify this setting.
Public Key Important: Do not modify this setting.
This is the public key that the Global Traffic Manager is
currently using to sign responses.
Rollover Time Type the exact time that you want the system to create and
begin to use a new generation of the key.
Note: Modifying this setting does not affect the value of the
rollover and expiration periods of the key.
Expiration Time Type the exact time that you want this generation of the key to
expire.
Note: Modifying this setting does not affect the value of the
rollover and expiration periods of the key.
Table 10.2 DNSSEC key generation settings
Chapter 10
10 - 8
5. Provide the records for the compromised key and the newly enabled
key to the administrator of the parent zone.
After the administrator has loaded the newly active key records to
the zone and the records have been signed, complete the remainder
of the steps in this procedure.
7. Check the Select box next to the name of the compromised key.
8. Click Delete.
To perform a manual rollover of a zone-signing key for
which you have a standby key
2. Click the name of the standby zone-signing key.
3. From the State list, select Enabled.
4. Click Update.
5. Click DNSSEC Key List.
6. Check the Select box next to the name of the compromised key.
7. Click Delete.
Performing a manual rollover of a key without a standby key
To perform a manual roll over of a key-signing key without
a standby key
2. Click the name of the key-signing key.
3. Click Generations.
4. Change the Rollover Time to todays date and the current time.
5. Change the Expiration Time to todays date and a future time.
Important: This date must be no sooner than the maximum TTL of
the key. Additionally, this date must also allow time for you to
perform step 6. Your BIND administrator can provide you with the
maximum TTL of the key.

TM
10 - 9
6. Provide the new DS record to the administrator of the parent zone
according to your company policy.
After the administrator configures the zone with the new DS record
and the system creates a new signature, complete the remainder of
the steps in this procedure.
8. Click the name of the key.
10. Check the Select box next to generation of the key.
11. Click Delete.
12. Click Delete again to delete the generation of the key.
The system rolls over this generation of the key at the time specified in the
Rollover Time setting. The system removes the old generation of the key at
the time specified in the Expiration Time setting.
To perform a manual rollover of a zone-signing key without
a standby key
2. Click the name of the zone-signing key.
4. Change the Rollover Time to todays date and the current time.
5. Change the Expiration Time to a future date.
Important: This date must be no sooner than the maximum TTL of
the zone. Additionally, this date must also allow time for you to
perform step 6. Your BIND administrator can provide you with the
maximum TTL of the key.
6. Click Update.
The system rolls over this generation of the key at the time specified in
the Rollover Time setting. The system removes the old generation of the
key at the time specified in the Expiration Time setting.
Chapter 10
10 - 10
Managing DNSSEC zones
DNSSEC zones map a domain name to a set of DNSSEC keys that the
system uses to sign DNSSEC-compliant name server responses to DNS
queries. You can create, modify, or delete a DNSSSEC zone.
Note
Only users with Administrator or Resource Administrator roles can create,
modify, and delete DNSSEC zones.
Creating DNSSEC zones
You can create a DNSSEC zone, but before the Global Traffic Manager can
sign requests to that zone, you must assign at least one enabled zone-signing
and one enabled key-signing key to the zone. For more information about
DNSSEC keys, see Managing DNSSEC keys, on page 10-4.
To create a DNSSEC zone
1. Expand Global Traffic and click DNSSEC Zone List.
2. Click Create.
3. Configure the zone, using the information in Table 10.3 or the
online help.
4. Click Finished.
Warning: When you click Finished, even if you selected Enabled
from the State list, if there is not at least one zone-signing and one
key-signing key in the Active column, the status of the zone changes
to offline.
Setting Description
Default
Value
Name Type a the name of the zone for which you want the system to sign responses.
The name should be a subset of the name of the wide IP within which the zone
resides. For example, if the wide IP is named www.siterequest.com, name the
zone siterequest.com.
State If you want the zone to be live, select Enabled.
If you do not want the zone to be live, select Disabled.
Enabled
Zone Signing Key Move the zone-signing keys that you want to assign to this zone from the
Available list to the Active list.
Note: You can associate the same zone-signing key with multiple zones.
Key Signing Key Move the key-signing keys that you want to assign to this zone from the
Available list to the Active list.
Note: You can associate the same key-signing key with multiple zones.
Table 10.3 DNSSEC zone settings

TM
10 - 11
Viewing the status of DNSSEC zones
After you create a DNSSEC zone, you can view the status of the zone.
To view the status of a zone
2. The status of the zone displays in the Status column. The status of a
zone can be:
Available (green circle)
Offline (red diamond)
Modifying DNSSEC zones
After you create a DNSSEC zone, you can modify it as necessary. For
example, if you created a disabled zone that you are now ready to put into
production, you can change the state of the zone to enabled.
To modify a zone
2. Click the name of the zone.
3. Modify the settings for the zone as required. Refer to the online help
or Table 10.3, on page 10-10 for specifics.
4. Click Update.
Deleting DNSSEC zones
You can delete a DNSSEC zone at any time, but once you delete the zone,
the system no longer signs DNSSEC requests for the domain that zone
represents.
To delete a zone
2. Check the Select box next to the name of the zone that you want to
delete.
3. Click Delete.
4. Click Delete again to delete the zone.
Chapter 10
10 - 12
Viewing DNSSEC resource records that you have
added to your BIND configuration
Your configuration of BIND is independent of the configuration of
DNSSEC on the Global Traffic Manager. If you want to use BIND for
delegation or other tasks, you must add the DNSSEC resource records to
your BIND configuration; otherwise, BIND is not aware of these records. If
you do this, you can view the DNSSEC resource records in Zone Runner.
To view DNSSEC resource records
1. Expand Global Traffic and click ZoneRunner.
2. From the Type list, select DNSSEC.
3. Click Search.
4. View the DNSSEC resource records that display.
Note that a value of 0 (zero) seconds for the TTL setting indicates
that the TTL is not set.
11
Introducing monitors
Creating a custom monitor
Configuring monitor settings
Special configuration considerations
Associating monitors with resources
Managing monitors

TM
11 - 1
Introducing monitors
An important feature of the Global Traffic Manager is set of load
balancing tools called monitors. Monitors verify connections on pools and
virtual servers. A monitor can be either a health monitor or a performance
monitor. Monitors are designed to check the status of a pool or virtual server
on an ongoing basis, at a set interval. If a pool or virtual server being
checked does not respond within a specified timeout period, or the status of
a pool or virtual server indicates that performance is degraded, then the
Global Traffic Manager can redirect the traffic to another resource.
Some monitors are included as part of the Global Traffic Manager, while
other monitors are user-created. Monitors that the Global Traffic Manager
provides are called pre-configured monitors. User-created monitors are
called custom monitors. For more information on pre-configured and
custom monitors, see Understanding pre-configured and custom monitors,
on page 11-5.
Before configuring and using monitors, it is helpful to understand some
basic concepts regarding monitor types, monitor settings, and monitor
implementation. For more information on monitor types, see Summary of
monitor types, on page 11-2, and Configuring monitor settings, on page
11-8.
Monitor types
Every monitor, whether pre-configured or custom, belongs to a certain
category, or monitor type. Each monitor type checks the status of a
particular protocol, service, or application. For example, an HTTP
monitor allows you to monitor the availability of the HTTP service on a
pool member (that is a virtual server).
Monitor settings
Every monitor consists of settings with values. The settings and their
values differ depending on the type of monitor. In some cases, the Global
Traffic Manager assigns default values. For example, the following are
the default values for the HTTP monitor:
Interval: 30 seconds
Timeout: 120 seconds
Probe Timeout: 5 seconds
Reverse: No
Transparent: No
These settings specify that an HTTP monitor is configured to check the
status of an IP address every 30 seconds, to time out after 120 seconds, to
timeout the probe request every 5 seconds, and specifies that the monitor
does not operate in either Reverse or Transparent mode.
Monitor implementation
The task of implementing a monitor varies depending on whether you are
using a pre-configured monitor or creating a custom monitor. If you want
to implement a pre-configured monitor, you need only associate the
Chapter 11
11 - 2
monitor with a pool or virtual server. If you want to implement a custom
monitor, you must first create the custom monitor, and then associate it
with a pool or virtual server.
Summary of monitor types
The Global Traffic Manager includes many different types of monitors, each
designed to perform a specific type of monitoring. The monitors belong to
one of three categories: simple, extended content verification (ECV), and
extended application verification (EAV).
Simple monitors check the health of a resource by sending a packet using
the specified protocol, and waiting for a response from the resource. If
the monitor receives a response, then the health check is successful and
the resource is considered up. For information about configuring monitor
settings for Simple monitors, see Simple monitors, on page 11-8.
ECV monitors check the health of a resource by sending a query for
content using the specified protocol, and waiting to receive the content
from the resource. If the monitor receives the correct content, then the
health check is successful and the resource is considered up. For
information about configuring monitor settings for ECV monitors, see
Extended Content Verification (ECV) monitors, on page 11-10.
EAV monitors check the health of a resource by accessing the specified
application. If the monitor receives the correct response, then the health
check is successful and the resource is considered up. For information
about configuring monitor settings for EAV monitors, see External
Application Verification (EAV) monitors, on page 11-12.
Table 11.1 briefly describes the types of monitors that you can apply to your
load balancing resources.
Monitor
Category
Monitor
Type Description
PossibleObject
Associations
Simple Gateway
ICMP
Uses Internet Control Message Protocol (ICMP) to make a simple
resource check. The check is successful if the monitor receives a
response to an ICMP_ECHO datagram.
link,
pool member,
server,
virtual server
TCP Half
Open
Monitors the associated service by sending a TCP SYN packet to
the service. As soon as the monitor receives the SYN-ACK packet,
the monitor marks the service as up.
pool member,
server,
virtual server
Table 11.1 Monitor types available on a Global Traffic Manager

TM
11 - 3
ECV HTTP Verifies the Hypertext Transfer Protocol (HTTP) service by
attempting to receive specific content from a web page.
pool member,
server,
virtual server
HTTPS Verifies the Hypertext Transfer Protocol Secure (HTTPS) service by
attempting to receive specific content from a web page protected by
Secure Socket Layer (SSL) security.
pool member,
server,
virtual server
TCP Verifies the Transmission Control Protocol (TCP) service by
attempting to receive specific content from a resource.
pool member,
server,
virtual server
EAV BIG IP Acquires data captured through monitors managed by a Local
Traffic Manager.
Note: You cannot configure the ignore-down-response setting of
this monitor to configure a BIG-IP system to allow more than one
probe attempt per interval.
server,
virtual server
BIG IP Link Acquires data captured through monitors managed by a Link
Controller.
link,
node
External Allows users to monitor services using their own programs. pool member,
server,
virtual server
FTP Verifies the File Transfer Protocol (FTP) service by attempting to
download a specific file to the /var/tmp directory on the system.
Once downloaded successfully, the file is not saved.
pool member,
server,
virtual server
IMAP Verifies the Internet Message Access Protocol (IMAP) by attempting
to open a specified mail folder on a server. This monitor is similar to
the POP3 monitor.
pool member,
server,
virtual server
LDAP Verifies the Lightweight Directory Access Protocol (LDAP) service
by attempting to authenticate the specified user.
pool member,
server,
virtual server
MSSQL
Verifies Microsoft
Windows SQL-based services.

pool member,
server,
virtual server
NNTP Verifies the Usenet News protocol (NNTP) service by attempting to
retrieve a newsgroup identification string from the server.
pool member,
server,
virtual server
Oracle
Verifies services based on Oracle
by attempting to perform an
Oracle logon to a service.
pool member,
server,
virtual server
POP3 Verifies the Post Office Protocol version 3 (POP3) service by
attempting to connect to a pool, pool member, or virtual server, log
on as the specified user, and log off.
pool member,
server,
virtual server
Monitor
Category
Monitor
Type Description
PossibleObject
Associations
Chapter 11
11 - 4
Overview of monitor settings
Monitors contain settings with corresponding values. These settings and
their values affect the way that a monitor performs its status check. When
you create a custom monitor, you must configure these setting values. For
those settings that have default values, you can either retain the default
RADIUS Verifies the Remote Access Dial-in User Service (RADIUS) service
by attempting to authenticate the specified user.
pool member,
server,
virtual server
Real
Server
Checks the performance of a pool, pool member, or node that is
running the RealServer data collection agent, and then dynamically
load balances traffic accordingly.
node,
pool member,
server,
virtual server
Scripted Generates a simple script that reads a file that you create. The file
contains Send and Expect strings to specify lines that you want to
send or that you expect to receive.
pool member,
server,
virtual server
SIP Checks the status of Session Initiation Protocol (SIP) Call-ID
services on a device. The SIP protocol enables real-time
messaging, voice, data, and video.
pool member,
server, virtual
server
SMTP Checks the status of a pool, pool member, or virtual server by
issuing standard Simple Mail Transport Protocol (SMTP)
commands.
pool member,
server,
virtual server
SNMP Link Checks the current CPU, memory, and disk usage of a pool, pool
member, or virtual server that is running an SNMP data collection
agent, and then dynamically load balances traffic accordingly.
node,
pool member,
server,
virtual server
SOAP Tests a web service based on the Simple Object Access Protocol
(SOAP).
pool member,
server,
virtual server
UDP Verifies the User Datagram Protocol (UDP) service by attempting to
send UDP packets to a pool, pool member, or virtual server and
receiving a reply.
pool member,
server,
virtual server
WAP Requests the URL specified in the Send setting, and finds the string
specified in the Recv setting somewhere in the data returned by the
URL response.
pool member,
server,
virtual server
WMI Checks the performance of a pool, pool member, or virtual server
that is running the Windows Management Infrastructure (WMI) data
collection agent and then dynamically load balances traffic
accordingly.
node,
pool member,
virtual server
Monitor
Category
Monitor
Type Description
PossibleObject
Associations

TM
11 - 5
values, or modify them to suit your needs. You can find details about the
settings for each monitor type in Configuring monitor settings, on page
11-8.
Understanding pre-configured and custom monitors
When you want to monitor the health or performance of pool members or
virtual servers, you can either use a pre-configured monitor, or create and
configure a custom monitor.
Using pre-configured monitors
For a subset of monitor types, the Global Traffic Manager includes a set of
pre-configured monitors. A pre-configured monitor is an existing monitor
with default settings already configured. You use a pre-configured monitor
when the default values of the settings meet your needs.
The Global Traffic Manager includes these pre-configured monitors:
big ip
big ip link
gateway_icmp
http
https
real_server
snmp
tcp
tcp_half_open
udp
An example of a pre-configured monitor is the http monitor. If the default
values of this monitor meet your needs, you simply assign the http
pre-configured monitor directly to a pool or virtual server. In this case, you
do not need to use the Monitors screens, unless you simply want to view the
default settings of the pre-configured monitor.
If you do not want to use the values configured in a pre-configured monitor,
you can create a custom monitor.
Using custom monitors
A custom monitor is a monitor that you create based on one of the allowed
monitor types. (For information on monitor types, see Summary of monitor
types, on page 11-2.)
Like http, each of the custom monitors has a Type setting based on the type
of service it checks (for example, https, ftp, pop3), and takes that type as its
name. (Exceptions are port-specific monitors, like the external monitor,
which calls a user-supplied program.)
Chapter 11
11 - 6
For procedures on selecting and configuring a monitor, see Creating a
custom monitor, on page 11-7.
Importing settings from a pre-configured monitor
If a pre-configured monitor exists that corresponds to the type of custom
monitor you are creating, you can import the settings and values of that
pre-configured monitor into the custom monitor. For example, if you create
a custom monitor called my_http, the monitor can inherit the settings and
values of the pre-configured monitor http. This ability to import existing
setting values is useful when you want to retain some setting values for your
new monitor, but modify others.
The following list shows an example of a custom HTTP monitor called
my_http, which is based on the pre-configured monitor http. Note that the
value of the Interval setting has been changed from the default value of 30
to a new value of 60. The other settings retain the values defined in the
pre-configured monitor.
Name: my_http
Type: HTTP
Interval: 60
Timeout: 120
Reverse: No
Transparent: No
Importing settings from a custom monitor
You can import settings from another custom monitor instead of from a
pre-configured monitor. This is useful when you want to use the setting
values defined in another custom monitor, or when no pre-configured
monitor exists for the type of monitor you are creating. For example, if you
create a custom monitor called my_oracle_server2, you can import settings
from an existing Oracle monitor such as my_oracle_server1. In this case,
because the Global Traffic Manager does not provide a pre-configured
Oracle monitor, a custom monitor is the only kind of monitor from which
you can import setting values.
Importing settings from a monitor template
If no pre-configured or custom monitor exists that corresponds to the type of
monitor you are creating, the Global Traffic Manager imports settings from
a monitor template. A monitor template is an abstraction that exists within
the Global Traffic Manager for each monitor type and contains a group of
settings and default values. A monitor template serves as a tool for the
Global Traffic Manager to use for importing settings to a custom monitor
when no monitor of that type already exists.

TM
11 - 7
Creating a custom monitor
When you create a custom monitor, you use the Configuration utility to give
the monitor a unique name, specify a monitor type, and, if a monitor of that
type already exists, import settings and their values from the existing
monitor. You can then change the values of any imported settings.
You must base each custom monitor on a monitor type. When you create a
monitor, the Configuration utility displays a list of monitor types. To specify
a monitor type, select the one that corresponds to the service you want to
check. For example, if you want to want to create a monitor that checks the
health of the HTTP service on a pool, you choose HTTP as the monitor
type. For information on monitor types, see Configuring monitor settings,
on page 11-8.
If you want to check more than one service on a pool or virtual server (for
example HTTP and HTTPS), you can associate more than one monitor on
that pool or virtual server. For more information, see Chapter 7, Load
Balancing with the Global Traffic Manager.
Checking services is not the only reason for implementing a monitor. If you
want to verify only that the destination IP address is live, or that the path to
it through a transparent virtual server is live, use one of the simple monitors,
such as gateway_icmp. Or, if you want to verify TCP only, use the monitor
tcp.
To create a custom monitor
click Monitors.
The main monitors screen opens.
The New Monitor screen opens.
3. In the Name box, type a name for the monitor.
4. For the Type setting, select the type of monitor that you want to
create.
If a monitor of that type already exists, Import Settings appears.
6. Configure all settings shown.
7. Click the Finished to save your changes.
Chapter 11
11 - 8
Configuring monitor settings
The Global Traffic Manager supports a wide variety of monitor types. Each
of these monitor types contains specific settings that you can configure to
ensure that the monitor accurately tests a given resource before determining
if that resource is available for load balancing operations. When you
configure these settings, you are creating a custom monitor for your
network.
The types of monitors the Global Traffic Manager supports correspond to
three categories:
Simple monitors
These are health monitors that monitor the status of a resource.
Extended Content Verification (ECV) monitors
These are health monitors that verify service status by retrieving specific
content from pool members or virtual servers.
External Application Verification (EAV) monitors
These are health or performance monitors that verify service status by
accessing remote applications, using an external service-checker
program.
Simple monitors
Simple monitors are those that check the status of a resource. The simple
monitor types are:
Gateway ICMP
TCP Half Open
The Global Traffic Manager provides a set of pre-configured simple
monitors: gateway_icmp and tcp_half_open. You can either use these
pre-configured monitors as is, or create custom monitors of these types.
The following sections describe each type of simple monitor and show the
pre-configured monitor settings and their values.
Gateway ICMP
You can use a Gateway ICMP monitor for a virtual server, a server (that is,
all of the virtual servers on a specified server), a pool member, a pool (that
is, all of the pool members of a specified pool), or a link. This monitor uses
the Internet Control Message Protocol (ICMP) to perform a simple resource
check. The check is successful if the monitor receives a response to an
ICMP_ECHO datagram.

TM
11 - 9
The following list shows the settings and their values for the pre-configured
gateway_icmp monitor.
Type: Gateway ICMP
Import Settings: Gateway ICMP
Probe Interval: 1 second
Probe Attempts: 3
Ignore Down Response: No
Transparent: No
Alias Address: * All Addresses
Alias Service Port: * All Ports
TCP Half Open
A TCP Half Open monitor performs a check on the associated service by
sending a TCP SYN packet to the service. If the monitor receives the
SYN-ACK packet from the service, the monitor considers the service to be
in an up state, and sends a RESET packet to the service instead of
completing the three-way handshake.
The following list shows the settings for the pre-configured monitor
tcp_half_open.
Import Settings: TCP Half Open
Type: TCP Half Open
Probe Attempts: 3
Transparent: No
Chapter 11
11 - 10
Extended Content Verification (ECV) monitors
Extended Content Verification (ECV) monitors use Send String and
Receive String settings in an attempt to retrieve explicit content from
resources. The Global Traffic Manager provides the pre-configured
monitors http, https, and tcp for these ECV monitor types:
HTTP
HTTPS
TCP
You can either use the pre-configured ECV monitors as is, or create custom
monitors from these monitor types.
The following sections describe each type of ECV monitor, and show the
HTTP
You use an HTTP monitor to check the status of Hypertext Transfer
Protocol (HTTP) traffic. Like a TCP monitor, an HTTP monitor attempts to
receive specific content from a web page, and unlike a TCP monitor, may
send a user name and password. The check is successful when the content
matches the Receive String value. An HTTP monitor uses a send string, a
receive string, a user name, a password, and optional Reverse and
Transparent modes. (If there is no password security, you must use blank
strings [""] for the Username and Password settings.)
For more information on transparent and reverse modes, see Using
transparent and reverse modes, on page 11-35.
The following list shows the settings of the pre-configured monitor http:
Import Settings: http
Type: HTTP
Send String: Get /
Receive String: (empty)
User Name: (empty)
Password: (empty)
Reverse: No
Transparent: No

TM
11 - 11
HTTPS
You use an HTTPS monitor to check the status of Hypertext Transfer
Protocol Secure (HTTPS) traffic. An HTTPS monitor attempts to receive
specific content from a web page protected by SSL security. The check is
successful when the content matches the Receive String value.
HTTPS monitors use a send string, a receive string, a user name, a
password, and an optional Reverse setting. (If there is no password security,
you must use blank strings [""] for the Username and Password settings.)
For more information on the Reverse setting, see Using transparent and
reverse modes, on page 11-35.
HTTP monitors also include the settings Cipher List, Compatibility, and
Client Certificate. If you do not specify a cipher list, the monitor uses the
default cipher list DEFAULT:+SHA:+3DES:+kEDH. When you set the
Compatibility setting to Enabled, this sets the SSL options to ALL. You
use the Client Certificate setting to specify a certificate file that the monitor
then presents to the server.
The following list shows the settings of the pre-configured monitor https:
Type: HTTPS
Import Settings: https
Send String: Get /
Cipher List: DEFAULT:+SHA:+#DES:+kEDH
User Name: (empty)
Password: (empty)
Compatibility: Enabled
Client Certificate: (empty)
Client Key: (empty)
Reverse: No
Transparent: No
The Reverse setting is an option for monitors that import settings from the
https monitor. In most monitor settings, the Global Traffic Manager
considers the resource available when the monitor successfully probes it.
However, in some cases you may want the resource to be considered
unavailable after a successful monitor test. You accomplish this
configuration with the Reverse setting. For more information on Reverse
mode, see Using transparent and reverse modes, on page 11-35.
Chapter 11
11 - 12
TCP
The TCP monitor attempts to receive specific content sent over TCP. The
check is successful when the content matches the Receive String value. A
TCP monitor takes a Send String value and a Receive String value. If the
Send String value is blank and a connection can be made, the service is
considered up. A blank Receive String value matches any response. Both
Transparent and Reverse modes are options. For more information about
Transparent and Reverse modes, see Using transparent and reverse
modes, on page 11-35.
The following list shows the settings for the pre-configured monitor tcp.
Type: TCP
Import Settings: tcp
Send String: (empty)
Reverse: No
Transparent: No
External Application Verification (EAV) monitors
EAV monitors verify applications on servers by running those applications
remotely, using an external service checker program located in the directory
/config/monitors.
The following list shows the types of EAV monitors that you can create.
BIG IP
BIG IP Link
External
FTP
IMAP
LDAP
MSSQL
NNTP
Oracle
POP3
RADIUS

TM
11 - 13
Real Server
Scripted
SIP
SMTP
SNMP
SNMP Link
SOAP
UDP
WAP
WMI
The Global Traffic Manager provides pre-configured monitors for several of
these monitor types. In cases where a pre-configured monitor does not meet
your needs or does not exist, you can create a custom monitor. For more
information on custom monitors, see Creating a custom monitor, on page
11-7.
The following sections describe each type of EAV monitor and show the
BIG-IP
When you use the Global Traffic Manager in a network that contains a
Local Traffic Manager, you must assign a BIG-IP monitor to the Local
Traffic Manager. This monitor is automatically assigned to the Local Traffic
Manager if you do not manually assign it.
The BIG-IP monitor gathers metrics and statistics information that the Local
Traffic Manager acquires through the monitoring of its own resources. In
general, it is sufficient to assign only the BIG-IP monitor to a Local Traffic
Manager. In situations where you want to verify the availability of a specific
resource managed by the Local Traffic Manager, F5 Networks recommends
that you first assign the appropriate monitor to the resource through the
Local Traffic Manager, and then assign a BIG-IP monitor to the Local
Traffic Manager through the Global Traffic Manager. This configuration
provides the most efficient means of tracking resources managed by a
BIG-IP system.
The following list shows the settings and default values of a BIG-IP
monitor.
Type: BIG-IP
Import Settings: bigip
Timeout: 90 seconds
Probe Timeout: 1 second
Note that F5 recommends that you leave this setting at the default value
for the BIG-IP monitor.
Chapter 11
11 - 14
Aggregate Dynamic Ratios: None
Note
If the Global Traffic Manager and the Local Traffic Manager are on the
same machine, you must still assign a BIG-IP monitor to the server that you
added to your configuration that represents the Global Traffic
Manager/Local Traffic Manager system. See Chapter 5, Defining the
Physical Network, for more information.
BIG-IP Link
When you use the Global Traffic Manager in a network that contains a Link
Controller, you must assign a BIG-IP Link monitor to the Link Controller.
This monitor is automatically assigned to the Link Controller if you do not
manually assign it.
The BIG-IP Link monitor gathers metrics and statics information that the
Link Controller acquires through the monitoring of its own resources.
The following list shows the settings and default values of a BIG-IP Link
monitor.
Type: BIG-IP Link
Import Settings: bigip_link
Timeout: 30 seconds
Note that F5 recommends that you leave this setting at the default value
for BIG-IP Link monitor.
Note
If the Global Traffic Manager and the Link Controller systems are on the
same machine, you must still assign a BIG-IP Link monitor to the server that
represents these two systems. See Chapter 5, Defining the Physical
Network, for more information.
External
You can use an External monitor to create your own monitor type. To do
this, you create a custom External monitor and within it, specify a
user-supplied monitor to run.

TM
11 - 15
The External Program setting specifies the name of your user-supplied
monitor program. An External monitor searches the directory
/config/monitors for that monitor name.
The Arguments setting allows you to specify any command-line arguments
that are required.
The following list shows the settings and default values of an External
monitor.
Type: External
Import Settings: external
External Program: (empty)
Arguments: (empty)
Variables: (empty)
FirePass
You use a FirePass
monitor to verify FirePass traffic. This monitor checks

the health of FirePass systems.
The following list shows the settings and default values of a FirePass type
monitor.
Type: FirePass
Import Settings: firepass_gtm
Timeout: 90 seconds
Cipher List: HIGH:!ADH
Max Load Average: 20
Concurrency Limit: 95
User Name: gtmuser
Password: (empty)
Chapter 11
11 - 16
FTP
You use an FTP monitor to verify File Transfer Protocol (FTP) traffic. A
monitor of this type attempts to download a specified file to the /var/tmp
directory, and if the file is retrieved, the check is successful. An FTP
monitor specifies a user name, a password, and a full path to the file to be
downloaded.
Note
Once an FTP file is successfully downloaded, the Global Traffic Manager
does not save it.
The following list shows the settings and default values of an FTP monitor.
Type: FTP
Import Settings: ftp
User Name: (empty)
Password: (empty)
Path/Filename: (empty)
Mode: Passive
Debug: No
IMAP
You use an IMAP monitor to check the status of Internet Message Access
Protocol (IMAP) traffic. An IMAP monitor is essentially a POP3 monitor
with the addition of the Folder setting. The check is successful if the
monitor is able to log onto a server and open the specified mail folder. An
IMAP monitor requires that you specify a user name and password. The
following list shows the settings and default values of an IMAP monitor.
Type: IMAP
Import Settings: imap
Timeout: 31 seconds
User Name: (empty)
Password: (empty)
Folder: INBOX

TM
11 - 17
Debug: No
Note
Servers checked by an IMAP monitor typically require special configuration
to maintain a high level of security, while also allowing for monitor
authentication.
LDAP
You use an LDAP monitor to check the status of Lightweight Directory
Access Protocol (LDAP) servers. The LDAP protocol implements standard
X.500 for email directory consolidation. A check is successful if entries are
returned for the base and filter specified. An LDAP monitor requires a user
name, a password, and base and filter strings. The following list shows the
settings and default values of an LDAP monitor.
Type: LDAP
Import Settings: ldap
Timeout: 31 seconds
User Name: (empty)
Password: (empty)
Base: (empty)
Filter: (empty)
Security: None
Mandatory Attributes: No
Debug: No
The User Name setting specifies a distinguished name, that is, an
LDAP-format user name.
The Base setting specifies the starting place in the LDAP hierarchy from
which to begin the query.
The Filter setting specifies an LDAP-format key of the search item.
The Security setting specifies the security protocol to be used. Acceptable
values are SSL, TLS, or None.
Chapter 11
11 - 18
MSSQL
You use an MSSQL monitor to perform service checks on Microsoft SQL
Server-based services such as Microsoft SQL Server versions 6.5 and 7.0.
The remainder of this section on MSSQL monitors describes prerequisite
tasks, the default monitor settings, and troubleshooting tips.
MSSQL monitor settings and their default values
The following list shows the settings and default settings of an MSSQL
monitor.
Type: mssql
Import Settings: mssql
Timeout: 91 seconds
User Name: (empty)
Password: (empty)
Database: (empty)
Receive Row: (empty)
Receive Column: (empty)
Count: 0
Debug: No
For an MSSQL monitor, the Database setting specifies the name of the data
source on the Microsoft
SQL-based server. Examples are sales and hr.

The Send String setting is optional and specifies a SQL query statement
that the Global Traffic manager should send to the server. Examples are
SELECT * FROM sales and SELECT FirstName, LastName From
Employees. If you configure the Send String setting, you can also
configure the following settings:
Receive String
The Receive String setting is an optional parameter that specifies the
value expected to be returned for the row and column specified with the
Receive Row and Receive Column settings. An example of a Receive
String value is ALAN SMITH. You can only configure this setting
when you configure the Send String setting.

TM
11 - 19
Receive Row
The Receive Row setting is optional, and is useful only if the Receive
String setting is specified. This setting specifies the row in the returned
table that contains the Receive String value. You can only configure this
setting when you configure the Send String setting.
Receive Column
The Receive Column setting is optional and is useful only if the Receive
String setting is specified. This setting specifies the column in the
returned table that contains the Receive String value. You can only
configure this setting when you configure the Send String setting.
Troubleshooting MSSQL logons
If an MSSQL monitor cannot log on to the server, and you have checked
that the specified IP address and port number or service are correct, try the
following troubleshooting options:
Verify that you can log on using another tool.
For example, the server program Microsoft NT SQL Server version 6.5
includes a client program named ISQL/w. This client program performs
simple logons to SQL servers. Use this program to test whether you can
log on to the server using the ISQL/w program.
Add logon accounts using the Microsoft SQL Enterprise Manager.
On the Microsoft SQL Server, you can run the SQL Enterprise Manager
to add logon accounts. When first logging on the SQL Enterprise
Manager, you may be prompted for the SQL server that you want to
manage.
You can register servers by specifying the machine name, user name, and
password. If these names are correct, the server is registered, and then
you can click an icon for the server. When you expand the subtree for the
server, there is an icon for logon accounts. Beneath this subtree, you can
find the SQL logons. To change passwords or add new logons,
right-click the Logins icon. Click this icon to access the Add login
option. After you open this option, type the user name and password for
the new logon, as well as which databases the logon is allowed to access.
You must grant the test account access to the database you specify in the
EAV configuration.
NNTP
You use an NNTP monitor to check the status of Usenet News traffic. The
check is successful if the monitor retrieves a newsgroup identification line
from the server. An NNTP monitor requires a newsgroup name (for
example, alt.cars.mercedes) and, if necessary, a user name and password.
The following list shows the settings and default values of an NNTP
monitor.
Type: NNTP
Import Settings: nntp
Chapter 11
11 - 20
User Name: (empty)
Password: (empty)
Newsgroup: (empty)
Debug: No
Oracle
You use an Oracle monitor to check the status of an Oracle database server.
The check is successful if the monitor is able to connect to the server, log on
as the indicated user, and log off.
The following list shows the settings and default values of an Oracle
monitor.
Type: Oracle
Import Settings: oracle
Timeout: 91 seconds
User Name: (empty)
Password: (empty)
Database: (empty)
Receive Row: (empty)
Receive Column: (empty)
Count: 0
Debug: No
The Send String setting specifies a SQL statement that the Global Traffic
Manager should send to the Oracle server. An example is SELECT *
FROM sales.

TM
11 - 21
The Receive String setting is an optional parameter that specifies the value
expected to be returned for a specific row and column of the table that the
Send String setting retrieved. An example of a Receive String value is
SMITH.
In an Oracle monitor, the Database setting specifies the name of the data
source on the Oracle server. Examples are sales and hr.
The Receive Row setting is optional, and is useful only if the Receive
String setting is specified. This setting specifies the row in the returned
table that contains the Receive String value.
The Receive Column setting is optional and is useful only if the Receive
String setting is specified. This setting specifies the column in the returned
table that contains the Receive String value.
POP3
You use a POP3 monitor to check the status of Post Office Protocol version
3 (POP3) traffic. The check is successful if the monitor is able to connect to
the server, log on as the indicated user, and log off. A POP3 monitor
requires a user name and password.
The following list shows the settings and default values of a POP3 monitor.
Type: POP3
Import Settings: pop3
User Name: (empty)
Password: (empty)
Debug: No
RADIUS
You use a RADIUS monitor to check the status of Remote Access Dial-in
User Service (RADIUS) servers. The check is successful if the server
authenticates the requesting user. A RADIUS monitor requires a user name,
a password, and a shared secret string for the code number.
Note
Configure the servers to be checked by a RADIUS monitor to maintain a
high level of security while also allowing for monitor authentication.
Chapter 11
11 - 22
The following list shows the settings and default values of a RADIUS
monitor.
Type: RADIUS
Import Settings: radius
Interval:10 seconds
Timeout: 31 seconds
User Name: (empty)
Password: (empty)
Secret: (empty)
NAS IP Address: (empty)
Debug: No
Real Server
You use a Real Server monitor to check the performance of a pool or virtual
server that is running the RealSystem Server data collection agent and
dynamically load balances traffic accordingly. Performance monitors are
generally used with dynamic ratio load balancing. For more information on
performance monitors and dynamic ratio load balancing, see Chapter 7,
Load Balancing with the Global Traffic Manager.
Note
Unlike health monitors, performance monitors do not report on the status of
a pool, pool member, or virtual server.
The Global Traffic Manager provides a pre-configured Real Server monitor
named real_server. The following list shows the settings and default values
of the real_server monitor.
Type: Real Server
Import Settings: real_server
Method: GET
Command: GetServerStats
Metrics: ServerBandwidth: 1.5, CPUPercentUsage, MemoryUsage,
TotalClientCount
Agent: Mozilla/4.0 (compatible: MSIE 5.0, Windows NT)

TM
11 - 23
Like all pre-configured monitors, the real_server monitor is not
user-modifiable. However, if you want to modify the Metrics setting, you
can create a custom Real Server monitor, to which you can add metrics and
modify metric values.
Note
When creating a custom Real Server monitor, you cannot modify the values
of the Method, Command, and Agent settings.
Table 11.2 shows the complete set of server-specific metrics and metric
setting default values that apply to the command GetServerStats.
The metric coefficient is a factor determining how heavily the metrics value
counts in the overall ratio weight calculation. The metric threshold is the
highest value allowed for the metric if the metric is to have any weight at all.
To understand how to use these values, it is necessary to understand how the
overall ratio weight is calculated. The overall ratio weight is the sum of
relative weights calculated for each metric. The relative weights, in turn, are
based on three factors:
The value for the metric returned by the monitor
The coefficient value
The threshold value
Given these values, the relative weight is calculated as follows:
w=((threshold-value)/threshold)*coefficient
Metric Default Coefficient Default Threshold
ServerBandwidth (Kbps) 1.0 10,000
CPUPercentUsage 1.0 80
MemoryUsage (Kb) 1.0 100,000
TotalClientCount 1.0 1,000
RTSPClientCount 1.0 500
HTTPClientCount 1.0 500
PNAClientCount 1.0 500
UDPTransportCount 1.0 500
TCPTransportCount 1.0 500
MulticastTransportCount 1.0 500
Table 11.2 Metrics for a Real Server monitor
Chapter 11
11 - 24
You can see that the higher the coefficient, the greater the relative weight
calculated for the metric. Similarly, the higher the threshold, the greater the
relative weight calculated for any metric value that is less than the threshold.
(When the value reaches the threshold, the weight goes to zero.)
Note that the default coefficient and default threshold values shown in Table
11.2 are metric defaults, not monitor defaults. The monitor defaults take
precedence over the metric defaults, just as user-specified values in the
custom real_server monitor take precedence over the monitor defaults. For
example, the monitor shown specifies a coefficient value of 1.5 for
ServerBandwidth and no value for the other metrics. This means that the
monitor uses the monitor default of 1.5 for the ServerBandwidth
coefficient and the metric default of 1 for the coefficients of all other
metrics. However, if a custom monitor my_real_server were configured
specifying 2.0 as the ServerBandwidth coefficient, this user-specified
value overrides the monitor default.
Metric coefficient and threshold are the only non-monitor defaults. If a
metric not in the monitor is to be added to the custom monitor, it must be
added to the list of metrics for the Metrics setting. The syntax for specifying
non-default coefficient or threshold values is:
<metric>:<coefficient |<*>:<threshold>
Scripted
You use the Scripted monitor to generate a simple script that reads a file that
you create. The file contains send and expect strings to specify lines that you
want to send or that you expect to receive. For example, Figure 11.1 shows a
sample file that specifies a simple SMTP sequence. Note that the system
always reads the lines of the file in the specified sequence.
Using a Scripted monitor, you can generate a script that acts on the above
file. When the Scripted monitor script reads this file, the script examines
each line, and if the line has no quotation marks, the line is sent or expected
as is. If the line is surrounded by quotation marks, the script strips off the
quotation marks, and examines the line for escape characters, treating them
accordingly.
The following list shows the settings and default values of a Scripted
monitor.
Type: Scripted
Import Settings: scripted
Timeout: 31 seconds
expect 220
send HELLO bigip1.siterequest.com\r\n
expect 250
send quit\r\n
Figure 11.1 A sample file specifying an SMTP sequence

TM
11 - 25
File name: (empty)
Debug: No
Note
When you create a file containing send and expect strings, store the file in
the directory /config/eav.
SIP
You use a SIP monitor to check the status of SIP Call-ID services. This
monitor type uses UDP to issue a request to a server device. The request is
designed to identify the options that the server device supports. If the proper
request is returned, the device is considered to be up and responding to
commands.
The following list shows the settings and default values of a SIP monitor.
Type: SIP
Import Settings: sip
Mode: UDP
Additional Accepted Status Codes: None
Additional Rejected Status Codes: Status Code List...
Rejected Status Code List: (empty)
Header List: (empty)
SIP Request: (empty)
Debug: No
Possible values for the Mode setting are TCP and UDP. Possible values for
the Additional Accepted Status Codes setting are Any, None, and Status
Code List. The Status Code List setting specifies one or more status codes,
in addition to status code 200, that are acceptable in order to indicate an up
status. Multiple status codes should be separated by spaces. Specifying an
asterisk (*) indicates that all status codes are acceptable.
Chapter 11
11 - 26
SMTP
You use an SMTP monitor to check the status of Simple Mail Transport
Protocol (SMTP) servers. This monitor is a basic monitor that checks only
that the server is up and responding to commands. The check is successful if
the mail server responds to the standard SMTP HELO and QUIT
commands. An SMTP monitor requires a domain name. The following list
shows the settings and default values of an SMTP monitor.
Type: SMTP
Import Settings: smtp
Domain: (empty)
Debug: No
SNMP
You use an SNMP monitor to check the performance of a server running an
SNMP agent such as UC Davis, for the purpose of load balancing traffic to
that server. This monitor conducts an SNMP query for a specific number of
times, counting the number of times the query is successful. If the number of
successful queries matches the number that you set when configuring the
monitor, the Global Traffic Manager considers the resource available.
Performance monitors are generally used with dynamic ratio load balancing.
For more information on performance monitors and dynamic ratio load
balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.
a pool, pool member, or virtual server; they report on the status of the server
itself. The exception to this is when you assign the monitor to a Cisco,
Alteon, Extreme, or Radware server. In those situations, the monitor can
obtain availability information on the virtual servers associated with that
server. On Foundry servers, you can only obtain the administrative status of
the virtual server.
The Global Traffic Manager provides a pre-configured SNMP monitor
named snmp_gtm. The following list shows the settings and values of the
snmp_gtm pre-configured monitor.
Type: SNMP
Import Settings: snmp_gtm

TM
11 - 27
Probe Attempts: 1
Community: public
Version: v1
Port: 161
Pre-configured monitors are not user-modifiable. Thus, if you want to
change the values for the SNMP monitor settings, you must create an SNMP
custom monitor. Possible values for the Version setting are v1, v2c, and
Other.
Chapter 11
11 - 28
SNMP Link
You use an SNMP Link monitor to check the performance of links that are
running an SNMP agent.
The Global Traffic Manager provides a pre-configured SNMP monitor
named snmp_link. The following list shows the settings and values of the
snmp_link pre-configured monitor.
Type: SNMP Link
Import Settings: snmp_link
Timeout: 30 seconds
Probe Attempts: 3
Community: public
Version: v1
Port: 161
pool, pool member, or virtual server. Performance monitors are generally
used with dynamic ratio load balancing. For more information on
performance monitors and dynamic ratio load balancing, see Chapter 7,
Load Balancing with the Global Traffic Manager.
Pre-configured monitors are not user-modifiable. Thus, if you want to
change the values for the SNMP Link monitor settings, you must create an
SNMP Link custom monitor.
SOAP
You use a SOAP monitor to test a web service based on the Simple Object
Access protocol (SOAP). More specifically, the monitor submits a request
to a SOAP-based web service, and optionally, verifies a return value or
fault. The following list shows the settings and default values of a SOAP
monitor.
Type: SOAP
Import Settings: soap
User Name: (empty)
Password: (empty)

TM
11 - 29
Protocol: HTTP
Possible values are HTTP and HTTPS.
URL Path: (empty)
Namespace: (empty)
Method: (empty)
Parameter Name: (empty)
Parameter Type: bool
Possible values are: bool, int, long, and string.
Parameter Value: (empty)
Return Type: bool
Possible values are: bool, int, short, long, float, double, and string.
Return Value: (empty)
Expect Fault: No
Possible values are No and Yes.
Debug: No
UDP
You use a UDP monitor to check the status of User Datagram Protocol
(UDP) packets. A UDP monitor sends one or more UDP packets to a target
pool, pool member, or virtual server.
The following list shows the settings and default values of a UDP monitor.
Type: UDP
Import Settings: udp
Probe Attempts: 3
Send String: default send string
Transparent: No
Send Packets: 2
Timeout Packets: 2
Debug: No
Chapter 11
11 - 30
Important
The value in seconds of the Timeout Packets setting must be lower than the
value of the Interval setting.
When using a UDP monitor to check a pool or virtual server, you must also
enable another monitor type, such as HTTP, to monitor the pool or virtual
server. Until both a UDP monitor and another type of monitor report the
status of the UDP service as up, the UDP service receives no traffic. See
Table 11.3 for details.
WAP
You use a WAP monitor to check Wireless Application Protocol (WAP)
servers. The WAP monitor requests a URL (the Send String setting), finds
the string in the Receive String setting in the data returned by the URL
response. The following list shows the settings and default values of a WAP
monitor.
Type: WAP
Import Settings: wap
Timeout: 31 seconds
Secret: (empty)
Accounting Node: (empty)
Accounting Port: (empty)
Server ID: (empty)
Call ID: (empty)
Session ID: (empty)
Framed Address: (empty)
If a UDP monitor reports
status as
And another monitor
reports status as
Then the UDP service
is
up up up
up down down
down up down
down down down
Table 11.3 Determining status of the UDP service

TM
11 - 31
Debug: No
The Secret setting is the RADIUS secret, a string known to both the client
and the RADIUS server, and is used in computing the MD5 hash.
The Accounting Node setting specifies the RADIUS resource. If this a null
string and RADIUS accounting has been requested (accounting port is
non-zero), then the WAP server resource is assumed to also be the RADIUS
resource.
If set to non-zero, the Accounting Port setting requests RADIUS
accounting and uses the specified port.
The Server ID setting specifies the RADIUS NAS-ID of the requesting
server (that is, the BIG-IP system). It is a string used as an alias for the
FQDN. See the section on testing WAP_monitor just below.
The Call ID setting is an identifier similar to a telephone number, that is, a
string of numeric characters. For testing purposes, this value is usually a
string of eleven characters.
The Session ID setting is a RADIUS session ID, used to identify this
session. This is an arbitrary numeric character string, often something like
01234567.
The Framed Address setting is a RADIUS framed IP address. The setting
has no special use and is usually specified simply as 1.1.1.1.
RADIUS accounting is optional. To implement RADIUS accounting, you
must set the accounting port to a non-zero value. If you set the Accounting
Port setting to a non-zero value, then the monitor assumes that RADIUS
accounting is needed, and an accounting request is sent to the specified
accounting node and port to start accounting. This is done before the URL is
requested. After the successful retrieval of the URL with the correct data, an
accounting request is sent to stop accounting.
WMI
You use a WMI monitor to check the performance of a pool or virtual server
that is running the Windows Management Infrastructure (WMI) data
collection agent and then dynamically load balances traffic accordingly.
a pool, pool member, or virtual server. You generally use performance
monitors such as a WMI monitor with dynamic ratio load balancing. For
more information on performance monitors and dynamic ratio load
balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.
The following list shows the settings and default values of a WMI monitor.
Type: WMI
Import Settings: wmi
Chapter 11
11 - 32
User Name: (empty)
Password: (empty)
Method: POST
URL: /scripts/F5lsapi.dll
Command: GetCPUInfo, GetDiskInfo, GetOSInfo
Metrics: LoadPercentage, DiskUsage, PhsyicalMemoryUsage
Agent: Mozilla/4.0 (compatible: MSIE 5.0; Windows NT)
Post: RespFormat=HTML
Note that when creating a custom WMI monitor, the only default values that
you are required to change are the null values for user name and password.
Also note that you cannot change the value of the Method setting.
Table 11.4 shows the complete set of commands and metrics that you can
specify with the Command and Metrics settings. Also shown are the
default metric values.
Command Metric
Default
Coefficient
Default
Threshold
GetCPUInfo LoadPercentage (%) 1.0 80
GetOSInfo PhysicalMemoryUsage (%) 1.0 80
VirtualMemoryUsage (%) 1.0 80
NumberRunningProcesses 1.0 100
GetDiskInfo DiskUsage (%) 1.0 90
GetPerfCounters TotalKBytesPerSec 1.0 10,000
ConnectionAttemptsPerSec 1.0 500
CurrentConnections 1.0 500
GETRequestsPerSec 1.0 500
PUTRequestsPerSec 1.0 500
POSTRequestsPerSec 1.0 500
AnonymousUsersPerSec 1.0 500
CurrentAnonymousUsers 1.0 500
Table 11.4 WMI monitor commands and metrics

TM
11 - 33
NonAnonymousUsersPerSec 1.0 500
CurrentNonAnonymousUser 1.0 500
CGIRequestsPerSec 1.0 500
CurrentCGIRequests 1.0 500
ISAPIRequestsPerSec 1.0 500
CurrentISAPIRequests 1.0 500
GetWinMediaInfo AggregateReadRate 1.0 10,000
Kbps
AggregateSendRate 1.0 10,000
Kbps
ActiveLiveUnicastStreams 1.0 1000
ActiveStreams 1.0 1000
ActiveTCPStreams 1.0 1000
ActiveUDPStreams 1.0 1000
AllocatedBandwidth 1.0 10,000
Kbps
AuthenticationRequests 1.0 1000
AuthenticationsDenied 1.0 100
AuthorizationRequests 1.0 1000
AuthorizationsRefused 1.0 100
ConnectedClients 1.0 500
ConnectionRate 1.0 500
HTTPStreams 1.0 1000
HTTPStreamsReadingHeader 1.0 500
HTTPStreamsStreamingBody 1.0 500
LateReads 1.0 100
PendingConnections 1.0 100
Command Metric
Default
Coefficient
Default
Threshold
Chapter 11
11 - 34
PluginErrors 1.0 100
PluginEvents 1.0 100
SchedulingRate 1.0 100
StreamErrors 1.0 100
StreamTerminations 1.0 100
UDPResendRequests 1.0 100
UDPResendsSent 1.0 100
Command Metric
Default
Coefficient
Default
Threshold

TM
11 - 35
Special configuration considerations
Every pre-configured or custom monitor has settings with some default
values assigned. The following sections contain information that is useful
when changing these default values.
Setting destinations
By default, the value for the Alias Address setting for most monitors is set
to the wildcard * Addresses, and the Alias Service Port setting is set to the
wildcard * Ports (exceptions to this rule are the WMI and Real Server
monitors). This value causes the monitor instance created for a pool or
virtual server to take that resources address or address and port as its
destination. You can, however, replace either or both wildcard symbols with
an explicit destination value, by creating a custom monitor. An explicit
value for the Alias Address and/or Alias Service Port setting is used to
force the instance destination to a specific address and/or port which may
not be that of the pool or virtual server.
The ECV monitors http, https, and tcp have the settings Send String and
Receive String for the send string and receive expression, respectively.
The most common Send String value is GET /, which retrieves a default
HTML page for a web site. To retrieve a specific page from a web site, you
can enter a Send String value that is a fully qualified path name:
"GET /www/support/customer_info_form.html"
The Receive String expression is the text string the monitor looks for in the
returned resource. The most common Receive String expressions contain a
text string that is included in a particular HTML page on your site. The text
string can be regular text, HTML tags, or image names.
The sample Receive expression below searches for a standard HTML tag:
"<HEAD>"
You can also use the default null Receive String value [""]. In this case,
any content retrieved is considered a match. If both the Send String and
Receive String are left empty, only a simple connection check is performed.
For HTTP monitors, you can use the special settings get or hurl in place of
Send String and Receive String statements, respectively.
Using transparent and reverse modes
The normal and default behavior for a monitor is to ping the destination pool
or virtual server by an unspecified route, and to mark the resource up if the
test is successful. However, with certain monitor types, you can specify a
route through which the monitor pings the destination server. You configure
this by specifying the Transparent or Reverse setting within a custom
monitor.
Chapter 11
11 - 36
Transparent setting
Sometimes it is necessary to ping the aliased destination through a
transparent pool or virtual server. When you create a custom monitor and
set the Transparent setting to Yes, the Global Traffic Manager forces
the monitor to ping through the pool or virtual server with which it is
associated (usually a firewall) to the pool or virtual server. (In other
words, if there are two firewalls in a load balancing pool, the destination
pool or virtual server is always pinged through the pool or virtual server
specified and not through the pool or virtual server selected by the load
balancing method.) In this way, the transparent pool or virtual server is
tested: if there is no response, the transparent pool or virtual server is
marked as down.
Common examples are checking a router, or checking a mail or FTP
server through a firewall. For example, you might want to check the
router address 10.10.10.53:80 through a transparent firewall
10.10.10.101:80. To do this, you create a monitor called http_trans in
which you specify 10.10.10.53:80 as the monitor destination address,
and set the Transparent setting to Yes. Then you associate the monitor
http_trans with the transparent firewall (10.10.10.101:80).
This causes the monitor to check the address 10.10.10 53:80 through
10.10.10.101:80. (In other words, the Global Traffic Manager routes the
check of 10.10.10.53:80 through 10.10.10.101:80.) If the correct
response is not received from 10.10.10.53:80, then 10.10.10.101:80 is
marked down. For more information on associating monitors with virtual
servers, see Associating monitors with resources, on page 11-38.
Reverse setting
In most monitor settings, the Global Traffic Manager considers the
resource available when the monitor successfully probes it. However, in
some cases you may want the resource to be considered unavailable after
a successful monitor test. You accomplish this configuration with the
Reverse setting. With the Reverse setting set to Yes, the monitor marks
the pool or virtual server down when the test is successful. For example,
if the content on your web site home page is dynamic and changes
frequently, you may want to set up a reverse ECV service check that
looks for the string: Error. A match for this string means that the web
server was down.
Table 11.5 shows the monitors that contain the Transparent setting, the
Reverse setting, or both.
Monitor Type Setting
Gateway ICMP Transparent N/A
TCP Transparent Reverse
HTTP Transparent Reverse
HTTPS Transparent Reverse
Table 11.5 Monitors that contain the Transparent or Reverse settings

TM
11 - 37
Configuring when a virtual server is marked down
If all iQuery
connections between a Global Traffic Manager and a BIG-IP

system are lost, by default the Global Traffic Manager marks all of the
virtual servers on the BIG-IP system as down. However, you can configure
the Global Traffic Manager so that even when all iQuery connections from
the Global Traffic Manager to the BIG-IP system are lost, the Global Traffic
Manager marks the virtual servers as down only when the monitors
associated with the virtual servers time out.
To do this, you change the value of the virtuals-depend-on-server-state
option to no. Note that even after you set this option to no, as long as the
iQuery connections between the Global Traffic Manager and the BIG-IP
system are still connected, when the Global Traffic Manager receives a
down response for a virtual server from the BIG-IP system, it immediately
marks that virtual server down.
The default value of the virtuals-depend-on-server-state option is yes. To
change the value to no, use the following tmsh command:
tmsh gtm settings general modify virtuals-depend-on-server-state no
For information about the command syntax you use to change this variable,
see the gtm settings component in the Traffic Management Shell (tmsh)
Reference Guide.
Configuring an ECV monitor to ignore a down response
By default, an ECV monitor marks a virtual server as unavailable
immediately after receiving a down response from the virtual server. If you
want to configure a Global Traffic Manager ECV monitor to allow more
than one probe attempt before a failure is detected, you can enable the
Ignore Down Response setting on the monitor. When you enable this
option, the monitor ignores a down response from the system it is
monitoring. Assuming the Interval value is a fraction of the Timeout value,
the system sends multiple probes per timeout period. The monitor only
marks the system down if it does not receive an up response within the
specified monitor timeout period.
TCP Transparent Reverse
TCP Half Open Transparent N/A
UDP Transparent N/A
Monitor Type Setting
Table 11.5 Monitors that contain the Transparent or Reverse settings
Chapter 11
11 - 38
To configure an ECV monitor to ignore a down response
click Monitors.
The main screen for monitors opens.
2. Click the name of the monitor that you want to configure.
The properties screen for the monitor appears.
4. For Ignore Down Response setting, click the Yes button.
Associating monitors with resources
Once you create a monitor and configure its settings, the final task is to
associate the monitor with the resources to be monitored. The resources that
can be monitored are nodes, servers, pools, pool members, and links.
When you associate a monitor with a resource, the Global Traffic Manager
automatically creates an instance of that monitor for that resource.
Therefore, you can have multiple instances of the same monitor.
The Configuration utility allows you to disable an instance of a monitor that
is running on a server. This allows you to suspend health or performance
checking, without having to actually remove the monitor association. When
you are ready to begin monitoring that server again, you simply re-enable
that instance of the monitor.
Types of monitor associations
Some monitor types are designed for association only with nodes (IP
address), while other monitor types are intended for association only with
pools and virtual servers (IP address and service port). Therefore, when you
use the Configuration utility to associate a monitor with a pool or virtual
server, the utility displays only those pre-configured monitors that are
designed for association with that object type. For more information about
the monitors that you can assign to different objects, see Table 11.1, on page
11-2.
The types of monitor associations are:
Monitor-to-pool association
Links a monitor with an entire load balancing pool. In this case, the
monitor checks all members of the pool. For example, you can create an
instance of the monitor http for the pool my_pool, thus ensuring that all
members of that pool are checked.

TM
11 - 39
Monitor-to-pool member association
Links a monitor with a pool member within a given pool. For example,
you can create an instance of the monitor FTP for specific pools within
the pool my_pool, ensuring that only specific pool members are verified
as available through the FTP monitor.
Monitor-to-virtual server association
Links a monitor with a specific virtual server. In this case, the monitor
checks only the virtual server itself, and not any services running on that
virtual server. For example, you can create an instance of the monitor
http for virtual server 10.10.10.10. In this case, the monitor checks the
specific virtual server only, and not any services running on that virtual
server.
Chapter 11
11 - 40
Managing monitors
The procedures for adding and removing monitors are specific to the
resource. See Chapter 5, Defining the Physical Network, and Chapter 6,
Defining the Logical Network, for information on adding and removing
monitors from a resource.
In addition to adding and removing monitors from network resources, you
can interact with monitors in the following ways:
Displaying monitor settings
Deleting monitors
Enabling and disabling monitor instances
Displaying monitor settings
Because you can create a large number of monitors to accurately track the
performance and availability of your network resources, it is helpful to view
monitor settings to determine if a given monitor is the correct one for a
given resource.
To display the settings of a monitor
click Monitors.
2. Click a monitor name.
The properties screen of the monitor opens.
Deleting monitors
In the event that your configuration of the Global Traffic Manager no longer
requires a specific monitor, you can delete the monitor. You cannot delete a
monitor that has one or more instances assigned to resources on your
network. See Chapter 5, Defining the Physical Network, and Chapter 6,
Defining the Logical Network, for information on adding and removing
monitors from a resource.
To delete a monitor
click Monitors.
2. Check the Select box for the monitor that you want to delete.
A confirmation message opens.
4. Click the Delete button to delete the monitor.

TM
11 - 41
Enabling and disabling monitor instances
When you add a monitor to a resource, the Global Traffic Manager creates a
copy of that monitor, or instance, and assigns it to that resource. You can
enable or disable these instances as needed. For example, if you wanted to
temporarily suspend the monitoring of a given virtual server that is
undergoing maintenance, you can disable the monitor for that virtual server
and then re-enable it when the maintenance is complete.
To enable or disable a monitor instance
click Monitors.
2. Click a monitor name in the list.
The properties screen for the monitor opens.
3. On the menu bar, click Instances.
The monitor instance screen opens.
4. For the instance you want to manage, check the Select box.
5. Click the Enable or Disable button, as appropriate.
Chapter 11
11 - 42
12
Viewing Statistics
Introducing statistics
Accessing statistics
Viewing the Status Summary screen
Understanding the types of statistics
Understanding persistence records
Viewing Statistics

TM
12 - 1
Introducing statistics
One of the most important aspects of managing a network is timely access to
accurate information on network performance. This information can verify
that the Global Traffic Manager is handling your name resolution requests
as efficiently as possible, as well as provide data on the overall performance
of a specific resource, such as a data center or distributed application.
The Global Traffic Manager gathers statistical data on multiple aspects of
your network. You access these statistics through the statistics screen. The
types of statistics you can select from this screen include:
A summary of network components, as defined in the Global Traffic
Manager
Wide IPs
Pools
Data centers
Links
Servers
Virtual servers
iRules
Paths
Local DNS
The Global Traffic Manager also contains persistence records. A persistence
record provides information on network load balancing when the
persistence option is enabled for a given pool or virtual server. This option
ensures that the system sends name resolution from the same source within a
given session to the same resource on your network.
The Global Traffic Manager gathers statistics through a software component
called the big3d agent. This agent probes the various monitors that you
assign to your network components, and returns statistics based on those
monitors. The gtmd utility manages those monitors, determining when to
probe and when to time out the probe attempts.
Statistics are often paired with metrics collection; however, the two have
different roles. Statistics pertain to a broad set of data that focuses on how
often a given set of resources are used and how well those resources are
performing. Metrics collection, on the other hand, focuses specifically on
data that relates to overall communication between the Global Traffic
Manager and a Local DNS. Unlike statistics, metrics collection is designed
to provide performance data, as opposed to usage or historical data. See
Chapter 13, Collecting Metrics, for more information on metrics.
Chapter 12
12 - 2
Accessing statistics
You can access Global Traffic Manager statistics in two ways:
Through the Statistics option on the Main tab of the navigation pane
Through the Statistics menu from various main screens for different
components
Both methods take you to the same screen within the Global Traffic
Manager. When you access statistics through a menu on the main screen for
a given network component, the Statistics screen is pre-configured for the
given network element, although you can switch to a different set of
statistics at any time.
Additionally, you can use the search feature to locate a specific component
or group of components. The default search value is an asterisk (*), which
instructs the system to display all relevant components in a list. You can
type a string in the box, and when you click the Search button, the system
modifies the list to show only those components that match the string. For
more information about how the search feature works, see Locating a
component using the search feature, on page 2-6.
Tip
You can also access statistics from the command line using the tmsh
command show. For more information about viewing statistics using tmsh,
see the Traffic Management Shell (tmsh) Reference Guide.
To access statistics through the Main tab
1. On the Main tab of the navigation pane, expand Overview and click
Statistics.
The Statistics screen opens.
2. On the menu bar, click Global Traffic.
The Statistics screen for Global Traffic opens.
3. From the Statistics Type list, select the type of statistics you want
to view.
These statistics are described in later sections of this chapter.
4. Select the data format in which you want to view the statistics:
If you select Normalized, the Global Traffic Manager rounds the
data to the nearest digit.
If you select Unformatted, the Global Traffic Manager displays
the exact value to as many decimal places as the value requires.
5. From the Auto Refresh list, select the frequency at which the
Global Traffic Manager refreshes data on the screen.
If you select Disabled from this list, the system does not refresh the
screen; instead, you can click the Refresh button to update the
screen with the latest statistical data.
Viewing Statistics

TM
12 - 3
To access statistics through a components main screen
click a component, such as Wide IPs.
The main screen for the component opens.
2. On the menu bar, click Statistics.
The Statistics screen opens displaying statistics relevant to the
component.
3. Select the data format in which you want to view the statistics:
If you select Normalized, the Global Traffic Manager rounds the
data to the nearest digit.
If you select Unformatted, the Global Traffic Manager displays
the exact value to as many decimal places as the value requires.
4. From the Auto Refresh list, select the frequency at which the
Global Traffic Manager refreshes data on the screen.
If you select Disabled from this list, the system does not refresh the
screen; instead, you can click the Refresh button to update the
screen with the latest statistical data.
Viewing the Status Summary screen
As you track the performance of your data centers, virtual servers, and other
resources, you may find it helpful to have a single screen in which you can
get a snapshot of overall resource availability. In the Global Traffic
Manager, you can view this data on the Status Summary screen.
The Status Summary screen consists of a Global Traffic Summary table that
contains the following information:
Object Type
The Object Type column describes the specific resource type. These
types are: distributed application, wide IPs, pools, data centers, links, and
servers.
Total
The Total column describes the total number of resources of the type
corresponding to the Object Type column, regardless of whether the
resource is available.
Available
The Available column describes the total number of resources of the type
corresponding to the Object Type column that the Global Traffic
Manager can verify as available.
Unavailable
The Unavailable column describes the total number of resources of the
type corresponding to the Object Type column that the Global Traffic
Manager can verify as unavailable.
Chapter 12
12 - 4
Offline
The Offline column describes the total number of resources of the type
Manager can verify as offline.
Unknown
The Available column describes the total number of resources of the type
Manager can verify as available.
Each value within the Total, Available, Unavailable, Offline, and Unknown
columns is a link. When you click the link, you access the main screen for
that resource, with the list of resources filtered to show only those resources
with the corresponding status. For example, if the Available column for data
centers has a value of 5, clicking the 5 brings up a filtered main screen for
data centers that shows only the five data centers that are available.
Understanding the types of statistics
You can view a variety of statistics through the Global Traffic Manager,
including:
The statistics for distributed applications provide you with information
on what distributed applications exist, what wide IPs make up that
application, and how the Global Traffic Manager has load balanced
traffic to the application.
Wide IPs
The statistics for wide IPs provide you with information on what wide
IPs exist and how the Global Traffic Manager has load balanced traffic to
the wide IP.
Pools
The statistics for pools provide details on how the Global Traffic
Manager has load balanced traffic to each pool.
Data centers
The statistics for data centers revolve around the amount of traffic
flowing to and from each data center.
Links
The statistics for links focus on how much traffic is flowing in and out
through a specific link to the Internet.
Servers
The statistics for servers display the amount of traffic flowing to and
from each server.
Virtual servers
The statistics for virtual servers provide information on the amount of
traffic flowing to and from each virtual server.
Viewing Statistics

TM
12 - 5
Paths
The statistics for paths provide information on how quickly traffic moves
between a Local DNS and a resource for which the Global Traffic
Manager is responsible.
Local DNS
The statistics for local DNS servers provide location details related to the
different Local DNS servers that communicate with the Global Traffic
Manager.
Distributed application statistics
The Global Traffic Manager captures several statistics related to the
performance of a distributed application. You can use these statistics to see
how many resolution requests have been sent for the application, and how
the system has load balanced these requests. You can access the wide IP
statistics by selecting Distributed Applications from the Statistics Type
list in the Statistics screen. For information on accessing the Statistics
screen, see Accessing statistics, on page 12-2.
As an example of distributed application statistics, consider the fictional
company SiteRequest. The IT department at SiteRequest has a distributed
application, downloader, which contains multiple wide IPs associated with
the viewing and downloading of SiteRequest applications. The wide IPs in
the downloader application use the Global Availability load balancing
mode. This mode sends all name resolution requests for this wide IP to a
specific pool until that pool is unavailable. Because the distributed
application is critical to SiteRequests operations, the IT department wants
to track traffic to the application and ensure that it is being managed
effectively. The distributed applications statistics provide the IT department
the information they need to see how many requests are being sent for the
application, allowing them to plan additional resource allocations more
effectively.
The distributed application statistics screen consists of a Distributed
Application Statistics table. This table contains the following information:
Status
The Status column indicates the current status of the wide IP. The
available status types are: Available, Unavailable, Offline, and
Unknown. Each status type is represented by a symbol; for example, the
available status type is represented by a green circle.
Distributed Application
The Distributed Application column displays the name of an application
for which the Global Traffic Manager is responsible. Each name appears
as a link. When you click the link, the properties screen for the
distributed application opens.
Members
The Members column provides a link that opens a wide IP details screen
for the distributed application. This screen displays load balancing
Chapter 12
12 - 6
statistics for each pool within the distributed application. You can return
to the main distributed application statistics screen by clicking the Back
button in the Display Options area of the screen.
Requests
The Requests column displays the cumulative number of DNS requests
sent to the distributed application.
Load Balancing
The Load Balancing column provides information on how the Global
Traffic Manager load balanced connection requests to this resource. This
column consists of four subcolumns:
The Preferred subcolumn displays the cumulative number of requests
that the Global Traffic Manager load balanced with the preferred load
balancing method.
The Alternate subcolumn displays the cumulative number of requests
that the Global Traffic Manager load balanced with the alternate load
balancing method.
The Fallback subcolumn displays the cumulative number of requests
that the Global Traffic Manager load balanced with the Fallback load
balancing method.
The Returned to DNS subcolumn displays the cumulative number of
requests that the Global Traffic Manager did not resolve and returned
to the Domain Name Server (DNS).
Wide IP statistics
The Global Traffic Manager captures several statistics related to the
performance of a wide IP. These statistics primarily focus on how many
resolution requests have been sent for the wide IP, and how the Global
Traffic Manager has load balanced these requests. You can access the wide
IP statistics by selecting Wide IPs from the Statistics Type list in the
Statistics screen. For information on accessing the Statistics screen, see
Accessing statistics, on page 12-2.
As an example of wide IP statistics, consider the fictional company
SiteRequest. The IT department at SiteRequest has a wide IP,
www.siterequest.com, which uses the Global Availability load balancing
mode. This mode sends all name resolution requests for this wide IP to a
specific pool until that pool is unavailable. Because the wide IP,
www.siterequest.com, is critical to SiteRequests operations, the IT
department wants to track traffic to the wide IP and ensure that the primary
pool is not at risk of getting overloaded. The wide IP statistics provide the
IT department the information they need to see how many requests are being
sent for the wide IP, allowing them to plan additional resource allocations
more effectively.
Viewing Statistics

TM
12 - 7
The wide IP statistics screen consists of a Wide IP Statistics table. This table
Status
The Status column indicates the current status of the wide IP. The
Wide IP
The Wide IP column displays the name of a wide IP for which the Global
Traffic Manager is responsible. Each name appears as a link. When you
click the link, the properties screen for the wide IP opens.
Pools
The Pools column provides a link that opens a pool details screen for the
wide IP. This screen displays load balancing statistics for each pool
within the wide IP. You can return to the main wide IP statistics screen
by clicking the Back button in the Display Options area of the screen.
Requests
The Requests column displays the cumulative number of DNS requests
sent to the wide IP.
Requests Persisted
The Requests Persisted column displays the cumulative number of
requests that persisted. Persisted requests use the same pool during a
connection session.
Load Balancing
balancing method.
balancing method.
balancing method.
Chapter 12
12 - 8
Pool statistics
The pool statistics available through the Global Traffic Manager focus on
how the Global Traffic Manager has load balanced name resolution
requests. You can access the pool statistics by selecting Pools from the
Statistics Type list in the Statistics screen. For information on accessing the
Statistics screen, see Accessing statistics, on page 12-2.
As an example of pool statistics, consider the fictional company
SiteRequest. The IT department at SiteRequest has a wide IP,
www.siterequest.com, which contains pools that use the dynamic load
balancing mode, Quality of Service. This mode acquires statistical data on
response times between the Global Traffic Manager and a Local DNS server
sending a name resolution request. There has been some concern of late as
to how well this new load balancing mode is working and if the Global
Traffic Manager is able to gather the statistical information it needs to load
balance with this mode, or if it has to resort to an alternate or fallback
method. By using the pool statistics screen, the IT department can track how
many name resolution requests are load balanced using the preferred Quality
of Service method, and how many are load balanced using another method.
The pool statistics screen consists of a Pool Statistics table. This table
Status
The Status column indicates the current status of the pool. The available
status types are: Available, Unavailable, Offline, and Unknown. Each
status type is represented by a symbol; for example, the available status
type is represented by a green circle.
Pool
The Pool column displays the name of a wide IP for which the Global
click the link, the properties screen for the pool opens.
Members
The Members column provides a link that opens a virtual server details
screen for the pool. This screen displays connection statistics for each
virtual server within the pool, including the number of times the virtual
server was selected for a name resolution request and the amount of
traffic flowing from and to the virtual server. You can return to the main
wide IP statistics screen by clicking the Back button in the Display
Options area of the screen.
Load Balancing
balancing method.
balancing method.
Viewing Statistics

TM
12 - 9
balancing method.
Data center statistics
Data center statistics revolve around the amount of traffic flowing to and
from each data center. This information can tell you if your resources are
distributed appropriately for your network. You can access the data center
statistics by selecting Data Centers from the Statistics Type list in the
Statistics screen. For information on accessing the Statistics screen, see
Accessing statistics, on page 12-2.
As an example of how the statistics for data centers can help you manage
your network resources, consider the fictional company SiteRequest.
SiteRequest has decided that its New York data center should handle all
name resolution requests originating in North America. However, since a
new marketing campaign started in the United States and the IT department
is concerned it might overload the data center. By using the data center
statistics, the IT department can track the overall amount of traffic that the
New York data center is handling, allowing them to make adjustments to
their load balancing methods in a timely manner.
The data center statistics screen consists of a Data Center Statistics table.
This table contains the following information:
Status
The Status column indicates the current status of the data center. The
Data Center
The Data Center column displays the name of a data center. Each name
appears as a link. When you click the link, the properties screen for the
data center opens.
Servers
The Servers column provides a link that opens a server details screen for
the data center. This screen displays connection statistics for each server
at a data center, including the number of times the server was selected for
a name resolution request and the amount of traffic flowing from and to
the server. You can return to the main data center statistics screen by
clicking the Back button in the Display Options area of the screen.
Connections
The Connections column displays the cumulative number of requests that
the Global Traffic Manager resolved using a resource from the
corresponding data center.
Chapter 12
12 - 10
Throughput (bits/sec)
The Throughput (bits/sec) column contains two subcolumns:
The In column displays the cumulative number of bits per second sent
to the data center.
The Out column displays the cumulative number of bits per second
sent from the data center.
Throughput (packets/sec)
The Throughput (packets/sec) column contains two subcolumns:
The In column displays the cumulative number of packets per second
sent to the data center.
The Out column displays the cumulative number of packets per
second sent from the data center.
Link statistics
Link statistics focus on how much traffic is flowing in and out through a
specific link to the Internet. This information can help you prevent a link
from getting over-used, saving your organization from higher bandwidth
costs. You can access the link statistics by selecting Links from the
Statistics Type list in the Statistics screen. For information on accessing the
Statistics screen, see Accessing statistics, on page 12-2.
As an example of how the statistics for data centers can help you manage
your network resources, consider the fictional company SiteRequest.
SiteRequest has two links with two different Internet Service Providers
(ISPs). The primary ISP is paid in advance for a specific amount of
bandwidth usage. This allows SiteRequest to save money, but if the
bandwidth exceeds the prepaid amount, the costs increase considerably. As
a result, the IT department uses a second ISP, which has a slower connection
but considerably lower costs. By using the links statistics, the IT department
can ensure that links to the Internet are used as efficiently as possible.
The link statistics screen consists of a Link Statistics table. This table
Status
The Status column indicates the current status of the link. The available
status types are: Available, Unavailable, Offline, and Unknown. Each
status type is represented by a symbol; for example, the available status
type is represented by a green circle.
Link
The Link column displays the name of a link for which the Global
click the link, the properties screen for the link opens.
The Throughput (bits/sec) column contains four subcolumns:
to the data center.
Viewing Statistics

TM
12 - 11
sent from the data center.
The Total column displays the cumulative number of both incoming
and outgoing bits per second for the link.
The Over Prepaid column displays the amount of traffic, in bits per
second, that has exceeded the prepaid traffic allotment for the link.
In addition to viewing the link data as a table, you can also view it in a graph
format. To use this format, click the Graph button. A graph screen opens,
which shows the amount of traffic used over time. You can change the
amount of time shown in the graph by selecting a value from the Graph
Interval list, located in the Display Options area of the screen.
Server statistics
With server statistics, you can analyze the amount of traffic flowing to and
from each server. This information can tell you if your resources are
distributed appropriately for your network. You can access the server
statistics by selecting Servers from the Statistics Type list in the Statistics
screen. For information on accessing the Statistics screen, see Accessing
statistics, on page 12-2.
As an example of how the statistics for servers can help you manage your
network resources, consider the fictional company SiteRequest. The IT
department at SiteRequest is considering whether it needs a few more
servers to better manage name resolution requests; however, there is some
debate as to whether the servers should be consolidated at the New York
data center (which the New York team prefers) or spread out over all of the
data centers. It is also possible that an under-utilized server at one data
center might be moved to another data center. By using the server statistics,
the IT department can look at how much traffic is handled by each server,
giving them the information they need to decide where these new servers, if
any, should go.
The server statistics screen consists of a Server Statistics table. This table
Status
The Status column indicates the current status of the server. The
Server
The Server column displays the name of a server for which the Global
click the link, the properties screen for the server opens.
Virtual Servers
The Virtual Servers column provides a link that opens a virtual server
details screen for the server. This screen displays connection statistics for
each virtual server at a data center, including the number of times the
Chapter 12
12 - 12
virtual server was selected for a name resolution request and the amount
of traffic flowing from and to the server. You can return to the main data
center statistics screen by clicking the Back button in the Display
Options area of the screen.
Picks
The Picks column displays the cumulative number of times the Global
Traffic Manager picked a server to handle a name resolution request.
Connections
to the server.
sent from the server.
sent to the server.
second sent from the server.
Virtual server statistics
Virtual server statistics provide information on the amount of traffic flowing
to and from each virtual server. This information can tell you if your
resources are distributed appropriately for your network. You can access the
virtual server statistics by selecting Virtual Servers from the Statistics
Type list in the Statistics screen. For information on accessing the Statistics
screen, see Accessing statistics, on page 12-2.
network resources, consider the fictional company SiteRequest. SiteRequest
recently added a Local Traffic Manager to their Tokyo data center. The IT
department wants to see how well the new system is handling the traffic, and
if it can perhaps be utilized to handle traffic for a new wide IP,
www.SiteRequestAsia.com. After installing the Local Traffic Manager and
adding it to the Global Traffic Manager as a server, the IT department can
use the virtual server statistics to monitor the performance of the virtual
servers that compose the new Local Traffic Manager, allowing them to
determine if more resources are required for the new wide IP.
The server statistics screen consists of a Virtual Server Statistics table. This
table contains the following information:
Viewing Statistics

TM
12 - 13
Status
The Status column indicates the current status of the server. The
Virtual Server
The Virtual Server column displays the name of a virtual server for
which the Global Traffic Manager is responsible. Each name appears as a
link. When you click the link, the properties screen for the virtual server
opens.
Server
The Servers column provides a link that opens a server details screen for
the data center. This screen displays connection statistics for each server
at a data center, including the number of times the server was selected for
a name resolution request and the amount of traffic flowing from and to
the server. You can return to the main data center statistics screen by
clicking the Back button in the Display Options area of the screen.
Picks
The Picks column displays the cumulative number of times the Global
Traffic Manager picked a server to handle a name resolution request.
Connections
to the server.
sent from the server.
sent to the server.
second sent from the server.
Paths statistics
The paths statistics captured by the Global Traffic Manager provide
information on how quickly traffic moves between a local DNS and a
resource for which the Global Traffic Manager is responsible. Information
presented in the paths statistics screen includes details on round trip times
(RTT), hops, and completion rates. You can access the paths statistics by
Chapter 12
12 - 14
selecting Paths from the Statistics Type list in the Statistics screen. For
information on accessing the Statistics screen, see Accessing statistics, on
page 12-2.
Paths statistics are primarily used when you employ a dynamic load
balancing mode for a given wide IP or pool. You can use the information in
the Paths statistics to get an overall sense of how responsive your wide IPs
are in relation to the Local DNS servers that have been sending name
resolution requests to a wide IP.
The paths statistics screen consists of a paths statistics table. This table
Local DNS Address
The Local DNS Address column displays the IP address of each Local
DNS that has sent a name resolution request for a wide IP for which the
Global Traffic Manager is responsible.
Link
The Link column displays the ISP link that the Global Traffic Manager
used to send and receive data from the Local DNS.
Round Trip Time (RTT)
The Round Trip Time (RTT) column contains two subcolumns:
The Current subcolumn displays the current round trip time between
the Local DNS and the Global Traffic Manager.
The Average subcolumn displays the average round trip time between
Hops
The Hops column contains two subcolumns:
The Current subcolumn displays the current number of hops between
The Average subcolumn displays the average number of hops
between the Local DNS and the Global Traffic Manager.
Completion Rate
The Completion Rate column contains two subcolumns:
The Current subcolumn displays the current completion rate of
transactions between the Local DNS and the Global Traffic Manager.
The Average subcolumn displays the average completion rate of
transactions between the Local DNS and the Global Traffic Manager.
Last Probe Time
The Last Probe Time column displays the last time the Global Traffic
Manager probed the Local DNS for metrics data.
Viewing Statistics

TM
12 - 15
Local DNS statistics
The Local DNS statistics screen provides location details related to the
different Local DNS servers that communicate with the Global Traffic
Manager. These statistics include the geographical location of the Local
DNS as well as the last time that Local DNS accessed the Global Traffic
Manager. You can access the local DNS statistics by selecting Local DNS
from the Statistics Type list in the Statistics screen. For information on
accessing the Statistics screen, see Accessing statistics, on page 12-2.
network resources, consider the fictional company SiteRequest. SiteRequest
is currently considering whether it needs a new data center in North
America to ensure that its customers can access SiteRequests web site as
effectively as possible. To help make their decision, the IT department use
the Local DNS statistics to see where most of their European traffic is
coming from. By using these statistics, the IT department discovers that a
high concentration of Local DNS servers accessing SiteRequest are in the
southwest United States. This information proves helpful in determining that
a new data center in Las Vegas might be appropriate.
The local DNS statistics screen consists of a local DNS statistics table. This
IP Address
The IP Address column displays the IP address of each Local DNS that
has sent a name resolution request for a wide IP for which the Global
Traffic Manager is responsible.
Requests
The Requests column displays the number of times this Local DNS has
made a name resolution request that the Global Traffic Manager handled.
Last Accessed
The Last Accessed column displays the last time the Local DNS
attempted a connection to the Global Traffic Manager.
Location
The Location column contains four subcolumns:
The Continent subcolumn displays the continent on which the Local
DNS resides.
The Country subcolumn displays the country in which the Local DNS
is located.
The State subcolumn displays the state in which the Local DNS is
located.
The City subcolumn displays the city in which the Local DNS is
located.
Chapter 12
12 - 16
Understanding persistence records
One of the common methods of modifying name resolution requests with
the Global Traffic Manager is to activate persistent connections. A
persistent connection is a connection in which the Global Traffic Manager
sends name resolution requests from a specific Local DNS to the same set of
resources until a time-to-live value has been reached. If you use persistent
connections in your configuration of the Global Traffic Manager, you may
want to see what persistent connections are currently active on your
network. You can access the persistence records by selecting Persistence
Records from the Statistics Type list in the Statistics screen. For
information on accessing the Statistics screen, see Accessing statistics, on
page 12-2.
The persistence records screen consists of a persistence records table. This
Local DNS Address
The LDNS Address column displays the IP address of each Local DNS
that has sent a name resolution request for a wide IP for which the Global
Traffic Manager is responsible.
Level
The Level column displays the level at which the persistent connection is
based. Available types are wide IPs and distributed applications.
Destination
The Destination column displays the wide IP or distributed application to
which the name resolution request was directed.
Target Type
The Target Type column displays the type of resource on which
persistence is based. Examples of target types include data centers,
servers, pools, and virtual servers.
Target Name
The Target Name column displays the name of the resource on which
persistence is based.
Expires
The Expires column displays the time at which the persistence for the
given LDNS request expires.
13
Collecting Metrics
Introducing metrics collection
Defining metrics
Assigning probes to local domain name servers
Configuring TTL and timer values
Excluding LDNS servers from probes
Collecting Metrics

TM
13 - 1
Introducing metrics collection
In Chapter 11, Configuring Monitors, we described how the Global Traffic
Manager system uses specialized software components, called monitors,
to capture data regarding the availability of a resource, such as a virtual
server. Monitors represent one half of the statistical gathering capabilities of
the Global Traffic Manager. The second half, metrics collection, captures
data on how well network traffic flows between the Global Traffic Manager
and the external Local Domain Name Systems (LDNS) servers and internal
resources with which it communicates.
The resources you make available to your users over the Internet are often
critical to your organization; consequently, it is vital that these resources are
not only available, but highly responsive to your users. Typically, two main
criteria determine the responsiveness of a resource: hops and paths. A hop is
one point-to-point transmission between a host and a client server in a
network. A network path that includes a stop at a network router has two
hops: the first from the client to the router, and the second from the router to
the host server. A path is a logical network route between a data center
server and a local DNS server.
It is important to remember that hops and paths can differ from each other
widely on a per-connection basis. For example, an LDNS might take a long
path to reach a specific resource, but require only a few hops to get there. On
the other hand, that same LDNS might select a short path, yet have to move
between a larger number of routers, increasing the number of hops it takes to
reach the resource. It is up to you to determine what thresholds for hops and
paths are acceptable for your network, as the needs of each network, and
even each application within the same network, can vary widely.
Through the metrics collection capabilities of the Global Traffic Manager,
you can accomplish several tasks related to improving the availability and
responsiveness of your network applications and resources. You can:
Define the types of metrics that the Global Traffic Manager collects, and
how long the system keeps those metrics before acquiring fresh data.
Assign probes to LDNS servers that attempt to acquire the metrics
information.
Configure Time-to-Live (TTL) values for your metrics data.
Exclude specific LDNS servers from Global Traffic Manager probes.
Implement the Quality of Service load balancing mode, which uses
metrics to determine the best resource for a particular name resolution
request.
Chapter 13
13 - 2
Defining metrics
When you decide to use the Global Traffic Manager to collect metrics on the
LDNS servers that attempt to access your network resources, you can define
the following characteristics:
Types of metrics collected (either hops, paths, both, or disabled)
Time-to-live (TTL) values for each metric
Frequency at which the system updates the data
Size of a packet sent (relevant for hop metrics only)
Length of time that can pass before the system times out the collection
attempt
Number of packets sent for each collection attempt
While each of these settings is important, the ones that perhaps require the
most planning beforehand are the TTL values. In general, the lower the TTL
value, the more often the Global Traffic Manager probes an LDNS. This
improves the accuracy of the data, but increases bandwidth usage.
Conversely, increasing the TTL value for a metric lowers the bandwidth
your network uses, but increases the chance that the Global Traffic Manager
is basing its load balancing operations off of stale data
An additional consideration is the number of LDNS servers that the Global
Traffic Manager queries. The more LDNS servers that the system queries,
the more bandwidth is required to ensure those queries are successful.
Therefore, setting the TTL values for metrics collection can require
incremental fine-tuning. F5 Networks recommends that you periodically
check the TTL values, and verify that they are appropriate for your network.
To define metrics
Configuration.
The General properties screen opens.
2. From the Global Traffic menu, choose Metrics Collection.
The metrics collection screen opens.
3. In the Configuration area, assign values to the metrics-related
settings.
For detailed information about these settings, see the online help.
4. Click the Update button.
Collecting Metrics

TM
13 - 3
Assigning probes to local domain name servers
To capture accurate metrics data from the local domain name servers
(LDNS servers) that send name resolution request to the Global Traffic
Manager, you assign probes to each LDNS. A probe is a software
component that employs a specific methodology to learn more about an
LDNS.
You can assign one or more of the following probes to query LDNS servers:
DNS_REV
The DNS_REV probe sends a DNS message to the probe target LDNS
querying for a resource record of class IN, type PTR. Most versions of
DNS answer with a record containing their fully-qualified domain name.
The system makes these requests only to measure network latency and
packet loss; it does not use the information contained in the responses.
DNS_DOT
The DNS.DOT probe sends a DNS message to the probe target LDNS
querying for a dot (.). If the LDNS is not blocking queries from unknown
addresses, it answers with a list of root name servers. The system makes
these requests only to measure network latency and packet loss; it does
not use the information contained in the responses.
UDP
The UDP probe uses the user datagram protocol (UDP) to query the
responsiveness of an LDNS. The UDP protocol provides simple but
unreliable datagram services. The UDP protocol adds a checksum and
additional process-to-process addressing information. UDP is a
connectionless protocol which, like TCP, is layered on top of IP. UDP
neither guarantees delivery nor requires a connection. As a result, it is
lightweight and efficient, but the application program must take care of
all error processing and retransmission.
TCP
The TCP probe uses the transmission control protocol (TCP) to query the
responsiveness of an LDNS. The TCP protocol is the most common
transport layer protocol used on Ethernet and Internet. The TCP protocol
adds reliable communication, flow-control, multiplexing, and
connection-oriented communication. It provides full-duplex,
process-to-process connections. TCP is connection-oriented and
stream-oriented.
ICMP
The ICMP probe uses the Internet control message protocol (ICMP) to
query the responsiveness of an LDNS. The ICMP protocol is an
extension to the Internet Protocol (IP). The ICMP protocol generates
error messages, test packets, and informational messages related to IP.
With these probes, it does not matter if the Global Traffic Manager receives
a valid response, such as the name of the LDNS, as queried by the
DNS_REV probe, or a request refused statement. The relevant information
is the metrics generated between the probe request and the response. For
example, the Global Traffic Manager uses the DNS_REV probe to query
Chapter 13
13 - 4
two LDNS servers. The first LDNS responds to the probe with its name, as
per the request. The second LDNS, however, responds with a request
refused statement, because it is configured to not allow such requests. In
both cases, the probe was successful, because the Global Traffic Manager
was able to acquire data on how long it took for both LDNS servers to
respond to the probe.
You can configure the Global Traffic Manager to use a select number of
probes, or you can assign all five. The more probes that the Global Traffic
Manager uses, the more bandwidth is required.
To assign a probe
Configuration.
The General screen opens.
3. In the Local DNS (LDNS) area, use the options provided in the
Metrics Collection Protocol option to assign the relevant probes.
4. In the Metrics Caching box, define the number of seconds for
which the Global Traffic Manager keeps the collected metrics data.
This value determines how often the system probes a given LDNS.
The default value is 3600 seconds, or one hour.
5. In the Inactive Local DNS TTL box, define the number of seconds
for which an LDNS can be inactive before the Global Traffic
Manager considers it inactive.
The Global Traffic Manager stops probing LDNS servers that are
considered inactive. The default value is 2419200, or 28 days.
Collecting Metrics

TM
13 - 5
Configuring TTL and timer values
Each resource in the Global Traffic Manager has an associated time-to-live
(TTL) value. A TTL is the amount of time (measured in seconds) for which
the system considers metrics valid. The timer values determine how often
the Global Traffic Manager refreshes the information.
Table 13.1 describes each TTL value, as well as its default setting.
Each resource also has a timer value. A timer value defines the frequency
(measured in seconds) at which the Global Traffic Manager refreshes the
metrics information it collects. In most cases, the default values for the TTL
and timer parameters are adequate. However, if you make changes to any
TTL or timer values, keep in mind that an objects TTL value must be
greater than its timer value.
Table 13.2 describes each timer value, as well as its default setting.
Parameter Description Default number of
seconds
Hops TTL Specifies how often the Global Traffic Manager probes hops. 604800
(seven days)
Paths TTL Specifies how often the Global Traffic Manager probes paths. 2400
Inactive Path TTL Specifies the number of seconds that a path remains in the
cache after its last access.
604800
(seven days)
Inactive Local DNS TTL Specifies the number of seconds that a local DNS remains in
the cache after its last access.
2419200
(28 days)
Table 13.1 TTL values and default settings
Parameter Description Default
Metrics Caching Specifies the interval (in seconds) at which the Global Traffic Manager
archives the paths and metrics data.
This setting is available in the Local DNS (LDNS) section at the
bottom of the Configuration: Global Traffic: Metrics Collection
screen.
3600
Paths retry Specifies how long (in seconds) the BIG-IP system waits before
attempting another probe, if a previous probe failed.
120
Timeout Specifies the number of seconds that the big3d agent waits for a
probe.
3
Table 13.2 Time values and default settings
Chapter 13
13 - 6
To configure global TTL and timer values
Configuration.
3. Add the TTL and timer values settings.
For help on configuring the TTL and timer values settings, see the
online help.
Excluding LDNS servers from probes
When the Global Traffic Manager attempts to probe a local domain name
system (LDNS), it is actively attempting to acquire data from that LDNS.
Certain Internet Service Providers and other organizations might request
that you do not probe their LDNS servers, while other LDNS servers might
be known to act as proxies, which do not provide accurate metrics data. In
these situations, you can configure the Global Traffic Manager to exclude
LDNS servers from probes. When you exclude an LDNS, the Global Traffic
Manager does not probe that system; however, the Global Traffic Manager
is also unable to use the Quality of Service load balancing mode to load
balance name resolution request from that LDNS.
To exclude an LDNS from probes
Configuration.
3. In the Address Exclusions area, in the IP Subnet box, type the IP
address and subnet that contains the LDNS servers you want to
exclude.
4. Click the Add button to add the LDNS or network segment to the
address exclusion list.
Collecting Metrics

TM
13 - 7
Removing LDNS servers from the address exclusion list
You can remove an LDNS from the address exclusion list at any time.
Situations in which you want to remove the LDNS include the LDNS
becoming inactive, or the IP address of the LDNS changing to a different
network subnet.
To remove an LDNS from the address exclusion list
Configuration.
3. In the Address Exclusion area, select the LDNS that you want to
Chapter 13
13 - 8
14
Introducing performance data graphs
Viewing performance data

TM
14 - 1
Introducing performance data graphs
Chapter 13, Collecting Metrics, describes how the Global Traffic
Manager captures data on how network traffic flows between the Global
Traffic Manager and the external Local Domain Name Systems (LDNS)
servers and internal resources with which it communicates.
You can view graphs that display information about how the Global Traffic
Manager is performing. You can use this information to help you determine
how to modify the configuration to obtain the best possible performance
from the system.
Viewing performance data
The Global Traffic Manager provides two types of performance data graphs
on the performance screen: the GTM Performance and GTM Request
Breakdown graphs. You can view detailed versions of each graph by
clicking the View Detailed Graph link.
About the GTM Performance graph
The GTM Performance graph shows the throughput of the Global Traffic
Manager. The graph includes the following data:
GTM Requests
Represents the number of incoming DNS requests.
GTM Resolutions
Represents the number of incoming DNS requests that were resolved by
any method.
GTM Resolutions Persisted
Represents the number of incoming DNS requests that were resolved by
a persistence record.
GTM Resolutions Returned to DNS
Represents the number of incoming DNS requests that were not resolved
by the Global Traffic Manager, but were instead passed on to the DNS
server for resolution.
About the GTM Request Breakdown graph
The GTM Request Breakdown graph includes the following data:
GTM Type A - IPv4 Requests
Represents IPv4-formatted requests.
GTM Type AAAA/A6 - IPv6 Requests
Represents IPv6-formatted requests.
Chapter 14
14 - 2
To view performance data
1. On the Main tab of the navigation pane, expand Overview and then
click Performance.
The Performance screen opens.
2. On the menu bar, click Global Traffic.
The Performance screen displays the global traffic management
Graphs.
3. From the Graph Interval list, select the time period for which you
want to view performance data.
4. Click the Refresh button to update the graphs.
5. Click the View Detailed Graph links to view the detailed graphs.
15
Managing iRules
Introducing iRules for the Global Traffic Manager
Creating iRules
Assigning iRules
Controlling iRule evaluation
Using statement commands
Using wide IP commands
Using utility commands
Using protocol commands
Removing iRules
Managing iRules

TM
15 - 1
Introducing iRules for the Global Traffic Manager
As you work with the Global Traffic Manager, you might find that you
want to incorporate additional customizations beyond the available features
associated with load balancing, monitors, or other aspects of your traffic
management. For example, you might want to have the system respond to a
name resolution request with a specific CNAME record, but only when the
request is for a particular wide IP and originates from Europe. In the Global
Traffic Manager, these customizations are defined through iRules
. iRules
are code snippets that are based on TCL 8.4. These snippets allow you a
great deal of flexibility in managing your global network traffic.
If you are familiar with the Local Traffic Manager, you might already be
aware of and use iRules to manage your network traffic on a local level. The
iRules in the Global Traffic Manager share a similar syntax with their Local
Traffic Manager counterparts, but support a different set of events and
objects.
Due to the dynamic nature of iRules development, the following sections
focus on providing an overview of iRule operations and describe the events
and command specific to the Global Traffic Manager. For additional
information on how to write iRules, visit the F5 DevCentral web site:
http://devcentral.f5.com. At this site, you can learn more about iRules
development, as well as discuss iRules functionality with others.
What is an iRule?
An iRule is a script that you write if you want individual connections to
target a pool other than the default pool defined for a virtual server. iRules
allow you to more directly specify the pools to which you want traffic to be
directed. Using iRules, you can send traffic not only to pools, but also to
individual pool members or hosts.
The iRules you create can be simple or sophisticated, depending on your
content-switching needs. Figure 15.1 shows an example of a simple iRule.
This iRule is triggered when a DNS request has been detected, causing the
Global Traffic Manager to send the packet to the pool my_pool, if the IP
address of the local DNS making the request matches 10.10.10.10.
iRules can direct traffic not only to specific pools, but also to individual pool
members, including port numbers and URI paths, either to implement
persistence or to meet specific load balancing requirements.
when DNS_REQUEST {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
}
Figure 15.1 Example of an iRule
Chapter 15
15 - 2
The syntax that you use to write iRules is based on the Tool Command
Language (Tcl) programming standard. Thus, you can use many of the
standard Tcl commands, plus a set of extensions that the Global Traffic
Manager provides to help you further increase load balancing efficiency.
For information about standard Tcl syntax, see the Tcl Reference Manual at
http://tmml.sourceforge.net/doc/tcl/index.html.
Creating iRules
You can create an iRule using the Configuration utility.
To create an iRule
click iRules.
The iRules screen opens.
3. In the Name box, type a 1- to 31-character name.
4. In the Definition box, type the syntax for your iRule.
5. If you want to expand the length of the Definition box, check
Extend Text Area. Also, if you want the contents of the iRule to
wrap within the box, check Wrap Text.
For detailed syntax information on writing iRules, see pages 15-4 through
15-9.
Managing iRules

TM
15 - 3
Assigning iRules
Within the Global Traffic Manager, you assign iRules to the wide IPs in
your network configuration.
To assign an iRule
then click Wide IPs.
2. Click the name of the wide IP to which you want to assign an iRule.
The main iRules screen for the wide IP opens.
The Manage iRules screen opens.
5. From the iRule list, select an appropriate iRule.
6. Click the Add button.
The new rule appears in the list of assigned iRules.
Chapter 15
15 - 4
Controlling iRule evaluation
In a basic system configuration where no iRule exists, the Global Traffic
Manager directs incoming traffic to the default pool assigned to the wide IP
that receives that traffic based on the assigned load balancing modes.
However, you might want the Global Traffic Manager to direct certain kinds
of connections to other destinations. The way to do this is to write an iRule
that directs traffic to that other destination, contingent on a certain type of
event occurring. Otherwise, traffic continues to go to the default pool
iRules are therefore evaluated whenever an event occurs that you have
specified in the iRule. For example, if an iRule includes the event
declaration DNS_REQUEST, then the iRule is triggered whenever the
Global Traffic Manager receives a name resolution request. The Global
Traffic Manager then follows the directions in the remainder of the iRule to
determine the destination of the packet.
Specifying events
The iRules feature includes several types of event declarations that you can
make in an iRule. Specifying an event declaration determines when the
Global Traffic Manager evaluates the iRule. The following sections list and
describe these event types. Also described is the concept of iRule context
and the use of the when keyword.
Event types
The event declarations that you can make in an iRule are listed in Table
15.1.
iRule Event Description
DNS_REQUEST Triggered when a DNS request is received from a client.
LB_SELECTED Triggered when the Global Traffic Manager has selected a target node.
LB_FAILED Triggered when a connection to the server was unable to complete. This might
occur if the pool has no available members or a selected pool member is
otherwise not available.
RULE_INIT Triggered when an iRule that contains the RULE_INIT event is changed, or when
the gtmd utility restarts.
Note that only the following commands are valid with this event: whoami,
whereami, crc32, findstr, log, substr, and whereis.
Table 15.1 Event declarations for iRules
Managing iRules

TM
15 - 5
Using the when keyword
You make an event declaration in an iRule by using the when keyword,
followed by the event name. For example:
when DNS_REQUEST {
iRule details...
}
Listing iRules on wide IPs
When you assign multiple iRules as resources for a wide IP, it is important
to consider the order in which you list them on the wide IP. This is because
the Global Traffic Manager processes duplicate iRule events in the order
that the applicable iRules are listed. An iRule event can therefore terminate
the triggering of events, thus preventing the Global Traffic Manager from
triggering subsequent events.
To organize the list of iRules
5. Click the name of an assigned iRule and then use either the Up
button to move the iRule up one position, or the Down button to
move the iRule down one position.
Chapter 15
15 - 6
Using statement commands
Some of the commands available for use within iRules are known as
statement commands. Statement commands enable the Global Traffic
Manager to perform a variety of different actions. For example, some of
these commands specify the pools or servers to which you want the Global
Traffic Manager to direct traffic.
Table 15.2 lists and describes statement commands that you can use within
iRules.
Statement Command Description
discard Causes the current packet or connection (depending on the context of the
event) to be discarded. This statement must be conditionally associated with
an if statement.
drop Same as the discard command.
[use] host <string> Causes the server host, as identified by a string, to be used directly, thus
bypassing any load balancing.
if { <expression> } {
<statement_command>
}
elseif { <expression> } {
<statement_command>
}
Asks a true or false question and, depending on the answer, takes some
action.
Note that the maximum number of if statements that you can nest in an iRule
is 100.
log [<facility>.<level>] <message> Generates and logs the specified message to the Syslog facility.
[use] host <addr> [<port>] Causes the server host, as identified by IP address and, optionally, port
number, to be used directly, thus bypassing any load balancing.
[use] pool <pool_name> [member
<addr> [<port>]]
Causes the Global Traffic Manager to load balance traffic to the named pool.
This statement must be conditionally associated with an if statement.
Optionally, you can specify a specific pool member to which you want to direct
the traffic.
reject Causes the connection to be rejected, returning a reset as appropriate for the
protocol.
return Terminates running of the iRule event.
Table 15.2 iRule statement commands
Managing iRules

TM
15 - 7
Using wide IP commands
The Global Traffic Manager supports several iRule commands that are
unique to its global traffic management capabilities. These commands can
specify a specific CNAME or wide IP name, or determine the geographic
origin of the request.
Table 15.3 lists and describes wide IP commands that you can use within
iRules.
Statement Command Description
cname <cname> Returns the <cname> referenced.
persist [enable | disable] Returns the persistence state value, when enabled. If you specify
arguments, returns the previous state value.
pools [-list] [blue | green | yellow | red | gray] Returns the number of pools or a list of pools in the wide IP that are
in the specified state. If you do not specify a state, returns all pools.
ttl <value> Overrides the default time-to-live value. If this command is used for
a CNAME, the value overrides the default of 0. If this command is
used for a pool, the value overrides the time-to-live value for that
pool.
whereis <ip_addr> [ [continent] | [country] |
[state] | [abbrev] | [city] | [zip] | [area_code] |
[latitude] | [longitude] | [isp] | [org] | [country_cf]
| [state_cf] | [city_cf] | [proxy_type] ]
Returns the geographic location of the specified IP address. The
default IP geolocation database includes data for IPv4 addresses at
the continent, country, state, ISP, and organization levels, and for
IPv6 addresses at the continent and country levels. Note that you
can only access the ISP and organization-level geolocation data for
IPv4 addresses using the iRules whereis command.
If you do not specify keywords, the command returns continent,
country, state, and city data with curly braces in place of the value
of any of these parameters for which data is not available.
The following definitions are useful if you are using a database that
provides additional geolocation data:
abbrev
The abbreviation of the name of a state or region.
org
The name of an organization.
country_cf, state_cf, and city_cf
The confidence level, as a percentage, for the accuracy of the
country, state, and city data.
proxy_type
The type of connection.
The options are unknown, anonymizer, aoldialup, aolpop,
aolproxy, cache proxy, fixed, international proxy, mobile
gateway, none, pop, regional proxy, satellite, and superpop.
wideip name Returns the wide IP name requested.
Table 15.3 iRule wide IP commands
Chapter 15
15 - 8
Using utility commands
The Global Traffic Manager includes a number of utility commands that you
can use within iRules. You can use these commands to parse and retrieve
content, verify data integrity, and retrieve information about active pools
and pool members.
Parsing and manipulating content
Table 15.4 lists and describes the commands that return a string that you
specify. The pages following the table provide detail and examples of the
commands.
Ensuring data integrity
Some of the commands available for use within iRules allow you to check
the integrity of data. Table 15.5 lists and describes these commands.
Command Description
findstr Finds a string within another string and returns the string starting at the offset specified from the
match.
substr Finds a string within another string and returns the string starting at the offset specified from the
match.
findclass Finds the member of a data group that contains the result of the specified expression, and returns
that data group member or the portion following the separator, if a separator was provided.
host Searches for a specific host name within the supplied <string>.
Table 15.4 Utility commands that parse and manipulate content
Utility
Command Description
crc32 <string> Returns the crc32 checksum for the provided string, or if an error occurs, an empty string. Used to
ensure data integrity.
md5 <string> Returns the RSA Data Security, Inc. MD5 Message Digest Algorithm (md5) message digest of the
provided string, or if an error occurs, an empty string. Used to ensure data integrity.
Table 15.5 Utility commands for ensuring data integrity
Managing iRules

TM
15 - 9
Retrieving resource information
The iRules commands listed in Table 15.6 allow you to retrieve data about
the Global Traffic Manager, data centers, servers, pools, and pool members.
Using protocol commands
The Global Traffic Manager includes a number of protocol commands that
you can use within iRules. You can use these commands to identify IP
addresses and ports of both the clients and servers for a given name
resolution transaction.
Utility Command Description
active_members <pool name> Returns the number of active members in the pool.
LB::server [<pool | name | address |
<port>]
Returns the name of the server selected for a load balancing operation.
LB::status [<up | down | session
enabled | session disabled>]
Returns the status of the selected resource.
LB::status pool <name> member
<address> [<port> <up | down |
session enabled | session disabled>]
Returns the status of the selected pool.
LB::status vs <ip> <port> [<up | down
| session enabled | session
disabled>]
Returns the status of the selected virtual server.
member_priority <pool name>
member <ip> [<port>]
Returns the priority for pool member ip:port.
members [-list] <pool name>
[blue | green | yellow | red | gray]
Returns the number or list of pool members in the specified pool that are in
the specified state. If you do not specify a state, returns all pool members.
nodes_up [<virtual server name> |
<ip address/port>]
Returns the number of up nodes behind a virtual server.
Local Traffic Manager virtual servers can have a pool with multiple nodes. If
there is not a monitor on the Local Traffic Manager side, the server is blue.
However, the Global Traffic Manager interprets this blue virtual server as
green, and the nodes_up value is 1.
uptime Returns the number of seconds the local Global Traffic Manager has been up.
whereami Returns the datacenter name for the local Global Traffic Manager.
whoami Returns the server name for the local Global Traffic Manager.
Table 15.6 Utility commands for retrieving resource information
Chapter 15
15 - 10
IP commands
The Global Traffic Manager supports the following IP commands.
TCP commands
The Global Traffic Manager supports the following TCP commands.
UDP commands
The Global Traffic Manager supports the following UDP commands.
Protocol Command Description
IP::remote_addr Returns the IP address of the client for a given name resolution request.
Equivalent to IP::client_addr.
IP::local_addr Returns the IP address of the server for a given name resolution request.
Equivalent to IP::server_addr.
IP::client_addr Returns the IP address of the client for a given name resolution request.
Equivalent to IP::remote_addr.
IP::server_addr Returns the IP address of the server for a given name resolution request.
Equivalent to IP::local_addr.
IP::protocol Returns the IP protocol value, such as TCP or UDP.
Table 15.7 IP commands for iRules
TCP::client_port Returns the clients TCP port/service number.
TCP::server_port Returns the servers TCP port/service number.
Table 15.8 TCP commands for iRules
UDP::client_port Returns the clients UDP port/service number.
UDP::server_port Returns the servers UDP port/service number.
Table 15.9 UDP commands for iRules
Managing iRules

TM
15 - 11
Removing iRules
Within the Global Traffic Manager, you can remove an iRule from a wide IP
at any time.
To remove an iRule
4. Click the Manage button
5. Select the iRule that you want to remove, and then click Remove.
Chapter 15
15 - 12
16
Introducing ZoneRunner
Working with zone files
Working with resource records
Working with views
Managing the named.conf file

TM
16 - 1
Introducing ZoneRunner
One of the modes in which you can operate the Global Traffic Manager
system is the node mode. In node mode, the Global Traffic Manager is
responsible not only for load balancing name resolution requests and
monitoring the health of your physical and logical network; it is also
responsible for maintaining the DNS zone files that map name resolution
requests to the appropriate network resource.
In the Global Traffic Manager, you create, manage, and maintain DNS files
using the ZoneRunner utility. The ZoneRunner utility is a zone file
management utility that can manage both DNS zone files and your BIND
configuration. With the ZoneRunner utility, you can:
Manage the DNS zones and zone files for your network, including
importing and transferring zone files
Manage the resource records for those zones
Manage views (a BIND 9 feature)
Manage a local name server and its configuration file, named.conf
Working with DNS and BIND
The ZoneRunner utility is an advanced feature of the Global Traffic
Manager. F5 Networks highly recommends that you become familiar with
the various aspects of BIND and DNS before you use this feature. For
in-depth information, see the following resources:
DNS and BIND, 4th edition, Paul Albitz and Cricket Liu
The IETF DNS documents, RFC 1034 and RFC 1035
The Internet Systems Consortium web site,
http://www.isc.org/index.pl?/sw/bind/
Understanding ZoneRunner tasks
When you use the ZoneRunner utility to manage your DNS zones and
resource records, you can accomplish several tasks, including:
Configure a zone
Configure the resource records that make up the zone
Configure a view, for access control
Configure options in the named.conf file
Note
In the Configuration utility, you must configure a zone before you configure
any other objects in the ZoneRunner utility.
The remainder of this chapter discusses these tasks in detail.
Chapter 16
16 - 2
Working with zone files
With the ZoneRunner utility, you can create, modify, and delete zone files.
Additionally, you can transfer zone files to another name server, or import
zone files from another name server. A zone file contains resource records
and directives that describe the characteristics and hosts of a zone, otherwise
known as a domain or sub-domain.
Types of zone files
There are five types of zone files. Each type has its own content
requirements and role in the DNS.
The types of zones are:
Primary (Master)
Zone files for a primary zone contain, at minimum, the start of authority
(SOA) and name server (NS) resource records for the zone. Primary
zones are authoritative, that is, they respond to DNS queries for the
domain or sub-domain. A zone can have only one SOA record, and must
have at least one NS record.
Secondary (Slave)
Zone files for a secondary zone are copies of the principal zone files. At
an interval specified in the SOA record, secondary zones query the
primary zone to check for and obtain updated zone data. A secondary
zone responds authoritatively for the zone as long as the zone data is
valid.
Stub
Stub zones are similar to secondary zones, except that stub zones contain
only the NS records for the zone. Note that stub zones are a specific
feature of the BIND implementation of DNS. F5 Networks recommends
that you use stub zones only if you have a specific requirement for this
functionality.
Forward
The zone file for a forwarding zone contains only information to forward
DNS queries to another name server on a per-zone (or per-domain) basis.
Hint
The zone file for a hint zone specifies an initial set of root name servers
for the zone. Whenever the local name server starts, it queries a root
name server in the hint zone file to obtain the most recent list of root
name servers.

TM
16 - 3
Creating zone files
You can use the ZoneRunner utility to create any of the zone types
described in the previous section. You can use the following procedure to
create any type of zone. You choose the type of zone that you want to create
in step 6.
To create a zone
click ZoneRunner.
The Resource Records List screen opens.
2. On the menu bar, click Zone List.
The Zone List screen opens.
The New Zone screen opens.
4. From the View Name list, select a view with which to associate the
new zone.
5. In the Zone Name box, type a fully-qualified domain name for the
zone.
Note: Do not forget the trailing dot ( . ) at the end of the name.
6. From the Zone Type list, select the type of zone that you are
configuring.
The screen refreshes to display the configuration settings for the
zone type.
Each zone type has unique characteristics. The following sections describe
how to create each zone type.
Creating a primary zone
Primary zones have many components. When you create a primary zone,
you create a zone file, an SOA record, and an initial NS record. You can
also create a reverse zone and its corresponding reverse zone file.
To create a primary zone configuration
click ZoneRunner.
4. From the View Name list, select the view with which you want to
associate the zone.
Chapter 16
16 - 4
5. In the Zone Name box, type a name for the zone.
6. From the Zone Type list, select Master.
The screen refreshes to display the configuration options and
records creation options for a primary zone.
7. From the Records Creation Method list, select Manual. The
configuration options in the Records Creation section in the
following procedure change, depending on the record creation
method that you select in this step.
Note: The Records Creation Method list has two additional
options: Load From File and Transfer from Server. These options
are discussed in Importing zone files, on page 16-7.
8. In the Zone File Name box, type the name you want to use for the
zone file.
9. In the Options box, you can type any additional statements that the
zone requires. Do not delete the allow-update statement as the
system needs this to maintain compatibility with the wide IP
information.
Important: Use caution when typing in the Options box. The system
writes any changes you make directly to the named.conf file. For
information on available options and syntax, refer to the BIND
documentation mentioned at the beginning of this chapter.
10. Check the Create Reverse Zone box to specify that the system
creates a reverse zone for this zone.
11. In the Reverse Zone Name box, type a name for the reverse zone,
and then select whether the reverse zone applies to IPv4 or IPv6
networks.
12. In the Reverse Zone File Name box, type the name you want to use
for the reverse zone file.
13. In the SOA Record section, supply the relevant configuration for
the Start of Authority (SOA) record associated with this zone.
14. In the NS Record section, supply the information for the first Name
Server associated with this zone.
See Creating NS resource records, on page 16-18 for more
information.
Creating a secondary zone
Secondary zones are essentially copies of primary zones. Secondary zones
can respond to DNS queries, which significantly reduces the possibility that
a query goes unanswered. Secondary zones regularly poll primary zones to
get up-to-date zone information.

TM
16 - 5
To create a secondary zone
click ZoneRunner.
associate the zone.
6. From the Zone Type list, select Slave.
The screen refreshes to display the configuration options for a
secondary zone.
zone file.
zone requires. Do not delete the allow-update statement as the
information.
Creating a stub zone
Stub zones contain only the NS records for a zone and are a unique feature
of the BIND implementation of DNS. As such, F5 Networks recommends
that you carefully evaluate using stub zones in your configuration. Refer to
the BIND documentation for additional information about stub zones.
To create a stub zone
click ZoneRunner.
associate the zone.
Chapter 16
16 - 6
6. From the Zone Type list, select Stub.
The screen refreshes to display the configuration options for a stub
zone.
zone file.
zone requires. Do not delete the allow-update statement, as the
information.
Creating a hint zone
Hint zones designate a subset of the root servers list. When the local name
server starts (or restarts), the name server queries the root servers in the hint
zone for the most current list of root servers.
To create a hint zone
click ZoneRunner.
associate the zone.
6. From the Zone Type list, select Hint.
The screen refreshes to display the configuration options for a hint
zone.
Creating a forward zone
Forward zones provide forwarding information for a zone or a domain.
When a query comes in that matches a forward zone, the ZoneRunner utility
sends the query to the server specified in the forward zone, rather than
returning the query to the requesting local DNS server.

TM
16 - 7
To create a forward zone
click ZoneRunner.
associate the zone.
6. From the Zone Type list, select Forward.
forward zone.
zone requires. Do not delete the forwarders statement as the system
needs this to maintain compatibility with the wide IP information.
Important: Exercise caution when typing in the Options box. The
system writes any changes you make directly to the named.conf file.
For information on available options and syntax, refer to the BIND
Importing zone files
Often, when you add the Global Traffic Manager to your network, you
already have a DNS server that manages your zone files. Typically, the
Global Traffic Manager can then become either a secondary server that
provides backup DNS information in case your primary DNS server goes
offline, or the primary DNS server. In either situation, you can use the
ZoneRunner utility to import existing zone files into the Global Traffic
Manager instead of re-creating them manually. It is important to note that
you can import only primary zones files.
Through the ZoneRunner utility, you can import zone files using one of two
methods:
Loading zones from a file
Transferring zones from a server
Chapter 16
16 - 8
Loading zones from a file
If you know where the zone files you want to import reside on your server,
you can load these files directly into the Global Traffic Manager through the
ZoneRunner utility. Once you load a zone file into the Global Traffic
Manager, the ZoneRunner utility displays information about the zone and
any of its resource records within the Configuration utility.
Important
You can load only primary zones files.
To load a zone from a file
1. On the Main tab, expand Global Traffic and click ZoneRunner.
new zone.
The default setting is external.
zone.
7. From the Records Creation Method, select Load From File.
8. In the Upload Records File box, located in the Records Creation
section, type the path to the zone file.
Alternatively, you can click the Browse button to navigate to the
file.

TM
16 - 9
Transferring zones from servers
Instead of loading zones from a file, you have the option of transferring
them from existing DNS server. This method is useful if the zone files you
need reside at a remote location. Once you transfer a zone file into the
Global Traffic Manager, the ZoneRunner utility displays information about
the zone and any of its resource records within the Configuration utility.
Before you can transfer zone files from another server, you must ensure that
the you have configured the source server to allow transfers to the
destination server. You typically accomplish this task using the
allow-transfer option. See your DNS and BIND documentation for more
information.
Important
You can transfer only primary zones files.
To transfer a zone from a server
click ZoneRunner.
new zone.
The default setting is external.
zone.
7. From the Records Creation Method, select Transfer from
Server.
8. In the Source Server box, located in the Records Creation section,
type the path to DNS server.
Chapter 16
16 - 10
Searching for a specific zone
When you want to modify a zone, you can locate that specific zone using the
search feature. You can search by either the full or a partial name, or by
resource record of the zone. This feature can be especially useful for
companies with large networks that contain numerous zones. For more
information about how the search feature works see Locating a component
using the search feature, on page 2-6.
To search for a specific zone
click ZoneRunner.
The main ZoneRunner screen opens.
2. In the Name or RDATA box, type the name or resource record of
the zone that you want to modify.
3. Click the Search button.
A list of zones that matches the criteria you entered displays.
4. Click the name of the zone that you want to modify.
The properties screen for that zone opens.
5. Make changes to the zone properties as required.
Modifying zones
You can use the ZoneRunner utility to modify zones on an as-needed basis.
For example, you can increase or decrease the time-to-live (TTL) value for
the zone, or change the master server for the zone.
You can also add resource records to an existing zone file. For more
information, see Working with resource records, on page 16-12.
To modify a zone
click ZoneRunner.
The main screen for the zone opens.
3. Click the name of the zone that you want to modify.
The properties screen for the zone opens.
4. Modify the settings for the zone as needed.

TM
16 - 11
Deleting zones
With the ZoneRunner utility, you can delete zones that either have become
obsolete or are no longer relevant to the Global Traffic Manager due to a
network configuration change. For example, you might adjust your name
servers, after which the Global Traffic Manager is no longer responsible for
a specific zone.
To delete a zone
click ZoneRunner.
The main screen for the zone opens.
3. Click the Select box next to the zone name that you want to delete.
5. Click the Delete button again to delete the zone.
Chapter 16
16 - 12
Working with resource records
Resource records are the files that contain details about a zone. These
resource records, in a hierarchical structure, make up the domain name
system (DNS). Once you have created a zone, you can use the ZoneRunner
utility to view, create, modify, and delete the resource records for that zone.
Note
Although case is preserved in names and data fields when loaded into the
name server, comparisons and lookups in the name server database are not
case-sensitive.
Types of resource records
This section describes the common resource records that the ZoneRunner
utility supports. For information on additional resource record types, see
DNS and BIND, 4th edition, Albitz and Liu.
The types of resource records are:
SOA (Start of authority)
The start of authority resource record, SOA, starts every zone file and
indicates that a name server is the best source of information for a
particular zone. The SOA record indicates that a name server is
authoritative for a zone. There must be exactly one SOA record per zone.
Unlike other resource records, you create a SOA record only when you
create a new master zone file.
A (Address)
The Address record, or A record, lists the IP address for a given host
name. The name field is the hosts name, and the address is the network
interface address. There should be one A record for each IP address of
the machine.
AAAA (IPv6 Address)
The IPv6 Address record, or AAAA record, lists the 128-bit IPv6 address
for a given host name.
CNAME (Canonical Name)
The Canonical Name resource record, CNAME, specifies an alias or
nickname for the official, or canonical, host name. This record must be
the only one associated with the alias name. It is usually easier to supply
one A record for a given address and use CNAME records to define alias
host names for that address.
DNAME (Delegation of Reverse Name)
The Delegation of Reverse Name resource record, DNAME, specifies the
reverse lookup of an IPv6 address. These records substitute the suffix of
one domain name with another. The DNAME record instructs the Global
Traffic Manager (or any DNS server) to build an alias that substitutes a
portion of the requested IP address with the data stored in the DNAME
record.

TM
16 - 13
HINFO (Host Information)
The Host Information resource record, HINFO, contains information on
the hardware and operating system relevant to the Global Traffic
Manager (or other DNS).
MX (Mail Exchanger)
The Mail Exchange resource record, MX, defines the mail system(s) for
a given domain.
NS (Name Server)
The name server resource record, NS, defines the name servers for a
given domain, creating a delegation point and a subzone. The first name
field specifies the zone that is served by the name server that is specified
in the name servers name field. Every zone needs at least one name
server.
PTR (Pointer)
A name pointer resource record, PTR, associates a host name with a
given IP address. These records are used for reverse name lookups.
SRV (Service)
The Service resource record, SRV, is a pointer that allows an alias for a
given service to be redirected to another domain. For example, if the
fictional company SiteRequest had an FTP archive hosted on
archive.siterequest.com, the IT department can create an SRV record
that allows an alias, ftp.siterequest.com to be redirected to
archive.siterequest.com.
TXT (Text)
The Text resource record, TXT, allows you to supply any string of
information, such as the location of a server or any other relevant
information that you want available.
Creating resource records
You can use the ZoneRunner utility to create any of the resource record
types described in Types of zone files, on page 16-2.
To create a resource record
click ZoneRunner.
The New Resource Record screen opens.
new zone.
4. In the Zone Name box, select the zone with which this record is
associated.
5. In the Name box, type the name for the resource record.
Chapter 16
16 - 14
6. In the TTL box, type the time-to-live value for the record.
7. From the Type list, select the type of resource record that you are
configuring.
The screen refreshes to display the configuration settings for the
resource record type.
8. Configure settings as needed.
Each resource record type has unique characteristics. The following sections
describe how to create each resource record type, using the steps listed in
this procedure, and specifying details for each record type.
Creating A resource records
The Address record, or A record, lists the IP address for a given host name.
To create an A record
click ZoneRunner.
new zone.
associated.
7. From the Type list, select A.
The screen refreshes to display the configuration options for an A
resource record.
8. In the IP Address box, type the IP address for the A record.
9. If you want to create a reverse record that corresponds to this record,
for the Create Reverse Record option, check the Enable box.

TM
16 - 15
Creating AAAA resource records
The IPv6 Address record, or AAAA record, is a record used for 128-bit IPv6
addresses.
To create an AAAA record
click ZoneRunner.
new zone.
associated.
7. From the Type list, select AAAA.
The screen refreshes to display the configuration options for an
AAAA resource record.
8. In the IP Address box, type the IP address for the AAAA record.
9. If you want to create a reverse record that corresponds to this record,
for the Create Reverse Record option, check the Enable box.
Creating CNAME resource records
The Canonical Name resource record, CNAME, specifies an alias or
nickname for the official, or canonical, host name.
To create a CNAME record
click ZoneRunner.
new zone.
associated.
Chapter 16
16 - 16
7. From the Type list, select CNAME.
CNAME resource record.
8. In the CNAME box, type the appropriate alias for the resource
record.
Creating DNAME resource records
The Delegation of Reverse Name resource record, DNAME, specifies the
reverse lookup of an IPv6 address.
To create a DNAME record
click ZoneRunner.
new zone.
associated.
7. From the Type list, select DNAME.
DNAME resource record.
8. In the DNAME box, type the appropriate reverse name for the
resource record.

TM
16 - 17
Creating HINFO resource records
The Host Information resource record, HINFO, contains information on the
hardware and operating system relevant to the Global Traffic Manager (or
other DNS).
To create an HINFO record
click ZoneRunner.
new zone.
associated.
7. From the Type list, select HINFO.
The screen refreshes to display the configuration options for an
HINFO resource record.
8. In the Hardware box, type the appropriate hardware information
for the resource record.
9. In the OS box, type the appropriate operating system information
for the resource record.
Chapter 16
16 - 18
Creating MX resource records
The Mail Exchange resource record, MX, defines the mail system(s) for a
given domain.
To create an MX record
click ZoneRunner.
new zone.
associated.
7. From the Type list, select MX.
The screen refreshes to display the configuration options for an MX
resource record.
8. In the Preference box, type the preference for the mail server.
Preference is a numeric value for the preference of this mail
exchange host relevant to all other mail exchange hosts for the
domain. Lower numbers indicate a higher preference, or priority.
9. In the Mail Server box, type the appropriate domain name for the
mail server.
Creating NS resource records
The name server resource record, NS, defines the name servers for a given
domain, creating a delegation point and a subzone.
To create an NS record
click ZoneRunner.
new zone.
associated.

TM
16 - 19
7. From the Type list, select NS.
The screen refreshes to display the configuration options for an NS
resource record.
8. In the Name Server box, type the appropriate domain name for the
resource record.
Creating PTR resource records
A name pointer resource record, PTR, associates a host name with a given
IP address. These records are used for reverse name lookups.
To create a PTR record
click ZoneRunner.
new zone.
associated.
7. From the Type list, select PTR.
The screen refreshes to display the configuration options for a PTR
resource record.
8. In the Domain box, type the appropriate domain name for the
resource record.
Chapter 16
16 - 20
Creating SRV resource records
The Service resource record, SRV, is a pointer that allows an alias for a
given service to be redirected to another domain.
To create an SRV record
click ZoneRunner.
new zone.
associated.
7. From the Type list, select SRV.
The screen refreshes to display the configuration options for an SRV
resource record.
8. In the Priority box, type the appropriate priority level for this host.
The lower the number in this box, the higher the priority level.
9. In the Weight box, type the proportion of requests that should be
targeted at this server.
This value is used when two hosts have the same priority. The
higher the number in this box, the greater the weight.
10. In the Port box, type the port on which the service is running.
11. In the Target Server box, type the domain name of a host running
the service on the port specified in the Port box.

TM
16 - 21
Creating TXT resource records
The Text resource record, TXT, allows you to supply any string of
information, such as the location of a server or any other relevant
information that you want available.
To create a TXT record
click ZoneRunner.
new zone.
associated.
7. From the Type list, select TXT.
The screen refreshes to display the configuration options for a TXT
resource record.
8. In the Text box, type the appropriate text for the resource record.
Modifying a resource record
If you decide you need to change the settings for a given resource record,
you can modify it at any time.
To modify a resource record
click ZoneRunner.
The ZoneRunner screen opens.
2. Click the name of the resource record that you want to modify.
The properties screen for the resource record opens.
3. Modify the resource record as needed.
Chapter 16
16 - 22
Adding resource records to an existing zone file
In addition to creating a resource record through the ZoneRunner screen,
you can create one when you modify an existing zone file.
To add a resource record to an existing zone file
click ZoneRunner.
3. Click the name of the zone to which you want to add a resource
record.
The properties screen for that zone opens.
4. Click the Add Resource Record button, located at the bottom of
the screen.
The New Resource Record screen opens, with the View Name and
Zone Name options filled out to reflect the appropriate settings for
the zone file.
5. Create the new resource record as needed.
See Creating resource records, on page 16-13, for more
information.
Working with views
One of the features available in BIND 9 is the addition of views to your
DNS configuration. A view allows you to modify the name server
configuration based on the community attempting to access it. For example,
if your DNS handles requests from both inside and outside your company,
you can create two views: internal and external. Through views, you can
build name server configurations on the same server, and have those
configurations apply dynamically when the request originates from a
specified source.
In the Global Traffic Manager, a single view is created automatically within
the ZoneRunner utility: external. If you do not want to create views, all
zones that the Global Traffic Manager maintains are associated with this
default view.
Through the ZoneRunner utility, you can:
Add views
Modify views
Delete views

TM
16 - 23
Adding views
If you have a DNS that is accessed from multiple communities, you can
create a view for each community. Depending on the community, the name
server uses a different configuration for resolving name requests.
To add a view
click ZoneRunner.
2. On the menu bar, click View List.
The View List screen opens.
The New View screen opens.
4. In the View Name box, type a name for the view.
5. From the View Order list, select where the view resides in the view
hierarchy for the name server.
6. In the Options box, specify the criteria that determines when the
DNS should use the zone files associated with this view.
Modifying views
As the needs of the communities attempting to access the Global Traffic
Manager as a DNS change, you might need to modify your views. Through
the ZoneRunner utility, you can modify a view at any time.
To modify a view
click ZoneRunner.
3. Click the name of the view you want to modify.
The properties screen for the view opens.
4. Modify the view settings as needed. Note that you cannot change
the name of the view.
5. Click Update to apply your changes.
Chapter 16
16 - 24
Deleting views
If a view is no longer necessary for your name resolutions, you can delete it
from the ZoneRunner utility.
To delete a view
click ZoneRunner.
3. Click the Select box next to the name of the view that you want to
delete.
5. Click the Delete button again to delete the view.
Adding zones to views
Once you create a view, you can add zones to the view.
To add a zone to a view
click ZoneRunner.
3. Click the name of the view to which you want to add a zone.
The properties screen for the view opens.
4. Click the Add Zone button.
5. Create the new zone as needed.
See Creating zone files, on page 16-3, for more information on
creating zone files.

TM
16 - 25
Managing the named.conf file
You define the primary operational characteristics of BIND using a single
file, named.conf. The functions defined in this file include views, access
control list definitions, and zones.
You can control most of the contents of the named.conf file through the
ZoneRunner utility, as this utility updates the named.conf file to implement
any modifications that you make. However, you can also use the
ZoneRunner utility to edit the named.conf file directly.
Important
In the following procedure, we assume that you are fully familiar with the
named.conf file and the syntax of its contents. Modifying the named.conf
file carries a high level of risk, as a syntax error can prevent the entire
BIND system from performing as expected. For this reason, F5 Networks
recommends that you use the user interface of the ZoneRunner utility
whenever possible, and that you exercise caution when editing the
named.conf file.
To modify the named.conf file
click ZoneRunner.
2. On the menu bar, click Named Configuration.
The named.conf configuration screen opens.
3. Edit the contents of the named.conf file as needed:
You can increase the size of the box containing the named.conf
contents by checking Extend Text Area.
You can have the contents of the named.conf file wrap to fit the
box by checking Wrap Text.
Chapter 16
16 - 26
A
Introducing the big3d agent
Collecting path data and server performance
metrics
Setting up communication between Global Traffic
Manager systems and other servers

TM
A - 1
Introducing the big3d agent
The big3d agent runs on all BIG-IP
systems, collects performance

information on behalf of the Global Traffic Manager system, and
continually monitors the availability of the servers that the Global Traffic
Manager load balances. The agent also monitors the integrity of the network
paths between the servers that host the domain, and the various local DNS
servers that attempt to connect to the domain. Each big3d agent broadcasts
its collected data to all of the Global Traffic Manager systems and Link
Controller systems in your network, ensuring that these systems work
with the latest information.
You can turn off the big3d agent on any BIG-IP system at any time;
however, if you turn off the big3d agent on a server, the Global Traffic
Manager can no longer check the availability of the server or its virtual
servers, and the statistics screens display the status of these servers as
unknown (blue ball).
Tip
F5 Networks recommends that you have at least one BIG-IP system running
the big3d agent in each data center in your network. This ensures that the
Global Traffic Manager has timely access to the metrics associated with
network traffic.
Important
When you set up a Global Traffic Manager to communicate with other
BIG-IP systems, you must use IP addresses that are defined within the
default route domain on the BIG-IP system. IP addresses within the default
route domain are the only addresses that can process Global Traffic
Manager traffic. For more information about configuring route domains,
see the TMOS
systems.
Appendix A
A - 2
Collecting path data and server performance metrics
A big3d agent collects the following types of performance information that
the system uses for load balancing. The big3d agent broadcasts this
information to all Global Traffic Manager systems in your network.
Network path round trip time
The big3d agent calculates the round trip time for the network path
between the agents data center and the clients LDNS server that is
making the resolution request. The Global Traffic Manager uses round
trip time to determine the best virtual server to answer the request when a
pool uses a dynamic load balancing mode, such as Round Trip Time, or
Quality of Service.
Network path packet loss
The big3d agent calculates the packet completion percentage for the
network path between the agents data center and the clients LDNS
server that is making the resolution request. The Global Traffic Manager
uses the packet completion rate to determine the best virtual server to
answer the request when a wide IP or pool uses either the Completion
Rate or the Quality of Service load balancing modes.
Router hops along the network path
The big3d agent calculates the number of intermediate system transitions
(router hops) between the agents data center and the clients LDNS
server. The Global Traffic Manager uses hops to determine the best
virtual server to answer the request when a pool uses the Hops or the
Quality of Service load balancing modes.
Server performance
The big3d agent returns server metrics, such as the packet rate, for
BIG-IP systems or SNMP-enabled hosts. The Global Traffic Manager
uses packet rate to determine the best virtual server to answer the request
when a pool uses the Packet Rate, KBPS, Least Connections, or Quality
of Service load balancing modes.
Virtual server availability and performance
The big3d agent queries virtual servers to verify whether they are up and
available to receive connections, and uses only those virtual servers that
are up for load balancing. The big3d agent also determines the number
of current connections to virtual servers that are defined on BIG-IP
systems or SNMP-enabled hosts. The Global Traffic Manager uses the
number of current connections to determine the best virtual server when
a pool uses the Least Connections or VS Capacity load balancing mode.

TM
A - 3
Setting up data collection with the big3d agent
Setting up the big3d agents involves the following tasks:
Installing big3d agents on BIG-IP systems
Each new version of the Global Traffic Manager software includes the
latest version of the big3d agent. You need to distribute that copy of the
big3d agent to each BIG-IP system in the network. See the release notes
provided with the Global Traffic Manager software for information about
which versions of the BIG-IP software the current big3d agent supports.
For details on installing the big3d agent, see Installing the big3d agent,
following.
Setting up communications between big3d agents and other systems
Before the big3d agents can communicate with the Global Traffic
Manager systems in the network, you need to configure the appropriate
ports and tools to allow communication between the devices running the
big3d agent and Global Traffic Manager systems in the network. These
planning issues are discussed in Setting up communication between
Global Traffic Manager systems and other servers, on page A-5.
Installing the big3d agent
The big3d agent is installed by running the big3d_install script. With the
correct ports open, the Global Traffic Manager also automatically updates
older big3d agents on the network.
When you install the big3d agent, you must complete the following tasks:
Install the Global Traffic Manager.
Add the BIG-IP systems as servers to the Global Traffic Manager.
Note that the IP address of the server you are adding must reside within
the default route domain on the BIG-IP system.
Exchange the appropriate web certificates between the Global Traffic
Manager and other systems.
Open ports 22 and 4353 between the Global Traffic Manager and the
other BIG-IP systems.
Understanding the data collection and broadcasting sequence
The big3d agents collect and broadcast information on demand. The Global
Traffic Manager in a synchronization group issues a data collection request
to all big3d agents running in the network. In turn, the big3d agents collect
the requested data, and then broadcast that data to all Global Traffic
Manager systems running in the network.
Appendix A
A - 4
Evaluating big3d agent configuration trade-offs
You must run a big3d agent on each BIG-IP system in your network if you
use dynamic load balancing modes (those that rely on path data). (For
information about dynamic load balancing, see Chapter 7, Load Balancing
with the Global Traffic Manager.) You must have a big3d agent running on
at least one system in each data center to gather the necessary path metrics.
The load on the big3d agents depends on the timer settings that you assign
to the different types of data the big3d agents collect. The shorter the timers,
the more frequently the big3d agent needs to refresh the data. While short
timers guarantee that you always have valid data readily available for load
balancing, they also increase the frequency of data collection.
Another factor that can affect data collection is the number of client LDNS
servers that make name resolution requests. The more LDNS servers that
make resolution requests, the more path data that the big3d agents have to
collect. While round trip time for a given path may vary constantly due to
current network load, the number of hops along a network path between a
data center and a specific LDNS does not often change. Consequently, you
may want to set short timer settings for round trip time data so that it
refreshes more often, but set high timer settings for hops data because it
does not need to be refreshed often.

TM
A - 5
Setting up communication between Global Traffic
Manager systems and other servers
In order to copy big3d agents from a Global Traffic Manager to BIG-IP
systems, the Global Traffic Manager must be able to communicate with
these other systems. Specifically, every BIG-IP system, which you define as
a server on the Global Traffic Manager, must have sufficient network
privileges and configured routes to be able to probe the virtual servers that it
hosts, as well as the virtual servers hosted by other servers defined on the
Global Traffic Managers in a synchronization group.
In the following configuration, every big3d agent that the Global Traffic
Manager synchronization group recognizes must be able to probe the virtual
server 10.1.0.1:80 via TCP.
server { // datacenter=DC1, #VS=1
name "Generic Host Server 1"
type generic
box {
address 10.1.0.1
unit_id 1
}
monitor "http"
vs {
name "Generic_VS1"
address 10.1.0.1:80 // http
}
}
Setting up iQuery communications for the big3d agent
The iQuery
protocol uses one of two ports to communicate between the

big3d agents throughout the network and Global Traffic Manager systems.
The ports used by iQuery traffic change, depending on whether the traffic is
inbound from the big3d agent or outbound from the Global Traffic
Manager.
Table A.1 shows the protocols and ports for both inbound and outbound
iQuery communications between Global Traffic Manager systems and
big3d agents distributed in your network.
From To Protocol From Port To Port
GTM system big3d agent TCP >1023 4353
big3d agent GTM system TCP 4353 >1023
Table A.1 Communication between big3d agents and Global Traffic
Manager systems
Appendix A
A - 6
Table A.2 shows the protocols and corresponding ports used for iQuery
communications between big3d agents and SNMP agents that run on host
servers.
Table A.3 shows the ports used for communications between big3d agents
and virtual servers that are not hosted by a BIG-IP system.
Allowing iQuery communications to pass through firewalls
The payload information of an iQuery packet contains information that
potentially requires network address translation when there is a firewall in
the path between the big3d agent and the Global Traffic Manager. The
firewall translates only the packet headers, not the payloads.
The virtual server translation option resolves this issue. When you configure
address translation for virtual servers, the iQuery packet stores the original
IP address in the packet payload itself. When the packet passes through a
firewall, the firewall translates the IP address in the packet header normally,
but the IP address within the packet payload is preserved. The Global
Traffic Manager reads the IP address out of the packet payload, rather than
out of the packet header.
For example, firewall separates the path between a BIG-IP system running a
big3d agent, and the Global Traffic Manager. The packet addresses are
translated at the firewall. However, addresses within the iQuery payload are
not translated, and they arrive at the BIG-IP system in their original states.
From To Protocol From Port To Port Purpose
big3d agent host SNMP agent UDP >1023 161 Ephemeral ports used to make
SNMP queries for host statistics
host SNMP agent big3d agent UDP 161 >1023 Ephemeral ports used to receive
host statistics using SNMP
Table A.2 Communication between big3d agents and SNMP agents on hosts
big3d agent virtual server UDP >1024 Service
Port
Ephemeral ports used to monitor
host virtual server
big3d agent virtual server TCP >1024 Service
Port
Ephemeral ports used to monitor
host virtual servers
Table A.3 Communication between big3d agents and virtual servers not hosted by BIG-IP systems

TM
A - 7
Communications between Global Traffic Manager systems, big3d
agents, and local DNS servers
Table A.4 shows the protocols and ports that the big3d agent uses when
collecting path data for local DNS servers.
big3d LDNS ICMP N/A N/A Probe using ICMP pings
big3d LDNS TCP >1023 53
Probe using TCP (Cisco
routers: allow
establish)
LDNS big3d TCP 53 >1023
Replies using TCP (Cisco
routers: allow
establish)
big3d LDNS UDP 53 33434 Probe using UDP or traceroute utility
LDNS big3d ICMP N/A N/A Replies to ICMP, UDP pings, or traceroute
probes
big3d LDNS dns_rev
dns_dot
>1023 53 Probe using DNS rev or DNS dot
LDNS big3d dns_rev
dns_dot
53 >1023 Replies to DNS rev or DNS dot probes
Table A.4 Communications between big3d agents and local DNS servers
Appendix A
A - 8
B
Introducing probes
Understanding iQuery
Determining probe responsibility
Selecting a big3d agent
Designating a specific server
Managing LDNS probes
Using log entries to tune probes

TM
B - 1
Introducing probes
When you install a Global Traffic Manager in a network, that system
typically works within a larger group of BIG-IP
products. These products

include other Global Traffic Manager systems, Link Controller systems,
and Local Traffic Manager systems. The Global Traffic Manager must be
able to communicate with these other systems to maintain an accurate
assessment of the health and availability of different network components.
For example, the Global Traffic Manager must be able to acquire statistical
data from resources that are managed by a Local Traffic Manager in a
different data center. BIG-IP systems acquire this information through the
use of probes. A probe is an action a BIG-IP system takes to acquire data
from other network resources.
Probes are an essential means by which the Global Traffic Manager tracks
the health and availability of network resources; however, it is equally
important that the responsibility for conducting probes be distributed across
as many BIG-IP products as possible. This distribution ensures that no one
system becomes overloaded with conducting probes, which can cause a
decrease in performance in the other tasks for which a BIG-IP system is
responsible.
To distribute probe requests effectively across multiple BIG-IP systems,
Global Traffic Manager systems employ several different technologies and
methodologies, including:
iQuery
, which is the communication protocol used between Global

Traffic Manager systems and the big3d agents that reside on other
BIG-IP systems
A selection methodology that determines which Global Traffic Manager
is responsible for managing the probe request
A selection methodology that determines which big3d agent actually
conducts the probe
One of the important concepts to remember when understanding how the
Global Traffic Manager acquires network data is that the process consists of
several tasks:
A Global Traffic Manager is chosen to be responsible for the probe.
The Global Traffic Manager delegates the probe to a big3d agent.
The big3d agent conducts the probe.
The big3d agent broadcasts the results of the probe, allowing all Global
Traffic Manager systems to receive the information.
Appendix B
B - 2
Understanding iQuery
At the heart of probe management with Global Traffic Manager systems is
iQuery, the communications protocol that these systems use to send
information from one system to another. With iQuery, Global Traffic
Manager systems in the same synchronization group can share configuration
settings, assign probe requests to big3d agents, and receive data on the
status of network resources.
The iQuery protocol is an XML protocol that is sent between each system
using gzip compression and SSL. These communications can only be
allowed between systems that have a trusted relationship established, which
is why configuration tools such as big3d_install, bigip_add, and gtm_add
are critical when installing or updating Global Traffic Manager systems. If
two systems have not exchanged their SSL certificates, they cannot share
information with each other using iQuery.
In addition to requiring trusted relationships, systems send iQuery
communications only on the VLAN in which the system received the
incoming message. Also, iQuery communications occur only within the
same synchronization group. If your network consists of two
synchronization groups, with each group sharing a subset of network
resources, these groups both probe the network resources and communicate
with iQuery separately.
Generally, iQuery communications require no user intervention; however,
on occasion it can be necessary to view the data transmitted between each
system. For example, you might be troubleshooting the reason that a Global
Traffic Manager is exhibiting a particular behavior. In such a situation, you
can use the command, iqdump.
To use the iqdump command
1. Access the system prompt for the BIG-IP system.
2. Type iqdump <ip address> <synchronization group name>.
The IP address that you type must be the IP address with which the
system is communicating with iQuery. This IP address can be either
the local system or a remote system.
3. Press Enter.
Immediately, information the BIG-IP system has received through iQuery
appears in the command window. Note that the data displayed represents
only the information the system receives; it does not display the information
the system has sent through iQuery.
Note
One of the first pieces of information the system displays when running
iQuery is the version of the remote big3d agent. This allows you to
determine if a system is running the latest version of the big3d agent.

TM
B - 3
Determining probe responsibility
When you assign a monitor to a network resource through the Configuration
utility of the Global Traffic Manager, the first action is for a Global Traffic
Manager to be responsible for ensuring that a big3d agent probes the
selected resource. It is important to remember that this does not necessarily
mean the selected Global Traffic Manager actually conducts the probe; it
means only that a specific Global Traffic Manager is in charge of assigning
a big3d agent to probe the resource. The big3d agent can be installed on the
same system as the Global Traffic Manager, a different Global Traffic
Manager, or the big3d agent on another BIG-IP system.
A crucial component to determining which system manages a probe request
is the data centers that you defined in the Global Traffic Manager
configuration. For each probe, the Global Traffic Manager systems
determine the following:
Is there a Global Traffic Manager in the same data center as the resource?
Is there more than one Global Traffic Manager at that data center?
By default, Global Traffic Manager systems delegate probe management to
a system that belongs to the same data center as the resource, since the close
proximity of system and resource improves probe response time.
To illustrate how these considerations factor into probe management,
consider a fictional company, SiteRequest. This company has three data
centers: one in Los Angeles, one in New York, and one in London. The
following table lists a few characteristics of each data center.
Now, consider that you want to acquire statistical data from a resource in the
New York data center. First, the Global Traffic Manager systems, based on
their iQuery communications with each other, identify whether there is a
Global Traffic Manager that belongs to the New York data center. In this
case, the answer is yes; the New York data center contains a Global Traffic
Manager. Next, the systems determine if more than one Global Traffic
Manager belongs to the New York data center. In this case, the answer is no;
the New York data center has only a stand-alone system. Consequently, the
Global Traffic Manager in the New York data center assumes responsibility
for conducting the probe on this particular resource.
Data Center Characteristics
Los Angeles Two Global Traffic Manager systems, configured as a
redundant system
New York A single Global Traffic Manager
London Resources only; no Global Traffic Manager systems
Table B.1 Characteristics of the data centers at SiteRequest
Appendix B
B - 4
In situations where more than one Global Traffic Manager belongs to a data
center, the systems use an algorithm to distribute the responsibility for
probes equally among Global Traffic Manager systems. This distribution
ensures that each Global Traffic Manager has an equal chance of being
responsible for managing a probe request.
To demonstrate how probe requests are delegated between two Global
Traffic Manager systems at the same data center, consider again the network
configuration at SiteRequest. This time, the company needs to acquire data
from a resource that resides at the Los Angeles data center. As with the
previous example, the first step identifies whether the Los Angeles data
center has any Global Traffic Manager systems; in this case, the answer is
yes. The next criteria is whether there is more than one Global Traffic
Manager at that data center; in this case, the answer is also yes: the Los
Angeles data center has a redundant system configuration that consists of
two Global Traffic Manager systems. Because there are two Global Traffic
Manager systems at this data center, each system compares the hash value of
the resource with its own information; whichever Global Traffic Manager
has the closest value to the resource becomes responsible for managing the
probe request.
A final consideration is if a data center does not have any Global Traffic
Manager systems at all, such as the London data center in the configuration
for SiteRequest. In these situations, the responsibility for probing a resource
at that data center is divided among the other Global Traffic Manager
systems; much in the same way as the responsibility is divided among
Global Traffic Manager systems within the same data center.
Once a Global Traffic Manager becomes responsible for managing a probe,
it remains responsible for that probe until the network configuration changes
in one of the following ways:
The Global Traffic Manager goes offline.
A new Global Traffic Manager is added to the data center.
The network configuration of the resource (such as its IP address)
changes.

TM
B - 5
Selecting a big3d agent
As described in Determining probe responsibility, on page B-3, the first
stage in conducting a probe of a network resource is to select the Global
Traffic Manager. In turn, the Global Traffic Manager delegates the probe to
a big3d agent, which is responsible for querying the given network resource
for data.
One way in which you can consider the probe delegation process of network
resources is in the similar to the two-tiered load balancing method the
Global Traffic Manager uses when delegating traffic. With DNS traffic, the
Global Traffic Manager identifies the wide IP to which the traffic belongs.
Then, it load balances that traffic among the pools associated with the wide
IP. One it selects a pool, the system load balances the request across the pool
members within that pool.
Delegating probe requests occurs in a similar two-tiered fashion. First, the
Global Traffic Manager systems within a synchronization group determine
which system is responsible for managing the probe. This does not
necessarily mean that the selected Global Traffic Manager conducts the
probe itself; it means only that a specific Global Traffic Manager ensures
that the probe takes place. Next, the Global Traffic Manager selects one of
the available big3d agents to actually conduct the probe. As each BIG-IP
system has a big3d agent, the number of agents available to conduct the
probe depends on the number of BIG-IP systems.
To illustrate how these considerations factor into probe management,
consider a fictional company, SiteRequest, that was used in Determining
probe responsibility, on page B-3. This company has three data centers: one
in Los Angeles, one in New York, and one in London. The following table
lists a few characteristics of each data center:
Now, consider that a Global Traffic Manager in the Los Angeles data center
has assumed responsibility for managing a probe for a network resource. At
this data center, the system can assign the probe to one of four big3d agents:
one for each BIG-IP system at the data center. To select a big3d, the Global
Traffic Manager looks to see which big3d agent has the fewest number of
Data Center Characteristics
Los Angeles Two Global Traffic Manager systems, configured as a
redundant system
Two Local Traffic Manager systems
New York A single Global Traffic Manager
Two Local Traffic Manager systems, configured as a
redundant system
London Resources only; no Global Traffic Manager systems
A single Local Traffic Manager
Table B.2 Characteristics of the data centers at SiteRequest
Appendix B
B - 6
probes for which it is responsible. The big3d agent with the lowest number
of probes is tasked with conducting the probe. The Global Traffic Manager
checks this statistic each time it needs to delegate the probe; as a result, the
big3d select can change from probe instance to probe instance.
In situations where a big3d agent does not reside in the same data center as
the resource, the designated Global Traffic Manager selects a big3d from all
available big3d agents on the network. Again, the agent selected is the agent
with the fewest number of probe requests, and this check occurs each time
the probe is conducted.
For example, SiteRequest adds a new set of web servers in Tokyo. At this
location, the company has yet to install its BIG-IP systems; however, the
current set of Global Traffic Manager systems in Los Angeles and New
York are managing traffic to these web servers. When initiating a probe
request to determine the availability of one of these servers, a Global Traffic
Manager is selected to manage the probe request. Then, that system chooses
a big3d agent to probe the web server, selecting any big3d agent located in
Los Angeles, New York, or London.

TM
B - 7
Designating a specific server
In most cases, the probes sent to internal network resources are handled
through a distributed load balancing system that first selects a Global Traffic
Manager, and then selects a big3d agent. However, in some circumstances
you might want to assign a specific server to conduct a probe of a given
resource. For those situations, you can use the Statistics Collection Server
setting. This option is only available for non-BIG-IP systems.
To designate a specific server
then click Servers.
The main Servers screen opens.
Alternatively, you can select an existing server by clicking the
appropriate server entry from the main Servers screen.
3. Define the appropriate settings for the new server.
A new set of configuration options appear.
5. From the Statistics Collection Server list, select a BIG-IP system
that you want to use to conduct probes for this server.
The Global Traffic Manager uses the specified BIG-IP system to conduct
probes on this server unless that system becomes unavailable.
Appendix B
B - 8
Managing LDNS probes
One of the probes for which Global Traffic Manager systems are responsible
are probes of Local Domain Name Systems, or LDNS servers. Unlike
probes conducted on internal systems, such as web servers, probes of LDNS
servers require that the Global Traffic Manager verify data from a resource
that exists outside the network. Typically, this data is the path information
the Global Traffic Manager requires when conducting Quality of Service,
Round Trip Time, Completion Rate, and Hops load balancing methods.
Note
If you do not use Quality of Service load balancing, the Global Traffic
Manager does not conduct probes of LDNS servers.
When a given LDNS server makes a DNS request for a wide IP, that request
is sent to a single Global Traffic Manager. The Global Traffic Manager then
creates an LDNS server entry, and assigns that entry one of the following
states:
New: the Global Traffic Manager has not come across this particular
LDNS server before
Active: the Global Traffic Manager already has an existing entry for this
LDNS server
Pending: the Global Traffic Manager has been contacted by this LDNS
server before, however, this server has yet to respond to a probe from a
Global Traffic Manager on this network
In general, the New and Pending states are temporary states; an LDNS
server remains in one of these states only until it responds to the first probe
request from a Global Traffic Manager. Once the Global Traffic Manager
receives a response, the LDNS entry is moved to the Active state. Each
Global Traffic Manager within a given synchronization group shares the
LDNS entries that are assigned this state, resulting in the synchronization
group having a common list of known LDNS servers.
Unlike internal probes, LDNS probes are not load balanced across Global
Traffic Manager systems. Instead, the Global Traffic Manager that the
LDNS server first queries becomes responsible for the initial probe to that
LDNS. These probes are load balanced, however, across the multiple big3d
agents, with preference given to big3d agents that either belong to the same
data center as the responding Global Traffic Manager, or belong to the same
link through which the Global Traffic Manager received the LDNS query.
After the initial probe, an algorithm is used to load balance subsequent
probes across the available Global Traffic Manager systems.

TM
B - 9
The process for identifying and managing LDNS probe requests is as
follows:
1. An LDNS server sends a DNS request to a Global Traffic Manager.
2. The Global Traffic Manager that responds to the request determines
if it already has an entry for the LDNS server. If it does not, it
creates an entry with a status of New.
3. The Global Traffic Manager delegates the probe of the LDNS server
to a big3d agent; preferably a big3d agent that resides in the same
data center as the Global Traffic Manager.
4. When the LDNS server responds to the probe, it sends its
information to the Global Traffic Manager.
5. The Global Traffic Manager updates its entry for the LDNS server,
assigning it an Active status.
6. The Global Traffic Manager synchronizes its list of active LDNS
servers with the other members of its synchronization group.
If you do not use Quality of Service load balancing modes, the Global
Traffic Manager systems do not conduct LDNS server probe.
Appendix B
B - 10
Using log entries to tune probes
As mentioned at the beginning of this chapter, probes are the means by
which the Global Traffic Manager tracks the health and availability of
network resources, and it is important that the responsibility for conducting
probes is distributed across as many BIG-IP products as possible. You can
use information in the Global Traffic Manager log file to determine how to
fine tune the probes that you have configured. However, the probe logs
feature is disabled by default. You must turn on the feature for the probe
information to appear in the log file.
Enabling probe logs
If you want the Global Traffic Manager to gather information about probes
and save it in the log file, you must set the database variable
GTM.DebugProbeTuningInterval to a non-zero value. The value of the
variable indicates, in seconds, how often you want the system to add probe
information to the log file. By default this variable is set to 0 (zero), which
disables the logging of information about probes.
To change the value of the database variable, use the tmsh command:
modify / sys db gtm.debugprobetuninginterval value [database variable value]
For information about the command syntax you use to change this variable,
see the Traffic Management Shell (tmsh) Reference Guide and the Bigpipe
Utility Reference Guide.
Understanding the probe information in the log file
The probe information displays in the logs in the Configuration utility when
the GTM setting on the Logs screen is set to the default value of Notice.
When you set the GTM.DebugProbeTuningInterval database variable to a
non-zero value, the log file contains information about probes including the
number of LDNS servers, Global Traffic Manager systems, paths, and
persistence records in your network. The log file also includes the
information in the following list.
For monitors:
The time in microseconds that each monitor spends in the active
queue
For each active monitor, the log file displays the following
information:
Base name
Monitor name
Number of total instances

TM
B - 11
Number of up instances and the average and maximum probe
time for each up instance
Number of down instances, the average probe time for each
down instance, and a sorted list of reasons that the instance is
down. Each reason in the list is followed the number of instances
that were marked down for this reason.
For each Global Traffic Manager and Local Traffic Manager:
Datacenter name
Server name
IP address
Current tmm CPU usage
Number of virtual servers in each state: up or down
Active and pending queue sizes for monitors, SNMP monitors, and
paths
Number of monitors that have received a down response from the
system
For each host server:
Datacenter name
Server name
IP address
CPU usage
Memory usage
Note: This value is -1, unless an SNMP monitor is assigned to the
server.
Number of virtual servers in each state: up or down
Appendix B
B - 12
Glossary
Glossary

TM
Glossary - 1
3-DNS Controller
See Global Traffic Manager.
A record
The A record is the ADDRESS resource record that a Global Traffic
Manager returns to a local DNS server in response to a name resolution
request. The A record contains a variety of information, including one or
more IP addresses that resolve to the requested domain name.
access control list (ACL)
An access control list is a list of local DNS server IP addresses that are
excluded from path probing or hops queries.
active unit
In a redundant system configuration, an active unit is a system that currently
load balances name resolution requests. If the active unit in the redundant
system fails, the standby unit assumes control and begins to load balance
requests.
alternate method
The alternate method specifies the load balancing mode that the Global
Traffic Manager uses to pick a virtual server if the preferred method fails.
See also fallback method, preferred method.
auto-discovery
Auto-discovery is a process through which the Global Traffic Manager
identifies a resource automatically so you can manage it.
big3d agent
The big3d agent is a monitoring agent that collects metrics information
about server performance and network paths between a data center and a
specific local DNS server. The Global Traffic Manager uses the information
collected by the big3d agent for dynamic load balancing.
BIG-IP system
A BIG-IP system can be a Global Traffic Manager, a Local Traffic
Manager, or a Link Controller.
BIND (Berkeley Internet Name Domain)
BIND is the most common implementation of the Domain Name System
(DNS). BIND provides a system for matching domain names to IP
addresses. For more information, refer to
http://www.isc.org/products/BIND.
Glossary
Glossary - 2
bridge mode
Bridge mode instructs the Global Traffic Manager to forward the traffic it
receives to another part of the network.
CIDR (Classless Inter-Domain Routing)
Classless Inter-Domain Routing (CIDR) is an expansion of the IP address
system that allows a single IP address to be used to designate many unique
IP addresses. A CIDR IP address looks like a standard IP address except that
it ends with a slash followed by a number, which is the IP network prefix.
For example: 172.200.0.0/16
CNAME record
A canonical name (CNAME) record acts as an alias to another domain
name. A canonical name and its alias can belong to different zones, so the
CNAME record must always be entered as a fully qualified domain name.
CNAME records are useful for setting up logical names for network
services so that they can be easily relocated to different physical hosts.
completion rate
The completion rate is the percentage of packets that a server successfully
returns during a given session.
Completion Rate mode
The Completion Rate mode is a dynamic load balancing mode that
distributes connections based on which network path drops the fewest
packets, or allows the fewest number of packets to time out.
The Configuration utility is the browser-based application that you use to
configure the BIG-IP system.
content delivery network (CDN)
A content delivery network (CDN) is an architecture of web-based network
components that helps dramatically reduce the wide-area network latency
between a client and the content they wish to access. A CDN includes some
or all of the following network components: wide-area traffic managers,
Internet service providers, content server clusters, caches, and origin content
providers.
custom monitor
A custom monitor is a user-created monitor. See also monitor, health
monitor, performance monitor, pre-configured monitor.
data center
A data center is a physical location that houses one or more Global Traffic
Manager systems, BIG-IP systems, or host machines.
Glossary

TM
Glossary - 3
data center server
A data center server is any server recognized in the Global Traffic Manager
configuration. A data center server can be any of the following: a Global
Traffic Manager, a BIG-IP system, or a host.
destination statement
A destination statement defines the resource to which the Global Traffic
Manager directs the name resolution request.
distributed application
A distributed application is a collection of wide IPs, data center, and links. It
is the highest level component that the Global Traffic Manager supports.
DNSSEC (DNS Security Extensions)
DNSSEC is a set of extensions to DNS that protects a computer network
against most of the threats to the Domain Name System.
DNSSEC zones
DNSSEC zones are containers that map a domain name to a set of DNSSEC
keys.
domain name
A domain name is a unique name that is associated with one or more IP
addresses. Domain names are used in URLs to identify particular web pages.
For example, in the URL http://www.f5.com/index.html, the domain name
is f5.com.
draining requests
Draining requests refers to allowing existing sessions to continue accessing
a specific set of resources while disallowing new connections.
Drop Packet load balancing mode
Drop Packet load balancing mode instructs the Global Traffic Manager to do
nothing with a packet, and simply drop the request.
dynamic load balancing modes
Dynamic load balancing modes base the distribution of name resolution
requests to virtual servers on the matrix of live data, such as current server
performance and current connection load.
Dynamic Ratio weighting
Dynamic Ratio weighting is a methodology in which the system
continuously checks the performance of each link and sends traffic through
the link with the best performance data.
Glossary
Glossary - 4
dynamic site content
Dynamic site content is a type of site content that is automatically generated
each time a user accesses the site. Examples are current stock quotes or
weather satellite images.
EAV (Extended Application Verification)
EAV is a health check that verifies an application on a node by running that
application remotely. EAV health check is only one of the three types of
health checks available on a Link Controller. See also health monitor,
external monitor.
EAV monitor
An EAV monitor checks the health of a resource by accessing the specified
application.
ECV (Extended Content Verification)
On the Global Traffic Manager, ECV is a service monitor that checks the
availability of actual content, (such as a file or an image) on a server, rather
than just checking the availability of a port or service, such as HTTP on port
80.
ECV monitor
An ECV monitor checks the health of a resource by sending a query for
content using the specified protocol, and waiting to receive the content from
the resource. See also monitor, health monitor, external monitor.
external monitor
An external monitor is a user-supplied health monitor. See also health
monitor.
external system
An external system is any server with which the Global Traffic Manager
must exchange information to perform its functions.
failover
Failover is the process whereby a standby unit in a redundant system
configuration takes over when a software failure or hardware failure is
detected on the active unit.
failover cable
The failover cable is the cable that directly connects the two system units in
a hardware-based redundant system configuration.
Glossary

TM
Glossary - 5
fallback method
The fallback method is the third method in a load balancing hierarchy that
the Global Traffic Manager uses to load balance a resolution request. The
Global Traffic Manager uses the fallback method only when the load
balancing modes specified for the preferred and alternate methods fail.
Unlike the preferred method and the alternate method, the fallback method
uses neither server nor virtual server availability for load balancing
calculations. See also preferred method, alternate method.
Global Availability mode
Global Availability is a static load balancing mode that bases connection
distribution on a particular server order, always sending a connection to the
first available server in the list. This mode differs from Round Robin mode
in that it searches for an available server always starting with the first server
in the list, while Round Robin mode searches for an available server starting
with the next server in the list (with respect to the server selected for the
previous connection request).
The Global Traffic Manager provides wide-area traffic management and
high availability of IP applications/services running across multiple data
centers.
gtmd
The gtmd utility processes communications between two Global Traffic
Manager systems.
health monitor
A health monitor checks a node to see if it is up and functioning for a given
service. If the node fails the check, it is marked down. Different monitors
exist for checking different services. See also monitor, custom monitor,
pre-configured monitor, performance monitor.
host
A host is a network server that manages one or more virtual servers that the
Global Traffic Manager uses for load balancing.
ICMP (Internet Control Message Protocol)
ICMP is an Internet communications protocol used to determine information
about routes to destination addresses, such as nodes that are managed by
BIG-IP systems.
iQuery
The iQuery
protocol is used to exchange information between Global

Traffic Manager systems and BIG-IP systems. The iQuery protocol is
officially registered with IANA for port 4353, and works on UDP and TCP
connections.
Glossary
Glossary - 6
key-signing key
The Global Traffic Manager uses key signing keys to sign only the
DNSKEY record of a DNSSEC record set. See also DNSSEC (DNS Security
Extensions), DNSSEC zones, and zone-signing key.
Kilobytes/Second mode
The Kilobytes/Second mode is a dynamic load balancing mode that
distributes connections based on which available server currently processes
the fewest kilobytes per second.
Least Connections mode
The Least Connections mode is a dynamic load balancing mode that bases
connection distribution on which server currently manages the fewest open
connections.
link
A link is a logical representation of a physical device (router), which
connects your network to the rest of the Internet.
Link Controller
The Link Controller is an IP application switch that manages traffic to and
from a site across multiple links, regardless of connection type or provider.
listener
A listener is an object that listens for DNS queries. A listener instructs the
Global Traffic Manager to listen for network traffic destined for a specific
IP address.
load balancing methods
Load balancing methods are the settings that specify the hierarchical order
in which the Global Traffic Manager uses three load balancing modes. The
preferred method specifies the first load balancing mode that the Global
Traffic Manager tries, the alternate method specifies the next load balancing
mode to try if the preferred method fails, and the fallback method specifies
the last load balancing mode to use if both the preferred and the alternate
methods fail.
load balancing mode
A load balancing mode is the way in which the Global Traffic Manager
determines how to distribute connections across an array.
local DNS
A local DNS is a server that makes name resolution requests on behalf of a
client. With respect to the Global Traffic Manager, local DNS servers are
the source of name resolution requests. Local DNS is also referred to as
LDNS.
Glossary

TM
Glossary - 7
logical network components
Logical components are abstractions of network resources, such as a virtual
servers. See also physical network components.
metrics information
Metrics information is the data that is typically collected about the paths
between BIG-IP systems and local DNS servers. Metrics information is also
collected about the performance and availability of virtual servers. Metrics
information is used for load balancing, and it can include statistics such as
round trip time, packet rate, and packet loss.
monitor
A monitor is a software utility that specializes in a specific metric of a
Global Traffic Manager resource. A monitor tests to see if a given resource
responds as expected. See also custom monitor, pre-configured monitor,
health monitor, performance monitor.
monitor template
A monitor template is an abstraction that exists within the Global Traffic
Manager for each monitor type, and contains a group of settings and default
values.
name resolution
Name resolution is the process by which a name server matches a domain
name request to an IP address, and sends the information to the client
requesting the resolution.
name server
A name server is a server that maintains a DNS database, and resolves
domain name requests to IP addresses using that database.
named
The named daemon manages domain name server software.
Network Time Protocol (NTP)
Network Time Protocol functions over the Internet to synchronize system
clocks to Universal Coordinated Time. NTP provides a mechanism to set
and maintain clock synchronization within milliseconds.
node
A node is a logical object on the BIG-IP system that identifies the IP address
of a physical resource on the network, such as a web server.
Node mode
The Node mode instructs the Global Traffic Manager to process traffic
locally, and send the appropriate DNS response back to the querying server.
Glossary
Glossary - 8
NS record
A name server (NS) record is used to define a set of authoritative name
servers for a DNS zone. A name server is considered authoritative for some
given zone when it has a complete set of data for the zone, allowing it to
answer queries about the zone on its own, without needing to consult
another name server.
packet rate
The packet rate is the number of data packets per second processed by a
server.
Packet Rate mode
The Packet Rate mode is a dynamic load balancing mode that distributes
connections based on which available server currently processes the fewest
packets per second.
path
A path is a logical network route between a data center server and a local
DNS server.
path probing
Path probing is the process of collecting metrics data, such as round trip
time and packet rate, for a given path between a requesting LDNS server
and a data center server.
performance monitor
Performance monitors check the performance of a pool or virtual server, and
dynamically load balance traffic accordingly. See also monitor,
pre-configured monitor, custom monitor, health monitor.
persistence
On a Global Traffic Manager, persistence is a series of related requests
received from the same local DNS server for the same wide IP name. When
persistence is turned on, a Global Traffic Manager sends all requests from a
particular local DNS server for a specific wide IP to the same virtual server,
instead of load balancing the requests.
physical network components
Physical network components have a direct correlation with one or more
physical entities on the network. See also logical network components.
picks
Picks represent the number of times a particular virtual server is selected to
receive a load balanced connection.
Glossary

TM
Glossary - 9
pool
A pool is a group of virtual servers managed by a BIG-IP system, or a host.
The Global Traffic Manager load balances among pools (using the Pool LB
Mode), as well as among individual virtual servers.
pool-level load balancing
With pool-level load balancing, after the Global Traffic Manager uses wide
IP-level load balancing to select the best available pool, it uses a pool-level
load balancing to select a virtual server within that pool. If the first virtual
server within the pool is unavailable, the Global Traffic Manager selects the
next best virtual server based on the load balancing mode assigned to that
pool. See also tiered load balancing and wide IP-level load balancing.
pool ratio
A pool ratio is a ratio weight applied to pools in a wide IP. If the Pool LB
mode is set to Ratio, the Global Traffic Manager uses each pool for load
balancing in proportion to the weight defined for the pool.
preferred method
The preferred method specifies the first load balancing mode that the Global
Traffic Manager uses to load balance a resolution request. See also alternate
method, fallback method.
pre-configured monitor
Pre-configured monitors are monitors that the Global Traffic Manager
provides. See also monitor, custom monitor, health monitor.
probe
A probe is a specific query, initiated by a big3d agent, that attempts to
gather specific data from a given network resource. Probes are most often
employed when a health monitor attempts to verify the availability of a
resource.
QoS equation
The QoS equation is the equation on which the Quality of Service load
balancing mode is based. The equation calculates a score for a given path
between a data center server and a local DNS server. The Quality of Service
mode distributes connections based on the best path score for an available
data center server. You can apply weights to the factors in the equation, such
as round trip time and completion rate.
Quality of Service mode
The Quality of Service load balancing mode is a dynamic load balancing
mode that bases connection distribution on a configurable combination of
the packet rate, completion rate, round trip time, hops, virtual server
capacity, kilobytes per second, link capacity, and topology information.
Glossary
Glossary - 10
ratio
A ratio is the parameter in a virtual server statement that assigns a weight to
the virtual server for load balancing purposes.
Ratio mode
The Ratio load balancing mode is a static load balancing mode that
distributes connections across an pool of virtual servers in proportion to the
ratio weight assigned to each individual virtual server.
Ratio weighting
Ratio weighting is a methodology in which the system uses a frequency that
you set to determine to which link to send traffic.
redundant system configuration
A redundant system configuration is a pair of units that are configured for
failover. One system runs as the active unit and the other system runs as the
standby unit. If the active unit fails, the standby unit takes over and manages
resolution requests.
region
A region is a customized collection of topologies. See topology.
request source statement
A request source statement defines the origin of a name resolution request
for a connection.
resource record
A resource record is a record in a DNS database that stores data associated
with domain names. A resource record typically includes a domain name, a
TTL, a record type, and data specific to that record type. See also A record,
CNAME record, NS record.
reverse domain
A reverse domain is a type of DNS resolution request that matches a given
IP address to a domain name. The more common type of DNS resolution
request starts with a given domain name and matches that to an IP address.
root name server
A root name server is a master DNS server that maintains a complete DNS
database. There are approximately 13 root name servers in the world that
manage the DNS database for the World Wide Web.
Round Robin mode
Round Robin mode is a static load balancing mode that bases connection
distribution on a set server order. Round Robin mode sends a connection
request to the next available server in the order.
Glossary

TM
Glossary - 11
round trip time (RTT)
Round trip time is the calculation of the time (in microseconds) that a local
DNS server takes to respond to a ping issued by the big3d agent running on
a data center server. The Global Traffic Manager takes RTT values into
account when it uses dynamic load balancing modes.
Round Trip Time mode
Round Trip Time is a dynamic load balancing mode that bases connection
distribution on which virtual server has the fastest measured round trip time
between the data center server and the local DNS server.
router hops
Router hops are intermediate system transitions along a given network path.
Router mode
Router mode instructs the Global Traffic Manager to forward the traffic it
receives to another DNS server.
secondary DNS
The secondary DNS is a name server that retrieves DNS data from the name
server that is authoritative for the DNS zone.
self IP address
A self IP address is an IP address that you define on a VLAN of a BIG-IP
system. This term does not apply to the management IP address of a BIG-IP
system, or to IP addresses on other devices.
server
A server is a physical device on which you can configure one or more
virtual servers.
Setup utility
The Setup utility is a utility that takes you through the initial system
configuration process. The Setup utility runs automatically when you turn
on a system for the first time.
Simple monitor
A Simple monitor checks the health of a resource by sending a packet using
the specified protocol, and waiting for a response from the resource. See
also health monitor.
SNMP (Simple Network Management Protocol)
SNMP is the Internet standard protocol, defined in STD 15, RFC 1157, that
was developed to manage nodes on an IP network.
Glossary
Glossary - 12
standby unit
A standby unit is the system in a redundant system configuration that is
always prepared to become the active unit if the active unit fails.
static load balancing modes
Static load balancing modes base the distribution of name resolution
requests to virtual servers on a pre-defined list of criteria and server and
virtual server availability; they do not take current server performance or
current connection load into account. See also dynamic load balancing
modes.
subdomain
A subdomain is a sub-section of a higher level domain. For example, .com is
a high level domain, and F5.com is a subdomain within the .com domain.
synchronization
Synchronization means that each Global Traffic Manager regularly
compares the timestamps of its configuration files with the timestamps of
the configuration files on the other Global Traffic Manager systems on the
network.
synchronization group
A synchronization group is a group of Global Traffic Manager systems that
synchronize system configurations and zone files (if applicable). All
synchronization group members receive broadcasts of metrics data from the
big3d agents throughout the network. All synchronization group members
also receive broadcasts of updated configuration settings from the Global
Traffic Manager that has the latest configuration changes.
tiered load balancing
Tiered load balancing is load balancing that occurs at more than one point
during the resolution process. See also wide IP-level load balancing and
pool-level load balancing.
tmsh
The Traffic Management Shell (tmsh) is a command-line utility that you
can use to configure the Global Traffic Manager.
topology
A topology is a set of characteristics that identify the origin of a given name
resolution request.
Glossary

TM
Glossary - 13
Topology mode
The Topology mode is a static load balancing mode that bases the
distribution of name resolution requests on the weighted scores for topology
records. Topology records are used by the Topology load balancing mode to
redirect DNS queries to the closest virtual server, geographically, based on
location information derived from the DNS query message.
topology record
A topology record specifies a score for a local DNS server location endpoint
and a virtual server location endpoint.
topology score
The topology score is the weight assigned to a topology record when the
Global Traffic Manager is filtering the topology records to find the best
virtual server match for a DNS query.
topology statement
A topology statement is a collection of topology records.
TTL (Time to Live)
The TTL is the number of seconds for which a DNS record or metric is
valid, or for which a DNSSEC key is cached by a client resolver. When a
TTL expires, the server usually must refresh the information before using it
again. See also DNSSEC (DNS Security Extensions).
unavailable
The unavailable status is used for data center servers and virtual servers.
When a data center server or virtual server is unavailable, the Global
Traffic Manager does not use it for load balancing.
unknown
The unknown status is used for data center servers and virtual servers.
When a data center server or virtual server is new to the Global Traffic
Manager and does not yet have metrics information, the Global Traffic
Manager marks its status as unknown. The Global Traffic Manager can use
unknown servers for load balancing, but if the load balancing mode is
dynamic, the Global Traffic Manager uses default metrics information for
the unknown server until it receives live metrics data.
up
The up status is used for data center servers and virtual servers. When a data
center server or virtual server is up, the data center server or virtual server is
available to respond to name resolution requests.
Glossary
Glossary - 14
user configuration set (UCS)
A user configuration set is a backup file that you create for the BIG-IP
system configuration data. When you create a UCS, the BIG-IP system
assigns a .ucs extension to the file name.
virtual server
A virtual server, in the context of the Global Traffic Manager, is a
combination of an IP address and a port number that, together, provide
access to an application or data source on your network.
wide IP
A wide IP is a collection of one or more domain names that maps to one or
more groups of virtual servers managed either by BIG-IP systems, or by
host servers. The Global Traffic Manager load balances name resolution
requests across the virtual servers that are defined in the wide IP that is
associated with the requested domain name.
wide IP-level load balancing
With wide IP-level load balancing, the Global Traffic Manager load
balances requests, first to a specific pool, and then to a specific virtual server
in the selected pool. If the preferred, alternate, and fallback load balancing
methods that are configured for the pool or virtual server fail, then the
requests fail, or the system falls back to DNS. See also tiered load balancing
and pool-level load balancing.
wildcard listener
A wildcard listener monitors all traffic coming into your network, regardless
of the destination IP address of the given DNS request.
zone
In DNS terms, a zone is a subset of DNS records for one or more domains.
zone file
In DNS terms, a zone file is a database set of domains with one or many
domain names, designated mail servers, a list of other name servers that can
answer resolution requests, and a set of zone attributes, which are contained
in an SOA record.
zone-signing key
The Global Traffic Manager uses a zone-signing key to sign all of the record
sets in a DNSSEC zone. See also DNSSEC (DNS Security Extensions),
DNSSEC zones, and key-signing key.
ZoneRunner
ZoneRunner is the utility that allows you manage your resource records,
zone files, and named configuration associated with your implementation of
DNS and BIND.
Index
Index

TM
Index - 1
A
A record
creating 16-14
defined 16-12
AAAA record
creating 16-15
defined 16-12
address exclusion list 13-7
alias addresses 11-35
alternate load balancing method 7-2
applications
See distributed applications.
auto-discovery
described 3-14
setting polling frequency 3-15
availability, defined 8-3
B
big3d agent
and broadcasting sequence A-3
and configuration trade-offs A-4
and data collection A-3
and dynamic load balancing 7-6
and iQuery A-5, B-2
and metrics A-2
defined 1-3
getting version number B-2
installing A-3
introducing A-1
selecting for probe requests B-3, B-5
setting up A-3
using with system communications 3-4
big3d_install script
and setup tasks 3-6, 3-9
running 3-8, 3-9
BIG-IP health monitor 11-13
BIG-IP Link health monitor 11-14
bigip_add script
and setup tasks 3-6, 3-8
billing, and links 5-23
BIND configuration and DNSSEC 10-12
Bridge mode
and listeners 4-1
configuring listeners for traffic forwarding 4-4
defined 4-1
broadcast sequence and big3d agent A-3
C
cache poisoning, preventing 10-1
CNAME record
creating 16-15
defined 16-12
communications
and big3d A-5
and probes B-1
system 3-4
Completion Rate load balancing mode 7-7
introducing 1-4, 1-5
connections, resuming 8-10
CPU load balancing mode 7-7
custom monitors
importing from another custom monitor 11-6
importing from pre-configured monitor 11-6
importing from template 11-6
using 11-5
using pre-configured 11-5
D
data center statistics 12-9
data centers
and defining physical network components 5-1
configuring 5-2
defined 2-2
deleting 5-4
disabling 5-4
enabling 5-4
managing 5-2
modifying 5-3
data collection, and big3d agent A-3
data graphs, performance 14-1
denial of service, preventing 10-1
dependencies
creating for virtual servers 8-7
organizing for virtual servers 8-9
removing from virtual servers 8-8
setting 6-21
setting for virtual servers 8-7
destination statements 9-1
distributed applications
adding wide IPs 6-20
and dependencies 6-21
and persistent connections 6-24
and statistics for 12-5
and wide IPs 2-5
defined 6-19
defining in Global Traffic Manager 6-19
disabling traffic 6-23
enabling traffic 6-23
introducing 2-5
managing 6-19
removing wide IPs 6-21
removing wide IPs from 6-21
DNAME record
creating 16-16
defined 16-12
Index
Index - 2
DNS zone files
adding to views 16-24
synchronizing 3-13
DNSSEC
and independence from BIND 10-12
DNSSEC key expiration 10-2
DNSSEC keys
about generations of 10-1
about key-signing keys 10-4
about zone-signing keys 10-4
creating 10-4
deleting 10-6
introducing 10-1
manually rolling over a generation of 10-7
modifying 10-6
modifying generations of 10-6
setting TTL for 10-2
DNSSEC resource records 10-12
DNSSEC zones
creating 10-10
deleting 10-11
introducing 10-1
managing 10-10
modifying 10-11
domain names
configuring system validation 3-18
domain validation, configuring 3-18
Drain Persistent Requests option 8-12
Drop Packet load balancing mode 7-3
dynamic load balancing modes
and big3d agents 7-6
and fallback load balancing method 7-2
defined 7-1
listing of types 7-6
overview 7-6
using 7-6
See also Completion Rate load balancing mode.
See also CPU load balancing mode.
See also Hops load balancing mode.
See also Kilobyte/Second load balancing mode.
See also Least Connections load balancing mode.
See also Packet Rate load balancing mode.
See also Quality of Service load balancing mode.
See also Round Trip Times load balancing mode.
See also Virtual Server Score load balancing mode.
See also VS Capacity load balancing mode.
dynamic ratio
and Quality of Service mode 7-8
introducing 7-12
using with Quality of Service mode 7-12
Dynamic Ratio option, enabling for pools 7-13
E
EAV monitors 11-2
ECV monitors 11-2
event declarations 15-4
event execution, terminating 15-5
event-based traffic management 15-4
External health monitor 11-14
F
failover
enabling network-based 3-3
for hardware-based 1-4, 3-4
for network-based 1-4, 3-4
Fallback IP load balancing mode 7-4
fallback load balancing
and load balancing mode usage 7-2
configuring 7-16
introducing 7-16
selecting 7-2
features of Global Traffic Manager 1-1
FirePass health monitors 11-15
firewalls and iQuery A-6
forward zone files
creating 16-6
defined 16-2
FTP health monitors 11-16
G
Gateway ICMP health monitor 11-8
generations
modifying for DNSSEC keys 10-6
geolocation data, reloading default data 9-13
Global Availability load balancing mode 7-4
and components 2-1
and DNSSEC keys and zones 10-1
and operation modes 4-1
defining current 3-2, 5-6
selecting for probe requests B-3
graphs for performance data 14-1
GTM Performance graph 14-1
GTM Request Breakdown graph 14-1
gtm_add script
and setup tasks 3-6
running 3-6
gtmd 3-5
H
hardware-based failover 1-4, 3-4
health monitor settings 11-1
health monitor types 11-38
health monitors
and alias addresses 11-35
and default settings 11-1
and disabled resources 3-17
and extended content verification 11-10
and external application verification 11-12
Index

TM
Index - 3
and health monitor types 11-2
and links 5-22, 5-23
and number of queries 3-17
and reverse mode 11-35
and simple monitors 11-8
and transparent mode 11-35
assigning heartbeat intervals 3-16
assigning servers to 5-13
associating resources to 11-38
configuring 11-8
creating 11-7
creating custom health monitors 11-5
defined 11-2
deleting 11-40
determining availability with 8-4
disabling 11-40
displaying 11-40
enabling 11-40
introducing 11-1
managing 11-40
using BIG-IP Link monitor 11-14
using BIG-IP monitor 11-13
using External 11-14
using FirePass 11-15
using FTP 11-16
using Gateway ICMP 11-8
using HTTP 11-10
using HTTPS 11-11
using IMAP 11-16
using LDAP 11-17
using MSSQL 11-18
using NNTP 11-19
using Oracle 11-20
using POP3 11-21
using pre-configured 11-5
using RADIUS 11-21
using Real Server 11-22
using Scripted 11-24
using SIP 11-25
using SMTP 11-26
using SNMP 11-26
using SNMP Link 11-28
using SOAP 11-28
using TCP 11-12
using TCP Half Open 11-9
using UDP 11-29
using WAP 11-30
using WMI 11-31
heartbeat interval 3-16
HINFO record
creating 16-17
defined 16-13
HINT zone files
creating 16-6
defined 16-2
Hops load balancing mode 7-7
host 5-10
host servers
defined 5-10
using Generic Host option 5-12
HTTP health monitor 11-10
HTTPS health monitor 11-11
I
ID hacking, preventing 10-1
if statement
and syntax 15-6
nesting 15-6
ignore path TTL option 7-17
IMAP health monitor 11-16
internet protocols 1-2
IP geolocation database
downloading and installing updates 9-10
iqdump command, using B-2
iQuery
and firewalls A-6
and probes B-1
and VLANs B-2
defined A-5
using with system communications 3-4
iRule evaluation, controlling 15-4
iRule event types 15-4
iRule functions 15-8
iRule statement syntax
using IP commands 15-10
using statement commands 15-6
using TCP commands 15-10
using UDP commands 15-10
using utility commands 15-8, 15-9
using wide IP commands 15-7
iRules
adding to wide IPs 6-16
and statement commands 15-6
and wide IPs 6-15
assigning 15-5
creating 15-2
introducing 15-1
organizing within wide IPs 6-17
removing from wide IPs 6-16
K
key expiration 10-2
key generations
rolling over DNSSEC 10-7
understanding DNSSEC keys 10-1
keys, DNSSEC 10-4
key-signing keys
about 10-5
managing 10-4
Kilobytes/Second load balancing mode 7-7
Index
Index - 4
L
last resort pool 8-13
LDAP health monitor 11-17
LDNS probes B-8
Least Connections load balancing mode 7-7
limit setting
defined 8-3
establishing 8-3
using Kilobytes 8-3
using Packets 8-3
limit settings
See limit thresholds.
limit thresholds
and BIG-IP systems 8-3
and pool members 5-16
and pools 5-15
and servers 5-14
and virtual servers 5-15
introducing 5-13
using Total Connections 8-3
Link Controller, defined 5-8
link statistics 12-10
links
adding 5-21, 5-22
and monitors 5-22, 5-23
billing 5-23
defined 2-3
determining availability 8-6
managing 5-21
removing 5-22
weighting 5-23
listeners
deleting 4-6
introducing 4-1
modifying 4-5
load balancing
and dynamic modes 7-6
and pools 7-1, 7-15
and static modes 7-3
and wide IPs 7-1, 7-14
configuring 7-14
enabling ignore path TTL option 7-17
introducing 7-1
using alternate methods 7-1
using dynamic load balancing modes 7-1
using fallback method 7-16
using pool-level 7-1
using static load balancing modes 7-1
using tiered 7-1
using Topology mode 9-12
using wide IP-level 7-1
verifying virtual server availability 7-17
load balancing methods
defined 7-1
using fallback load balancing 7-2
load balancing mode usage 7-2
load balancing modes
and name resolution requests 7-1
defined 7-2
using Completion Rate 7-7
using CPU 7-7
using Drop Packet 7-3
using Fallback IP 7-4
using Global Availability 7-4
using Hops 7-7
using Kilobytes/Second 7-7
using Least Connections 7-7
using None 7-3, 7-4
using Packet Rate 7-7
using Quality of Service 7-9
using Ratio 7-5
using Return to DNS 7-3, 7-5
using Round Robin 7-5
using Round Trip Times 7-9
using static 7-3
using Static Persist 7-5
using Topology 7-6
using Virtual Server Score 7-9
using VS Capacity 7-9
load balancing servers
defined 5-9
using generic load balancing server option 5-10
local DNS
assigning probes to 13-3
excluding from probes 13-6
removing from probes 13-7
local DNS statistics 12-15
Local Traffic Manager
and resources 1-2
defined 5-7
log statements 15-6
logical network components
and distributed applications 2-5
and listeners 2-4
and pools 2-4
and wide IPs 2-5
defined 2-4, 5-1
introducing 6-1
reviewing 2-4
M
manual resume 8-10
master zone files
See primary zone files.
metrics
assigning to local DNS 13-3
defined 13-2
introducing 13-1
Index

TM
Index - 5
metrics collection
and big3d agent A-2
and probes 13-6
and TTL and timers 13-5
excluding local DNS from probes 13-6
removing local DNS from probes 13-7
sequence A-3
setting TTL and timer values 13-5
monitors
checking virtual servers associated with servers 8-5
configuring global 3-15
defined 8-4
determining availability of links 8-6
determining availability of pools 8-6
determining availability of virtual servers 8-4
See also health monitors.
summary of types 11-2
using custom 11-5
MSSQL health monitor
troubleshooting 11-19
using to perform service checks 11-18
mx record
creating 16-18
defined 16-13
N
named.conf file 16-25
network management tools 1-2
network traffic flows, graphs 14-1
network-based failover
and redundant system configurations 1-4, 3-4
enabling 3-3
NIST, and standards for DNSSEC zone-signing keys 10-5
NNTP health monitor 11-19
Node mode
and listeners 4-1, 4-3
defined 4-1
NoError response, implementing 6-18
None load balancing mode
using 7-4
using to skip load balancing 7-3
NS record
creating 16-18
defined 16-13
NTP
defining 3-10
synchronizing systems 3-10
O
Oracle health monitor 11-20
P
Packet Rate load balancing mode 7-7
paths statistics 12-13
performance data, viewing 14-1
performance monitors 11-8
persistence records 12-16
persistent connections
and persistent records 12-16
draining 8-12
introducing 8-11
physical network components
configuring data centers 5-2
introducing 5-1
using data centers 2-2
using links 2-3
using servers 2-2
pool members, using with limit thresholds 5-16
pool statistics 12-8
pool-level load balancing 7-1
pools
adding to wide IPs 6-11
and configuring topologies 9-7, 9-8
and limit thresholds 5-15
and load balancing 7-15
and topology load balancing 9-12
defined 6-3, 6-8
disabling 6-7
enabling 6-7
organizing virtual servers 6-4
organizing within wide IPs 6-12
removing from wide IPs 6-12
removing virtual servers 6-4
weighting virtual servers 6-5
weighting within wide IPs 6-13
POP3 health monitor 11-21
preconfigured health monitors 11-5
preferred load balancing method 7-2
primary zone files
creating 16-3
defining 16-2
probes
and information in log file B-10
and LDNS B-8
defined B-1
designating servers B-7
determining responsibility for B-3
enabling logging B-10
selecting big3d agents B-5
selecting Global Traffic Manager systems B-3
using log entries to tune B-10
PTR record
creating 16-19
defined 16-13
Index
Index - 6
Q
QoS
See Quality of Service load balancing mode.
Quality of Service coefficients 7-10
Quality of Service load balancing mode
and default settings 7-9
and values of coefficients 7-10
customizing 7-8, 7-12
introducing 7-9
using dynamic ratio 7-8, 7-12
R
RADIUS health monitor 11-21
Ratio load balancing mode 7-5
Real Server health monitor 11-22
regions 9-4
request source statements 9-1
requests
draining 8-12
on performance graph 14-1
resolutions, on performance graph 14-1
resource availability
and limit settings 8-3
and monitor availability requirements 8-3
and monitors 11-2
and virtual server dependencies 8-3
defined 8-3
resource health, determining 8-2
resource records
about DNSSEC and BIND 10-12
adding to zone files 16-22
and CNAME records 16-15
and HINFO records 16-17
and MX records 16-18
and NS records 16-13
and PTR records 16-13
and SOA records 16-12
and SRV records 16-20
and TXT records 16-21
and types of records 16-12
modifying 16-21
viewing DNSSEC 10-12
resources
discovering automatically 5-17
monitoring disabled 3-17
Return to DNS load balancing mode
using 7-5
using to skip load balancing 7-3
reverse mode 11-35
Round Robin load balancing mode 7-5
Round Trip Times load balancing mode 7-9
Router mode
and listeners 4-1
configuring listeners for traffic forwarding 4-4
defined 4-1
rule statement syntax
S
Scripted health monitor 11-24
search feature
locating components 2-6
using to find servers 5-12
using to find wide IPs 6-10
using to find zones 16-10
secondary zone files
creating 16-4
defined 16-2
security features 1-2
server statistics 12-11
server weight, and topologies 9-1
servers
about 2-2
and BIG-IP systems defined 5-5
defining current Global Traffic Manager 5-6
defining host servers 5-10
defining Link Controller systems 5-8
defining load balancing servers 5-9
defining Local Traffic Managers 5-7
defining NTP 3-10
introducing 5-5
service checks, troubleshooting 11-19
setup tasks 1-1
Setup Utility, using 3-1
simple monitors 11-2
SIP health monitor 11-25
slave zone files
See secondary zone files.
SMTP 1-2
SMTP health monitor 11-26
SNMP health monitor 11-26
SNMP Link health monitor 11-28
SNMP MIB 1-4, 1-5
SNMP, using for system communications 3-5
SOA record, defined 16-12
SOAP health monitor 11-28
spoofing, preventing 10-1
SQL Enterprise Manager 11-19
SQL Server-based services 11-18
SRV record
creating 16-20
defined 16-13
SSL 1-2
Index

TM
Index - 7
statement commands, specifying 15-6
static load balancing modes
and alternate load balancing methods 7-1
and fallback load balancing method 7-2
defined 7-1
described 7-3
using 7-3
using Drop Packet 7-3
using Fallback IP 7-4
using Global Availability 7-4
using None 7-3, 7-4
using Ratio 7-5
using Return to DNS 7-3, 7-5
using Round Robin 7-5
using Static Persist 7-5
using Topology 7-6
Static Persist load balancing mode 7-5
statistics
accessing 12-2
and data centers 12-9
and links 12-10
and local DNS servers 12-15
and paths 12-13
and pools 12-8
and servers 12-11
and status summary 12-3
and wide IPs 12-6
described 12-4
introducing 12-1
status code, defined 8-2
status summary 12-3
strings, returning 15-8
stub zone files
creating 16-5
defined 16-2
synchronization
activating 3-11
and DNS zone files 3-13
and NTP 3-10
and time 3-10
configuring 3-9
controlling 3-11
creating groups 3-13
deactivating 3-12
defined 3-10
described 3-9
using other synchronization options 1-3
synchronization groups 3-10, 3-13
syntax for iRule statements
system communications 3-4
system resources
and dependencies 8-7
associating health monitors to 11-38
resuming connections to 8-10
systems
availability 8-3
defining BIG-IP 3-6
discovering automatically 5-17
T
tasks, setup 1-1
Tcl syntax 15-2
TCP Half Open health monitor 11-9
TCP health monitor 11-12
test accounts 11-19
tiered load balancing 7-1
timer values
and metrics collection 13-5
introducing 13-5
Tools Command Language syntax 15-2
topologies
and destination statements 9-1
and pools 9-12
and regions 9-4
and request source statements 9-1
and server weight 9-1
and wide IPs 9-12
configuring for pools 9-7
configuring for wide IPs 9-5
configuring for wide IPs and pools 9-8
implementing 9-10
introducing 9-1
Topology load balancing mode
using 7-6
topology records
creating 9-11
removing 9-14
topology score, and topology records
transparent mode 11-35
TTL values
and metrics collection 13-5
introducing 13-5
TTL, setting for DNSSEC keys 10-2
TXT record
creating 16-21
defined 16-13
U
UDP health monitor 11-29
use pool statement syntax 15-6
Index
Index - 8
V
validation, domain 3-18
Verify Virtual Server Availability option 7-17
views
adding 16-23
adding zones to 16-24
and BIND 9 16-22
deleting 16-24
modifying 16-23
Virtual Server Score load balancing mode 7-9
virtual server statistics 12-12
virtual servers
about 2-3
adding 5-19
adding to pools 6-3
and iRules 15-5
creating dependencies 8-7
editing 5-20
managing 5-19
organizing dependencies 8-9
organizing within pools 6-4
removing 5-20
removing dependencies 8-8
removing from pools 6-4
setting dependencies 8-7
weighting within pools 6-5
VS Capacity load balancing mode 7-9
W
WAP health monitor 11-30
weight
See topology score, and topology records.
weighting, using with links 5-23
when keyword, using with iRules 15-5
whereis iRule command 15-7
wide IP load balancing, and load balancing modes 7-2
wide IP statistics 12-6
wide IP-level load balancing 7-1
wide IPs
adding iRules to 6-16
adding pools to 6-11
adding to distributed applications 6-20
and configuring topologies 9-5, 9-8
and iRules 6-15
and load balancing 7-14
and persistent connections 8-11
and topology load balancing 9-12
creating 6-9
disabling 6-15
enabling 6-15
maintaining 6-10
organizing iRules 6-17
organizing pools 6-12
removing from distributed applications 6-21
removing iRules from 6-16
removing pools from 6-12
setting up 1-1
weighting pools 6-13
wildcard characters
and wide IPs 6-10
examples 6-10
wildcard listener, defined 4-5
Wireless Application Protocol monitor
See WAP health monitor.
WMI health monitor 11-31
Z
zone files
adding to views 16-24
synchronizing 3-13
zones
creating 16-3
creating DNSSEC 10-10
deleting DNSSEC 10-11
managing DNSSEC 10-10
modifying DNSSEC 10-11
zone-signing keys
about 10-5
managing 10-4

Configuration Guidefor BIG-IP Global Traffic Manager

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuration Guidefor BIG-IP Global Traffic Manager

Uploaded by

Copyright:

Available Formats

Configuration Guide

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager.

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Management 1 - 1

Global Traffic Manager system to monitor the

Local Traffic Manager.

Global Traffic Management 1 - 3

Global Traffic Management 1 - 5

Global Traffic Manager

Global Traffic Manager system to operate effectively,

Global Traffic Manager

, and other configuration options.

Global Traffic Manager

Global Traffic Management 3 - 1

Global Traffic Manager, you should run the

Management Guide for BIG-IP

Global Traffic Management 3 - 3

Management Guide for BIG-IP

Systems. For specific information

to send and receive

Global Traffic Management 3 - 5

Management Guide for BIG-IP

Global Traffic Management 3 - 7

Global Traffic Management 3 - 9

Management Guide for BIG-IP

Global Traffic Management 3 - 11

Global Traffic Management 3 - 13

Global Traffic Management 3 - 15

Global Traffic Management 3 - 17

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Management Guide for BIG-IP

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

system can be a Global Traffic Manager, a Local Traffic

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

product family, the IP address and port number of the virtual

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Defining wide IPs

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager

Global Traffic Manager