Configuration Guide for BIG-IP Global Traffic Management

Transcription

1 Configuration Guide for BIG-IP Global Traffic Management version MAN

2

3 Service and Support Information Product Version This manual applies to product version of the BIG-IP Global Traffic Manager. Publication Date This manual was published on April 20, Legal Notices Copyright Copyright , F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice. Trademarks F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, icontrol, GLOBAL-SITE, SEE-IT, EDGE-FX, FireGuard, Internet Control Architecture, IP Application Switch, irules, OneConnect, Packet Velocity, SYN Check, Control Your World, ZoneRunner, uroam, FirePass, TrafficShield, WANJet, and WebAccelerator are registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. F5 Networks' trademarks may not be used in connection with any product or service except as permitted in writing by F5. Export Regulation Notice This product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States. RF Interference Warning This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures. FCC Compliance This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference. Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules. Canadian Regulatory Compliance This class A digital apparatus complies with Canadian I CES-003. Configuration Guide for BIG-IP Global Traffic Management i

4 Standards Compliance This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture. Acknowledgments This product includes software developed by Gabriel Forté. This product includes software developed by Bill Paul. This product includes software developed by Jonathan Stone. This product includes software developed by Manuel Bouyer. This product includes software developed by Paul Richards. This product includes software developed by the NetBSD Foundation, Inc. and its contributors. This product includes software developed by the Politecnico di Torino, and its contributors. This product includes software developed by the Swedish Institute of Computer Science and its contributors. This product includes software developed by the University of California, Berkeley and its contributors. This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory. This product includes software developed by Christopher G. Demetriou for the NetBSD Project. This product includes software developed by Adam Glass. This product includes software developed by Christian E. Hopps. This product includes software developed by Dean Huxley. This product includes software developed by John Kohl. This product includes software developed by Paul Kranenburg. This product includes software developed by Terrence R. Lambert. This product includes software developed by Philip A. Nelson. This product includes software developed by Herb Peyerl. This product includes software developed by Jochen Pohl for the NetBSD Project. This product includes software developed by Chris Provenzano. This product includes software developed by Theo de Raadt. This product includes software developed by David Muir Sharnoff. This product includes software developed by SigmaSoft, Th. Lockert. This product includes software developed for the NetBSD Project by Jason R. Thorpe. This product includes software developed by Jason R. Thorpe for And Communications, This product includes software developed for the NetBSD Project by Frank Van der Linden. This product includes software developed for the NetBSD Project by John M. Vinopal. This product includes software developed by Christos Zoulas. This product includes software developed by the University of Vermont and State Agricultural College and Garrett A. Wollman. In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems. "Similar operating systems" includes mainly non-profit oriented systems for research and education, including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU). This product includes software developed by the Apache Group for use in the Apache HTTP server project ( This product includes software licensed from Richard H. Porter under the GNU Library General Public License ( 1998, Red Hat Software), This product includes the standard version of Perl software licensed under the Perl Artistic License ( 1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at This product includes software developed by Jared Minch. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). ii

5 This product contains software based on oprofile, which is protected under the GNU Public License. This product includes RRDtool software developed by Tobi Oetiker ( and licensed under the GNU General Public License. This product contains software licensed from Dr. Brian Gladman under the GNU General Public License (GPL). This product includes software developed by the Apache Software Foundation < This product includes Hypersonic SQL. This product contains software developed by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation, and others. This product includes software developed by the Internet Software Consortium. This product includes software developed by Nominum, Inc. ( This product contains software developed by Broadcom Corporation, which is protected under the GNU Public License. Configuration Guide for BIG-IP Global Traffic Management iii

6 iv

7 Table of Contents

8

9 Table of Contents 1 Introducing the Global Traffic Manager Introducing the BIG-IP system Introducing the Global Traffic Manager Overview of Global Traffic Manager Resources Internet protocol and network management support Security features Configuration scalability System synchronization options Configuring data collection for server status and network path data Redundant system configurations Monitoring the Global Traffic Manager and the network Using the Configuration Guide Additional information Introducing the Configuration utility Configuration utility components Browser support Stylistic conventions in this document Using the solution examples Identifying new terms Identifying references to products Identifying references to objects, names, and commands Identifying references to other documents Identifying command syntax Finding help and technical support resources Essential Configuration Tasks Reviewing the essential configuration tasks Setting system-level settings Defining listeners Defining NTP servers Defining synchronization settings Setting up data centers Setting up servers Defining the current Global Traffic Manager Defining servers Setting up pools Setting up wide IPs Assigning health monitors Communicating with External Systems Introducing external system communication Communicating with BIG-IP systems Establishing communications between the Global Traffic Manager and other external systems Communicating with third-party systems Adding third-party systems to the Global Traffic Manager Adding virtual servers from third-party systems Working with Listeners Configuration Guide for BIG-IP Global Traffic Management 1

10 Table of Contents Introducing listeners Selecting listeners Selecting listeners for node mode operation Selecting listeners for bridge mode operation Selecting listeners for router mode operation Setting up listeners Modifying listeners Deleting listeners VLANs and listeners Setting up a listener for all VLANs Enabling a listener for specific VLANs Disabling a listener for specific VLANs Defining the Physical Network Introducing physical network components Managing data centers Configuring data centers Modifying data centers Deleting data centers Enabling and disabling data centers Managing servers Defining BIG-IP systems Defining load balancing servers Defining host servers Assigning monitors to servers Setting limit thresholds Discovering resources automatically Managing virtual servers Adding virtual servers manually Modifying virtual servers Removing virtual servers Managing links Defining links Adding and removing routers Assigning monitors to links Configuring link weighting and billing properties Defining the Logical Network Introducing logical network components Understanding logical components Setting up pools Defining pools Adding virtual servers to pools Removing virtual servers from pools Organizing virtual servers within pools Weighting virtual servers within pools Disabling and enabling pools Setting up wide IPs Defining wide IPs Adding pools to wide IPs Removing pools from wide IPs Organizing pools within wide IPs

11 Table of Contents Weighting pools within wide IPs Disabling and enabling wide IPs Incorporating irules Setting up distributed applications Defining distributed applications Adding wide IPs to distributed applications Removing wide IPs from distributed applications Setting dependencies for distributed applications Enabling and disabling distributed application traffic Enabling persistent connections Load Balancing with the Global Traffic Manager Understanding load balancing on the Global Traffic Manager Using static load balancing modes Drop Packet mode Fallback IP Global Availability mode None mode Ratio mode Return to DNS mode Round Robin mode Static Persist mode Topology mode Using dynamic load balancing modes Types of dynamic load balancing modes Implementing the Quality of Service load balancing mode Using the Dynamic Ratio option Configuring load balancing Configuring load balancing methods for wide IPs Configuring load balancing methods for pools Using the fallback load balancing method Configuring the fallback load balancing method Employing additional load balancing options Managing Connections Introducing connection management Determining resource health Determining resource availability Establishing limit settings Using monitors to determine availability Managing dependencies for virtual servers Resuming connections to resources Establishing persistent connections Draining persistent requests Setting the last resort pool Working with Topologies Overview of topologies Understanding topologies Implementing topologies Configuration Guide for BIG-IP Global Traffic Management 3

12 Table of Contents Setting up and removing topology records Removing topology records Using topology load balancing in a wide IP Using topology load balancing in a pool Understanding user-defined regions Other load balancing options for topologies Configuring Monitors Introducing monitors Summary of monitor types Overview of monitor settings Understanding pre-configured and custom monitors Creating a custom monitor Configuring monitor settings Simple monitors Extended Content Verification (ECV) monitors External Application Verification (EAV) monitors Special configuration considerations Setting destinations Using transparent and reverse modes Associating monitors with resources Types of monitor associations Managing monitors Displaying monitor settings Deleting monitors Enabling and disabling monitor instances Synchronizing Global Traffic Managers Introducing synchronization Defining NTP servers Activating synchronization Controlling file synchronization Deactivating file synchronization Synchronizing DNS zone files Creating synchronization groups Discovering Resources through Auto-Discovery Introducing auto-discovery Enabling auto-discovery Setting the discovery frequency Discovering virtual servers Discovering links Viewing Statistics Introducing statistics Accessing statistics Viewing the Status Summary screen Understanding the types of statistics Distributed application statistics

13 Table of Contents Wide IP statistics Pool statistics Data center statistics Link statistics Server statistics Virtual server statistics Paths statistics Local DNS statistics Understanding persistence records Collecting Metrics 15 Writing irules Introducing metrics collection Defining metrics Assigning probes to local domain name servers Configuring TTL and timer values Excluding LDNS servers from probes Removing LDNS servers from the address exclusion list Introducing irules for the Global Traffic Manager What is an irule? Basic irule elements Specifying traffic destinations Creating irules Assigning irules Controlling irule evaluation Specifying events Using statement commands Using wide IP commands Using utility commands Parsing and manipulating content Ensuring data integrity Retreiving resource information Using protocol commands IP commands TCP commands UDP commands Removing irules Managing DNS Files with ZoneRunner Introducing ZoneRunner Working with DNS and BIND Understanding ZoneRunner tasks Working with zone files Types of zone files Creating zone files Importing zone files Modifying zones Deleting zones Working with resource records Configuration Guide for BIG-IP Global Traffic Management 5

14 Table of Contents Types of resource records Creating resource records Modifying a resource record Working with views Adding views Modifying views Deleting views Adding zones to views Managing the named.conf file A Working with the big3d Agent Introducing the big3d agent...a-1 Collecting path data and server performance metrics...a-2 Setting up data collection with the big3d agent...a-2 Understanding the data collection and broadcasting sequence...a-3 Setting up communication between Global Traffic Managers and other servers...a-5 Setting up iquery communications for the big3d agent...a-5 Allowing iquery communications to pass through firewalls...a-6 Communications between Global Traffic Managers, big3d agents, and local DNS servers...a-6 B Working with SNMP Glossary Index Introducing SNMP in a BIG-IP system environment... B-1 Configuring SNMP on the Global Traffic Manager... B-2 Downloading the MIBs... B-2 Understanding configuration file requirements... B-3 Configuring options for the checktrap.pl script... B-6 Configuring the Global Traffic Manager SNMP agent using the Configuration utility... B-8 Configuring SNMP settings to probe hosts... B-9 Configuring the SNMP agent on host servers... B-11 6

15 1 Introducing the Global Traffic Manager Introducing the BIG-IP system Introducing the Global Traffic Manager Using the Configuration Guide Introducing the Configuration utility Stylistic conventions in this document Finding help and technical support resources

16

17 Introducing the Global Traffic Manager Introducing the BIG-IP system F5 Networks BIG-IP system is a port-based, multilayer switch that supports virtual local area network (VLAN) technology. Because hosts within a VLAN can communicate at the data-link layer (Layer 2), a BIG-IP system reduces the need for routers and IP routing on the network. This in turn reduces equipment costs and boosts overall network performance. At the same time, the BIG-IP system s multilayer capabilities enable the system to process traffic at other OSI layers. The BIG-IP system can perform IP routing at Layer 3, as well as manage and secure TCP, UDP, and other application traffic at Layers 4 through 7. The following software modules provide comprehensive traffic management and security for all traffic types. The modules are fully integrated to provide efficient solutions to meet any network, traffic management, and security needs. BIG-IP Local Traffic Manager The Local Traffic Manager includes local traffic management features that help you make the most of network resources such as web servers. Using the powerful Configuration utility, you can customize the way that the BIG-IP system processes specific types of protocol and application traffic. By using features such as virtual servers, server pools, profiles, and irules TM, you ensure that traffic passing through the BIG-IP system is processed quickly and efficiently, while meeting all of your security needs. For more information, see the Configuration Guide for Local Traffic Management. BIG-IP Global Traffic Manager The Global Traffic Manager provides intelligent traffic management to your globally available network resources. Through the Global Traffic Manager, you can select from an array of load balancing modes, ensuring that your clients access the most responsive and robust resources at any given time. In addition, the Global Traffic Manager provides extensive monitoring capabilities so the health of any given resource is always available. For more information, see the Configuration Guide for BIG-IP Global Traffic Management. BIG-IP Link Controller The Link Controller seamlessly monitors availability and performance of multiple WAN connections to intelligently manage bi-directional traffic flows to a site; providing fault tolerant, optimized Internet access regardless of connection type or provider. The Link Controller ensures that traffic is always sent over the best available link to maximize user performance and minimize bandwidth cost to a data center. For more information, see the Configuration Guide for the BIG-IP Link Controller. BIG-IP Application Security Module The Application Security Module provides web application protection from application-layer attacks. The Application Security Module protects Web applications from both generalized and targeted application layer Configuration Guide for BIG-IP Global Traffic Management 1-1

18 Chapter 1 attacks including buffer overflow, SQL injection, cross-site scripting, and parameter tampering. For more information, see the Configuration Guide for the BIG-IP Application Security Module. Introducing the Global Traffic Manager The Global Traffic Manager is a system that monitors the availability and performance of global resources and uses that information to manage network traffic patterns. The Global Traffic Manager uses load balancing algorithms, topology-based routing, and irules to control and distribute traffic according to specific policies. The system is highly configurable, and its web-based configuration utility allows for easy system setup and monitoring. The Global Traffic Manager provides a variety of features that meet special needs. For example, with this product you can: Ensure wide-area persistence by maintaining a mapping between a local DNS server and a virtual server in a wide IP pool Direct local clients to local servers for globally-distributed sites using Topology load balancing Change the load balancing configuration according to current traffic patterns or time of day Customize load balancing modes Set up global load balancing among Local Traffic Managers and other load-balancing hosts Monitor real-time network conditions Configure a content delivery network with a CDN provider Guarantee multiple port availability for e-commerce sites Overview of Global Traffic Manager Resources The Global Traffic Manager manages multiple resources within your network. Each resource represents either a physical presence, such as a server, or a logical presence, such as a wide IP. Effective management of your network traffic requires that you understand and configure these resources correctly. The following is a list of the resources that the Global Traffic Manager manages: Virtual server A virtual server is a collection of IP addresses and port combinations that, together, provide access to an application or data source on your 1-2

19 Introducing the Global Traffic Manager network. These collections are called virtual servers because they might span more than one physical machine, or might be a subset of available ports on a single machine. Server A server is a a physical device that manages one or more virtual servers. An example of a server is the Local Traffic Manager; however, the Global Traffic Manager can manage other server types as well, such as a Windows 2000 Server. Listener To manage your network traffic, the Global Traffic Manager also requires that you configure an additional resource: a listener. A listener instructs the Global Traffic Manager to listen for network traffic destined for a specific IP address. Listeners are critical for the Global Traffic Manager; without them, the Global Traffic Manager does not know what traffic it must manages and what traffic it can safely ignore. Link A link is a physical device that connects your network to the rest of the Internet. Often, links are logically attached to a collection of servers for managing access to your data sources. Data center A data center is a logical collection of both servers and links. Typically, data centers represent devices that reside in a physical location. Pool A pool is a collection of multiple virtual servers. The Global Traffic Manager uses pools to load balance incoming network traffic among multiple virtual servers. Pools differentiate from servers in that a pool can encompass virtual servers on multiple servers on the network. This provides you with more significant load balancing granularity, because you can load balance across multiple pools of virtual servers and then have the appropriate server load balance across the virtual servers themselves. Wide IP A wide IP is a collection of one or more pools. Through the use of wide IPs, you can load balance network traffic between multiple pools. Distributed application A distributed application is a collection of wide IPs, data centers, and links, and is the highest-level component that the Global Traffic Manager supports. You can configure the availability of distributed applications to be dependent on a specific data center, link, or server. For example, if you configure a data center to have its availability depend on a link, and that link goes down, the Global Traffic Manager considers the application to be unavailable. Through the configuration of wide IPs and pools, you can use the Global Traffic Manager to load balance across a collection of data, while resources such as distributed applications, data centers, and servers give you visibility into the performance and availability of these sources. Configuration Guide for BIG-IP Global Traffic Management 1-3

20 Chapter 1 Local Traffic Manager resources If you use the Global Traffic Manager in conjunction with a Local Traffic Manager, you might also want to familiarize yourself with the following additional network resources. These resources are not managed directly through the Global Traffic Manager, but understanding their role in your network configuration can assist you in optimizing your network s availability and performance: Self IP A self IP is what most people think of when they think of an IP address. In a Global Traffic Manager or Local Traffic Manager environment, the term self IP helps distinguish actual IP addresses from other types of addresses, such as those that identify a virtual server. Node A node is an self IP combined with a specific port number. For example, :443. Internet protocol and network management support The Global Traffic Manager supports both the standard DNS protocol and the BIG-IP iquery protocol (a protocol used for collecting dynamic load balancing information). The Global Traffic Manager also supports administrative protocols, such as Simple Network Management Protocol (SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for performance monitoring and notification of system events. For administrative purposes, you can use SSH, RSH, Telnet, and FTP. The Configuration utility supports HTTPS, for secure web browser connections using SSL, as well as standard HTTP connections. The proprietary Global Traffic Manager SNMP agent allows you to monitor status and current traffic flow using popular network management tools. This agent provides detailed data such as current connections being handled by each virtual server. Security features The Global Traffic Manager offers a variety of security features that can help prevent hostile attacks on your site or equipment. Secure administrative connections The Global Traffic Manager supports Secure Shell (SSH) administrative connections for remote administration from the command line. The GTM web server, which hosts the web-based Configuration utility, supports SSL connections as well as user authentication. 1-4

21 Introducing the Global Traffic Manager Secure iquery communications The Global Traffic Manager also supports Web certificate authentication for iquery communications between the Global Traffic Manager and other systems running the big3d agent. TCP wrappers TCP wrappers provide an extra layer of security for network connections. Configuration scalability The Global Traffic Manager is a highly scalable and versatile solution. You can configure the Global Traffic Manager to manage up to several hundred domain names, including full support of domain name aliases. The Global Traffic Manager supports a variety of media options, including Fast Ethernet, and Gigabit Ethernet; the Global Traffic Manager also supports multiple network interface cards that can provide redundant or alternate paths to the network. System synchronization options The Global Traffic Manager synchronization feature allows you to automatically synchronize configurations from one Global Traffic Manager to any other Global Traffic Manager or Link Controller in the network, simplifying administrative management. The synchronization feature offers a high degree of administrative control. For example, you can set the Global Traffic Manager to synchronize a specific configuration file set, and you can also set which GTM Controllers or Link Controllers in the network receive the synchronized information and which ones do not. Configuring data collection for server status and network path data The Global Traffic Manager includes the big3d agent, which is an integral part of its load balancing operations. The big3d agent continually monitors the availability of the servers that the Global Traffic Manager load balances. It also monitors the integrity of the network paths between the servers that host the domain, and the various local DNS servers that attempt to connect to the domain. The big3d agent runs on any of the F5 modules, including Global Traffic Manager, Local Traffic Manager, Link Controller, Application Accelerator, and Load Balancer Limited. Each big3d agent broadcasts its collected data to all of the Global Traffic Managers and Link Controllers in your network, ensuring that all Global Traffic Managers work with the latest information. The big3d agent offers a variety of configuration options that allow you to choose the data collection methods you want to use. For example, you can configure the big3d agent to track the number of router hops (intermediate Configuration Guide for BIG-IP Global Traffic Management 1-5

22 Chapter 1 system transitions) along a given network path, and you can also set the big3d agent to collect host server performance information using the SNMP protocol. For further details on the big3d agent, refer to Appendix A, Working with the big3d Agent. Redundant system configurations A redundant system is a pair of Global Traffic Managers, with one operating as the active unit that responds to DNS queries, and the other one operating as the standby unit. If the active unit fails, the standby unit takes over and begins to respond to DNS queries while the other Global Traffic Manager restarts and becomes the standby unit. The Global Traffic Manager actually supports two methods of checking the status of the peer system in a redundant system: Hardware-based fail-over In a redundant system that has been set up with hardware-based fail-over, the two units in the system are connected to each other directly using a fail-over cable attached to the serial ports. The standby unit checks on the status of the active unit once every second using this serial link. Network-based fail-over In a redundant system that has been set up with network-based fail-over, the two units in the system communicate with each other across an Ethernet network instead of going across a dedicated fail-over serial cable. The standby unit checks on the status of the active unit once every second using the Ethernet. Note In a network-based fail-over configuration, the standby Global Traffic Manager immediately takes over if the active unit fails. If a client has queried the failed Global Traffic Manager, and has not received an answer, it automatically re-issues the request (after 5 seconds) and the standby unit, functioning as the active unit, responds. Monitoring the Global Traffic Manager and the network The Global Traffic Manager includes sophisticated monitoring tools to help you monitor the Global Traffic Manager and the traffic it manages. See Chapter 10, Configuring Monitors for more information. 1-6

23 Introducing the Global Traffic Manager Using the Configuration Guide The Configuration Guide for BIG-IP Global Traffic Management is designed to help you understand how you can use the features of the Global Traffic Manager to accomplish the tasks associated with managing name resolution request on a global level. These tasks include tracking the performance of different servers and services and identifying the load balancing methods that best suit the needs of your company. The configuration guide contains the following chapters: Introducing the Global Traffic Manager This chapter provides an overview of the Global Traffic Manager and this guide. Essential Configuration Tasks This chapter describes the steps you need to follow to have a functional Global Traffic Manager on the network. This chapter is for situations where you want to get the Global Traffic Manager up and running quickly in order to explore and learn about its functionality. Communicating with External Systems This chapter describes how to configure the Global Traffic Manager so it can communicate with the external systems on your network. External systems include other BIG-IP systems, such as Local Traffic Managers; third-party load balancers, and hosts. Working with Listeners This chapter describes how to configure listeners for the Global Traffic Manager. A listener instructs the Global Traffic Manager to listen for network traffic destined for a specific IP address. Defining the Physical Network This chapter describes how to define the physical components of your network, such as servers and data centers. You can use these components to determine load balancing modes and track traffic statistics. Defining the Logical Network This chapter describes how to define the logical components of your network, such as pools and wide IPs. These components determine how the Global Traffic Manager load balances requests. Load balancing with the Global Traffic Manager This chapter describes the load balancing modes that the Global Traffic Manager supports, and how to apply those modes to your pools and wide IPs. Working with Topologies This chapter describes topologies, which allow you to define load balancing modes and resolution controls based on the origin or destination of a given name resolution request. Configuration Guide for BIG-IP Global Traffic Management 1-7

24 Chapter 1 Configuring Monitors This chapter describes how to use monitors to track the components of your network. Monitors are components of the Global Traffic Manager that perform specific tests to see if a given component is available for load balancing. Synchronizing Global Traffic Managers This chapter describes how to synchronize the configuration settings between several Global Traffic Managers. Through synchronization, you can configure one Global Traffic Manager and have that change copied to any other Global Traffic Manager in that synchronization group. Discovering Resources through Auto-Discovery This chapter describes how to use the auto-discovery feature of the Global Traffic Manager to automatically detect network components, such as links or virtual servers, and add them to the configuration of the Global Traffic Manager. Viewing Statistics This chapter describes how to use the Global Traffic Manager to view statistics on the different physical and logical network components. Collecting Metrics This chapter describes how to use the Global Traffic Manager to gather metrics on the different physical and logical network components. Writing irules This chapter describes how to write irules; scripts that allow you to fully customize the load balancing capabilities of the Global Traffic Manager. Managing DNS Files with ZoneRunner This chapter describes how to use ZoneRunner, a BIG-IP utility, to manage and maintain your DNS zone files. In addition the preceding list of chapters, this guide contains the following appendices: Working with the big3d Agent This appendix describes the big3d agent, a utility that is responsible for much of the communication between different BIG-IP components. Working with SNMP This appendix describes how the Global Traffic Manager uses SNMP to acquire information from non-big-ip systems. Additional information In addition to this guide, there are other sources of the documentation you can use in order to work with the BIG-IP system. The information is organized into the guides and documents described below. The following printed documentation is included with the BIG-IP system. 1-8

25 Introducing the Global Traffic Manager Configuration Worksheet This worksheet provides you with a place to plan the basic configuration for the BIG-IP system. BIG-IP Quick Start Instructions This pamphlet provides you with the basic configuration steps required to get the BIG-IP system up and running in the network. The following guides are available in PDF format from the Ask F5 web site, These guides are also available from the first Web page you see when you log in to the administrative web server on the BIG-IP system. Platform Guide This guide includes information about the BIG-IP system. It also contains important environmental warnings. Installation, Licensing, and Upgrades for BIG-IP Systems This guide provides detailed information about installing upgrades to the BIG-IP system. It also provides information about licensing the BIG-IP system software and connecting the system to a management workstation or network. Configuration Guide for BIG-IP Global Traffic Management 1-9

26 Chapter 1 Introducing the Configuration utility The Configuration utility is a web-based application that you use to configure and monitor the Global Traffic Manager. Using the Configuration utility, you can define the load balancing configuration along with the network setup, including data centers, synchronization groups, and servers used for load balancing and path probing. In addition, you can configure advanced features such as topology settings and SNMP agents. The Configuration utility also monitors network traffic, current connections, load balancing statistics, performance metrics, and the operating system itself. The home screen of the Configuration utility provides convenient access to downloads such as the SNMP MIB, and documentation for third-party applications such as ZebOS. Configuration utility components The Configuration utility consists of three main components: The navigation pane This component contains the following tabs: the Main tab, which allows you to select the area of your network (global, local, and so on); and the Help tab, which displays online help relevant to the main screen. The menu bar The content of this component changes depending on what you select on the Main tab in the navigation section. Through the menu bar, you can access into more detailed aspects of a given network component. The active screen The active screen changes depending on what you select on the Main tab in the navigation section. Through the active screen you configure the different aspects of the Global Traffic Manager. It is important to note that the Global Traffic Manager often co-exists with other BIG-IP system modules, such as a Local Traffic Manager or a Link Controller. Consequently, you might see features in the Configuration utility that are not described in this guide. See Finding help and technical support resources, on page 1-13 for a list of other guides that will help you learn about your BIG-IP solution. Browser support The Configuration utility, which provides web-based access to the GTM configuration and features, supports the following browser versions: Netscape Navigator 4.7X Microsoft Internet Explorer, version 5.0,5.5, or

27 Introducing the Global Traffic Manager Stylistic conventions in this document To help you easily identify and understand certain types of information, this documentation uses the following stylistic conventions. Using the solution examples All examples in this documentation use only private IP addresses. When you set up the solutions we describe, you must use IP addresses suitable to your own network in place of our sample IP addresses. Identifying new terms When we first define a new term, the term is shown in bold italic text. For example, a wide IP is a mapping of a fully-qualified domain name to one or more pools of virtual servers that host the domain s content. Identifying references to products We refer to all products in the BIG-IP product family as BIG-IP systems. We refer to the software modules by their name; for example, we refer to the Global Traffic Manager module as simply the Global Traffic Manager. If configuration information relates to a specific hardware platform, we note the platform. Identifying references to objects, names, and commands We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, the nslookup command requires that you include at least one <ip_address> variable. Identifying references to other documents We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about the Local Traffic Manager in the Configuration Guide for Local Traffic Management. Configuration Guide for BIG-IP Global Traffic Management 1-11

28 Chapter 1 Identifying command syntax We show actual, complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command sets the Global Traffic Manager load balancing mode to Round Robin: lb_mode rr Table 1.1 explains additional special conventions used in command line syntax. Item in text \ < > [ ]... Description Continue to the next line without typing a line break. You enter text for the enclosed item. For example, if the command has <your name>, type in your name. Separates parts of a command. Syntax inside the brackets is optional. Indicates that you can type a series of items. Table 1.1 Command line conventions used in this manual 1-12

29 Introducing the Global Traffic Manager Finding help and technical support resources You can find additional technical documentation and product information using the following resources: Online help for the Global Traffic Manager The Configuration utility has online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the left navigation pane to view the online help for a screen. Welcome screen in the Configuration utility The Welcome screen in the Configuration utility contains links to many useful web sites and resources, including: The F5 Networks Technical Support web site The F5 Solution Center The F5 DevCentral web site F5 Networks Technical Support web site The F5 Networks Technical Support web site, provides the latest documentation for the product, including: Release notes for the <product names>, current and past Updates for guides (in PDF form) Technical notes Answers to frequently asked questions The Ask F5 natural language question and answer engine. Note To access this site, you need to register at Configuration Guide for BIG-IP Global Traffic Management 1-13

30 Chapter

31 2 Essential Configuration Tasks Reviewing the essential configuration tasks Setting system-level settings Setting up data centers Setting up servers Setting up pools Setting up wide IPs Assigning health monitors

32

33 Essential Configuration Tasks Reviewing the essential configuration tasks After you have completed the Setup Utility, you can integrate the Global Traffic Manager into your network. Integrating the GTM system into your network requires that you complete the following tasks: Configure system-level settings System-level settings include tasks such as: configuring a listener, which allows the Global Traffic Manager to identify the network traffic for which it is responsible; assigning an NTP server, and establishing synchronization with other Global Traffic Managers. Configure the physical aspects of your load balancing network Physical aspects of your network include resources such as: Data centers, servers, and virtual servers. Configure the logical aspects of your load balancing network Logical aspects of your network include pools of virtual servers; wide IPs, which consist of one or more pools; and health monitors, which determine the availability of pools, and servers. Note If your environment requires that the Global Traffic Manager operate in a fail-safe or high availability mode, see the section titled Configuring fail-safe in Chapter 13: Setting Up a Redundant System, in the BIG-IP Network and Systems Management Guide. Configuration Guide for BIG-IP Global Traffic Management 2-1

34 Chapter 2 Setting system-level settings Before you add various network components into the Global Traffic Manager, you must configure several system-level settings. These settings determine: How the Global Traffic Manager identifies the network traffic for which it is responsible Which default actions the Global Traffic Manager applies when processing network traffic How the Global Traffic Manager interacts with other Global Traffic Managers that exist on the network Defining listeners One of the most crucial aspects of integrating the Global Traffic Manager into your network is providing it with a listener. A listener is a resource for the Global Traffic Manager that identifies the network traffic for which the Global Traffic Manager is responsible. Listeners accomplish this task by listening for traffic on a specified IP address. Listening is a process in which a component, such as a listener, passively checks incoming traffic and initiates an action only if a packet matches a set of criteria. Each listener that you define listens for DNS packets on port 53. The Global Traffic Manager then handles only network traffic sent to that IP address. The IP address that you supply for a listener typically is the IP address you assigned to the Global Traffic Manager. If the Global Traffic Manager must manage traffic across several VLANs, you can select each VLAN through the VLAN Traffic list. To configure a listener 1. On the Main tab of the navigation pane, expand Global Traffic and then click Listeners. The main listener screen opens. 2. Click the Create button. The New Listener screen opens. 3. In the Destination box, type the IP address on which the Global Traffic Manager will listen for network traffic. The Global Traffic Manager will handle only network traffic sent to this IP address. In typical configurations, the IP address for a listener is the IP address assigned to the Global Traffic Manager. 4. From the VLAN Traffic list, select a VLAN setting appropriate for this listener. For additional assistance with this setting, please see the online help. 5. Click the Finished button to save the new listener. For more information on managing and maintaining listeners, see Chapter 4, Working with Listeners. 2-2

35 Essential Configuration Tasks Defining NTP servers When conducting synchronization and metrics collection operations, the Global Traffic Manager requires time measurements that are synchronized with the rest of your network. To ensure the Global Traffic Manager uses the correct time, you define the Network Time Protocol (NTP) servers that the Global Traffic Manager references. To define an NTP server 1. On the Main tab of the navigation pane, expand System and then click General Properties. The General Properties screen appears. 2. From the Device menu, choose NTP. The NTP screen appears. 3. In the Address box, type either the IP address or fully-qualified domain name for the time server. 4. Click the Add button to add the NTP server to your configuration. The time server appears as an entry in the Time Server List. 5. Click the Update to save your changes. Repeat this process for any additional time servers. Defining synchronization settings Most network environments contain multiple Global Traffic Managers installed at various locations on the network. You can synchronize these systems, allowing them to share their configurations. Synchronization across Global Traffic Managers is based on the timestamps associated with the configuration files for each system. Each Global Traffic Manager periodically compares the timestamps on its configuration files against the timestamps on other systems. If the Global Traffic Manager discovers a newer set of files, it automatically downloads them and replaces its existing files. This process ensures that all Global Traffic Managers share the same configurations. Collections of Global Traffic Managers that share configurations must share a common group name, which is called the synchronization group name. This name differentiates different groups of Global Traffic Managers. Note If you plan to synchronize all of your Global Traffic Managers as a single group, you do not need to define a synchronization group name, as the Global Traffic Manager automatically assigns the group the name, default. Configuration Guide for BIG-IP Global Traffic Management 2-3

36 Chapter 2 To define synchronization settings 1. On the Main tab of the navigation pane, expand System and then click General Properties. The General Properties screen appears. 2. From the Global Traffic menu, choose General. The General screen appears. 3. Configure the following settings: Synchronization Synchronization Time Tolerance Synchronize DNS Zone Files Synchronization Group Name 4. Click the Update button to save your changes. For more information on synchronizing Global Traffic Managers, see Chapter 11, Synchronizing Global Traffic Managers. 2-4