BIG-IP Global Traffic Manager and Link Controller: Implementations

Transcription

1 BIG-IP Global Traffic Manager and Link Controller: Implementations version 9.4 MAN

2

3 Service and Support Information Product Version This manual applies to product version 9.4 of the BIG-IP Global Traffic Manager and the BIG-IP Link Controller. Publication Date This manual was published on November 21, Legal Notices Copyright Copyright , F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice. Trademarks F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, icontrol, Internet Control Architecture, IP Application Switch, irules, OneConnect, Packet Velocity, SYN Check, Control Your World, ZoneRunner, uroam, FirePass, TrafficShield, Swan, WANJet, WebAccelerator, and TMOS are registered trademarks or trademarks, and Ask F5 is a service mark, of F5 Networks, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. F5 Networks' trademarks may not be used in connection with any product or service except as permitted in writing by F5. Patents This product protected by U.S. Patents 6,311,278; 6,374,300; 6,473,802; 6,970,933. Other patents pending. Export Regulation Notice This product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States. RF Interference Warning This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures. FCC Compliance This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference. Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules. BIG-IP Global Traffic Manager and Link Controller: Implementations i

4 Canadian Regulatory Compliance This Class A digital apparatus complies with Canadian ICES-003. Standards Compliance This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture. Acknowledgments This product includes software developed by Gabriel Forté. This product includes software developed by Bill Paul. This product includes software developed by Jonathan Stone. This product includes software developed by Manuel Bouyer. This product includes software developed by Paul Richards. This product includes software developed by the NetBSD Foundation, Inc. and its contributors. This product includes software developed by the Politecnico di Torino, and its contributors. This product includes software developed by the Swedish Institute of Computer Science and its contributors. This product includes software developed by the University of California, Berkeley and its contributors. This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory. This product includes software developed by Christopher G. Demetriou for the NetBSD Project. This product includes software developed by Adam Glass. This product includes software developed by Christian E. Hopps. This product includes software developed by Dean Huxley. This product includes software developed by John Kohl. This product includes software developed by Paul Kranenburg. This product includes software developed by Terrence R. Lambert. This product includes software developed by Philip A. Nelson. This product includes software developed by Herb Peyerl. This product includes software developed by Jochen Pohl for the NetBSD Project. This product includes software developed by Chris Provenzano. This product includes software developed by Theo de Raadt. This product includes software developed by David Muir Sharnoff. This product includes software developed by SigmaSoft, Th. Lockert. This product includes software developed for the NetBSD Project by Jason R. Thorpe. This product includes software developed by Jason R. Thorpe for And Communications, This product includes software developed for the NetBSD Project by Frank Van der Linden. This product includes software developed for the NetBSD Project by John M. Vinopal. This product includes software developed by Christos Zoulas. This product includes software developed by the University of Vermont and State Agricultural College and Garrett A. Wollman. In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems. "Similar operating systems" includes mainly non-profit oriented systems for research and education, including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU). This product includes software developed by the Apache Group for use in the Apache HTTP server project ( This product includes software licensed from Richard H. Porter under the GNU Library General Public License ( 1998, Red Hat Software), This product includes the standard version of Perl software licensed under the Perl Artistic License ( 1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at ii

5 This product includes software developed by Jared Minch. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( This product includes cryptographic software written by Eric Young This product contains software based on oprofile, which is protected under the GNU Public License. This product includes RRDtool software developed by Tobi Oetiker ( and licensed under the GNU General Public License. This product contains software licensed from Dr. Brian Gladman under the GNU General Public License (GPL). This product includes software developed by the Apache Software Foundation < This product includes Hypersonic SQL. This product contains software developed by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation, and others. This product includes software developed by the Internet Software Consortium. This product includes software developed by Nominum, Inc. ( This product contains software developed by Broadcom Corporation, which is protected under the GNU Public License. BIG-IP Global Traffic Manager and Link Controller: Implementations iii

6 iv

7 Table of Contents

8

9 Table of Contents 1 Introducing Implementations for Global Traffic Manager and Link Controller Introducing the BIG-IP system Introducing Implementations Getting started Using the Configuration utility Introducing the Global Traffic Manager Introducing the Link Controller About this guide Finding additional information Stylistic conventions in this document Finding help and technical support resources Delegating DNS Traffic to Wide IPs Working with the Global Traffic Manager and DNS traffic Delegating DNS traffic to wide IPs Modifying the existing DNS server Configuring a listener Replacing a DNS Server with the Global Traffic Manager Working with the Global Traffic Manager and DNS traffic Replacing a DNS server with the Global Traffic Manager Configuring the DNS server for zone transfers Acquiring a hint zone file Enabling recursive queries Acquiring zone files Designating the Global Traffic Manager as a primary DNS server Configuring a listener Sending Traffic Through the Global Traffic Manager Working with the Global Traffic Manager as a router or forwarder Forwarding traffic through the Global Traffic Manager Placing the Global Traffic Manager to forward traffic Forwarding traffic to a DNS server Routing traffic through the Global Traffic Manager Placing the Global Traffic Manager to route traffic Routing traffic to a DNS server Integrating the Global Traffic Manager with BIG-IP Systems Understanding the interactions between BIG-IP systems Integrating the Global Traffic Manager with other BIG-IP systems Defining a data center Defining the Global Traffic Manager Adding BIG-IP systems Running the big3d_install script BIG-IP Global Traffic Manager and Link Controller: Implementations vii

10 Table of Contents 6 Adding New Global Traffic Managers to a Synchronization Group Understanding synchronization in Global Traffic Manager version 9.x Adding a new Global Traffic Manager to a synchronization group Adding the Global Traffic Manager Enabling synchronization Running the gtm_add script Running the bigip_add script Cost-Based Load Balancing Introducing cost-based load balancing Configuring cost-based load balancing Configuring the links Creating the default gateway pool for cost-based load balancing Implementing the default gateway pool for cost-based load balancing Configuring the virtual servers Adding a wide IP for inbound load balancing Bandwidth Load Balancing Introducing bandwidth load balancing Configuring bandwidth load balancing Configuring the links Creating the default gateway pool for bandwidth load balancing Implementing the default gateway pool for bandwidth load balancing Defining the virtual servers for an additional Internet connection Adding a wide IP for bandwidth load balancing Setting Up a Global Traffic Manager Redundant System Understanding Global Traffic Manager redundant systems Setting up a Global Traffic Manager redundant system Configuring the redundant system settings Creating a VLAN Assigning self IP addresses Creating a floating IP address Configuring the high availability options Defining an NTP server Defining the default gateway route Defining a listener Running a config sync operation Defining a data center Defining the Global Traffic Managers Enabling synchronization Running the gtm_add script viii

11 Table of Contents 10 Setting Up a Link Controller Redundant System Understanding Link Controller redundant systems Setting up a Link Controller redundant system Configuring the redundant system settings Creating VLANs for Link Controller redundant systems Assigning self IP addresses Creating a floating IP address Configuring the high availability options Defining an NTP server Defining the default gateway route Defining a listener Running a config sync operation Enabling synchronization Adding links Running the gtm_add script Glossary Index BIG-IP Global Traffic Manager and Link Controller: Implementations ix

12 Table of Contents x

13 1 Introducing Implementations for Global Traffic Manager and Link Controller Introducing the BIG-IP system Introducing Implementations Introducing the Global Traffic Manager Introducing the Link Controller About this guide Finding help and technical support resources

14

15 Introducing Implementations for Global Traffic Manager and Link Controller Introducing the BIG-IP system F5 Networks BIG-IP system is a port-based, multilayer switch that supports virtual local area network (VLAN) technology. Because hosts within a VLAN can communicate at the data-link layer (Layer 2), a BIG-IP system reduces the need for routers and IP routing on the network. This in turn reduces equipment costs and boosts overall network performance. At the same time, the BIG-IP system s multilayer capabilities enable the system to process traffic at other OSI layers. The BIG-IP system can perform IP routing at Layer 3, as well as manage and secure TCP, UDP, and other application traffic at Layer 4 through Layer 7. The following software modules provide comprehensive traffic management and security for all traffic types. The modules are fully integrated to provide efficient solutions to meet any network, traffic management, and security needs. BIG-IP Local Traffic Manager The Local Traffic Manager includes local traffic management features that help you make the most of network resources such as web servers. Using the powerful Configuration utility, you can customize the way that the BIG-IP system processes specific types of protocol and application traffic. By using features such as virtual servers, server pools, profiles, and irules TM, you ensure that traffic passing through the BIG-IP system is processed quickly and efficiently, while meeting all of your security needs. For more information, see the Configuration Guide for BIG-IP Local Traffic Management. BIG-IP Global Traffic Manager The Global Traffic Manager provides intelligent traffic management to your globally available network resources. Through the Global Traffic Manager, you can select from an array of load balancing modes, ensuring that your clients access the most responsive and robust resources at any given time. In addition, the Global Traffic Manager provides extensive monitoring capabilities so the health of any given resource is always available. For more information, see the Configuration Guide for BIG-IP Global Traffic Management. BIG-IP Link Controller The Link Controller seamlessly monitors availability and performance of multiple WAN connections to intelligently manage bi-directional traffic flows to a site; providing fault tolerant, optimized Internet access regardless of connection type or provider. The Link Controller ensures that traffic is always sent over the best available link to maximize user performance and minimize bandwidth cost to a data center. For more information, see the Configuration Guide for BIG-IP Link Controller. BIG-IP Application Security Manager The Application Security Manager provides web application protection from application-layer attacks. The Application Security Manager protects Web applications from both generalized and targeted application BIG-IP Global Traffic Manager and Link Controller: Implementations 1-1

16 Chapter 1 layer attacks including buffer overflow, SQL injection, cross-site scripting, and parameter tampering. For more information, see the Configuration Guide for BIG-IP Application Security Management. Introducing Implementations The BIG-IP Global Traffic Manager and Link Controller: Implementations guide is designed to help you accomplish specific configuration tasks associated with the Global Traffic Manager or Link Controller. Each chapter focuses on a specific scenario, providing an overview of the situation to which the implementation applies, and a detailed example of how to configure the system to accomplish the objectives outlined in the implementation scenario. The steps outlined in each chapter are designed so that you can quickly apply them to your own network. Getting started Before you begin configuring a solution, we recommend that you run the Setup utility on the Global Traffic Manager or Link Controller to configure basic network and network elements such as static and floating self IP addresses, interfaces, and VLANs. After running the Setup utility, you can use this guide to implement specific configuration scenarios. Before you begin configuring a solution, we recommend that you complete these tasks: Choose a configuration tool. Familiarize yourself with additional resources such as other BIG-IP system guides and online help. Review the stylistic conventions that appear in this chapter. Using the Configuration utility All users need to use the web-based Configuration utility in order to license the system for the first time. In addition to setting up the management network and initial traffic management software configuration, you use the Configuration utility to perform additional configuration steps necessary for your configuration. The Configuration utility supports Netscape Navigator, version 7.1, or other browsers built on the same engine, such as Mozilla Firefox, and Camino ; and Microsoft Internet Explorer version 6.x. 1-2

17 Introducing Implementations for Global Traffic Manager and Link Controller For information on setting user preferences for the Configuration utility, see the BIG-IP Network and System Management Guide. Introducing the Global Traffic Manager The Global Traffic Manager is a system that monitors the availability and performance of global resources, and uses that information to manage network traffic patterns. The Global Traffic Manager uses load balancing algorithms, topology-based routing, and irules to control and distribute traffic according to specific policies. The system is highly configurable, and its web-based configuration utility allows for easy system setup and monitoring. The Global Traffic Manager provides a variety of features that meet special needs. For example, with this product you can: Ensure wide-area persistence by maintaining a mapping between a local DNS server and a virtual server in a wide IP pool Direct local clients to local servers for globally-distributed sites using Topology load balancing Change the load balancing configuration according to current traffic patterns or time of day Customize load balancing modes Set up global load balancing among Local Traffic Managers and other load-balancing hosts Monitor real-time network conditions Configure a content delivery network with a CDN provider Guarantee multiple port availability for e-commerce sites For more information on the full capabilities of the Global Traffic Manager, see the Configuration Guide for BIG-IP Global Traffic Management. BIG-IP Global Traffic Manager and Link Controller: Implementations 1-3

18 Chapter 1 Introducing the Link Controller The Link Controller is a dedicated IP application switch that manages traffic to and from a site across multiple links, regardless of connection type or provider. The Link Controller provides granular traffic control for Internet gateways, allowing you to define how traffic is distributed across links in a way that meets your business priorities. The Link Controller also transparently monitors the availability and health of links to optimally direct traffic across the best available link. The Link Controller includes the following features: Dynamic load balancing, based on the following link attributes: Total available bandwidth of the link The costs of purchased incremental bandwidth segments Inbound link capacity and resource limits Outbound link capacity and resource limits Router monitoring, to ensure high availability and continuous uptime For more information on the full capabilities of the Link Controller, see the Configuration Guide for BIG-IP Link Controller. 1-4

19 Introducing Implementations for Global Traffic Manager and Link Controller About this guide Each chapter in this guide provides information on a specific implementation of either the Global Traffic Manager or Link Controller. Within each chapter, we provide examples so that you can easily see how you might incorporate the implementation into your existing network. This guide contains the following chapters: Introducing Implementations for Global Traffic Manager and Link Controller This chapter provides an overview of BIG-IP systems, the Global Traffic Manager, the Link Controller, the implementations covered in each chapter, style conventions, and where you can find additional product information. Delegating DNS Traffic to Wide IPs This chapter focuses on adding a Global Traffic Manager to the network to handle wide IP traffic, while keeping an existing DNS server to handle all other DNS-related traffic. Replacing a DNS Server with the Global Traffic Manager This chapter focuses on adding a Global Traffic Manager to a network to handle not only wide IP traffic, but all DNS traffic for the network. Sending Traffic Through the Global Traffic Manager This chapter focuses on adding a Global Traffic Manager to a network in front of an existing DNS server. As DNS-related traffic enters the network, it is first scanned by the Global Traffic Manager to see if its destination is a wide IP. If it is, the system handles the traffic. If not, the system sends the traffic on to the existing DNS server. Integrating the Global Traffic Manager with BIG-IP Systems This chapter focuses on how authorizing the Global Traffic Manager and other BIG-IP systems to communicate with each other. Adding New Global Traffic Managers to a Synchronization Group This chapter focuses on the changes in synchronization between the 4.x version of 3-DNS Controller (the precursor to the Global Traffic Manager) and the present 9.x version. In addition, this solution describes how to add a new Global Traffic Manager to the network and synchronize it with an existing one. Cost-Based Load Balancing This chapter focuses on configuring a Link Controller to load balance traffic based on the costs associated with each network link. Bandwidth Load Balancing This chapter focuses on configuring a Link Controller to load balance traffic based on the bandwidth values associated with each network link. Setting Up a Global Traffic Manager Redundant System This chapter focuses on setting up a redundant system consisting of two Global Traffic Managers. BIG-IP Global Traffic Manager and Link Controller: Implementations 1-5

20 Chapter 1 Setting up a Link Controller Redundant System This chapter focuses on setting up a redundant system consisting of two Link Controllers. Each of these implementations includes sample network information, such as IP addresses and other configuration settings, which provides context for the implementation. You can use the scenarios included with each implementation as a template, replacing the sample data with the corresponding data from an actual network. Finding additional information This guide is designed to provide detailed information on different ways of using a Global Traffic Manager or Link Controller system. Each implementation requires that you have some familiarity with how to configure these products. If you need additional information on these products, the following documentation is available: Platform Guide This guide includes information about the BIG-IP hardware. It also contains important environmental warnings. Installation, Licensing, and Upgrades for BIG-IP Systems This guide provides detailed information about installing upgrades to the BIG-IP system. It also provides information about licensing the BIG-IP system software, and connecting the system to a management workstation or network. BIG-IP Network and System Management Guide This guide provides topics such as adding VLANs, self IP addresses, and other system- and network-related tasks common to most BIG-IP products. Configuration Guide for BIG-IP Global Traffic Management This guide focuses on the configuration capabilities of the Global Traffic Manager, such as creating distributed applications, wide IPs, and data centers. Configuration Guide for BIG-IP Link Controller This guide focuses on the configuration capabilities of the Link Controller, such as creating links and designating paths for inbound wide IP traffic. Each of these guides is available in PDF format from the Ask F5 SM web site, These guides are also available from the first web page you see when you log in to the administrative web server on the BIG-IP system. 1-6

21 Introducing Implementations for Global Traffic Manager and Link Controller Stylistic conventions in this document Using the implementation examples Identifying new terms Identifying references to products To help you easily identify and understand certain types of information, this documentation uses the following stylistic conventions. All examples in this documentation use only private IP addresses. When you set up the implementations described in this document, you must use IP addresses suitable to your own network in place of the sample IP addresses. New terms are shown in bold italic text. For example, a wide IP is a mapping of a fully-qualified domain name to one or more pools of virtual servers that host the domain s content. We refer to all products in the BIG-IP product family as BIG-IP systems. We refer to the software modules by their name; for example, we refer to the Global Traffic Manager module as simply the Global Traffic Manager. If configuration information relates to a specific hardware platform, we note the platform. Identifying references to objects, names, and commands Identifying references to other documents We apply bold text formatting to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, the nslookup command requires that you include at least one <ip_address> variable. We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about the Local Traffic Manager in Chapter 13, Configuring SNATs and NATs, in the Configuration Guide for BIG-IP Local Traffic Management. BIG-IP Global Traffic Manager and Link Controller: Implementations 1-7

22 Chapter 1 Identifying command syntax We show actual, complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command sets the Global Traffic Manager load balancing mode to Round Robin: lb_mode rr Table 1.1 explains additional special conventions used in command line syntax. Item in text \ < > [ ]... Description Continue to the next line without typing a line break. You enter text for the enclosed item. For example, if the command has <your name>, type in your name. Separates parts of a command. Syntax inside the brackets is optional. Indicates that you can type a series of items. Table 1.1 Command line conventions used in this manual 1-8

23 Introducing Implementations for Global Traffic Manager and Link Controller Finding help and technical support resources You can find additional technical documentation and product information using the following resources: Online help for the Global Traffic Manager The Configuration utility has online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the left navigation pane to view the online help for a screen. Welcome screen in the Configuration utility The Welcome screen in the Configuration utility contains links to many useful web sites and resources, including: The F5 Networks Technical Support web site The F5 Solution Center The F5 DevCentral web site F5 Networks Technical Support web site The F5 Networks Technical Support web site, provides the latest documentation for the product, including: Release notes for the Global Traffic Manager and Link Controller, current and past Updates for guides (in PDF form) Technical notes Answers to frequently asked questions The Ask F5 SM natural language question and answer engine. Note To access this site, you need to register at BIG-IP Global Traffic Manager and Link Controller: Implementations 1-9

24 Chapter

25 2 Delegating DNS Traffic to Wide IPs Working with the Global Traffic Manager and DNS traffic Delegating DNS traffic to wide IPs

26

27 Delegating DNS Traffic to Wide IPs Working with the Global Traffic Manager and DNS traffic The primary purpose of the BIG-IP Global Traffic Manager is to help you manage incoming wide IP traffic, and load balance that traffic to the appropriate network resources. However, wide IP traffic is only part of the overall DNS traffic a network must handle. Consequently, typical installations of the Global Traffic Manager involve configuring the system to work in conjunction with existing DNS servers already on the network. The recommended configuration is to configure your DNS server to delegate wide IP-related requests to the Global Traffic Manager for name resolution. Figure 2.1 The Global Traffic Manager with an existing DNS server To control how the Global Traffic Manager responds to DNS requests, you must configure a listener. A listener is a specialized resource that is assigned a specific IP address and uses port 53, the DNS query port. When traffic is BIG-IP Global Traffic Manager and Link Controller: Implementations 2-1

28 Chapter 2 sent to that IP address, the listener alerts the Global Traffic Manager, allowing it to handle the traffic locally or forward the traffic to the appropriate resource. In this configuration, you must create a listener that corresponds to a delegated zone that you create on your existing DNS server. Note This implementation also contains recommendations for modifying the files on your existing DNS server. However, detailing how to implement these modifications is beyond the scope of this implementation. If you are unfamiliar with how to modify the files on your DNS server, we recommend you review the 5th edition of DNS & BIND, available from O Reilly. Delegating DNS traffic to wide IPs This implementation describes the steps necessary to integrate a Global Traffic Manager with an existing DNS server. This implementation focuses on the fictional company SiteRequest. SiteRequest recently purchased a Global Traffic Manager to help load balance traffic across two of its web-based applications: store.siterequest.com and checkout.siterequest.com. These applications are delegated zones of which an existing DNS server manages. They have already configured the Global Traffic Manager with two wide IPs, store.wip.siterequest.com and checkout.wip.siterequest.com, which correspond to these two web applications. Modifying the existing DNS server In order for the Global Traffic Manager to manage the web applications of store.siterequest.com and checkout.siterequest.com, you must create the delegated zone on the existing DNS server. Creating a delegated zone typically involves the following tasks: Create an A record (address record) that defines the domain name and IP address for the Global Traffic Manager. Create an NS record that defines the delegated zone for which the Global Traffic Manager is responsible. Create CNAME records for each web application, which forwards requests to store.siterequest.com and checkout.siterequest.com to the wide IP addresses of store.wip.siterequest.com and checkout.wip.siterequest.com, respectively. Again, if you are unfamiliar with how to create these zones, we recommend you review 5th edition of DNS & BIND, available from O Reilly. 2-2

29 Delegating DNS Traffic to Wide IPs Configuring a listener The final configuration step requires you to set a listener on the Global Traffic Manager. The Global Traffic Manager employs this listener to identify the DNS traffic for which it is responsible. In this solution, the listener you create is the same as the IP address of the Global Traffic Manager: To configure the listener 1. On the Main tab of the navigation pane, expand Global Traffic and then click Listeners. The main listeners screen opens. 2. Click the Create button. The New Listener screen opens. 3. In the Destination box, type the IP address on which the Global Traffic Manager listens for network traffic. In this example, the IP address you add is From the VLAN Traffic list, select All VLANs. 5. Click the Finished button to save the new listener. You now have an implementation of the Global Traffic Manager in which the existing DNS server manages DNS traffic unless the query is for store.siterequest.com or checkout.siterequest.com. When the DNS server receives these queries, it delegates them to the Global Traffic Manager, which then load balances them on the appropriate wide IPs. BIG-IP Global Traffic Manager and Link Controller: Implementations 2-3

30 Chapter 2 2-4

31 3 Replacing a DNS Server with the Global Traffic Manager Working with the Global Traffic Manager and DNS traffic Replacing a DNS server with the Global Traffic Manager

32

33 Replacing a DNS Server with the Global Traffic Manager Working with the Global Traffic Manager and DNS traffic The primary purposes of the Global Traffic Manager are to help you manage incoming wide IP traffic, and load balance that traffic to the appropriate network resources. However, wide IP traffic is only part of the overall DNS traffic that a network must handle. One implementation of the Global Traffic Manager has the system become the authoritative name server for both wide IPs and all other DNS-related traffic. Typically, this implementation requires that the Global Traffic Manager replace an existing DNS server on the network. Figure 3.1 The Global Traffic Manager replacing an existing DNS server To control how the Global Traffic Manager responds to DNS requests, you must configure a listener. A listener is a specialized resource that is assigned a specific IP address and uses port 53, the DNS query port. When traffic is sent to that IP address, the listener alerts the Global Traffic Manager, allowing it to handle the traffic locally or forward the traffic to the appropriate resource. BIG-IP Global Traffic Manager and Link Controller: Implementations 3-1

34 Chapter 3 In this configuration, you must create a listener that corresponds to the IP address of the Global Traffic Manager. Since the Global Traffic Manager replaces an existing DNS server, this IP address must correspond with the IP address denoting the authoritative name server for the appropriate domain. Note The steps in this solution assume that you understand BIND and CNAME records. If you are unfamiliar with these topics, we recommend you review the 5th edition of DNS & BIND, available from O Reilly. Replacing a DNS server with the Global Traffic Manager This solution covers the steps necessary to replace an existing DNS server with the Global Traffic Manager. In this solution, the existing DNS server has an IP address of , while the Global Traffic Manager has an IP address of Here, the focus is on the fictional company SiteRequest. SiteRequest recently purchased a Global Traffic Manager to help load balance traffic across two of its web-based applications: store.siterequest.com and checkout.siterequest.com. These applications are subdomains of which are managed by an existing DNS server. SiteRequest has decided to replace its existing DNS server with the Global Traffic Manager. Earlier, SiteRequest configured the wide IPs that it needs on the system; the final task is to make the Global Traffic Manager the authoritative name server for our domains. The tasks you must complete to replace a DNS server with the Global Traffic Manager are: Configure the DNS server for zone transfers Acquire a hint zone file Enable recursive queries Acquire zone files Designate the Global Traffic Manager as the primary DNS server Configure a listener Configuring the DNS server for zone transfers Before you configure the Global Traffic Manager to replace the existing DNS server, you need to configure the DNS server to allow zone file transfers to the Global Traffic Manager. You can enable this authorization through the use of an allow-transfer statement that specifies the IP address 3-2

35 Replacing a DNS Server with the Global Traffic Manager of the Global Traffic Manager: Please refer to your BIND documentation for more information on how to implement an allow-transfer statement. Acquiring a hint zone file Loading the hint file from another system Another task you must accomplish before the Global Traffic Manager becomes the primary DNS server is to acquire a hint zone file. By default, the Global Traffic Manager does not include a root hints file, which contains information on the name servers for the root zone. The Global Traffic Manager must have this file to process recursive DNS queries. You can add this file to the Global Traffic Manager through the ZoneRunner utility, using one of two methods: Load the file from another system. Transfer the file from the existing DNS server. If you want to update the hint file that you use to track the locations of the name servers for the root zone, you must first download a new hint file to your local system. Once you have the file, you can load it into the Global Traffic Manager using the ZoneRunner utility. To load the hint file 1. On the Main tab of the navigation pane, expand Global Traffic and then click ZoneRunner. The main ZoneRunner screen opens. 2. On the menu bar, click Zones. The main Zones screen opens. 3. Click the Create button. The New Zones screen opens. 4. From the View list, select external. The external view is a default view to which you can assign different zones. 5. In the Name box, type the name of the file. In this example, type Root. 6. From the Zone Type list, select Master. 7. From the Records Creation Method, select Load From File. 8. In the Zone File Name box, type the name of the zone file. In this sample, type named.root. 9. In the Upload Records File box, type the path to the root hints file. Alternatively, you can click the Browse button to navigate to the file. 10. Click the Finished button. BIG-IP Global Traffic Manager and Link Controller: Implementations 3-3

36 Chapter 3 Transferring the hint file from the existing DNS server An alternative method of acquiring the hint file is to use the hint file that exists on the existing DNS server. This option is appropriate if you decided that you did not need a newer version of the file. To transfer the hint file from the existing DNS server 1. On the Main tab of the navigation pane, expand Global Traffic and then click ZoneRunner. The main ZoneRunner screen opens. 2. On the menu bar, click Zones. The main Zones screen opens. 3. Click the Create button. The New Zones screen opens. 4. From the View list, select external. The external view is a default view to which you can assign different zones. 5. In the Name box, type the name of the file. In this example, type Root. 6. From the Zone Type list, select Master. 7. From the Records Creation Method, select Transfer from Server. 8. In the Zone File Name box, type the name of the zone file. In this sample, type named.root. 9. In the Source Server box, type the IP address of the existing DNS server. In this example, type Click the Finished button. Enabling recursive queries After you add the root hint file to the Global Traffic Manager, you can enable the system to process recursive queries. To enable recursive queries 1. On the Main tab of the navigation pane, expand System and then click General Properties. The General Properties screen opens. 2. From the Global Traffic menu, choose General. The general global properties screen opens. 3. Enable the Gtmd Sets Recursion option. 4. Click the Update button to save your changes. 3-4

37 Replacing a DNS Server with the Global Traffic Manager The Global Traffic Manager can now process the queries it receives as recursive queries. Acquiring zone files The next task you must accomplish before the Global Traffic Manager becomes our primary DNS server is to acquire the siterequest.com zone files from the existing DNS server. Again, this task requires that you have added an allow-transfer statement to the existing DNS server that authorizes zone transfers to the Global Traffic Manager. You can acquire these zone files through the ZoneRunner utility. To acquire zone files 1. On the Main tab of the navigation pane, expand Global Traffic and then click ZoneRunner. The main ZoneRunner screen opens. 2. On the menu bar, click Zones. The main Zones screen opens. 3. Click the Create button. The New Zones screen opens. 4. From the View list, select external. The external view is a default view to which you can assign different zones. 5. In the Name box, type the name of the zone file. In this example, type siterequest.com. 6. From the Zone Type list, select Master. 7. From the Records Creation Method, select Transfer from Server. 8. In the Zone File Name box, type the zone file name. In this example, type db.siterequest.com. 9. In the Source Server box, type the IP address of the existing DNS server. In this example, type Click the Finished button. BIG-IP Global Traffic Manager and Link Controller: Implementations 3-5

38 Chapter 3 Designating the Global Traffic Manager as a primary DNS server At this point, you have configured the Global Traffic Manager as the primary (master) DNS server for the siterequest.com zone. You must now either change the existing DNS server to become a secondary (slave) DNS server to the Global Traffic Manager, or remove it from your network. Note Please refer to your BIND documentation if you are unfamiliar with how to change a DNS server from a primary DNS server to a secondary DNS server. Configuring a listener The final configuration step requires you to set a listener on the Global Traffic Manager. The Global Traffic Manager employs this listener to identify the DNS traffic for which it is responsible. In this solution, the listener you create is the same as the IP address of the Global Traffic Manager: To configure the listener 1. On the Main tab of the navigation pane, expand Global Traffic and then click Listeners. The main Listeners screen opens. 2. Click the Create button. The New Listener screen opens. 3. In the Destination box, type the IP address on which the Global Traffic Manager listens for network traffic. In this example, the IP address you add is From the VLAN Traffic list, select All VLANs. 5. Click the Finished button to save the new listener. You now have an implementation of the Global Traffic Manager that is now also the authoritative name server for siterequest.com. This system now handles any incoming DNS traffic, whether destined for a wide IP or another node of siterequest.com. 3-6

39 4 Sending Traffic Through the Global Traffic Manager Working with the Global Traffic Manager as a router or forwarder Forwarding traffic through the Global Traffic Manager Routing traffic through the Global Traffic Manager

40

41 Sending Traffic Through the Global Traffic Manager Working with the Global Traffic Manager as a router or forwarder The primary purpose of the Global Traffic Manager is to help you manage incoming wide IP traffic, and load balance that traffic to the appropriate network resources. However, wide IP traffic is only part of the overall DNS traffic a network must handle. Consequently, typical installations of the Global Traffic Manager involve configuring the system to work in conjunction with existing DNS servers already on the network. This implementation focuses on using the Global Traffic Manager as a router or forwarder in front of an existing DNS server. With this integration, the Global Traffic Manager checks incoming DNS queries. If the query is for a wide IP, the Global Traffic Manager load balances it to the appropriate resource. Otherwise, the Global Traffic Manager forwards the DNS query on to the DNS server, which then handles the query as needed. Figure 4.1 The Global Traffic Manager routing traffic to a DNS server BIG-IP Global Traffic Manager and Link Controller: Implementations 4-1

42 Chapter 4 To control how the Global Traffic Manager responds to DNS requests, you must configure a listener. A listener is a specialized resource that is assigned a specific IP address and uses port 53, the DNS query port. When traffic is sent to that IP address, the listener alerts the Global Traffic Manager, allowing it to handle the traffic locally or forward the traffic to the appropriate resource. If you are familiar with the 3-DNS Controller, which preceded the Global Traffic Manager, you might recall that you could configure the 3-DNS Controller to operate in router mode or bridge mode. You achieve the same functionality with the Global Traffic Manager depending on how you configure the listeners: If the listener points to a DNS server that exists on the same subnet, the Global Traffic Manager acts as a bridge. If the listener points to a DNS server that exists on a different subnet, the Global Traffic Manager acts a router. In this solution, you first create a listener that allows the Global Traffic Manager to act as a bridge. Then you create a second listener that allows the Global Traffic Manager to act as a router for a different set of DNS traffic. Forwarding traffic through the Global Traffic Manager This part of the implementation covers the steps necessary to forward traffic through a Global Traffic Manager to an existing DNS server. When the Global Traffic Manager manages traffic in this manner, it acts like a bridge between one section of the network and another. This implementation focuses on the fictional company SiteRequest. SiteRequest recently purchased a Global Traffic Manager to help load balance traffic across two of its web-based applications: store.siterequest.com and checkout.siterequest.com. These applications are subdomains of which is managed by an existing DNS server. SiteRequest has already configured the Global Traffic Manager with two wide IPs, store.siterequest.com and checkout.siterequest.com, which correspond to these two web applications. Placing the Global Traffic Manager to forward traffic The standard configuration for this implementation requires that you place the Global Traffic Manager between the existing DNS server and the Internet. For the purposes of this implementation, the IP address for the Global Traffic Manager is , while the IP address for the DNS server is

43 Sending Traffic Through the Global Traffic Manager To place the Global Traffic Manager on a network for forwarding traffic 1. Connect the Global Traffic Manager to your Internet connection. 2. Connect the DNS server to an Ethernet port on the Global Traffic Manager. Forwarding traffic to a DNS server With this setup, all DNS traffic flows through the Global Traffic Manager. Next, you need to configure the Global Traffic Manager to recognize the traffic that it must forward to the DNS server. To forward traffic to the DNS server 1. On the Main tab of the navigation pane, expand Global Traffic and then click Listeners. The main listeners screen opens. 2. Click the Create button. The new listener screen opens. 3. In the Destination box, type the IP address on which the Global Traffic Manager listens for network traffic. For this example, the IP address you add is From the VLAN Traffic list, select All VLANs. 5. Click the Finished button to save the new listener. You now have an implementation of the Global Traffic Manager in which the Global Traffic Manager receives all DNS queries. If the query is for a wide IP, the Global Traffic Manager load balances the request to the appropriate resource. If the traffic has a destination IP address of , the Global Traffic Manager forwards the query to the DNS server for resolution. Routing traffic through the Global Traffic Manager This part of the implementation covers the steps necessary to route traffic through a Global Traffic Manager to another DNS server; for example, one that resides in a different data center. When the Global Traffic Manager manages traffic in this manner, it acts like a router between one section of the network and another. This implementation again focuses on the fictional company SiteRequest. SiteRequest still wants to use the Global Traffic Manager to help load balance traffic across two of its web-based applications: store.siterequest.com and checkout.siterequest.com. These applications BIG-IP Global Traffic Manager and Link Controller: Implementations 4-3

44 Chapter 4 are subdomains of which is managed by an existing DNS server. Again, SiteRequest has already configured the Global Traffic Manager with two wide IPs, store.siterequest.com and checkout.siterequest.com, which correspond to these two web applications. Placing the Global Traffic Manager to route traffic The standard configuration for this solution requires that you place the Global Traffic Manager between the existing DNS server and the Internet. For the purposes of this example, the IP address for the Global Traffic Manager is , while the IP address for the DNS server is To place the Global Traffic Manager on the network for routing traffic 1. Connect the Global Traffic Manager to your Internet connection. 2. Connect the DNS server to an Ethernet port on the Global Traffic Manager. Routing traffic to a DNS server With this setup, all DNS traffic flows through the Global Traffic Manager. Next, you need to configure the Global Traffic Manager to recognize the traffic that it must route to the DNS server. To route traffic to the DNS server 1. On the Main tab of the navigation pane, expand Global Traffic and then click Listeners. The main listeners screen opens. 2. Click the Create button. The new listener screen opens. 3. In the Destination box, type the IP address on which the Global Traffic Manager listens for network traffic. In this example, the IP address you add is From the VLAN Traffic list, select All VLANs. 5. Click the Finished button to save the new listener. You now have an implementation of the Global Traffic Manager in which the Global Traffic Manager receives all DNS queries. If the query is for a wide IP, the Global Traffic Manager load balances the request to the appropriate resource. If the traffic has a destination IP address of , the Global Traffic Manager routes the query to the DNS server for resolution. 4-4

45 5 Integrating the Global Traffic Manager with BIG-IP Systems Understanding the interactions between BIG-IP systems Integrating the Global Traffic Manager with other BIG-IP systems

46

47 Integrating the Global Traffic Manager with BIG-IP Systems Understanding the interactions between BIG-IP systems Many common implementations of Global Traffic Manager systems involve adding the new system to networks in which Local Traffic Managers are already present. In this scenario, the Global Traffic Manager allows you to expand your load balancing and traffic management capabilities beyond the local area network. For this implementation to be successful, however, you must authorize communications between the Global Traffic Manager and any Local Traffic Manager on your network. BIG-IP systems employ a custom protocol, called iquery, to exchange information back and forth. To manage this flow of information, both the Global Traffic Manager and any Local Traffic Managers employ a software agent, called big3d. While the Global Traffic Manager can communicate with BIG-IP systems, they must have the same version of the big3d agent as the Global Traffic Manager. Figure 5.1 Communications between big3d and gtmd agents In addition to employing the same version of the big3d agent, you must authorize the communication between the Global Traffic Managers and Local Traffic Managers. You authorize this communication through the use of SSL certificates. These certificates ensure that each BIG-IP system, whether Global Traffic Manager or Local Traffic Manager, trusts the communications sent from any other BIG-IP system. Consequently, the two tasks you must accomplish when integrating a Global Traffic Manager with BIG-IP systems are: Enable communications between the different BIG-IP systems. Install the latest version of the big3d agent. BIG-IP Global Traffic Manager and Link Controller: Implementations 5-1

48 Chapter 5 Integrating the Global Traffic Manager with other BIG-IP systems This implementation focuses on adding a Global Traffic Manager to a network that has several BIG-IP systems. A BIG-IP system refers to any F5 product, such as Local Traffic Manager, Global Traffic Manager, or Link Controller. At this point, you have added the Global Traffic Manager to the network, and configured a listener to ensure that DNS traffic is routed to the appropriate resource (either the Global Traffic Manager or another DNS server). To illustrate how to integrate a Global Traffic Manager with other BIG-IP systems, this implementation uses the fictional company, SiteRequest. SiteRequest currently has two data centers: one located in New York and one located in Los Angeles. Each data center has a BIG-IP redundant system. Table 5.1 displays the details for these BIG-IP systems. System IP Address New York BIG-IP New York BIG-IP Los Angeles BIG-IP Los Angeles BIG-IP New York GTM Table 5.1 SiteRequest BIG-IP systems Figure 5.2 The SiteRequest network 5-2

49 Integrating the Global Traffic Manager with BIG-IP Systems The tasks associated with integrating the Global Traffic Manager are: Define a data center Define the Global Traffic Manager Add the BIG-IP systems Run the big3d_install script Defining a data center The first task is to define the data centers in the Global Traffic Manager. Data centers are important entities within the Global Traffic Manager; you cannot add other entities, such as server, without them. To define a data center 1. On the Main tab of the navigation pane, expand Global Traffic and then click Data Centers. The main screen for data centers opens. 2. Click the Create button. The New Data Center screen opens. 3. In the Name box, type the name of the data center. For this example, type New York Data Center. 4. In the Location box, type the location of the data center. In this example, type New York, NY. 5. From the State option, select Enabled. 6. Click the Finished button to save the new data center. You can now repeat these same steps to create the Los Angeles data center. Defining the Global Traffic Manager At installation, the Global Traffic Manager has no knowledge of itself. To have the Global Traffic Manager communicate and operate with other systems, you must define it within the user interface. To define the Global Traffic Manager 1. On the Main tab of the navigation pane, expand Global Traffic and then click Servers. The main screen for servers opens. 2. Click the Create button. The New Server screen opens. 3. In the Name box, type the name of the server. For this example, type New York GTM. BIG-IP Global Traffic Manager and Link Controller: Implementations 5-3

50 Chapter 5 4. From the Product list, select a server type. In this example, select BIG-IP System (Single). 5. In the Address List setting, complete the following tasks: In the Address box, type the IP address of the server. For this example, type Click the Add button 6. From the Data Center list, select New York Data Center. 7. For the Health Monitors setting, assign the bigip monitor to the server by moving it from the Available list to the Selected list. 8. From the Virtual Server Discovery list, select Disabled. 9. Click the Create button to create the server object that defines the two redundant BIG-IP systems at the New York data center. Adding BIG-IP systems Once you have defined the two data centers within the Global Traffic Manager, and defined the Global Traffic Manager itself, you can add the BIG-IP systems that reside at each data center. Note A BIG-IP system is a specific F5 product, including Local Traffic Manager, Global Traffic Manager, and Link Controller. Note The IP addresses in these steps are not the IP addresses that you assign to the management port. To add the BIG-IP systems to the Global Traffic Manager 1. On the Main tab of the navigation pane, expand Global Traffic and then click Servers. The main screen for servers opens. 2. Click the Create button. The New Server screen opens. 3. In the Name box, type the name of the server. In this example, type New York BIG-IP From the Product list, select a server type. For this example, select BIG-IP System (Redundant). 5. In the Address List setting, complete the following tasks: In the Address box, type the IP address of the server. For this example, type Click the Add button 5-4

51 Integrating the Global Traffic Manager with BIG-IP Systems 6. In the Peer Address List setting, complete the following tasks: In the Address box, type the IP address of the second BIG-IP system that completes the redundant system. In this example, type Click the Add button 7. For the Health Monitors setting, assign the bigip monitor to the server by moving it from the Available list to the Selected list. 8. From the Virtual Server Discovery list, select Disabled. 9. Click the Create button to create the server object that defines the BIG-IP redundant system at the New York data center. You can now repeat these same steps to add the BIG-IP systems located in the Los Angeles data center. Running the big3d_install script At this point, you have configured the Global Traffic Manager with the information it needs to begin communications with the BIG-IP systems on the network. However, before these systems can communicate with each other, you must upgrade the big3d agents on the BIG-IP systems and instruct these systems to authenticate with the other systems through the exchange of web certificates. You can accomplish both of these tasks through the big3d_install script. This script is included with the Global Traffic Manager. To run the big3d_install script 1. Log in to the command line interface for the Global Traffic Manager. 2. At the prompt, type big3d_install <ip addresses>. In this example, type the following: big3d_install Press the Enter key to run the script. This script instructs the Global Traffic Manager to connect to each BIG-IP system that you specified by IP address. As it connects to each system, it prompts you to supply the appropriate login information to access that system. When the script has completed its operations, the following changes take effect on each BIG-IP system: The appropriate SSL certificates are exchanged between each system, authorizing communications between each system. The big3d agent on each system is upgraded to the same version as installed on the Global Traffic Manager. BIG-IP Global Traffic Manager and Link Controller: Implementations 5-5

52 Chapter 5 You have now successfully configured the BIG-IP systems on this network, including the Global Traffic Manager, to communicate with each other. The Global Traffic Manager can now use the BIG-IP systems when load balancing DNS requests, as well as when acquiring statistical or status information for the virtual servers these systems manage. 5-6

53 6 Adding New Global Traffic Managers to a Synchronization Group Understanding synchronization in Global Traffic Manager version 9.x Adding a new Global Traffic Manager to a synchronization group

54

55 Adding New Global Traffic Managers to a Synchronization Group Understanding synchronization in Global Traffic Manager version 9.x Before 9.x, you synchronized 3-DNS Controllers (the precursor to Global Traffic Manager) through the use of sync groups. A sync group contained two components: a principal 3-DNS Controller, and one or more receiver 3-DNS Controllers. When you created a sync group, you specified which of the 3-DNS Controllers you wanted to use as the principal system. Any configuration changes you made on that system were then distributed to the secondary 3-DNS Controllers on the network. Figure 6.1 An example of a 3-DNS Controller sync group With the 9.x line of Global Traffic Manager, specific sync groups no longer exist. Instead, Global Traffic Manager systems reside in more generalized collections, called synchronization groups. Although the names are similar, there are significant feature changes. For example, in these groups, all Global Traffic Manager systems have the same rank; in other words, the principal/receiver hierarchy present in the 4.x line no longer exists. This change allows you to modify the Global Traffic Manager settings from any system; these changes are then sent to all other Global Traffic Managers within the same synchronization group. BIG-IP Global Traffic Manager and Link Controller: Implementations 6-1

56 Chapter 6 Figure 6.2 An example of a synchronization group To be part of a synchronization group, a Global Traffic Manager: Must have its Synchronization option enabled Must have a Synchronization Group name that other Global Traffic Managers also share The synchronization operations in 9.x operate in the following manner: At regular intervals, each Global Traffic Manager uses the iquery protocol to compare the timestamp of its configuration files against the timestamps on any other Global Traffic Manager in its synchronization group. If the system detects a newer configuration file, it downloads and uses those files. This process ensures the rapid distribution of Global Traffic Manager settings to any other systems that belong to the same synchronization group. One exception to this process occurs when you add a new Global Traffic Manager to the network. In this scenario, there is a chance that the timestamp of the new systems configuration file is newer than the files on the already-installed Global Traffic Manager. If you enabled synchronization at this point, the unconfigured configuration file would be distributed to the existing Global Traffic Managers, effectively removing your existing configurations. You can avoid the accidental synchronization of an unconfigured configuration file to existing Global Traffic Managers through the use of the gtm_add script. This script acquires the configuration file from an existing Global Traffic Manager and applies it to the new system. As a result, the new system has the current configuration for your network. 6-2

57 Adding New Global Traffic Managers to a Synchronization Group Adding a new Global Traffic Manager to a synchronization group This implementation focuses on the fictional company, SiteRequest. Currently, the SiteRequest network has two data centers: one located in New York; the other in Los Angeles. Until recently, SiteRequest had a single Global Traffic Manager located at the New York data center, with an IP address of However, recent increases in DNS traffic have prompted the integration of a new Global Traffic Manager at the Los Angeles data center. These two Global Traffic Managers must belong to the same synchronization group, allowing changes made to one system to transfer over to the other. For the purposes of this solution, both Global Traffic Managers are the same version, and the the Global Traffic Manager in New York is already active and communicating with the rest of the network. At this point in the example, the new Global Traffic Manager is connected to the network and assigned the IP address, SiteRequest also has a data center object defined on the Global Traffic Manager located in New York, and has named this new data center: Los Angeles Data Center. This data center contains the various BIG-IP systems that reside in Los Angeles. Finally, you have two Local Traffic Managers; one at each data center. The Local Traffic Manager in New York has an IP address of ; the one in Los Angeles has an IP address of The tasks you must complete to add a new Global Traffic Manager to a synchronization group are: Add the Global Traffic Manager to the configuration Enable synchronization Run the gtm_add script Run the bigip_add script Adding the Global Traffic Manager The first task you must accomplish is adding the Los Angeles Global Traffic Manager to the New York Global Traffic Manager. To add the Global Traffic Manager 1. On the Main tab of the navigation pane, expand Global Traffic and then click Servers. The main screen for servers opens. 2. Click the Create button. The New Server screen opens. 3. In the Name box, type the name of the sever. For this example, type Los Angeles GTM. BIG-IP Global Traffic Manager and Link Controller: Implementations 6-3

58 Chapter 6 4. From the Product list, select the server type. In this example, select BIG-IP System (Single). 5. In the Address List option, complete the following tasks: In the Address box, type the IP address of the server. In this example, type Click the Add button 6. From the Data Center list, select the data center to which the server belongs. For this example, select Los Angeles Data Center. 7. From the Virtual Server Discovery list, select Disabled. 8. Click the Create button to create the server object that defines the Global Traffic Manager at the selected data center. Enabling synchronization For the next step, you need to enable the Synchronization option and assign an appropriate name for the synchronization group. For this solution, the synchronization group name is North America. To enable synchronization 1. On the Main tab of the navigation pane, expand System and then click General Properties. The general properties screen opens. 2. From the Global Traffic menu, choose General. The General global properties screen opens. 3. Check the Synchronization check box. 4. Check the Synchronize DNS Zone Files check box. 5. In the Synchronization Group Name box, type the name of the group. In this example, type North America. 6. Click the Update button to save your changes. Running the gtm_add script Next, you need to have the new Global Traffic Manager acquire the settings established on an existing Global Traffic Manager. In this example, the Global Traffic Manager in Los Angeles acquires the configurations established at the New York data center. You must do this before you attempt to synchronize these systems; otherwise, you run the risk of having the new Global Traffic Manager, which is unconfigured, replace the configuration of the New York system. To acquire the configuration files, you run the gtm_add script. 6-4

59 Adding New Global Traffic Managers to a Synchronization Group To run the gtm_add script 1. Log in to the unconfigured Global Traffic Manager. 2. At the command prompt, type gtm_add. A prompt appears, describing what the gtm_add script does and asking if you are sure you want to run the process. 3. Press the y key to start the gtm_add script. The script then prompts you for the IP address of the system from which you want to acquire configuration settings. 4. Type the IP address of the configured Global Traffic Manager. For this example, type Press Enter. At this point, both Global Traffic Managers share the same configuration. In addition, they also belong to the same synchronization group, because the gtm_add script copied the settings from the existing Global Traffic Manager to the new Global Traffic Manager. Running the bigip_add script With the new unit added to the existing unit, you can now access the new system and run the bigip_add script. This script exchanges SSL certificates so that each system is authorized to communicate with the other. In this example, you run this script from the Global Traffic Manager in the Los Angeles data center. To run the bigip_add script 1. Log in to the command line interface for the Global Traffic Manager. 2. At the prompt, type bigip_add <ip addresses>. In this example, type bigip_add Note: Notice that, in this example, you have included the IP address of the Global Traffic Manager in New York. 3. Press the Enter key to run the script. BIG-IP Global Traffic Manager and Link Controller: Implementations 6-5

60 Chapter 6 6-6

61 7 Cost-Based Load Balancing Introducing cost-based load balancing Configuring cost-based load balancing

62

63 Cost-Based Load Balancing Introducing cost-based load balancing The Link Controller provides a variety of methods for managing the traffic flowing in and out of a network. A common method is cost-based load balancing. In cost-based load balancing, you prioritize link usage based on the cost of the bandwidth for that connection to the Internet. The Link Controller sends traffic to the link that is currently operating at the lowest cost. As the usage cost for each link changes, the Link Controller dynamically shifts traffic to the best link. When configuring a Link Controller to use cost-based load balancing, there are three critical settings: Weighting The Weighting option for each link determines how the Link Controller prioritizes the links in its configuration. By default, this option is set to Ratio, which is applicable for both ratio load balancing and bandwidth load balancing. For cost-based load balancing, however, you must set this option to Price (Dynamic Ratio). Prepaid Segment Most Internet Service Providers (ISPs) offer bandwidth plans that include a prepaid amount of bandwidth. In the Prepaid Segment option, you assign the appropriate bandwidth and cost values that are prepaid for the link. Incremental Segments The Incremental Segment option allows you to define the cost per segment values that apply to this link. You can assign as many incremental segments as needed. Note When implementing cost-based load balancing, it is important that your configuration applies to all of the links that the Link Controller manages. We do not recommend applying cost-based load balancing to one set of links and ratio load balancing to another set, for example. BIG-IP Global Traffic Manager and Link Controller: Implementations 7-1

64 Chapter 7 Figure 7.1 Cost-based Load Balancing In this process, shown in Figure 7.1, the following sequence occurs: 1. A client sends a DNS request to a Local DNS server. 2. The LDNS server sends an iterative request that leads to the Link Controller. 3. The Link Controller determines the best link based on current cost estimates and bandwidth usage, and sends the appropriate response back to the LDNS server. 4. The LDNS server forwards the response to the client. 5. The client then communicates with the appropriate virtual server through the corresponding link that the Link Controller specified. 7-2

65 Cost-Based Load Balancing Configuring cost-based load balancing To illustrate how cost-based load balancing works, consider the fictional company SiteRequest. This company has two links for managing its inbound and outbound traffic: Link Alpha, which is the primary link for the network. This link uses an ISP to which a flat fee of $45 is paid for up to 4Mbps of total (both inbound and outbound) traffic. If the limit of 4Mbps is exceeded, SiteRequest incurs a $2/Mbps charge. Link Beta, which is a secondary link for the network. This link uses an ISP with which SiteRequest does not have a prepaid amount of bandwidth. Instead, SiteRequest is billed based on a pay-as-you-go basis. The rate charged for using this link is set at $1/Mbps. As these rates illustrate, the most cost-efficient configuration for SiteRequest s links is to have Link Alpha handle traffic until it reaches 4Mbps, then send any traffic over 4Mbps to Link Beta. When the traffic decreases, the Link Controller must switch back to using only Link Alpha again. Table 7.1 provides additional information about each link. Link Router Address Uplink Address ISP Link Alpha Global ISP Link Beta Regional ISP Table 7.1 Additional link attributes The tasks required to configure cost-based load-balancing include: Configure the links Create a default gateway pool Implement the default gateway pool Configure the virtual servers Add a wide IP Configuring the links The first step in designing a Link Controller configuration that uses cost-based load balancing to manage outbound traffic is to add and configure the links into the Link Controller. You can configure each link BIG-IP Global Traffic Manager and Link Controller: Implementations 7-3

66 Chapter 7 using a variety of options; however, the critical settings are the Weighting, Prepaid Segment, and Incremental Segment options, with which you set the pricing values for the link. Note The following steps apply to the Link Controller system; however you can also use these steps if you have a Global Traffic Manager. If you are configuring links on a Global Traffic Manager, you must first create a data center, to which you then assign the configured link. To add the first link 1. On the Main tab of the navigation pane, expand Link Controller and then click Links. The main link screen opens. 2. Click the Create button. The New Link screen opens. 3. In the Name box, type the name of the link. In this example, type Link Alpha. 4. In the Router Address box, type the IP address of the router. For this example, type In the Uplink Address box, type the IP address that corresponds with the external Internet connection. In this example, type In the Service Provider box, type the name of the ISP provider. For this example, select Global ISP. 7. From the Configuration list, select Advanced. An additional set of configuration options open. 8. From the Weighting list, select Price (Dynamic Ratio). The Prepaid Segment and Increment Segment options open. 9. In the Prepaid Segment option, type the amount of bandwidth is prepaid for the link. This value is in bytes. In this example, type In the Incremental Segment option, add the incremental segment price. In this example type the following entry: Up to 1000 bps at 2 $/Mbps 11. Click the Create button to save your changes. You can now repeat these steps to add the second link to the configuration. In this example, when you add the second link, set the Prepaid Segment to 0 and add the following entry in the Incremental Segment option: Up to 1000 bps at 1 $/Mbps 7-4

67 Cost-Based Load Balancing Creating the default gateway pool for cost-based load balancing After you have added and configured the relevant links, the next step in implementing cost-based load balancing is to create the default gateway pool that will load balance the traffic across the links. To create a default gateway pool for cost-based load balancing 1. On the Main tab of the navigation pane, expand Local Traffic and then click Pools. The main Pools screen appears. 2. Click the Create button. The create pool screen appears. 3. In the Name box, type the name of the pool. In this example, type default_gateway_pool. 4. For the New Members setting, add the IP addresses associated with each link. In this example type the following: For Link Alpha, add For Link Beta, add Click Finished to save your changes. Implementing the default gateway pool for cost-based load balancing After you create a default gateway pool, you must instruct the Link Controller to use the pool as the default gateway connection between the internal network and the Internet. To implement the default gateway pool for cost-based load balancing 1. On the Main tab of the navigation pane, expand Network and then click Routes. The main routes screen opens. 2. Click the Add button. The New Routes page opens. 3. From the Type list, select Default Gateway. 4. From the Resource list, select Use Pool. A list appears, allowing you to select the pool of links. 5. Select default_gateway_pool. 6. Click Finished to save your changes. BIG-IP Global Traffic Manager and Link Controller: Implementations 7-5

68 Chapter 7 Configuring the virtual servers After creating the pools, you configure the virtual servers, one for each link that load balances inbound connections across the servers. You also configure one wildcard virtual server to load balance outbound connections across the routers. For this solution, you define the following virtual servers: VS for Link Alpha 1, which has an IP address of :80 and represents a single host on the network. VS for Link Alpha 2, which has an IP address of :80 and represents a single host on the network. VS for Link Beta 1, which has an IP address of :80 and also represents a single host on the network. VS for Link Beta 2, which has an IP address of :80 and also represents a single host on the network. To add a virtual server for cost-based load balancing 1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. The main screen for virtual servers appears. 2. Click the Create button. The New Virtual Server screen opens. 3. In the Name box, type the name of the virtual server. In this example, type VS for Link Alpha In the Destination section, select Host. 5. In the Service Port option, type Click the Finished button to save the new virtual server configuration. You then repeat the preceding steps for the additional virtual servers. Once the remaining virtual servers are in the configuration, you can define the wildcard virtual server. To define a wildcard virtual server for cost-based load balancing 1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. The main screen for virtual servers appears. 2. Click the Create button. The New Virtual Server screen opens. 3. For a wildcard virtual server, use the following settings for this example: 7-6

69 Cost-Based Load Balancing For the name, type outbound. For the destination address, type For the service, type 0 or select any from the list. 4. Click the Finished button to apply your changes. Adding a wide IP for inbound load balancing To complete the link load balancing configuration, you must configure a wide IP for each pair of virtual servers you created for each link. Each wide IP in the configuration has a set of virtual servers to which the Link Controller load balances incoming DNS requests. The wide IP is made up of only virtual servers that the Link Controller manages. When you configure the wide IP, you also specify the load balancing methods that the Link Controller applies to the incoming DNS requests. For this solution, you will use the wide IP using the Global Availability as the preferred load balancing method, and None for the Alternate and Fallback methods. To add a wide IP 1. On the Main tab of the navigation pane, expand Link Controller and then click Inbound Wide IPs. The main wide IP screen opens. 2. Click the Create button. The New Wide IP screen opens. 3. In the Name box, type the name of the wide IP In this example, type 4. From the Load Balancing setting: Select Ratio from the Preferred list. Select Round Robin from the Alternate list. Select Return to DNS from the Fallback list. 5. In the Virtual Server setting, add the virtual servers that you created in the previous Configuring the virtual servers, on page Click the Finished button to save the new wide IP. At this point, you now have a Link Controller configured to manage DNS traffic for As data flows in and out of the network, the Link Controller monitors the total amount of bandwidth for each link. While traffic remains below 4Mbps, the Link Controller uses Link Alpha. If traffic exceeds that amount, the Link Controller sends the overflow traffic to Link Beta. And, should a link go offline for any reason, the Link Controller uses the Alternate and Fallback load balancing modes to route traffic through an available link. BIG-IP Global Traffic Manager and Link Controller: Implementations 7-7

70 Chapter 7 7-8

71 8 Bandwidth Load Balancing Introducing bandwidth load balancing Configuring bandwidth load balancing

72

73 Bandwidth Load Balancing Introducing bandwidth load balancing The Link Controller provides a variety of methods for managing the traffic flowing in and out of a network. A common method is bandwidth load balancing. In bandwidth load balancing, the Link Controller uses a specific link until a traffic threshold has been met. After that threshold is met, the Link Controller shifts traffic to another link. When the traffic falls below the threshold, the Link Controller shifts traffic back to the first link. You can configure three different types of bandwidth settings for each link: Inbound, which refers to the amount of traffic flowing into the network Outbound, which refers to the amount of traffic flowing out of the network Total, which refers to the cumulative amount of traffic flowing in and out of the network Note When implementing cost-based load balancing, it is important that your configuration applies to all of the links that the Link Controller manages. We do not recommend applying cost-based load balancing to one set of links and ratio load balancing to another set, for example. Configuring bandwidth load balancing To illustrate how cost-based load balancing works, consider the fictional company SiteRequest. This company has two links for managing its inbound and outbound traffic: Link Alpha, which is the primary link for the network. This link uses an ISP to which a flat fee of $45 is paid for up to 4Mbps of total (both inbound and outbound) traffic. If the limit of 4Mbps is exceeded, SiteRequest incurs a $2/Mbps charge. Link Beta, which is a secondary link for the network. This link uses an ISP with which SiteRequest does not have a prepaid amount of bandwidth. Instead, SiteRequest is billed based on a pay-as-you-go basis. The rate charged for using this link is set at $1/Mbps. As these rates illustrate, the most cost-efficient configuration for SiteRequest s links is to have Link Alpha handle traffic until it reaches 4Mbps, then send any traffic over 4Mbps to Link Beta. When the traffic decreases, the Link Controller must switch back to using only Link Alpha again. BIG-IP Global Traffic Manager and Link Controller: Implementations 8-1

74 Chapter 8 Table 8.1 provides additional information about each link. Link Router Address Uplink Address ISP Link Alpha Global ISP Link Beta Regional ISP Table 8.1 Additional link attributes The tasks you need to accomplish for bandwidth-based load balancing include: The tasks required to configure cost-based load-balancing include: Configure the links Create a default gateway pool Implement the default gateway pool Configure the virtual servers Add a wide IP Configuring the links The first step in designing a Link Controller configuration that uses bandwidth load balancing to manage outbound traffic is to add and configure the links into the Link Controller. You can configure each link using a variety of options; however, the critical setting for this solution is the Total Traffic option, with which you set the total bandwidth thresholds for the link. Note The following steps apply to the Link Controller system; however you can also use these steps if you have a Global Traffic Manager. If you are configuring links on a Global Traffic Manager, you must first create a data center, to which you then assign the configured link. To add a link for use with bandwidth load balancing 1. On the Main tab of the navigation pane, expand Link Controller, and then click Links. The main link screen opens. 2. Click the Create button. The New Link screen opens. 3. In the Name box, type a name for the link. 4. In the Router Address box, type the IP address of the router. For this example, type

75 Bandwidth Load Balancing 5. In the Uplink Address box, type the IP address that corresponds with the external Internet connection. In this case, type In the Service Provider box, type the name of the ISP provider. For this example, select Global ISP. 7. From the Configuration list, select Advanced. An additional set of configuration options open. 8. In the Traffic Limits section, select Up To from the Total list, and then type Click the Create button to save your changes. Now, you can repeat these steps for a second link. In this example create the link with the following information: In the Router Address option, type In the Uplink Address option, type In the Service Provider option, type Region ISP In the Traffic Limits option, select Up To from the Total list, and then type With the links in place, you can create the default gateway pool. Creating the default gateway pool for bandwidth load balancing After you have added and configured the links as described in Configuring the links, on page 8-2, the next step in implementing bandwidth load balancing is to create the default gateway pool that will load balance the traffic across the links. To create a default gateway pool for bandwidth load balancing 1. On the Main tab of the navigation pane, expand Local Traffic and then click Pools. The main pools screen appears. 2. Click the Create button. The New Pool screen appears. 3. In the Name box, type the name of the pool. For this example, type default_gateway_pool. 4. For the New Members setting, add the IP addresses associated with each link: For Link Alpha, type the IP address of the link and click the Add button. In this example, type the IP address, BIG-IP Global Traffic Manager and Link Controller: Implementations 8-3

76 Chapter 8 For Link Beta, type the IP address of the link and click the Add button. In this example, type the IP address, Click Finished to save your changes. Implementing the default gateway pool for bandwidth load balancing After you create a default gateway pool, you must instruct the Link Controller to use the pool as the default gateway connection between the internal network and the Internet. To implement the default gateway pool for bandwidth load balancing 1. On the Main tab of the navigation pane, expand Network and then click Routes. The main routes screen opens. 2. Click the Add button. The New Route page opens. 3. From the Type list, select Default Gateway. 4. From the Resource list, select Use Pool. Another list appears, allowing you to select the pool of links. 5. Select default_gateway_pool. 6. Click Finished to save your changes. Defining the virtual servers for an additional Internet connection After you create the pools, you configure the virtual servers, one for each link that load balances inbound connections across the servers. You also configure one wildcard virtual server to load balance outbound connections across the routers. This example, the following virtual servers are available: VS for Link Alpha 1, which has an IP address of :80 and represents a single host on the network. VS for Link Alpha 2, which has an IP address of :80 and represents a single host on the network. VS for Link Beta 1, which has an IP address of :80 and also represents a single host on the network. VS for Link Beta 2, which has an IP address of :80 and also represents a single host on the network. 8-4

77 Bandwidth Load Balancing To add a virtual server for bandwidth load balancing 1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. The main screen for virtual servers appears. 2. Click the Create button. The New Virtual Server screen opens. 3. In the Name box, type the name of the virtual server. In this case, type VS for Link Alpha In the Destination section, select Host. 5. In the Service Port option, type Click the Finished button to save the new virtual server configuration. You then repeat the preceding steps for the additional virtual servers. Once the remaining virtual servers are in the configuration, you can define the wildcard virtual server. To define a wildcard virtual server for bandwidth load balancing 1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. The main screen for virtual servers appears. 2. Click the Create button. The New Virtual Server screen opens. 3. In the Name box, type the name of the virtual server. In this case, type outbound. 4. In the Destination section, type In the Service Port option, type Click the Finished button to apply your changes. Adding a wide IP for bandwidth load balancing To complete the link load balancing configuration, you must configure a wide IP for each pair of virtual servers you created for each link. Each wide IP in the configuration has a set of virtual servers to which the Link Controller load balances incoming DNS requests. The wide IP is made up of only virtual servers that the Link Controller manages. When you configure the wide IP, you also specify the load balancing methods that the Link Controller applies to the incoming DNS requests. For this example, you use the wide IP using the Global Availability as the preferred load balancing method, and None for the Alternate and Fallback methods. BIG-IP Global Traffic Manager and Link Controller: Implementations 8-5

78 Chapter 8 To add a wide IP 1. On the Main tab of the navigation pane, expand Link Controller and then click Inbound Wide IPs. The main wide IP screen opens. 2. Click the Create button. The New Wide IP screen opens. 3. In the Name box, type the URL of the wide IP. For this example, type 4. From the Load Balancing setting: Select Kilobytes/Second from the Preferred list. Select Round Robin from the Alternate list. Select Return to DNS from the Fallback list. 5. In the Virtual Server setting, add the virtual servers that you created in Defining the virtual servers for an additional Internet connection, on page Click the Finished button to save the new wide IP. At this point, you now have a Link Controller configured to manage DNS traffic for a wide IP; in this example, As data flows in and out of the network, the Link Controller monitors the total amount of bandwidth for each link. While traffic remains below 4Mbps, the Link Controller uses Link Alpha. If traffic exceeds that amount, the Link Controller sends the overflow traffic to Link Beta. And, should a link go offline for any reason, the Link Controller uses the Alternate and Fallback load balancing modes to route traffic through an available link. 8-6

79 9 Setting Up a Global Traffic Manager Redundant System Understanding Global Traffic Manager redundant systems Setting up a Global Traffic Manager redundant system

80

81 Setting Up a Global Traffic Manager Redundant System Understanding Global Traffic Manager redundant systems With the Global Traffic Manager, you manage incoming DNS traffic, forwarding that traffic to the appropriate DNS server or load balancing it to other resources on the network. Typically, a given network has several Global Traffic Managers, with at least one system installed at one of several data centers. With these systems in place, you can control the distribution of DNS traffic across your resources, monitor these resources to determine their availability, and ensure that any web-based applications have all the components necessary to operate successfully. A standard implementation of Global Traffic Managers is a high-availability, or redundant, system configuration. A redundant system is a set of two Global Traffic Managers: one operating as the active unit, the other operating as the standby unit. If the active unit goes offline, the standby unit immediately assumes responsibility for managing DNS traffic. The new active unit remains active until another event occurs that would cause the unit to go offline, or you manually reset the status of each unit. The implementation steps outlined in this chapter describe how to configure a Global Traffic Manager redundant system. This example focuses on the fictional company, SiteRequest. Table 9.1 outlines the network characteristics at SiteRequest that pertain to this implementation. Component Data Center Global Traffic Manager (Active Unit) Global Traffic Manager (Standby Unit) VLAN Characteristics Name: New York Data Center Host name: gtm1.siterequest.com Self IP address: /24 Floating IP address: (shared with second Global Traffic Manager) Host name: gtm2.siterequest.com Self IP address: /24 Floating IP address: (shared with first Global Traffic Manager) Name: dns_requests Assigned interfaces: 1.1 (untagged) Default Gateway IP address: NTP server IP address: Table 9.1 Network characteristics of SiteRequest For this example, SiteRequest already has both Global Traffic Managers connected to the network; however, they have not yet assigned their IP addresses and other configuration steps to them. BIG-IP Global Traffic Manager and Link Controller: Implementations 9-1

82 Chapter 9 Setting up a Global Traffic Manager redundant system As detailed in Understanding Global Traffic Manager redundant systems, on page 9-1, this implementation focuses on the fictional company SiteRequest. This company wants to create a Global Traffic Manager redundant system. They already have the systems installed on the network; however, they have yet to fully configure them. In this implementation, you accomplish the following tasks: Configure the redundant system settings of each Global Traffic Manager Create a VLAN Assign Self IP addresses to both systems Create a floating IP address Configure the high availability options Define an NTP server Define the default gateway Define a listener for incoming DNS traffic Run a bigpipe config sync operation Define the data center to which the Global Traffic Managers belong Define the Global Traffic Managers Enable synchronization Conduct the initial configuration synchronization between systems through the gtm_add utility Configuring the redundant system settings The first step of creating a redundant system with two Global Traffic Managers is to configure the redundant system settings. These settings define each Global Traffic Manager as part of a redundant system. You configure two different systems: the active system, which is initially online, and the standby system, which comes online only when the active system goes offline. Note You can also complete the following steps by running the Setup Utility. You can access this utility through the main page of the Configuration utility of the Global Traffic Manager. 9-2

83 Setting Up a Global Traffic Manager Redundant System To configure redundant system settings for the active system 1. On the Main tab of the navigation pane, expand System and then click Platform. The Platform screen opens. 2. From the High Availability list, select Redundant Pair. A new option, Unit ID, displays on the screen. 3. From the Unit ID list, select Click the Update button to save your changes. To configure redundant system settings for the second system 1. On the Main tab of the navigation pane, expand System and then click Platform. The Platform screen opens. 2. From the High Availability list, select Redundant Pair. A new option, Unit ID, displays on the screen. 3. From the Unit ID list, select Click the Update button to save your changes. Creating a VLAN The next step in this implementation requires you to set up a VLAN. This VLAN encompasses the IP addresses associated with the Global Traffic Managers and the other network components that help manage DNS traffic. You must apply the following procedure to both the active and standby systems. To create a VLAN 1. On the Main tab of the navigation pane, expand Network and then click VLANs. The main VLANs screen opens. 2. Click the Create button. The Create VLAN screen opens. 3. In the Name box, type dns_requests. 4. For the Interfaces setting, use the Move buttons to assign the interface 1.1 to the Untagged list. 5. Click the Finished button to save your changes. BIG-IP Global Traffic Manager and Link Controller: Implementations 9-3

84 Chapter 9 Assigning self IP addresses With a VLAN in place, you can now assign self IP addresses to each Global Traffic Manager. These self IP addresses identify the Global Traffic Manager on the network. You must apply the following procedure to both the active and standby systems. To assign self IP addresses 1. On the Main tab of the navigation pane, expand Network and then click Self IPs. The main self IP address screen opens. 2. Click the Create button. The Create Self IP Addresses screen opens. 3. In the IP address box, type the IP address of the system. For this example, type one of the following: For gtm1.siterequest.com, type For gtm2.siterequest.com, type In the Netmask box, type the appropriate net mask. For this example, Click the Finished button to save your changes. Creating a floating IP address In a redundant system, both Global Traffic Managers share a common IP address called a floating IP address. A floating IP address is an IP address that represents both the active and standby units in a redundant system.to the rest of the network, this floating IP address represents the active Global Traffic Manager. If the primary unit goes offline, the secondary unit takes over traffic destined for the floating IP address. This setup ensures that DNS traffic flows smoothly even in the event a fail-over occurs. For these steps, you need only configure the active system. The settings you create are transferred to the standby system during a synchronization that you initiate later in this process. To create a floating IP address 1. On the Main tab of the navigation pane, expand Network and then click Self IPs. The main self IP address screen opens. 2. Click the Create button. The Create Self IP Addresses screen opens. 3. In the IP address box, type the IP address of the system. For this example, type

85 Setting Up a Global Traffic Manager Redundant System 4. In the Netmask box, type the appropriate net mask. For this example, Check the Floating IP option. 6. Click the Finished button to save your changes. Configuring the high availability options Many of the options associated with creating a redundant system reside in the High Availability section of the Configuration utility. These options include the IP addresses of each system, the type of redundant system, and other options. You must apply the following procedure to both the active and standby systems. To configure high availability options 1. On the Main tab of the navigation pane, expand System and then click High Availability. The High Availability screen opens. 2. In the Primary Failover Address option, type the following: In the Self box, type the IP address of the system you are currently configuring. In this example, type In the Peer box, type the IP address of the system that makes up the second part of this redundant system. For this example, type Note In this example, for the gtm2.siterequest.com, reverse the location of these two IP addresses. Defining an NTP server The next step of this process requires you to define an NTP server that both Global Traffic Managers use during synchronization options. This step is important because it determines a common time value for both systems. During file synchronizations, the systems use this time value to see if any newer configuration files exist. To define an NTP server 1. On the Main tab of the navigation pane, expand System and then click General Properties. The General properties screen appears. BIG-IP Global Traffic Manager and Link Controller: Implementations 9-5

86 Chapter 9 2. From the Device menu, choose NTP. The NTP screen appears. 3. In the Address box, type the IP address of the NTP server. In this example, Click the Add button to add the NTP server to your configuration. The time server appears as an entry in the Time Server List. 5. Click the Update button to save your changes. Defining the default gateway route Another task you must accomplish is defining the default gateway route for network traffic. The Global Traffic Manager uses this route to send and receive network traffic. To define the default route 1. On the Main tab of the navigation pane, expand Network and then click Routes. The main routes screen opens. 2. Click the Add button. The New Route screen opens. 3. From the Type list, select Default Gateway. 4. From the Resource option, select Use Gateway and then type the IP address of default gateway. In this example, type Click the Finished button. Defining a listener The Global Traffic Manager employs a listener to identify the DNS traffic for which it is responsible. In this implementation, you need to create a listener that corresponds to the floating IP address shared between the two Global Traffic Managers. For these steps, you need only configure the active system. The settings you create are transferred to the standby system during a synchronization that you initiate later in this process. To configure the listener 1. On the Main tab of the navigation pane, expand Global Traffic and then click Listeners. The main listeners screen opens. 2. Click the Create button. The new listener screen opens. 9-6

87 Setting Up a Global Traffic Manager Redundant System 3. In the Destination box, type the IP address on which the system will listen for traffic. In this example, type From the VLAN Traffic list, select All VLANs. 5. Click the Finished button to save the new listener. Running a config sync operation If you are familiar with Global Traffic Manager, you might be familiar with its synchronization feature. This feature ensures that all Global Traffic Managers share the same information on wide IPs, pools, and other network configurations associated with DNS traffic management. For a redundant system, you must employ an additional synchronization option to share the self IP address, default route, and other information you configured on the active system with the standby system. To run a config sync operation 1. On the Main tab of the navigation pane, expand System and then click High Availability. The High Availability screen opens. 2. On the menu bar, click Config Sync. The Config Sync screen opens. 3. Click the Synchronize TO Peer button to start the configuration synchronization process. The system proceeds to synchronize settings to the standby Global Traffic Manager; In this example, gtm1.siterequest.com. After the process completes, a screen appears informing you of the settings transferred to the standby unit. 4. Click the OK button to exit the Config Sync screen. Defining a data center The next task is to define the data centers in the Global Traffic Manager. Data centers are important entities within the Global Traffic Manager; you cannot add other entities, such as server, without them. For these steps, you need only configure the active system. The settings you create are transferred to the standby system during a synchronization that you initiate later in this process. To define a data center 1. On the Main tab of the navigation pane, expand Global Traffic and then click Data Centers. The main screen for data centers opens. BIG-IP Global Traffic Manager and Link Controller: Implementations 9-7

88 Chapter 9 2. Click the Create button. The New Data Center screen opens. 3. In the Name box, type the name of the data center. In this example, type New York Data Center. 4. In the Location box, type the location of the data center. For this example, type New York, NY. 5. From the State option, select Enabled. 6. Click the Finished button to save the new data center. Defining the Global Traffic Managers At installation, a Global Traffic Manager has no knowledge of itself. To have the Global Traffic Manager communicate and operate with other systems, you must define it within the user interface. For this example, you need to define both gtm1.siterequest.com and gtm2.siterequest.com. For these steps, you need only configure the active system. The settings you create are transferred to the standby system during a synchronization that you initiate later in this process. To define the Global Traffic Manager 1. On the Main tab of the navigation pane, expand Global Traffic and then click Servers. The main screen for servers opens. 2. Click the Create button. The New Server screen opens. 3. In the Name box, type the name of the system. In this example, type gtm1.siterequest.com. 4. From the Product list, select BIG-IP System (Redundant). 5. For the Address List setting, complete the following tasks: In the Address box, type the IP address of the system. In this example, type Click the Add button. 6. For the Peer Address List setting, complete the following tasks: In the Address box, type the IP address of the second system. For this example, type Click the Add button. 7. From the Data Center list, select a data center. In this example, select New York Data Center. 8. From the Virtual Server Discovery list, select Disabled. 9. Click the Create button to create the server object that defines the BIG-IP redundant systems. 9-8

89 Setting Up a Global Traffic Manager Redundant System You now repeat these steps on the second Global Traffic Manager, reversing the IP addresses in the Address List and Peer Address List options. In this example, you repeat these steps for the gtm2.siterequest.com system. Enabling synchronization For the next step, you need to enable the synchronization options and assign an appropriate name for the synchronization group. For this solution, the synchronization group name is North America. For these steps, you need only configure the active system. The settings you create are transferred to the standby system during a synchronization that you initiate later in this process. To enable synchronization 1. On the Main tab of the navigation pane, expand System and then click General Properties. The General properties screen opens. 2. From the Global Traffic menu, choose General. The general global properties screen opens. 3. Check the Synchronization check box. 4. Check the Synchronize DNS Zone Files check box. 5. In the Synchronization Group Name box, type the name of the synchronization group. In this example, type North America. 6. Click the Update button to save your changes. Running the gtm_add script Next, you need to have the two systems share the same configuration. (For this example, that means you need to have the Global Traffic Manager in Los Angeles acquire the configurations established at the New York data center.) You must do this before you attempt to synchronize these systems; otherwise, you run the risk of having the new Global Traffic Manager, which is unconfigured, replace the configuration of older systems. To acquire the configuration files, you run the gtm_add script. Note You must run the gtm_add script from the currently unconfigured Global Traffic Manager. BIG-IP Global Traffic Manager and Link Controller: Implementations 9-9

90 Chapter 9 To run the gtm_add script 1. Log into the unconfigured Global Traffic Manager. In this example, log into gtn2.siterequest.com. 2. At the command prompt, type gtm_add. A prompt appears, describing what the gtm_add script does and asking if you are sure you want to run the process. 3. Press the y key to start the gtm_add script. The script then prompts you for the IP address of the system from which you want to acquire configuration settings. 4. Type the IP address of the configured Global Traffic Manager. For this example, type Press Enter. The gtm_add process begins, acquiring configuration data from the active Global Traffic Manager; In this example gtn1.sitequrest.com. Once the process completes, you have successfully created a redundant system consisting of two Global Traffic Managers. 9-10

91 10 Setting Up a Link Controller Redundant System Understanding Link Controller redundant systems Setting up a Link Controller redundant system

92

93 Setting Up a Link Controller Redundant System Understanding Link Controller redundant systems With the Link Controller, you manage incoming and outgoing network traffic, routing that traffic to the appropriate Internet links or destination server. Additionally, you can monitor network resources to determine their availability, and ensure that outgoing traffic is directed to the most efficient and cost-effective link. A standard implementation of Link Controllers is a high-availability, or redundant, system configuration. A redundant system is a set of two Link Controllers: one operating as the active unit, the other operating as the standby unit. If the active unit goes offline, the standby unit immediately assumes responsibility for managing traffic. The new active unit remains active until another event occurs that would cause the unit to go offline, or you manually reset the status of each unit. The implementation steps outlined in this chapter describe how to configure a Link Controller redundant system. This example focuses on the fictional company, SiteRequest. The following tables detail the network characteristics at SiteRequest that pertain to this example. First, the following table outlines the basic characteristics of each Link Controller. Name lc1.siterequest.com lc2.siterequest.com Characteristics Self IP address on link1 VLAN Self IP address on link2 VLAN Self IP address on internal VLAN Floating IP address on link1 VLAN Floating IP address on link2 VLAN Floating IP address on internal VLAN Self IP address on link1 VLAN Self IP address on link2 VLAN Self IP address on internal VLAN Floating IP address on link1 VLAN Floating IP address on link2 VLAN Floating IP address on internal VLAN Table 10.1 Link Controller characteristics for the example BIG-IP Global Traffic Manager and Link Controller: Implementations 10-1

94 Chapter 10 Next, the following information applies to the two links that the example network uses. Name Characteristics link1 IP address: link2 IP address: Table 10.2 Link characteristics for the example In addition, this implementation example includes the following VLANS. Name VLAN 1 VLAN 2 VLAN 3 Characteristics Assigned interfaces: 1.1 (untagged) Role: Communication between network and the first link Assigned interfaces: 1.2 (untagged) Role: Communication between network and the second link Assigned interface: 1.3 (untagged) Role: Communication between Link Controllers and rest of internal network. Default Gateway IP address: NTP server IP address: Table 10.3 VLAN characteristics for the example Last, there are several other network characteristics that play an important role in a redundant system. Component Characteristics NTP server IP address: Default Gateway Pool Name: gw_pool IP addresses: and Table 10.4 Other system settings for the example For this example, SiteRequest already has both Link Controllers connected to the network, and has access to them through the corresponding management ports. 10-2

95 Setting Up a Link Controller Redundant System Setting up a Link Controller redundant system As detailed in Understanding Link Controller redundant systems, on page 10-1, this implementation focuses on the fictional company SiteRequest. This company wants to create a Link Controller redundant system. To use this implementation, you should already have the systems installed on the network; however, you have yet to fully configure them. The tasks you must complete to create a Link Controller redundant system are: Configure the redundant system settings of each Link Controller Create VLANs Assign self IP addresses to both systems Create a floating IP address that will be shared between the systems Configure the high availability options Define the NTP server Define the default gateway route Define a listener for incoming DNS traffic Run a bigpipe config sync operation Enable synchronization Add links Conduct the initial configuration synchronization between systems through the gtm_add utility Configuring the redundant system settings The first step of creating a redundant system with two Link Controllers is to configure the redundant system settings. These settings define each Link Controller as part of a redundant system. To configure redundant system settings for the active Link Controller 1. On the Main tab of the navigation pane, expand System and then click Platform. The Platform screen opens. 2. From the High Availability list, select Redundant Pair. A new option, Unit ID, displays on the screen. 3. From the Unit ID list, select Click the Update button to save your changes. BIG-IP Global Traffic Manager and Link Controller: Implementations 10-3

96 Chapter 10 To configure redundant system settings for the standby Link Controller 1. On the Main tab of the navigation pane, expand System and then click Platform. The Platform screen opens. 2. From the High Availability list, select Redundant Pair. A new option, Unit ID, displays on the screen. 3. From the Unit ID list, select Click the Update button to save your changes. Creating VLANs for Link Controller redundant systems The next step in this implementation requires you to set up several VLANs. These VLANs encompass the IP addresses associated with the Link Controllers and the other network components that help manage DNS traffic. For the purposes of this example, you will create three VLANs: link1, which will contain traffic between the Link Controllers and the Link1 router link2, which will contain traffic between the Link Controllers and the Link2 router internal, for communication between the two Link Controllers and the rest of the internal network You must apply the following procedure to both the active and standby systems. To create the first VLAN 1. On the Main tab of the navigation pane, expand Network and then click VLANs. The main VLANs screen opens. 2. Click the Create button. The Create VLAN screen opens. 3. In the Name box, type the name of the first VLAN. For this example, type link1. 4. In the Interfaces option, use the Move buttons to assign the interface 1.1 to the Untagged list. 5. Click the Finished button to save your changes. To create the second VLAN 1. On the Main tab of the navigation pane, expand Network and then click VLANs. The main VLANs screen opens. 10-4

97 Setting Up a Link Controller Redundant System 2. Click the Create button. The Create VLAN screen opens. 3. In the Name box, type the name of the second VLAN. For this example, type link2. 4. In the Interfaces option, use the Move buttons to assign the interface 1.2 to the Untagged list. 5. Click the Finished button to save your changes. To create the internal VLAN 1. On the Main tab of the navigation pane, expand Network and then click VLANs. The main VLANs screen opens. 2. Click the Create button. The Create VLAN screen opens. 3. In the Name box, type the name of the internal VLAN. For this example, type internal. 4. In the Interfaces option, use the Move buttons to assign the interface 1.3 to the Untagged list. 5. Click the Finished button to save your changes. Assigning self IP addresses With a VLAN in place, you can now assign self IP addresses to each Link Controller. These self IP addresses identify the Link Controller on a per VLAN basis. For this example, on the link1 VLAN, the Link Controller lc1.siterequest.com uses the self IP address of On the link2 VLAN, the same Link Controller uses the self IP address of Following this pattern, you need to create three self IP addresses for each Link Controller, with each self IP address belonging to either the link1, link2, or internal VLAN. You must apply the following procedure to both the active and standby systems. To assign self IP addresses to the first VLAN 1. On the Main tab of the navigation pane, expand Network and then click Self IPs. The main self IP address screen opens. 2. Click the Create button. The Create Self IP Addresses screen opens. BIG-IP Global Traffic Manager and Link Controller: Implementations 10-5

98 Chapter In the IP address box, type the self IP address for the system that applies to the VLAN. For this example, type one of the following: If you are configuring lc1.siterequest.com, type If you are configuring lc2.siterequest.com, type In the Netmask box, type the subnet mask that applies to this IP address. For this example, type From the VLAN list, select the appropriate VLAN. In this example, select link1. 6. Click the Finished button to save your changes. To assign self IP addresses to the second VLAN 1. On the Main tab of the navigation pane, expand Network and then click Self IPs. The main self IP address screen opens. 2. Click the Create button. The Create Self IP Addresses screen opens. 3. In the IP address box, type the self IP address for the system that applies to the VLAN. For this example, type one of the following: If you are configuring lc1.siterequest.com, type If you are configuring lc2.siterequest.com, type In the Netmask box, type the subnet mask that applies to this IP address. For this example, type From the VLAN list, select the appropriate VLAN. In this example, select link2. 6. Click the Finished button to save your changes. To assign self IP addresses to the internal VLAN 1. On the Main tab of the navigation pane, expand Network and then click Self IPs. The main self IP address screen opens. 2. Click the Create button. The Create Self IP Addresses screen opens. 3. In the IP address box, type the self IP address for the system that applies to the VLAN. For this example, type one of the following: 10-6

99 Setting Up a Link Controller Redundant System If you are configuring lc1.siterequest.com, type If you are configuring lc2.siterequest.com, type In the Netmask box, type the subnet mask that applies to this IP address. For this example, type From the VLAN list, select the appropriate VLAN. In this example, select internal. 6. Click the Finished button to save your changes. Creating a floating IP address In a redundant system, both Link Controllers share common IP addresses called floating IP addresses. To the rest of the network, this floating IP address represents the active Link Controller. If the primary unit goes offline, the secondary unit takes over traffic destined for the floating IP address. This setup ensures that network traffic flows smoothly in the event a fail-over occurs. Typically, each unit in a redundant system shares a floating IP address for each VLAN on which the redundant system operates. In this example, you need to create three floating IP addresses. These IP addresses represent the two Link Controllers on the link1, link2, and internal VLANs. For these steps, you need only configure the active system. The settings you establish on this system are transferred to the standby system during a synchronization that you initiate later in this process. To create a floating IP address for the first VLAN 1. On the Main tab of the navigation pane, expand Network and then click Self IPs. The main self IP address screen opens. 2. Click the Create button. The Create Self IP Addresses screen opens. 3. In the IP address box, type the floating IP address that is shared between both units. In this example, type In the Netmask box, type the subnet mask that applies to the floating IP address. For this example, type Check the Floating IP option. 6. Click the Finished button to save your changes. BIG-IP Global Traffic Manager and Link Controller: Implementations 10-7

100 Chapter 10 To create a floating IP address for the second VLAN 1. On the Main tab of the navigation pane, expand Network and then click Self IPs. The main self IP address screen opens. 2. Click the Create button. The Create Self IP Addresses screen opens. 3. In the IP address box, type the floating IP address that is shared between both units. In this example, type In the Netmask box, type the subnet mask that applies to the floating IP address. For this example, type Check the Floating IP option. 6. Click the Finished button to save your changes. To create a floating IP address for the internal VLAN 1. On the Main tab of the navigation pane, expand Network and then click Self IPs. The main self IP address screen opens. 2. Click the Create button. The Create Self IP Addresses screen opens. 3. In the IP address box, type the floating IP address that is shared between both units. For this example, type In the Netmask box, type the subnet mask that applies to the floating IP address. In this example, type Check the Floating IP option. 6. Click the Finished button to save your changes. Configuring the high availability options Many of the options associated with creating a redundant system reside in the High Availability section of the Configuration utility. These options include the IP addresses of each system, the type of redundant system, and other options. You must apply the following procedure to both the active and standby systems. 10-8

101 Setting Up a Link Controller Redundant System To configure high availability options 1. On the Main tab of the navigation pane, expand System and then click High Availability. The High Availability screen opens. 2. In the Primary Failover Address option, type the IP address of the active and standby systems. For this example, type following: In the Self box, type In the Peer box, type Click the Update button to save your changes. Note For the standby system, reverse the location of these two IP addresses. Optionally, you can define a set of secondary failover IP addresses. In this implementation, the secondary failover addresses can be the self IP addresses the Link Controllers use to communicate with link1 or link2. Defining an NTP server The next step of this process requires defining an NTP server that both Link Controllers use during synchronization options. This step is important because it determines a common time value for both systems. During file synchronizations, the systems use this time value to see if any newer configuration files exist. You must apply the following procedure to both the active and standby systems. To define an NTP server 1. On the Main tab of the navigation pane, expand System and then click General Properties. The general properties screen appears. 2. From the Device menu, choose NTP. The NTP screen appears. 3. In the Address box, type the IP address of the NTP server you want to use. In this example, type Click the Add button to add the NTP server to your configuration. The time server appears as an entry in the Time Server List. 5. Click the Update button to save your changes. BIG-IP Global Traffic Manager and Link Controller: Implementations 10-9

102 Chapter 10 Defining the default gateway route Another task you must accomplish is defining the default gateway for network traffic. (In this implementation, the default gateway is a pool containing the IP addresses that correspond to the link1 and link2 links.) Once you create this pool, you can create a default route within the Link Controllers. You must apply the following procedure to both the active and standby systems. To create a default gateway pool 1. On the Main tab of the navigation pane, expand Local Traffic and then click Pools. The main pools screen opens. 2. Click the Create button. The New Pool screen opens. 3. In the Name box, type the name of the default gateway pool. For this example, type gw_pool. 4. In the Health Monitors setting, use the Move buttons to add gateway_icmp to the Active list. 5. From the Load Balancing Method list, select Dynamic Ratio (node). 6. In the New Members setting, add the IP address of each link. For this example type the following: IP address , selecting All Services from the Service Port list. This IP address represents the link1 link. IP Address , selecting All Services from the Service Port list. This IP address represents the link2 link. Note: You must click the Add button to add the resource to the pool. 7. Click the Finished button to save your changes. To define the default route 1. On the Main tab of the navigation pane, expand Network and then click Routes. The main Routes screen opens. 2. Click the Add button. The New Route screen opens. 3. From the Type list, select Default Gateway. 4. From the Resource list, select Use Pool and then select the name of the default gateway pool. In this example, select gw_pool from the list. 5. Click the Finished button

103 Setting Up a Link Controller Redundant System Defining a listener The Link Controller employs a listener to identify the traffic for which it is responsible. In this implementation, you need to create a listener that corresponds to the floating IP address shared between the two systems. For these steps, you need only configure the active system. The settings you establish on this system are transferred to the standby system during a synchronization that you initiate later in this process. To configure the listener 1. On the Main tab in the navigation pane, expand Global Traffic and then click Listeners. The main listeners screen opens. 2. Click the Create button. The new listener screen opens. 3. In the Destination box, type the IP address on which the system listens for network traffic. For this example type From the VLAN Traffic list, select All VLANs. 5. Click the Finished button to save the new listener. Running a config sync operation For a redundant system, you must employ an additional synchronization option to share the self IP address, default route, and other information you configured on both the active and standby systems. Note For the following steps, ensure that you are working with the active Link Controller system. To run a config sync operation 1. On the Main tab of the navigation pane, expand System and then click High Availability. The High Availability screen opens. 2. On the menu bar, click Config Sync. The Config Sync screen opens. 3. Click the Synchronize TO Peer button to start the configuration synchronization process. The system proceeds to synchronize settings to the standby Link Controller; In this example, lc2.siterequest.com. After the process completes, a screen appears informing you of the settings transferred to the standby unit. 4. Click the OK button to exit the Config Sync screen. BIG-IP Global Traffic Manager and Link Controller: Implementations 10-11

104 Chapter 10 Enabling synchronization For the next step, you need to enable the synchronization options and assign an appropriate name for the synchronization group. For this implementation example, the synchronization group name is Link Controller Group A. For these steps, you need only configure the active system. The settings you establish on this system are transferred to the standby system during a synchronization that you initiate later in this process. To enable synchronization 1. On the Main tab of the navigation pane, expand System and then click General Properties. The general properties screen opens. 2. From the Global Traffic menu, choose General. The general global properties screen opens. 3. Check the Synchronization check box. 4. Check the Synchronize DNS Zone Files check box. 5. In the Synchronization Group Name box, type the name of the synchronization group. In this example, type Link Controller Group A. 6. Click the Update button to save your changes. Adding links The next task you must complete is adding the link objects that represent the two Internet connections. Each Link Controller configuration must contain at least two links for the system to load balance network traffic. For these steps, you need only configure the active system. The settings you establish on this system are transferred to the standby system during a synchronization that you initiate later in this process. To add a link 1. On the Main tab of the navigation pane, expand Link Controller, and then click Links. The main link screen opens. 2. Click the Create button. The New Link screen opens. 3. In the Name box, type the name of the link. For this example, type link1. 4. In the Router Address box, type the IP address of the link. In this example, type

105 Setting Up a Link Controller Redundant System 5. In the Health Monitors option, use the Move buttons to add the bigip_link monitor to the Enabled list. 6. Click the Finish button to save your changes. You must now repeat the preceding steps to define the second link. In this example, you must define link2 on the Link Controller, using the name link2 and the router address Running the gtm_add script Next, you need to have the two units share the same configuration. For this implementation, that means you need to have the standby Link Controller acquire the configurations established at the active Link Controller. You must do this before you attempt to synchronize these systems; otherwise, you run the risk of having the new Link Controller, which is unconfigured, replace the configuration of older systems. To acquire the configuration files, you run the gtm_add script. Note You must run the gtm_add script from the currently unconfigured Link Controller. To run the gtm_add script 1. Log in to the standby system. In this example, log into lc2.siterequest.com. 2. At the command prompt, type gtm_add. A prompt appears, describing what the gtm_add script does and asking if you are sure you want to run the process. 3. Press the y key to start the gtm_add script. The script then prompts you for the IP address of the system from which you want to acquire configuration settings. 4. Type the IP address of the active system. For this example, type Press Enter. The gtm_add process begins, acquiring configuration data from the active Link Controller (in this example lc1.sitequrest.com). Once the process completes, you have successfully created a redundant system consisting of two Link Controllers. BIG-IP Global Traffic Manager and Link Controller: Implementations 10-13

106 Chapter

107 Glossary

108

109 Glossary A record The A record is the ADDRESS resource record that a Global Traffic Manager returns to a local DNS server in response to a name resolution request. The A record contains a variety of information, including one or more IP addresses that resolve to the requested domain name active unit In a redundant system, the active unit is the system that currently load balances connections. If the active unit in the redundant system fails, the standby unit assumes control and begins to load balance connections. See also redundant system. alternate method The alternate method specifies the second load balancing mode that the Global Traffic Manager uses to load balance a resolution request. See also preferred method, fallback method. big3d agent The big3d agent is a monitoring agent that collects metrics information about server performance and network paths between a data center and a specific local DNS server. The Global Traffic Manager uses the information collected by the big3d agent for dynamic load balancing. BIND (Berkeley Internet Name Domain) BIND is the most common implementation of the Domain Name System (DNS). BIND provides a system for matching domain names to IP addresses. For more information, refer to certificate A certificate is an online credential signed by a trusted certificate authority and used for SSL network traffic as a method of authentication. CNAME record A canonical name (CNAME) record acts as an alias to another domain name. A canonical name and its alias can belong to different zones, so the CNAME record must always be entered as a fully qualified domain name. CNAME records are useful for setting up logical names for network services so that they can be easily relocated to different physical hosts. Configuration utility The Configuration utility is the browser-based application that you use to configure the BIG-IP system. data center A data center is a physical location that houses one or more Global Traffic Managers, BIG-IP systems, or host machines. BIG-IP Global Traffic Manager and Link Controller: Implementations Glossary - 1

110 Glossary default wildcard virtual server A default wildcard virtual server has an IP address and port number of :0. or *:* or "any":"any". This virtual server accepts all traffic that does not match any other virtual server defined in the configuration. See also wildcard virtual server. domain name A domain name is a unique name that is associated with one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL the domain name is siterequest.com. Dynamic Ratio load balancing method Dynamic Ratio mode is like Ratio mode (see Ratio method), except that ratio weights are based on continuous monitoring of the servers and are therefore continually changing. Dynamic Ratio load balancing can be implemented on RealNetworks RealServer platforms, on Microsoft Windows platforms equipped with Windows Management Instrumentation (WMI), or on a server equipped with either the UC Davis SNMP agent or Windows 2000 Server SNMP agent. EAV (Extended Application Verification) EAV is a health check that verifies an application on a node by running that application remotely. EAV health check is only one of the three types of health checks available on an Link Controller. See also health check, health monitor, and external monitor. ECV (Extended Content Verification) ECV is a health check that allows you to determine if a node is up or down based on whether the node returns specific content. ECV health check is only one of the three types of health checks available on an Link Controller. See also health check. external authentication External authentication refers to the process of using a remote server to store data for the purpose of authenticating users or applications attempting to access the Link Controller. external monitor An external monitor is a user-supplied health monitor. See also health check, health monitor. external VLAN The external VLAN is a default VLAN on the BIG-IP system. In a basic configuration, this VLAN has the administration ports locked down. In a normal configuration, this is typically a VLAN on which external clients request connections to internal servers. See also VLAN. Glossary - 2

111 Glossary fail-over fail-over pair fallback method floating IP address health check health monitor interface internal VLAN iquery Fail-over is the process whereby a standby unit in a redundant system takes over when a software failure or a hardware failure is detected on the active unit. See redundant system. The fallback method is the third method in a load balancing hierarchy that the Global Traffic Manager uses to load balance a resolution request. The Global Traffic Manager uses the fallback method only when the load balancing modes specified for the preferred and alternate methods fail. Unlike the preferred method and the alternate method, the fallback method uses neither server nor virtual server availability for load balancing calculations. See also preferred method, alternate method. A floating self IP address is an additional self IP address for a VLAN that serves as a shared address by both units of a BIG-IP redundant system. A health check is a Link Controller feature that determines whether a node is up or down. Health checks are implemented through health monitors. See also EAV, ECV, external monitor, and health monitor. A health monitor checks a node to see if it is up and functioning for a given service. If the node fails the check, it is marked down. Different monitors exist for checking different services. See also health check, EAV, ECV, and external monitor. The physical port on a BIG-IP system is called an interface. The internal VLAN is a default VLAN on the BIG-IP system. In a basic configuration, this VLAN has the administration ports open. In a normal configuration, this is a network interface that handles connections from internal servers. The iquery protocol is used to exchange information between Global Traffic Managers and BIG-IP systems. The iquery protocol is officially registered with IANA for port 4353, and works on UDP and TCP connections. BIG-IP Global Traffic Manager and Link Controller: Implementations Glossary - 3

112 Glossary irule An irule is a user-written script that controls the behavior of a connection passing through the Link Controller. irules are an F5 Networks feature and are frequently used to direct certain connections to a non-default load balancing pool. However, irules can perform other tasks, such as implementing secure network address translation and enabling session persistence. link load balancing Link load balancing is defined as managing traffic across multiple Internet or wide-area network (WAN) gateways. load balancing method A particular method of determining how to distribute connections across a load balancing pool. load balancing pool See pool. local DNS A local DNS is a server that makes name resolution requests on behalf of a client. With respect to the Global Traffic Manager, local DNS servers are the source of name resolution requests. Local DNS is also referred to as LDNS. local traffic management (LTM) Local traffic management (LTM) is the process of managing network traffic that comes into or goes out of a local area network (LAN), including an intranet. member Member is a reference to a node when it is included in a particular load balancing pool. Pools typically include multiple member nodes. monitor The Link Controller uses monitors to determine whether nodes are up or down. There are several different types of monitors and they use various methods to determine the status of a server or service. name resolution Name resolution is the process by which a name server matches a domain name request to an IP address, and sends the information to the client requesting the resolution. Glossary - 4

113 Glossary name server A name server is a server that maintains a DNS database, and resolves domain name requests to IP addresses using that database. named The named daemon manages domain name server software. Network Time Protocol (NTP) Network Time Protocol functions over the Internet to synchronize system clocks to Universal Coordinated Time. NTP provides a mechanism to set and maintain clock synchronization within milliseconds. NS record A name server (NS) record is used to define a set of authoritative name servers for a DNS zone. A name server is considered authoritative for some given zone when it has a complete set of data for the zone, allowing it to answer queries about the zone on its own, without needing to consult another name server. pool A pool is composed of a group of network devices (called members). The Link Controller load balances requests to the nodes within a pool based on the load balancing method and persistence method you choose when you create the pool or edit its properties. pool member A pool member is a server that is a member of a load balancing pool. port A port can be represented by a number that is associated with a specific service supported by a host. Refer to the Services and Port Index for a list of port numbers and corresponding services. preferred method The preferred method specifies the first load balancing mode that the Global Traffic Manager uses to load balance a resolution request. See also alternate method, fallback method. ratio A ratio is a parameter that assigns a weight to a virtual server for load balancing purposes. BIG-IP Global Traffic Manager and Link Controller: Implementations Glossary - 5

114 Glossary redundant system resource record secondary DNS self IP address service Setup utility SSL (Secure Sockets Layer) standby unit subdomain synchronization group Redundant system refers to a pair of units that are configured for fail-over. In a redundant system, there are two units, one running as the active unit and one running as the standby unit. If the active unit fails, the standby unit takes over and manages connection requests. A resource record is a record in a DNS database that stores data associated with domain names. A resource record typically includes a domain name, a TTL, a record type, and data specific to that record type. See also A record, CNAME record, NS record. The secondary DNS is a name server that retrieves DNS data from the name server that is authoritative for the DNS zone. Self IP addresses are the IP addresses owned by the BIG-IP system that you use to access the internal and external VLANs. Service refers to services such as TCP, UDP, HTTP, and FTP. The Setup utility walks you through the initial system configuration process. You can run the Setup utility from the Configuration utility start page. SSL is a network communications protocol that uses public-key technology as a way to transmit data in a secure manner. A standby unit in a redundant system is a unit that is always prepared to become the active unit if the active unit fails. A subdomain is a sub-section of a higher level domain. For example,.com is a high level domain, and F5.com is a subdomain within the.com domain. A synchronization group is a group of Global Traffic Managers that synchronize system configurations and zone files (if applicable). All synchronization group members receive broadcasts of metrics data from the big3d agents throughout the network. All synchronization group members also receive broadcasts of updated configuration settings from the Global Traffic Manager that has the latest configuration changes. Glossary - 6

115 Glossary virtual server VLAN wildcard virtual server zone zone file Virtual servers are a specific combination of virtual address and virtual port, associated with a content site that is managed by an Link Controller or other type of host server. VLAN stands for virtual local area network. A VLAN is a logical grouping of network devices. You can use a VLAN to logically group devices that are on different network segments. A wildcard virtual server is a virtual server that uses an IP address of , * or "any". A wildcard virtual server accepts connection requests for destinations outside of the local network. Wildcard virtual servers are included only in Transparent Node Mode configurations. See also default wildcard virtual server. In DNS terms, a zone is a subset of DNS records for one or more domains. In DNS terms, a zone file is a database set of domains with one or many domain names, designated mail servers, a list of other name servers that can answer resolution requests, and a set of zone attributes, which are contained in an SOA record. BIG-IP Global Traffic Manager and Link Controller: Implementations Glossary - 7

116 Glossary Glossary - 8

117 Index