Dell 3-DNS User Manual

3-DNS® Administrator Guide

version 4.5

MAN-0046-02

Product Version

Legal Notices

This manual applies to version 4.5 of 3-DNS® Controller.

Reproduction in any manner whatsoever without the written permission of Dell Computer Corporation is strictly forbidden.

Trademarks used in this text: Dell and PowerEdge are trademarks of Dell Computer Corporation.

Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own.

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable iControl user licenses. F5 reserves the right to change specifications at any time without notice.

Trademarks

F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, iControl, GLOBAL-SITE, SEE-IT, EDGE-FX, FireGuard, Internet Control Architecture, and IP Application Switch are registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other countries. All other product and company names are registered trademarks or trademarks of their respective holders. F5 trademarks may not be used in connection with any product or service except as permitted in writing by F5.

Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States.

Export Warning

This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.

FCC Compliance

This equipment generates, uses, and may emit radio frequency energy. The equipment has been type tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules, which are designed to provide reasonable protection against such radio frequency interference.

Operation of this equipment in a residential area may cause interference, in which case the user at his own expense will be required to take whatever measures may be required to correct the interference.

Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules.

Canadian Regulatory Compliance

This class A digital apparatus complies with Canadian I CES-003.

3-DNS® Administrator Guide i

Standards Compliance

The product conforms to ANSI/UL Std 1950 and Certified to CAN/CSA Std. C22.2 No. 950.

Acknowledgments

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.

This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by Charles Hannum.

This product includes software developed by Charles Hannum, by the University of Vermont and Stage Agricultural College and Garrett A. Wollman, by William F. Jolitz, and by the University of California, Berkeley, Lawrence Berkeley Laboratory, and its contributors.

This product includes software developed by the University of Vermont and State Agricultural College and Garrett A. Wollman.

In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems. "Similar operating systems" includes mainly non-profit oriented systems for research and education, including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).

In the following statement, "This software" refers to the parallel port driver: This software is a component of "386BSD" developed by William F. Jolitz, TeleMuse.

This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/).

This product includes the standard version of Perl software licensed under the Perl Artistic License (© 1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at http://www.perl.com.

This product includes software developed by Eric Young.

Rsync was written by Andrew Tridgell and Paul Mackerras, and is available under the Gnu Public License.

This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html) and licensed under the GNU General Public License.

3-DNS® Administrator Guide iii

Table of Contents

Introduction

Table of Contents

IMPORTANT HARDWARE INFORMATION ............................................................ 1-1

Getting started ................................................................................................................. 1-1

Choosing a configuration tool ................................................................................ 1-2

Browser support ...................................................................................................... 1-3

Using the Administrator Kit ........................................................................................... 1-3

\Stylistic conventions .............................................................................................. 1-4

What is the 3-DNS Controller? ....................................................................................... 1-5

Internet protocol and network management support .............................................. 1-6

Security features ..................................................................................................... 1-6

Configuration scalability ........................................................................................ 1-6

System synchronization options ............................................................................. 1-7

Configuring data collection for server status and network path data ..................... 1-7

Redundant system configurations ........................................................................... 1-8

What’s new in version 4.5 .............................................................................................. 1-9

Automatic discovery ............................................................................................... 1-9

Easy system account and password creation .......................................................... 1-9

Enhanced synchronization ...................................................................................... 1-9

Expanded statistics ................................................................................................ 1-10

Multi-homing and firewall support ....................................................................... 1-10

Security enhancements ......................................................................................... 1-10

Finding help and technical support resources ............................................................... 1-11

Planning the 3-DNS Configuration

Managing traffic on a global network ............................................................................. 2-1

Understanding a basic 3-DNS configuration .......................................................... 2-1

Synchronizing configurations and broadcasting performance metrics ................... 2-2

Using a 3-DNS Controller as a standard DNS server ............................................. 2-3

Load balancing connections across the network .................................................... 2-4

Working with 3-DNS Controllers and other products ............................................ 2-4

Planning issues for the network setup ............................................................................ 2-6

Configuring the base network ................................................................................. 2-6

Defining data centers and servers ........................................................................... 2-7

Planning a sync group ............................................................................................. 2-7

Setting up communications on a 3-DNS Controller ............................................... 2-8

Choosing the 3-DNS mode ........................................................................................... 2-10

Running a 3-DNS Controller in node mode ......................................................... 2-10

Running a 3-DNS Controller in bridge mode or router mode .............................. 2-11

Planning issues for the load balancing configuration ................................................... 2-12

Using advanced traffic control features ........................................................................ 2-12

Using the Setup Utility

Creating the initial software configuration with the Setup utility .................................. 3-1

Connecting to the 3-DNS Controller for the first time ................................................... 3-2

Running the utility from the console or serial terminal .......................................... 3-2

Running the Setup utility remotely ......................................................................... 3-2

Using the Setup utility for the first time ......................................................................... 3-5

Keyboard type ......................................................................................................... 3-5

Root password ........................................................................................................ 3-5

Host name ............................................................................................................... 3-6

Redundant system settings ...................................................................................... 3-6

3-DNS® Administrator Guide vii

Table of Contents

Post-Setup Tasks

Setting the interface media type ............................................................................. 3-7

Configuring VLANs and IP addresses ................................................................... 3-7

Configuring a default gateway pool ....................................................................... 3-8

Configuring remote web server access ................................................................... 3-8

Configuring remote administrative access .............................................................. 3-9

Setting support access ........................................................................................... 3-10

Setting the time zone ............................................................................................ 3-10

Configuring NTP support ..................................................................................... 3-10

Configuring the 3-DNS mode ............................................................................... 3-11

Configuring user authentication ........................................................................... 3-11

Configuring NameSurfer for zone file management ............................................ 3-13

Running the Setup utility after creating the initial software configuration .................. 3-14

Options available only through the Setup utility menu ........................................ 3-15

Introduction ..................................................................................................................... 4-1

Configuring the interfaces .............................................................................................. 4-2

Understanding the interface naming convention .................................................... 4-2

Displaying status for interfaces .............................................................................. 4-2

Setting the media type ............................................................................................ 4-3

Setting the duplex mode ......................................................................................... 4-3

Working with VLANs .................................................................................................... 4-4

Default VLAN configuration .................................................................................. 4-4

Creating, renaming, and deleting VLANs .............................................................. 4-5

Configuring packet access to VLANs .................................................................... 4-7

Setting up security for VLANs ............................................................................... 4-9

Setting fail-safe timeouts for VLANs ................................................................... 4-10

Setting the MAC masquerade address .................................................................. 4-11

Configuring a self IP address ........................................................................................ 4-12

Essential Configuration Tasks

Reviewing the configuration tasks .................................................................................. 5-1

Setting up a basic configuration ..................................................................................... 5-2

Setting up a data center ................................................................................................... 5-3

Setting up servers ............................................................................................................ 5-5

Defining 3-DNS Controllers ................................................................................... 5-5

Defining BIG-IP systems ........................................................................................ 5-6

Defining a BIG-IP system with the 3-DNS module ............................................... 5-7

Defining a router ..................................................................................................... 5-8

Defining EDGE-FX systems .................................................................................. 5-9

Defining host servers ............................................................................................ 5-10

Configuring host SNMP settings .......................................................................... 5-12

Working with sync groups ............................................................................................ 5-13

Configuring sync groups ....................................................................................... 5-13

Setting the time tolerance value ............................................................................ 5-14

Overview of auto-configuration .................................................................................... 5-15

Configuring global variables ....................................................................................... 5-17

viii

Configuring a Globally-Distributed Network

Understanding a globally-distributed network ............................................................... 6-1

Using Topology load balancing ...................................................................................... 6-2

Setting up a globally-distributed network configuration ................................................ 6-2

Adding data centers to the globally-distributed network configuration ................. 6-3

Adding 3-DNS Controllers to the globally-distributed network

configuration ........................................................................................................... 6-3

Adding BIG-IP systems to the globally-distributed network

configuration ........................................................................................................... 6-4

Adding wide IPs to the globally-distributed network configuration ...................... 6-5

Configuring topology records for the globally-distributed network

configuration ........................................................................................................... 6-6

Additional configuration settings and tools .................................................................... 6-7

Setting limits thresholds ......................................................................................... 6-7

Other resources ....................................................................................................... 6-8

Configuring a Content Delivery Network

Introducing the content delivery network ....................................................................... 7-1

Using the 3-DNS Controller in a CDN ................................................................... 7-1

Reviewing a sample CDN configuration ................................................................ 7-2

Deciding to use a CDN provider .................................................................................... 7-4

Setting up a CDN provider configuration ....................................................................... 7-5

Adding data centers ................................................................................................ 7-5

Adding 3-DNS Controllers ..................................................................................... 7-5

Adding load balancing servers ................................................................................ 7-6

Table of Contents

3-DNS® Administrator Guide ix

Table of Contents

Glossary

Index

Running the 3dns_add script ........................................................................................ 10-4

Verifying the configuration .......................................................................................... 10-4

Introduction

• IMPORTANT HARDWARE INFORMATION

• Getting started

• Using the Administrator Kit

• What is the 3-DNS Controller?

• What’s new in version 4.5

• Finding help and technical support resources

IMPORTANT HARDWARE INFORMATION

References to hardware and upgrades contained in this document are

specific to F5 Networks hardware products. For information concerning the

initial deployment of your system, see the Deployment Guide that was

shipped with your system. For in-depth Dell-specific hardware information,

see the server documentation that is provided on the Resource CD and that

shipped with your system if you ordered printed documentation.

References to hardware-specific features of the F5 Networks IP Application

Switch, such as the spanning tree protocol and port mirroring, are not

supported on Dell™ PowerEdge™ hardware.

Getting started

The 3-DNS Administrator Guide is designed to help you quickly install and

configure the 3-DNS

and DNS. The Administrator Guide contains the following chapters:

Controller to manage your wide-area network traffic

Introduction

◆ Planning the 3-DNS Configuration

This chapter describes the network and configuration planning you need to do before you install the 3-DNS Controller in your network.

◆ Working with the Setup Utility

This chapter describes the Setup utility and its functions. The Setup utility runs automatically the first time you turn on the 3-DNS Controller.

◆ Post-Setup Tasks

This chapter describes the base network, which includes the IP addresses, VLANs, and network interfaces on the 3-DNS Controller.

◆ Essential Configuration Tasks

This chapter describes the software configuration tasks you must complete, regardless of the type of wide-area traffic management you want to configure.

◆ Configuring a Globally Distributed Network

This chapter describes the tasks you complete to set up a globally distributed network.

◆ Configuring a Content Delivery Network

This chapter describes the tasks you complete to set up a network that includes a CDN provider.

◆ Working with Quality of Service

This chapter describes the components of the Quality of Service load balancing mode.

3-DNS® Administrator Guide 1 - 1

Chapter 1

◆ Working with Global Availability Load Balancing

This chapter describes the components of the Global Availability load balancing mode.

◆ Adding a 3-DNS Controller to an Existing Network

This chapter describes the tasks you complete to configure an additional 3-DNS Controller in a network that already contains one or more 3-DNS Controllers.

Choosing a configuration tool

The 3-DNS Controller provides several web-based and command line

administrative tools that make for easy setup and configuration. Use the

following overview to help you decide when each utility is best used.

Setup utility

The Setup utility is a wizard that walks you through the initial system setup.

The utility helps you quickly define basic system settings, such as a root

password and the IP addresses for the interfaces that connect the 3-DNS

Controller to the network. The Setup utility also helps you configure access

to the 3-DNS web server, which hosts the web-based Configuration utility,

as well as the NameSurfer™ application that you can use for DNS zone file

management.

Configuration utility

The Configuration utility is a web-based application that you use to

configure and monitor the 3-DNS Controller. Using the Configuration

utility, you can define the load balancing configuration along with the

network setup, including data centers, sync groups, and servers used for load

balancing and path probing. In addition, you can configure advanced

features such as topology settings and SNMP agents. The Configuration

utility also monitors network traffic, current connections, load balancing

statistics, performance metrics, and the operating system itself. The home

screen of the Configuration utility provides convenient access to downloads

such as the SNMP MIB, and documentation for third-party applications

such as NameSurfer.

NameSurfer application

The NameSurfer application is a third-party application that automatically

configures DNS zone files associated with domains handled by the 3-DNS

Controller. You can use NameSurfer to configure and maintain additional

DNS zone files on a 3-DNS Controller that runs as a primary DNS server.

The Configuration utility provides direct access to the NameSurfer

application, as well as the corresponding documentation for the application.

1 - 2

Please note that your license allows you to manage a maximum of 100 IP

addresses in the NameSurfer application. For more information, refer to the

end-user license agreement included in your product shipment.

3-DNS Maintenance menu

The 3-DNS Maintenance menu is a command line utility that runs scripts

which assist you in configuration and administrative tasks, such as installing

the latest version of the big3d agent on all your systems, or setting up

encrypted communications in the network. You can use the 3-DNS

Maintenance menu from a console connection, from a remote shell

connection, or from the MindTerm SSH Client in the Configuration utility.

Browser support

The Configuration utility, which provides web-based access to the 3-DNS

configuration and features, supports the following browser versions:

• Netscape Navigator 4.7

• Microsoft Internet Explorer, version 5.0 or 5.5

Introduction

Using the Administrator Kit

The 3-DNS Administrator Kit provides simple steps for quick, basic

configuration, and also provides detailed information about more advanced

features and tools, such as the 3dnsmaint command line utility. The

following printed documentation is included with the 3-DNS unit.

◆ Configuration Worksheet

This worksheet provides you with a place to plan the basic configuration for the 3-DNS Controller.

The following guides are available in PDF format from the CD-ROM

provided with the 3-DNS Controller. These guides are also available from

the home screen of the Configuration utility.

◆ Platform Guide

This guide includes information about the physical 3-DNS unit. It also contains important environmental warnings.

◆ 3-DNS Administrator Guide

The 3-DNS Administrator Guide provides examples of common wide-area load balancing solutions supported by the 3-DNS Controller. For example, you can find everything from a basic DNS request load balancing solution to a more advanced content acceleration load balancing solution. This guide also covers general network administration issues, such as installing the hardware and setting up the networking configuration.

3-DNS® Administrator Guide 1 - 3

Chapter 1

Stylistic conventions

◆ 3-DNS Reference Guide

The 3-DNS Reference Guide provides basic descriptions of individual 3-DNS objects, such as wide IPs, pools, virtual servers, load balancing modes, the big3d agent, resource records, and production rules. It also provides syntax information for 3dnsmaint commands, configuration utilities, the wideip.conf file, and system utilities.

To help you easily identify and understand certain types of information, this

documentation uses the following stylistic conventions.

All examples in this documentation use only non-routable IP addresses.

When you set up the solutions we describe, you must use IP addresses

suitable to your own network in place of our sample IP addresses.

Identifying new terms

When we first define a new term, the term is shown in bold italic text. For

example, a wide IP is a mapping of a fully-qualified domain name to a set of

virtual servers that host the domain’s content.

Identifying references to products

We refer to all products in the BIG-IP product family as the BIG-IP system.

We refer to the 3-DNS Controller and the 3-DNS module as the 3-DNS

Controller. If specific configuration information relates to a specific

platform, we note the platform.

Identifying references to objects, names, and commands

We apply bold text to a variety of items to help you easily pick them out of a

block of text. These items include web addresses, IP addresses, utility

names, and portions of commands, such as variables and keywords. For

example, the nslookup command requires that you include at least one

<ip_address> variable.

Identifying references to other documents

We use italic text to denote a reference to another document. In references

where we provide the name of a book as well as a specific chapter or section

in the book, we show the book name in bold, italic text, and the

chapter/section name in italic text to help quickly differentiate the two. For

example, you can find information about topology in the 3-DNS Reference

Guide, Chapter 3, Topology.

1 - 4

Identifying command syntax

We show actual, complete commands in bold Courier text. Note that we do

not include the corresponding screen prompt, unless the command is shown

in a figure that depicts an entire command line screen. For example, the

following command sets the 3-DNS Controller load balancing mode to

Round Robin:

lb_mode rr

Table 1.1 explains additional special conventions used in command line

syntax.

Item in text Description

Introduction

< >

[ ]

...

Continue to the next line without typing a line break.

You enter text for the enclosed item. For example, if the command has <your name>, type in your name.

Separates parts of a command.

Syntax inside the brackets is optional.

Indicates that you can type a series of items.

Table 1.1 Command line conventions used in this manual

What is the 3-DNS Controller?

A 3-DNS Controller is a network appliance that monitors the availability

and performance of global resources, and uses that information to manage

network traffic patterns. The 3-DNS Controller uses load balancing

algorithms, topology-based routing, and production rules to control and

distribute traffic according to specific policies. The system is highly

configurable, and its web-based and command line configuration utilities

allow for easy system setup and monitoring.

The 3-DNS Controller provides a variety of features that meet special needs.

For example, with this product you can:

• Configure a content delivery network with a CDN provider

• Guarantee multiple port availability for e-commerce sites

• Ensure wide-area persistence by maintaining a mapping between an local DNS server and a virtual server in a wide IP pool

• Direct local clients to local servers for globally-distributed sites using Topology load balancing

• Change the load balancing configuration according to current traffic patterns or time of day

• Customize load balancing modes

3-DNS® Administrator Guide 1 - 5

Chapter 1

• Set up load balancing among BIG-IP systems, EDGE-FX Caches, and other load-balancing hosts

• Monitor real-time network conditions

Internet protocol and network management support

The 3-DNS Controller supports both the standard DNS protocol and the 3-DNS iQuery protocol (a protocol used for collecting dynamic load balancing information). The 3-DNS Controller also supports administrative protocols, such as Simple Network Management Protocol (SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for performance monitoring and notification of system events. For administrative purposes, you can use SSH, RSH, Telnet, and FTP. The Configuration utility supports HTTPS, for secure web browser connections using SSL, as well as standard HTTP connections.

The proprietary 3-DNS SNMP agent allows you to monitor status and current traffic flow using popular network management tools. The 3-DNS SNMP agent provides detailed data such as current connections being handled by each virtual server.

Security features

The 3-DNS Controller offers a variety of security features that can help prevent hostile attacks on your site or equipment.

◆ Secure administrative connections

The 3-DNS Controller supports Secure Shell (SSH) administrative connections using the Mindterm SSH Client, for browser-based remote administration, and SSH for remote administration from the command line. The 3-DNS web server, which hosts the web-based Configuration utility, supports SSL connections as well as user authentication.

◆ Secure iQuery communications

Crypto versions of the 3-DNS Controller also support Blowfish encryption for iQuery communications between the 3-DNS Controller and other systems running the big3d agent.

◆ TCP wrappers

TCP wrappers provide an extra layer of security for network connections.

Configuration scalability

The 3-DNS Controller is a highly scalable and versatile solution. You can configure the 3-DNS Controller to manage up to several hundred domain names, including full support of domain name aliases. The 3-DNS

1 - 6

Controller supports a variety of media options, including Fast Ethernet, and Gigabit Ethernet; the 3-DNS Controller also supports multiple network interface cards that can provide redundant or alternate paths to the network.

Note

If you use NameSurfer to manage your DNS zone files, you can configure only up to 100 IP addresses and domain names.

System synchronization options

The 3-DNS Controller sync group feature allows you to automatically synchronize configurations from one 3-DNS Controller to any other 3-DNS Controller in the network, simplifying administrative management. The synchronization feature offers a high degree of administrative control. For example, you can set the 3-DNS Controller to synchronize a specific configuration file set, and you can also set which 3-DNS Controllers in the network receive the synchronized information and which ones do not.

Introduction

Configuring data collection for server status and network path data

The 3-DNS platform includes the big3d agent, which is an integral part of 3-DNS load balancing. The big3d agent continually monitors the availability of the servers that the 3-DNS Controller load balances. It also monitors the integrity of the network paths between the servers that host the domain, and the various local DNS servers that attempt to connect to the domain. The big3d agent runs on any of the following platforms: 3-DNS Controller, BIG-IP systems, EDGE-FX Cache, and GLOBAL-SITE Controller. Each big3d agent broadcasts its collected data to all of the 3-DNS Controllers in your network, ensuring that all 3-DNS Controllers work with the latest information.

The big3d agent offers a variety of configuration options that allow you to choose the data collection methods you want to use. For example, you can configure the big3d agent to track the number of router hops (intermediate system transitions) along a given network path, and you can also set the big3d agent to collect host server performance information using the SNMP protocol. For further details on the big3d agent, refer to the 3-DNS

Reference Guide, Chapter 5, Probing and Metrics Collection.

Redundant system configurations

A redundant system is essentially a pair of 3-DNS units, with one operating as the active unit that responds to DNS queries, and the other one operating as the standby unit. If the active unit fails, the standby unit takes over and begins to respond to DNS queries while the other 3-DNS unit restarts and becomes the standby unit.

3-DNS® Administrator Guide 1 - 7

Chapter 1

The 3-DNS Controller actually supports two methods of checking the status of the peer system in a redundant system:

◆ Hardware-based fail-over

In a redundant system that has been set up with hardware-based fail-over, the two units in the system are connected to each other directly using a fail-over cable attached to the serial ports. The standby unit checks on the status of the active unit once every second using this serial link.

◆ Network-based fail-over

In a redundant system that has been set up with network-based fail-over, the two units in the system communicate with each other across an Ethernet network instead of going across a dedicated fail-over serial cable. The standby unit checks on the status of the active unit once every second using the Ethernet.

Note

In a network-based fail-over configuration, the standby 3-DNS unit immediately takes over if the active unit fails. If a client has queried the failed 3-DNS unit, and not received an answer, it automatically re-issues the request (after 5 seconds) and the standby unit, functioning as the active unit, responds.

Monitoring the 3-DNS Controller and the network

The 3-DNS Controller includes sophisticated monitoring tools to help you monitor the 3-DNS Controller, the traffic it manages, and the Internet. The following monitoring tools are available on the 3-DNS Controller: the Statistics screens, the Internet Weather Map, and the Network Map. All of these tools are in the Configuration utility.

Comparing a 3-DNS Controller to a BIG-IP system

A 3-DNS Controller load balances traffic for a globally-distributed network, and a BIG-IP system load balances traffic for a local area network. While both systems provide load balancing, one of the significant differences between the BIG-IP system and the 3-DNS Controller is that the 3-DNS Controller responds to DNS requests issued by an LDNS on behalf of a client, while the BIG-IP system provides connection management between a client and a back-end server.

1 - 8

Once the 3-DNS Controller returns a DNS answer to an LDNS, the conversation between the LDNS and the 3-DNS Controller ends, and the client connects to the IP address returned by the 3-DNS Controller. Unlike the 3-DNS Controller, the BIG-IP system sits between the client and the content servers. It manages the client’s entire conversation with the content server.

What’s new in version 4.5

The 3-DNS Controller, version 4.5 offers the following major new features in addition to many other enhancements.

Automatic discovery

The 3-DNS Controller can now automatically collect and add the virtual server configuration information for any BIG-IP systems and host servers in the 3-DNS Controller configuration. The Discovery setting has three levels: OFF, ON, and ON/NO DELETE. For more information on

auto-configuration and the Discovery setting, see Overview of auto-configuration, on page 5-16.

Introduction

Easy system account and password creation

With this release, the 3-DNS Controller now offers one screen, in the web-based Setup utility, where you can set the passwords for the three system accounts: root, admin, and support. On this screen, you can also specify whether to allow command line access, web access, or both for the support account. You can view the User Access screen by opening the Setup utility from the home screen. For more information on user accounts and

system accounts, see Chapter 6, Administration and Monitoring, in the

3-DNS Reference Guide.

Enhanced synchronization

The configuration synchronization process for the 3-DNS Controller has been updated and improved. The controller no longer relies on the syncd daemon for synchronization. Instead, synchronization occurs automatically, based on file timestamps, whenever you make any type of change to the configuration. The 3-DNS Controller also polls any Link Controllers that you have in your network, and synchronizes the link information across the sync group. Note that working with sync groups remains the same.

3-DNS® Administrator Guide 1 - 9

Chapter 1

Expanded statistics

The statistics screens on the 3-DNS Controller have been enhanced and expanded. You can now view statistics for the following objects:

• The Detailed Wide IP Statistics screen, available from the Wide IP Statistics screen, now displays information about virtual servers in the context of the wide IP pools of which they are members.

• The Link Statistics screen displays information about any router links you have configured.

• The P95 Billing Estimate statistics screen displays graphs of your actual bandwidth usage compared to your purchased bandwidth if you have links configured, or your network has both 3-DNS Controllers and Link Controllers in it.

• The Internet Weather Map statistics screen now displays information for both the data centers and the links in your network.

• The Disabled Objects statistics screen now displays these additional objects: wide IPs, pools, and virtual servers.

For details on each of these screens, refer to the online help for that screen.

Multi-homing and firewall support

The 3-DNS Controller now supports multiple links to the Internet and network address translations for firewalls. You can designate one or more self IP addresses and translations for the controller itself, as well as for any BIG-IP systems, host servers, or routers that are configured as part or the controller’s network. For information on working with the self IP addresses and network address translations, refer to the online help for the Self IP List, which is available from the toolbar for each server type.

Security enhancements

You can now use the Setup utility to configure a remote LDAP or RADIUS authentication server. With this feature, you no longer need to directly edit configuration files to set up your LDAP or RADIUS authentication server.

This release of the 3-DNS Controller also expands the number of user roles that you can assign to user accounts for the purpose of user authorization. In addition to the standard Full Read/Write, Partial Read/Write, and Read-Only access levels, you can now define which user interface an administrator uses to access the 3-DNS Controller (the Configuration utility, the command line interface, or the iControl interface). These user authorization roles are stored in the local LDAP database on the 3-DNS Controller, and are designed to operate in concert with centralized LDAP and RADIUS authentication.

1 - 10

For details on user authorization and managing user accounts, see Managing

user accounts, in Chapter 6, Administration and Monitoring, in the 3-DNS

Reference Guide.

Finding help and technical support resources

You can find additional technical documentation about the 3-DNS Controller in the following locations:

◆ Release notes

Release notes for the 3-DNS Controller are available from the home screen of the Configuration utility. The release note contains the latest information for the current version, including a list of new features and enhancements, a list of fixes, and a list of known issues.

◆ Online help for 3-DNS features

You can find help online in three different locations:

• The Configuration utility home screen has PDF versions of the guides

included in the Administrator Kit. 3-DNS software upgrades may replace the guides with updated versions as appropriate.

• The Configuration utility has online help for each screen. Click the

Help button on the toolbar.

• Individual commands have online help, including command syntax

and examples, in standard UNIX man page format. Type the command followed by -h or -help, and the 3-DNS Controller displays the syntax and usage associated with the command. You can also type man <command> to display the man page for the command.

Introduction

◆ Third-party documentation for software add-ons

The Configuration utility contains online documentation for the third-party software included with the 3-DNS Controller, including the NameSurfer application.

◆ Technical support through the World Wide Web

The Dell Support website at support.dell.com provides the latest technical documentation.

Note

All references to hardware platforms in this guide refer specifically to systems supplied by F5 Networks, Inc. If your hardware was supplied by another vendor and you have hardware-related questions, please refer to the documentation from that vendor.

3-DNS® Administrator Guide 1 - 11

Chapter 1

1 - 12

Planning the 3-DNS Configuration

• Managing traffic on a global network

• Planning issues for the network setup

• Choosing the 3-DNS mode

• Planning issues for the load balancing configuration

• Using advanced traffic control features

Managing traffic on a global network

Planning the 3-DNS Configuration

3-DNS® Administrator Guide 2 - 1

Chapter 2

Figure 2.1 A sample network layout showing data paths

Synchronizing configurations and broadcasting performance metrics

3-DNS Controllers typically work in sync groups, where a group of controllers shares load balancing configuration settings. In a sync group, any system that has new configuration changes can broadcast the changes to any other system in the sync group, allowing for easy administrative maintenance. To distribute metrics data among the systems in a sync group, the principal 3-DNS Controller sends requests to the big3d agents in the network, asking them to collect specific performance and path data. Once

2 - 2

+ 135 hidden pages