The 3-DNS Administrator Guide is designed to help you quickly configure your 3-DNS Controller to manage your wide-area network traffic and DNS. The Administrator Guide contains the following chapters:
The 3-DNS Controller provides the following web-based and command line administrative tools that make for easy setup and configuration.
The First-Time Boot utility is a wizard that walks you through the initial system setup. The utility helps you quickly define basic system settings, such as a root password and the IP addresses for the interfaces that connect the 3-DNS Controller to the network. The First-Time Boot utility also helps you configure access to the 3-DNS web server, which hosts the web-based Configuration utility, as well as the NameSurferTM application that you can use for DNS zone file management.
The Configuration utility is a web-based application that you use to configure and monitor the 3-DNS Controller. Using the Configuration utility, you can define the load balancing configuration along with the network setup, including data centers, sync groups, and servers used for load balancing and path probing. In addition, you can configure advanced features such as topology settings and SNMP agents. The Configuration utility also monitors network traffic, current connections, load balancing statistics, performance metrics, and the operating system itself.
The 3-DNS web server, which hosts the Configuration utility, provides convenient access to downloads such as the SNMP MIB and documentation for third-party applications such as NameSurfer.
The NameSurfer application is a third-party application that automatically configures DNS zone files associated with domains handled by the 3-DNS Controller. You can use NameSurfer to configure and maintain additional DNS zone files on 3-DNS Controllers that run as master DNS servers. The Configuration utility provides direct access to the NameSurfer application, as well as the corresponding documentation for the application. Please note that your license allows you to manage a maximum of 100 IP addresses in the NameSurfer application. For more information, refer to the end-user license agreement included in your product shipment.
The 3-DNS Maintenance menu is a command line utility that executes scripts which assist you in configuration and administrative tasks, such as installing the latest version of the big3d agent on all your systems, or editing the load balancing configuration files. You can use the 3-DNS Maintenance menu directly on the 3-DNS Controller, or you can use the menu when connected to the controller using a remote shell, such as the SSH client (ssh is configured on crypto 3-DNS Controllers only), or a standard RSH client (if rsh is configured).
The Configuration utility, which provides web-based access to the 3-DNS Controller system configuration and features, supports the following browser versions:
The 3-DNS Administrator Kit provides simple steps for quick, basic configuration, and also provides detailed information about more advanced features and tools, such as the 3dnsmaint command line utility. The information is organized into the guides described as follows.
To help you easily identify and understand certain types of information, this documentation uses the stylistic conventions described below.
Warning: All examples in this documentation use only non-routable IP addresses. When you set up the solutions we describe, you must use IP addresses suitable to your own network in place of our sample IP addresses.
When we first define a new term, the term is shown in bold italic text. For example, a wide IP is a mapping of a fully-qualified domain name to a set of virtual servers that host the domain's content.
We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, the nslookup command requires that you include at least one <ip_address> variable.
We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about 3dnsmaint commands in the 3-DNS Reference Guide.
We show actual, complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command sets the 3-DNS Controller load balancing mode to Round Robin:
Table 1.1 explains additional special conventions used in command line syntax.
Item in text
Continue to the next line without typing a line break.
You enter text for the enclosed item. For example, if the command has <your name>, type in your name.
Separates parts of a command.
Syntax inside the brackets is optional.
Indicates that you can type a series of items.
You can find additional technical documentation about the 3-DNS Controller in the following locations:
The 3-DNS Controller is a network appliance that manages and balances traffic over global networks. The 3-DNS Controller manages network traffic patterns using load balancing algorithms, topology-based routing, and production rules that control and distribute traffic according to specific policies. The system is highly configurable, and its web-based and command line configuration utilities allow for easy system setup and monitoring.
The 3-DNS Controller provides a variety of features that meet special needs. For example, with this product you can:
The 3-DNS Controller supports both standard DNS protocol and the 3-DNS Controller iQuery protocol (a protocol used for collecting dynamic load balancing information). The 3-DNS Controller also supports administrative protocols, such as Simple Network Management Protocol (SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for performance monitoring and notification of system events. For administrative purposes, you can use SSH (distributed only on crypto 3-DNS Controllers), RSH, Telnet, and FTP. The Configuration utility supports HTTPS, for secure web browser connections using SSL (distributed only on crypto 3-DNS Controllers), as well as standard HTTP connections.
The 3-DNS Controller's SNMP agent allows you to monitor status and current traffic flow using popular network management tools, including the Configuration utility. The SNMP agent provides detailed data such as current connections being handled by each virtual server.
The 3-DNS Controller offers a variety of security features that can help prevent hostile attacks on your site or equipment.
The 3-DNS Controller is a highly scalable and versatile solution. You can configure the 3-DNS Controller to manage up to several hundred domain names, including full support of domain name aliases. The 3-DNS Controller supports a variety of media options, including Fast Ethernet, Gigabit Ethernet, and FDDI; the controller also supports multiple network interface cards that can provide redundant or alternate paths to the network.
The 3-DNS Controller sync group feature allows you to automatically synchronize configurations from one 3-DNS Controller to the other 3-DNS Controllers in the network, simplifying administrative management. The synchronization feature offers a high degree of administrative control. For example, you can set the controller to synchronize a specific configuration file set, and you can also set which 3-DNS Controllers in the network receive the synchronized information and which ones do not.
The 3-DNS Controller platform includes a big3d agent, which is an integral part of 3-DNS Controller load balancing. The big3d agent continually monitors the availability of the servers that the 3-DNS Controller load balances. It also monitors the integrity of the network paths between the servers that host the domain and the various local DNS servers that attempt to connect to the domain. The big3d agent runs on 3-DNS Controllers, BIG-IP Controllers, EDGE-FX Caches, and GLOBAL-SITE Controllers distributed throughout your network. Each big3d agent broadcasts its collected data to all of the 3-DNS Controllers in your network, ensuring that all 3-DNS Controllers work with the latest information.
The big3d agent offers a variety of configuration options that allow you to choose the data collection methods you want to use. For example, you can configure the big3d agent to track the number of hops (intermediate system transitions) along a given network path, and you can also set the big3d agent to collect host server performance information using the SNMP protocol. For further details on the big3d agent, refer to Chapter 3, The big3d Agent, in the 3-DNS Reference Guide.
A redundant system is essentially a pair of 3-DNS Controller units, one operating as an active unit responding to DNS queries, and one operating as a standby unit. If the active unit fails, the standby unit takes over and begins to respond to DNS queries while the other controller reboots and becomes a standby unit.
The 3-DNS Controller actually supports two methods of checking the status of the peer system in a redundant system:
Note: In a network-based fail-over configuration, the standby 3-DNS Controller immediately takes over if the active unit fails. If a client had queried the failed controller, and not received an answer, it automatically re-issues the request (after 5 seconds) and the standby unit, functioning as the active controller, responds.
This section provides a brief overview of how 3-DNS Controllers work within a global network and how they interact with BIG-IP Controllers, EDGE-FX Caches, GLOBAL-SITE Controllers, and host machines in the network. The section also illustrates how the 3-DNS Controller works with the big3d agents that run in various locations in the network, and with the local DNS servers that make DNS requests on behalf of clients connecting to the Internet.
The following sample configuration shows the 3-DNS Controllers that load balance connections for a sample Internet domain, domain.com.
The 3-DNS Controllers in your network sit in specific data centers, and work in conjunction with BIG-IP Controllers, EDGE-FX Caches, GLOBAL-SITE Controllers, and host servers that also sit in your network data centers. All 3-DNS Controllers in the network can receive and respond to DNS resolution requests from the LDNS servers that clients use to connect to the domain.
Figure 1.1 illustrates the layout of the 3-DNS Controllers, the BIG-IP Controllers, and the host servers in the three data centers. The Los Angeles data center houses one 3-DNS Controller and one BIG-IP Controller, as does the New York data center. The Tokyo data center houses only one 3-DNS Controller and one host server.
In the Los Angeles and New York data centers, the big3d agent runs on the BIG-IP Controllers and the 3-DNS Controllers, but in the Tokyo data center, the big3d agent runs only on the 3-DNS Controller. Each big3d agent collects information about the network path between the data center where it is running and the client's LDNS server in Chicago, as illustrated by the red lines. Each big3d agent also broadcasts the network path information it collects to the 3-DNS Controllers running in each data center, as illustrated by the green, blue, and purple lines.
The 3-DNS Controllers typically work in sync groups, where a group of controllers shares load balancing configuration settings. In a sync group, any controller that has new configuration changes can broadcast the changes to any other controller in the sync group, allowing for easy administrative maintenance. To distribute metrics data among the controllers in a sync group, the principal 3-DNS Controller sends requests to the big3d agents in the network, asking them to collect specific performance and path data. Once the big3d agents collect the data, they each broadcast the collected data to all controllers in the network, again allowing for simple and reliable metrics distribution.
When a client requests a DNS resolution for a domain name, an LDNS sends the request to the 3-DNS Controller that is authoritative for the zone. The 3-DNS Controller first chooses the best available virtual server out of a pool to respond to the request, and then returns a DNS resource record to the requesting local DNS server. The LDNS server uses the answer for the period of time defined within the resource record. Once the answer expires, however, the LDNS server must request name resolution all over again to get a fresh answer.
Figure 1.2 illustrates the specific steps in the name resolution process.
Each of the 3-DNS Controller load balancing modes can provide efficient load balancing for any network configuration. The 3-DNS Controller bases load balancing on pools of virtual servers. When a client requests a DNS resolution, the 3-DNS Controller uses the specified load balancing mode to choose a virtual server from a pool of virtual servers. The resulting answer to this resolution request is returned as a standard A record.
Although some load balancing configurations can get complex, most load balancing configurations are relatively simple, whether you use a static load balancing mode or a dynamic load balancing mode. More advanced configurations can incorporate multiple pools, as well as advanced traffic control features, such as topology or production rules.
For more information on specific load balancing modes, see Load Balancing in the 3-DNS Reference Guide. For more information on load balancing configurations, review the sample configurations in Chapter 3, Configuring a Globally-Distributed Network , and Chapter 4, Configuring a Content Delivery Network . If you are unfamiliar with the 3-DNS Controller, you may also want to review Chapter 2, Essential Configuration Tasks .
The 3-DNS Controller balances connections across a group of virtual servers that run in different data centers throughout the network. You can manage virtual servers from the following types of products:
Figure 1.3 illustrates the hierarchy of how the 3-DNS Controller manages virtual servers.
While both controllers provide load balancing, one of the significant differences between the 3-DNS Controller and the BIG-IP Controller is that the 3-DNS Controller responds to DNS requests issued by an LDNS on behalf of a client, while the BIG-IP Controller provides connection management between a client and a back-end server.
Once the 3-DNS Controller returns a DNS answer to an LDNS, the conversation between the LDNS and the 3-DNS Controller ends, and the client connects to the IP address returned by the 3-DNS Controller. Unlike the 3-DNS Controller, the BIG-IP Controller sits between the client and the content servers. It manages the client's entire conversation with the content server.
The 3-DNS Controller offers the following major new features in addition to many other enhancements.
The 3-DNS Controller can now collect network metrics from GLOBAL-SITE Controllers, using iQuery and the big3d agent. Note that the GLOBAL-SITE Controller does not manage virtual servers, and is not used for load balancing. For information on configuring GLOBAL-SITE Controllers, refer to Defining GLOBAL-SITE Controllers, on page 2-20 .
The DNS engine for the 3-DNS Controller no longer relies on BIND for DNS resolution. Multiple benefits include:
For more information about using wildcard characters, please see the online help for either the Add a New Wide IP screen or the Modify a Wide IP Alias screen, in the Configuration utility.
The 3-DNS Controller now has a partial read/write user level. When you assign the partial read/write level to a user, he or she can enable or disable servers, virtual servers, and wide IPs, but cannot add or delete any part of the configuration. For more information on configuring user administration in the Configuration utility, please see the online help for the User Administration screen. For more information on user administration in general, please refer to Chapter 6, Administration and Monitoring .