Updated Date: 07/23/2001
The following instructions explain how to install the 3-DNS Controller, version 3.0 onto existing crypto or non-crypto systems that are running version 2.1.2 and later.
Important: If you are running 3-DNS
Controller, version 2.1 or earlier, you must first upgrade to version
2.1.2. You can then upgrade to version 3.0.
If you want to upgrade from 3-DNS Controller, version 2.X non-crypto to version 3.0 crypto, you must first upgrade to version 2.1.2 crypto, and then upgrade to version 3.0 crypto.
To find out how to download software from the F5 FTP site, see SOL167: Downloading software from F5 Networks
If the checksum numbers match, the upgrade file is valid. If they do not match, open a new FTP connection, and try to download the upgrade file again.
The upgrade_install script performs a backup of your critical system files and executables. When the script is done, it automatically reboots your system.
Once you install the software update, refer to the Configuring and using the new software section, which contains important information about required configuration changes and new configuration options.
If you are running a browser on a Windows-based PC, you can configure your 3-DNS Controller using command line entries, in the Configuration utility, by clicking the 3-DNS Console item in the navigation pane; this opens an SSH (version 1) console.
The big3d agent now runs as a single process.
You can now configure a wide IP pool to work as part of your content delivery network (CDN). After you configure a CDN pool, you can specify the CDN provider with which you are working. The 3-DNS Controller then delegates requests to the CDN provider, based on the terms of the service level agreement you have set up with the CDN provider. For information on configuring CDN pools using the Configuration utility, view the online help for the Select CDN Pool screen. For information on configuring a CDN, see Chapter 4, Configuring a Content Delivery Network, in the 3-DNS Controller Administrator Guide.
Extended content verification (ECV)
With ECV monitoring, you can monitor not only the availability of a port or service on a server or virtual server, but also the availability of a specific file on a particular server or virtual server. If the server or virtual server responds appropriately to the query, the server or virtual server is marked as up; if the server or virtual server does not respond as expected, the server or virtual server is marked as down. You can use ECV to test the HTTP, HTTPS, or FTP protocols. For information on how to configure this option using the Configuration utility, view the online help for the Modify Wide IP screen.
The 3-DNS Controller now supports the F5 Networks EDGE-FX Cache as a standalone server type. For information on how to configure an EDGE-FX Cache server type in the Configuration utility, view the online help for the Add EDGE-FX Cache screen. For general information on configuring the EDGE-FX Cache server type, see the 3-DNS Controller Reference Guide.
The 3-DNS Controller now runs on the FreeBSD platform.
Geographic load balancing
For crypto 3-DNS Controllers, the IP geolocation classifier has been updated, and now accurately and reliably supports IP address resolution at the country level, in addition to the continent level.
Host load balancing
The 3-DNS Controller can now load balance hosts that are not managed by a BIG-IP Controller (or similar local traffic director) when you choose the Packet Rate or Kilobytes/Second load balancing modes.
Limits for current connections
You can now set limits for current connections for BIG-IP Controllers, EDGE-FX Caches, hosts, and their respective virtual servers and pools. For information on setting metric limits, see the online help for the Modify Limit Settings screens in the Configuration utility.
The 3-DNS Controller now captures metrics for several new host devices. For the BIG-IP Controller and the EDGE-FX Cache, the 3-DNS Controller uses iQuery to capture the metrics indicated in the following table. For the other hosts listed in the table, the 3-DNS Controller uses SNMP to capture the metrics. For more information on iQuery, see Chapter 3, big3d Agent, in the 3-DNS Controller Reference Guide. For more information on SNMP metrics, see Chapter 10, SNMP, in the 3-DNS Controller Reference Guide.
Note: New host devices are highlighted in yellow.
|Windows 2000 Server||X||X||X||X||X|
|Windows NT 4.0||X||X||X||X||X|
|BSD, UC Davis||X||X||X||X||X||X|
|Linux, UC Davis||X||X||X||X||X|
|Alteon Ace Director||X||X|
|Cisco CSS series2||X||X||X|
1 The Cisco LocalDirector metric shows new connections per
second rather than current connections.
2 Formerly ArrowPoint Communications.
The Network Map displays physical and logical networks together on one screen using an illustrative tree. By viewing the Network Map, you can see the relationships between the different components of your networks, such as how wide IPs are related to data centers, and how virtual server pools are related to servers. For more information on the Network Map, in the Configuration utility view the online help for the Network Map screen, or see Network Map in the 3-DNS Controller Reference Guide.
The 3-DNS Controller now runs OpenSSH 2.3.0, which is compliant with SSH1 and SSH2.
You can now define or modify system resource thresholds or limits at the wide IP pool level. When a pool exceeds any resource threshold, the 3-DNS Controller marks the entire pool as unavailable and directs load-balancing traffic to another pool in the wide IP. For information on how to configure this option using the Configuration utility, view the online help for the Modify Limit Settings screen.
We have added a new script, called 3dns_add, to the 3-DNS Maintenance menu. This script facilitates the process of adding a new 3-DNS Controller to an existing network and sync group. For information on how to use the 3dns_add script, see Chapter 5, Adding 3-DNS Controllers to the Network, in the 3-DNS Controller Administrator Guide.
Virtual server dependencies
With the virtual server dependencies feature, you create a list of virtual servers that must all be available for load balancing so that the virtual server you are configuring is also available for load balancing. For more information on virtual server dependencies, view the online help for the Virtual Server Dependencies List screen, in the Configuration utility.
When you create a new wide IP, you must enter a fully-qualified domain name (for example, www.f5.com) in the Wide IP Name box. If you do not enter a fully-qualified domain name, the 3-DNS Controller displays a message reminding you to do so.
There are no required configuration changes in this release.
The following issues are resolved in the current release.
|Refreshing statistics||Clicking the Refresh button in the Statistics screen no longer prompts a web server login error message.||CR11597|
|Launching online help||Clicking the Help button on the tool bar while using Microsoft Internet Explorer 5.5 no longer prompts a warning dialog box to display.||CR12522|
|Removing host servers from data centers||Removing host servers from data center configurations no longer causes inaccurate displays in the Configuration utility.||CR12624|
|Adding multiple wide IP aliases||Adding more than three wide IP aliases no longer causes intermittent, irregular system behavior.||CR12116|
|Metrics values||If you restart the named agent or the big3d agent, the 3-DNS Controller now generates an accurate value for the first calculation of the packets per second or kilobytes per second metrics.||CR10127|
|Using static load balancing||
When you use a static load balancing method in a pool that has a host virtual server with Unknown status (denoted by a blue ball in the Virtual Server Metrics screen in the Configuration utility), the 3-DNS Controller no longer returns the IP address of that host as the resolution to a DNS request.
The following items are known issues in the current release.
|Running the upgrade_install script||
If you have changed the host name or domain name of the 3-DNS Controller without using the config utility, the upgrade_install script stops with the following messsage:
"Your hostname in /etc/netstart does not match the hostname stored in the configuration database. Please run the 'config' utility to update your configuration before upgrading the system."
You must update the configuration of the 3-DNS Controller, by running the config utility, before you can perform the upgrade. To run the config utility, type config at the command line, and follow the prompts.
Administrative IP addresses in the hosts.allow file and SSH
|The config_sshd script writes any administrative IP addresses to the hosts.allow file in the CIDR format, which the hosts.allow file does not properly interpret. For example, if you type 192.168.100.* for the administrative IP address, the hosts.allow file logs the IP address as 192.168.100.0/24, and SSH communications to the 3-DNS Controller do not work. You can edit the tweak_sshd script so that the hosts.allow file properly interprets the administrative IP addresses for SSH communications. Refer to the Editing the tweak_sshd script section (following the Known Issues table) for instructions on modifying the tweak_sshd script.||CR15551|
The NTP utility syntax is incorrect
The syntax for the network time protocol (NTP) utility is incorrect in the rc.conf file. You can correct the syntax using the following workaround. Note that you can make this change only from the command line.
To correct the NTP utility syntax
System error log file rotation
The System error log file rotation does not function properly. You can correct the log file rotation using the following work around.
To initiate log file rotation for the System error log
Using Global Availability load balancing within a pool
When you create a pool for a new or for an existing wide IP, and you use the Global Availability load balancing method, you may experience problems under the following circumstances:
The 3-DNS Controller, version 3.0 does not synchronize with 3-DNS Controllers that are running versions prior to 3.0, if your 3.0 configuration includes any of the following new features: an EDGE-FX Cache server type, ECV functionality, CDN functionality, or pool limits functionality.
To synchronize a version 3.0 controller with a version 2.1.2 controller,
create a symlink from the /usr/contrib/bin/rsync file to the /usr/local/bin/rsync
file on all 2.1.2 versions of the controller, as follows:
|Using encrypted communications||
(This applies only to crypto 3-DNS Controllers.) When you rebuild a 3-DNS Controller (or BIG-IP Controller) using a CD, the RSA key for sshd changes. This breaks the trust relationship between the updated controller and any devices with which it interacts. As a result, synchronization between the controllers in the sync group stops, and you cannot update the big3d agent. You can correct this situation by removing the newer RSA key and synchronizing the updated controller with other F5 devices.
Running Netscape Navigator 6.0
The Configuration utility does not currently support Netscape 6.0.
|Running Netscape Navigator on UNIX systems||
If you are running Netscape on a UNIX (LINUX, *BSD, Solaris) system, the 3-DNS Console item is not available in the navigation pane of the Configuration utility. Instead you can access the 3-DNS Controller command line utility using an SSH connection.
|Displaying the Network Map||
The Network Map does not display large configurations properly when you run Netscape on a UNIX or LINUX platform. We recommend that you use a Windows-based browser to view large network configurations with the Network Map.
|Creating wide IP production rules||
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box.
When you create a wide IP production rule using the Configuration utility, in the Select Local DNS screen, you must type the IP address and subnet mask in the appropriate boxes. You cannot use the CIDR format (for example, 192.168.10.10/24) in these boxes.
|Connecting to an EDGE-FX Cache using RSH||
When using an RSH session to connect to an EDGE-FX Cache that does not have SSH available (a non-crypto EDGE-FX Cache), you may get a connection refused error message.
|Viewing prober statistics||
Sometimes NAN (not a number) appears in the Probers Statistics screen. This error is harmless and does not affect the operation of the 3-DNS Controller.
When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later. We recommend using the following procedure view the Histograms or Metrics:
|Using the Configuration utility||
Parts of the Configuration utility for the 3-DNS Controller use Java applets and require the presence of the Java Virtual Machine (JVM) on your local machine. However, some default installations of Internet Explorer do not contain the JVM. If your version of Internet Explorer does not contain a JVM, you can obtain a JVM by going to the Tools menu, selecting the Windows Update link, selecting Product Update, and looking in the Additional Windows Features section. Alternately, you can go to the Internet Explorer section of Microsoft's web site.
|Creating wide IP names and aliases||
When you add or modify a wide IP definition, either by using the Configuration utility or by editing the wideip.conf file, you cannot use the same fully-qualified domain name (FQDN) more than once. If you try to use the same FQDN as a wide IP name in one definition, and as an alias in another definition, the Configuration utility stops working.
|Updating metrics for the Solstice SNMP agent||
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds. As a result, in the 3-DNS Controller SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value. If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds.
|Editing the snmpd.conf file||
If you have SNMP configured on your 3-DNS Controller, the 3dns.log file may fill up quickly. To correct this, you must edit the snmpd.conf file from the command line.To edit the snmpd.conf file
|Checking SNMP connectivity||
The F5 Networks snmptest utility has been removed from the 3-DNS Controller. You can use the UC-Davis snmptest utility instead. Please refer to the following web site, http://net-snmp.sourceforge.net/ for more information about the UC-Davis snmptest utility.
|Setting screen resolution||
If the screen resolution on your monitor is set to less than 1024 x 768 pixels, you may not see the entire 3-DNS Controller toolbar in the Configuration utility. If your monitor allows it, we recommend that you set your screen resolution to 1024 x 768 pixels.
|Running the named daemon||
The granularity of the IP classifier in the Topology load balancing mode
has increased dramatically. As a result, when you enable the Topology
load balancing mode, you may notice the following:
|Viewing the Network Map||
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape. This error only occurs if the additional browser sessions use Java applets. We recommend that you close any additional browser sessions before viewing the Network Map.
|Removing dependencies entries||
If you remove seven or more entries at one time from a Virtual Server Dependencies List and you are running Internet Explorer 5.0, you may get an error. To avoid this error, remove fewer entries at a time.
|Displaying status of a controller in a sync group||
When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens in the disabled controller's Configuration utility display an inaccurate status (a red ball) for all of the other 3-DNS Controllers in the same sync group. You can see the correct status of the controllers in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group.
|Collecting metrics for Cisco CSS series (formerly ArrowPoint) servers||
The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.
|Interpreting ArrowPoint CS150 server data||
The 3-DNS Controller collects packets per second and kilobytes per second metrics for only http traffic on the current ArrowPoint CS150 server.
|Rolling back to
3-DNS Controller, version 2.1.2 from version 3.0BETA1
If you installed 3-DNS Controller, version 3.0BETA1, and you then rolled back to 3-DNS Controller, version 2.1.2, be sure to delete all of the regular files (not the subdirectories) in the /var/tmp/ directory before downloading and installing 3-DNS Controller, version 3.0.
|Opening multiple instances of the 3-DNS Console in Netscape||
If you have more than one 3-DNS Console session open, and you are running Netscape, you can close only one session. We recommend that you open only one instance of the 3-DNS Console.
|Probing local DNS servers||
We recommend that you use the ICMP, DNS_REV, or DNS_DOT probing methods, and that you do not use the Port Discovery probing method, to probe local DNS servers.
|Accessing documentation for the wideip.conf file||
To obtain the most current syntax information for the wideip.conf file, see the Wideip.conf Syntax link on tech.f5.com; the current guides for the 3-DNS Controller do not include this information.
The following instructions describe how to configure the Global Availability load balancing mode within a pool. You need to use these instructions only if you meet the criteria listed in the Using the Global Availability load balancing mode within a pool item in the Known Issues section.
To configure Global Availability load balancing within a pool in a new wide IP
To configure Global Availability load balancing within a pool in an existing wide IP
Editing the tweak_sshd script
The following instructions describe how to edit the tweak_sshd script so that the 3-DNS Controller recognizes any specific administrative IP addresses in the hosts.allow file. Note that if you use the default setting for administrative IP addresses ( *.*.*.* ), SSH communications work properly and you do not need to edit the tweak_sshd script.
To edit the tweak_sshd script from the command line
Note: If you want to reset the administrative IP addresses after you have modified the tweak_sshd script, you can do so by simply typing config_sshd at the command line, and following the prompts.