Software Release Date: 10/30/2002
Updated Date: 03/05/2007
This release note documents version 4.5 of the 3-DNS Controller.
This section describes the minimum system requirements for this release.
The following instructions explain how to install the 3-DNS Controller, version 4.5 onto existing systems running version 4.2 and later. Once you install the software update, and license the controller, refer to the Configuring and using the new software section, which contains important information about required configuration changes and the new configuration options.
Warning: Before you install the upgrade, you must have a valid registration key. If you do not have a valid registration key DO NOT attempt to install the upgrade; please contact your vendor first. If you choose to continue without obtaining a registration key, the 3-DNS Controller will not be fully functional.
Important! If you are running the 3-DNS module on a BIG-IP system, do not apply this upgrade. Instead refer to the installation instructions for BIG-IP, version 4.5, as published in the BIG-IP version 4.5 release note. When you apply the BIG-IP software, version 4.5 upgrade, the 3-DNS module is also updated to version 4.5.
Note: The upgrade process does not preserve any non-standard files that you may have on your 3-DNS Controller. If you want to retain any non-standard files during this upgrade, then you need to save the files to a remote location before you perform the upgrade, and manually restore the non-standard files after the upgrade process is complete.
Once you install the upgrade and connect the controller to the network, you need a valid license certificate to activate the software. To obtain a license certificate, you need to provide two items to the license server: a registration key and a dossier. The registration key is a 25-character string. You should have received the key by email. The registration key lets the license server know which F5 products you are entitled to license. The dossier is obtained from the software, and is an encrypted list of key characteristics used to identify the platform. If you do not have a registration key, please contact your vendor.
You can obtain a license certificate using one of the following methods:
Note: You can open the Configuration utility using either Netscape Navigator 4.7, or Microsoft Internet Explorer 5.0 or 5.5. Netscape Navigator 6.0 and Microsoft Internet Explorer 6.0 are not supported.
You can use the Configuration utility to manually activate a license for a previously-configured 3-DNS Controller and for a new controller. Before you can activate the license, however, you must log on to the Configuration utility.
To open the Configuration utility for an existing 3-DNS Controller
To open the Configuration utility for a new 3-DNS Controller
Once you have successfully logged in to the Configuration utility, you can proceed with the manual license activation.
To manually activate a license using the Configuration utility
You can use the Configuration utility automatically activate a license for a previously-configured 3-DNS Controller and for a new controller. Before you can activate the license, however, you must log on to the Configuration utility.
To open the Configuration utility for an existing 3-DNS Controller
To open the Configuration utility for a new 3-DNS Controller
Once you have successfully logged in to the Configuration utility, you can proceed with the automatic license activation.
To automatically activate a license using the Configuration utility
After the 3-DNS Controller upgrade installation has completed, and you have successfully licensed the controller, you need to install the new version of the big3d agent on all BIG-IP systems and EDGE-FX systems known to the 3-DNS Controller, as follows:
The 3-DNS Controller can now automatically collect and add the configuration information for BIG-IP systems, including the BIG-IP Link Controller, and host servers. The Discovery setting has three levels:
We recommend that you leave the Discovery setting off if there is a firewall separating the 3-DNS Controller from the BIG-IP systems and host systems in the network. For details on configuring the Discovery setting, review the online help for the Modify BIG-IP screen and the Modify Host screen. See also the Overview of auto-configuration section in Chapter 5, Essential Configuration Tasks, in the 3-DNS Administrator Guide.
With this release, the 3-DNS Controller now offers one screen, in the web-based Setup utility, where you can set the passwords for the three system accounts: root, admin, and support. On this screen, you can also specify whether to allow command line access, web access, or both for the support account. You can view the User Access screen by opening the Setup utility from the home screen.
The configuration synchronization process for the 3-DNS Controller has been updated and improved. The controller no longer relies on the syncd daemon for synchronization. Instead, synchronization occurs automatically, based on file timestamps, whenever you make any type of change to the configuration. The 3-DNS Controller also polls any Link Controllers that you have in your network, and synchronizes the link information across the sync group. If you want to turn automatic synchronization off, review the Turning off automatic synchronization procedure in the Optional configuration changes section of this release note.
The statistics screens on the 3-DNS Controller have been enhanced and expanded. You can now view statistics for the following objects:
For details on these screens, review the online help for the screen.
The 3-DNS Controller has been enhanced to both monitor and share configuration information with the BIG-IP Link Controller. The benefits include:
The 3-DNS Controller now supports multiple links to the Internet and network address translations for firewalls. You can designate one or more self IP addresses and translations for the controller itself, as well as for any BIG-IP systems, host servers, or routers that are configured as part or the controller’s network. For details on adding multiple self IP addresses and translations to the server definitions, see the online help for the Self IP screens for each server type.
With this release, all users must migrate to the updated F5 Networks licensing process. For details, contact Support to obtain a registration key for each of your current products.
You can now include routers in the 3-DNS configuration. By adding routers to the 3-DNS configuration, you can load balance traffic over the router's links. Note that if you have any BIG-IP Link Controllers in your network, the 3-DNS Controller recognizes them as routers so that you can manage the links. For details on configuring the new server type, see the online help for Router, in the Configuration utility.
You can now use the Setup utility to configure a remote LDAP or RADIUS authentication server. With this feature, you no longer need to directly edit configuration files to set up your LDAP or RADIUS authentication server.
This release of the 3-DNS Controller also expands the number of user roles that you can assign to user accounts for the purpose of user authorization. In addition to the standard Full Read/Write, Partial Read/Write, and Read-Only access levels, you can now define which user interface an administrator uses to access the 3-DNS Controller (the Configuration utility, the command line interface, or the iControl interface). These user authorization roles are stored in the local LDAP database on the 3-DNS Controller, and are designed to operate in concert with centralized LDAP and RADIUS authentication.
For more information on these security enhancements, review Managing user accounts, in Chapter 6, Administration and Monitoring, in the 3-DNS Reference Guide.
The following issues are resolved in the current release.
CERT Advisory CA-2002-17, Apache Web Server Chunk Handling Vulnerability
The security vulnerability that is outlined in CERT Advisory CA-2002-17, Apache Web Server Chunk Handling Vulnerability, has been fixed.
CERT Advisory CA-2002-18, OpenSSH Vulnerabilities in Challenge Response Handling
The OpenSSH software running on the 3-DNS Controller has been upgraded to version 3.4p1 to address the security vulnerability that is outlined in CERT Advisory CA-2002-18.
CERT Advisory CA-2002-23, Multiple Vulnerabilities In OpenSSL
The security vulnerabilities that are outlined in CERT Advisory CA-2002-23, Multiple Vulnerabilities In OpenSSL, have been fixed.
BSDI security vulnerability (CR16430)
A potential denial of service vulnerability in the C library (libc) of BSDI has been addressed. For information about the vulnerability, see Vulnerability Note VU#808552, Multiple ftpd implementations contain buffer overflows, which is available on the CERT website at http://www.cert.org.
Support for iControl, version 2.1 (CR19847, CR20178)
This release includes support for iControl, version 2.1.
New command argument for 3ndc (CR19886)
You can now monitor 3-DNS resolutions without using tcpdump by using the 3ndc querylog command. For additional information, refer to the 3ndc man page.
Updated big3d agents (CR21360, CR21637)
The big3d agent has been updated. To ensure that the BIG-IP systems, EDGE-FX Caches, and GLOBAL-SITE systems in your network are running the most recent big3d agent, be sure to follow the instructions in the Updating the big3d agent section of this release note.
Configuring GLOBAL-SITE Controllers in the 3-DNS network (CR21409)
You no longer configure the GLOBAL-SITE Controller as a separate server type in the 3-DNS configuration. If you have GLOBAL-SITE Controllers in your network, you now configure them as EDGE-FX systems. Additionally, in most instances, the 3-DNS documentation now refers to both the EDGE-FX Cache and the GLOBAL-SITE Controller as an EDGE-FX system.
Updated version of BIND (CR21639)
The version of BIND running on the 3-DNS Controller has been updated from version 8.2.3 to version 8.3.3.
Manually re-enabling virtual servers when they change status from down to up (CR21894)
Previously, when a virtual server changed status from down to up, the virtual server was immediately available for load balancing. You can now choose to manually re-enable virtual servers for load balancing availability when their status changes from down to up by activating the Manual Resume setting. If you activate the Manual Resume setting, when a virtual server changes status from up to down, the controller also disables the virtual server. When the virtual server’s status changes back to up, you have to re-enable the virtual server before it is actually available for load balancing.
For details on configuring the Manual Resume setting, see the Optional configuration changes section of this release note.
Updating persistence records when the 3dnsd daemon restarts (CR22380)
In situations where the 3dnsd daemon restarts, for example, when you reboot the 3-DNS Controller, the controller now synchronizes any persistent connections with all 3-DNS controllers in the network.
New SNMP OIDs for enable and disable actions (CR22631)
When you enable or disable an object in the 3-DNS configuration, this action now generates an SNMP trap based on new object identifiers (OIDs) in the 3-DNS MIB. You can view the 3-DNS MIB from the home screen of the Configuration utility.
EDNS0 requests from BIND 8.3.3 and BIND 9 name servers (CR22697)
The 3-DNS can now process EDNS0 requests that originate from BIND 8.3.3 and BIND 9 name servers. When the 3-DNS Controller receives an EDNS0 request, the controller embeds the additional EDNS0 record in the DNS response packet.
3-DNS Maintenance menu revisions (CR23262, 23266)
Several options have been removed from the 3-DNS Maintenance menu due to obsolescence. For a list of the removed menu options and the updated procedure for each option, see the 3-DNS Maintenance menu revisions section of this release note.
The following section provides information about both required and optional configuration changes.
The current release has the following required configuration change.
F5 Networks has implemented a new product licensing process. You must obtain a valid registration key from your vendor before you can install the version 4.5 software. You can contact http://tech.f5.com/license/license.html to obtain a valid registration key for the licensing process. To obtain a new license once you have a valid registration key, follow the instructions for Activating the license.
Important: You must complete the authorization and licensing process before you run the configuration utility to configure the unit. If you do not obtain a license before you run the configuration utility, the system may behave in an unexpected manner.
When upgrading to 3-DNS Controller version 4.5 from a previous version, the controller manages the access level assigned to the admin account by retaining the same access level that was assigned to the account prior to the upgrade. Once the upgrade is completed, we recommend that you promote the access level on this account to CLI + Full Read/Write.
By default, the 3-DNS Controller now synchronizes with any Link Controllers in the network, in addition to the 3-DNS Controllers that you have added to the sync group. The following process describes how to turn off automatic synchronization. Note that you must repeat this process on all of the 3-DNS Controllers for which you want to turn automatic synchronization off.
To turn off automatic synchronization using the Configuration utility
To turn off automatic synchronization from the command line
The following process describes how to return a 3-DNS Controller to the previous software version, version 4.2, after you upgrade to version 4.5. The rollback process has four tasks:
The following sections provide instructions for the four tasks. Note that these instructions do not apply to the 3-DNS Controller module running on a BIG-IP system.
To save the current configuration using the Configuration utility
To create a CD of the version 4.2 software
To install the version 4.2 software
To restore the configuration file that you saved, using the Configuration utility
The following table contains the specific menu options that were removed from the 3-DNS Maintenance menu, and the replacement command or process for each.
|Edit BIND Configuration||From the command line, open the named.conf file with a text editor (either vi or pico), and make any required changes. You edit the zone files in the same manner.|
|Edit 3-DNS Configuration||From the command line, open the wideip.conf file with a text editor (either vi or pico), and make any required changes. Commit the changes by typing 3ndc reload.|
|Backup the 3-DNS||Use the following command: bigpipe config save <file name>, where <file name> is the name of the saved configuration file.|
|Restore a 3-DNS from a backup||Use the following command: bigpipe config install <file name>, where <file name> is the name of the saved configuration file that you want to restore.|
|Synchronize Metrics Data||This functionality is obsolete.|
|Edit big3d matrix||This functionality is obsolete.|
|Reconfigure 3-DNS Configuration Utility||Use the (W) Configure web servers option in the Setup utility.|
|Restart 3-DNS Configuration Utility||From the command line, type 3ndc restart.|
|Change/Add Users for 3-DNS Configuration Utility||Modify users and permissions from the System Administration screen in the Configuration utility.|
|Dump 3dnsd Statistics||Use the Statistics screens in the Configuration utility to view statistics.|
|Stop syncd||Obsolete daemon so no longer required|
|Restart syncd||Obsolete daemon so no longer required.|
|Configure connection to NTP time server||Use the (M) Define time servers option in the Setup utility.|
|Configure NameSurfer (TM)||Use the (N) Configure NameSurfer option in the Setup utility.|
Use the following instructions to activate the Manual Resume setting. Note that this setting affects all of the virtual servers in a wide IP.
To activate the Manual Resume setting using the Configuration utility
When you activate the Manual Resume setting on a wide IP, it affects all of the virtual servers in that wide IP’s pools. When a virtual server changes status from up to down, the virtual server remains disabled even after it changes status from down to up. The following instructions describe how to determine whether a virtual server is disabled by the Manual Resume setting, and how to re-enable the virtual server.
To determine how a virtual server is disabled using the Configuration utility
The following instructions describe how to re-enable a virtual server that has been disabled by the Manual Resume setting. Note that you re-enable the virtual server in the context of the pool and wide IP that it belongs to, not in the context of the server that it belongs to.
To re-enable a virtual server that is disabled by the Manual Resume setting using the Configuration utility
The following items are known issues in the current release.
Statistics screens and viewing 3-DNS status (CR9452)
When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens, in the disabled system's Configuration utility, display an inaccurate status (a red ball) for all of the other 3-DNS systems in the same sync group. You can see the correct status of the systems in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group.
Prober statistics and Internet Explorer 5.0 and later (CR10153)
When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later. We recommend using the following procedure to view the Histograms or Metrics.
The browser saves the file, and you can now open the file using Microsoft Excel.
ArrowPoint CS150 and metrics collection (CR10361)
The 3-DNS Controller collects metrics on packets per second and kilobytes per second only for HTTP traffic on the current ArrowPoint CS150 server.
The kilobytes per second rate as displayed for the ArrowPoint CS150 is approximately 16 times smaller than it should be. The total byte count returned from the ArrowPoint MIB is 16 times smaller than the total byte count that was actually handled.
Netscape Navigator and the Network Map (CR11161)
The Network Map does not display large configurations properly when you run Netscape on a UNIX or Linux platform. We recommend that you use a Windows-based browser to view large network configurations with the Network Map.
Network Map and multiple browser sessions (CR11173)
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape Navigator. This error only occurs if the additional browser sessions use Java applets. We recommend that you close any additional browser sessions before viewing the Network Map.
Wide IP production rules (CR11710)
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box. We recommend that you do not configure a production rule with the Date/Time time variable.
Global Availability or Ratio load balancing within a pool (CR13112)
When you create a pool for a new or for an existing wide IP, and you use the Global Availability or Ratio load balancing method, you may experience problems under the following circumstances:
If you want to use the Global Availability or Ratio load balancing method, and you meet the previous criteria, please see the Using Global Availability or Ratio load balancing for pools work-around following this section.
Sync group names in the Configuration utility (CR14955)
In the Configuration utility, you may get an internal server error, and you may not be able to delete the sync group, if you use special characters in the sync group names. To avoid this error, use only alphanumeric, underscore ( _ ), hyphen ( - ) or space characters in the sync group names.
Adding servers using the Configuration utility and the Back button in Internet Explorer (CR15345)
Occasionally, when you add a new server to the 3-DNS configuration using the Configuration utility, and you are using the Configuration utility in a Microsoft® Internet Explorer browser session, you may get an error when you use the Back button to return to a previous screen. The error is benign, and you can click any item in the navigation screen to clear the error.
Opening PDF files from the 3-DNS Controller home screen (CR15901)
Occasionally, when you open any of the PDF files available on the home screen of the Configuration utility, the CPU usage for your work station may spike to 100%. To avoid this problem, right-click the name of the PDF file that you want to open, and choose Save Target As to save the PDF file on your workstation. You can then open the PDF file using Adobe® Acrobat® Reader, version 3.0 and later.
Enabling the IP classifier (CR18264)
If you use the Topology load balancing feature, you must make the following change to the wideip.conf file so the 3-DNS Controller can classify continent and country of origin for local DNS servers.
Note: If you have a sync group configured, you must enable the IP classifier on each member of the sync group.
Using the 3-DNS Controller in bridge mode (CR18873)
You cannot configure the 3-DNS Controller in bridge mode using a remote connection or using the Configuration utility. You must configure bridge mode using a local connection. For details on configuring bridge mode, see the Configuring bridge mode section of this release note.
Special characters in pool names and viewing the Network Map (CR19756)
When you use the colon character ( : ) in a pool name, and then try to view the Network Map, the Network Map does not display. To avoid this error, do not use the colon character in pool names.
The 3dpipe utility and pool names (CR20183)
The 3dpipe utility does not properly parse pool names that contain numbers only.
Denial of service (DOS) attacks and the UDP protocol for iQuery (CR20195)
The 3dnsd daemon may mark the big3d agent (running on the same system) as down, under the following conditions:
When these conditions are met, the 3-DNS Controller cannot properly handle persistent requests until you run the 3ndc restart command from the command line. To avoid this issue, you can use the TCP protocol for iQuery.
Note: This issue does not occur with SYN attacks or PING floods.
CPU usage statistics for EDGE-FX Caches (CR21325)
On the EDGE-FX Cache Statistics screen, in the Configuration utility, the 3-DNS Controller incorrectly reports the CPU usage statistic for the EDGE-FX Cache.
Large configurations and 3dnsd error messages (CR21513)
Occasionally, when you have a large configuration file, you may see the following error message:
ERROR: 3dnsd is running but has not written to the file /var/run/3dnsd.pid
( it may still be loading)
The error is benign.
3-DNS Reference Guide does not include the 3-DNS Configuration File appendix (CR22017)
The data structures for 3-DNS Controller were completely revised and updated for version 4.5. The documentation does not yet reflect these changes, so Appendix A, 3-DNS Configuration File, is not included in the 3-DNS Reference Guide. To view the data structures in the wideip.conf file, click the Conf View button for any object in the Configuration utility.
Time-to-live (TTL) values for resource records (CR22025)
If you set the pool TTL to a value that is different than the wide IP TTL, the dig command displays the wide IP TTL rather than the pool TTL in the answer packet. This occurs only when all the virtual servers in the pool are unavailable. Resource records in the DNS configuration are set with the wide IP TTL instead of the pool TTL. If you change the pool TTL, the TTL for the resource records does not change to the updated TTL. Therefore, when the 3-DNS Controller is unable to load balance a request, and returns the request to DNS, the resource record contains the wide IP TTL rather than the pool TTL.
UDP checksums and TFTP packets (CR22113)
In rare instances, the checksums for TFTP packets are incorrect.
Disabling SNMP and rebooting the controller (CR22762)
When you disable SNMP using the Configuration utility, the utility renames the SNMP configuration file from snmpd.conf to /etc/snmpd.conf.disabled. When you reboot the controller, the bigstart script checks for the snmpd.conf file before trying to start the SNMP daemon. Because the file has been renamed, however, the bigstart script assumes that the file does not exist and generates a new snmp.conf file.
Clean installations of the 3-DNS Controller software and the Default data center (CR23028)
When you install the 3-DNS Controller version 4.5 software, and you do not have a previous configuration file, the controller creates a default data center labeled Default. To move any objects that are in the Default data center to a data center that you create, see Moving objects from the Default data center to a newly-created data center section of this release note. Note that this occurs only on a BIG-IP system with the 3-DNS module.
Renaming a wide IP that has aliases using the Configuration utility and synchronization (CR23224)
When you rename a wide IP, and the wide IP has aliases, the order of the wide IP name and alias may appear in reverse order when you look at the wide IP in the Configuration utility of another controller in the sync group. Note that this error does not affect domain name resolution.
Configuring production rules (CR23327)
In the Configuration utility, when you create a production rule, you cannot use the Description box to add a description of the production rule. If you type text into the Description box, the controller ignores it, and the text is not saved.
Upgrading the software and home screen errors in the Configuration utility (23710)
When you are upgrading a 3-DNS Controller from version 4.2 to version 4.5, you may see the home screen, in the Configuration utility, for a BIG-IP system. This occurs only once: after you upgrade the software and before you upgrade the license file using the new licensing process. Refer to the Activating the license section of this release note for details on upgrading your license file to the new version. Note that this does not affect the 3-DNS Controller module on the BIG-IP system.
Inaccurate titles for graphs on the P95 Billing Estimate statistics screen (CR23770)
When you change the date or time range on the P95 Billing Estimate statistics screen in the Link Statistics, the titles on the graphs do not update to reflect the changes. If you are using Internet Explorer, you can update the titles by holding down the Control key, right-clicking in the screen, and then clicking Refresh. If you are using Netscape Navigator, you can update the titles by holding down the Shift key, right-clicking in the screen, and then clicking Refresh.
Date ranges on the P95 statistics screen (CR23784)
The graphs on the P95 statistics screen do not check for dates in the future. If you enter a date that is past today's current date, you may get inaccurate graphs.
Synchronization and modifying the configuration (CR24081)
If you are updating a configuration using the Configuration utility, and another member of the sync group initiates the synchronization process, you get a notification screen that indicates that you cannot update the configuration. To work around this issue, wait for a minute, click the browser's Back button, and continue updating the configuration. Note that this issue is most likely to occur when you are using multiple browser sessions to update the sync group's configuration. We recommend that you use only one browser session (and controller) to update the sync group's configuration.
Unit ID numbers for a redundant system and the auto-configuration process (Discovery) (CR24734)
The auto-configuration process does not recognize the unit ID numbers for the units in redundant system. The process does, however, properly add the configuration information for both units.
Synchronization and inaccurate virtual server status display (CR24738)
Virtual servers that are in a wide IP that has the manual resume setting enabled may occasionally display the wrong status (for example, disabled when the virtual server is really enabled). Note that this happens only when you have a sync group configured, and each controller in the sync group has synchronization enabled.
The Network Map and viewing wide IP information (CR24750)
In the Network Map, in the Configuration utility, when you highlight a wide IP, the information table displays an IP address for the wide IP. The IP address is not a valid IP address; rather it is a randomly generated number. Note that this error is benign because the 3-DNS Controller no longer associates an IP address with a wide IP.
The Network Map and viewing the enabled/disable status of a virtual server (CR24751)
When you disable a virtual server that is in a wide IP that has manual resume enabled, the information table in the Network Map does not display the correct status for the virtual server. To view the correct status for the virtual server, in the navigation pane, expand the Statistics item, and then click Virtual Servers. The E/D column displays the correct status for the virtual server.
Viewing wide IPs created in the 3-DNS Controller module from the Link Controller module (CR24842)
Wide IPs that you create in the 3-DNS Controller module that contain more than one pool display only the first pool of the wide IP in the Inbound LB screen in the Link Controller module. You may encounter this known issue only when you are running a BIG-IP system with both the 3-DNS Controller module and the Link Controller module.
Turning off automatic synchronization causes the 3dnsd daemon to lose interim persistent LDNS requests (CR24869)
When you turn off automatic synchronization on a 3-DNS Controller, and the 3dnsd daemon on that controller loses network communications with the other 3dnsd daemons in the network, the controller does not synchronize LDNS requests that occurred during the time that the 3dnsd daemon was offline.
Rebooting the controller and mra.config.log.[nn] files in the /var/log directory (CR24922)
When you reboot the 3-DNS Controller, you may see the following file, mra.config.log.[nn] in the /var/log directory. These files and their output are not relevant to the 3-DNS Controller server appliance, and are, therefore, benign. Note that these files are not automatically removed from the /var/log directory. Periodically, you should manually remove them.
Changing the iQuery protocol when you have a sync group configured (CR24927)
In the Configuration utility, on the System - General screen, when you change the iQuery Protocol setting from TCP to UDP, the synchronization process breaks. If you want to change the iQuery protocol from TCP to UDP, you must do so on all of the controllers in the sync group. (Note that the default setting the iQuery protocol is UDP.)
Synchronization and the netiana.inc file (CR24928)
The include geoloc "netIana.inc" directive is not synchronized between the members of a sync group. You must add this include directive on each 3-DNS Controller in your network.
Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.
Cisco CSS series (formerly ArrowPoint) servers and metrics collection
The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.
3-DNS Controllers and CD upgrades
When you rebuild a 3-DNS Controller (or a BIG-IP system) using a CD, the SSH key changes. This breaks the trust relationship between the updated 3-DNS Controller and any devices with which it interacts. As a result, synchronization between the systems in the sync group stops, and you cannot update the big3d agent. You can correct this situation by removing the newer SSH key and synchronizing the updated 3-DNS Controller with other 3-DNS Controllers or BIG-IP systems. Refer to the Resetting the SSH key work-around to reset the SSH key and synchronize the systems in your network.
Solstice SNMP agent and metrics collection
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds. As a result, in the 3-DNS SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value. If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds.
The following sections describe work-arounds for some of the known issues listed in the previous section.
If you want to configure the 3-DNS Controller to run in bridge mode, you need to do so using a local connection to the 3-DNS Controller. First, you create a VLAN group that includes both the internal and external VLANs. Next, you delete the self IP address for the 3-DNS Controller, and re-assign the IP address to the newly-created VLAN group. Finally, you save the configuration. The following instructions detail how to configure bridge mode.
To configure bridge mode
The 3-DNS Controller saves the changes and you can now use the 3-DNS Controller in bridge mode.
The following instructions describe how to move objects from the default data center to a data center that you create.
To move objects from the data center, Default, to a newly-created data center
The following instructions describe how to reset the SSH key for a system that you have upgraded using a CD.
To reset the SSH key for an updated 3-DNS Controller
The following instructions describe how to configure the Global Availability or Ratio load balancing mode within a pool. You need to use these instructions only if you meet the criteria listed in the Using the Global Availability or Ratio load balancing mode within a pool item in the Known Issues section.
To configure Global Availability or Ratio load balancing within a pool in a new wide IP
To configure Global Availability or Ratio load balancing within a pool in an existing wide IP