Applies To:

Show Versions Show Versions

Manual Chapter: Setting up the Global Traffic Manager
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

When you install a Global Traffic Manager on the network, the actions you take to integrate it into the network fall into two categories: setup tasks and configuration tasks. Setup tasks are tasks in which you create or modify settings that apply to the Global Traffic Manager itself, or that apply universally to all other configuration components, such as server, data centers, or wide IPs, that you create later. Examples of setup tasks include running the Setup Utility, assigning self IP address, and enabling high-availability functions. Configuration tasks are tasks in which you define a specific aspect of the Global Traffic Manager, such as load balancing methods, pools and pool members, or iRules. These configuration tasks, while important, only affect specific aspects of how you manage DNS traffic with the Global Traffic Manager.
If you have just installed the Global Traffic Manager, the first setup task you should complete is running the Setup Utility. This utility guides you through licensing the product, assigning an IP address to the management port of the system, and configuring the passwords for your root and administrator accounts. The Setup Utility can also assist you in configuring some of the basic settings of the Global Traffic Manager, such as its IP address and the VLAN to which it belongs.
After you finish using the Setup Utility, the next step is to configure the network and system settings that apply to the Global Traffic Manager. These settings form the basis of a BIG-IP system configuration, and are configured in a similar fashion for all BIG-IP products, including the Local Traffic Manager, the Global Traffic Manager, and the Link Controller systems. Because these settings have a variety of applications, they are discussed in a separate guide: the BIG-IP® Network and System Management Guide. We highly recommend that you review this guide to ensure that you configure the basic network and system settings for the Global Traffic Manager in a way that best fits the needs of your network and your DNS traffic.
Note: You can access the BIG-IP® Network and System Management Guide by visiting the AskF5SM web site: tech.F5.com.
Once you have the basic network settings configured, you can work on setting up the Global Traffic Manager itself. The setup tasks associated with the Global Traffic Manager include:
Once you complete these tasks, you are ready to work on the configuration tasks that allow your network to get the full benefit of the features of the Global Traffic Manager. We recommend you review Chapter 3, Reviewing Global Traffic Manager Components, which provides an overview of these configuration tasks and includes links to other sections of this guide that provide more detailed information.
The Global Traffic Manager is designed to manage DNS traffic as it moves from outside the network to the appropriate resource and back again. The management capabilities of the system require that it have an accurate configuration of the sections of the network over which it has jurisdiction. This configuration requires that you define network elements such as servers, other BIG-IP systems, virtual servers, and data centers, within the Global Traffic Managers configuration. Consider defining these elements as similar to drawing a network diagram; you must include all of the relevant components in such a diagram in order to have an accurate depiction of how the system works as a whole.
As part of defining this network topology, you must define the Global Traffic Manager itself. This definition configures the Global Traffic Manager with its role within the network, as well as what interactions it can and cannot have with other network components. Without this configuration, many of the capabilities of the Global Traffic Manager cannot operate effectively.
When you define the Global Traffic Manager, you must first define the data center in which the Global Traffic Manager resides. This step is important because all network components that the system manages must belong to a data center. Data centers are described in greater detail in Managing data centers.
1.
On the Main tab of the navigation pane, expand Global Traffic and click Data Centers.
2.
Click the Create button.
4.
Click the Finished button.
1.
On the Main tab of the navigation pane, expand Global Traffic and click Servers.
2.
Click the Create button.
3.
In the Name box, type a name that identifies the Global Traffic Manager.
4.
From the Product list, select the appropriate server product.
Global Traffic Managers, Local Traffic Managers, and Link Controllers all are part of the BIG-IP product family. Any time you add one of these systems as a server, you can select one of two server products from the Product list:
5.
For Address List, add the IP address of the server.
To add the IP address, type the address in the Address box, and then click Add. You can add more than one address to any given server, depending on how that server interacts with the rest of your network. For example, if the current Global Traffic Manager is part of a redundant system, you would add the IP addresses of the primary and backup systems.
6.
From the Data Center list, select a data center to which the Global Traffic Manager belongs.
8.
Click the Create button to create the new server.
Before the Global Traffic Manager can operate as an integrated component within your network, you must first establish how it can communicate with other external systems. An external system is any server with which the Global Traffic Manager must exchange information to perform its functions. In general, establishing system communications consists of two categories:
When the Global Traffic Manager communicates with other BIG-IP systems, such as Local Traffic Managers or Link Controllers, it uses a proprietary protocol called iQuery to send and receive information. If the Global Traffic Manager is communicating with a BIG-IP system, it uses a software utility called big3d to handle the information traffic. If the Global Traffic Manager is instead communicating with another Global Traffic Manager, it uses a different utility, called gtmd, which is designed for that purpose.
In order to communicate with the Global Traffic Manager, all BIG-IP products must have the same version of the big3d utility. Consequently, part of the process when establishing communications between the Global Traffic Manager and other BIG-IP products is to open port 22 and port 4353 between the two systems. Port 22 allows the Global Traffic Manager to copy the newest version of the big3d utility to existing systems, while iQuery requires the port 4353 for its normal communications.
Table 2.1 lists the requirements for each communication component between the Global Traffic Manager and other BIG-IP systems.
Port 22, for secure file copying of entities like big3d.
Port 4353, for iQuery communication.
big3d, for Global Traffic Manager to BIG-IP system communication.
When the Global Traffic Manager communicates with third-party systems, whether that system is a load balancing server or a host, it can use SNMP to send and receive information. For details on how the Global Traffic Manager uses SNMP, see the BIG-IP® Network and System Management Guide.
Table 2.2 lists the requirements for each communication component between the big3d agent and other external systems.
When you set up the Global Traffic Manager to communicate with external systems, you must complete one or more of the following tasks:
Define the systems in the Global Traffic Manager. This task applies regardless of whether the system is a BIG-IP system, or a third-party system.
Run the gtm_add utility. This utility is designed for situations in which you are installing the system in a network that already has one or more Global Traffic Managers running.
Run the big3d_install utility. This utility ensures that the Global Traffic Manager and other BIG-IP systems use the same version of the big3d utility, and establishes that these systems are authorized to exchange information.
Run the bigip_add utility. If you are certain that the other BIG-IP systems on the network use the same version of the big3d utility as the Global Traffic Manager, you can run the bigip_add utility instead of the big3d_install utility. The bigip_add utility authorizes communications between the Global Traffic Manager and other BIG-IP systems on the network.
As described in Defining the Global Traffic Manager, the Global Traffic Manager needs to have information on the different systems with which it interacts when managing DNS traffic. These systems include other Global Traffic Managers, BIG-IP systems, and third-party systems.
The steps you follow to define these systems are described in Managing servers. When you set up your Global Traffic Manager, you must add these systems into the configuration for the Global Traffic Manager to communicate with these systems.
If you are integrating multiple Global Traffic Managers within your network, you need to use the gtm_add script. This script accomplishes a single task: it acquires configuration files from another Global Traffic Manager on your network.
The gtm_add script is very important, especially if you want the Global Traffic Manager to be part of an existing synchronization group. As described in Configuring synchronization settings, synchronization works by having each Global Traffic Manager check to ensure that it has the latest configuration files and, if not, to acquire the latest files. This has a potential drawback when you install a new Global Traffic Manager into your network, because the new system has the most recent files (based on the timestamps) but has yet to be configured. As a result, there is a risk that the unconfigured files of the new Global Traffic Manager could override the configurations of your existing Global Traffic Managers.
The gtm_add script circumvents this issue. With this script, you specify the IP address of an existing Global Traffic Manager. The script then access that system and copies its configuration files to the new Global Traffic Manager. The new system can then be incorporated into the synchronization group without adversely affecting it.
The gtm_add script acquires all configuration files, including SSL certificates. As a result, it is ideal for acquiring SSL certificates for a new Global Traffic Manager.
The script logs in to the specified Global Traffic Manager and acquires its configuration files, including relevant SSL certificates. You can then add the Global Traffic Manager to the appropriate synchronization group.
If your network includes existing BIG-IP systems, such as Local Traffic Managers, and this is the first Global Traffic Manager you are connecting to the network, you must run the big3d_install utility. This utility upgrades the big3d agents on the BIG-IP systems and instructs these systems to authenticate with the other systems through the exchange of SSL certificates. You can accomplish both of these tasks through the big3d_install script. This script is included with the Global Traffic Manager.
This script instructs the Global Traffic Manager to connect to each BIG-IP system that you specified by IP address. As it connects to each system, it prompts you to supply the appropriate login information to access that system.
The big3d agent on each system is upgraded to the same version as installed on the Global Traffic Manager.
If this is the first Global Traffic Manager that you have installed on the network, and you know that the existing BIG-IP systems use the same version of the big3d agent, you can use the bigip_add utility. This script exchanges SSL certificates so that each system is authorized to communicate with each other. Unlike the big3d_install utility, the bigip_add utility does not modify the big3d agent already present on existing BIG-IP systems.
The primary goal of the Global Traffic Manager is to ensure that name resolution requests are sent to the best available resource on the network. Consequently, it is typical for multiple Global Traffic Manager systems to reside in several locations within a network. For example, a standard installation might include a Global Traffic Manager at each data center within an organization.
When a Local Domain Name Server (LDNS) submits a name resolution request, you cannot control to which Global Traffic Manager the request is sent. As a result, you will often want multiple Global Traffic Manager systems to share the same configuration values, and maintain those configurations over time. This process is called synchronization.
In network configurations that contain more than one Global Traffic Manager, synchronization means that each Global Traffic Manager regularly compares the timestamps of its configuration files with the timestamps of configuration files on other Global Traffic Manager systems. If a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests. With synchronization, you can change settings on one system and have that change distributed to all other systems.
You can separate the Global Traffic Managers on your network into separate groups, called synchronization groups. A synchronization group is a collection of multiple Global Traffic Manager systems that share and synchronize configuration settings. These groups are identified by a synchronization group name, and only systems that share this name also shares configuration settings. These synchronization groups allow you to customize the synchronization behavior. For example, the Global Traffic Manager systems residing in data centers in Europe might belong to one synchronization group, while the systems in North America belong to another group.
The following sections provide additional information on synchronization and the Global Traffic Manager, and specifically covers the following topics:
Before you can synchronize Global Traffic Manager systems, you must define the Network Time Protocol (NTP) servers that the Global Traffic Manager references. These servers ensure that each Global Traffic Manager is referencing the same time when verifying timestamps for configuration files.
If you have already read through the BIG-IP® Network and System Management Guide, you may have already configured a list of NTP servers for the Global Traffic Manager. If you have not yet done so, you can find detailed information on configuring these settings in the BIG-IP® Network and System Management Guide.
Activating synchronization for the Global Traffic Manager has an immediate affect on its configurations, provided that another Global Traffic Manager is already available on the network. We recommend that you activate synchronization after you have finished configuring one of the systems.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
Check the Synchronization check box.
4.
Click the Update button to save your changes.
When you opt to synchronize multiple Global Traffic Manager systems, you are instructing each system to share its configuration files with the other systems on the network. These files are synchronized based on their timestamp: if a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests.
You can control the synchronization by defining the maximum age difference between two sets of configuration files. This value is referred to as synchronization time tolerance.
By default, the value for the synchronization time tolerance is set to 10 seconds. The minimum value you can set for this value is 5 seconds, while the maximum you can set is 600 seconds.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
In the Synchronization Time Tolerance box, type the maximum age difference, in seconds, between two sets of configuration files.
4.
Click the Update button to save your changes.
In the event that you need to deactivate file synchronization, you can do so at any time. Situations in which you want to disable synchronization include updating the data center in which the Global Traffic Manager resides, or when you are testing a new configuration change.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
Clear the Synchronization check box.
4.
Click the Update button to save your changes.
During synchronization operations, the Global Traffic Manager verifies that it has the latest configuration files available and, if it does not, the Global Traffic Manager downloads the newer files from the appropriate system. You can expand the definition of the configuration files to include the DNS zone files used to respond to name resolution requests by using the Synchronize DNS Zone Files option. This option is enabled by default.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
Check the Synchronize DNS Zone Files check box.
4.
Click the Update button to save your changes.
Each Global Traffic Manager that you synchronize must belong to a specific group of systems, called a synchronization group. A synchronization group is a collection of multiple Global Traffic Manager systems that share and synchronize configuration settings. Initially, when you enable synchronization for a Global Traffic Manager, the system belongs to a synchronization group called default. However, you can create new groups at any time. This process allows you to customize the synchronization process, ensuring that only certain sets of Global Traffic Manager systems share configuration values.
To illustrate how synchronization groups work, consider the fictional company, SiteRequest. SiteRequest has decided to add a new data center in Los Angeles. As part of bringing this data center online, SiteRequest has decided that it wants the Global Traffic Manager systems installed in New York and in Los Angeles to share configurations, and the Paris and Tokyo data centers to share configurations. This setup exists because SiteRequests network optimization processes require slightly different settings within the United States than the rest of the world. To accommodate this new network configuration, SiteRequest enables synchronization for the New York and Los Angeles data centers, and assigns them a synchronization group name of United States. The remaining data centers are also synchronized, but with a group name of Rest Of World. As a result, a configuration change at the Paris Global Traffic Manager immediately modifies the Tokyo system, but does not affect the systems in the United States.
Note: When you change the name of a synchronization group, the new name is synchronized to all systems that belong to that synchronization group.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
In the Synchronization Group Name box, type a name of either an existing synchronization group, or a new group.
4.
Click the Update button to save your changes.
A large network might consist of hundreds of virtual servers. Keeping track of these virtual servers can be a time-consuming process itself. The Global Traffic Manager includes a means of simplifying the addition of new virtual servers into a network: auto-discovery. Auto-discovery is a process through which the Global Traffic Manager identifies a resource automatically so you can manage it.
The Global Traffic Manager can discover two types of resources: virtual servers and links. Each resource is discovered on a per-server basis, so you can employ auto-discovery only on the servers you specify.
The auto-discovery feature of the Global Traffic Manager has four modes that control how the system identifies resources. These modes are:
Disabled. In this mode, the Global Traffic Manager does not attempt to discover any resources.
Enabled. In this mode, the Global Traffic Manager regularly checks the server to discover any new resources. If a previously-discovered resource cannot be found, the Global Traffic Manager deletes it from the system.
Enabled (No Delete). In this mode, the Global Traffic Manager constantly checks the server to discover any new resources. Unlike the Enabled mode, the Enabled (No Delete) mode does not delete resources, even if the system cannot currently verify their presence.
One Time Discovery. In this mode, the Global Traffic Manager checks once for any new resources. This mode is useful during the initial configuration and setup of the Global Traffic Manager.
If you choose to enable auto-discovery, you can employ it to discover the virtual servers or links that reside on a particular server. For more information, please see Discovering resources automatically.
Before you can use the Global Traffic Manager to discover virtual servers or links, you must enable auto-discovery on the system itself. If you do not enable auto-discovery, the Global Traffic Manager does not discover new resources, even you enable discovery on the server level. Auto-discovery is enabled by default for the Global Traffic Manager.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
Check the Auto-Discovery check box.
4.
Click the Update button to save your changes.
Two discovery modes, Enabled and Enabled (No Delete), instruct the Global Traffic Manager to continually monitor servers for new resources. You configure the frequency at which the system queries for new resources in the general properties screen. By default, the system queries servers for new resources every 30 seconds.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
In the Auto-Discovery Request Interval box, type the frequency at which you want the system to attempt to discover new resources.
4.
Click the Update button to save your changes.
As you employ the Global Traffic Manager to load balance DNS traffic across different network resources, you must acquire information on these resources. You acquire this information by applying monitors to each resource. A monitor is a component of the Global Traffic Manager that tests to see if a given resource responds as expected. These tests can range from verifying that a connection to the resource is available, to conducting a database query. The Global Traffic Manager uses the information it gathers from monitors not only to inform you of what resources are available, but to determine which resource is the best candidate to handle incoming DNS requests.
In most cases, you apply specific monitors to resources, depending on the type of resource and its importance. However, there are a few settings within the Global Traffic Manager that affect all monitors:
Assign a heartbeat interval, which controls how often the Global Traffic Manager communicates with other BIG-IP systems on the network
Specify whether monitors continue to check the availability of a resource that you have disabled through the Global Traffic Manager
While monitors supply information you need to ensure that network traffic moves efficiently across the network, they do so at the cost of increasing that network traffic. These settings allow you to control this increase.
In daily operations, the Global Traffic Manager frequently acquires much of its network data from other BIG-IP systems that you employ, such as Local Traffic Managers. For example, the Local Traffic Manager systems monitors the resources it manages. When the Global Traffic Manager requires this same information for load balancing DNS requests, it can query the Local Traffic Manager, instead of each resource itself. This process ensures that the system has the information it needs efficiently.
Because the Global Traffic Manager queries other BIG-IP systems to gather information, you can configure the frequency at which these queries occur. You control this frequency by configuring the heartbeat interval. Based on the value you specify for this setting, the Global Traffic Manager queries other BIG-IP systems more or less often. We recommend the default value of 10 seconds for this setting; however, you can configure this setting to best suit the configuration of your network.
Configuring the heartbeat interval is important when setting up the Global Traffic Manager, as it affects the data a given monitor acquires. We recommend that, when configuring resource monitors, you ensure that the frequency at which the monitor attempts to query a resource is greater than the heartbeat interval monitor. Otherwise, the monitor might acquire out-of-date data during a query.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
In the Heartbeat Interval box, type the frequency at which you want the system to attempt to discover new resources.
4.
Click the Update button to save your changes.
Another aspect of resource monitoring that you want to control is how many monitors can query a resource at any given time. Network resources often serve many different functions at the same time and it is likely you want more than one monitor checking the availability of these resources in different ways. You might monitor a single resource, for example, to verify that the connection to the resource is available, that you can reach a specify HTML page on that resource, and that a database query returns an expected result. If this resource is used in more than one context, you might have many more monitors assigned to it, each one performing an important check to ensure the availability of the resource.
While these monitors are helpful in determining availability, it is equally helpful to control how many monitors can query a resource at any given time. This control ensures that monitor requests are more evenly distributed during a given period of time.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
In the Maximum Synchronous Monitor Requests box, type the number of queries that resources can accept from monitors at any given time.
4.
Click the Update button to save your changes.
One of the ways in which a given network resource becomes unavailable during the load balancing of DNS traffic occurs when you manually disable the resource. You might disable a resource because you are upgrading its server, or because you are modifying the resource itself and need to remove it temporarily from service.
You can control whether the Global Traffic Manager monitors these disabled resources. In some network configurations, for example, you might want to continue monitoring these resources when you put them offline; in other configurations, this action might be unnecessary.
1.
On the Main tab of the navigation pane, expand System and then click General Properties.
3.
Check the Monitor Disabled Objects check box.
4.
Click the Update button to save your changes.
Note: By default, this option is disabled in Global Traffic Manager. We recommend you enable it only if you are certain you want the system to continue monitoring resources that you have manually disabled.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)