When you install a BIG-IP®
Global Traffic Manager system on the network, the actions you take to integrate it into the network fall into two categories: setup tasks and configuration tasks.
are tasks that apply either to Global Traffic Manager itself, or universally to all other components that you configure later, such as servers, data centers, and wide IPs. Examples of setup tasks include running the Setup utility. This utility guides you through licensing the product, assigning an IP address to the management port of the system, assigning self IP addresses, enabling high-availability, and configuring the passwords for the root and administrator accounts.
are tasks in which you define how you want Global Traffic Manager to manage global traffic, such as load balancing methods, pools and pool members, and iRules®
. These tasks affect specific aspects of how you want the system to manage Domain Name System (DNS) traffic.
Global Traffic Manager is designed to manage DNS traffic as it moves from
outside the network, to the appropriate resource, and back again. The management capabilities of the system require that it has an accurate definition of the sections of the network over which it has jurisdiction. You must define network elements such as data centers, servers (including BIG-IP systems), and virtual servers in Global Traffic Manager. Defining these elements is similar to drawing a network diagram; you include all of the relevant components in such a diagram in order to have an accurate depiction of how the system works as a whole.
As part of specifying this network topology, you configure Global Traffic
Manager itself. You specify the role of Global Traffic Manager within the network, as well as what interactions it can and cannot have with other network components. Without this configuration, many of the capabilities of Global Traffic Manager cannot operate effectively. Additionally, you can define a Global Traffic Manager redundant system configuration for high availability.
A redundant system configuration
is a set of two Global Traffic Manager systems: one operating as the active unit, the other operating as the standby unit. If the active unit goes offline, the standby unit immediately assumes responsibility for managing DNS traffic. The new active unit remains active until another event occurs that causes the unit to go offline, or until you manually reset the status of each unit.
| || |Hardware-based failover
In a redundant system configuration that has been set up with hardware-based failover, the two units in the system are connected to each other directly using a failover cable attached to the serial ports. The standby unit checks the status of the active unit once every second using this serial link.
| || |Network-based failover
In a redundant system configuration that has been set up with network-based failover, the two units in the system communicate with each other across an Ethernet network instead of across a dedicated failover serial cable. Using the Ethernet connection, the standby unit checks the status of the active unit once every second.
In a network-based failover configuration, if a client queries a failed
Global Traffic Manager, and does not receive an answer, the client automatically re-issues the request (after five seconds), and the standby unit, functioning as the active unit, responds.
Note that when you configure a Global Traffic Manager redundant system configuration that uses network-based failover, you must manually enable high availability on both Global Traffic Manager systems.
Before Global Traffic Manager can operate as an integrated component
within your network, you must first establish how it can communicate with other external systems. An external system
is any server with which Global Traffic Manager must exchange information to perform its functions. In general, system communications are established for the purpose of:
When Global Traffic Manager communicates with other BIG-IP systems,
such as Local Traffic Manager systems or Link Controller systems, it uses a proprietary protocol called iQuery®
to send and receive information. If Global Traffic Manager is communicating with another BIG-IP system, it uses the big3d
utility to handle the communication traffic. If Global Traffic Manager is instead communicating with another Global Traffic Manager, it uses a different utility, called gtmd
, which is designed for that purpose.
Part of the process when establishing communications between Global
Traffic Manager and other BIG-IP systems is to open port 22
and port 4353
between the two systems. Port 22
allows Global Traffic Manager to copy the newest version of the big3d
utility to existing systems, while iQuery
requires the port 4353
for its normal communications.
In order for other BIG-IP systems to communicate with Global Traffic
Manager, F5 Networks recommends that you update the big3d
utility on older BIG-IP systems by running the big3d_install
script from Global Traffic Manager. For more information about running the big3d_install
script, see big3d agent installation
, and SOL8195
lists the requirements for each communication component between Global Traffic Manager and other BIG-IP systems.
| || |
| || |Port 22
, for secure file copying of entities like big3d
, for iQuery communication.
| || |big3d
, for Global Traffic Manager to BIG-IP system communication.
| || |When Global Traffic Manager communicates with third-party systems,
whether that system is a load balancing server or a host, it can use SNMP to send and receive information.
lists the requirements for each communication component between the big3d
agent and other external systems.
The primary goal of Global Traffic Manager is to ensure that name
resolution requests are sent to the best available resource on the network. Consequently, it is typical for multiple Global Traffic Manager systems to reside in several locations within a network. For example, a standard installation might include a Global Traffic Manager system at each data center within an organization.
When an LDNS submits a name resolution request, you cannot control to
which Global Traffic Manager the request is sent. As a result, you often want multiple Global Traffic Manager systems to share the same configuration values, and maintain those configurations over time.
In network configurations that contain more than one Global Traffic
means that each Global Traffic Manager regularly compares the timestamps of its configuration files with the timestamps of configuration files on other Global Traffic Manager systems. If Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests. With synchronization, you can change settings on one system and have that change distributed to all other systems.
You can separate the Global Traffic Manager systems on your network into
separate groups, called synchronization groups. A synchronization group
is a collection of multiple Global Traffic Manager systems that share and synchronize configuration settings. These groups are identified by a synchronization group name, and only systems that share this name also shares configuration settings. These synchronization groups allow you to customize the synchronization behavior. For example, Global Traffic Manager systems residing in data centers in Europe might belong to one synchronization group, while the systems in North America belong to another group.
Initially, when you enable synchronization for Global Traffic Manager, the
system belongs to a synchronization group called default
. However, you can create new groups at any time to customize the synchronization process, ensuring that only certain sets of Global Traffic Manager systems share configuration values.
To illustrate how synchronization groups work, consider the fictional
company, SiteRequest. SiteRequest has decided to add a new data center in Los Angeles. As part of bringing this data center online, SiteRequest has decided that it wants the Global Traffic Manager systems installed in New York and in Los Angeles to share configurations, and the Paris and Tokyo data centers to share configurations. This setup exists because SiteRequests network optimization processes require slightly different settings within the United States than the rest of the world. To accommodate this new network configuration, SiteRequest enables synchronization for the New York and Los Angeles data centers, and assigns them a synchronization group name of United States
. The remaining data centers are also synchronized, but with a group name of Rest Of World
. As a result, a configuration change made to the Global Traffic Manager system in Paris automatically modifies the Global Traffic Manager system in Tokyo.
During synchronization operations, Global Traffic Manager verifies that it
has the latest configuration files available and, if it does not, Global Traffic Manager downloads the newer files from the appropriate system. You can expand the definition of the configuration files to include the DNS zone files used to respond to name resolution requests by using the Synchronize DNS Zone Files
setting. This setting is enabled by default.
It is important to note that when Global Traffic Manager is a member of a
synchronization group, the configuration of each Global Traffic Manager in the group automatically synchronizes with the group member that has the newest user configuration set
(UCS). Therefore, if you roll back the configuration of a member of the synchronization group to a UCS that contains DNS configuration files that are dated earlier than the same file on another system in the group, the system that you roll back synchronizes with that other system, effectively losing the configuration to which it was rolled back. You can stop the automatic synchronization of the DNS files by clearing the Synchronize DNS Zone Files
box on the system before you roll it back to an earlier configuration.
As you employ Global Traffic Manager to load balance DNS traffic across
different network resources, you must acquire information on these resources. You acquire this information by applying monitors to each resource. A monitor
is a component of Global Traffic Manager that tests to see if a given resource responds as expected. These tests can range from verifying that a connection to the resource is available, to conducting a database query. Global Traffic Manager uses the information it gathers from monitors not only to inform you of what resources are available, but to determine which resource is the best candidate to handle incoming DNS requests.
In most cases, you apply specific monitors to resources, depending on the
type of resource and its importance. However, the following Global Traffic Manager settings affect all monitors:
| || |Heartbeat Interval
Indicates how often Global Traffic Manager communicates with other BIG-IP systems on the network.
| || |Monitor Disabled Objects
Indicates whether monitors continue to check the availability of a resource that you disabled through Global Traffic Manager.
While monitors supply information you need to ensure that network traffic
moves efficiently across the network, they do so at the cost of increasing that network traffic. These settings allow you to control this increase.
In daily operations, Global Traffic Manager frequently acquires much of its
network data from other BIG-IP systems that you employ, such as Local Traffic Manager systems. For example, the Local Traffic Manager system monitors the resources it manages. When Global Traffic Manager requires this same information for load balancing DNS requests, it can query Local Traffic Manager, instead of each resource itself. This process ensures that the system efficiently acquires the information it needs.
Because Global Traffic Manager queries other BIG-IP systems to gather
information, you can configure the frequency at which these queries occur, by configuring the Heartbeat Interval
setting. Based on the value you specify for this setting, Global Traffic Manager queries other BIG-IP systems more or less often. F5 Networks recommends the default value of 10
seconds for this setting; however, you can configure this setting to best suit the configuration of your network.
Another aspect of resource monitoring that you want to control is how many
monitors can query a resource at any given time. Network resources often serve many different functions at the same time and it is likely you want more than one monitor checking the availability of these resources in different ways. You might monitor a single resource, for example, to verify that the connection to the resource is available, that you can reach a specify HTML page on that resource, and that a database query returns an expected result. If this resource is used in more than one context, you might have many more monitors assigned to it, each one performing an important check to ensure the availability of the resource.
While these monitors are helpful in determining availability, it is equally
helpful to control how many monitors can query a resource at any given time. This control ensures that monitor requests are more evenly distributed during a given period of time.
One of the ways a given network resource can become unavailable during
the load balancing of DNS traffic is when you manually disable the resource. You might disable a resource because you are upgrading the server on which it resides, or because you are modifying the resource itself and need to remove it temporarily from service.
You can control whether Global Traffic Manager monitors these disabled
resources. In some network configurations, for example, you might want to continue monitoring these resources when you put them offline.
Note: By default, the Monitor Disabled Objects
setting is disabled for Global Traffic Manager. F5 Networks recommends that you enable it only if you are certain you want Global Traffic Manager to continue monitoring resources that you have manually disabled.
Global Traffic Manager handles traffic using DNS and BIND to translate
domain names into IP addresses. By configuring the Domain Validation
setting, you can specify which domain names Global Traffic Manager recognizes. You can configure the system so that it accepts all domain names, or you can restrict the use of certain characters in domain names.