Applies To:

Show Versions Show Versions

Manual Chapter: Configuring IP Anycast Route Health Injection
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Configuring IP Anycast (Route Health Injection)

You can configure IP Anycast for DNS services on the BIG-IP system to help mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with traffic management. This configuration adds routes to and removes routes from the routing table based on availability. Advertising routes to virtual addresses based on the status of attached listeners is known as Route Health Injection (RHI).

Task summary

Perform these tasks to configure the BIG-IP system for IP Anycast.

Enabling the ZebOS dynamic routing protocol

Before you enable ZebOS dynamic routing on the BIG-IP system:
  • Ensure that the system license includes the Routing Bundle add-on.
  • Ensure that ZebOS is configured correctly. If you need help, refer to the following resources on AskF5:
    • TMOS Management Guide for BIG-IP Systems
    • Configuration Guide for the VIPRION System
    • ZebOS Advanced Routing Suite Configuration Guide
Enable ZebOS protocols to allow the BIG-IP system to dynamically learn routes.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the command prompt, type zebos enable <protocol_type> and press Enter. The system returns an enabled response.
  3. To verify that the ZebOS dynamic routing protocol is enabled, at the command prompt, type zebos check and press Enter. The system returns a list of all enabled protocols.

Creating a custom DNS profile

Create a custom DNS profile based on your network configuration, to specify how you want the BIG-IP system to handle non-wide IP DNS queries.
  1. On the Main tab, click Local Traffic > Profiles > Services > DNS. The DNS profile list screen opens.
  2. Click Create. The New DNS Profile screen opens.
  3. In the Name field, type a name for the profile. Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.
  4. In the Parent Profile list, accept the default dns profile.
  5. Select the Custom check box. The fields in the Settings area become available for revision.
  6. In the Global Traffic Management list, accept the default value Enabled.
  7. From the Unhandled Query Actions list, select how you want the BIG-IP system to handle a query that is not for a wide IP or DNS Express zone.
    Option Description
    Allow The BIG-IP system forwards the connection request to another DNS server or DNS server pool. Note that if a DNS server pool is not associated with a listener and the Use BIND Server on BIG-IP option is set to enabled, connection requests are forwarded to the local BIND server. (Allow is the default value.)
    Drop The BIG-IP system does not respond to the query.
    Reject The BIG-IP system returns the query with the REFUSED return code.
    Hint The BIG-IP system returns the query with a list of root name servers.
    No Error The BIG-IP system returns the query with the NOERROR return code.
  8. From the Use BIND Server on BIG-IP list, select Enabled.
    Note: Enable this setting only when you want the system to forward non-wide IP queries to the local BIND server on BIG-IP GTM.
  9. Click Finished.

Configuring a listener for route advertisement

Ensure that ZebOS dynamic routing is enabled on BIG-IP Global Traffic Manager (GTM).
To allow BIG-IP GTM to advertise the virtual address of a listener to the routers on your network, configure the listener for route advertisement.
  1. On the Main tab, click Global Traffic > Listeners. The Listeners List screen opens.
  2. Click Create. The new Listeners screen opens.
  3. In the Destination field, type the IP address on which BIG-IP GTM listens for network traffic.
    CAUTION:
    The destination cannot be a self IP address on the system, because a listener with the same IP address as a self IP address cannot be advertised.
  4. From the VLAN Traffic list, select one of the following options:
    Option Description
    All VLANs When you want this listener to handle traffic from VLANs within the network segment.
    Note: Use this option if BIG-IP GTM is handling traffic for the destination IP address locally. This option also applies when the system resides on a network segment that does not use VLANs.
    Enabled on When you want this listener to handle traffic from only the VLANs that you move from the Available list to the Selected list.
    Disabled on When you want this listener to exclude the traffic from the VLANs that you move from the Available list to the Selected list.
  5. From the Protocol list, select either UDP or TCP.
  6. From the DNS Profile list, select:
    Option Description
    dns This is the default DNS profile. With the default dns profile, BIG-IP GTM forwards non-wide IP queries to the BIND server on the BIG-IP GTM system itself.
    <custom profile> If you have created a custom DNS profile to handle non-wide IP queries in a way that works for your network configuration, select it.
  7. For Route Advertisement, select the Enabled check box.
  8. Click Finished.
Configure other listeners for route advertisement.

Verifying advertisement of the route

Ensure that ZebOS dynamic routing is enabled on the BIG-IP system.
Run a command to verify that the BIG-IP system is advertising the virtual address.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the command prompt, type zebos cmd sh ip route | grep <listener IP address> and press Enter. An advertised route displays with a code of K and a 32 bit kernel, for example: K 127.0.0.1/32

Implementation result

You now have an implementation in which the BIG-IP system broadcasts virtual IP addresses that you configured for route advertisement.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)