Applies To:

Show Versions Show Versions

Manual Chapter: Setting Up and Configuring the Global Traffic Manager
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

After you install the BIG-IP® Global Traffic Manager, you should run the Setup utility. This utility guides you through licensing the product, assigning an IP address to the management port of the system, and configuring the passwords for your root and administrator accounts. The Setup utility can also assist you in configuring some of the basic settings of the Global Traffic Manager, such as its IP address and the VLAN to which it belongs.
After you finish using the Setup utility, the next step is to configure the network and system settings that apply to the Global Traffic Manager. Because these settings have a variety of applications, they are discussed in a separate guide: the TMOS® Management Guide for BIG-IP® Systems.
F5 Networks recommends that you review this guide to ensure that you configure the basic network and system settings in a way that best fits the needs of your network and your Domain Name System (DNS) traffic. You can access this guide by visiting the F5 Technical Support web site: https://support.F5.com.
Once you have the basic network settings configured, you can work on configuring the Global Traffic Manager itself. Specifically, you complete the following tasks:
Once you complete these tasks, you are ready to work on the configuration tasks that allow your network to get the full benefit of the features of the Global Traffic Manager.
The Global Traffic Manager is designed to manage DNS traffic as it moves from outside the network, to the appropriate resource, and back again. The management capabilities of the system require that it has an accurate definition of the sections of the network over which it has jurisdiction. You must define network elements such as data centers, servers (including BIG-IP systems), and virtual servers in the Global Traffic Manager. Defining these elements is similar to drawing a network diagram; you must include all of the relevant components in such a diagram in order to have an accurate depiction of how the system works as a whole.
When you configure a Global Traffic Manager to communicate with other BIG-IP systems, the IP addresses of the system servers must reside within the default route domain on the BIG-IP system. Otherwise, the Global Traffic Manager cannot communicate with those systems. For more information about configuring route domains, see the TMOS® Management Guide for BIG-IP® Systems.
As part of specifying this network topology, you must configure the Global Traffic Manager itself, as described in Defining the current Global Traffic Manager. You specify the role of the Global Traffic Manager within the network, as well as what interactions it can and cannot have with other network components. Without this configuration, many of the capabilities of the Global Traffic Manager cannot operate effectively. Additionally, if you are defining a Global Traffic Manager redundant system configuration that uses network-based failover, you must manually enable high availability on both Global Traffic Manager systems, as described in Enabling high availability for network-based failover.
Before you define a Global Traffic Manager, you must first specify the data center in which it resides. This step is important because all network components that the system manages must belong to a data center. For more information, see Configuring data centers.
1.
On the Main tab of the navigation pane, expand Global Traffic and click Data Centers.
The main screen for data centers opens.
2.
Click the Create button.
The New Data Center screen opens
3.
Specify settings for the new data center.
For additional assistance with these settings, see the online help.
4.
Click the Finished button.
1.
On the Main tab of the navigation pane, expand Global Traffic and click Servers.
The main screen for servers opens.
2.
Click the Create button.
The New Server screen opens.
3.
In the Name box, type a name that identifies the Global Traffic Manager.
4.
From the Product list, select the appropriate server product.
5.
For BIG-IP System (Single), type the self IP address in the Address box, and then click Add.
For BIG-IP System (Redundant), type the self IP address in the Address box, and then click Add. Then, add the self IP address of the backup system to the Peer Address List, by typing the self IP address in the Address box, and then click Add.
Note: You can add more than one address to any given server, depending on how that server interacts with the rest of your network. However, you must use a self IP address when you define a Global Traffic Manager. You cannot use the management IP address of the system.
6.
From the Data Center list, select a data center to which the Global Traffic manager belongs. For additional information, see Managing data centers.
7.
Configure the remaining server settings.
For additional assistance with these settings, see the online help.
8.
Click the Create button to create the new server.
A redundant system configuration is a set of two Global Traffic Manager systems: one operating as the active unit, the other operating as the standby unit. If the active unit goes offline, the standby unit immediately assumes responsibility for managing DNS traffic. The new active unit remains active until another event occurs that causes the unit to go offline, or until you manually reset the status of each unit.
The Global Traffic Manager supports two methods of checking the status of the peer system in a redundant system configuration:
Hardware-based failover
In a redundant system configuration that has been set up with hardware-based failover, the two units in the system are connected to each other directly using a failover cable attached to the serial ports. The standby unit checks on the status of the active unit once every second using this serial link.
Network-based failover
In a redundant system configuration that has been set up with network-based failover, the two units in the system communicate with each other across an Ethernet network instead of across a dedicated failover serial cable. Using the Ethernet connection, the standby unit checks on the status of the active unit once every second.
In a network-based failover configuration, if a client queries a failed Global Traffic Manager, and does not receive an answer, the client automatically re-issues the request (after five seconds), and the standby unit, functioning as the active unit, responds.
Network-based failover is disabled by default. To enable high availability on both units in the redundant system configuration, use the tmsh command sequence:
Important: If you remove provisioning for a Global Traffic Manager, and you want to re-enable high availability for network-based failover after you re-provision the Global Traffic Manager, you must run the tmsh command sequence again.
For more information about provisioning a Global Traffic Manager, see the TMOS® Management Guide for BIG-IP® Systems. For specific information about using tmsh commands to configure the system, see the Traffic Management Shell (tmsh) Reference Guide.
Before the Global Traffic Manager can operate as an integrated component within your network, you must first establish how it can communicate with other external systems. An external system is any server with which the Global Traffic Manager must exchange information to perform its functions. In general, system communications are established for the purpose of:
When the Global Traffic Manager communicates with other BIG-IP systems, such as Local Traffic Manager systems or Link Controller systems, it uses a proprietary protocol called iQuery® to send and receive information. If the Global Traffic Manager is communicating with another BIG-IP system, it uses the big3d utility to handle the communication traffic. If the Global Traffic Manager is instead communicating with another Global Traffic Manager, it uses a different utility, called gtmd, which is designed for that purpose.
Part of the process when establishing communications between the Global Traffic Manager and other BIG-IP systems is to open port 22 and port 4353 between the two systems. Port 22 allows the Global Traffic Manager to copy the newest version of the big3d utility to existing systems, while iQuery requires the port 4353 for its normal communications.
In order for other BIG-IP systems to communicate with Global Traffic Manager, F5 Networks recommends that you update the big3d utility on older BIG-IP systems by running the big3d_install script from Global Traffic Manager. For more information about running the big3d_install script, see Installing the big3d agent, and SOL8195 on AskF5.com.
Note: The Global Traffic Manager supports web certificate authentication for iQuery communications between itself and other systems running the big3d agent.
Table 3.1 lists the requirements for each communication component between the Global Traffic Manager and other BIG-IP systems.
Port 22, for secure file copying of entities like big3d.
Port 4353, for iQuery communication.
big3d, for Global Traffic Manager to BIG-IP system communication.
When the Global Traffic Manager communicates with third-party systems, whether that system is a load balancing server or a host, it can use SNMP to send and receive information. For details on how the Global Traffic Manager uses SNMP, see the TMOS® Management Guide for BIG-IP® Systems.
Table 3.2 lists the requirements for each communication component between the big3d agent and other external systems.
When you configure the Global Traffic Manager to communicate with external systems, you must complete one or more of the following tasks:
Define the systems in the Global Traffic Manager.
This task applies regardless of whether the system is a BIG-IP system, or a third-party system.
Run the gtm_add utility.
This utility is designed for situations in which you are installing the system in a network that already has one or more Global Traffic Manager systems running.
Run the big3d_install utility.
This utility ensures that the Global Traffic Manager and other BIG-IP systems use the same version of the big3d utility, and establishes that these systems are authorized to exchange information.
Run the bigip_add utility.
If you are certain that the other BIG-IP systems on the network use the same version of the big3d utility as the Global Traffic Manager, you can run the bigip_add utility instead of the big3d_install utility. The bigip_add utility authorizes communications between the Global Traffic Manager and other BIG-IP systems on the network.
As described in Defining the Global Traffic Manager, the Global Traffic Manager needs to have information on the different systems with which it interacts when managing DNS traffic. These systems include other Global Traffic Manager systems, BIG-IP systems, and third-party systems.
When you configure a Global Traffic Manager, you must add these systems into the configuration for the Global Traffic Manager to communicate with these systems. For information about defining these systems, see Managing servers.
If you are integrating a new Global Traffic Manager into a Global Traffic Manager synchronization group on your network, you must run the gtm_add utility on the new device. When you run this utility, you specify the self IP address of an existing Global Traffic Manager in the synchronization group from which you want the new device to acquire configuration files. The utility accesses the specified system and copies its configuration files to the new Global Traffic Manager.
The gtm_add script acquires all configuration files, including SSL certificates. As a result, it is ideal for acquiring SSL certificates for a new Global Traffic Manager.
The utility logs on to the specified Global Traffic Manager and acquires its configuration files, including relevant SSL certificates.
If your network includes existing BIG-IP systems, such as Local Traffic Manager systems, and this is the first Global Traffic Manager you are connecting to the network, you must establish a communication between the new device and the existing systems. If all of the existing BIG-IP systems use the same version of the big3d agent that comes with the new Global Traffic Manager, you run the bigip_add utility. This utility exchanges SSL certificates so that each system is authorized to communicate with each other.
Note: If the existing BIG-IP systems use an older version of the big3d agent than the one that comes with the new Global Traffic Manager you are connecting to the network, you must instead run the big3d_install utility. For more information, see Running the big3d_install utility, following.
bigip_add <IP address of existing BIG-IP systems>
3.
Press the Enter key.
The utility exchanges the appropriate SSL certificates, and authorizes communications between the systems.
If your network includes existing BIG-IP systems, such as Local Traffic Manager systems, which are of an earlier version than the first Global Traffic Manager you are connecting to the network, you must run the big3d_install utility to establish a communication between the new device and the existing systems.
When you run the big3d_install utility, it connects to each existing BIG-IP system, extracts the IP addresses of the devices, and automatically updates the big3d agents on all the devices. If you specify IP addresses when you run the utility, it connects to the system associated with each IP address, and prompts you to supply the appropriate logon information to access that system.
Note: The big3d_install utility modifies the big3d agent that is already present on existing BIG-IP systems.
3.
Press the Enter key.
The utility connects to each existing BIG-IP system, extracts the IP addresses of the devices, exchanges the appropriate SSL certificates, authorizes communications between the systems, and automatically updates the big3d agents on all the devices.
The primary goal of the Global Traffic Manager is to ensure that name resolution requests are sent to the best available resource on the network. Consequently, it is typical for multiple Global Traffic Manager systems to reside in several locations within a network. For example, a standard installation might include a Global Traffic Manager at each data center within an organization.
When an LDNS submits a name resolution request, you cannot control to which Global Traffic Manager the request is sent. As a result, you often want multiple Global Traffic Manager systems to share the same configuration values, and maintain those configurations over time.
In network configurations that contain more than one Global Traffic Manager, synchronization means that each Global Traffic Manager regularly compares the timestamps of its configuration files with the timestamps of configuration files on other Global Traffic Manager systems. If a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests. With synchronization, you can change settings on one system and have that change distributed to all other systems.
You can separate the Global Traffic Manager systems on your network into separate groups, called synchronization groups. A synchronization group is a collection of multiple Global Traffic Manager systems that share and synchronize configuration settings. These groups are identified by a synchronization group name, and only systems that share this name also shares configuration settings. These synchronization groups allow you to customize the synchronization behavior. For example, the Global Traffic Manager systems residing in data centers in Europe might belong to one synchronization group, while the systems in North America belong to another group.
Before you can synchronize Global Traffic Manager systems, you must define the Network Time Protocol (NTP) servers that the Global Traffic Manager references. These servers ensure that each Global Traffic Manager is referencing the same time when verifying timestamps for configuration files.
If you have already used the TMOS® Management Guide for BIG-IP® Systems, you may have already configured a list of NTP servers for the Global Traffic Manager. If you have not yet done so, you can find detailed information on configuring these settings in that guide.
Activating synchronization for the Global Traffic Manager has an immediate effect on its configurations, provided that another Global Traffic Manager is already available on the network. F5 Networks recommends that you activate synchronization only after you have finished configuring one of the systems.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Check the Synchronization box.
4.
Click the Update button to save your changes.
When you synchronize multiple Global Traffic Manager systems, you are instructing each system to share its configuration files with the other systems on the network. These files are synchronized based on their timestamp: if a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests.
By default, the value for the synchronization time tolerance is set to 10 seconds. The minimum value you can set for this value is 5 seconds, while the maximum you can set is 600 seconds. The time tolerance specifies how many seconds of difference there can be between the time settings on the Global Traffic Manager systems in a synchronization group. The lower the value of the Synchronization Time Tolerance setting, the more often the local system makes an entry in the log indicating that there is a difference in the time settings of the systems in the synchronization group.
Note: If you are using NTP to synchronize the time of the Global Traffic Manager with a time server, leave the Synchronization Time Tolerance setting at the default value of 10. In the event that NTP fails, the Global Traffic Manager uses the time_tolerance variable to maintain synchronization.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Check the Synchronization box.
4.
In the Synchronization Time Tolerance box, type the maximum number of seconds that the time setting on one system is allowed to be out of synchronization with the time setting on another system that is in the same synchronization group.
5.
Click the Update button to save your changes.
In the event that you need to deactivate file synchronization, you can do so at any time. Situations in which you want to disable synchronization include updating the data center in which the Global Traffic Manager resides, or when you are testing a new configuration change.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Clear the Synchronization box.
4.
Click the Update button to save your changes.
During synchronization operations, the Global Traffic Manager verifies that it has the latest configuration files available and, if it does not, the Global Traffic Manager downloads the newer files from the appropriate system. You can expand the definition of the configuration files to include the DNS zone files used to respond to name resolution requests by using the Synchronize DNS Zone Files setting. This setting is enabled by default.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Check the Synchronize DNS Zone Files box.
4.
Click the Update button to save your changes.
It is important to note that when a Global Traffic Manager is a member of a synchronization group, the configuration of each Global Traffic Manager in the group automatically synchronizes with the group member that has the newest user configuration set (UCS). Therefore, if you roll back the configuration of a member of the synchronization group to a UCS that contains DNS configuration files that are dated earlier than the same file on another system in the group, the system that you roll back synchronizes with that other system, effectively losing the configuration to which it was rolled back. You can stop the automatic synchronization of the DNS files by clearing the Synchronize DNS Zone Files box on the system before you roll it back to an earlier configuration.
Each Global Traffic Manager that you synchronize must belong to a specific group of systems, called a synchronization group. A synchronization group is a collection of multiple Global Traffic Manager systems that share and synchronize configuration settings. Initially, when you enable synchronization for a Global Traffic Manager, the system belongs to a synchronization group called default. However, you can create new groups at any time to customize the synchronization process, ensuring that only certain sets of Global Traffic Manager systems share configuration values.
To illustrate how synchronization groups work, consider the fictional company, SiteRequest. SiteRequest has decided to add a new data center in Los Angeles. As part of bringing this data center online, SiteRequest has decided that it wants the Global Traffic Manager systems installed in New York and in Los Angeles to share configurations, and the Paris and Tokyo data centers to share configurations. This setup exists because SiteRequests network optimization processes require slightly different settings within the United States than the rest of the world. To accommodate this new network configuration, SiteRequest enables synchronization for the New York and Los Angeles data centers, and assigns them a synchronization group name of United States. The remaining data centers are also synchronized, but with a group name of Rest Of World. As a result, a configuration change at the Paris Global Traffic Manager immediately modifies the Tokyo system, but does not affect the systems in the United States.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
In the Synchronization Group Name box, type a name of either an existing synchronization group, or a new group.
Note: When you change the name of a synchronization group, the new name is synchronized to all systems that belong to that synchronization group.
4.
Click the Update button to save your changes.
A large network may consist of hundreds of virtual servers. Keeping track of these virtual servers can be a time-consuming process itself. The Global Traffic Manager includes a means of simplifying the addition of new virtual servers into a network: auto-discovery. Auto-discovery is a process through which the Global Traffic Manager automatically identifies resources that it manages.
The Global Traffic Manager can discover two types of resources: virtual servers and links. Each resource is discovered on a per-server basis, so you can employ auto-discovery only on the servers you specify.
The auto-discovery feature of the Global Traffic Manager has three modes that control how the system identifies resources. These modes are:
Disabled
In this mode, the Global Traffic Manager does not attempt to discover any resources. Auto-discovery is disabled on the Global Traffic Manager by default.
Enabled
In this mode, the Global Traffic Manager regularly checks the server to discover any new resources. If a previously-discovered resource cannot be found, the Global Traffic Manager deletes it from the system.
Enabled (No Delete)
In this mode, the Global Traffic Manager constantly checks the server to discover any new resources. Unlike the Enabled mode, the Enabled (No Delete) mode does not delete resources, even if the system cannot currently verify their presence.
If you want to use the auto-discovery feature, you must globally enable the feature and configure the frequency at which the system queries for new resources in the general properties screen. When enabled, by default, the system queries servers for new resources every 30 seconds.
Important: You must also enable auto-discovery at both the server and link levels. For information about enabling auto-discovery on virtual servers and links, see Discovering resources automatically, on 5-17.
1.
On the Main tab of the navigation pane, expand System and click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Check the Auto-Discovery check box.
4.
In the Auto-Discovery Request Interval box, type the frequency at which you want the system to attempt to discover new resources.
5.
Click the Update button to save your changes.
As you employ the Global Traffic Manager to load balance DNS traffic across different network resources, you must acquire information on these resources. You acquire this information by applying monitors to each resource. A monitor is a component of the Global Traffic Manager that tests to see if a given resource responds as expected. These tests can range from verifying that a connection to the resource is available, to conducting a database query. The Global Traffic Manager uses the information it gathers from monitors not only to inform you of what resources are available, but to determine which resource is the best candidate to handle incoming DNS requests.
In most cases, you apply specific monitors to resources, depending on the type of resource and its importance. However, the following Global Traffic Manager settings affect all monitors:
Heartbeat Interval
Indicates how often the Global Traffic Manager communicates with other BIG-IP systems on the network.
Maximum Synchronous Monitor Requests
Indicates how many monitors can query a resource at any given time.
Monitor Disabled Objects
Indicates whether monitors continue to check the availability of a resource that you disabled through the Global Traffic Manager.
While monitors supply information you need to ensure that network traffic moves efficiently across the network, they do so at the cost of increasing that network traffic. These settings allow you to control this increase.
In daily operations, the Global Traffic Manager frequently acquires much of its network data from other BIG-IP systems that you employ, such as Local Traffic Manager systems. For example, the Local Traffic Manager system monitors the resources it manages. When the Global Traffic Manager requires this same information for load balancing DNS requests, it can query the Local Traffic Manager, instead of each resource itself. This process ensures that the system efficiently acquires the information it needs.
Because the Global Traffic Manager queries other BIG-IP systems to gather information, you can configure the frequency at which these queries occur, by configuring the Heartbeat Interval setting. Based on the value you specify for this setting, the Global Traffic Manager queries other BIG-IP systems more or less often. F5 Networks recommends the default value of 10 seconds for this setting; however, you can configure this setting to best suit the configuration of your network.
Tip: F5 Networks recommends that, when configuring resource monitors, you ensure that the frequency at which the monitor attempts to query a resource is greater than the value of the Heartbeat Interval setting. Otherwise, the monitor might acquire out-of-date data during a query. For more information about configuring monitors, see Chapter 11, Configuring Monitors.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
In the Heartbeat Interval box, type the frequency at which you want the system to attempt to discover new resources.
4.
Click the Update button to save your changes.
Another aspect of resource monitoring that you want to control is how many monitors can query a resource at any given time. Network resources often serve many different functions at the same time and it is likely you want more than one monitor checking the availability of these resources in different ways. You might monitor a single resource, for example, to verify that the connection to the resource is available, that you can reach a specify HTML page on that resource, and that a database query returns an expected result. If this resource is used in more than one context, you might have many more monitors assigned to it, each one performing an important check to ensure the availability of the resource.
While these monitors are helpful in determining availability, it is equally helpful to control how many monitors can query a resource at any given time. This control ensures that monitor requests are more evenly distributed during a given period of time.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
In the Maximum Synchronous Monitor Requests box, type the number of queries that resources can accept from monitors at any given time.
F5 Networks recommends the default value of 20 requests.
4.
Click the Update button to save your changes.
One of the ways in which a given network resource becomes unavailable during the load balancing of DNS traffic occurs when you manually disable the resource. You might disable a resource because you are upgrading its server, or because you are modifying the resource itself and need to remove it temporarily from service.
You can control whether the Global Traffic Manager monitors these disabled resources. In some network configurations, for example, you might want to continue monitoring these resources when you put them offline.
Note: By default, the Monitor Disabled Objects setting is disabled for the Global Traffic Manager. F5 Networks recommends that you enable it only if you are certain you want the Global Traffic Manager to continue monitoring resources that you have manually disabled.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Check the Monitor Disabled Objects box.
4.
Click the Update button to save your changes.
The Global Traffic Manager handles traffic using DNS and BIND to translate domain names into IP addresses. By configuring the Domain Validation setting, you can specify which domain names the Global Traffic Manager recognizes. You can configure the system so that it accepts all domain names, or you can restrict the use of certain characters in domain names.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
From the Domain Validation list, select how the Global Traffic Manager validates domain names:
None
Specifies that the system does not restrict the use of any characters in domain names.
Strict
Specifies that the system allows only the most narrow interpretation of DNS names; that is, alphanumeric characters and the dash ( - ) character.
Allow Underscores
Specifies that the system follows the Strict validation rules, and also allows the underscore ( _ ) character.
4.
Click the Update button to save your changes.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)