Applies To:

Show Versions Show Versions

Manual Chapter: Setting up the Global Traffic Manager
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

When you install a Global Traffic Manager system on the network, the actions you take to integrate it into the network fall into two categories: setup tasks and configuration tasks. Setup tasks are tasks in which you create or modify settings that apply to the Global Traffic Manager itself, or that apply universally to all other configuration components, such as servers, data centers, or wide IPs that you create later. Examples of setup tasks include running the Setup Utility, assigning self IP address, and enabling high-availability functions. Configuration tasks are tasks in which you define a specific aspect of the Global Traffic Manager, such as load balancing methods, pools and pool members, or iRules®. These configuration tasks, while important, only affect specific aspects of how you manage DNS traffic with the Global Traffic Manager.
If you have just installed the Global Traffic Manager, the first setup task you should complete is running the Setup utility. This utility guides you through licensing the product, assigning an IP address to the management port of the system, and configuring the passwords for your root and administrator accounts. The Setup utility can also assist you in configuring some of the basic settings of the Global Traffic Manager, such as its IP address and the VLAN to which it belongs.
After you finish using the Setup utility, the next step is to configure the network and system settings that apply to the Global Traffic Manager. Because these settings have a variety of applications, they are discussed in a separate guide: the TMOS® Management Guide for BIG-IP® Systems. F5 Networks recommends that you review this guide to ensure that you configure the basic network and system settings for the Global Traffic Manager in a way that best fits the needs of your network and your DNS traffic. You can access this guide by visiting the F5 Technical Support web site: https://support.F5.com.
Once you have the basic network settings configured, you can work on setting up the Global Traffic Manager itself. The setup tasks associated with the Global Traffic Manager include:
Once you complete these tasks, you are ready to work on the configuration tasks that allow your network to get the full benefit of the features of the Global Traffic Manager. F5 Networks recommends that you review Chapter 3, Reviewing Global Traffic Manager Components, which provides an overview of these configuration tasks and includes links to other sections of this guide that provide more detailed information.
The Global Traffic Manager is designed to manage DNS traffic as it moves from outside the network to the appropriate resource and back again. The management capabilities of the system require that it has an accurate definition of the sections of the network over which it has jurisdiction. This requires that you define network elements such as servers, other BIG-IP systems, virtual servers, and data centers, within the Global Traffic Managers configuration. Consider defining these elements as similar to drawing a network diagram; you must include all of the relevant components in such a diagram in order to have an accurate depiction of how the system works as a whole.
When you set up a Global Traffic Manager to communicate with other BIG-IP systems, the IP addresses of the system servers must reside within the default route domain on the BIG-IP system. Otherwise, the Global Traffic Manager cannot communicate with those systems. For more information about configuring route domains, see the TMOS® Management Guide for BIG-IP® Systems.
As part of defining this network topology, you must define the Global Traffic Manager itself. This definition includes the role of the Global Traffic Manager within the network, as well as what interactions it can and cannot have with other network components. Without this configuration, many of the capabilities of the Global Traffic Manager cannot operate effectively. Additionally, if you are defining a Global Traffic Manager redundant system that uses network-based failover, you must manually enable high availability on both Global Traffic Managers, as described in Enabling high availability for network-based failover.
Before you define a Global Traffic Manager, you must first specify the data center in which the Global Traffic Manager resides. This step is important because all network components that the system manages must belong to a data center. Data centers are described in greater detail in Managing data centers.
1.
On the Main tab of the navigation pane, expand Global Traffic and click Data Centers.
The main screen for data centers opens.
2.
Click the Create button.
The New Data Center screen opens.
3.
Add the new data center settings.
For additional assistance with these settings, see the online help.
4.
Click the Finished button.
1.
On the Main tab of the navigation pane, expand Global Traffic and click Servers.
The main screen for servers opens.
2.
Click the Create button.
The New Server screen opens.
3.
In the Name box, type a name that identifies the Global Traffic Manager.
4.
From the Product list, select the appropriate server product.
5.
Add IP addresses to the Address List.
You can add more than one address to any given server, depending on how that server interacts with the rest of your network. However, you must use a self IP address when you define a Global Traffic Manager. You cannot use the management IP address of the system.
For BIG-IP System (Single), type the self IP address in the Address box, and then click Add.
For BIG-IP System (Redundant Pair), type the self IP address in the Address box, and then click Add. Then, add the self IP address of the backup system to the Peer Address List, by typing the self IP address in the Address box, and then click Add.
6.
From the Data Center list, select a data center to which the Global Traffic Manager belongs.
7.
Configure the remaining server settings.
For additional assistance with these settings, see the online help.
8.
Click the Create button to create the new server.
To configure a Global Traffic Manager redundant system using network-based failover, you must manually enable high availability on both Global Traffic Managers in the pair. You enable network-based failover using the tmsh command sequence:
For specific information about using tmsh commands to configure the system, see the Traffic Management Shell (tmsh) Reference Guide.
Additionally, if you remove provisioning for a Global Traffic Manager, and you want to re-enable high availability for network-based failover after you re-provision the Global Traffic Manager, you must run the tmsh command sequence again. For more information about provisioning a BIG-IP system, see the TMOS® Management Guide for BIG-IP® Systems.
Before the Global Traffic Manager can operate as an integrated component within your network, you must first establish how it can communicate with other external systems. An external system is any server with which the Global Traffic Manager must exchange information to perform its functions. In general, establishing system communications consists of two categories:
When the Global Traffic Manager communicates with other BIG-IP systems, such as Local Traffic Managers or Link Controller systems, it uses a proprietary protocol called iQuery® to send and receive information. If the Global Traffic Manager is communicating with a BIG-IP system, it uses a software utility called big3d to handle the information traffic. If the Global Traffic Manager is instead communicating with another Global Traffic Manager, it uses a different utility, called gtmd, which is designed for that purpose.
Part of the process when establishing communications between the Global Traffic Manager and other BIG-IP systems is to open port 22 and port 4353 between the two systems. Port 22 allows the Global Traffic Manager to copy the newest version of the big3d utility to existing systems, while iQuery requires the port 4353 for its normal communications.
In order for other BIG-IP systems to communicate with the Global Traffic Manager, F5 Networks recommends that you update the big3d utility on older BIG-IP systems by running the big3d_install script from the Global Traffic Manager. For more information about running the big3d_install script, see Installing the big3d agent, and SOL8195 on AskF5.com.
Table 2.1 lists the requirements for each communication component between the Global Traffic Manager and other BIG-IP systems.
Port 22, for secure file copying of entities like big3d.
Port 4353, for iQuery communication.
big3d, for Global Traffic Manager to BIG-IP system communication.
When the Global Traffic Manager communicates with third-party systems, whether that system is a load balancing server or a host, it can use SNMP to send and receive information. For details on how the Global Traffic Manager uses SNMP, see the TMOS® Management Guide for BIG-IP® Systems.
Table 2.2 lists the requirements for each communication component between the big3d agent and other external systems.
When you set up the Global Traffic Manager to communicate with external systems, you must complete one or more of the following tasks:
Define the systems in the Global Traffic Manager.
This task applies regardless of whether the system is a BIG-IP system, or a third-party system.
Run the gtm_add utility.
This utility is designed for situations in which you are installing the system in a network that already has one or more Global Traffic Managers running.
Run the big3d_install utility.
This utility ensures that the Global Traffic Manager and other BIG-IP systems use the same version of the big3d utility, and establishes that these systems are authorized to exchange information.
Run the bigip_add utility.
If you are certain that the other BIG-IP systems on the network use the same version of the big3d utility as the Global Traffic Manager, you can run the bigip_add utility instead of the big3d_install utility. The bigip_add utility authorizes communications between the Global Traffic Manager and other BIG-IP systems on the network.
As described in Defining the Global Traffic Manager, the Global Traffic Manager needs to have information on the different systems with which it interacts when managing DNS traffic. These systems include other Global Traffic Managers, BIG-IP systems, and third-party systems.
The steps you follow to define these systems are described in Managing servers. When you set up a Global Traffic Manager, you must add these systems into the configuration for the Global Traffic Manager to communicate with these systems.
If you are integrating a new Global Traffic Manager into a Global Traffic Manager synchronization group on your network, you must run the gtm_add utility on the new device. When you run this utility, you specify the self IP address of an existing Global Traffic Manager in the synchronization group from which you want the new device to acquire configuration files. The utility accesses the specified system and copies its configuration files to the new Global Traffic Manager.
The gtm_add script acquires all configuration files, including SSL certificates. As a result, it is ideal for acquiring SSL certificates for a new Global Traffic Manager.
The utility logs on to the specified Global Traffic Manager and acquires its configuration files, including relevant SSL certificates.
If your network includes existing BIG-IP systems, such as Local Traffic Managers, and this is the first Global Traffic Manager you are connecting to the network, you must establish a communication between the new device and the existing systems. If all of the existing BIG-IP systems use the same version of the big3d agent that comes with the new Global Traffic Manager, you run the bigip_add utility. This utility exchanges SSL certificates so that each system is authorized to communicate with each other.
Note: If the existing BIG-IP systems use an older version of the big3d agent than the one that comes with the new Global Traffic Manager you are connecting to the network, you must instead run the big3d_install utility. For more information, see Running the big3d_install utility, following.
bigip_add <IP address of existing BIG-IP systems>
The utility exchanges the appropriate SSL certificates, and authorizes communications between the systems.
If your network includes existing BIG-IP systems, such as Local Traffic Managers, which are of an earlier version than the first Global Traffic Manager you are connecting to the network, you must run the big3d_install utility to establish a communication between the new device and the existing systems.
When you run the big3d_install utility, it connects to each existing BIG-IP system, extracts the IP addresses of the devices, and automatically updates the big3d agents on all the devices. If you specify IP addresses when you run the utility, it connects to the system associated with each IP address, and prompts you to supply the appropriate logon information to access that system.
Note: The big3d_install utility modifies the big3d agent that is already present on existing BIG-IP systems.
3.
Press the Enter key.
The utility connects to each existing BIG-IP system, extracts the IP addresses of the devices, and automatically updates the big3d agents on all the devices.
The primary goal of the Global Traffic Manager is to ensure that name resolution requests are sent to the best available resource on the network. Consequently, it is typical for multiple Global Traffic Managers to reside in several locations within a network. For example, a standard installation might include a Global Traffic Manager at each data center within an organization.
When a Local Domain Name Server (LDNS) submits a name resolution request, you cannot control to which Global Traffic Manager the request is sent. As a result, you will often want multiple Global Traffic Managers to share the same configuration values, and maintain those configurations over time. This process is called synchronization.
In network configurations that contain more than one Global Traffic Manager, synchronization means that each Global Traffic Manager regularly compares the timestamps of its configuration files with the timestamps of configuration files on other Global Traffic Managers. If a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests. With synchronization, you can change settings on one system and have that change distributed to all other systems.
You can separate the Global Traffic Managers on your network into separate groups, called synchronization groups. A synchronization group is a collection of multiple Global Traffic Managers that share and synchronize configuration settings. These groups are identified by a synchronization group name, and only systems that share this name also shares configuration settings. These synchronization groups allow you to customize the synchronization behavior. For example, the Global Traffic Managers residing in data centers in Europe might belong to one synchronization group, while the systems in North America belong to another group.
The following sections provide additional information on synchronization and the Global Traffic Manager, and specifically covers the following topics:
Defining NTP serversBefore you can synchronize Global Traffic Managers, you must define the Network Time Protocol (NTP) servers that the Global Traffic Manager references. These servers ensure that each Global Traffic Manager is referencing the same time when verifying timestamps for configuration files.
If you have already read the TMOS® Management Guide for BIG-IP® Systems, you may have already configured a list of NTP servers for the Global Traffic Manager. If you have not yet done so, you can find detailed information on configuring these settings in that guide.
Activating synchronizationActivating synchronization for the Global Traffic Manager has an immediate affect on its configurations, provided that another Global Traffic Manager is already available on the network. F5 Networks recommends that you activate synchronization only after you have finished configuring one of the systems.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Select the Synchronization check box.
4.
Click the Update button to save your changes.
Controlling file synchronizationWhen you synchronize multiple Global Traffic Manager systems, you are instructing each system to share its configuration files with the other systems on the network. These files are synchronized based on their timestamp: if a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests.
By default, the value for the synchronization time tolerance is set to 10 seconds. The minimum value you can set for this value is 5 seconds, while the maximum you can set is 600 seconds. The time tolerance specifies how many seconds of difference there can be between the time settings on the Global Traffic Manager systems in a synchronization group. The lower the value of the Synchronization Time Tolerance setting, the more often the local system makes an entry in the log indicating that there is a difference in the time settings of the systems in the synchronization group.
Note: If you are using NTP to synchronize the time of the Global Traffic Manager with a time server, leave the Synchronization Time Tolerance setting at the default value of 10. In the event that NTP fails, the Global Traffic Manager uses the time_tolerance variable to maintain synchronization.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Select the Synchronization check box.
4.
In the Synchronization Time Tolerance box, type the maximum number of seconds that the time setting on one system is allowed to be out of synchronization with the time setting on another system that is in the same synchronization group.
5.
Click the Update button to save your changes.
Deactivating file synchronizationIn the event that you need to deactivate file synchronization, you can do so at any time. Situations in which you want to disable synchronization include updating the data center in which the Global Traffic Manager resides, or when you are testing a new configuration change.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Clear the Synchronization box.
4.
Click the Update button to save your changes.
Synchronizing DNS zone filesDuring synchronization operations, the Global Traffic Manager verifies that it has the latest configuration files available and, if it does not, the Global Traffic Manager downloads the newer files from the appropriate system. You can expand the definition of the configuration files to include the DNS zone files used to respond to name resolution requests by using the Synchronize DNS Zone Files setting. This setting is enabled by default.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Select the Synchronize DNS Zone Files check box.
4.
Click the Update button to save your changes.
It is important to note that when a Global Traffic Manager is a member of a synchronization group, the configuration of each Global Traffic Manager in the group automatically synchronizes with the group member that has the newest user configuration set (UCS). Therefore, if you roll back the configuration of a member of the synchronization group to a UCS that contains DNS configuration files that are dated earlier than the same file on another system in the group, the system that you roll back synchronizes with that other system, effectively losing the configuration to which it was rolled back. You can stop the automatic synchronization of the DNS files by clearing the Synchronize DNS Zone Files box on the system before you roll it back to an earlier configuration.
Each Global Traffic Manager that you synchronize must belong to a specific group of systems, called a synchronization group. A synchronization group is a collection of multiple Global Traffic Managers that share and synchronize configuration settings. Initially, when you enable synchronization for a Global Traffic Manager, the system belongs to a synchronization group called default. However, you can create new groups at any time. This process allows you to customize the synchronization process, ensuring that only certain sets of Global Traffic Managers share configuration values.
To illustrate how synchronization groups work, consider the fictional company, SiteRequest. SiteRequest has decided to add a new data center in Los Angeles. As part of bringing this data center online, SiteRequest has decided that it wants the Global Traffic Managers installed in New York and in Los Angeles to share configurations, and the Paris and Tokyo data centers to share configurations. This setup exists because SiteRequests network optimization processes require slightly different settings within the United States than the rest of the world. To accommodate this new network configuration, SiteRequest enables synchronization for the New York and Los Angeles data centers, and assigns them a synchronization group name of United States. The remaining data centers are also synchronized, but with a group name of Rest Of World. As a result, a configuration change at the Paris Global Traffic Manager immediately modifies the Tokyo system, but does not affect the systems in the United States.
Note: When you change the name of a synchronization group, the new name is synchronized to all systems that belong to that synchronization group.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
In the Synchronization Group Name box, type a name of either an existing synchronization group, or a new group.
4.
Click the Update button to save your changes.
A large network might consist of hundreds of virtual servers. Keeping track of these virtual servers can be a time-consuming process itself. The Global Traffic Manager includes a means of simplifying the addition of new virtual servers into a network: auto-discovery. Auto-discovery is a process through which the Global Traffic Manager identifies a resource automatically so you can manage it.
The Global Traffic Manager can discover two types of resources: virtual servers and links. Each resource is discovered on a per-server basis, so you can employ auto-discovery only on the servers you specify.
The auto-discovery feature of the Global Traffic Manager has three modes that control how the system identifies resources. These modes are:
Disabled
In this mode, the Global Traffic Manager does not attempt to discover any resources.
Enabled
In this mode, the Global Traffic Manager regularly checks the server to discover any new resources. If a previously-discovered resource cannot be found, the Global Traffic Manager deletes it from the system. This is the default value.
Enabled (No Delete)
In this mode, the Global Traffic Manager constantly checks the server to discover any new resources. Unlike the Enabled mode, the Enabled (No Delete) mode does not delete resources, even if the system cannot currently verify their presence.
Auto-discovery is disabled on the Global Traffic Manager by default. You can set the discovery frequency for the Global Traffic Manager as shown in Setting the discovery frequency, following.
You must enable auto-discovery at the server and link levels. For information about enabling auto-discovery on virtual servers and links, see Discovering resources automatically.
Two discovery modes, Enabled and Enabled (No Delete), instruct the Global Traffic Manager to continually monitor servers for new resources. You configure the frequency at which the system queries for new resources in the general properties screen. By default, the system queries servers for new resources every 30 seconds.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
In the Auto-Discovery Request Interval box, type the frequency at which you want the system to attempt to discover new resources.
4.
Click the Update button to save your changes.
As you employ the Global Traffic Manager to load balance DNS traffic across different network resources, you must acquire information on these resources. You acquire this information by applying monitors to each resource. A monitor is a component of the Global Traffic Manager that tests to see if a given resource responds as expected. These tests can range from verifying that a connection to the resource is available, to conducting a database query. The Global Traffic Manager uses the information it gathers from monitors not only to inform you of what resources are available, but to determine which resource is the best candidate to handle incoming DNS requests.
In most cases, you apply specific monitors to resources, depending on the type of resource and its importance. However, there are a few settings within the Global Traffic Manager that affect all monitors:
Assign a heartbeat interval, which controls how often the Global Traffic Manager communicates with other BIG-IP systems on the network
Specify whether monitors continue to check the availability of a resource that you have disabled through the Global Traffic Manager
While monitors supply information you need to ensure that network traffic moves efficiently across the network, they do so at the cost of increasing that network traffic. These settings allow you to control this increase.
In daily operations, the Global Traffic Manager frequently acquires much of its network data from other BIG-IP systems that you employ, such as Local Traffic Managers. For example, the Local Traffic Manager systems monitors the resources it manages. When the Global Traffic Manager requires this same information for load balancing DNS requests, it can query the Local Traffic Manager, instead of each resource itself. This process ensures that the system has the information it needs efficiently.
Because the Global Traffic Manager queries other BIG-IP systems to gather information, you can configure the frequency at which these queries occur. You control this frequency by configuring the heartbeat interval. Based on the value you specify for this setting, the Global Traffic Manager queries other BIG-IP systems more or less often. F5 Networks recommends the default value of 10 seconds for this setting; however, you can configure this setting to best suit the configuration of your network.
Configuring the heartbeat interval is important when setting up the Global Traffic Manager, as it affects the data a given monitor acquires. F5 Networks recommends that, when configuring resource monitors, you ensure that the frequency at which the monitor attempts to query a resource is greater than the value of the Heartbeat Interval setting. Otherwise, the monitor might acquire out-of-date data during a query.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
In the Heartbeat Interval box, type the frequency at which you want the system to attempt to discover new resources.
4.
Click the Update button to save your changes.
Another aspect of resource monitoring that you want to control is how many monitors can query a resource at any given time. Network resources often serve many different functions at the same time and it is likely you want more than one monitor checking the availability of these resources in different ways. You might monitor a single resource, for example, to verify that the connection to the resource is available, that you can reach a specify HTML page on that resource, and that a database query returns an expected result. If this resource is used in more than one context, you might have many more monitors assigned to it, each one performing an important check to ensure the availability of the resource.
While these monitors are helpful in determining availability, it is equally helpful to control how many monitors can query a resource at any given time. This control ensures that monitor requests are more evenly distributed during a given period of time.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
In the Maximum Synchronous Monitor Requests box, type the number of queries that resources can accept from monitors at any given time.
F5 Networks recommends the default value of 20 requests.
4.
Click the Update button to save your changes.
One of the ways in which a given network resource becomes unavailable during the load balancing of DNS traffic occurs when you manually disable the resource. You might disable a resource because you are upgrading its server, or because you are modifying the resource itself and need to remove it temporarily from service.
You can control whether the Global Traffic Manager monitors these disabled resources. In some network configurations, for example, you might want to continue monitoring these resources when you put them offline; in other configurations, this action might be unnecessary.
Note: By default, the Monitor Disabled Objects setting is disabled for the Global Traffic Manager. F5 Networks recommends that you enable it only if you are certain you want the Global Traffic Manager to continue monitoring resources that you have manually disabled.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
Select the Monitor Disabled Objects check box.
4.
Click the Update button to save your changes.
The Global Traffic Manager handles traffic using the Domain Name System (DNS) and BIND to translate domain names into IP addresses. By configuring the Domain Validation setting, you can specify which domain names the Global Traffic Manager recognizes. You can set up the system so that it accepts all domain names, or you can restrict the use of certain characters in domain names.
1.
On the Main tab of the navigation pane, expand System and then click Configuration.
The general properties screen opens.
2.
From the Global Traffic menu, choose General.
The general global properties screen opens.
3.
From the Domain Validation list, select how the Global Traffic Manager validates domain names:
None
Specifies that the system does not restrict the use of any characters in domain names.
Strict
Specifies that the system allows only the most narrow interpretation of DNS names; that is, alphanumeric characters and the dash ( - ) character.
Allow Underscores
Specifies that the system follows the Strict validation rules, and also allows the underscore ( _ ) character.
4.
Click the Update button to save your changes.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)