Manual Chapter : 3-DNS Administrator Guide v2.0: Configuring Specialized Load Balancing

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 2.0.1 PTF-01, 2.0.1, 2.0.0
Manual Chapter


6

Configuring Specialized Load Balancing



Configuring specialized load balancing using advanced modes

This section describes the following specialized, or more advanced, load balancing modes:

  • Quality of service
  • Global availability
  • E-commerce
  • Topology access control
  • Topology load balancing

    You configure a specialized load balancing mode in the same way that you configure the more basic modes: by editing the wide IP definition. See Defining a wide IP , on page 5-2. You can also set global alternate and fallback load balancing modes. See Setting global alternate and fallback modes , on page 5-10.

Setting up Quality of Service (QOS) mode

The Quality of Service (QOS) mode is a user-definable mode that includes a configurable combination of the RTT, Completion Rate, Packet Rate, Topology, and Hops modes. The QOS mode is based on an equation that takes each of these performance factors into account. The default setting is for each factor to be weighted equally, and you can easily use the Quality of Service mode with these default settings simply by specifying it as your preferred load balancing mode.

If you want to change the settings, you can customize the equation to put more or less weight on each individual factor. When the 3DNS Controller selects a virtual server, it chooses the server with the best overall score.

Understanding QOS coefficients

The following table lists each QOS coefficient, its scale, a likely upper limit for each, and whether a higher or lower value is more efficient.

QOS coefficients: ranges and limits
Coefficient How measured Example
upper limit
Higher or lower?
Packet rate Packets per second 700 Lower
Round trip time Microseconds 2,000,000 Lower
Completion rate Percentage of successfully transferred packets (0-100%) 100% Higher
Topology Score that defines network proximity by comparing server and local DNS IP addresses (0-232) 100 Higher
Hops Number of hops 64 Lower

If you want to change the default QOS coefficients, keep the following issues in mind.

  • Scale
    The raw metrics for each coefficient are not on the same scale. For example, completion rate is measured in percentages while the packet rate is measured in packets per second.
  • Normalization
    The 3DNS Controller normalizes the raw metrics to values in the range of 0 to 10. As the QOS value is calculated, a high measurement for completion rate is good, because a high percentage of completed connections are being made, but a high value for packet rate is not desirable because you are trying to find a virtual server that is not overly taxed at the moment.
  • Emphasis
    You can adjust coefficients to emphasize one normalized metric over another. For example, by changing the coefficients to the values shown below, you are putting the most emphasis on completion rate.

Example: Emphasizing completion rate

 globals {    
qos_coeff_rtt 20
qos_coeff_completion_rate 100
qos_coeff_packet_rate 50
qos_coeff_topology 0
qos_coeff_hops 0
}

Figure 6.1 Emphasizing completion rate

In the above example, if completion rates for two virtual servers are close, the virtual server with the best packet rate is chosen. If both completion rates and packet rates are close, the round trip time (rtt) breaks the tie. In this example, the topology and hops modes are not used in determining how to distribute connections.

Customizing the QOS equation

You can customize the QOS equation globally, meaning that the equation applies to all wide IPs that use the QOS mode. You can also override the global QOS equation settings for individual wide IPs as necessary.

You must specify QOS as a load balancing mode before you can customize its equation.

To assign global QOS coefficients using the F5 Configuration utility

  1. In the navigation pane, click System.
    The System - General screen opens.
  2. On the toolbar, click Load Balancing.
    The System - Load Balancing screen opens.
  3. Define the global QOS coefficients in the Round Trip Time, Completion Rate, Hops, Packet Rate, and Topology boxes.
  4. Click Update for the changes to take effect.

To assign QOS coefficients for a specific wide IP using the F5 Configuration utility

  1. In the navigation pane, click Wide IPs.
  2. Click a wide IP name.
    The Edit Wide IP screen opens.
  3. On the toolbar, click Modify VSb Pool or Modify VSh Pool, depending on which type of pool you have.
  4. Define the wide IP's QOS coefficients in the Round Trip Time, Completion Rate, Hops, Packet Rate, and Topology boxes.
  5. Click Update for the changes to take effect.

To assign global QOS coefficients manually

  1. On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
  2. Locate or add the globals statement. The globals statement should be at the top of the file.
  3. Refer to the example syntax shown in Figure 6.2 to define a global QOS equation.
     globals {    
    qos_coeff_rtt 20
    qos_coeff_completion_rate 5
    qos_coeff_packet_rate 3
    qos_coeff_topology 0
    qos_coeff_hops 0
    }

    Figure 6.2 Sample global QOS equation

To assign QOS coefficients for a specific wide IP manually

  1. On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
  2. Locate the wideip statement you want to edit.
  3. Refer to the example syntax shown in Figure 6.3 to define a wide IP's QOS equation. Figure 6.3 displays a wide IP definition that uses overrides for the global settings shown in Figure 6.2 .
     wideip {    
    address 192.168.101.50
    service "http"
    name "www.wip.domain.com"
    ttl 60 // increase the domain default ttl
    qos_coeff {
    rtt 21
    hops 0
    completion_rate 7
    packet_rate 5
    topology 1
    }
    pool {
    name "Pool_1"
    ratio 2 // applies to pool_lbmode == ratio
    preferred qos
    alternate ratio
    address 192.168.101.50 ratio 2
    address 192.168.102.50 ratio 1
    address 192.168.103.50 ratio 1
    }
    pool {
    name "Pool_2"
    ratio 1
    preferred rr
    address 192.168.102.60 ratio 2
    address 192.168.103.60 ratio 1
    }
    }

    Figure 6.3 QOS coefficient settings that override the global default settings

Using the Dynamic Ratio option

When the Dynamic Ratio option is turned on, the 3DNS Controller treats QOS scores as ratios, and it uses each server in proportion to the ratio determined by the QOS calculation. When the Dynamic Ratio option is turned off (the default), the 3DNS Controller uses only the server with the highest QOS score for load balancing ("winner takes all") until metrics information is refreshed.

To turn on the Dynamic Ratio option using the F5 Configuration utility

  1. In the navigation pane, click Wide IPs.
  2. Click a wide IP name.
    The Edit Wide IP screen opens.
  3. On the toolbar, click Modify VSb Pool or Modify VSh Pool, depending on which type of pool you have.
  4. Check Use Dynamic Ratio.
  5. Click Update for the change to take effect.

To turn on the Dynamic Ratio option manually

  1. On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
  2. Locate the wideip statement and the pool definition you want to edit.
  3. Add the syntax (shown in bold) to the pool definition.
       pool {    
    name <"pool_name">
    [ ratio <pool_ratio> ]
    dynamic_ratio yes
    [ rr_ldns < yes | no > ]
    [ rr_ldns_limit <number> ]
    [ preferred < completion_rate | ga | hops | leastconn |
    packet_rate | qos | random | ratio | return_to_dns | rr |
    rtt | topology > ]
    [ alternate < ga | null | random | ratio | return_to_dns |
    rr | topology > ]
    [ fallback < completion_rate | ga | hops | leastconn | null |
    packet_rate | qos | random | ratio | return_to_dns | rr |
    rtt | topology > ]
    address <vs_addr>[:<port>] [ratio <weight>]
    }
    }

    Figure 6.4 Enabling dynamic ratio

Setting up Global Availability mode

Figure 6.5 shows the 3DNS Controller using the global availability load balancing mode. The global availability mode selects the first available virtual server in a wide IP definition. If that virtual server becomes unavailable, subsequent connections go to the next listed virtual server in the wide IP definition.

The 3DNS Controller always starts with the first virtual server in the list. Over time, the first server in the list receives the most connections, and the last server n the list receives the fewest connections.

Figure 6.5 Global Availability mode

To implement the global availability load balancing mode using the F5 Configuration utility

  1. In the navigation pane, click Wide IPs.
  2. Click a wide IP name.
    The Edit Wide IP screen opens.
  3. On the toolbar, click Modify VSb Pool or Modify VSh Pool, depending on which type of pool you have.
  4. Select global availability as the preferred, alternate, or fallback load balancing mode.
  5. Click Next.
    The Select Virtual Servers screen appears.
  6. From the list, select the virtual servers you want to add to this wide IP's pool, as well as the order in which connections should be sent to them.
  7. Click Update for the changes to take effect.

To implement the global availability load balancing mode manually

  1. On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
  2. Locate the wideip statement you want to edit.
  3. Define global availability as the preferred, alternate, or fallback load balancing mode.
  4. List the virtual servers in descending order of preference. See the example, next.

A Global Availability configuration example

With the global availability load balancing mode, you can configure one data center as your primary service and have several alternate services on standby. In the wideip statement, list the virtual servers in descending order of preference. The first available virtual server is chosen for each resolution request.

Figure 6.6 shows a sample wideip definition where global availability is the preferred load balancing mode.

 // Global availability    
wideip {
address 192.168.101.60
port 80 // http
name "cgi.wip.domain.com"
pool {
name "mypool"
preferred ga
address 192.168.101.60
address 192.168.102.60
address 192.168.103.60
}
}

Figure 6.6 Configuring a standby data center

All resolution requests are sent to the first listed virtual server (192.168.101.60 in this example) unless the first listed virtual server becomes unavailable for any reason. If the first listed virtual server becomes unavailable, resolution requests are sent to the second listed virtual server, and so on.

Setting up load balancing for services that require multiple ports

Some sites require that you use multiple ports or services to access them. For these cases, you can configure a wide IP so that connections are not sent to a given address unless all specified ports or services are available.

To configure multiple ports for a wide IP using the F5 Configuration utility

  1. In the navigation pane, click Wide IPs.
  2. Click a wide IP name.
    The Edit Wide IP screen opens.
  3. On the toolbar, click Port List.
    The Wide IP Port List screen opens.
  4. Type a port number in the box or select a service from the list, then click the right arrow button.
  5. Repeat step 4 for each port or service you need to add.
  6. Click Update.

To configure multiple ports for a wide IP manually

  1. On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
  2. Locate the wideip statement you want to edit.
  3. Add the port_list line as indicated in bold in Figure 6.7 .
     wideip {    
    address <ip_addr>
    port <port_number> | <"service name">
    name <"domain_name">
    [ alias <"alias_name"> ]
    [ ttl <number> ]
    [ port_list <port_number> <port_number> ... ]
    [ qos_coeff {
    rtt <n>
    completion_rate <n>
    packet_rate <n>
    topology <n>
    hops <n>
    } ]
    [ pool_lbmode <rr | ratio | ga | random> ]
    [ pool definitions ...]

    Figure 6.7 Enabling the port_list option

An example configuration for e-commerce services

In this example, you are setting up a site for selling a product on the Internet. This site contains secure and non-secure areas. The non-secure area contains the product catalog and the secure area is for placing orders. You can configure a wide IP so that clients are only sent to a virtual server if both the secure and non-secure areas are available.

The key entry here is port_list. The port_list entry specifies that requests can only be sent to virtual servers in this pool if ports 80 (non-secure area) and 443 (secure area) are available.

 wideip {    
address 192.168.101.70
port 80 // http
port_list 80 443 // e-commerce
name "ssl.wip.domain.com"
pool_lbmode rr
pool {
name "bigip_pool"
ratio 2
preferred qos
alternate ratio
address 192.168.101.70 ratio 7
address 192.168.102.60 ratio 2
}
pool {
name "host_pool"
ratio 1
preferred ratio
address 192.168.104.50 ratio 2
address 192.168.105.60 ratio 1
}
}

Figure 6.8 Syntax for e-commerce services

For each virtual server address in the pool, a virtual server must exist for each port in the port list. In the above example, the BIG/ip Controllers and host machines must have the following virtual servers defined:

192.168.101.70:80

192.168.101.70:443

192.168.102.60:80

192.168.102.60:443

192.168.104.50:80

192.168.104.50:443

192.168.105.60:80

192.168.105.60:443

Setting up topology-based features

The 3DNS Controller supports two topology-based features: topology-based access control, and a topology load balancing mode.

To use the topology load balancing mode, you should first set up topology-based access control so that the list records are defined. Otherwise, the topology load balancing mode has no effect.

Setting up topology-based access control is described next. Using topology as a load balancing mode is described on page 6 -22 .

Setting up Topology-based access control

You can use topology-based access control to implement a form of wide-area IP filtering. Topology-based access control allows you to specify which data centers are acceptable for a given resolution request, based on the proximity of the data center's IP address to the requesting local DNS server's IP address.

Understanding the list records

The list records in the topology definition define a score for pairs of known local DNS servers and data centers.

For example, here is a sample list record:

192.168.101.0/24 198.0.0.0/24 6

Essentially, each record defines two network endpoints in CIDR (Classless Interdomain Routing) format, and a score. The CIDR format consists of an IP address and a number n designating a subnet bitmask. The bitmask is made up of n ones followed by 32 - n zeros. For example, for n = 8, the bitmask is:



11111111000000000000000000000000

\______/\______________________/

8 ones 24 zeros

The first endpoint, A, corresponds to the IP address of a server (either a BIG/ip Controller or a host). The second endpoint, B, corresponds to the IP address of the local DNS. Suppose a local DNS, L, requests a name resolution from the 3DNS Controller, and the virtual server being considered as an answer is managed by a BIG/ip Controller, S. The list record that matches is the one where the following equation is TRUE:

((S & A-mask == A & A-mask) && (L & B-mask == B & B-mask))

Referring to the example topology statement that starts on page 6 -19 , say that the local DNS 198.0.0.0 requested name resolution for www.domain.com, and a virtual server in the pool belonged to the BIG/ip Controller 192.168.101.0. In this scenario, the 3DNS Controller considers the first list record to be a match.

Note that in the above list record, the single ampersand (&) is a bitwise operator, and the double ampersands (&&) are logical operators.

Understanding the topology score

Each list record includes a score, which is used both in topology-based load balancing, and in topology-based access control. If multiple list records in a topology statement have the exact same server IP/mask and local DNS IP/mask but have different scores, only the last record is declared valid. For example, the first set of records is equivalent to the second set of records.

192.168.101.0/24 198.0.0.0/24 6

192.168.101.0/8 198.0.0.0/8 1

192.168.101.0/24 198.0.0.0/24 89 <-- replaces 1st record

192.168.101.0/24 198.0.0.0/24 0 <-- replaces previous record

192.168.101.0/24 198.0.0.0/24 3 <-- replaces previous record

This set of records is equivalent to the above set of five records.



192.168.101.0/8 198.0.0.0/8 1

192.168.101.0/24 198.0.0.0/24 3

Using the longest match rule

The 3DNS Controller uses the same type of longest match rule that routers commonly use. If there are several IP/mask items that match a particular IP address, the 3DNS Controller selects the record that is most specific, and thus has the longest mask (n is the largest).

For example, 192.168.101.4 matches 192.168.101.4/0, 192.168.101.4/8, 192.168.101.4/13, 192.168.101.4/24, and 192.168.101.4/32, but the longest matching IP/mask is 192.168.101.4/32. When the longest_match parameter is set to yes (the default), the longest match rule is obeyed for local DNS IP addresses, and also for server IP addresses, when there are multiple matches for a server/local DNS combination. This means that for the virtual server 192.168.101.50 owned by BIG/ip Controller 192.168.101.40 and local DNS 198.0.0.40, the third list record is the longest match:

192.168.101.0/24 198.0.0.40/24 2

192.168.101.0/8 198.0.0.40/16 0

192.168.101.0/8 198.0.0.40/27 6 <-- Longest Match

192.168.101.0/16 198.0.0.0/24 7

192.168.101.0/32 198.0.0.0/24 3 <-- Second Longest Match

Although this is not how the search is implemented, consider that all the records matching the server and local DNS IP address are gathered into a set. The records in this set are sorted in descending order first by local DNS mask, and then by server mask. The highest record in the sorted set determines which is the shortest path between the client and a virtual server. For example, if the third list record in the above example is removed, then the first and fifth records tie for longest match on local DNS, but the fifth wins because it has the more specific server mask.

Implementing topology-based access control

Any server/local DNS matching a list record with a score below the acl_threshold is interpreted as if the virtual server were unavailable. For example, if a local DNS 198.0.0.0 requests a name resolution, any virtual server owned by BIG/ip Controller 192.168.101.0 is considered down for load balancing purposes due to the first list entry. This provides a hook for an administrator to set up access control to data centers based on local DNS IP address.

Explicitly allowing or denying access

You may want to define a wildcard list record that you can use to prevent users from being locked out when access control is turned on (when the acl_threshold is set to a value greater than zero). If the 3DNS Controller compares the local DNS server's IP address to the specific list records but does not find a match, it can use a wildcard list record to determine how to handle the resolution request.

A wildcard list record is the last list record in the topology statement and uses the following syntax:

0.0.0.0/0 0.0.0.0/0 <score>

By using the subnet bitmask values 0 in the wildcard list record, this record will always be chosen last by the longest match rule.

The <score> parameter setting either allows or denies access, depending on whether its value is set greater than or less than the acl_threshold setting. A <score> value that is greater than or equal to the acl_threshold setting allows access. A <score> value that is less than the acl_threshold setting denies access.

If no wildcard list record is provided, the following is assumed:

0.0.0.0/0 0.0.0.0/0 0

Using access control to limit path probing

The limit_probes parameter specifies whether to apply access control to the probing of paths. If this parameter is set to yes, the 3DNS Controller requests a given BIG/ip Controller to probe only those local DNS servers that can connect to it according to the probe_threshold value and the topology map scores. In the example topology statement that starts on page 6 -19 , the 3DNS Controller does not send a local DNS 200.0.0.0 to the BIG/ip Controller 192.168.101.0 for probing, but would send it to the BIG/ip Controller 192.168.103.0.

To configure topology-based probe access control using the F5 Configuration utility

  1. In the navigation pane, click Topology.
  2. On the toolbar, click Topology Settings.
  3. In the ACL Threshold box, specify a score threshold. Any list record (prober IP address/local DNS IP address) score that is less than the threshold value will not have access to the listed virtual servers.
  4. In the Probe Threshold box, specify a threshold for probing. Any list record (prober IP address/local DNS IP address) score that is less the than the probe threshold value prevents the local DNS from being probed by the specific prober. You can enter a value between 1 and 4294967295.
  5. In the Limit Probes box, specify whether to apply access control to the probing of paths.
  6. In the Longest Match box, specify whether the 3DNS Controller selects the record that is most specific, and thus has the longest mask, in cases where there are several IP/mask items that match a particular IP address.
  7. Click Update.
  8. On the toolbar, click Add Virtual Servers.
    The Add Virtual Server to Topology screen opens.
  9. In the Virtual Server/Mask boxes, type the virtual server's IP address in the first box, and the mask in the second box. These values combine to provide one of two values used to determine the longest match.
  10. In the LDNS/Mask box, type the local DNS server's IP address in the first box, and the mask in the second box. These values combine to provide one of two values used to determine the longest match.
  11. In the Score box, type the mask score, which is used for the comparison of virtual servers.
  12. Click Add.

    Repeat steps 9 through 12 for each virtual server that is to be used in the topology configuration.

To configure topology-based probe access control manually

  1. On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
  2. Place the topology statement at the end of the wideip.conf file.
  3. Use the syntax shown in Figure 6.9 to define topology statement. Also see the example that starts on page 6 -19 .
     topology {    
    acl_threshold <0..4294967295>
    probe_threshold <0..4294967295>
    limit_probes <yes | no>
    longest_match <yes | no>
    <server cidr> <LDNS cidr> <score>
    }

    Figure 6.9 Syntax for topology statement

An example configuration for topology access control

Suppose that your company maintains Spanish web sites. You have data centers in New York, Los Angeles, and Tokyo. You prefer that resolution requests made from clients located in North America are resolved by North American data centers. However, you do not mind if a few requests are sent to Tokyo when requests cannot be resolved in New York or Los Angeles.

Because of cost issues, you do not want requests from clients in South America to be sent to the New York data center. To achieve this, you can configure the topology statement as shown.

 topology {     
acl_threshold 5
probe_threshold 5
limit_probes yes
longest_match yes

// server/mask ldns/mask score


///////////////////////////
// North American LDNS's:
// 198.0.0.0/8
// 199.0.0.0/8

// North America Priority List
//
// 1. New York
// 2. L.A.
// 3. Tokyo

// New York
192.168.101.0/24 198.0.0.0/8 30
192.168.101.0/24 199.0.0.0/8 30

// Los Angeles
192.168.102.0/24 198.0.0.0/8 20
192.168.102.0/24 199.0.0.0/8 20

// Tokyo
192.168.103.0/24 198.0.0.0/8 10
192.168.103.0/24 199.0.0.0/8 10

Figure 6.10 Example syntax for the topology statement (continued on next page)

 ///////////////////////////    
// South American LDNS's:
// 200.0.0.0/8
// 201.0.0.0/8

// South America Priority List
//
// 1. Tokyo
// 2. L.A.
// (New York excluded by acl_threshold)

// Tokyo
192.168.103.0/24 200.0.0.0/8 30
192.168.103.0/24 201.0.0.0/8 30

// Los Angeles
192.168.102.0/24 200.0.0.0/8 20
192.168.102.0/24 201.0.0.0/8 20

// New York
192.168.101.0/24 200.0.0.0/8 0
192.168.101.0/24 201.0.0.0/8 0

///////////////////////////
// Wildcard List Record
//
// By default, if a list record is not found in the
// topology map for an LDNS, the score is assumed to
// be 0. By including the following "wildcard" list
// record, all other LDNS's (not North or South America
// as specified above) are assigned a score of 1 so
// the acl_threshold does not indicate that the
// virtual servers are down.

0.0.0.0/0 0.0.0.0/0 1

}

Figure 6.11 Example syntax for the topology statement (continued from previous page)

Using the topology load balancing mode

The topology load balancing mode distributes connections based on the proximity of a local DNS to a particular data center. Proximity is determined by network IP addresses of the local DNS compared to that of the data centers, and not necessarily by geographical location.

Configure topology access control before attempting to use the Topology load balancing mode. If the topology list records are empty the virtual servers will be load balanced as Global Availability.

To implement the topology load balancing mode using the F5 Configuration utility

  1. In the navigation pane, click Wide IPs.
  2. Click a wide IP name.
    The Edit Wide IP screen opens.
  3. On the toolbar, click Modify VSb Pool or Modify VSh Pool, depending on which type of pool you have.
  4. Select topology as the preferred, alternate, or fallback load balancing mode.
  5. Click Update for the changes to take effect.

To implement the topology load balancing mode manually

  1. On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
  2. Locate the wideip statement you want to edit.
  3. Define topology as the preferred, alternate, or fallback load balancing mode.

    Figure 6.12 shows a sample wideip definition where topology is the preferred load balancing mode.

     wideip {     
    address 192.168.103.60
    port 80
    name "ntp.wip.domain.com"
    pool {
    name "poolA"
    preferred topology
    alternate rtt
    address 192.168.101.60 // New York
    address 192.168.102.60 // Los Angeles
    address 192.168.103.60 // Tokyo
    }
    }

    Figure 6.12 Specifying load balancing according to topology score