Manual Chapter : 3-DNS Administrator Guide v2.0: Introduction to the 3-DNS Controller

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 2.0.1 PTF-01, 2.0.1, 2.0.0
Manual Chapter


1

Introduction to the 3DNS Controller



Welcome to the 3DNS Controller

Welcome to the 3DNS® Controller Administrator Guide. This guide describes how to set up the 3DNS Controller hardware and how to set up your network and load balancing configurations, as well as other 3DNS Controller features. The Administrator guide also includes the software specifications for the 3DNS Controller platform, and it offers some sample configurations that can help you in planning your own configuration.

3DNS Controller specifications

The 3DNS Controller is a network appliance that manages and balances traffic over global networks. The 3DNS Controller manages network traffic patterns using load balancing algorithms, topology-based routing, and production rules that control and distribute traffic according to specific policies. The system is highly configurable, and its web-based and command line configuration utilities allow for easy system set up and monitoring.

The 3DNS Controller provides a variety of features that meet special customer needs including:

  • E-commerce sites that need to guarantee the availability of multiple ports
  • Internationally distributed sites that prefer to restrict local clients to local servers
  • Production rules that change the load balancing configuration according to current traffic patterns or time of day
  • SNMP monitoring of the 3DNS Controller
  • Customizable load balancing modes

Internet protocol and network management support

The 3DNS Controller supports both standard DNS protocol and the F5 iQuery protocol (a protocol used for collecting dynamic load balancing information). The 3DNS Controller also supports administrative protocols, such as Simple Network Management Protocol (SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for performance monitoring and notification of system events. For administrative purposes, you can use the F-Secure SSH client (distributed only in the US), which provides a secure shell connection, rsh, Telnet, and FTP. The F5 Configuration utility supports secure connections via SSL (distributed only in the US), as well as standard HTTP connections.

The 3DNS Controller's SNMP agent allows you to monitor status and current traffic flow using popular network management tools, including the F5 Configuration utility. The SNMP agent provides detailed data such as current connections being handled for each virtual server.

Security features

The 3DNS Controller offers a variety of security features that can help prevent hostile attacks on your site or equipment.

  • Secure administrative connections
    3DNS Controllers distributed in the US support secure shell administrative connections via F-Secure SSH. The 3DNS web server, which hosts the web-based F5 Configuration utility, supports SSL connections as well as user authentication.
  • Secure iQuery communications
    3DNS Controllers distributed in the US also support Blowfish encryption for iQuery communications between controllers running the big3d agent.
  • TCP wrappers
    TCP wrappers provide an extra layer of security for network connections.
  • IP address filtering
    The IP filtering feature, based on BSD IP packet filtering, specifically accepts or denies connections received from particular IP addresses or ranges of IP addresses.

Configuration scalability

The 3DNS Controller is a highly scalable and versatile solution. You can configure the 3DNS Controller to manage up to several hundred domain names, including full support of domain name aliases. The 3DNS Controller supports a variety of media options, including Fast Ethernet, Gigabit Ethernet, and FDDI, and also supports multiple network interface cards that can provide redundant or alternate paths to the network.

Configuration and monitoring tools

The 3DNS Controller provides the following web-based and command line administrative tools that make for easy set up and configuration.

First-Time Boot utility

The First-Time Boot utility is a wizard that walks you through the initial system set up. The utility helps you quickly define basic system settings, such as a root password and the IP addresses for the interfaces that connect the 3DNS Controller to the network. The First-Time Boot utility also helps you configure access to the 3DNS web server, which hosts the web-based F5 Configuration utility, as well as the NameSurfer application that you can use for DNS zone file management.

F5 Configuration utility

The F5 Configuration utility is a web-based application that you use to configure and monitor the 3DNS Controller. Using the F5 Configuration utility, you can define the load balancing configuration, along with the network set up, including data centers, sync groups, and servers used for load balancing and path probing. In addition, you can configure advanced features such as topology settings, IP filters, and the SNMP agent. The F5 Configuration utility also monitors network traffic, current connections, load balancing statistics, and the operating system itself.

The 3DNS web server, which hosts the F5 Configuration utility, provides convenient access to downloads such as the SNMP MIB and documentation for third-party applications such as NameSurfer.

NameSurfer application

The NameSurferTM application is a third-party application, produced by Data Fellows, that automatically configures DNS zone files associated with domains handled by the 3DNS Controller. You can use NameSurfer to configure and maintain additional DNS zone files on 3DNS Controllers that run as master DNS servers. The F5 Configuration utility provides direct access to the NameSurfer application, as well as the corresponding documentation for the application.

3DNS Maintenance menu

The 3DNS Maintenance menu is a command line utility that executes scripts which assist you in configuration and administrative tasks, such as installing the latest version of the big3d agent on all your systems, or editing the load balancing configuration files. You can use the 3DNS Maintenance menu directly on the 3DNS Controller, or you can use the menu when connected to the controller via a remote shell, such as the SSH client (US only), or a standard rsh client.

Browser support

The F5 Configuration utility, which provides web-based access to the 3DNS Controller system configuration and features, supports the following browser versions:

  • Netscape Navigator 4.5 or later
  • Microsoft Internet Explorer, version 4.01 or later

System synchronization options

The 3DNS Controller sync group feature allows you to automatically synchronize configurations from one 3DNS Controller to the other 3DNS Controllers in the network, allowing for simplified administrative management. The synchronization feature offers a high degree of administrative control. For example, you can set the controller to synchronize a specific configuration file set, and you can also set which 3DNS Controllers in the network receive the synchronized information and which ones do not.

Configurable data collection for server status and network path data

The 3DNS Controller platform includes a big3d agent, which is an integral part of 3DNS Controller load balancing. The big3d agent continually monitors the availability of the servers that the 3DNS Controller load balances. It also monitors the integrity of the network paths between the servers that host the domain and the various client local DNS servers looking to connect to the domain. The big3d agent runs on 3DNS Controllers and BIG/ip Controllers distributed in various locations in your network. Each big3d agent broadcasts its collected data to all of the 3DNS Controllers in your network, ensuring that all 3DNS Controllers work with the latest information.

The big3d agent offers a variety of configuration options that allow you to choose the types of data collection methods you want to use. For example, you can configure the big3d agent to track the number of hops along a given network path, and you can also set the big3d agent to collect host server performance information using the SNMP protocol.

Redundant system configurations

A redundant system is essentially a pair of 3DNS Controller units, one operating as an active unit responding to DNS queries, and one operating as a standby unit. If the active unit fails, the standby unit takes over and begins to respond to DNS queries while the other controller reboots and becomes a standby unit.

The 3DNS Controller actually supports two methods of checking status of the peer system:

  • Hardware-based fail-over
    In a system set up with hardware-based fail-over, the two units in the system are connected to each other directly using a fail-over cable attached to the serial ports. The standby controller checks on the status of the active controller every second using this serial link. The controllers check on each other's status using that link.
  • Network-based fail-over
    In a system set up with network-based fail-over, the two units in the system communicate with each other across an Ethernet network instead of going across a dedicated fail-over serial cable. The standby Controller checks on the status of the active controller every second using the Ethernet. The controllers check each other's status using that link.

Note: In a network-based fail-over configuration, the standby 3DNS Controller immediately takes over if the active unit fails. If a client had queried the failed controller, and not received an answer, it automatically re-issues the request (after 5 seconds) and the standby unit, functioning as the active controller, responds.

IP packet filtering

The 3DNS Controller supports easy configuration of the BSD operating system method of IP packet filtering. In the F5 Configuration utility, you can configure individual IP packet filters, which can control both in-bound and out-bound network traffic. For example, you can specify a single IP address, or a range of IP addresses, from which the 3DNS Controller either accepts or denies network traffic. You can also specify one or more IP addresses to which you specifically want to allow or prevent out-bound connections.

Load balancing modes

The 3DNS Controller offers several different load balancing modes, including static modes that base load balancing on a pre-defined distribution pattern, and dynamic modes that base load balancing on current network information such as the round trip time between a requesting client and a web server.

Static load balancing

Static load balancing distributes connections based on pre-defined distribution patterns, and does not take current server or network performance into account. The 3DNS Controller supports the following static load balancing modes:

  • Round Robin
    Round Robin mode is a basic load balancing mode that distributes connections evenly across all servers, passing each new connection to the next server in line.
  • Ratio
    The Ratio mode distributes new connections across servers in proportion to a user-defined ratio. The distribution of replies is weighted Round Robin. For example, if one server runs on a high-speed server and two other servers run on older machines, you could set the ratio so that the high-speed server receives twice as many connections as either of the two older servers.
  • Global Availability
    Global Availability mode distributes connections to a list of servers, always sending a connection to the first available server in the list.
  • Random
    Random mode distributes connections in a random pattern.
  • Topology
    Topology allows you to direct or restrict traffic flow by entering network information into the configuration file. This allows you to develop proximity-based mapping. For example, customers in a particular geographic region can be sent to servers within that same region. The 3DNS Controller determines the proximity of servers by comparing the client's LDNS IP address to the IP address of the available servers.

Dynamic load balancing

Dynamic load balancing bases connection distribution on current server and network performance information gathered by the big3d agent. The different dynamic load balancing modes incorporate different performance factors.

  • Quality of Service
    The Quality of Service (QOS) load balancing mode takes a variety of performance factors into account. You can configure the QOS mode to rate different performance factors higher or lower than others, or you can configure the QOS mode to treat all factors as being equally important. The quality of the service equation calculates a performance score based on the following factors:
    • Total round trip time between the server and the client LDNS
    • Total number of network hops between the server and the client LDNS
    • Number of packets currently processed
    • Percentage of packets completed
    • Topological distribution
  • Round Trip Times
    Round Trip Times mode sends each new connection to the server that demonstrates the best round trip time between the server and the client LDNS.
  • Hops
    Hops mode sends each new connection to the server that has the fewest number of intermediate systems transitions between the server and the client LDNS.
  • Packet Rate
    Packet Rate mode sends each new connection to the server that has the least amount of network traffic.
  • Completion Rate
    Completion Rate mode sends each new connection to the server that has the fewest number of dropped packets.
  • Least Connections
    Least Connections mode sends each new connection to the node that currently hosts the fewest current connections. Note that you can use Least Connections mode only to load balance servers managed by BIG/ip Controllers.

Managing traffic on a global network

This section provides a brief overview of how 3DNS Controllers work within a global network and how they interact with other BIG/ip Controllers and host machines in the network. The section also illustrates how the 3DNS Controller works with the big3d agents that run in various locations in the network, as well as the local DNS servers that make DNS requests on behalf of clients connecting to the Internet.

The following sample configuration shows 3DNS Controllers that load balance connections for a sample Internet domain named domain.com.

A sample network layout

3DNS Controllers sit in specific data centers in your network and they work in conjunction with BIG/ip Controllers and with generic host servers that also sit in your network data centers. All 3DNS Controllers in the network can receive and respond to DNS resolution requests from the local DNS servers that clients use to connect to the domain.

Figure 1.1 illustrates the layout of the 3DNS Controllers, BIG/ip Controllers, and host servers in the three data centers. The Los Angeles data center houses one 3DNS Controller and one BIG/ip Controller, as does the New York data center. The Tokyo data center houses only one 3DNS Controller and one host server.

Figure 1.1 A sample network layout

In the Los Angeles and New York data centers, the big3d agent runs on the BIG/ip Controller, but in the Tokyo data center, the big3d agent runs on the 3DNS Controller. Each big3d agent collects information about the network path between the data center where it is running and the client's local DNS server in Chicago, as illustrated by the red lines. Each big3d agent also broadcasts the network path information it collects to the 3DNS Controllers running in each data center, as illustrated by the green, blue, and purple lines.

Note: All BIG/ip Controllers and 3DNS Controllers in a data center typically run a big3d agent.

Synchronizing configuration information and broadcasting performance metrics

3DNS Controllers typically work in sync groups where a group of controllers shares load balancing configuration settings. In a sync group, any controller that has new configuration changes can broadcast the changes to any other controller in the sync group, allowing for easy administrative maintenance. To distribute metrics data among the controllers in a sync group, the principal 3DNS Controller sends requests to the big3d agents in the network, asking them to collect specific performance and path data. Once the big3d agents collect the data, they each broadcast the collected data to all controllers in the network, again allowing for simple and reliable metrics distribution.

Using a 3DNS Controller as a standard DNS server

When a client requests a DNS resolution for a domain name, DNS sends the request to the 3DNS Controller that is authoritative for the zone (running as a master DNS server for the domain). The 3DNS Controller chooses the best available virtual server out of a pool, and then returns a standard DNS answer record (an A record) to the requesting local DNS server. The local DNS server uses the answer for the period of time defined within the A record. Once the answer expires, however, the local DNS server must request name resolution all over again to get a fresh answer.

Figure 1.2 Name resolution process

Figure 1.2 illustrates the specific steps in the name resolution process.

  1. The client connects to an Internet Service Provider (ISP) and queries the local DNS to resolve the domain name www.domain.com.
  2. If the information is not already in the local DNS server's cache, the local DNS server queries a root server (such as InterNIC's root servers). The root server returns the IP address of a DNS associated with www.domain.com, which in this case runs on the 3DNS Controller.
  3. The local DNS then connects to the 3DNS Controller looking to resolve the www.domain.com name. The 3DNS Controller uses a load balancing mode to choose an appropriate server to receive the connection, and returns the server's IP address to the local DNS.
  4. The local DNS ends the connection to the 3DNS Controller and passes the IP address to the client.
  5. The client connects to the IP address via the ISP.

Note: The dotted portion of line 5 indicates that the actual hardware for this step is not shown, due to the number of ways ISPs can configure their networks. The actual machines that handle all other transaction events are shown, so all other lines are solid.

Load balancing connections across the network

Each of the 3DNS Controller load balancing modes can provide efficient load balancing for any network configuration. The 3DNS Controller bases load balancing on pools of virtual servers. When a client requests a DNS resolution, the 3DNS Controller uses the specified load balancing mode to choose a virtual server from a pool of virtual servers. The resulting answer to this resolution request is returned as a standard A record.

Although some load balancing configurations can get complex, most load balancing configurations are relatively simple, whether you use a static load balancing mode or a dynamic load balancing mode. More advanced configurations can incorporate multiple pools, as well as advanced traffic control features, such as topology or production rules. (For a list of individual load balancing modes, see Load balancing modes , on page 1-7).

Working with BIG/ip Controllers and other products

The 3DNS Controller balances connections across a group of virtual servers that run in different data centers throughout the network. You can manage virtual servers from the following types of products:

  • BIG/ip Controllers
    A BIG/ip Controller virtual server maps to a series of content servers.
  • Generic hosts
    A host virtual server can be an IP address or an IP alias that hosts the content.
  • Other load balancing products
    Other load balancing products map virtual servers to a series of content hosts.

    Figure 1.3 illustrates the hierarchy of virtual server management in our sample configuration.

    Figure 1.3 Load balancing management

How 3DNS Controller differs from BIG/ip Controller

While both controllers provide load balancing, one of the significant differences between the 3DNS Controller and the BIG/ip Controller is that the 3DNS Controller responds to DNS requests issued by an LDNS on behalf of a client, while the BIG/ip Controller provides connection management between the client and the back-end server.

Once the 3DNS Controller returns a DNS answer to an LDNS, the conversation between the LDNS and the 3DNS Controller ends, and the client connects to the IP address returned by the 3DNS Controller. Unlike 3DNS, the BIG/ip Controller sits between the client and the content servers. It manages the client's entire conversation with the content server.

What's new in version 2.0

The 3DNS Controller offers the following major new features in version 2.0.

New configuration and monitoring tools

The 3DNS Controller now supports the following configuration and monitoring tools:

  • The F5 Configuration utility
    The F5 Configuration utility is a web-based application that provides easy configuration of data centers, sync groups, wide IPs, and all other 3DNS Controller features and settings. The F5 Configuration utility also provides enhanced system monitoring similar to that found in the old Web Administration tool found in previous releases of the 3DNS Controller.
  • NameSurfer
    The NameSurfer application provides easy configuration and maintenance for DNS zone files on 3DNS Controllers that run as master DNS servers.
  • The SNMP MIB
    The 3DNS Controller includes a new proprietary SNMP MIB that you can use in conjunction with SNMP-based network management applications to monitor 3DNS Controller performance and system state.

Redundant system options

The 3DNS Controller now offers two types of redundant system configurations:

  • Hardware fail-over
    Hardware fail-over is the standard fail-over configuration where two 3DNS Controller units in the system are connected directly by a fail-over cable. This provides the highest level of reliability, because it does not depend on any network equipment to get the important fail-over data from one unit to the other.
  • Network fail-over
    Network fail-over is a configuration option that allows you to set up two individual 3DNS Controllers as a redundant system, without having a direct hard-wired connection between the two units. Instead, the units transfer the fail-over data via the network. This option works well in many situations, but does not provide as much reliability as the hardware fail-over setup. You may want to consider using this option to provide an additional layer of fail-over redundancy in a system that is currently configured for hardware fail-over.

Multiple network interface cards

All 3DNS Controller products now support two network interface cards. Use of the second network interface card is optional, and it can provide you an additional layer of redundancy. The separate network interface cards can connect through different routers or gateways to the same network, allowing for more than one available network path.

Data center definitions

The new data center feature allows you to map out the network layout of the 3DNS Controllers, BIG/ip Controllers, and host machines that you use for load balancing. One major benefit of the data center feature is that you can use the big3d agent on one controller in the data center to collect network path data on behalf of all controllers and hosts that run in the same data center.

Enhanced configuration and metrics synchronization

The 3DNS Controller now supports sync groups, which you can use to define one or more groups of controllers that share configuration settings and path statistics. A sync group contains a principal 3DNS Controller that broadcasts its configuration settings and path statistics at set intervals to the remaining 3DNS Controllers, referred to as receiver 3DNS Controllers, in the sync group. This can make system administration across a global network much easier, because it requires you to make configuration changes to only one controller, instead of all controllers running in the network.

Note that the big3d agent now uses broadcasting to distribute current path statistics and server status to all 3DNS Controllers running in the network. The principal controller in a sync group issues requests to the big3d agent, and once the big3d agent retrieves the requested information, it sends the information not only to the principal 3DNS Controller, but to all controllers. When the principal controller in a sync group broadcasts its configuration setting and path statistics to the receiver controllers, it includes the path statistics only as a backup to the path statistics that the controller should receive from the broadcasting big3d agent.

Production rules

You can use the production rules feature to dynamically change the load balancing configuration depending on current network traffic patterns, or time of day. The F5 Configuration utility provides easy configuration for production rules, and the sample wideip.conf file provided in Appendix A includes two examples of the production rule language.

Enhanced dynamic load balancing

The 3DNS Controller now supports the following enhancements for dynamic load balancing:

  • Hops load balancing mode
    The Hops load balancing mode is based on the traceroute utility, and it distributes connections based on the fewest number of hops required between the server and the client.
  • New options for the Quality of Service load balancing mode
    The Quality of Service load balancing mode now supports a hops coefficient, and a new attribute referred to as dynamic ratio. The hops coefficient simply adds a hops factor to the qos equation, where it takes into account the number of network hops between each server and the client. The dynamic ratio attribute allows the 3DNS Controller to use qos scores as ratios. When you apply the dynamic ratio attribute, the 3DNS Controller distributes connections across all available virtual servers in proportion to each server's qos score. Servers that receive higher qos scores receive a larger percentage of the connection load than servers which receive lower qos scores.
  • LDNS round robin attribute
    When you apply the LDNS round robin attribute, the 3DNS Controller returns a full list of available servers for name resolution. Certain types of browsers cache the list of available servers and use the list for subsequent connections, rather than returning to the 3DNS Controller for a fresh name resolution each time.
  • SNMP probing for hosts
    The 3DNS Controller now supports a new probing method used to collect performance information for hosts. You can use SNMP probing for any host that runs a UCD, Solstice, or an NT SNMP MIB.

Include statements for the wideip.conf configuration file

The wideip.conf file now supports include statements. The new default structure of the wideip.conf file includes only the load balancing configuration settings. The metrics data, which was previously stored in the file, is now stored separately from the wideip.conf file and included only by reference.

Finding help and technical support resources

You can find additional technical documentation about the 3DNS Controller in the following locations:

  • Release notes
    The release note for the current version of the 3DNS Controller is available from the home page of the F5 Configuration utility. The release note contains the latest information for the current version, including a list of new features and enhancements, a list of fixes, and, in some cases, a list of known issues.
  • Online help for 3DNS Controller features
    You can find help online in three different locations:
    • The F5 Configuration utility home page has a PDF version of this administrator guide. Note that some 3DNS Controller upgrades replace the online administrator guide with an updated version of the guide.
    • The F5 Configuration utility also has online help for each screen. Simply click the Help button in the toolbar.
    • Individual commands have online help, including command syntax and examples, in standard UNIX man page format. Simply type the command followed by the question mark option (-?), and the 3DNS Controller displays the syntax and usage associated with the command.
  • Third-party documentation for software add-ons
    The F5 Configuration utility contains online documentation for all third-party software included with the 3DNS Controller, including NameSurfer and GateD.
  • Technical support via the World Wide Web
    The F5 Networks Technical Support web site, http://tech.F5.com, provides the latest technical notes, answers to frequently asked questions, and updates for administrator guides (in PDF format). To access this site, you need to obtain a customer ID and a password from the F5 Help Desk.