Applies To:
Show Versions
3-DNS Controller versions 1.x - 4.x
- 4.1.1, 4.1.0
1
Introduction
- Getting started
- Using the Administrator Kit
- Finding help and technical support resources
- What is the 3-DNS Controller?
- Managing traffic on a global network
- What's new
Getting started
The 3-DNS Administrator Guide is designed to help you quickly configure your 3-DNS Controller to manage your wide-area network traffic and DNS. The Administrator Guide contains the following chapters:
- Essential Configuration Tasks
This chapter describes the tasks you must complete, regardless of the type of wide-area traffic management you want to configure. - Configuring a Globally Distributed Network
This chapter describes the tasks you complete to set up a globally distributed network. - Configuring a Content Delivery Network
This chapter describes the tasks you complete to set up a network that includes a CDN provider. - Adding 3-DNS Controllers to the Network
This chapter describes the tasks you complete to configure additional 3-DNS Controllers in a network that already contains one or more 3-DNS Controllers. - Administration and Monitoring
This chapter describes the administrative tasks you complete for the 3-DNS Controller, as well as the monitoring tools that are provided with the controller. - Additional Load Balancing Options
This chapter describes the specialized load balancing modes, such as Quality of Service, that are available on the 3-DNS Controller.
Choosing a configuration tool
The 3-DNS Controller provides the following web-based and command line administrative tools that make for easy setup and configuration.
First-Time Boot utility
The First-Time Boot utility is a wizard that walks you through the initial system setup. The utility helps you quickly define basic system settings, such as a root password and the IP addresses for the interfaces that connect the 3-DNS Controller to the network. The First-Time Boot utility also helps you configure access to the 3-DNS web server, which hosts the web-based Configuration utility, as well as the NameSurferTM application that you can use for DNS zone file management.
Configuration utility
The Configuration utility is a web-based application that you use to configure and monitor the 3-DNS Controller. Using the Configuration utility, you can define the load balancing configuration along with the network setup, including data centers, sync groups, and servers used for load balancing and path probing. In addition, you can configure advanced features such as topology settings and SNMP agents. The Configuration utility also monitors network traffic, current connections, load balancing statistics, performance metrics, and the operating system itself.
The 3-DNS web server, which hosts the Configuration utility, provides convenient access to downloads such as the SNMP MIB and documentation for third-party applications such as NameSurfer.
NameSurfer application
The NameSurfer application is a third-party application that automatically configures DNS zone files associated with domains handled by the 3-DNS Controller. You can use NameSurfer to configure and maintain additional DNS zone files on 3-DNS Controllers that run as master DNS servers. The Configuration utility provides direct access to the NameSurfer application, as well as the corresponding documentation for the application. Please note that your license allows you to manage a maximum of 100 IP addresses in the NameSurfer application. For more information, refer to the end-user license agreement included in your product shipment.
3-DNS Maintenance menu
The 3-DNS Maintenance menu is a command line utility that executes scripts which assist you in configuration and administrative tasks, such as installing the latest version of the big3d agent on all your systems, or editing the load balancing configuration files. You can use the 3-DNS Maintenance menu directly on the 3-DNS Controller, or you can use the menu when connected to the controller using a remote shell, such as the SSH client (ssh is configured on crypto 3-DNS Controllers only), or a standard RSH client (if rsh is configured).
Browser support
The Configuration utility, which provides web-based access to the 3-DNS Controller system configuration and features, supports the following browser versions:
- Netscape Navigator 4.5 and 4.7
- Microsoft Internet Explorer, version 4.02 or later
Using the Administrator Kit
The 3-DNS Administrator Kit provides simple steps for quick, basic configuration, and also provides detailed information about more advanced features and tools, such as the 3dnsmaint command line utility. The information is organized into the guides described as follows.
- 3-DNS Installation Guide
The 3-DNS Installation Guide walks you through the basic steps needed to get the hardware plugged in and the system connected to the network. Most users turn to this guide only the first time that they set up a 3-DNS Controller. The Installation Guide also covers general network administration issues, such as setting up common network administration tools including Sendmail. - 3-DNS Administrator Guide
The 3-DNS Administrator Guide provides examples of common wide-area load balancing solutions supported by the 3-DNS Controller. For example, in the Administrator Guide, you can find everything from a basic DNS request load balancing solution to a more advanced content acceleration load balancing solution. - 3-DNS Reference Guide
The 3-DNS Reference Guide provides basic descriptions of individual 3-DNS Controller objects, such as wide IPs, pools, virtual servers, load balancing modes, the big3d agent, resource records, and production rules. It also provides syntax information for 3dnsmaint commands, configuration utilities, the wideip.conf file, and system utilities.
Note: If you are configuring the 3-DNS module on the BIG-IP Controller, use the BIG-IP Installation Guide to set up and configure the hardware.
Stylistic conventions
To help you easily identify and understand certain types of information, this documentation uses the stylistic conventions described below.
Warning: All examples in this documentation use only non-routable IP addresses. When you set up the solutions we describe, you must use IP addresses suitable to your own network in place of our sample IP addresses.
Identifying new terms
When we first define a new term, the term is shown in bold italic text. For example, a wide IP is a mapping of a fully-qualified domain name to a set of virtual servers that host the domain's content.
Identifying references to objects, names, and commands
We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, the nslookup command requires that you include at least one <ip_address> variable.
Identifying references to other documents
We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about 3dnsmaint commands in the 3-DNS Reference Guide.
Identifying command syntax
We show actual, complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command sets the 3-DNS Controller load balancing mode to Round Robin:
lb_mode rr
Table 1.1 explains additional special conventions used in command line syntax.
Finding help and technical support resources
You can find additional technical documentation about the 3-DNS Controller in the following locations:
- Release notes
Release notes for the 3-DNS Controller are available from the home page of the Configuration utility. The release note contains the latest information for the current version including a list of new features and enhancements, a list of fixes, and a list of known issues. - Online help for 3-DNS Controller features
You can find help online in three different locations:
- The Configuration utility home page has PDF versions of the guides included in the Administrator Kit. The 3-DNS Controller software upgrades replace the guides with updated versions as appropriate.
- The Configuration utility has online help for each screen. Simply click the Help button in the toolbar.
- Individual commands have online help, including command syntax and examples, in standard UNIX man page format. Type the command followed by the question mark option (-?), and the 3-DNS Controller displays the syntax and usage associated with the command.
- Third-party documentation for software add-ons
The Configuration utility contains online documentation for the third-party software included with the 3-DNS Controller, including NameSurfer. - Technical support through the World Wide Web
The F5 Networks Technical Support web site, http://tech.F5.com, contains the AskF5 knowledge base and provides the latest technical notes and updates for administrator guides (in PDF and HTML formats). To access this site you must first email askf5@f5.com and obtain a customer ID and a password.
What is the 3-DNS Controller?
The 3-DNS Controller is a network appliance that manages and balances traffic over global networks. The 3-DNS Controller manages network traffic patterns using load balancing algorithms, topology-based routing, and production rules that control and distribute traffic according to specific policies. The system is highly configurable, and its web-based and command line configuration utilities allow for easy system setup and monitoring.
The 3-DNS Controller provides a variety of features that meet special needs. For example, with this product you can:
- Configure a content delivery network with a CDN provider
- Guarantee multiple port availability for e-commerce sites
- Provide dynamic persistence by maintaining a mapping between an LDNS IP address and a virtual server in a wide IP pool
- Direct local clients to local servers for globally-distributed sites using Topology load balancing
- Change the load balancing configuration according to current traffic patterns or time of day
- Customize load balancing modes
- Set up load balancing among BIG-IP Controllers, EDGE-FX Caches, and other load-balancing hosts
- Monitor real-time network conditions
Internet protocol and network management support
The 3-DNS Controller supports both standard DNS protocol and the 3-DNS Controller iQuery protocol (a protocol used for collecting dynamic load balancing information). The 3-DNS Controller also supports administrative protocols, such as Simple Network Management Protocol (SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for performance monitoring and notification of system events. For administrative purposes, you can use SSH (distributed only on crypto 3-DNS Controllers), RSH, Telnet, and FTP. The Configuration utility supports HTTPS, for secure web browser connections using SSL (distributed only on crypto 3-DNS Controllers), as well as standard HTTP connections.
The 3-DNS Controller's SNMP agent allows you to monitor status and current traffic flow using popular network management tools, including the Configuration utility. The SNMP agent provides detailed data such as current connections being handled by each virtual server.
Security features
The 3-DNS Controller offers a variety of security features that can help prevent hostile attacks on your site or equipment.
- Secure administrative connections
Crypto versions of 3-DNS Controllers support Secure Shell (SSH) administrative connections using the Mindterm SSH Console, for browser-based remote administration, and SSH for remote administration. The 3-DNS web server, which hosts the web-based Configuration utility, supports SSL connections as well as user authentication. - Secure iQuery communications
Crypto versions of 3-DNS Controllers also support Blowfish encryption for iQuery communications between 3-DNS Controllers and other appliances running the big3d agent. - TCP wrappers
TCP wrappers provide an extra layer of security for network connections.
Configuration scalability
The 3-DNS Controller is a highly scalable and versatile solution. You can configure the 3-DNS Controller to manage up to several hundred domain names, including full support of domain name aliases. The 3-DNS Controller supports a variety of media options, including Fast Ethernet, Gigabit Ethernet, and FDDI; the controller also supports multiple network interface cards that can provide redundant or alternate paths to the network.
Note: If you use NameSurfer to manage your DNS zone files, you can configure only up to 100 IP addresses and domain names.
System synchronization options
The 3-DNS Controller sync group feature allows you to automatically synchronize configurations from one 3-DNS Controller to the other 3-DNS Controllers in the network, simplifying administrative management. The synchronization feature offers a high degree of administrative control. For example, you can set the controller to synchronize a specific configuration file set, and you can also set which 3-DNS Controllers in the network receive the synchronized information and which ones do not.
Configuring data collection for server status and network path data
The 3-DNS Controller platform includes a big3d agent, which is an integral part of 3-DNS Controller load balancing. The big3d agent continually monitors the availability of the servers that the 3-DNS Controller load balances. It also monitors the integrity of the network paths between the servers that host the domain and the various local DNS servers that attempt to connect to the domain. The big3d agent runs on 3-DNS Controllers, BIG-IP Controllers, EDGE-FX Caches, and GLOBAL-SITE Controllers distributed throughout your network. Each big3d agent broadcasts its collected data to all of the 3-DNS Controllers in your network, ensuring that all 3-DNS Controllers work with the latest information.
The big3d agent offers a variety of configuration options that allow you to choose the data collection methods you want to use. For example, you can configure the big3d agent to track the number of hops (intermediate system transitions) along a given network path, and you can also set the big3d agent to collect host server performance information using the SNMP protocol. For further details on the big3d agent, refer to Chapter 3, The big3d Agent, in the 3-DNS Reference Guide.
Redundant system configurations
A redundant system is essentially a pair of 3-DNS Controller units, one operating as an active unit responding to DNS queries, and one operating as a standby unit. If the active unit fails, the standby unit takes over and begins to respond to DNS queries while the other controller reboots and becomes a standby unit.
The 3-DNS Controller actually supports two methods of checking the status of the peer system in a redundant system:
- Hardware-based fail-over
In a redundant system that has been set up with hardware-based fail-over, the two units in the system are connected to each other directly using a fail-over cable attached to the serial ports. The standby controller checks on the status of the active controller every second using this serial link. - Network-based fail-over
In a redundant system that has been set up with network-based fail-over, the two units in the system communicate with each other across an Ethernet network instead of going across a dedicated fail-over serial cable. The standby controller checks on the status of the active controller every second using the Ethernet.
Note: In a network-based fail-over configuration, the standby 3-DNS Controller immediately takes over if the active unit fails. If a client had queried the failed controller, and not received an answer, it automatically re-issues the request (after 5 seconds) and the standby unit, functioning as the active controller, responds.
Managing traffic on a global network
This section provides a brief overview of how 3-DNS Controllers work within a global network and how they interact with BIG-IP Controllers, EDGE-FX Caches, GLOBAL-SITE Controllers, and host machines in the network. The section also illustrates how the 3-DNS Controller works with the big3d agents that run in various locations in the network, and with the local DNS servers that make DNS requests on behalf of clients connecting to the Internet.
The following sample configuration shows the 3-DNS Controllers that load balance connections for a sample Internet domain, domain.com.
A sample network layout
The 3-DNS Controllers in your network sit in specific data centers, and work in conjunction with BIG-IP Controllers, EDGE-FX Caches, GLOBAL-SITE Controllers, and host servers that also sit in your network data centers. All 3-DNS Controllers in the network can receive and respond to DNS resolution requests from the LDNS servers that clients use to connect to the domain.
Figure 1.1 illustrates the layout of the 3-DNS Controllers, the BIG-IP Controllers, and the host servers in the three data centers. The Los Angeles data center houses one 3-DNS Controller and one BIG-IP Controller, as does the New York data center. The Tokyo data center houses only one 3-DNS Controller and one host server.
In the Los Angeles and New York data centers, the big3d agent runs on the BIG-IP Controllers and the 3-DNS Controllers, but in the Tokyo data center, the big3d agent runs only on the 3-DNS Controller. Each big3d agent collects information about the network path between the data center where it is running and the client's LDNS server in Chicago, as illustrated by the red lines. Each big3d agent also broadcasts the network path information it collects to the 3-DNS Controllers running in each data center, as illustrated by the green, blue, and purple lines.
Note: Each BIG-IP Controller, EDGE-FX Cache, GLOBAL-SITE Controller, and 3-DNS Controller in a data center typically runs a big3d agent.
Figure 1.1 A sample network layout
Synchronizing configurations and broadcasting performance metrics
The 3-DNS Controllers typically work in sync groups, where a group of controllers shares load balancing configuration settings. In a sync group, any controller that has new configuration changes can broadcast the changes to any other controller in the sync group, allowing for easy administrative maintenance. To distribute metrics data among the controllers in a sync group, the principal 3-DNS Controller sends requests to the big3d agents in the network, asking them to collect specific performance and path data. Once the big3d agents collect the data, they each broadcast the collected data to all controllers in the network, again allowing for simple and reliable metrics distribution.
Using a 3-DNS Controller as a standard DNS server
When a client requests a DNS resolution for a domain name, an LDNS sends the request to the 3-DNS Controller that is authoritative for the zone. The 3-DNS Controller first chooses the best available virtual server out of a pool to respond to the request, and then returns a DNS resource record to the requesting local DNS server. The LDNS server uses the answer for the period of time defined within the resource record. Once the answer expires, however, the LDNS server must request name resolution all over again to get a fresh answer.
Figure 1.2 DNS name resolution process
Figure 1.2 illustrates the specific steps in the name resolution process.
- The client connects to an Internet Service Provider (ISP) and queries the local DNS server to resolve the domain name www.domain.com.
- If the information is not already in the LDNS server's cache, the local DNS server queries a root server (such as InterNIC's root servers). The root server returns the IP address of a DNS associated with www.domain.com, which in this case runs on the 3-DNS Controller.
- The LDNS then connects to the 3-DNS Controller looking to resolve the www.domain.com name. The 3-DNS Controller uses a load balancing mode to choose an appropriate virtual server to receive the connection, and then returns the virtual server's IP address to the LDNS.
- The LDNS ends the connection to the 3-DNS Controller and passes the IP address to the client.
- The client connects to the IP address through an ISP.
Load balancing connections across the network
Each of the 3-DNS Controller load balancing modes can provide efficient load balancing for any network configuration. The 3-DNS Controller bases load balancing on pools of virtual servers. When a client requests a DNS resolution, the 3-DNS Controller uses the specified load balancing mode to choose a virtual server from a pool of virtual servers. The resulting answer to this resolution request is returned as a standard A record.
Although some load balancing configurations can get complex, most load balancing configurations are relatively simple, whether you use a static load balancing mode or a dynamic load balancing mode. More advanced configurations can incorporate multiple pools, as well as advanced traffic control features, such as topology or production rules.
For more information on specific load balancing modes, see Load Balancing in the 3-DNS Reference Guide. For more information on load balancing configurations, review the sample configurations in Chapter 3, Configuring a Globally-Distributed Network , and Chapter 4, Configuring a Content Delivery Network . If you are unfamiliar with the 3-DNS Controller, you may also want to review Chapter 2, Essential Configuration Tasks .
Working with BIG-IP Controllers and other products
The 3-DNS Controller balances connections across a group of virtual servers that run in different data centers throughout the network. You can manage virtual servers from the following types of products:
- BIG-IP Controllers
A BIG-IP Controller virtual server maps to a series of content servers. - EDGE-FX Caches
An EDGE-FX Cache virtual server maps to cached content that gets refreshed at frequent intervals. - Generic hosts
A host virtual server can be an IP address or an IP alias that hosts the content. - Other load balancing hosts
Other load balancing hosts map virtual servers to a series of content hosts.Figure 1.3 illustrates the hierarchy of how the 3-DNS Controller manages virtual servers.
Comparing 3-DNS Controllers and BIG-IP Controllers
While both controllers provide load balancing, one of the significant differences between the 3-DNS Controller and the BIG-IP Controller is that the 3-DNS Controller responds to DNS requests issued by an LDNS on behalf of a client, while the BIG-IP Controller provides connection management between a client and a back-end server.
Once the 3-DNS Controller returns a DNS answer to an LDNS, the conversation between the LDNS and the 3-DNS Controller ends, and the client connects to the IP address returned by the 3-DNS Controller. Unlike the 3-DNS Controller, the BIG-IP Controller sits between the client and the content servers. It manages the client's entire conversation with the content server.
What's new
The 3-DNS Controller offers the following major new features in addition to many other enhancements.
GLOBAL-SITE Controller server type
The 3-DNS Controller can now collect network metrics from GLOBAL-SITE Controllers, using iQuery and the big3d agent. Note that the GLOBAL-SITE Controller does not manage virtual servers, and is not used for load balancing. For information on configuring GLOBAL-SITE Controllers, refer to Defining GLOBAL-SITE Controllers, on page 2-20 .
Split from BIND
The DNS engine for the 3-DNS Controller no longer relies on BIND for DNS resolution. Multiple benefits include:
- You can upgrade the version of BIND independently of 3-DNS Controller upgrades.
- You can use the 3-DNS Controller to load balance DNS queries to your wide IPs, and redirect other DNS requests to an alternate DNS server.
- You can now add an unlimited number of wide IP aliases to your configuration.
- You can use the following wildcard characters in wide IP names and aliases:
- The asterisk character ( * ) can replace multiple characters in a wide IP name or alias.
- The question mark character ( ? ) can replace a single character in a wide IP name or alias.
For more information about using wildcard characters, please see the online help for either the Add a New Wide IP screen or the Modify a Wide IP Alias screen, in the Configuration utility.
User administration
The 3-DNS Controller now has a partial read/write user level. When you assign the partial read/write level to a user, he or she can enable or disable servers, virtual servers, and wide IPs, but cannot add or delete any part of the configuration. For more information on configuring user administration in the Configuration utility, please see the online help for the User Administration screen. For more information on user administration in general, please refer to Chapter 6, Administration and Monitoring .
