4

The big3d Agent

• Working with the big3d agent
• Installing the big3d agent
• Understanding factories run by big3d agents
• Understanding the data collection and broadcasting sequence
• Setting up communication between 3-DNS systems and other servers

Working with the big3d agent

The big3d agent collects performance information on behalf of the 3-DNS. The big3d agent runs on 3-DNS, BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems; the default setting is to run a big3d agent on all of these systems in the network, but you can turn off the big3d agent on any system at any time.

Setting up data collection with the big3d agent

Setting up the big3d agents involves the following tasks:

• Installing big3d agents on BIG-IP, EDGE-FX Cache, and GLOBAL-SITE
  Each new version of the 3-DNS software includes the latest version of the big3d agent. You need to distribute that copy of the big3d agent to each BIG-IP, EDGE-FX Cache, and GLOBAL-SITE in the network. See the release notes provided with the 3-DNS for information about which BIG-IP, EDGE-FX Cache, and GLOBAL-SITE versions the current big3d agent supports. For details on installing the big3d agent, see Installing the big3d agent, on page 4-2 .
• Specifying which factories a specific big3d agent manages
  When you define 3-DNS, BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems in the configuration, you can change the default big3d agent settings by changing the factories settings on a specific system. You can change the number of factories the big3d agent runs, and turn specific factories on and off. For more information on factories, see Understanding factories run by big3d agents, on page 4-3 .
• Setting up communications between big3d agents and other systems
  Before the big3d agents can communicate with the 3-DNS systems in the network, you need to configure the appropriate ports and tools to allow communication between the devices running the big3d agent and 3-DNS systems in the network. These planning issues are discussed in Setting up communication between 3-DNS systems and other servers, on page 4-6 .
  
  

Collecting path data and server performance metrics

A big3d agent collects the following types of performance information used for load balancing. This information is broadcast to all 3-DNS systems in your network.

• Virtual server availability
  The big3d agent queries virtual servers to verify whether they are up and available to receive connections. For name resolution, the 3-DNS uses only those virtual servers that are up.
• Network path round trip time
  The big3d agent calculates the round trip time for the network path between the data center and the client's LDNS server that is making the resolution request. The round trip time is used to determine the best virtual server to answer the request when you use the Round Trip Times or the Quality of Service load balancing modes.
• Network path packet loss
  The big3d agent calculates the packet completion percentage for the network path between the data center and the client's LDNS server that is making the resolution request. Packet completion is used to determine the best virtual server to answer the request when you use the Completion Rate or the Quality of Service load balancing modes.
• Router hops along the network path
  The big3d agent calculates the number of intermediate systems transitions (router hops) between the data center and the client's LDNS server. Hops are used to determine the best virtual server to answer the request when you use the Hops or the Quality of Service load balancing modes.
• Server performance
  The big3d agent calculates server metrics, such as the packet rate for BIG-IP systems or SNMP-enabled hosts. Packet rate is used to determine the best virtual server to answer the request when you use the Packet Rate or the Quality of Service load balancing modes.
• Virtual server performance
  The big3d agent calculates the number of connections to virtual servers defined on BIG-IP systems or SNMP-enabled hosts. The number of virtual server connections is used to determine the best virtual server when using the Least Connections load balancing mode.
  
  

Installing the big3d agent

You can easily install the big3d agent on the BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems in your network by using the 3-DNS Maintenance menu.

To install the big3d agent from the command line

1. Log on to the 3-DNS using either a remote shell, a serial terminal, or a keyboard and monitor attached directly to the system.
2. At the command prompt, type 3dnsmaint.
   The 3-DNS Maintenance menu opens.
3. Choose the Install and Start big3d command from the menu, and press Enter.
   
   

Understanding factories run by big3d agents

To gather performance information, the big3d agent uses different types of factories. A factory is a process that collects different types of data. The big3d agent currently supports the following factory types:

• Prober factory
  A prober factory collects several types of information using ICMP, TCP, UDP, DNS_DOT, or DNS_REV protocols. This factory queries host virtual servers and local DNS servers. Host virtual servers are checked to determine their up or down state. For local DNS servers, the prober factory uses the response time to calculate the round trip time and packet loss between the LDNS and the data center.
• Hops factory
  A hops factory uses the traceroute method to calculate the number of intermediate systems transitions (or router hops) along the network path between a specific data center and a client LDNS.
• SNMP factory
  An SNMP factory queries the SNMP agents that run on host servers to collect performance metrics for the host.
• ECV factory
  When you have set up extended content verification (ECV) service monitors for wide IPs, an ECV factory performs a more extensive availability check than the prober factories. (For more information on ECV service monitors, see Chapter 6, Extended Content Verification (ECV) .
  
  

  The standard configuration specifies that each 3-DNS, BIG-IP, EDGE-FX Cache, and GLOBAL-SITE in the network run a big3d agent using five prober factories, one SNMP factory, no hops factories, and five ECV factories. You can change the number of factories that the big3d agent runs either by using the Configuration utility, or by editing the server definition in the wideip.conf file.

To edit the factory settings for a 3-DNS using the Configuration utility

1. In the navigation pane, click Servers, and then click 3-DNS.
   The 3-DNS List screen opens.
2. In the list, click the name of the 3-DNS that you want to modify.
   The Modify 3-DNS screen opens.
3. Make the changes to the factory settings that you want to make, and click Update. For more information on the settings on this screen, click Help on the toolbar.
   
   

To edit the factory settings for a BIG-IP using the Configuration utility

1. In the navigation pane, click Servers, and then click BIG-IP.
   The BIG-IP List screen opens.
2. In the list, click the name of the BIG-IP that you want to modify.
   The Modify BIG-IP screen opens.
3. Make the changes to the factory settings that you want to make, and click Update. For more information on the settings on this screen, click Help on the toolbar.
   
   

To edit the factory settings for an EDGE-FX Cache using the Configuration utility

1. In the navigation pane, click Servers, and then click EDGE-FX Cache.
   The EDGE-FX Cache List screen opens.
2. In the list, click the name of the EDGE-FX Cache that you want to modify.
   The Modify EDGE-FX Cache screen opens.
3. Make the changes to the factory settings that you want to make, and click Update. For more information on the settings on this screen, click Help on the toolbar.
   
   

To edit the factory settings for a GLOBAL-SITE using the Configuration utility

1. In the navigation pane, click Servers, and then click GLOBAL-SITE.
   The GLOBAL-SITE List screen opens.
2. In the list, click the name of the GLOBAL-SITE that you want to modify.
   The Modify GLOBAL-SITE screen opens.
3. Make the changes to the factory settings that you want to make, and click Update. For more information on the settings on this screen, click Help on the toolbar.
   
   

To edit the factory settings from the command line

1. From the command line, type 3dnsmaint.
   The 3-DNS Maintenance menu opens.
2. Select Edit 3-DNS Configuration, and press Enter.
3. Find the server definition that you want to modify and make your changes. For an example, see any of the server definitions in Appendix A, 3-DNS Configuration File .
   
   

Understanding the data collection and broadcasting sequence

The big3d agents collect and broadcast information on demand. The principal 3-DNS in a sync group issues a data collection request to all big3d agents running in the network. In turn, the big3d agents collect the requested data using factories, and then broadcast that data to all 3-DNS systems running in the network, including the principal 3-DNS that issued the request.

Tracking LDNS probe states

The 3-DNS tracks the state of path data collection for each LDNS that has ever requested a name resolution from the system. Table 4.1 shows the states that can be assigned to an LDNS. Note that you can view the state of LDNS servers in the Local DNS Statistics screen in the Configuration utility.

Evaluating big3d agent configuration trade-offs

You must run a big3d agent on each BIG-IP, 3-DNS, EDGE-FX Cache, and GLOBAL-SITE if you are using dynamic load balancing modes (those that rely on path data) on the 3-DNS. You must have a big3d agent running on at least one system in each data center to gather the necessary path metrics.

The load on the big3d agents depends on two factors: the timer settings that you assign to the different types of data the big3d agents collect, and the number of factories that each big3d agent runs. The shorter the timers, the more frequently the big3d agent needs to refresh the data. While short timers guarantee that you always have valid data readily available for load balancing, they also increase the frequency of data collection. The more factories a big3d agent runs, the more metrics it can refresh at one time, and the more quickly it can refresh data for the 3-DNS.

Another factor that can affect data collection is the number of client LDNS servers that make name resolution requests. The more LDNS servers that make resolution requests, the more path data that the big3d agents have to collect. While round trip time for a given path may vary constantly due to current network load, the number of hops along a network path between a data center and a specific LDNS does not often change. Consequently, you may want to set short timer settings for round trip time data so that it refreshes more often, but set high timer settings for hops data because it does not need to be refreshed often.

Setting up communication between 3-DNS systems and other servers

In order to copy big3d agents from a 3-DNS to BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems, the 3-DNS must be able to communicate with those systems. If you use exclusively crypto systems, or exclusively non-crypto systems, the communication tools you configure when you run the Setup utility are all you need. Crypto systems all use ssh and scp, and non-crypto systems all use rsh and rcp.

However, if your network is a mixed environment, where some systems are crypto and other systems are non-crypto, you need to enable the rsh and rcp tools on the crypto systems so that they can communicate with the non-crypto systems. These tools are pre-installed on all crypto systems, however, you must explicitly enable them.

To enable RSH on a crypto system from the command line

1. Type config, and press Enter.
   The Setup utility opens.
2. From the menu, select (R) Configure RSH, and press Enter.
3. Follow the onscreen instructions to enable the rsh and rcp tools.
   
   

Note: You can disable rsh and rcp access at any time by following these same steps.

Table 4.2 shows the ports and protocols that 3-DNS uses to communicate with crypto and non-crypto BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems. Note that GLOBAL-SITE is only available as a crypto system.

Note that if you run big3d agents in a mixed crypto/non-crypto environment, the crypto systems automatically turn off Blowfish encryption when communicating with non-crypto systems. When communicating with crypto systems, however, crypto 3-DNS systems use Blowfish encryption after the iQuery encryption key has been copied to all crypto 3-DNS, BIG-IP, EDGE-FX Cache, and GLOBAL-SITE systems.

To create and distribute the iQuery encryption key from the command line

1. From the command line, type 3dnsmaint.
   The 3-DNS Maintenance menu opens.
2. Select Generate and Copy iQuery Encryption Key, and press Enter.
3. Follow the onscreen instructions to generate and copy the iQuery encryption key to the crypto systems in your network.
   
   

Setting up iQuery communications for the big3d agent

The iQuery protocol uses one of two ports to communicate between the big3d agents and 3-DNS systems. The ports used by iQuery traffic change, depending on whether the traffic is inbound from the big3d agent or outbound from the 3-DNS.

Table 4.3 shows the protocols, ports, and iQuery settings for both inbound and outbound iQuery communications between 3-DNS systems and big3d agents distributed in your network.

You can configure the multiplex and alternate port globals using the Configuration utility.

To configure the multiplex and alternate port settings using the Configuration utility

1. In the navigation pane, click System.
   The System - General screen opens.
2. Check the iQuery Settings, Use Alternate Port (port 4353) box specify that iQuery traffic use port 4353 (the preferred, registered port). Clear the check box if you want iQuery traffic to use the old port, 245.
3. Check the iQuery Settings, Multiplex box if you want UDP-based iQuery traffic to be sent and received on the same port (245 or 4353), and you want traffic from the big3d agent to use port 4354.
4. For more information, click Help on the toolbar.
   
   

   Table 4.4 shows the protocols and corresponding ports used for iQuery communications between big3d agents and SNMP agents that run on host servers.

   Communication protocols and ports between big3d agents and SNMP agents

   From	To	Protocol	From Port	To Port	Purpose
   big3d agent	host SNMP agent	UDP	>1023	161	Ephemeral ports used to make SNMP queries for host statistics
   host SNMP agent	big3d agent	UDP	161	>1024	Ephemeral ports used to receive host statistics using SNMP

   If you run a big3d agent on a 3-DNS, or a BIG-IP, and you set the SNMP prober factory count to 1 or higher, the big3d agent automatically opens the appropriate UDP ports to allow for SNMP communications. If you do not want to open the UDP ports for this purpose, you need to set the SNMP factory count to 0.

Allowing iQuery communications to pass through firewalls

The payload information of an iQuery packet contains information that potentially requires translation when there is a firewall in the path between the big3d agent and the 3-DNS. The firewall translates only the packet headers, not the payloads.

The virtual server translation option resolves this issue. With virtual server translation configured, the iQuery packet stores the original IP address in the packet payload itself. When the packet passes through a firewall, the firewall translates the IP address in the packet header normally, but the IP address within the packet payload is preserved. The 3-DNS reads the IP address out of the packet payload, rather than out of the packet header.

In the example configuration shown in Figure 4.1 , a firewall separates the path between a BIG-IP running a big3d agent and the 3-DNS. The packet addresses are translated at the firewall. However, addresses within the iQuery payload are not translated, and they arrive at the BIG-IP in their original states.

Figure 4.1 Translating packet address through the firewall

Communications for remote administration of the 3-DNS

The Configuration utility is a browser-based utility through which you can administer the 3-DNS from a remote workstation. Table 4.5 shows the ports that are used for remote administrative connections to the 3-DNS web server, which hosts the Configuration utility.

Communications between 3-DNS, big3d agents, and local DNS servers

Table 4.6 shows the ports on which the 3-DNS receives and responds to DNS resolution requests issued by local DNS servers.

Table 4.7 shows the protocols and ports that the big3d agent uses when collecting path data for local DNS servers.