configuration guide for big-ip global traffic management, version 9.4.3[1]

Configuration Guidefor BIG-IP® Global Traffic Management

version 9.4

MAN-0240-00

Service and Support Information

Product VersionThis manual applies to product version 9.4 of the BIG-IP® Global Traffic Manager.

Publication DateThis manual was published on May 3, 2010.

Legal Notices

CopyrightCopyright 1998-2010, F5 Networks, Inc. All rights reserved.

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice.

TrademarksF5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, iControl, Internet Control Architecture, IP Application Switch, iRules, OneConnect, Packet Velocity, SYN Check, Control Your World, ZoneRunner, uRoam, FirePass, TrafficShield, Swan, WANJet, WebAccelerator, and TMOS are registered trademarks or trademarks, and Ask F5 is a service mark, of F5 Networks, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. F5 Networks' trademarks may not be used in connection with any product or service except as permitted in writing by F5.

PatentsThis product protected by U.S. Patents 6,374,300; 6,473,802; 6,970,933. Other patents pending.

Export Regulation NoticeThis product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States.

RF Interference WarningThis is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.

FCC ComplianceThis equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference.

Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules.

Configuration Guide for BIG-IP® Global Traffic Management i

Canadian Regulatory ComplianceThis class A digital apparatus complies with Canadian I CES-003.

Standards ComplianceThis product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture.

AcknowledgmentsThis product includes software developed by Gabriel Forté.

This product includes software developed by Bill Paul.

This product includes software developed by Jonathan Stone.

This product includes software developed by Manuel Bouyer.

This product includes software developed by Paul Richards.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by the Politecnico di Torino, and its contributors.

This product includes software developed by the Swedish Institute of Computer Science and its contributors.

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.

This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by the University of Vermont and State Agricultural College and Garrett A. Wollman.

In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems. "Similar operating systems" includes mainly non-profit oriented systems for research and education, including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).

This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/).

This product includes software licensed from Richard H. Porter under the GNU Library General Public License (© 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.

This product includes the standard version of Perl software licensed under the Perl Artistic License (© 1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at http://www.perl.com.

ii

This product includes software developed by Jared Minch.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young ([email protected]).

This product contains software based on oprofile, which is protected under the GNU Public License.

This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html) and licensed under the GNU General Public License.

This product contains software licensed from Dr. Brian Gladman under the GNU General Public License (GPL).

This product includes software developed by the Apache Software Foundation <http://www.apache.org/>.

This product includes Hypersonic SQL.

This product contains software developed by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation, and others.

This product includes software developed by the Internet Software Consortium.

This product includes software developed by Nominum, Inc. (http://www.nominum.com).

This product contains software developed by Broadcom Corporation, which is protected under the GNU Public License.

Configuration Guide for BIG-IP® Global Traffic Management iii

Table of Contents

Table of Contents

1Introducing the Global Traffic Manager

Introducing the BIG-IP system .....................................................................................................1-1Introducing the Global Traffic Manager .....................................................................................1-2

Overview of Global Traffic Manager Resources ............................................................1-2Internet protocol and network management support ..................................................1-4Security features ....................................................................................................................1-4Configuration scalability .......................................................................................................1-5System synchronization options .........................................................................................1-5Configuring data collection for server status and network path data .......................1-5Redundant system configurations ......................................................................................1-6Monitoring the Global Traffic Manager and the network ............................................1-6

Using the Configuration Guide ....................................................................................................1-7Additional information ..........................................................................................................1-8

Introducing the Configuration utility ....................................................................................... 1-10Configuration utility components ................................................................................... 1-10Browser support ................................................................................................................. 1-11

Stylistic conventions in this document .................................................................................... 1-11Using the solution examples ............................................................................................ 1-11Identifying new terms ......................................................................................................... 1-11Identifying references to products .................................................................................. 1-11Identifying references to objects, names, and commands ......................................... 1-11Identifying references to other documents .................................................................. 1-12Identifying command syntax ............................................................................................. 1-12

Finding help and technical support resources ....................................................................... 1-13

2Setting up the Global Traffic Manager

Introducing the Global Traffic Manager setup tasks ...............................................................2-1Defining the Global Traffic Manager ...........................................................................................2-2Establishing system communications ..........................................................................................2-4

Defining the systems in the Global Traffic Manager ......................................................2-5Running the gtm_add utility .................................................................................................2-6Running the big3d_install utility ..........................................................................................2-6Running the bigip_add utility ...............................................................................................2-7

Configuring synchronization settings ..........................................................................................2-8Defining NTP servers ............................................................................................................2-9Activating synchronization ...................................................................................................2-9Controlling file synchronization .........................................................................................2-9Synchronizing DNS zone files .......................................................................................... 2-10Creating synchronization groups .................................................................................... 2-11

Configuring auto-discovery ........................................................................................................ 2-12Enabling auto-discovery ..................................................................................................... 2-13Setting the discovery frequency ...................................................................................... 2-13

Configuring global monitor behavior ...................................................................................... 2-14Assigning a heartbeat interval .......................................................................................... 2-14Determining the number of monitor queries .............................................................. 2-15Monitoring disabled resources ........................................................................................ 2-16

Configuration Guide for BIG-IP® Global Traffic Management 1

Table of Contents

3Reviewing Global Traffic Manager Components

Introducing Global Traffic Manager components ....................................................................3-1Reviewing physical components ..................................................................................................3-2

Data centers ............................................................................................................................3-2Servers ......................................................................................................................................3-2Links ..........................................................................................................................................3-2Virtual servers ........................................................................................................................3-3

Reviewing logical components .....................................................................................................3-3Listeners ...................................................................................................................................3-3Wide IPs ...................................................................................................................................3-3Pools .........................................................................................................................................3-4Distributed applications ........................................................................................................3-4

4Working with Listeners

Introducing listeners .......................................................................................................................4-1Creating a listener for local resolution ......................................................................................4-2Configuring listeners for traffic forwarding ..............................................................................4-3Configuring a wildcard listener ....................................................................................................4-4Modifying listeners ..........................................................................................................................4-4Deleting listeners ............................................................................................................................4-5Using listeners with VLANs ..........................................................................................................4-6

Setting up a listener for all VLANs ....................................................................................4-6Enabling a listener for specific VLANs ..............................................................................4-6Disabling a listener for specific VLANs .............................................................................4-7

Understanding listeners: an example ..........................................................................................4-8

5Defining the Physical Network

Introducing physical network components ...............................................................................5-1Managing data centers ....................................................................................................................5-2

Configuring data centers ......................................................................................................5-2Modifying data centers ..........................................................................................................5-3Deleting data centers ............................................................................................................5-3Enabling and disabling data centers ....................................................................................5-4

Managing servers .............................................................................................................................5-5Defining BIG-IP systems .......................................................................................................5-5Defining load balancing servers ..........................................................................................5-9Defining host servers ......................................................................................................... 5-11Assigning monitors to servers ......................................................................................... 5-12Setting limit thresholds ...................................................................................................... 5-13Discovering resources automatically ............................................................................. 5-16

Managing virtual servers ............................................................................................................. 5-19Adding virtual servers manually ....................................................................................... 5-19Modifying virtual servers ................................................................................................... 5-20Removing virtual servers ................................................................................................... 5-20

Managing links ............................................................................................................................... 5-21Defining links ........................................................................................................................ 5-21Adding and removing routers .......................................................................................... 5-22Assigning monitors to links .............................................................................................. 5-22Configuring link weighting and billing properties ........................................................ 5-23

2

Table of Contents

6Defining the Logical Network

Introducing logical network components ..................................................................................6-1Understanding logical components ....................................................................................6-1

Setting up pools ...............................................................................................................................6-3Defining pools .........................................................................................................................6-3Adding virtual servers to pools ..........................................................................................6-4Removing virtual servers from pools ................................................................................6-5Organizing virtual servers within pools ............................................................................6-5Weighting virtual servers within pools .............................................................................6-6Disabling and enabling pools ...............................................................................................6-8

Setting up wide IPs ..........................................................................................................................6-9Defining wide IPs ....................................................................................................................6-9Adding pools to wide IPs .................................................................................................. 6-10Removing pools from wide IPs ........................................................................................ 6-11Organizing pools within wide IPs .................................................................................... 6-12Weighting pools within wide IPs ..................................................................................... 6-12Disabling and enabling wide IPs ....................................................................................... 6-14Incorporating iRules ........................................................................................................... 6-14Implementing the noerror response for IPv6 resolution .......................................... 6-16

Setting up distributed applications ........................................................................................... 6-18Defining distributed applications ..................................................................................... 6-18Adding wide IPs to distributed applications .................................................................. 6-19Removing wide IPs from distributed applications ....................................................... 6-19Setting dependencies for distributed applications ....................................................... 6-20Enabling and disabling distributed application traffic ................................................... 6-22Enabling persistent connections ...................................................................................... 6-23

7Load Balancing with the Global Traffic Manager

Understanding load balancing on the Global Traffic Manager ..............................................7-1Using static load balancing modes ...............................................................................................7-3

Drop Packet mode ................................................................................................................7-3Fallback IP ................................................................................................................................7-4Global Availability mode .......................................................................................................7-4None mode .............................................................................................................................7-4Ratio mode ..............................................................................................................................7-5Return to DNS mode ...........................................................................................................7-5Round Robin mode ...............................................................................................................7-5Static Persist mode ................................................................................................................7-5Topology mode ......................................................................................................................7-6

Using dynamic load balancing modes .........................................................................................7-7Types of dynamic load balancing modes ...........................................................................7-7Implementing the Quality of Service load balancing mode ..........................................7-9Using the Dynamic Ratio option ..................................................................................... 7-12

Configuring load balancing ......................................................................................................... 7-14Configuring load balancing methods for wide IPs ....................................................... 7-14Configuring load balancing methods for pools ............................................................. 7-15

Using the fallback load balancing method ............................................................................... 7-16Configuring the fallback load balancing method .......................................................... 7-16

Employing additional load balancing options ......................................................................... 7-18


Table of Contents

8Managing Connections

Introducing connection management .........................................................................................8-1Determining resource health .......................................................................................................8-2Determining resource availability ................................................................................................8-3

Establishing limit settings ......................................................................................................8-3Using monitors to determine availability ..........................................................................8-4Managing dependencies for virtual servers ......................................................................8-7

Resuming connections to resources ....................................................................................... 8-10Establishing persistent connections ......................................................................................... 8-11

Draining persistent requests ............................................................................................ 8-11Setting the last resort pool ........................................................................................................ 8-12

9Working with Topologies

Overview of topologies .................................................................................................................9-1Understanding topologies ....................................................................................................9-1Implementing topologies ......................................................................................................9-2

Setting up and removing topology records ...............................................................................9-3Removing topology records ................................................................................................9-4

Using topology load balancing in a wide IP ...............................................................................9-5Using topology load balancing in a pool ....................................................................................9-6Understanding user-defined regions ...........................................................................................9-7Other load balancing options for topologies ............................................................................9-8

10Configuring Monitors

Introducing monitors .................................................................................................................. 10-1Summary of monitor types ............................................................................................... 10-2Overview of monitor settings .......................................................................................... 10-4Understanding pre-configured and custom monitors ................................................ 10-4

Creating a custom monitor ....................................................................................................... 10-7Configuring monitor settings .................................................................................................... 10-8

Simple monitors .................................................................................................................. 10-8Extended Content Verification (ECV) monitors ....................................................... 10-10External Application Verification (EAV) monitors .................................................... 10-13

Special configuration considerations ..................................................................................... 10-35Setting destinations ........................................................................................................... 10-35Using transparent and reverse modes ......................................................................... 10-35

Associating monitors with resources .................................................................................... 10-37Types of monitor associations ....................................................................................... 10-37

Managing monitors ..................................................................................................................... 10-39Displaying monitor settings ............................................................................................ 10-39Deleting monitors ............................................................................................................. 10-39Enabling and disabling monitor instances .................................................................... 10-40

4

Table of Contents

11Viewing Statistics

Introducing statistics ................................................................................................................... 11-1Accessing statistics ....................................................................................................................... 11-2Viewing the Status Summary screen ........................................................................................ 11-3Understanding the types of statistics ...................................................................................... 11-4

Distributed application statistics ..................................................................................... 11-4Wide IP statistics ................................................................................................................ 11-6Pool statistics ....................................................................................................................... 11-7Data center statistics ......................................................................................................... 11-8Link statistics ...................................................................................................................... 11-10Server statistics ................................................................................................................. 11-11Virtual server statistics .................................................................................................... 11-12Paths statistics .................................................................................................................... 11-13Local DNS statistics ......................................................................................................... 11-14

Understanding persistence records ....................................................................................... 11-16

12Collecting Metrics

Introducing metrics collection .................................................................................................. 12-1Defining metrics ........................................................................................................................... 12-2Assigning probes to local domain name servers ................................................................... 12-3Configuring TTL and timer values ............................................................................................ 12-5Excluding LDNS servers from probes .................................................................................... 12-7

Removing LDNS servers from the address exclusion list ......................................... 12-7

13Managing iRules

Introducing iRules for the Global Traffic Manager ............................................................... 13-1What is an iRule? ................................................................................................................ 13-1

Creating iRules ............................................................................................................................. 13-2Assigning iRules ............................................................................................................................ 13-3Controlling iRule evaluation ...................................................................................................... 13-4

Specifying events ................................................................................................................. 13-4Using the when keyword .................................................................................................. 13-4Listing iRules on wide IPs .................................................................................................. 13-5

Using statement commands ....................................................................................................... 13-6Using wide IP commands ........................................................................................................... 13-7Using utility commands ............................................................................................................... 13-8

Parsing and manipulating content .................................................................................... 13-8Ensuring data integrity ....................................................................................................... 13-8Retreiving resource information ..................................................................................... 13-9

Using protocol commands ......................................................................................................... 13-9IP commands ........................................................................................................................ 13-9TCP commands ................................................................................................................. 13-10UDP commands ................................................................................................................ 13-10

Removing iRules ......................................................................................................................... 13-11


Table of Contents

14Managing DNS Files with ZoneRunner

Introducing ZoneRunner ............................................................................................................ 14-1Working with DNS and BIND ........................................................................................ 14-1Understanding ZoneRunner tasks .................................................................................. 14-1

Working with zone files ............................................................................................................. 14-2Types of zone files .............................................................................................................. 14-2Creating zone files .............................................................................................................. 14-2Importing zone files ............................................................................................................ 14-7Modifying zones ................................................................................................................... 14-9Deleting zones ................................................................................................................... 14-10

Working with resource records ............................................................................................ 14-11Types of resource records ............................................................................................. 14-11Creating resource records ............................................................................................. 14-12Modifying a resource record .......................................................................................... 14-17

Working with views .................................................................................................................. 14-18Adding views ...................................................................................................................... 14-19Modifying views ................................................................................................................. 14-19Deleting views ................................................................................................................... 14-20Adding zones to views ..................................................................................................... 14-20

Managing the named.conf file .................................................................................................. 14-22

AWorking with the big3d Agent

Introducing the big3d agent .........................................................................................................A-1Collecting path data and server performance metrics ..........................................................A-2

Setting up data collection with the big3d agent .............................................................A-2Understanding the data collection and broadcasting sequence .................................A-3

Setting up communication between Global Traffic Managers and other servers ...........A-5Setting up iQuery communications for the big3d agent ..............................................A-5Allowing iQuery communications to pass through firewalls .....................................A-5Communications between Global Traffic Managers, big3d agents, and local DNS servers .................................................................................................................A-6

BUnderstanding Probes

Introducing probes ........................................................................................................................ B-1Understanding iQuery .................................................................................................................. B-2Determining probe responsibility .............................................................................................. B-3Selecting a big3d agent .................................................................................................................. B-5Designating a specific server ....................................................................................................... B-7Managing LDNS probes ................................................................................................................ B-8

Glossary

Index

6

1

Introducing the Global Traffic Manager

• Introducing the BIG-IP system

• Introducing the Global Traffic Manager

• Using the Configuration Guide

• Introducing the Configuration utility

• Stylistic conventions in this document

• Finding help and technical support resources


Introducing the BIG-IP systemF5 Networks’ BIG-IP® system is a port-based, multilayer switch that supports virtual local area network (VLAN) technology. Because hosts within a VLAN can communicate at the data-link layer (Layer 2), a BIG-IP system reduces the need for routers and IP routing on the network. This in turn reduces equipment costs and boosts overall network performance. At the same time, the BIG-IP system’s multilayer capabilities enable the system to process traffic at other OSI layers. The BIG-IP system can perform IP routing at Layer 3, as well as manage and secure TCP, UDP, and other application traffic at Layers 4 through 7. The following software modules provide comprehensive traffic management and security for all traffic types. The modules are fully integrated to provide efficient solutions to meet any network, traffic management, and security needs.

◆ BIG-IP® Local Traffic ManagerThe Local Traffic Manager includes local traffic management features that help you make the most of network resources such as web servers. Using the powerful Configuration utility, you can customize the way that the BIG-IP system processes specific types of protocol and application traffic. By using features such as virtual servers, server pools, profiles, and iRulesTM, you ensure that traffic passing through the BIG-IP system is processed quickly and efficiently, while meeting all of your security needs. For more information, see the Configuration Guide for BIG-IP® Local Traffic Management.

◆ BIG-IP® Global Traffic ManagerThe Global Traffic Manager provides intelligent traffic management to your globally available network resources. Through the Global Traffic Manager, you can select from an array of load balancing modes, ensuring that your clients access the most responsive and robust resources at any given time. In addition, the Global Traffic Manager provides extensive monitoring capabilities so the health of any given resource is always available. For more information, see the Configuration Guide for

BIG-IP® Global Traffic Management.

◆ BIG-IP® Link ControllerThe Link Controller seamlessly monitors availability and performance of multiple WAN connections to intelligently manage bi-directional traffic flows to a site; providing fault tolerant, optimized Internet access regardless of connection type or provider. The Link Controller ensures that traffic is always sent over the best available link to maximize user performance and minimize bandwidth cost to a data center. For more

information, see the Configuration Guide for BIG-IP® Link Controller.

Configuration Guide for BIG-IP® Global Traffic Management 1 - 1

Chapter 1

◆ BIG-IP®Application Security ModuleThe Application Security Module provides web application protection from application-layer attacks. The Application Security Module protects Web applications from both generalized and targeted application layer attacks including buffer overflow, SQL injection, cross-site scripting, and parameter tampering. For more information, see the Configuration

Guide for BIG-IP® Application Security Management.

Introducing the Global Traffic ManagerThe Global Traffic Manager is a system that monitors the availability and performance of global resources and uses that information to manage network traffic patterns. The Global Traffic Manager uses load balancing algorithms, topology-based routing, and iRules to control and distribute traffic according to specific policies. The system is highly configurable, and its web-based configuration utility allows for easy system setup and monitoring.

The Global Traffic Manager provides a variety of features that meet special needs. For example, with this product you can:

• Ensure wide-area persistence by maintaining a mapping between a local DNS server and a virtual server in a wide IP pool

• Direct local clients to local servers for globally-distributed sites using Topology load balancing

• Change the load balancing configuration according to current traffic patterns or time of day

• Customize load balancing modes

• Set up global load balancing among Local Traffic Managers and other load-balancing hosts

• Monitor real-time network conditions

• Configure a content delivery network with a CDN provider

• Guarantee multiple port availability for e-commerce sites

Overview of Global Traffic Manager ResourcesThe Global Traffic Manager manages multiple resources within your network. Each resource represents either a physical presence, such as a server, or a logical presence, such as a wide IP. Effective management of your network traffic requires that you understand and configure these resources correctly.

1 - 2


The following is a list of the resources that the Global Traffic Manager manages:

◆ Virtual serverA virtual server is a collection of IP addresses and port combinations that, together, provide access to an application or data source on your network. These collections are called virtual servers because they might span more than one physical machine, or might be a subset of available ports on a single machine.

◆ ServerA server is a a physical device that manages one or more virtual servers. An example of a server is the Local Traffic Manager; however, the Global Traffic Manager can manage other server types as well, such as a Windows 2000 Server.

◆ ListenerTo manage your network traffic, the Global Traffic Manager also requires that you configure an additional resource: a listener. A listener instructs the Global Traffic Manager to listen for network traffic destined for a specific IP address. Listeners are critical for the Global Traffic Manager; without them, the Global Traffic Manager does not know what traffic it must manage and what traffic it can safely ignore.

◆ LinkA link is a physical device that connects your network to the rest of the Internet. Often, links are logically attached to a collection of servers for managing access to your data sources.

◆ Data centerA data center is a logical collection of both servers and links. Typically, data centers represent devices that reside in a physical location.

◆ PoolA pool is a collection of multiple virtual servers. The Global Traffic Manager uses pools to load balance incoming network traffic among multiple virtual servers. Pools differentiate from servers in that a pool can encompass virtual servers on multiple servers on the network. This provides you with more significant load balancing granularity, because you can load balance across multiple pools of virtual servers and then have the appropriate server load balance across the virtual servers themselves.

◆ Wide IPA wide IP is a collection of one or more pools. Through the use of wide IPs, you can load balance network traffic between multiple pools.

◆ Distributed applicationA distributed application is a collection of wide IPs, data centers, and links, and is the highest-level component that the Global Traffic Manager supports. You can configure the availability of distributed applications to be dependent on a specific data center, link, or server. For example, if you configure a data center to have its availability depend on a link, and that link goes down, the Global Traffic Manager considers the application to be unavailable.


Chapter 1

Through the configuration of wide IPs and pools, you can use the Global Traffic Manager to load balance across a collection of resources, while distributed applications, data centers, and servers give you visibility into the performance and availability of these sources.

Local Traffic Manager resources

If you use the Global Traffic Manager in conjunction with a Local Traffic Manager, you might also want to familiarize yourself with the following additional network resources. These resources are not managed directly through the Global Traffic Manager, but understanding their role in your network configuration can assist you in optimizing your network’s availability and performance:

◆ Self IP addressA self IP is what most people think of when they think of an IP address. In a Global Traffic Manager or Local Traffic Manager environment, the term self IP address helps distinguish actual IP addresses from other types of addresses, such as those that identify a virtual server.

◆ NodeA node is an self IP address combined with a specific port number. For example, 153.54.7.86:443.

Internet protocol and network management supportThe Global Traffic Manager supports both the standard DNS protocol and the BIG-IP iQuery protocol (a protocol used for collecting dynamic load balancing information). The Global Traffic Manager also supports administrative protocols, such as Simple Network Management Protocol (SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for performance monitoring and notification of system events. For administrative purposes, you can use SSH, RSH, Telnet, and FTP. The Configuration utility supports HTTPS, for secure web browser connections using SSL, as well as standard HTTP connections.

The proprietary Global Traffic Manager SNMP agent allows you to monitor status and current traffic flow using popular network management tools. This agent provides detailed data such as current connections being handled by each virtual server.

Security featuresThe Global Traffic Manager offers a variety of security features that can help prevent hostile attacks on your site or equipment.

◆ Secure administrative connectionsThe Global Traffic Manager supports Secure Shell (SSH) administrative connections for remote administration from the command line. The

1 - 4


Global Traffic Manager web server, which hosts the web-based Configuration utility, supports SSL connections as well as user authentication.

◆ Secure iQuery communicationsThe Global Traffic Manager also supports Web certificate authentication for iQuery communications between the Global Traffic Manager and other systems running the big3d agent.

◆ TCP wrappersTCP wrappers provide an extra layer of security for network connections.

Configuration scalabilityThe Global Traffic Manager is a highly scalable and versatile solution. You can configure the Global Traffic Manager to manage up to several hundred domain names, including full support of domain name aliases. The Global Traffic Manager supports a variety of media options, including Fast Ethernet, and Gigabit Ethernet; the Global Traffic Manager also supports multiple network interface cards that can provide redundant or alternate paths to the network.

System synchronization optionsThe Global Traffic Manager synchronization feature allows you to automatically synchronize configurations from one Global Traffic Manager to any other Global Traffic Manager or Link Controller in the network, simplifying administrative management. The synchronization feature offers a high degree of administrative control. For example, you can set the Global Traffic Manager to synchronize a specific configuration file set, and you can also set which Global Traffic Manager or Link Controller systems in the network receive the synchronized information and which ones do not.

Configuring data collection for server status and network path data

The Global Traffic Manager includes the big3d agent, which is an integral part of its load balancing operations. The big3d agent continually monitors the availability of the servers that the Global Traffic Manager load balances. It also monitors the integrity of the network paths between the servers that host the domain, and the various local DNS servers that attempt to connect to the domain. The big3d agent runs on many of the F5 modules, including Global Traffic Manager, Local Traffic Manager, and Link Controller. Each big3d agent broadcasts its collected data to all of the Global Traffic Managers and Link Controllers in your network, ensuring that all Global Traffic Managers work with the latest information.


Chapter 1

The big3d agent offers a variety of configuration options that allow you to choose the data collection methods you want to use. For example, you can configure the big3d agent to track the number of router hops (intermediate system transitions) along a given network path, and you can also set the big3d agent to collect host server performance information using the SNMP protocol. For further details on the big3d agent, refer to Appendix A, Working with the big3d Agent.

Redundant system configurationsA redundant system is a set of two Global Traffic Managers: one operating as the active unit, the other operating as the standby unit. If the active unit goes offline, the standby unit immediately assumes responsibility for managing DNS traffic. The new active unit remains active until another event occurs that causes the unit to go offline, or you manually reset the status of each unit.

The Global Traffic Manager actually supports two methods of checking the status of the peer system in a redundant system:

◆ Hardware-based fail-overIn a redundant system that has been set up with hardware-based fail-over, the two units in the system are connected to each other directly using a fail-over cable attached to the serial ports. The standby unit checks on the status of the active unit once every second using this serial link.

◆ Network-based fail-overIn a redundant system that has been set up with network-based fail-over, the two units in the system communicate with each other across an Ethernet network instead of going across a dedicated fail-over serial cable. The standby unit checks on the status of the active unit once every second using the Ethernet.

Note

In a network-based fail-over configuration, the standby Global Traffic Manager immediately takes over if the active unit fails. If a client has queried the failed Global Traffic Manager, and has not received an answer, it automatically re-issues the request (after five seconds) and the standby unit, functioning as the active unit, responds.

Monitoring the Global Traffic Manager and the networkThe Global Traffic Manager includes sophisticated monitoring tools to help you monitor the Global Traffic Manager and the traffic it manages. See Chapter 10, Configuring Monitors for more information.

1 - 6


Using the Configuration GuideThe Configuration Guide for BIG-IP® Global Traffic Management is designed to help you understand how you can use the features of the Global Traffic Manager to accomplish the tasks associated with managing name resolution request on a global level. These tasks include tracking the performance of different servers and services and identifying the load balancing methods that best suit the needs of your company.

Note

We highly recommend that you first review the BIG-IP® Network and System Management Guide to familiarize yourself with the basic functionality of BIG-IP systems, which include Global Traffic Manager systems.

The configuration guide contains the following chapters:

◆ Introducing the Global Traffic ManagerThis chapter provides an overview of the Global Traffic Manager and this guide.

◆ Setting up the Global Traffic ManagerThis chapter describes the basic tasks associated with setting up a Global Traffic Manager on the network.

◆ Reviewing Global Traffic Manager ComponentsThis chapter describes the physical and logical components you can use to manage your global DNS traffic.

◆ Working with ListenersThis chapter describes how to configure listeners for the Global Traffic Manager. A listener instructs the Global Traffic Manager to listen for network traffic destined for a specific IP address.

◆ Defining the Physical NetworkThis chapter describes how to define the physical components of your network, such as servers and data centers. You can use these components to determine load balancing modes and track traffic statistics.

◆ Defining the Logical NetworkThis chapter describes how to define the logical components of your network, such as pools and wide IPs. These components determine how the Global Traffic Manager load balances requests.

◆ Load Balancing with the Global Traffic ManagerThis chapter describes the load balancing modes that the Global Traffic Manager supports, and how to apply those modes to your pools and wide IPs.

◆ Managing ConnectionsThis chapter describes how to use features such as connection persistence with the Global Traffic Manager.


Chapter 1

◆ Working with TopologiesThis chapter describes topologies, which allow you to define load balancing modes and resolution controls based on the origin or destination of a given name resolution request.

◆ Configuring MonitorsThis chapter describes how to use monitors to track the components of your network. Monitors are components of the Global Traffic Manager that perform specific tests to see if a given component is available for load balancing.

◆ Viewing StatisticsThis chapter describes how to use the Global Traffic Manager to view statistics on the different physical and logical network components.

◆ Collecting MetricsThis chapter describes how to use the Global Traffic Manager to gather metrics on the different physical and logical network components.

◆ Managing iRulesThis chapter describes how to write iRules; scripts that allow you to fully customize the load balancing capabilities of the Global Traffic Manager.

◆ Managing DNS Files with ZoneRunnerThis chapter describes how to use ZoneRunner, a BIG-IP utility, to manage and maintain your DNS zone files.

In addition to the preceding list of chapters, this guide contains the following appendices:

◆ Working with the big3d AgentThis appendix describes the big3d agent, a utility that is responsible for much of the communication between different BIG-IP systems.

◆ Understanding ProbesThis appendix describes how the Global Traffic Manager queries other network resources for statistical data.

Additional informationIn addition to this guide, there are other sources of documentation you can use in order to work with the BIG-IP system. The information is contained in the guides and documents described below. The following printed documentation is included with the BIG-IP system.

◆ Configuration WorksheetThis worksheet provides you with a place to plan the basic configuration for the BIG-IP system.

◆ BIG-IP Quick Start InstructionsThis pamphlet provides you with the basic configuration steps required to get the BIG-IP system up and running in the network.

1 - 8


The following guides are available in PDF format from the Ask F5SM web site, http://tech.f5.com. These guides are also available from the first Web page you see when you log in to the administrative web server on the BIG-IP system.

◆ Platform GuideThis guide includes information about the BIG-IP hardware. It also contains important environmental warnings.

◆ Installation, Licensing, and Upgrades for BIG-IP SystemsThis guide provides detailed information about installing upgrades to the BIG-IP system. It also provides information about licensing the BIG-IP system software and connecting the system to a management workstation or network.


Chapter 1

Introducing the Configuration utilityThe Configuration utility is a browser-based application that you use to configure and monitor the Global Traffic Manager. Using the Configuration utility, you can define the load balancing configuration along with the network setup, including data centers, synchronization groups, and servers used for load balancing and path probing. In addition, you can configure advanced features such as topology settings and SNMP agents. The Configuration utility also monitors network traffic, current connections, load balancing statistics, performance metrics, and the operating system itself. The home screen of the Configuration utility provides convenient access to downloads such as the SNMP MIB, and documentation for third-party applications such as ZebOS.

Configuration utility componentsThe Configuration utility consists of three main components:

◆ The navigation paneThis component is the left vertical pane of the Configuration utility. It contains the following tabs: the Main tab, which allows you to select the area of your network (global, local, and so on); the Help tab, which displays online help relevant to the main screen; and the Search tab, which allows you to search for specific pools and virtual servers.

◆ The menu barThis component runs horizantally across the top of the Configuration utility. The content of this component changes depending on what you select on the Main tab in the navigation section. Through the menu bar, you can access into more detailed aspects of a given network component.

◆ The active screenThe main component of the Configuration utilty is the active screen. The active screen changes depending on what you select on the Main tab in the navigation section. Through the active screen you configure the different aspects of the Global Traffic Manager.

It is important to note that the Global Traffic Manager often co-exists with other BIG-IP system modules, such as a Local Traffic Manager or a Link Controller. Consequently, you might see features in the Configuration utility that are not described in this guide. See Finding help and technical support resources, on page 1-13 for a list of other guides that will help you learn about the BIG-IP system.

1 - 10


Browser supportThe Configuration utility, which provides web-based access to the Global Traffic Manager configuration and features, supports the following browser versions:

• Netscape Navigator 7.1, and other browsers built on the same engine, such as Mozilla™, FireFox™, and Camino™.

• Microsoft® Internet Explorer®, version 6.x

Stylistic conventions in this documentTo help you easily identify and understand certain types of information, this documentation uses the following stylistic conventions.

Using the solution examplesAll examples in this documentation use only private IP addresses. When you set up the solutions we describe, you must use IP addresses suitable to your own network in place of our sample IP addresses.

Identifying new termsWhen we first define a new term, the term is shown in bold italic text. For example, a wide IP is a mapping of a fully-qualified domain name to one or more pools of virtual servers that host the domain’s content.

Identifying references to productsWe refer to all products in the BIG-IP product family as BIG-IP systems. We refer to the software modules by their name; for example, we refer to the Global Traffic Manager module as simply the Global Traffic Manager. If configuration information relates to a specific hardware platform, we note the platform.

Identifying references to objects, names, and commandsWe apply bold formatting to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, the nslookup command requires that you include at least one <ip_address> variable.


Chapter 1

Identifying references to other documentsWe use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about the Local Traffic Manager in Chapter 1, Introducing the Global Traffic Manager, in the Configuration Guide for BIG-IP ® Local Traffic Management.

Identifying command syntaxWe show actual, complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command sets the Global Traffic Manager load balancing mode to Round Robin:

lb_mode rr

Table 1.1 explains additional special conventions used in command line syntax.

Item in text Description

\Continue to the next line without typing a line break.

< >You enter text for the enclosed item. For example, if the command has <your name>, type in your name.

|Separates parts of a command.

[ ]Syntax inside the brackets is optional.

...Indicates that you can type a series of items.

Table 1.1 Command line conventions used in this manual

1 - 12


Finding help and technical support resourcesYou can find additional technical documentation and product information using the following resources:

◆ Online help for the Global Traffic ManagerThe Configuration utility has online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the left navigation pane to view the online help for a screen.

◆ Welcome screen in the Configuration utilityThe Welcome screen in the Configuration utility contains links to many useful web sites and resources, including:

• The F5 Networks Technical Support web site

• The F5 Solution Center

• The F5 DevCentral web site

◆ F5 Networks Technical Support web siteThe F5 Networks Technical Support web site, http://tech.f5.com, provides the latest documentation for the product, including:

• Release notes for the Global Traffic Manager, current and past

• Updates for guides (in PDF form)

• Technical notes

• Answers to frequently asked questions

• The Ask F5SM natural language question and answer engine.

Note

To access this site, you need to register at http://tech.f5.com.


Chapter 1

1 - 14

2

Setting up the Global Traffic Manager

• Introducing the Global Traffic Manager setup tasks

• Defining the Global Traffic Manager

• Establishing system communications

• Configuring synchronization settings

• Configuring auto-discovery

• Configuring global monitor behavior


Introducing the Global Traffic Manager setup tasksWhen you install a Global Traffic Manager on the network, the actions you take to integrate it into the network fall into two categories: setup tasks and configuration tasks. Setup tasks are tasks in which you create or modify settings that apply to the Global Traffic Manager itself, or that apply universally to all other configuration components, such as server, data centers, or wide IPs, that you create later. Examples of setup tasks include running the Setup Utility, assigning self IP address, and enabling high-availability functions. Configuration tasks are tasks in which you define a specific aspect of the Global Traffic Manager, such as load balancing methods, pools and pool members, or iRules™. These configuration tasks, while important, only affect specific aspects of how you manage DNS traffic with the Global Traffic Manager.

If you have just installed the Global Traffic Manager, the first setup task you should complete is running the Setup Utility. This utility guides you through licensing the product, assigning an IP address to the management port of the system, and configuring the passwords for your root and administrator accounts. The Setup Utility can also assist you in configuring some of the basic settings of the Global Traffic Manager, such as its IP address and the VLAN to which it belongs.

After you finish using the Setup Utility, the next step is to configure the network and system settings that apply to the Global Traffic Manager. These settings form the basis of a BIG-IP system configuration, and are configured in a similar fashion for all BIG-IP products, including the Local Traffic Manager, the Global Traffic Manager, and the Link Controller systems. Because these settings have a variety of applications, they are discussed in a separate guide: the BIG-IP® Network and System Management Guide. We highly recommend that you review this guide to ensure that you configure the basic network and system settings for the Global Traffic Manager in a way that best fits the needs of your network and your DNS traffic.

Note

You can access the BIG-IP® Network and System Management Guide by visiting the Ask F5SM web site: tech.F5.com.

Once you have the basic network settings configured, you can work on setting up the Global Traffic Manager itself. The setup tasks associated with the Global Traffic Manager include:

• Defining the Global Traffic Manager

• Establishing communications between the Global Traffic Manager and other BIG-IP systems

• Configuring synchronization settings

• Configuring global monitoring options

• Controlling DNS queries


Chapter 2

Once you complete these tasks, you are ready to work on the configuration tasks that allow your network to get the full benefit of the features of the Global Traffic Manager. We recommend you review Chapter 3, Reviewing Global Traffic Manager Components, which provides an overview of these configuration tasks and includes links to other sections of this guide that provide more detailed information.

Defining the Global Traffic ManagerThe Global Traffic Manager is designed to manage DNS traffic as it moves from outside the network to the appropriate resource and back again. The management capabilities of the system require that it have an accurate configuration of the sections of the network over which it has jurisdiction. This configuration requires that you define network elements such as servers, other BIG-IP systems, virtual servers, and data centers, within the Global Traffic Manager’s configuration. Consider defining these elements as similar to drawing a network diagram; you must include all of the relevant components in such a diagram in order to have an accurate depiction of how the system works as a whole.

As part of defining this network topology, you must define the Global Traffic Manager itself. This definition configures the Global Traffic Manager with its role within the network, as well as what interactions it can and cannot have with other network components. Without this configuration, many of the capabilities of the Global Traffic Manager cannot operate effectively.

When you define the Global Traffic Manager, you must first define the data center in which the Global Traffic Manager resides. This step is important because all network components that the system manages must belong to a data center. Data centers are described in greater detail in Managing data centers, on page 5-2.

To create a data center

1. On the Main tab of the navigation pane, expand Global Traffic and click Data Centers.The main screen for data centers opens.

2. Click the Create button.The New Data Center screen opens.

3. Add the new data center settings. For additional assistance with these settings, please see the online help.

4. Click the Finished button.

2 - 2


To define the Global Traffic Manager

1. On the Main tab of the navigation pane, expand Global Traffic and click Servers.The main screen for servers opens.

2. Click the Create button.The New Server screen opens.

3. In the Name box, type a name that identifies the Global Traffic Manager.

4. From the Product list, select the appropriate server product.Global Traffic Managers, Local Traffic Managers, and Link Controllers all are part of the BIG-IP product family. Any time you add one of these systems as a server, you can select one of two server products from the Product list:

• If the system is a primary system, select BIG-IP System (Single).

• If the system is a backup system, select BIG-IP System (Redundant).

5. For Address List, add the IP address of the server.To add the IP address, type the address in the Address box, and then click Add. You can add more than one address to any given server, depending on how that server interacts with the rest of your network. For example, if the current Global Traffic Manager is part of a redundant system, you would add the IP addresses of the primary and backup systems.

6. From the Data Center list, select a data center to which the Global Traffic Manager belongs.

7. Configure the remaining server settings.For additional assistance on these settings, see the online help.

8. Click the Create button to create the new server.


Chapter 2

Establishing system communicationsBefore the Global Traffic Manager can operate as an integrated component within your network, you must first establish how it can communicate with other external systems. An external system is any server with which the Global Traffic Manager must exchange information to perform its functions. In general, establishing system communications consists of two categories:

• Communicating with other BIG-IP systems

• Communicating with third-party systems

When the Global Traffic Manager communicates with other BIG-IP systems, such as Local Traffic Managers or Link Controllers, it uses a proprietary protocol called iQuery to send and receive information. If the Global Traffic Manager is communicating with a BIG-IP system, it uses a software utility called big3d to handle the information traffic. If the Global Traffic Manager is instead communicating with another Global Traffic Manager, it uses a different utility, called gtmd, which is designed for that purpose.

In order to communicate with the Global Traffic Manager, all BIG-IP products must have the same version of the big3d utility. Consequently, part of the process when establishing communications between the Global Traffic Manager and other BIG-IP products is to open port 22 and port 4353 between the two systems. Port 22 allows the Global Traffic Manager to copy the newest version of the big3d utility to existing systems, while iQuery requires the port 4353 for its normal communications.

Table 2.1 lists the requirements for each communication component between the Global Traffic Manager and other BIG-IP systems.

When the Global Traffic Manager communicates with third-party systems, whether that system is a load balancing server or a host, it can use SNMP to send and receive information. For details on how the Global Traffic Manager uses SNMP, see the BIG-IP® Network and System Management Guide.

Communication Component Requirements

Ports Port 22, for secure file copying of entities like big3d.

Port 4353, for iQuery communication.

Utilities big3d, for Global Traffic Manager to BIG-IP system communication.

Protocols iQuery

Table 2.1 Requirements for communication components (BIG-IP Systems)

2 - 4


Table 2.2 lists the requirements for each communication component between the big3d agent and other external systems.

When you set up the Global Traffic Manager to communicate with external systems, you must complete one or more of the following tasks:

• Define the systems in the Global Traffic Manager. This task applies regardless of whether the system is a BIG-IP system, or a third-party system.

• Run the gtm_add utility. This utility is designed for situations in which you are installing the system in a network that already has one or more Global Traffic Managers running.

• Run the big3d_install utility. This utility ensures that the Global Traffic Manager and other BIG-IP systems use the same version of the big3d utility, and establishes that these systems are authorized to exchange information.

• Run the bigip_add utility. If you are certain that the other BIG-IP systems on the network use the same version of the big3d utility as the Global Traffic Manager, you can run the bigip_add utility instead of the big3d_install utility. The bigip_add utility authorizes communications between the Global Traffic Manager and other BIG-IP systems on the network.

Defining the systems in the Global Traffic ManagerAs described in Defining the Global Traffic Manager, on page 2-2, the Global Traffic Manager needs to have information on the different systems with which it interacts when managing DNS traffic. These systems include other Global Traffic Managers, BIG-IP systems, and third-party systems.

The steps you follow to define these systems are described in Managing servers, on page 5-5. When you set up your Global Traffic Manager, you must add these systems into the configuration for the Global Traffic Manager to communicate with these systems.

Communication Component Requirements

Ports Port 161

Protocols SNMP

Table 2.2 Requirements for communication components (third-party systems)


Chapter 2

Running the gtm_add utilityIf you are integrating multiple Global Traffic Managers within your network, you need to use the gtm_add script. This script accomplishes a single task: it acquires configuration files from another Global Traffic Manager on your network.

The gtm_add script is very important, especially if you want the Global Traffic Manager to be part of an existing synchronization group. As described in Configuring synchronization settings, on page 2-8, synchronization works by having each Global Traffic Manager check to ensure that it has the latest configuration files and, if not, to acquire the latest files. This has a potential drawback when you install a new Global Traffic Manager into your network, because the new system has the most recent files (based on the timestamps) but has yet to be configured. As a result, there is a risk that the unconfigured files of the new Global Traffic Manager could override the configurations of your existing Global Traffic Managers.

The gtm_add script circumvents this issue. With this script, you specify the IP address of an existing Global Traffic Manager. The script then access that system and copies its configuration files to the new Global Traffic Manager. The new system can then be incorporated into the synchronization group without adversely affecting it.

The gtm_add script acquires all configuration files, including SSL certificates. As a result, it is ideal for acquiring SSL certificates for a new Global Traffic Manager.

To run the gtm_add script

1. Log in to the system that hosts the new Global Traffic Manager.

2. At the command prompt, type the following command:

gtm_add <IP address of existing Global Traffic Manager>

The script logs in to the specified Global Traffic Manager and acquires its configuration files, including relevant SSL certificates. You can then add the Global Traffic Manager to the appropriate synchronization group.

Running the big3d_install utilityIf your network includes existing BIG-IP systems, such as Local Traffic Managers, and this is the first Global Traffic Manager you are connecting to the network, you must run the big3d_install utility. This utility upgrades the big3d agents on the BIG-IP systems and instructs these systems to authenticate with the other systems through the exchange of SSL certificates. You can accomplish both of these tasks through the big3d_install script. This script is included with the Global Traffic Manager.

2 - 6


To run the big3d_install script

1. Log in to the command line interface for the Global Traffic Manager.

2. At the prompt, type the following command:

big3d_install <IP address of existing BIG-IP systems>

3. Press the Enter key to run the script.

This script instructs the Global Traffic Manager to connect to each BIG-IP system that you specified by IP address. As it connects to each system, it prompts you to supply the appropriate login information to access that system.

When the script has completed its operations, the following changes take effect on each BIG-IP system:

• The appropriate SSL certificates are exchanged between each system, authorizing communications between them.

• The big3d agent on each system is upgraded to the same version as installed on the Global Traffic Manager.

Running the bigip_add utilityIf this is the first Global Traffic Manager that you have installed on the network, and you know that the existing BIG-IP systems use the same version of the big3d agent, you can use the bigip_add utility. This script exchanges SSL certificates so that each system is authorized to communicate with each other. Unlike the big3d_install utility, the bigip_add utility does not modify the big3d agent already present on existing BIG-IP systems.

To run the bigip_add script

1. Log in to the command line interface for the Global Traffic Manager.

2. At the prompt, type the following:

bigip_add <IP address of existing BIG-IP systems>

3. Press the Enter key to run the script.


Chapter 2

Configuring synchronization settingsThe primary goal of the Global Traffic Manager is to ensure that name resolution requests are sent to the best available resource on the network. Consequently, it is typical for multiple Global Traffic Manager systems to reside in several locations within a network. For example, a standard installation might include a Global Traffic Manager at each data center within an organization.

When a Local Domain Name Server (LDNS) submits a name resolution request, you cannot control to which Global Traffic Manager the request is sent. As a result, you will often want multiple Global Traffic Manager systems to share the same configuration values, and maintain those configurations over time. This process is called synchronization.

In network configurations that contain more than one Global Traffic Manager, synchronization means that each Global Traffic Manager regularly compares the timestamps of its configuration files with the timestamps of configuration files on other Global Traffic Manager systems. If a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests. With synchronization, you can change settings on one system and have that change distributed to all other systems.

You can separate the Global Traffic Managers on your network into separate groups, called synchronization groups. A synchronization group is a collection of multiple Global Traffic Manager systems that share and synchronize configuration settings. These groups are identified by a synchronization group name, and only systems that share this name also shares configuration settings. These synchronization groups allow you to customize the synchronization behavior. For example, the Global Traffic Manager systems residing in data centers in Europe might belong to one synchronization group, while the systems in North America belong to another group.

The following sections provide additional information on synchronization and the Global Traffic Manager, and specifically covers the following topics:

• Activating synchronization

• Controlling file synchronization

• Synchronizing DNS zone files

• Creating synchronization groups

2 - 8


Defining NTP serversBefore you can synchronize Global Traffic Manager systems, you must define the the Network Time Protocol (NTP) servers that the Global Traffic Manager references. These servers ensure that each Global Traffic Manager is referencing the same time when verifying timestamps for configuration files.

If you have already read through the BIG-IP® Network and System Management Guide, you may have already configured a list of NTP servers for the Global Traffic Manager. If you have not yet done so, you can find detailed information on configuring these settings in the BIG-IP® Network and System Management Guide.

Activating synchronizationActivating synchronization for the Global Traffic Manager has an immediate affect on its configurations, provided that another Global Traffic Manager is already available on the network. We recommend that you activate synchronization after you have finished configuring one of the systems.

To activate synchronization

1. On the Main tab of the navigation pane, expand System and then click General Properties.The general properties screen opens.

2. From the Global Traffic menu, choose General.The general global properties screen opens.

3. Check the Synchronization check box.

4. Click the Update button to save your changes.

Controlling file synchronizationWhen you opt to synchronize multiple Global Traffic Manager systems, you are instructing each system to share its configuration files with the other systems on the network. These files are synchronized based on their timestamp: if a Global Traffic Manager determines that its configuration files are older than those on another system, it acquires the newer files and begins using them to load balance name resolution requests.

You can control the synchronization by defining the maximum age difference between two sets of configuration files. This value is referred to as synchronization time tolerance.

By default, the value for the synchronization time tolerance is set to 10 seconds. The minimum value you can set for this value is 5 seconds, while the maximum you can set is 600 seconds.


Chapter 2

To control file synchronization



3. In the Synchronization Time Tolerance box, type the maximum age difference, in seconds, between two sets of configuration files.


Deactivating file synchronization

In the event that you need to deactivate file synchronization, you can do so at any time. Situations in which you want to disable synchronization include updating the data center in which the Global Traffic Manager resides, or when you are testing a new configuration change.

To deactivate file synchronization



3. Clear the Synchronization check box.


Synchronizing DNS zone filesDuring synchronization operations, the Global Traffic Manager verifies that it has the latest configuration files available and, if it does not, the Global Traffic Manager downloads the newer files from the appropriate system. You can expand the definition of the configuration files to include the DNS zone files used to respond to name resolution requests by using the Synchronize DNS Zone Files option. This option is enabled by default.

To synchronize DNS zone files

1. On the Main tab of the navigation pane, expand System and then click General Properties.The General properties screen opens.

2. From the Global Traffic menu, choose General.The General global properties screen opens.

3. Check the Synchronize DNS Zone Files check box.


2 - 10


Creating synchronization groupsEach Global Traffic Manager that you synchronize must belong to a specific group of systems, called a synchronization group. A synchronization group is a collection of multiple Global Traffic Manager systems that share and synchronize configuration settings. Initially, when you enable synchronization for a Global Traffic Manager, the system belongs to a synchronization group called default. However, you can create new groups at any time. This process allows you to customize the synchronization process, ensuring that only certain sets of Global Traffic Manager systems share configuration values.

To illustrate how synchronization groups work, consider the fictional company, SiteRequest. SiteRequest has decided to add a new data center in Los Angeles. As part of bringing this data center online, SiteRequest has decided that it wants the Global Traffic Manager systems installed in New York and in Los Angeles to share configurations, and the Paris and Tokyo data centers to share configurations. This setup exists because SiteRequest’s network optimization processes require slightly different settings within the United States than the rest of the world. To accommodate this new network configuration, SiteRequest enables synchronization for the New York and Los Angeles data centers, and assigns them a synchronization group name of United States. The remaining data centers are also synchronized, but with a group name of Rest Of World. As a result, a configuration change at the Paris Global Traffic Manager immediately modifies the Tokyo system, but does not affect the systems in the United States.

Note

When you change the name of a synchronization group, the new name is synchronized to all systems that belong to that synchronization group.

To create a synchronization group



3. In the Synchronization Group Name box, type a name of either an existing synchronization group, or a new group.



Chapter 2

Configuring auto-discoveryA large network might consist of hundreds of virtual servers. Keeping track of these virtual servers can be a time-consuming process itself. The Global Traffic Manager includes a means of simplifying the addition of new virtual servers into a network: auto-discovery. Auto-discovery is a process through which the Global Traffic Manager identifies a resource automatically so you can manage it.

The Global Traffic Manager can discover two types of resources: virtual servers and links. Each resource is discovered on a per-server basis, so you can employ auto-discovery only on the servers you specify.

The auto-discovery feature of the Global Traffic Manager has four modes that control how the system identifies resources. These modes are:

• Disabled. In this mode, the Global Traffic Manager does not attempt to discover any resources.

• Enabled. In this mode, the Global Traffic Manager regularly checks the server to discover any new resources. If a previously-discovered resource cannot be found, the Global Traffic Manager deletes it from the system.

• Enabled (No Delete). In this mode, the Global Traffic Manager constantly checks the server to discover any new resources. Unlike the Enabled mode, the Enabled (No Delete) mode does not delete resources, even if the system cannot currently verify their presence.

• One Time Discovery. In this mode, the Global Traffic Manager checks once for any new resources. This mode is useful during the initial configuration and setup of the Global Traffic Manager.

Note

If you want to use the AutoDiscovery feature on a third-party server in conjunction with an SNMP monitor, see Using the SNMP monitor on third-party servers, on page 10-27.

You interact with the auto-discovery feature in two ways. You can:

• Enable auto-discovery

• Set the discovery frequency

If you choose to enable auto-discovery, you can employ it to discover the virtual servers or links that reside on a particular server. For more information, please see Discovering resources automatically, on page 5-16.

Note

Auto-discovery is unavailable for virtual servers using translated IP addresses.

2 - 12


Enabling auto-discoveryBefore you can use the Global Traffic Manager to discover virtual servers or links, you must enable auto-discovery on the system itself. If you do not enable auto-discovery, the Global Traffic Manager does not discover new resources, even you enable discovery on the server level. Auto-discovery is enabled by default for the Global Traffic Manager.

To enable auto-discovery



3. Check the Auto-Discovery check box.


Setting the discovery frequencyTwo discovery modes, Enabled and Enabled (No Delete), instruct the Global Traffic Manager to continually monitor servers for new resources. You configure the frequency at which the system queries for new resources in the general properties screen. By default, the system queries servers for new resources every 30 seconds.

To set the discovery frequency



3. In the Auto-Discovery Request Interval box, type the frequency at which you want the system to attempt to discover new resources.



Chapter 2

Configuring global monitor behaviorAs you employ the Global Traffic Manager to load balance DNS traffic across different network resources, you must acquire information on these resources. You acquire this information by applying monitors to each resource. A monitor is a component of the Global Traffic Manager that tests to see if a given resource responds as expected. These tests can range from verifying that a connection to the resource is available, to conducting a database query. The Global Traffic Manager uses the information it gathers from monitors not only to inform you of what resources are available, but to determine which resource is the best candidate to handle incoming DNS requests.

For detailed information on monitors and the Global Traffic Manager, see Chapter 10, Configuring Monitors.

In most cases, you apply specific monitors to resources, depending on the type of resource and its importance. However, there are a few settings within the Global Traffic Manager that affect all monitors:

• Assign a heartbeat interval, which controls how often the Global Traffic Manager communicates with other BIG-IP systems on the network

• Determine how many monitors can query a resource at any given time

• Specify whether monitors continue to check the availability of a resource that you have disabled through the Global Traffic Manager

While monitors supply information you need to ensure that network traffic moves efficiently across the network, they do so at the cost of increasing that network traffic. These settings allow you to control this increase.

Assigning a heartbeat intervalIn daily operations, the Global Traffic Manager frequently acquires much of its network data from other BIG-IP systems that you employ, such as Local Traffic Managers. For example, the Local Traffic Manager systems monitors the resources it manages. When the Global Traffic Manager requires this same information for load balancing DNS requests, it can query the Local Traffic Manager, instead of each resource itself. This process ensures that the system has the information it needs efficiently.

Because the Global Traffic Manager queries other BIG-IP systems to gather information, you can configure the frequency at which these queries occur. You control this frequency by configuring the heartbeat interval. Based on the value you specify for this setting, the Global Traffic Manager queries other BIG-IP systems more or less often. We recommend the default value of 10 seconds for this setting; however, you can configure this setting to best suit the configuration of your network.

Configuring the heartbeat interval is important when setting up the Global Traffic Manager, as it affects the data a given monitor acquires. We recommend that, when configuring resource monitors, you ensure that the

2 - 14


frequency at which the monitor attempts to query a resource is greater than the heartbeat interval monitor. Otherwise, the monitor might acquire out-of-date data during a query.

To configure the heartbeat interval



3. In the Heartbeat Interval box, type the frequency at which you want the system to attempt to discover new resources.


Determining the number of monitor queriesAnother aspect of resource monitoring that you want to control is how many monitors can query a resource at any given time. Network resources often serve many different functions at the same time and it is likely you want more than one monitor checking the availability of these resources in different ways. You might monitor a single resource, for example, to verify that the connection to the resource is available, that you can reach a specify HTML page on that resource, and that a database query returns an expected result. If this resource is used in more than one context, you might have many more monitors assigned to it, each one performing an important check to ensure the availability of the resource.

While these monitors are helpful in determining availability, it is equally helpful to control how many monitors can query a resource at any given time. This control ensures that monitor requests are more evenly distributed during a given period of time.

To determine the number of monitor queries



3. In the Maximum Synchronous Monitor Requests box, type the number of queries that resources can accept from monitors at any given time.We recommend the default value of 20 requests.



Chapter 2

Monitoring disabled resourcesOne of the ways in which a given network resource becomes unavailable during the load balancing of DNS traffic occurs when you manually disable the resource. You might disable a resource because you are upgrading its server, or because you are modifying the resource itself and need to remove it temporarily from service.

You can control whether the Global Traffic Manager monitors these disabled resources. In some network configurations, for example, you might want to continue monitoring these resources when you put them offline; in other configurations, this action might be unnecessary.

To monitor disabled resources



3. Check the Monitor Disabled Objects check box.


Note

By default, this option is disabled in Global Traffic Manager. We recommend you enable it only if you are certain you want the system to continue monitoring resources that you have manually disabled.

2 - 16

3

Reviewing Global Traffic Manager Components

• Introducing Global Traffic Manager components

• Reviewing physical components

• Reviewing logical components


Introducing Global Traffic Manager componentsFor the Global Traffic Manager to operate effectively, you need to define the different components that make up the relevant segments of your network. These components include physical components, such as data centers and servers, as well as logical components, such as wide IPs, addresses, and pools. By defining these components in the Global Traffic Manager, you essentially build a network map that the Global Traffic Manager can use to direct DNS traffic to the best available resource.

The most basic configuration of the Global Traffic Manager includes:

• A listener, which is a specific virtual server that identifies network traffic for the Global Traffic Manager

• A data center, which contains at least one server

• A server, which contains at least one resource, or virtual server

Once this basic configuration is complete, the Global Traffic Manager has enough information available to direct DNS traffic, although obviously in a very limited sense. You can increase the system’s capabilities by adding additional network components as appropriate.

The components that you define in the Global Traffic Manager can be divided into two basic categories:

• Physical components

• Logical components


Chapter 3

Reviewing physical componentsSeveral components within the Global Traffic Manager’s configuration have direct correlation to a physical location or device on the network. These components include:

• Data centers

• Servers

• Links

• Virtual servers

Data centersData centers are the top level of your physical network setup. You must configure one data center for each physical location in your global network. The data center element of your configuration defines the servers (Global Traffic Managers, Local Traffic Managers, hosts, and routers) that reside at that location.

A data center can contain any type of server. For example, one data center could contain a Global Traffic Manager and a host, while another could contain two Global Traffic Manager systems and eight Local Traffic Manager systems.

For information about configuring data centers, see Managing data centers, on page 5-2.

ServersThe data center servers that you define in the network setup include both BIG-IP systems and third-party servers. One server component that you must define is the Global Traffic Manager itself, so it knows its place in the network map. You can also define Local Traffic Managers, and the virtual servers that these servers manage. Virtual servers are the ultimate destination for connection requests.

For information about configuring servers, see Managing servers, on page 5-5.

LinksEach data center in your network has at least one connection to the Internet. Within the Global Traffic Manager, these connections are identified as links. You can assign as many links to the appropriate data centers as needed. Configuring links is optional for the Global Traffic Manager, although they are very useful when determining resource availability.

For information about configuring links, see Managing links, on page 5-21.

3 - 2


Virtual serversAny server, excluding Global Traffic Managers and Link Controllers, contains at least one virtual server. A virtual server, in the context of the Global Traffic Manager, is a specific IP address and port number that points to a resource on the network. In the case of host servers, this IP address and port number likely point to the resource itself. With load balancing systems, such as the Local Traffic Manager, these virtual servers are often proxies that allow the load balancing server to manage the resource request across a multitude of resources.

For information about configuring virtual servers, see Managing virtual servers, on page 5-19.

Reviewing logical componentsIn addition to the physical components of your network, the Global Traffic Manager also handles DNS traffic over logical components. Logical components consist of network elements that may not represent a physical location or device. These components include:

• Listeners

• Wide IPs

• Pools

• Distributed applications

ListenersTo communicate with the rest of your network, you must configure the Global Traffic Manager so that it can correctly identify the resolution requests for which it is responsible. A listener is a resource that instructs the Global Traffic Manager to listen for requests destined to a specific IP address. In most installations, the listener you define for the Global Traffic Manager is the same as its IP address; however, there are many different ways you can configure listeners so that the Global Traffic Manager handles DNS traffic correctly.

For more information on configuring listeners, see Chapter 4, Working with Listeners.

Wide IPsOne of the most common logical components you create in the Global Traffic Manager is a wide IP. A wide IP maps a domain name to a collection of pools, and it specifies the load balancing modes that the Global Traffic Manager uses to choose a select a pool.


Chapter 3

When a local DNS server requests a connection to a specific domain name, the wide IP definition specifies which pools of virtual servers are eligible to answer the request, and which load balancing modes to use in choosing a pool. The Global Traffic Manager then load balances the request across the virtual servers within that pool to resolve the request.

For information about configuring wide IPs, see Setting up wide IPs, on page 6-9.

PoolsWhen you define the virtual servers to which the Global Traffic Manager directs DNS traffic, you will want to combine those virtual servers into specific groups, or pools. You can then configure the Global Traffic Manager to direct traffic to a virtual server within a pool using a specific load balancing method.

One of the important aspects of pools that you must consider is that any virtual server you add to that pool becomes a pool member. A pool member is a representation of a virtual server within a pool. This distinction is important because you can apply monitors, iRules, and other configuration options to a pool member, and then apply a different set of options to the same resource as a virtual server.

For more information about configuring pools and pool members, see Setting up pools, on page 6-3.

Distributed applicationsIn situations where the Global Traffic Manager is configured with several wide IPs, you can organize wide IPs that share responsibilities into a comprehensive whole, or distributed application. A distributed application is a collection of one or more wide IPs. Through a distributed application, you can arrange dependencies based on the data centers, servers, and links that compose each wide IP. For example, if the New York data center goes offline, this information causes the wide IP and its corresponding distributed application to become unavailable. Consequently, the Global Traffic Manager does not send any resolution requests to any of these resources, until the entire application becomes available again.

For more information about configuring distributed applications, see Setting up distributed applications, on page 6-18.

3 - 4

4

Working with Listeners

• Introducing listeners

• Creating a listener for local resolution

• Configuring listeners for traffic forwarding

• Configuring a wildcard listener

• Modifying listeners

• Deleting listeners

• Using listeners with VLANs

• Understanding listeners: an example


Introducing listenersBefore you can fully configure the Global Traffic Manager to handle name resolution requests, you must determine how the system integrates within your existing network. Part of this integration includes identifying what network traffic is relevant to the Global Traffic Manager and how the system responds to this traffic. In general, you have two options when handling traffic with the Global Traffic Manager:

• The Global Traffic Manager receives the traffic, processes it locally, and sends the appropriate DNS response back to the querying server. Global Traffic Managers with this configuration are considered to be running in node mode.

• The Global Traffic Manager receives the traffic and forwards it; either to another part of the network or another DNS server. Global Traffic Managers with this configuration are considered to be running in either bridge mode or router mode, depending on where the system is forwarding network traffic.

To control how the Global Traffic Manager handles network traffic, you configure one or more listeners. A listener is a specialized resource that is assigned a specific IP address and uses port 53, the DNS query port. When traffic is sent to that IP address, the listener alerts the Global Traffic Manager, allowing it to handle the traffic locally or forward the traffic to the appropriate resource.

Tip

If you are familiar with the Local Traffic Manager, it might be helpful to consider a listener as a specialized type of virtual server that is responsible for handling traffic for the Global Traffic Manager.

Also, if you configure user accounts using the Local Traffic Manager, you will find that you can assign listeners, like other virtual servers, to specific partitions. We do not recommend this practice, as listeners play an important role in global traffic management. Consequently, we recommend that you assign all listeners to the Common partition.

You control how the Global Traffic Manager responds to network traffic on a per-listener basis. For example, a single Global Traffic Manager can be the authoritative server for one domain, while forwarding other requests to a separate DNS server. Regardless of how many listeners you configure for the Global Traffic Manager, the system always manages and responds to requests for any wide IPs that you have configured on it.


Chapter 4

Creating a listener for local resolutionOften, when you add a Global Traffic Manager, you want the system to be responsible for responding to at least a subset of your incoming DNS requests. These requests can be directed at wide IPs that you have configured on the Global Traffic Manager, but you are not limited to wide IPs alone. You can also configure the Global Traffic Manager to respond to DNS requests for other network resources that might not be associated with a wide IP.

When a Global Traffic Manager is responsible for managing and responding to DNS traffic locally, it is said to be operating in node mode. In this situation, you assign a listener to the Global Traffic Manager that corresponds to an IP address that is specifically associated with the system. If the Global Traffic Manager is operating as a standalone unit, this IP address is the self IP address you assign to the Global Traffic Manager. If the Global Traffic Manager is part of a redundant system for high availability purposes, this IP address is the floating IP address that belongs to both systems.

To configure a listener for local resolution

1. On the Main tab of the navigation pane, expand Global Traffic and then click Listeners.The main listeners screen opens.

2. Click the Create button.The new listener screen opens.

3. In the Destination box, type the IP address on which the Global Traffic Manager listens for network traffic.In this case, the IP address that you add is either the self IP address of the system, or, in the case of a redundant pair setup, the floating IP address that corresponds to both systems.

4. From the VLAN Traffic list, select a VLAN setting appropriate for this listener.Typically, if the Global Traffic Manager is handling traffic on this IP address locally, you would select All VLANs for this option

5. Click the Finished button to save the new listener.

4 - 2


Configuring listeners for traffic forwardingAnother common configuration you can use with the Global Traffic Manager is to integrate it with your existing DNS servers. In this scenario, the Global Traffic Manager handles any traffic related to the wide IPs you assign to it, while sending other DNS requests to another DNS server on your network. When forwarding traffic in this manner, the Global Traffic Manager is considered to be operating in bridge or router mode, depending on how the traffic was initially sent to the Global Traffic Manager. In this configuration, you assign a listener to the Global Traffic Manager that corresponds to the IP address of the DNS server to which you want to forward to traffic.

Unlike the steps described in the section, Creating a listener for local resolution, on page 4-2, you can create more than one listener to forward network traffic. The number of listeners depends on your network configuration and the ultimate destination to which you want to send specific DNS requests.

To configure a listener for traffic forwarding



3. In the Destination box, type the IP address on which the Global Traffic Manager listens for network traffic.In this case, the IP address that you add is the IP address of the DNS server that you want to handle the DNS request.

4. From the VLAN Traffic list, select a VLAN setting appropriate for this listener.Typically, if the Global Traffic Manager is handling traffic on this IP address locally, you would select All VLANs for this option



Chapter 4

Configuring a wildcard listenerIn some cases, you might want the Global Traffic Manager to handle any traffic coming into your network, regardless of the destination IP address of the given DNS request. In this configuration, the Global Traffic Manager continues to process and respond to requests for the wide IPs that you configure, but in addition it is responsible for forwarding any other DNS requests to other network resources, such other DNS servers. To accomplish this type of configuration, you assign a wildcard listener to the Global Traffic Manager. A wildcard listener is the same as a standard listener, except that it contains an asterisk (*) instead of an IP address.

To configure a wildcard listener



3. In the Destination box, type 0.0.0.0.

4. From the VLAN Traffic list, select a VLAN setting appropriate for this listener.


Modifying listenersAfter you create a listener, you can access its settings, changing them as needed. Common instances in which you need to modify a listener include adding an additional VLAN, or modifying the IP address of the listener.

To modify a listener


2. Click the name of the listener.The properties screen for that listener appears.

3. Modify the settings for the listener.

4. Click the Update button to save your changes to the listener.

4 - 4


Deleting listenersIn the event that a listener is no longer needed within the Global Traffic Manager, you can delete it.

To delete a listener


2. Check the Select check box that corresponds to the listener entry.

3. Click the Delete button.A confirmation screen appears.

4. Click the Delete button to delete the listener.


Chapter 4

Using listeners with VLANsOne of the features of a BIG-IP system is that you can create one or more VLANs and assign specific interfaces to the VLANs of your choice. By default, each BIG-IP system includes at least two VLANs, named internal and external. However, you can create as many VLANs as the needs of your network demands.

When you assign listeners to the Global Traffic Manager, you must take into account any VLANs that you have created. For example, a listener that forwards traffic to another DNS server might only be appropriate for a specific VLAN, while a wildcard listener might be applicable to all VLANs. You can configure a listener to be applicable to all VLANs, enabled only on specific VLANs, or disabled on specific VLANs.

Note

For more information about BIG-IP systems and VLANs, see the BIG-IP® Network and System Management Guide.

Setting up a listener for all VLANsIf the Global Traffic Manager resides on a network segment that does not use VLANs, or if the IP address you assign as a listener is valid for all VLANs for which the Global Traffic Manager is responsible, you set the VLAN Traffic option to All VLANs.

To set up a listener for all available VLANs



3. In the Destination text box, type the IP address on which the Global Traffic Manager will listen for network traffic.

4. From the VLAN Traffic list, select All VLANs.

5. Click the Finished button to save your changes.

Enabling a listener for specific VLANsIf the Global Traffic Manager manages traffic for only some of the VLANs available on the network segment, you set the VLAN Traffic option to Enabled on.

4 - 6





3. In the Destination box, type the IP address on which the Global Traffic Manager will listen for network traffic.

4. From the VLAN Traffic list, select Enabled on.A new option, VLAN List, appears on the screen.

5. Select the appropriate VLANs from the Available list and use the buttons provided to move them to the Selected list.The listener only alerts the Global Traffic Manager about traffic on the VLANs in the Selected list.


Disabling a listener for specific VLANsIn instances where the Global Traffic Manager resides on a network segment with several VLANs, and you want to exclude some VLANs from listener, you set the VLAN Traffic option to Disabled on.




3. From the VLAN Traffic list, select Disabled on.A new option, VLAN List, appears on the screen.

4. Select the appropriate VLANs from the Available list and use the buttons provided to move them to the Selected list.The listener alerts the Global Traffic Manager about traffic on all VLANs except those listed in the Selected list.



Chapter 4

Understanding listeners: an exampleTo further illustrate how you configure listeners to control how the Global Traffic Manager responds to DNS traffic, consider the fictional company SiteRequest. At this company, a Global Traffic Manager is being integrated into a network with the following characteristics:

• An existing DNS server already exists at IP address 10.2.5.37.

• There are two VLANs, called external and guests.

• Two wide IPs will be created: www.siterequest.com and downloads.siterequest.com.

Once integrated into the network, the Global Traffic Manager will be responsible for the following:

• Managing and responding to requests for the wide IPs

• Forwarding other DNS traffic to the existing DNS server

• Forwarding any traffic from the guests VLAN to the rest of the network

To implement this configuration, the Global Traffic Manager requires three listeners:

• A listener with an IP address that equals the self IP of the Global Traffic Manager. This listener allows the system to manage DNS traffic that pertains to its wide IPs.

• A listener with an IP address of 10.2.5.37, the IP address of the existing DNS server. This listener allows the system to forward incoming traffic to the existing DNS server.

• A wildcard listener enabled on the guests VLAN. This listener allows the Global Traffic Manager to forward traffic sent from the guests VLAN to the rest of the network.

As you can see from this example, the role the Global Traffic Manager plays in managing DNS traffic varies depending on the listener through which the traffic arrives. This results in the Global Traffic Manager becoming a flexible system for managing DNS traffic in a variety of ways.

4 - 8

5

Defining the Physical Network

• Introducing physical network components

• Managing data centers

• Managing servers

• Managing virtual servers

• Managing links


Introducing physical network componentsThe components that make up the Global Traffic Manager can be divided into two categories: logical components and physical components. Logical components are abstractions of network resources, such as a virtual server. Physical components, on the other hand, have a direct correlation with one or more physical entities on the network. This chapter deals with the physical components of the Global Traffic Manager. For information on the logical components of the Global Traffic Manager, see Chapter 6, Defining the Logical Network.

Through the Global Traffic Manager, you define several primary types of physical network components:

• Data centers

• Servers

• Virtual servers

• Links

A data center defines the group of Global Traffic Managers, Local Traffic Managers, and host systems that reside in a single physical location. Within the Global Traffic Manager, a data center contains at least one server and one link. Every resource, whether physical or logical, is associated in some way with a data center.

A server defines a specific system on the network. A system can be a single Global Traffic Manager, Local Traffic Manager, or host system. Within the Global Traffic Manager, a server, with the exception of Global Traffic Managers and Link Controllers, must also contain at least one virtual server.

A virtual server, in the context of the Global Traffic Manager, is a combination of IP address and port number that points to a specific resource on the network.

A link defines a physical connection to the Internet. Links are associated with one or more routers on the network. The Global Traffic Manager tracks the performance of links, which in turn can dictate the overall availability of a given pool, data center, wide IP, or distributed application.

This chapter describes how to define the physical components that make up your network, including setting up data centers, servers, and links.


Chapter 5

Managing data centersA data center defines the group of Global Traffic Managers, Local Traffic Managers, host systems, and links that share the same subnet on the network. The Global Traffic Manager consolidates the paths and metrics data collected from both servers, virtual servers, and links into the data center, and uses that consolidated data when conducting load balancing operations. Any server or link that you add to the Global Traffic Manager configuration must belong to one and only one data center, and you must configure at least one data center before you can add servers to the Global Traffic Manager configuration.

Common tasks you perform while working with data centers include:

• Configuring data centers

• Modifying data centers

• Deleting data centers

• Enabling and deleting data centers

Configuring data centersA data center defines the group of Global Traffic Managers, Local Traffic Managers, host systems, and links that share the same subnet on the network. Depending on your router configuration, the following data center configurations are available:

• A single data center encompasses a single physical location

• A single data center encompasses multiple physical locations

• A single physical location includes multiple data centers

For example, the fictional company SiteRequest has a network operation center in New York, which contains two subnets: 192.168.11.0/24 and 192.168.22.0/24. Because there are two subnets, the IT team needs to create two data centers: New York 1 and New York 2, within the Global Traffic Manager. On the opposite side of the country, SiteRequest has three operational centers, but they all share the same subnet of 192.168.33.0/24. To reflect this in the Global Traffic Manager, the IT team needs to create a single data center: West Coast.

Within the Global Traffic Manager, you define a data center by the following characteristics:

• Name. The descriptive name of the data center, such as New York 1 or West Coast.

• Physical location. A description of the geographical area in which the data center resides, such as New York City - Building A.

• Contact. The name of a individual responsible for managing the network at the data center.

• State. The state of the data center. Available options are Enabled or Disabled.

5 - 2


To configure a data center


2. Click the Create button.The New Data Center screen opens.

3. Add the new data center settings. For additional assistance with these settings, please see the online help.

4. Click the Finished button.

Repeat this process for each data center in your network.

Modifying data centersAfter you create a data center, you can access its settings, changing them as needed.

To modify a data center


2. Click the name of the data center that you want to modify.The properties screen for that data center appears.

3. Modify the settings for the data center.For additional assistance with these settings, please see the online help.


Deleting data centersIn the event that a data center is no longer needed within the Global Traffic Manager, you can delete it from the system.

To delete a data center


2. Check the Select check box that corresponds to the data center that you want to delete.

3. Click the Delete button.A confirmation screen opens.


Chapter 5

4. Click the Delete button to delete the data center.

Enabling and disabling data centersWhen you create a data center, you determine whether you want the data center enabled or not. Resources associated with a data center are available only if the following criteria are met:

• The data center is enabled.

• The data center is available, based on the metrics collected by the Global Traffic Manager.

You can enable or disable a data center manually, allowing you to remove a data center temporarily from the Global Traffic Manager’s load balancing operations; for example, during a maintenance period. When the maintenance period has ended, you can enable the data center, allowing the Global Traffic Manager to consider the resources of that data center when load balancing connection requests.

To enable a data center


2. Check the Select check box that corresponds to the data center that you want to enable.

3. Click the Enable button to enable the data center.Note that the icon representing the availability of the data center changes to a blue square to reflect its current level of availability.

To disable a data center


2. Check the Select check box that corresponds to the data center that you want to disable.

3. Click the Disable button to disable the data center.Note that the icon representing the availability of the data center changes to a black square, indicating that it is disabled.

5 - 4


Managing serversA server defines a specific system on the network. In the Global Traffic Manager, servers are not only physical entities that you can change and modify as needed; they also house the virtual servers that are the ultimate destinations of name resolution requests. In essence, servers are the core of the physical components that you manage with the Global Traffic Manager.

The Global Traffic Manager supports three types of servers:

◆ BIG-IP systemsA BIG-IP system can be a Global Traffic Manager (including the current Global Traffic Manager), a Local Traffic Manager, or a Link Controller.

◆ Third-party load balancing systemsA third-party load balancing system is any system, other than a BIG-IP system, that supports and manages virtual servers on the network. See Defining load balancing servers, on page 5-9 for information on how to define these servers and a list of supported load balancing servers.

◆ Third-party host serversA third-party host system is any server resource on the network that does not support virtual servers. See Defining host servers, on page 5-11 for information on how to define these servers and a list of supported host servers.

At a minimum, you must set up the following servers on the Global Traffic Manager:

• The current Global Traffic Manager

• A managed server (either a load balancing server or a host)

This section describes how to set up each server type in your network. The setup procedures here assume that the servers are up and running in the network, and that they already have virtual servers defined (if the server manages virtual servers).

Defining BIG-IP systemsA BIG-IP system is defined as any Global Traffic Manager, a Local Traffic Manager, or a Link Controller. Defining a BIG-IP system includes defining the Global Traffic Manager that you are currently configuring. This ensures that the Global Traffic Manager communicates correctly with the rest of the network and can be synchronized with other Global Traffic Managers on the network.

Defining the current Global Traffic Manager

One type of server that you must define for your physical network is the Global Traffic Manager itself. This process includes defining the current Global Traffic Manager, which is the Global Traffic Manager that you are


Chapter 5

currently configuring, and then defining any additional Global Traffic Managers, which include backup systems on the current network segment, or systems that reside at another data center. The information you provide on these systems allows the agents and other utilities, such as the big3d agent, to gather and analyze path and metrics information on network traffic. In addition, adding Global Traffic Managers as part of defining the physical network is necessary when you want to synchronize the settings across multiple systems.

Important

If you have multiple Global Traffic Managers on your network, we recommend that you define the current Global Traffic Manager first, followed by any additional systems.

To define the current Global Traffic Manager



3. In the Name box, type a name that identifies the Global Traffic Manager.

4. From the Product list, select the appropriate server product.Global Traffic Managers, Local Traffic Managers, and Link Controllers all belong to the BIG-IP product family. Any time you add one of these systems as a server, you can select one of two server products from the Product list:



5. For Address List, add the IP address of the server.To add the IP address, type the address in the Address box, and then click Add. You can add more than one address to any given server, depending on how that server interacts with the rest of your network. For example, if the current Global Traffic Manager is part of a redundant system, you add the IP addresses of the primary and backup systems.

6. From the Data Center list, select a data center to which the Global Traffic Manager belongs.A server must belong to a data center. See Managing data centers, on page 5-2 for additional information.



5 - 6


Defining Local Traffic Manager systems

Local Traffic Managers are load balancing servers that manage virtual servers on the network. There are two standard configurations for a Local Traffic Manager:

• A stand-alone system on the network

• A component module residing on the same hardware as the Global Traffic Manager

Regardless of whether the Local Traffic Manager shares the same hardware as the Global Traffic Manager, you should ensure that you have the following information available before you define the system:

• The self IP addresses and translations of the Local Traffic Manager’s interfaces

• The IP address and service name or port number of each virtual server managed by the Local Traffic Manager, only if you do not want to use auto-configuration to discover the Local Traffic Manager’s virtual servers

Important

If your installation of the Global Traffic Manager resides on the same system as a Local Traffic Manager, you define only one BIG-IP server. This server entry represents both the Global Traffic Manager and Local Traffic Manager modules.

To define a Local Traffic Manager



3. In the Name box, type a name that identifies the Local Traffic Manager.

4. From the Product list, select the appropriate server product.Global Traffic Managers, Local Traffic Managers, and Link Controllers all belong to the BIG-IP product family. Any time you add one of these systems as a server, you can select one of two server products from the Product list:



5. For Address List, add the IP address of the server.To add the IP address, type the address in the Address box, and then click Add. You can add more than one address to any given server,


Chapter 5

depending on how that server interacts with the rest of your network. For example, if the current Global Traffic Manager is part of a redundant pair, you would add the IP addresses of the primary and backup systems.

6. From the Data Center list, select a data center to which the Local Traffic Manager belongs.A server must belong to a data center. See Managing data centers, on page 5-2 for additional information.

7. Configure the remaining server settings, including the virtual servers managed by the Local Traffic Manager.For additional assistance on these settings, see the online help.


Defining Link Controllers

The Link Controller is also part of the BIG-IP product family. Link Controllers are systems that monitor the performance and availability of wide-area connections.

To define a Link Controller



3. In the Name box, type a name that identifies the Link Controller.

4. From the Product list, select BIG-IP System (Single).Global Traffic Managers, Local Traffic Managers, and Link Controllers all belong to the BIG-IP product family. Any time you add one of these systems as a server:



5. For Address List, add the IP address of the server.To add the IP address, type the address in the Address box, and then click Add. You can add more than one address to any given server, depending on how that server interacts with the rest of your network.

6. From the Data Center list, select a data center to which the Link Controller belongs.A server must belong to a data center. Please see Managing data centers, on page 5-2 for additional information.

5 - 8


7. Configure the remaining server settings.For additional assistance on these settings, please see the online help.


Defining load balancing serversIn addition to BIG-IP systems, the Global Traffic Manager can interact with other load-balancing servers to determine availability and performance metrics for load balancing connection requests.

The Global Traffic Manager supports these load balancing servers:

• Alteon® Ace Director

• Cisco® CSS

• Cisco® LocalDirector v2

• Cisco® LoadDirector v3

• Cisco® SLB

• Extreme

• Foundry® ServerIron

• Radware WSD

Note

If your network uses a load balancing server not found on this list, you can use the Generic Load Balancer option. See Using the generic load balancer option, on page 5-10.

Adding load balancing servers

You can add as many third-party load balancing servers as you need into your configuration of the Global Traffic Manager.

To add a load balancing server



3. In the Name box, type a name that identifies the server.

4. From the Product list, select the appropriate load balancing server.If your network uses a load balancing server not found on this list, you can use the Generic Load Balancer option. See Using the generic load balancer option, on page 5-10.


Chapter 5


6. From the Data Center list, select a data center to which the server belongs.A server must belong to a data center. See Managing data centers, on page 5-2 for additional information.



Using the generic load balancer option

In the event that your network uses a load balancing server that is not explicitly supported by the Global Traffic Manager, you can add it through the use of the generic load balancer option.

To define a generic load balancing server




4. From the Product list, select Generic Load Balancer.


6. From the Data Center list, select a data center to which the server belongs.A server must belong to a data center. Please see Managing data centers, on page 5-2 for additional information.

7. Configure the remaining server settings.For additional assistance on these settings, please see the online help.


5 - 10


Defining host serversAnother server type that you might include as part of your network is a host. A host is an individual network resource, such as web page or a database, that is not a part of the BIG-IP product family and does not provide load balancing capabilities for the resources is supports.

The following is a list of host servers that the Global Traffic Manager supports:

• CacheFlow®

• NetApp™

• Sun Solaris™

• Windows 2000 Server

• Windows NT™ 4.0

Note

If your network uses a host server not found on this list, you can use the Generic Load Balancer option. See Using the generic host server option, on page 5-12.

To define a host server




4. From the Product list, select the appropriate host server.If your network uses a server not found on this list, you can use the generic host server option. See Using the generic host server option, on page 5-12.






Chapter 5

Using the generic host server option

In the event that your network uses a host server that is not explicitly supported by the Global Traffic Manager, you can add it through the use of the generic host server option.

To define a generic host server




4. From the Product list, select Generic Host.





Assigning monitors to serversEach server that you add to the Global Traffic Manager, whether it is a BIG-IP system, a third-party load balancing server, or a host server, has a variety of monitors available. You can assign these monitors to track specific data, and use that data to determine load balancing or other actions. Detailed information about monitors is available in Chapter 10, Configuring Monitors.

To add monitors to a server


2. Click the name of the server to which you want to add monitors.The properties screen for that server opens.

5 - 12


3. From the Configuration list, select Advanced.This displays additional fields, and allows you to modify additional default settings.

4. For Health Monitors, use the Move buttons provided to move monitors from the Available list to the Selected list.Monitors in the Selected list are active for the server.


Setting limit thresholdsWhen you set limit thresholds for availability, the Global Traffic Manager can detect when a managed server is low on system resources, and can redirect the traffic to another server. Setting limits can help eliminate any negative impact on a server's performance of service tasks that may be time critical, require high bandwidth, or put high demand on system resources. The system resources vary depending on the monitors you have assigned to the server.

You can set limits thresholds for the following elements:

• Servers

• Pools

• Pool members

• Virtual servers

Setting limit thresholds for servers

The available thresholds for which you can set limits for servers depends on whether the server is part of the BIG-IP product family, such as a Local Traffic Manager, or another server type. If the server is part of the BIG-IP product family, the available thresholds are:

• Bits (per second)

• Packets (per second)

• Current Connections

If the server is not part of the BIG-IP product family, such as a generic host server, the available thresholds are:

• CPU

• Memory

• Bits

• Packets


The following procedure provides general instructions for configuring these thresholds. For detailed information on these thresholds, see the online help.


Chapter 5

To set limit thresholds for servers


2. Click the name of the server for which you want to set limits.The properties screen for that server opens.


4. For Limit Settings, select Enabled from the list that corresponds to the threshold you want to use.A new setting appears.

5. Type the appropriate value for each threshold.


Note

You can also set limits on virtual server resources. If a server meets or exceeds its limits, both the server and the virtual servers it manages are marked as unavailable for load balancing. You can quickly review the availability of any of your servers or virtual servers in the Statistics screens.

Setting limit thresholds for poolsThe available thresholds for which you can set limits for pools are:



• New connections

• Total connections


To set limit thresholds for pools

1. On the Main tab of the navigation pane, expand Global Traffic and click Pools.The main screen for pools opens.

2. Click the name of the pool for which you want to set limits.The properties screen for that pool appears.


5 - 14





Note

You can also set limits on pool members. If a pool meets or exceeds its limits, both the pool and the pool members it manages are marked as unavailable for load balancing. You can quickly review the availability of any of your pools or pool members in the Statistics screens.

Setting limit thresholds for pool members

The available thresholds for which you can set limits for pool members are:



• Connection rate


The following procedure provides general instructions for configuring these thresholds. For detailed information on these thresholds, please see the online help.

To set limit thresholds for pool members

1. On the Main tab of the navigation pane, expand Global Traffic and click Pools.The main screen for pools opens.

2. Click the name of the pool that contains the pool member.The properties screen for that pool appears.

3. On the menu bar, click Members.The members screen opens.

4. Click the name of the pool member for which you want to set limits.






Chapter 5

Setting limit thresholds for virtual servers

The available thresholds for which you can set limits for virtual servers are:



• Connection rate

• Current connections


To set limit thresholds for virtual servers


2. Click the name of the server that contains the virtual server.The properties screen for that server opens.

3. On the menu bar, click Virtual Servers.The virtual servers screen opens.

4. Click the name of the virtual server for which you want to set limits.





Discovering resources automaticallyThe Global Traffic Manager is able to automatically discover virtual servers and links that are associated with any member of the BIG-IP product family. This capability is available through the virtual server discovery option, which identifies virtual servers, and link discovery, which discovers links. When you enable either virtual server or link discovery, the system automatically searches for resources of the specified type, and adds them to the Global Traffic Manager configuration. Discovery options are established on a per-server basis. For more information on discovery options, see Chapter 2, Setting up the Global Traffic Manager.

5 - 16


The discovery feature of the Global Traffic Manager supports four settings:

◆ DisabledWhen the Discovery setting is set to Disabled, the Global Traffic Manager does not collect any configuration information from the relevant system in the network. Instead, you must make all changes to the configuration manually. This is the default setting.

◆ EnabledWhen the Discovery setting is set to ON, the Global Traffic Manager polls the relevant system every 30 seconds to update the configuration information for those systems. Any changes, additions, or deletions are then made to the controller's configuration.

◆ Enabled/No DeleteWhen the Discovery setting is set to Enabled/No Delete, the Global Traffic Manager polls the relevant system in the network every 30 seconds to update the configuration information for those systems. Any changes or additions are then made to the controller's configuration. Any deletions in the configuration are ignored. This setting is helpful if you want to take systems in and out of service without modifying the Global Traffic Manager configuration.

◆ One-time DiscoveryWhen the Discovery setting is set to One-time Discovery, the Global Traffic Manager polls the relevant system once to update the configuration information for that system. After this initial discovery, the Global Traffic Manager does not poll the system for changes that might have occurred. This feature is useful when you are first installing the Global Traffic Manager on the network and you have a lot of resources to add in, but do not want to have the discovery feature on continually.

Depending on the server you are configuring, you have two discovery options available:

• On BIG-IP Systems, specifically Local Traffic Managers, you can enable discovery for virtual servers and links.

• On load balancing servers, you can enable discovery for virtual servers only.

Note

The Global Traffic Manager requires that each virtual server have a unique name. In instances where the autodiscovery process finds two virtual servers with the same name, it modifies the name by creating a new name using the pattern, <server name>_<bigip system name>. In the even that this does not resolve the name conflict, the system appends a number to the name. For example, <server name>_<bigip system name>_1.

To discover virtual servers



Chapter 5

2. Click the name of the server for which you want to discover virtual servers.The properties screen for that server appears.


4. From the Virtual Server Discovery list, select the appropriate setting.If you select Disabled, the virtual server list appears, which provides options for adding virtual servers manually.


To discover links

You can enable discovery for links only on BIG-IP systems.


2. Click the name of the server for which you want to discover links.The properties screen for that server opens.


4. From the Link Discovery option, select the appropriate setting.


5 - 18


Managing virtual serversAny server, excluding Global Traffic Managers and Link Controllers, contains at least one virtual server. A virtual server, in the context of the Global Traffic Manager, is a specific IP address and port number that points to a resource on the network. In the case of host servers, this IP address and port number likely point to the resource itself. With load balancing systems, such as the Local Traffic Manager, these virtual servers are often proxies that allow the load balancing server to manage the resource request across a multitude of resources.

You can add virtual servers in two ways:

• Automatically, through the use of the Global Traffic Manager’s discovery feature. For more information on automatically discovering virtual servers, see Discovering resources automatically, on page 5-16.

• Manually, through the properties screens of the given server.

Adding virtual servers manuallyThe following procedure describes how to add a virtual server manually to a given server. If you want to add virtual servers through the use of the discovery feature, see Discovering resources automatically, on page 5-16.

Note

When you add virtual servers to the Global Traffic Manager, you must ensure that each virtual server has a unique name.

To add a virtual server


2. Click the name of the server to which you want to add virtual servers.The properties screen for that server opens.


4. From the Virtual Server Discovery list, select Disabled.

5. Click the Update button to implement this change.

6. Click the Add button to begin adding a new virtual server.The new virtual server screen opens.

7. In the Virtual Server List option, supply the appropriate information for the virtual servers. and then click the Add button to add the virtual server to the server.For more information on these options, see the online help.

8. Click the Create button to save the new virtual server.


Chapter 5

Modifying virtual serversYou can modify the information related to a virtual server at any time; for example, if the IP address and port number on the virtual server changes, or if you modify your IP address translation settings.

To edit a virtual server


2. Click the name of the server to which you want to edit virtual servers.The properties screen for that server opens.


4. Click the name of the virtual server that you want to modify.The properties page of the virtual server opens.

5. Edit the virtual server as needed.For more information on these options, see the online help.


Removing virtual serversIf a virtual server is no longer available on a specific system you can remove it; for example, if the virtual server has been replaced by a newer one.

To remove a virtual server


2. Click the name of the server from which you want to remove virtual servers.The properties screen for that server appears.


4. Check the Select check box that corresponds to the virtual server that you want to remove.

5. Click the Remove button to remove the virtual server from the server.

5 - 20


Managing linksA link defines a physical connection to the Internet that is associated with one or more routers on the network. When you configure the links that you want to load balance in the Global Traffic Manager. you add a link entry into the Global Traffic Manager and associating one or more routers with that entry. In addition, you can also configure monitors to check certain metrics associated with the link, and modify how the Global Traffic Manager selects a link for network traffic

You can interact with links in the Global Traffic Manager in a variety of ways. You can:

• Define a link

• Add routers to a link

• Assign monitors to a link

• Configure link weighting and billing properties

Defining linksBefore you can load balance inbound and outbound traffic, you must configure the basic link properties. The following procedure describes how to configure the basic properties of a link.

To configure a link

1. On the Main tab of the navigation pane, expand Global Traffic and click Links.The main screen for links opens.

2. In the Name box, type a name that identifies the link.

3. For Router Address List, add the router address of the link.To add the router address, type the address in the Address box, and then click Add. You can add more than one address to any given link, depending on how that server interacts with the rest of your network.

4. From the Data Center list, select the appropriate data center.A link must be associated with a data center.

5. Configure the other link options as needed.For detailed information on these options, see the online help.

6. Click the Create button to create the link.


Chapter 5

Adding and removing routersYou can add or remove routers associated with a link at any time.

To add a router to a link


2. Click the name of the link that you want to modify.The properties screen for that link opens.

3. For Router Address List, add the router address of the link.To add the router address, type the address in the Address box, and then click Add. You can add more than one address to any given link, depending on how that server interacts with the rest of your network.


To remove a router from a link


2. Click the name of the link that you want to modify.The Properties screen for that link opens.

3. For Router Address List, select a router and then click Remove.Repeat this step for any other routers that you want to remove.


Assigning monitors to linksEach link that you add has a variety of monitors available. You can assign these monitors to track specific data, and use that data to determine load balancing or other actions. Detailed information about monitors is available in Chapter 10, Configuring Monitors.

To add monitors to a link


2. Click the name of the link to which you want to add monitors.The properties screen for that server opens.


5 - 22


4. For Health Monitors, use the Move buttons provided to move monitors from the Available list to the Enabled list.Monitors in the Enabled list are active for the link.


Configuring link weighting and billing propertiesYou determine how traffic is managed and distributed for a given link on the properties screen, using these settings:

◆ Duplex BillingIf your ISP provider uses duplex billing, you can set the Duplex Billing option so that the statistics and billing report screens accurately reflect the bandwidth usage for the link.

◆ Price WeightingIf you want to load balance traffic based on the cost of the bandwidth, then select the Price (Dynamic Ratio) option. You can use this weighting option to avoid the costs associated with exceeding your prepaid bandwidth. You can also use this weighting option to direct traffic over the least expensive link first.

◆ Ratio WeightingIf you want to load balance the total traffic to the controller based on a ratio, then select the Ratio option. When you have links of varying bandwidth sizes, you can use this weighting option to avoid oversaturating a smaller link with too much traffic.

Important

You can use either the price weighting option or the ratio weighting option to load balance your link traffic for all of your links. You cannot use both options. Regardless of which weighting option you use, you must use the same weighting option for all links.

To configure link weighting properties


2. Click the name of the link to which you want to configure link weighting properties.The properties screen for that server opens.


4. From the Weighting list, select either Ratio or Price (Dynamic Ratio), depending on how you want to weight the link.


Chapter 5

5. Configure additional options as needed.For more information, see the online help.


To configure duplex billing properties


2. Click the name of the link to which you want to configure duplex billing properties.The properties screen for that server opens.


4. Check the Duplex Billing option to enable duplex billing for the link.


5 - 24

6

Defining the Logical Network

• Introducing logical network components

• Setting up pools

• Setting up wide IPs

• Setting up distributed applications


Introducing logical network componentsAfter you define the physical components of your network, such as data centers, servers, and links, you can configure the Global Traffic Manager with the logical components. Logical components are abstractions of network resources, such as a virtual servers. Unlike physical components, logical networks can often span multiple physical devices, or encompass a subsection of a single device.

Through the Global Traffic Manager, you define three primary types of logical network components:

• Pools

• Wide IPs


Just as a virtual server is a collection of IP addresses and port numbers, a pool is a collection of virtual servers. Pools represent virtual servers that share a common role on the network. A virtual server, in the context of the Global Traffic Manager, is a combination of IP address and port number that points to a specific resource on the network.

A wide IP is a mapping of a fully-qualified domain name (FQDN) to a set of virtual servers that host the domain’s content, such as a web site, an e-commerce site, or a content-delivery network (CDN). Wide IPs use pools to organize virtual servers, which creates a tiered load balancing effect: the Global Traffic Manager first load balances requests to a wide IP to the appropriate pool, then load balances within the pool to the appropriate virtual server.

The broadest collection of logical network components is distributed applications. A distributed application is a group of wide IPs that serves as a single application to a site visitor. The Global Traffic Manager does not load balance on wide IPs in a distributed application; however, using distributed applications within the Global Traffic Manager provides better visibility into the applications users access.

Understanding logical componentsTo better understand the interactions between pools, wide IPs, and data centers, consider the fictional company of SiteRequest. SiteRequest is an online application repository. Currently, its Web presence consists of a main site, www.siterequest.com, a download area, downloads.siterequest.com, and a search area, search.siterequest.com.

These three fully-qualified domain names (FQDNs), www.siterequest.com, downloads.siterequest.com, and search.siterequest.com, are wide IPs. Each of these wide IPs contain several pools of virtual servers. For example, www.siterequest.com contains two pools of virtual servers: poolMain, and


Chapter 6

poolBackup. When the Global Traffic Manager receives a connection request for www.siterequest.com, it applies its load balancing logic to select an appropriate pool to handle the request.

Once the Global Traffic Manager selects a pool, it then load balances the request to the appropriate virtual server. For example, mainPool contains three virtual servers: 192.168.3.10:80, 192.168.4.20:80, and 192.168.5.30:80. The Global Traffic Manager responds to the system that made the connection request with the selected virtual server. From then on, the Global Traffic Manager steps out of the communication, and the system requesting the resource communicates directly with the virtual server.

Note

If one of these virtual servers was managed by a load balancing server, the IP address and port number would likely point to a proxy on which the load balancing server listened for connection requests. In that case, the load balancing server would manage the connection to the appropriate resource.

For administration purposes, the wide IPs downloads.siterequest.com and search.siterequest.com are added to a single distributed application, siterequest_download_store. This configuration provides the IT staff the ability to track the performance of the distributed application, as that has an immediate impact on users visiting their web sites.

6 - 2


Setting up poolsA pool represents one or more virtual servers that share a common role on the network. A virtual server, in the context of the Global Traffic Manager, is a combination of IP address and port number that points to a specific resource on the network.

The Global Traffic Manager considers any virtual servers that you add to a pool to be pool members. A pool member is a virtual server that has specific attributes that pertain to the virtual server only in the context of that pool. Through this differentiation, you can customize settings, such as thresholds, dependencies, and health monitors, for a given virtual server on a per-pool basis.

As an example of the difference between pool members and virtual servers, consider the fictional company SiteRequest. In the London data center, the IT team has a virtual server that acts as a proxy for a Local Traffic Manager. This virtual server provides the main resources for name resolution requests for the company’s main Web page that originate from Europe. This same virtual server provides backup resources for name resolution requests that originate from the United States. Because these are two distinctly different roles, the virtual server is a pool member in two different pools. This configuration allows the IT team to customize the virtual server for each pool to which it belongs, without modifying the actual virtual server itself.

As described in Chapter 5, Defining the Physical Network, you can add virtual servers to the Global Traffic Manager only by first defining a server that represents a physical component of your network. Once you add these virtual servers, however, you can divide them into as many or as few pools as needed.

You interact with pools in a variety of ways. You can:

• Define pools

• Add virtual servers to pools

• Remove virtual servers from pools

• Organize virtual servers within pools

• Weight virtual servers within pools

• Disable or enable pools

Defining poolsThe first step in working with pools is defining them. The basic definition of a pool is a name and at least one virtual server. You can expand on this definition by assigning specific load balancing methods, a fallback IP address (in the event that the load balancing methods fail to return a valid virtual server), and one or more health monitors, which use various methods to determine if the virtual servers within the pool are available.


Chapter 6

To define a pool

1. On the Main tab of the navigation pane, expand Global Traffic and then click Pools.The main pools screen opens.

2. Click the Create button.

3. In the Name box, type a name for the pool.

4. In the Members area, for Member List, add the virtual servers that belong to this pool.Note that a virtual server can belong to more than one pool.

5. Configure the remaining pool settings. For additional assistance with these settings, please see the online help.

6. Click the Finished button to save the new pool.

Repeat this process for each pool that you want to create.

Adding virtual servers to poolsA pool is defined as one or more virtual servers that share a common role on the network. When you first defined a pool, you added at least one virtual server to it. This virtual server becomes a pool member and, as a pool member, can be customized as it pertains to its specific role within the pool. As your network changes, you might find that you need to add new virtual servers to a pool.

To add a virtual server to a pool


2. Click the name of the pool to which you want to add a virtual server.The properties screen of that pool opens.

3. On the menu bar at the top of the screen, click Members.The pool members screen opens. This screen lists the virtual servers currently assigned to the pool, and allows you to modify how the Global Traffic Manager load balances requests across these virtual servers.

4. In the Members area, click the Manage button.The manage members screen opens.

5. In Members List, use the options provided to add a virtual server to the pool.You can repeat this step to add more than one virtual server at a time. For more information on these options, see the online help.

6 - 4


6. Click the Finished button to update the pool with the new virtual server.

Removing virtual servers from poolsYour network likely changes over time. As a result, you might find that you need to remove virtual servers from a pool. For example, the virtual server underlying this pool member might be obsolete due to an upgrade, or you might reconfigure the pool to perform a different role and certain virtual servers no longer apply.

You can remove a virtual server from a pool at any time. Removing a virtual server does not delete it completely from the Global Traffic Manager; it is still exists and remains associated with its physical server. However, it ceases to be a pool member for the given pool, so any customizations that pertain to that pool member are deleted.

If you want to delete a virtual server completely from the Global Traffic Manager, see Removing virtual servers, on page 5-20.

To remove a virtual server from a pool


2. Click the name of the pool to which you want to remove a virtual server.The properties screen of that pool opens.

3. On the menu bar at the top of the screen, click Members.The pool members screen opens. This screen lists the virtual servers currently assigned to the pool and allows you to modify how the Global Traffic Manager load balances requests across these virtual servers.

4. Click the Manage button.The Manage Members screen opens.

5. In Members List, select the virtual server you want to remove and click Remove.You can repeat this step to remove more than one virtual server at a time.

6. Click the Finished button to update the pool without the virtual server.

Organizing virtual servers within poolsCertain load balancing methods within the Global Traffic Manager select virtual servers based on the order in which they are listed in the pool. For example, the load balancing method, Global Availability, instructs the


Chapter 6

Global Traffic Manager to select the first virtual server in the pool until it reaches capacity or goes offline, at which point it selects the next virtual server until the first pool becomes available again.

See Chapter 7, Load Balancing with the Global Traffic Manager for more information on load balancing methods that the Global Traffic Manager supports.

If you use one of these load balancing methods, you may want to arrange the order in which virtual servers are listed in a pool at any time. When you organize your virtual servers in conjunction with these load balancing methods, you can ensure that your most robust virtual server always receives resolution requests, while the other virtual servers act as backups in case the primary virtual server becomes unavailable.

To organize virtual servers within a pool


2. Click the name of the pool to which you want to organize virtual servers.The properties screen of that pool opens.

3. From the menu bar at the top of the screen, click Members.The pool members screen opens. This screen lists the virtual servers currently assigned to the pool and allows you to modify how the Global Traffic Manager load balances requests across these virtual servers.

4. Click the Manage button.The Manage Members screen opens.

5. In Members List, select a virtual server and click either the Up or Down buttons to arrange it.You can repeat this step to organize more than one virtual server at a time.

6. Click the Finished button to update the pool with the organized virtual servers.

Weighting virtual servers within poolsOne of the load balancing methods that the Global Traffic Manager supports is the Ratio mode. This mode instructs the system to load balance network requests based on the weights assigned a specific resource. If you use the Ratio mode to load balance across virtual servers in a pool, you must assign weights to those virtual servers. A weight is a value assigned to a resource, such as a pool, that the Global Traffic Manager uses to determine the frequency at which the resource receives connection requests. The Global Traffic Manager selects a resource based on the weight of that resource as a percentage of the total of all weights in that resource group.

6 - 6


To illustrate the use of weights in connection load balancing, consider the fictional company SiteRequest. One of SiteRequest’s wide IPs, www.siterequest.com, contains a pool labeled poolMain. This pool uses the Ratio load balancing mode and contains three virtual servers, with the following weight assignments:

• Virtual server 1: weight 50



Notice that the total of all the weights in this pool is 100. Each time the Global Traffic Manager selects this pool, it load balances across all three virtual servers. Over time, the load balancing statistics for this pool will appear as follows:

• Virtual server 1: selected 50 percent of the time



This pattern exists because the weight value, 50, is 50 percent of the total weight for all virtual servers (100), while the weight value, 25, is 25 percent of the total.

For information on the Ratio mode and other load balancing methods, see Chapter 7, Load Balancing with the Global Traffic Manager.

To weight virtual servers within a pool


2. Click the name of the pool to which you want to organize virtual servers.The properties screen of that pool opens.

3. On the menu bar at the top of the screen, click Members.The pool members screen opens. This screen lists the virtual servers currently assigned to the pool and allows you to modify how the Global Traffic Manager load balances requests across these virtual servers.

4. Click the Manage button.The manage members screen opens.

5. From the Virtual Server list, select the virtual server to which you want to assign a ratio value.If the virtual server already belongs to the pool, you must first remove the virtual server from the pool and then add it back in again. For more information, see Removing virtual servers from pools, on page 6-5.


Chapter 6

6. In the Ratio box, type a numerical value that represents the weight of the virtual server as compared to other virtual servers within the same pool. The higher the value in this setting, the greater the frequency at which the Global Traffic Manager selects the virtual server.

7. Click the Add button to add the virtual server, with ratio value, to the pool.


Repeat this process for each virtual server.

Disabling and enabling poolsBy default, any pool that you create in the Global Traffic Manager is enabled. This state means that the pool is accessible to the Global Traffic Manager as it balances connection requests. If you need to temporarily disable a pool, such as for a maintenance period, you can do so at any time and re-enable it when it is ready to receive name resolution requests.

To disable a pool


2. Check the Select box for the pool that you want to enable.

3. Click the Disable button.After a few seconds, the pool becomes disabled. You can verify that the pool is disabled by looking at its status icon, located in the Status column in the table of pools. The status of a disabled pool is a black square.

To enable a pool


2. Check the Select check box for the pool that you want to enable.

3. Click the Enable button.After a few seconds, the pool becomes enabled. The status icon of the pool, located in the Status column in the table of pools, changes to reflect the current availability of the pool. For example, a pool that is enabled and verified as available by the Global Traffic Manager has a status icon of a green circle.

6 - 8


Setting up wide IPsA wide IP is a mapping of a fully-qualified domain name (FQDN) to a set of virtual servers that host the domain’s content, such as a web site, an e-commerce site, or a CDN. Wide IPs use pools to organize virtual servers, which creates a tiered load balancing effect: the Global Traffic Manager first load balances requests to a wide IP to the appropriate pool, then load balances within the pool to the appropriate virtual server.

You can interact with wide IPs in many ways. You can:

• Define a wide IP

• Add pools to wide IPs

• Remove pools from wide IPs

• Organize pools within wide IPs

• Weight pools within wide IPs

• Disable and enable wide IPs

• Incorporate iRules

Defining wide IPsThe first step in working with wide IPs is defining them. The basic definition of a wide IP is a name and at least one pool. You can expand on this definition by assigning specific load balancing methods, adding iRules, which are scripts that programmatically control how the Global Traffic Manager handles name resolution requests.

To define a wide IP

1. On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.The wide IP screen opens.

2. Click the Create button.The New Wide IP screen opens.

3. In the Name box, type the fully-qualified domain name for the wide IP.

4. In the Pools section, use the Pool List option to add the pools that belong to this wide IP.Note that a pool can belong to more than one wide IP.

5. Configure the remaining wide IP settings. For additional assistance with these settings, please see the online help.

6. Click the Finish button to save the new wide IP.

Repeat this process for each wide IP that you want to create.


Chapter 6

Using wildcard characters in wide IP names

The Global Traffic Manager supports wildcard characters in both wide IP names and wide IP aliases. You can use the wildcard characters to simplify your maintenance tasks if you have a large quantity of wide IP names and/or wide IP aliases. The wildcard characters you can use are: the question mark ( ? ), and the asterisk ( * ). The guidelines for using the wildcard characters are as follows:

◆ The question mark ( ? )

• You can use the question mark to replace a single character, with the exception of dots ( . ).

• You can use more than one question mark in a wide IP name or alias.

• You can use both the question mark and the asterisk in the same wide IP name or alias.

◆ The asterisk ( * )

• You can use the asterisk to replace multiple consecutive characters, with the exception of dots ( . ).

• You can use more than one asterisk in a wide IP name or alias.

• You can use both the question mark and the asterisk in the same wide IP name or alias.

The following examples are all valid uses of the wildcard characters for the wide IP name, www.mydomain.net.

• ???.mydomain.net

• www.??domain.net

• www.my*.net

• www.??*.net

• www.my*.*

• ???.my*.*

• *.*.net

• www.*.???

Adding pools to wide IPsA wide IP must contain at least one pool, which then must contain at least one pool member. This hierarchal configuration allows the Global Traffic Manager to load balance connection requests for a wide IP at two levels: first, the connection is load balanced across the pools assigned to the wide IP; second, the connection is load balanced across the pool members within the given pool.

Note

You can assign the same pool to multiple wide IPs.

6 - 10


To add a pool to a wide IP

1. On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.The Wide IPs screen opens.

2. Click the name of the wide IP to which you want to add a pool.The properties screen of that wide IP opens.

3. On the menu bar at the top of the screen, click Pools.The pools screen opens. This screen contains a list of the pools currently assigned to the wide IP.

4. Click the Manage button.The manage pools screen opens.

5. Use the Pool List settings to add a pool to the wide IP.For more information, see the online help.

6. Click the Finished button to save your changes to the wide IP.

Repeat this process for each pool that you want to add to the wide IP.

Removing pools from wide IPsWhen you remove a pool from a wide IP, the Global Traffic Manager ceases to use that pool when load balancing name resolution requests. Removing a pool does not delete it from the Global Traffic Manager; it remains available so you can add it to another wide IP.

To remove a pool from a wide IP


2. Click the name of the wide IP from which you want to remove a pool.The properties screen of that wide IP opens.

3. On the menu bar at the top of the screen, click Pools.The Pools screen opens. This screen contains a list of the pools currently assigned to the wide IP.


5. Use the Pools List option to select the pool that you want to remove and click Remove.

6. Click the Update button to save your changes to the wide IP.

Repeat this process for each pool that you want to remove from the wide IP.


Chapter 6

Organizing pools within wide IPsCertain load balancing methods within the Global Traffic Manager select pools based on the order in which they are listed in the wide IP. For example, the load balancing method, Global Availability, instructs the Global Traffic Manager to select the first pool in the wide IP until it becomes unavailable, at which point it selects the next pool until the first pool becomes available again.

See Chapter 7, Load Balancing with the Global Traffic Manager for more information on load balancing methods that the Global Traffic Manager supports.

If you use one of these load balancing methods, you may want to arrange the order in which pools are listed in a wide IP. When you organize your pools in conjunction with these load balancing methods, you can ensure that your most robust pool always receives resolution requests, while the other pools act as backups in case the primary pool becomes unavailable.

To organize pools within a wide IP


2. Click the name of the wide IP in which you want to organize pools.The properties page of that wide IP opens.

3. On the menu bar at the top of the screen, click Pools.The Pools screen opens. This screen contains a list of the pools currently assigned to the wide IP.


5. Use the Pools List settings to select the pool and click either the Up or Down buttons to change its sequence.For more information, see the online help.


Repeat this process until the pools are listed in the necessary order.

Weighting pools within wide IPsOne of the load balancing methods that the Global Traffic Manager supports is the Ratio mode. This mode instructs the system to load balance network requests based on the weights assigned a specific resource. If you use the Ratio mode to load balance across pools in a wide IP, you must assign weights to those pools. A weight is a value assigned to a resource, such as a pool, that the Global Traffic Manager uses to determine the frequency at which the resource receives connection requests. The Global Traffic Manager selects a resource based on the weight of that resource as a percentage of the total of all weights in that resource group.

6 - 12


To illustrate the use of weights in connection load balancing, consider the fictional company SiteRequest. One of SiteRequest’s wide IPs, www.siterequest.com, uses the Ratio load balancing mode and contains three pools, with the following weight assignments:

• Pool 1: weight 50



Notice that the total of all the weights in this wide IP is 100. Each time the Global Traffic Manager selects this wide IP, it load balances across all three pools. Over time, the load balancing statistics for this wide IP will appear as follows:

• Pool 1: selected 50 percent of the time



This pattern exists because the weight value, 50, is 50 percent of the total weight for all pools, while the weight value, 25, is 25 percent of the total.

For information on the Ratio mode and other load balancing methods, see Chapter 7, Load Balancing with the Global Traffic Manager.

To weight pools within a wide IP


2. Click the name of the wide IP in which you want to weight pools.The properties page of that wide IP opens.

3. On the menu bar, click Pools.The Pools screen opens. This screen contains a list of the pools currently assigned to the wide IP.

4. Click the Manage button.The Manage Pools screen opens.

5. Use the Pool List to select the pool to which you want to assign a ratio value.If the pool already belongs to the wide IP, you must first remove the pool from the wide IP and then add it back in again.

6. In the Ratio box, type a numerical value that represents the weight of the pool as compared to other pools within the same pool. The higher the value in this box, the greater the frequency at which the Global Traffic Manager selects the pool.

7. Click the Add button to add the pool, with ratio value, to the pool.


Repeat this process for each pool.


Chapter 6

Disabling and enabling wide IPsBy default, any wide IP that you create in the Global Traffic Manager is enabled. This state means that the wide IP is accessible to the Global Traffic Manager as it balances connection requests. If you need to temporarily disable a wide IP, such as for a maintenance period, you can do so at any time and re-enable it later.

To disable a wide IP


2. Check the Select box for the wide IP that you want to disable.

3. Click the Disable button.After a few seconds, the wide IP becomes disabled. You can verify that the wide IP is disabled by looking at its status icon, located in the Status column in the table of wide IPs. The status of a disabled wide IP is a black square.

To enable a pool

1. On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.The wide IP screen opens.

2. Check the Select check box for the wide IP that you want to enable.

3. Click the Enable button.After a few seconds, the wide IP becomes enabled. The status icon of the pool, located in the Status column in the table of wide IP, will change to reflect the current availability of the wide IP. For example, a wide IP that is enabled and verified as available by the Global Traffic Manager will have a status icon of a green circle.

Incorporating iRulesWide IPs also support iRules™ for further managing and directing network traffic. An iRule is a set of one or more Tcl-based expressions that direct network traffic beyond load balancing operations.

A wide IP does not require iRules to operate effectively. However, iRules are a powerful mechanism for customizing how the Global Traffic Manager handles network connection requests.

You can interact with iRules in a variety of ways. You can:

• Add an iRule to a wide IP

• Remove an iRule from a wide IP

• Organize multiple iRules assigned to a wide IP

6 - 14


For information on creating iRules, please see Chapter 13, Managing iRules.

Adding iRules to wide IPs

You can add an iRule to a wide IP at any time. When you add an iRule to a wide IP, the Global Traffic Manager starts to use the iRule to determine how to load balance name resolution requests.

To add an iRule to a wide IP


2. Click the name of the wide IP in which you want to add an iRule.The properties page of that wide IP opens.

3. On the menu bar, click iRules.The iRules screen opens. This screen contains a list of the iRules currently assigned to the wide IP.

4. Click the Manage button.The manage iRules screen opens.

5. Use the iRules List option to use the options provided to add an iRule to the wide IP.

6. Click the Finished button to save your iRule to the wide IP.

Repeat this process for each iRule that you want to add to the wide IP.

Removing iRules from wide IPs

When you remove an iRule from a wide IP, the Global Traffic Manager no longer uses the iRule when determining how to load balance a name resolution request. Removing an iRule does not delete it from the Global Traffic Manager; you can still access the iRule by clicking iRules in the Global Traffic section of the Main tab.

To remove an iRule from a wide IP


2. Click the name of the wide IP in which you want to remove an iRule.The properties page of that wide IP opens.

3. On the menu bar at the top of the screen, click iRules.The iRules screen opens. This screen contains a list of the iRules currently assigned to the wide IP.



Chapter 6

5. Use the iRules List option to select the iRule that you want to remove and click Remove.


Repeat this process for each iRule that you want to remove from the wide IP.

Organizing iRules within wide IPs

Often, you might find that a wide IP can benefit from more than one iRule. For example, a wide IP might have an iRule that focuses on the geographical source of the name resolution request, and another that focuses on redirecting specific requests to a different wide IP. If you assign more than one iRule to a wide IP, the Global Traffic Manager applies iRules in the order in which they are listed in the iRules List for the wide IP.

You can change the order in which the Global Traffic Manager applies iRules to network connection requests at any time.

To organize iRules within a wide IP


2. Click the name of the wide IP in which you want to organize iRules.The properties page of that wide IP opens.

3. On the menu bar at the top of the screen, click iRules.The iRules screen opens. This screen contains a list of the iRules currently assigned to the wide IP.


5. Use the iRules List to select the iRule and click either the Up or Down buttons to arrange it.


Repeat this process until the iRules are listed in the necessary order.

Implementing the noerror response for IPv6 resolutionIn networks that use IPv6 addresses, you can configure the Global Traffic Manager to send a NoError response when it receives a DNS request for a record for which there is no corresponding AAAA record.

In IPv6 environments, a system receiving a DNS request for a zone is required to send a specific response, called a NoError response, any time it receives an IPv6 request for a zone that does not contain a corresponding

6 - 16


AAAA record. After receiving this response, the client making the request can re-send the request for the equivalent IPv4 A record instead. Using the NoError response allows the client to send this request sooner and receive the name resolution faster.

By default, the Global Traffic Manager does not send a NoError response when it does not have a AAAA record for a given zone. However, you can enable this response on a per-wide IP basis.

To implement the IPv6 noerror response


2. Click the name of the wide IP to which you want to implement the noerror response.The properties screen of that wide IP opens.

3. From the Configuration list, select Advanced.

4. From the IPv6 NoError Response list, select Enabled.

5. Click Update to save your changes.


Chapter 6

Setting up distributed applicationsA distributed application is a collection of wide IPs that serve as a single application to a site visitor. Within the Global Traffic Manager, you have several advantages when creating a distributed application:

◆ You can organize logical network components into groups that represent the business environment for which these components were designed.

◆ You can configure a distributed application so that it is dependent on a physical component of your network, such as a data center, server, or link. If this physical component becomes unavailable, the Global Traffic Manager flags the distributed application as unavailable as well. These dependencies ensure that a user cannot access a distributed application that does not have all of its resources available.

◆ You can define persistence for a distributed application, ensuring that a user accessing the distributed application uses the same network resources until they end their session.

You can work with distributed applications in a variety of ways. You can:

• Define distributed applications

• Add wide IPs to distributed applications

• Remove wide IPs from distributed applications

• Set dependencies

• Enable and disable distributed application traffic

• Enable persistent connections

Defining distributed applicationsThe first step in working with distributed applications is defining them. The basic definition of a distributed application is a name and at least one wide IP. You can expand on this definition by determining that the availability of application depends on virtual servers, servers, or data centers and determining if requests coming from the same source during a specific period of time should go to the same pool, or to a different one.

To define a distributed application

1. On the Main tab of the navigation pane, expand Global Traffic and then click Distributed Applications.The distributed applications screen opens.

2. Click the Create button.The New Distributed Application screen opens.

3. In the Name box, type a name for the distributed application.

6 - 18


4. Use the Member List settings to add the wide IPs that belong to this distributed application.Note that a wide IP can belong to only one distributed application. For more information on wide IPs, see Setting up wide IPs, on page 6-9.

5. Configure the remaining distributed application settings. For additional assistance with these settings, please see the online help.

6. Click the Finish button to create the distributed application.

Repeat this process for each distributed application that you want to create.

Adding wide IPs to distributed applicationsA distributed application typically consists of multiple wide IPs that, collectively, provide a common set of functions for end-users. Through the Global Traffic Manager, you can add wide IPs to a distributed application at any time.

Note

A wide IP can belong to only one distributed application.

To add a wide IP to a distributed application


2. Click the name of the distributed application to which you want to add a wide IP.

3. On the menu bar, click Members.The members screen opens. This screen contains a list of the wide IPs currently assigned to the distributed application.

4. Click the Manage button.The manage wide IPs screen opens.

5. Use the Member List settings to add a wide IP to the distributed application.

6. Click the Finished button to save the distributed application.

Removing wide IPs from distributed applicationsYou can remove a wide IP from a distributed application at any time. For example, the role of the distributed application might change, resulting in one of its original wide IPs being unnecessary. Alternatively, a wide IP might be removed because it has been replaced with a newer one. Removing


Chapter 6

a wide IP does not delete it from the Global Traffic Manager; it remains available to the Global Traffic Manager when load balancing connection requests.

To remove a wide IP from a distributed application


2. Click the name of the distributed application from which you want to remove a wide IP.

3. On the menu bar at the top of the screen, click Members.The members screen opens. This screen contains a list of the wide IPs currently assigned to the distributed application.

4. Click the Manage button.The Manage Wide IPs screen opens.

5. Use the Members List settings to select the wide IP that you want to remove and click Remove.

6. Click the Finished button to save the distributed application.

Repeat this process for each wide IP that you want to add to the distributed application.

Setting dependencies for distributed applicationsWhen you create a distributed application in the Global Traffic Manager, the system acquires information about the data centers, servers, and links that make up the application. You have the option of setting the distributed application to be dependent on any one type of these physical components. With dependency, when a resource such as a virtual server becomes unavailable, the Global Traffic Manager considers all other resources that share the same physical component of that resource to be unavailable as well.

The following examples illustrate how dependencies can affect the availability of a given distributed application. These examples involve the fictional company SiteRequest.com. This company has a distributed application that consists of two wide IPs: www.siterequest.com and downloads.siterequest.com. They also have data centers in New York, Paris, and Tokyo, each of which provides resources that the distributed application can access. In each example, a lightning storm caused the New York data center to lose power. Although the emergency power starts immediately, one of the virtual servers and one of the Internet links used by the application has gone offline.

◆ Example 1: Data Center DependencyIf the application uses data center dependency, the Global Traffic Manager considers the entire data center to be unavailable to the

6 - 20


application, even if other virtual servers for the application remain available at the data center. Other connection requests, independent of the application, can still be sent to the data center.

◆ Example 2: Server DependencyIf the application uses server dependency, the Global Traffic Manager treats the server hosting the virtual server to be unavailable to the application, even if other virtual servers on that server are online. Other connection requests, independent of the application, can still be sent to the server.

◆ Example 3: Link DependencyIf the application uses link dependency, the Global Traffic Manager treats all resources for the application that use that link to be unavailable to the application. Other connection requests, independent of the application, can still be sent to these resources through other links.

Note

Dependencies are not required for a given distributed application. If you do not define a dependency, then the Global Traffic Manager considers the application available as long as there is at least one resource to which it can load balance a name resolution request.

To set a dependency for a distributed application


2. Click the name of the distributed application for which you want to set a dependency.

3. On the menu bar, click Members.The members screen opens. This screen contains a list of the wide IPs currently assigned to the distributed application.

4. In the General Properties area, select a dependency level from the Dependency Level list. This is the physical component on which you want the distributed application to depend.If one of these components becomes unavailable, the Global Traffic Manager considers the distributed application to be unavailable as well.

5. Click the Update button to save the changes to the application.


Chapter 6

Enabling and disabling distributed application trafficDistributed applications often consist of many data centers, servers, and links. Consequently, you might find that you need to remove a given physical component without interrupting access to the application. For example, you might want to take a server down to update it, yet do not want its absence to affect the application. To accommodate this and similar situations, the Global Traffic Manager provides options so you can enable and disable distributed application traffic for a specific physical component on the network.

Note

Distributed application traffic is enabled by default for any physical components added to the application.

To disable distributed application traffic


2. Click the name of distributed application for which you want to disable traffic.The properties screen for that application opens.

3. On the menu bar at the top of the Distributed Applications list screen, click Data Centers, Links, or Servers.A screen listing the available physical components opens.

4. Check the appropriate Select box for each physical component for which you want to disable application traffic.

5. Click Disable Distributed Application Traffic.

To enable distributed application traffic


2. Click the name of distributed application for which you want to enable traffic.The properties screen for that application opens.

3. On the menu bar at the top of the Distributed Applications list screen, click either Data Centers, Links, or Servers.A screen listing the available physical components opens.

4. Check the appropriate Select box for each physical component for which you want to enable application traffic.

5. Click Enable Distributed Application Traffic.

6 - 22


Enabling persistent connectionsMany distributed applications require that users access a single set of resources until they complete their transaction. For example, customers purchasing a product online might need to remain with the same data center until they finish their order. In the context of the Global Traffic Manager, this requirement is called persistence. Persistence is the state in which a user of the system remains with the same set of resources until the customer closes the connection.

To enable persistence for a distributed application


2. Click the name of distributed application for which you want to enable persistent connections.The properties screen for that application opens.

3. On the menu bar at the top of the Distributed Applications list screen, click Members.The Members screen appears.

4. In the General Properties section, click the Persistence box.

5. Click the Update button to save your changes to the application.


Chapter 6

6 - 24

7

Load Balancing with the Global Traffic Manager

• Understanding load balancing on the Global Traffic Manager

• Using static load balancing modes

• Using dynamic load balancing modes

• Configuring load balancing

• Using the fallback load balancing method

• Employing additional load balancing options


Understanding load balancing on the Global Traffic Manager

When the Global Traffic Manager receives a name resolution request, the system employs a load balancing mode to determine the best available virtual server. Once the Global Traffic Manager identifies the virtual server, it constructs a DNS answer and sends that answer back to the requesting client’s local DNS server. The DNS answer, or resource record, can be either an A record that contains the IP address of the virtual server, or a CNAME record that contains the canonical name for a DNS zone.

Within the Global Traffic Manager, you have two categories of load balancing modes from which to select: static and dynamic. A static load balancing mode selects a virtual server based on a pre-defined pattern. A dynamic load balancing mode selects a virtual server based on current performance metrics.

The Global Traffic Manager provides a tiered load balancing system. A tiered load balancing system is a load balancing system that occurs at more than one point during the resolution process. The tiers within the Global Traffic Manager are as follows:

◆ Wide IP-level load balancingWide IPs that contain two or more pools use a load balancing mode first to select a pool. Once the Global Traffic Manager selects a pool, the system then uses pool-level load balancing mode to choose a virtual server within the selected pool. If the Global Traffic Manager does not choose a virtual server in the first pool, it applies the load balancing mode to the next pool, either until it selects the best virtual server to respond to the request, or all the pools are tried.

◆ Pool-level load balancingA pool contains one or more virtual servers. After the Global Traffic Manager uses wide IP-level load balancing to select the best available pool, it uses a pool-level load balancing to select a virtual server within that pool. If the first virtual server within the pool is unavailable, the Global Traffic Manager selects the next best virtual server based on the load balancing mode assigned to that pool.

For each pool that you manage, the Global Traffic Manager supports three types of load balancing methods: preferred, alternate, and fallback. The preferred load balancing method is the load balancing mode that the system will attempt to use first. If the preferred method fails to provide a valid resource, the system uses the alternate load balancing method. Should the alternate load balancing method also fail to provide a valid resource, the system uses the fallback method.

One of the key differences between the alternate methods and the other two load balancing methods is that only static load balancing modes are available from the alternate load balancing list. This limitation exists because dynamic load balancing modes, by definition, rely on metrics


Chapter 7

collected from different resources. If the preferred load balancing mode does not return a valid resource, it is highly likely that the Global Traffic Manager was unable to acquire the proper metrics to perform the load balancing operation. By limiting the alternate load balancing options to static methods only, the Global Traffic Manager can better ensure that, should the preferred method prove unsuccessful, the alternate method will return a valid result.

Note

You can select static and dynamic load balancing modes for the fallback load balancing method.

Table 7.1 shows a complete list of the supported load balancing modes, and indicates where you can use each mode in the Global Traffic Manager configuration. The following sections in this chapter describe how each load balancing mode works.

Load Balancing modeUse for wide IP load balancing

Use for preferred method

Use for alternate method

Use for fallback method

Completion Rate X X

Global Availability X X X X

Hops X X

Kilobytes/Second X X

Least Connections X X

None X X

Packet Rate X X X

Quality of Service X X

Ratio X X X X

Return to DNS X X X

Round Robin X X X X

Round Trip Time X X

Static Persist X X X

Topology X X X X

CPU X X

Fallback IP X X X

Table 7.1 Load balancing mode usage

7 - 2


Using static load balancing modesStatic load balancing modes distribute connections across the network according to predefined patterns, and take server availability into account. The Global Traffic Manager supports the following static load balancing modes:

• Drop Packet

• Fallback IP

• Global Availability

• None

• Ratio

• Return to DNS

• Round Robin

• Static Persist

• Topology

The None and Return to DNS load balancing modes are special modes that you can use to skip load balancing under certain conditions. The other static load balancing modes perform true load balancing as described in the following sections.

Drop Packet modeWhen you specify the Drop Packet load balancing mode, the Global Traffic Manager does nothing with the packet, and simply drops the request.

Note

A typical Local DNS server iteratively queries other authoritative name servers when it times out on a query.

Drop Packet X X X

Virtual Server Score X X X

VS Capacity X X X

Load Balancing modeUse for wide IP load balancing

Use for preferred method

Use for alternate method

Use for fallback method

Table 7.1 Load balancing mode usage


Chapter 7

We recommend that you use the Drop Packet load balancing mode only for the fallback method. The Global Traffic Manager uses the fallback method when the preferred and alternate load balancing modes do not provide at least one virtual server to return as an answer to a query.

Fallback IPWhen you specify the Fallback IP mode, the Global Traffic Manager returns the IP address that you specify as the fallback IP as an answer to the query. Note that the IP address that you specify is not monitored for availability before being returned as an answer. When you use the Fallback IP mode, you can specify a disaster recovery site to return when no load balancing mode returns an available virtual server. We recommend that you use the Fallback IP load balancing mode only for the fallback method. The Global Traffic Manager uses the fallback method when the preferred and alternate load balancing modes do not provide at least one virtual server to return as an answer to a query.

Global Availability modeThe Global Availability load balancing mode uses the virtual servers included in the pool in the order in which they are listed. For each connection request, this mode starts at the top of the list and sends the connection to the first available virtual server in the list. Only when the current virtual server is full or otherwise unavailable does Global Availability mode move to the next virtual server in the list. Over time, the first virtual server in the list receives the most connections and the last virtual server in the list receives the least number of connections.

None modeThe None load balancing mode is a special mode you can use if you want to skip the current load balancing method, or skip to the next pool in a multiple pool configuration. For example, if you set an alternate method to None in a pool, the Global Traffic Manager skips the alternate method and immediately tries the load balancing mode specified as the fallback method. If the fallback method is set to None, and you have multiple pools configured, the Global Traffic Manager uses the next available pool.

You could also use the mode to limit each pool to a single load balancing mode. For example, you would set the preferred method in each pool to the desired load balancing mode, and then you would set both the alternate and fallback methods to None in each pool. If the preferred method fails, the None mode in both the alternate and fallback methods forces the Global Traffic Manager to go to the next pool for a load balancing answer.

7 - 4


Ratio modeThe Ratio load balancing mode distributes connections among a pool of virtual servers as a weighted round robin. Weighted round robin refers to a load balancing pattern in which the Global Traffic Manager rotates connection requests among several resources based on a priority level, or weight, assigned to each resource. For example, you can configure the Ratio mode to send twice as many connections to a fast, new server, and only half as many connections to an older, slower server.

The Ratio load balancing mode requires that you define a ratio weight for each virtual server in a pool, or for each pool if you are load balancing requests among multiple pools. The default ratio weight for a server or a pool is set to 1.

Return to DNS modeThe Return to DNS mode is another special load balancing mode that you can use to immediately return connection requests to the Local DNS for resolution. This mode is particularly useful if you want to temporarily remove a pool from service, or if you want to limit a pool in a single pool configuration to only one or two load balancing attempts.

Round Robin modeThe Round Robin load balancing mode distributes connections in a circular and sequential pattern among the virtual servers in a pool. Over time, each virtual server receives an equal number of connections.

Static Persist modeThe Static Persist load balancing mode uses the persist mask with the source IP address of the LDNS in a deterministic algorithm to map to a specific pool member (virtual server) in a pool. Like the Global Availability mode, the Static Persist mode resolves to the first available pool member; however, the list of pool members is ordered in a significantly different manner. With the Global Availability mode a system administrator manually configures the order of the members in the list. With the Static Persist mode, the Global Traffic Manager system uses a Hash algorithm to determine the order of the members in the list.


Chapter 7

This Hash algorithm orders the pool members in the list differently for each LDNS that is passing traffic to the system taking into account the specified CIDR of the LDNS. Thus, while each LDNS (and thus each client) generally resolves to the same virtual server, the Global Traffic Manager system distributes traffic across all of the virtual servers.

Note

When the selected virtual server becomes unavailable, the system resolves requests to another virtual server. When the original virtual server becomes available again, the system resolves requests to that virtual server.

To configure Static Persist CIDR options

1. On the main tab of the navigation pane, expand System and then click General Properties.The General properties screen opens.

2. From the Global Traffic menu, choose General.The General properties scren opens.

3. For the Static Persist CIDR (IPv4) setting, type the number of bits that determine the IP address range for IPv4 addresses. The default value is 32.

4. For the Static Persist CIDR (IPv6) setting, type the number of bits that determine the IP address range for IPv6 addresses. The default value is 128.


Topology modeThe Topology load balancing mode allows you to direct or restrict traffic flow by adding topology records to a topology statement in the configuration file. When you use the Topology load balancing mode, you can develop proximity-based load balancing. For example, a client request in a particular geographic region can be directed to a data center or server within that same region. The Global Traffic Manager determines the proximity of servers by comparing location information derived from the DNS message to the topology records.

This load balancing mode requires you to do some advanced configuration planning, such as gathering the information you need to define the topology records. The Global Traffic Manager contains an IP classifier that accurately maps local DNS servers, so when you create topology records, you can refer to continents and countries, instead of IP subnets.

See Chapter 9, Working with Topologies, for detailed information about working with this and other topology features.

7 - 6


Using dynamic load balancing modesDynamic load balancing modes distribute connections to servers that show the best current performance. The performance metrics taken into account depend on the particular dynamic mode you are using.

All dynamic load balancing modes make load balancing decisions based on the metrics collected by the big3d agents running in each data center. The big3d agents collect the information at set intervals that you define when you set the global timer variables. If you want to use the dynamic load balancing modes, you must run one or more big3d agents in each of your data centers, to collect the required metrics.

Types of dynamic load balancing modesThe Global Traffic Manager supports the following dynamic load balancing modes:

• CPU

• Completion Rate

• Hops

• Kilobytes/Second

• Least Connections

• Packet Rate

• Round Trip Times (RTT)

• Quality of Service (QOS)

• Virtual Server Score

• VS Capacity

CPU mode

The CPU load balancing mode selects the virtual server that currently has the most CPU processing time available to handle name resolution requests.

Completion Rate mode

The Completion Rate load balancing mode selects the virtual server that currently maintains the least number of dropped or timed-out packets during a transaction between a data center and the client LDNS.

Hops mode

The Hops load balancing mode is based on the traceroute utility, and tracks the number of intermediate system transitions (router hops) between a client LDNS and each data center. Hops mode selects a virtual server in the data center that has the fewest router hops from the Local DNS.


Chapter 7

Kilobyte/Second mode

The Kilobytes/Second load balancing mode selects a virtual server that is currently processing the fewest number of kilobytes per second.

Note

You can use the Kilobytes/Second mode only with servers for which the Global Traffic Manager can collect the kilobytes per second metric.

See Chapter 12, Collecting Metrics, for details on the metrics the Global Traffic Manager collects.

Least Connections mode

The Least Connections load balancing mode is used for load balancing to virtual servers managed by a load balancing server, such as a Local Traffic Manager. The Least Connections mode simply selects a virtual server on the Local Traffic Manager that currently hosts the fewest connections.

Packet Rate mode

The Packet Rate load balancing mode selects a virtual server that is currently processing the fewest number of packets per second.

Round Trip Times modeThe Round Trip Times (RTT) load balancing mode selects the virtual server with the fastest measured round trip time between a data center and a client LDNS.

Quality of Service mode

The Quality of Service load balancing mode uses current performance information to calculate an overall score for each virtual server, and then distributes connections based on each virtual server’s score. The performance factors that the Global Traffic Manager takes into account include:

• Round Trip Time

• Hops

• Virtual Server Score

• Packet Rate

• Topology

• Link Capacity

• VS Capacity

• Kilobytes/Second

7 - 8


The Quality of Service load balancing mode is a customizable load balancing mode. For simple configurations, you can easily use this load balancing mode with its default settings. For more advanced configurations, you can specify different weights for each performance factor in the equation.

You can also configure the Quality of Service load balancing mode to use the dynamic ratio feature. With the dynamic ratio feature turned on, the Quality of Service mode becomes similar to the Ratio mode, where the connections are distributed in proportion to ratio weights assigned to each virtual server. The ratio weights are based on the QOS scores: the better the score, the higher percentage of connections the virtual server receives.

For details about customizing the Quality of Service mode, see the Implementing the Quality of Service load balancing mode, following.

Virtual Server Score

The Virtual Server Score load balancing mode instructs the Global Traffic Manager to assign connection requests to virtual servers based on a user-defined ranking system. This load balancing mode is only available for managing connections between virtual servers controlled through BIG-IP® Local Traffic Managers.

Unlike other settings that affect load balancing operations, you cannot assign a virtual server score to a virtual server through the Global Traffic Manager. Instead, you assign this setting through the Local Traffic Manager responsible for the virtual server. See the Configuration Guide for BIG-IP®

Local Traffic Management for more information.

VS Capacity mode

The VS Capacity load balancing mode creates a list of the virtual servers, weighted by capacity, then picks one of the virtual servers from the list. The virtual servers with the greatest capacity are picked most often, but over time all virtual servers are returned. If more than one virtual server has the same capacity, then the Global Traffic Manager load balances randomly selects from among those virtual servers when load balancing connections.

Implementing the Quality of Service load balancing modeThe Quality of Service mode is a dynamic load balancing mode that includes a configurable combination of the Round Trip Time (RTT), Completion Rate, Packet Rate, Topology, Hops, Link Capacity, VS Capacity, and Kilobytes/Second (KBPS) modes. The Quality of Service mode is based on an equation that takes each of these performance factors into account. When the Global Traffic Manager selects a virtual server, it chooses the server with the best overall score.


Chapter 7

The Quality of Service mode has default settings that make it easy to use: simply specify Quality of Service as your preferred load balancing mode. There is no need to configure Quality of Service, but if you want to change the settings, you can customize the equation to put more or less weight on each individual factor. The following topics explain how to use and adjust the various settings.

Note

In the event that one or more resources has an identical score based on the Quality of Service critieria, the Global Traffic Manager load balances connections between those resources using the Round Robin methodology. If the system cannot determine a Quality of Service score, it load balances connections across all pool members using the Round Robin methodology as well.

Understanding QOS coefficients

Table 7.2 lists each Quality of Service (QOS) coefficient, its scale, a likely upper limit for each, and whether a higher or lower value is more efficient.

Coefficient How measured Default valueExampleupper limit

Higher or lower?

Packet rate Packets per second 1 700 Lower

Round trip time Microseconds 50 2,000,000 Lower

Completion rate Percentage of successfully transferred packets (0-100%)

5 100% Higher

Topology Score that defines network proximity by comparing server and

LDNS IP addresses (0-232)

0 100 Higher

Hops Number of intermediate systems transitions (hops)

0 64 Lower

Link Capacity Bandwidth usage 30 2,000,000 Higher

VS Capacity Number of nodes up 0 20 Higher

Virtual Server Score User-defined ranking of virtual servers

0 100 Higher

Kilobytes/second Kilobytes per second throughput 3 15000 Lower

Table 7.2 QOS coefficients: Default values, ranges, and limits

7 - 10


If you change the default QOS coefficients, keep the following issues in mind.

◆ ScaleThe raw metrics for each coefficient are not on the same scale. For example, completion rate is measured in percentages, while the packet rate is measured in packets per second.

◆ NormalizationThe Global Traffic Manager normalizes the raw metrics to values in the range of 0 to10. As the QOS value is calculated, a high measurement for completion rate is good, because a high percentage of completed connections are being made, but a high value for packet rate is not desirable because the packet rate load balancing mode attempts to find a virtual server that is not overly taxed at the moment.

• EmphasisYou can adjust coefficients to emphasize one normalized metric over another. For example, consider the following QOS configuration:

• Round Trip Time: 50

• Hops: 0

• Topology: 0

• Completion Rate: 5

• Packet Rate: 10

• VS Capacity: 0

• Bits/second: 35

• Link Capacity: 30

• Virtual Server Score: 10

In this configuration, if the completion rates for two virtual servers are close, the virtual server with the best packet rate is chosen. If both the completion rates and the packet rates are close, the round trip time (RTT) breaks the tie. In this example, the metrics for Topology, Hops, Link Capacity, VS Capacity, and Kilobytes/Second modes are not used in determining how to distribute connections.

Note

You cannot set a value for both the Round Trip Time and Hops settings simultaneously. In situations where the Global Traffic Manager has a value for both settings, the Round Trip Time value is incorporated, while the value for the Hops setting is reset to 0.

Customizing the QOS equation

If you want to establish your own custom settings for the Quality of Service load balancing method, you can do so at any time. You can only customize the Quality of Service equation at the pool level.


Chapter 7

To customize the QOS equation

1. On the Main tab of the navigation pane, expand Global Traffic and then click Pools.The main screen for pools opens.

2. Click the name of the pool for which you want to modify the QOS equation.The properties screen for that pool opens.

3. On the menu bar, click Members.The members screen opens.

4. From either the Preferred or Fallback list, select Quality of Service.

5. Define the global QOS coefficients in the appropriate fields.


Using the Dynamic Ratio optionThe dynamic load balancing modes also support the Dynamic Ratio option. When you activate this option, the Global Traffic Manager treats dynamic load balancing values as ratios, and it uses each server in proportion to the ratio determined by this option. When the Dynamic Ratio option is off, the Global Traffic Manager uses only the server with the best result based on the dynamic load balancing mode you implemented (in which case it is a winner-takes-all situation), until the metrics information is refreshed.

Note

By default, the Dynamic Ratio setting is disabled (cleared).

To illustrate how the Dynamic Ratio setting works, consider a pool, primaryOne, that contains several pool members. This pool is configured so that the Global Traffic Manager load balances name resolution requests based on the Round Trip Time load balancing mode. The primaryOne pool contains two pool members: memberOne and memberTwo. For this example, the Global Traffic Manager determines that the round trip time for memberOne is 50 microseconds, while the round trip time for memberTwo is 100 microseconds.

If the primaryOne pool has the Dynamic Ratio setting disabled (the default setting), the Global Traffic Manager will always load balance to the pool with the best value. In this case, this results in requests going to memberOne, because it has the lowest round trip time value.

If the primaryOne pool has the Dynamic Ratio setting enabled, however, the Global Traffic Manager will treat the round trip time values as ratios and divide requests among pool members based on these ratios. In this case, this results in memberOne getting twice as many connections as memberTwo, because the round trip time for memberOne is twice as fast as the round trip

7 - 12


time for memberTwo. Note that, with the Dynamic Ratio option enabled, both pool members are employed to handle connections, while if the option is disabled, only one pool member receives connections.

To turn on the Dynamic Ratio option


2. Click the name of the pool for which you want to enable the Dynamic Ratio option.The properties screen for the pool opens.


4. Check the Dynamic Ratio check box



Chapter 7

Configuring load balancingYou configure load balancing at the wide IP and pool levels:

◆ Wide IPWhen you define a wide IP, and you have multiple pools in your wide IP, you first specify which load balancing mode to use in selecting a pool in the wide IP. To configure load balancing for a wide IP, see Configuring load balancing methods for wide IPs, following.

◆ PoolAfter the Global Traffic Manager selects a pool of virtual servers, it then employs the settings you specified as the preferred, alternate, and fallback load balancing methods to select a virtual server within the selected pool. To configure load balancing for a pool, see Configuring load balancing methods for pools, on page 7-15.

There may be situations (for example, e-commerce, and other sites with multiple services) where you need to configure a wide IP so that connections are not sent to a given address unless multiple ports or services are available. You configure this behavior after you define the wide IP. For details, see Employing additional load balancing options, on page 7-18.

Configuring load balancing methods for wide IPsThe Global Traffic Manager supports a wide variety of load balancing methods for distributing network connection requests across the pools in a wide IP. For information on these load balancing methods, see Understanding load balancing on the Global Traffic Manager, on page 7-1.

To configure load balancing methods for a wide IP

1. On the Main tab of the navigation pane, expand Global Traffic and then select Wide IPs.The main screen for wide IPs opens.

2. Click the name of the wide IP for which you want to configure a load balancing method.The properties screen for the wide IP opens.

3. On the menu bar, click Pools.The pools screen opens. This screen contains a list of the pools currently assigned to the wide IP.

4. Select the appropriate load balancing options.For additional information on these load balancing options, please see the online help, or Understanding load balancing on the Global Traffic Manager, on page 7-1.


Repeat this process for each wide IP as needed.

7 - 14


Configuring load balancing methods for poolsThe Global Traffic Manager supports a wide variety of load balancing methods for distributing network connection requests across the virtual servers in a pool. For information on these load balancing modes, see Understanding load balancing on the Global Traffic Manager, on page 7-1.

For each pool that you manage, the Global Traffic Manager supports three types of load balancing methods: preferred, alternate, and fallback. The preferred load balancing method is the load balancing method that the system attempts to use first. If the preferred method fails to provide a valid resource, the system uses the alternate load balancing method. Should the alternate load balancing method also fail to provide a valid resource, the system uses the fallback method.

To configure load balancing methods for a pool

1. On the Main tab of the navigation pane, expand Global Traffic, and then click Pools.The main screen for pools opens.

2. Click the name of the pool for which you want to configure load balancing methods.The properties screen for that pool opens.

3. On the menu bar, click Members.The members screen opens. This screen contains a list of the virtual servers currently assigned to the pool.

4. Select the appropriate load balancing options.For additional information on these load balancing options, please see the online help, or Understanding load balancing on the Global Traffic Manager, on page 7-1.

5. Click the Update button to save your changes to the pool.

Repeat this process for each pool as needed.


Chapter 7

Using the fallback load balancing methodThe Global Traffic Manager supports three types of load balancing methods at the pool level: preferred, alternate, and fallback. The preferred load balancing method is the load balancing method that the system attempts to use first. If the preferred method fails to provide a valid resource, the system uses the alternate load balancing method. Should the alternate load balancing method also fail to provide a valid resource, the system uses the fallback method.

The fallback load balancing method is unique among the three load balancing method that you can apply to a pool. Unlike the Preferred and Alternate method, the Fallback method ignores the availability status of a resource. This occurs to ensure that the Global Traffic Manager returns a response to the DNS request. For more information on the determining resource health and availability, see Chapter 8, Managing Connections.

Note

If you do not want the Global Traffic Manager to return an address that is potentially unavailable, we recommend that you set the fallback load balancing method to None.

The Global Traffic Manager contains several options that help you control how the system will respond when using a fallback load balancing setting. These options allow you to:

• Configure the fallback load balancing method

• Configure the fallback IP load balancing mode

Configuring the fallback load balancing methodWhen you assign a load balancing mode to the fallback load balancing method for a pool, the Global Traffic Manager uses the mode differently than for the preferred and alternate methods. With the fallback load balancing method, the Global Traffic Manager load balances the name resolution request after verifying that the virtual server address returned is up or down. However, unlike with other load balancing methods, you can opt to use the fallback load balancing method to resolve a name resolution request without verifying the status of the virtual server.

To use the fallback load balancing method without verifying virtual server availability


2. From the Global Traffic menu, choose Load Balancing.The load balancing properties screen opens.

7 - 16


3. Verify that the Respect Fallback Dependency check box is clear.By default, this option is disabled. When you enable it, the system verifies that the virtual server is available for using it for fallback load balancing.


In addition, you can also configure the way the Global Traffic Manager treats the address exclusion list when using the fallback load balancing method. The address exclusion list consists of Local Domain Name System (LDNS) servers that the Global Traffic Manager does not probe for metrics data. Load balancing modes that use this data include the Round Trip Time, Completion Rate, and other dynamic modes. With the fallback load balancing mode, you can determine if the system respects this list or ignores it.

Note

For additional information on the address exclusion list, see Chapter 12, Collecting Metrics.

To configure how the Global Traffic Manager uses the address exclusion list for fallback load balancing



3. Check the Respect Fallback ACL check box.



Chapter 7

Employing additional load balancing optionsThe Global Traffic Manager supports additional options that affect how the system load balances name resolution requests. These options are:

• Ignore traffic TTL

• Verify virtual server availability

The Ignore Traffic TTL option instructs the Global Traffic Manager to use path information gathered during metrics collection even if the time-to-live value for that information has expired. This option is often used when you want the Global Traffic Manager to continue using a dynamic load balancing mode even if some metrics data is temporarily unavailable, and you would prefer the Global Traffic Manager to use old metric data than employ an alternate load balancing method. This option is disabled by default.

The Verify Virtual Server Availability option instructs the Global Traffic Manager to verify that a virtual server is available before returning it as a response to a name solution request. If this option is disabled, the system responds to a name resolution request with the virtual server’s IP address regardless as to whether the server is up or down. This option is rarely deactivated outside of a test or staging environment, and is enabled by default.

To access the Ignore Traffic TTL and Verify Virtual Server Availability options



3. Enable or disable the Ignore Traffic TTL and Verify Virtual Server Availability options as needed.


7 - 18

8

Managing Connections

• Introducing connection management

• Determining resource health

• Determining resource availability

• Resuming connections to resources

• Establishing persistent connections

• Setting the last resort pool


Introducing connection managementWhen you integrate a Global Traffic Manager into your network, one of its primary responsibilities is to load balance incoming connection requests to the virtual server resource that best fits the configuration parameters you defined. However, load balancing is only one part of managing connections to your network resources. Additional issues that you must consider include:

◆ Resource healthResource health refers to the ability of a given resource to handle incoming connection requests. For example, the Configuration utility uses a green circle to identify a resource, such as a wide IP, that has available pools and virtual servers, while a pool that is down appears as a red diamond. These visual clues can help you identify connection issues quickly and efficiently.

◆ Resource availabilityResource availability refers to the settings within the Configuration utility that you use to control when a resource is available for connection request. For example, you can establish limit settings, which instruct the Global Traffic Manager to consider a resource as unavailable when a statistical threshold (such as CPU usage) is reached.

◆ Restoring availabilityWhen a resource goes offline, the Global Traffic Manager immediately sends incoming connection requests to the next applicable resource. When you bring that resource online again, you can control how to restore its availability to the Global Traffic Manager, ensuring that connections are sent to the resource only when it is fully ready to receive them.

◆ Persisting connectionsCertain interactions with your network require that a given user access the same virtual server resource until their connection is completed. An example of this situation is an online store, in which you want the user to access the same virtual server for their shopping cart until they place their order. With the Global Traffic Manager, you can configure your load balancing operations to take persistent connections into account.

◆ Selecting a last resort poolThe Global Traffic Manager includes the ability to create a last resort pool. A last resort pool is a collection of virtual servers that are not used during normal load balancing operations. Instead, these virtual servers are held in reserve unless all other pools for a given wide IP become unavailable.

In addition, it is important to understand what happens when the Global Traffic Manager cannot find an available resource with which to respond to a connection request. You can find more information on this topic in Determining resource health, following.


Chapter 8

Determining resource healthIn the Global Traffic Manager, resource health refers to the ability of a given resource to handle incoming connection requests. The Global Traffic Manager determines this health through the use of limit settings, monitors, and dependencies on other network resources.

The health of a resource is indicated by a status code in the Configuration utility. A status code is a visual representation of the availability of a given resource. The Global Traffic Manager displays these status codes in the main screens for a given resource. The types of status codes available for a resource are:

◆ Blue A blue status code indicates that the resource has not been checked. This status often appears when you first add a resource into the Configuration utility.

◆ GreenA green status code indicates that the resource is available and operational. The Global Traffic Manager uses this resource to manage traffic as appropriate.

◆ RedA red status code indicates that the resource did not respond as expected to a monitor. The Global Traffic Manager uses this resource only when two conditions are met:

• The Global Traffic Manager is using the load balancing mode specified in the Fallback load balancing setting.

• The Fallback load balancing setting for the pool is not None.

◆ YellowA yellow status code indicates that the resource is operational, but has exceeded one of its established bandwidth thresholds. The Global Traffic Manager uses a resource that has a yellow status code only if no other resource is available.

◆ BlackA black status code indicates that the resource has been manually disabled and is no longer available for load balancing operations.

As the preceding list illustrates, the health of a resource does not necessarily impact the availability of that resource. For example, a virtual server that has a red status code could still be selected by the Global Traffic Manager.

To view the resource health of a given resource

1. On the Main tab of the navigation pane, expand Global Traffic Manager.

2. Click the resource type that you want to view, such as Wide IPs.The main screen for the resource opens. This screen displays a list of the resources of that type currently managed through the Global Traffic Manager, including the latest status code for each resource.

8 - 2


Determining resource availabilityTo load balance effectively, the Global Traffic Manager must determine whether the appropriate resources are available. In the context of the Global Traffic Manager, availability means that the resource meets one or more sets of pre-defined requirements. These requirements can be a set of statistical thresholds, a dependency on another resource, or set of values returned by a monitoring agent. If a resource fails to meet one or more of these requirements, the Global Traffic Manager considers it unavailable and attempts to select the next resource based on the load balancing methodology you defined.

The Global Traffic Manager includes three methods of determining resource availability:

• Limit settings

• Monitor availability requirements

• Virtual server dependencies

The following sections describe each of these methods and how you can configure them within the Global Traffic Manager.

Establishing limit settingsOne of the methods for determining the availability of a resource is to establish limit settings. A limit setting is a threshold for a particular statistic associated with a system.

The Global Traffic Manager supports the following limit settings:

• Kilobytes

• Packets

• Total Connections

For BIG-IP systems, the Global Traffic Manager also supports a Connections limit setting.

For hosts, the Global Traffic Manager also supports CPU and Memory limit settings.

To establish limit settings for a BIG-IP system

1. On the Main tab of the navigation pane, expand Global Traffic and then click Servers.The main screen for servers opens.

2. Click the name of the server that you want to configure.The properties screen for the server appears.



Chapter 8

4. For each limit setting you want to configure, select Enabled from the corresponding list.The screen refreshes to show a box in which you can type a value for the limit setting.

5. Type the value for each limit setting in the corresponding box.


Using monitors to determine availabilityAnother method for determining the availability of a given resource is through the use of monitors. A monitor is a software utility that specializes in a specific metric of a Global Traffic Manager resource. You can customize monitors to be as specific or as general as needed.

To illustrate the use of monitors to determine the availability of a resource, consider the fictional company SiteRequest. One of the servers at SiteRequest’s Paris data center, serverWeb1, contains the main Web site content for the wide IP, www.siterequest.com. To ensure that this server is available, SiteRequest configures an HTTP monitor within the Global Traffic Manager and assigns it to serverWeb1. This monitor periodically accesses the server to verify that the main index.html page is available. If the monitor cannot access the page, it notifies the Global Traffic Manager, which then considers the server unavailable until the monitor is successful.

Monitors provide a robust, customizable means of determining the availability of a given resource with the Global Traffic Manager. The following procedure describes how to control the impact that a set of monitors has on the availability of a resource.

For more detailed information on the types of monitors available to the Global Traffic Manager and how to configure them, see Chapter 10, Configuring Monitors.

To control how monitors determine the availability of a virtual server


2. Click the name of the server that contains the virtual server you want to configure.The properties screen for the server appears.

3. On the menu bar, click Virtual Servers.The virtual server screen opens.

4. Click the name of the virtual server that you want to configure.The properties screen for the virtual server appears.


8 - 4


6. Determine the availability requirements for the virtual server:

• If you want the Global Traffic Manager to consider the virtual server only if all monitors assigned to the virtual server are successful, select All Health Monitors from the Availability Requirements list.

• If you want the Global Traffic Manager to consider the virtual server as available only if some monitors assigned to it are successful, select At Least from the Availability Requirements list. When you select At Least, a box appears where you can type the number of monitors that must be successful for the virtual server to be available.


You can also assign monitors to a specific server. In most cases, when you assign a monitor to a server, that monitor checks all virtual servers associated with that server.

An exception to this guideline is the SNMP monitor. If you assign an SNMP monitor to a Cisco, Alteon, Extreme, Foundry, or Radware server, that monitor obtains information on the virtual servers associated with that server. If you assign the SNMP monitor to any other server type, that monitor obtains data on the server itself.

For more information on the SNMP monitor, see Chapter 10, Configuring Monitors.

In cases where you assign a monitor to a virtual server both directly and to its parent server, the availability information acquired from the monitor directly assigned to the virtual server takes precedence over any other data.

To assign a monitor to check virtual servers associated with a server


2. Click the name of the server that you want to configure.The properties screen for the server appears.



Chapter 8

4. Determine the availability requirements for the virtual servers:

• If you want the Global Traffic Manager to consider a virtual server only if all monitors assigned to the virtual server are successful, select All Health Monitors from the Availability Requirements list.

• If you want the Global Traffic Manager to consider the virtual server as available only if some monitors assigned to it are successful, select At Least from the Availability Requirements list. When you select At Least, a box appears where you can type the number of monitors that must be successful for the virtual server to be available.


To control how monitors determine the availability of a pool


2. Click the name of the pool that you want to configure.The properties screen for the pool appears.


4. Determine the availability requirements for the pool:

• If you want the Global Traffic Manager to consider the pool only if all monitors assigned to the pool are successful, select All Health Monitors from the Availability Requirements list.

• If you want the Global Traffic Manager to consider the pool as available only if some monitors assigned to it are successful, select At Least from the Availability Requirements list. When you select At Least, a box appears where you can type the number of monitors that must be successful for the pool to be available.


To control how monitors determine the availability of a link

1. On the Main tab of the navigation pane, expand Global Traffic and then click Links.The main screen for links opens.

2. Click the name of the link that you want to configure.The properties screen for the link appears.

8 - 6



4. Determine the availability requirements for the link:

• If you want the Global Traffic Manager to consider the link only if all monitors assigned to the link are successful, select All Health Monitors from the Availability Requirements list.

• If you want the Global Traffic Manager to consider the link as available only if some monitors assigned to it are successful, select At Least from the Availability Requirements list. When you select At Least, a box appears where you can type the number of monitors that must be successful for the link to be available.


Managing dependencies for virtual serversWithin the Global Traffic Manager, you can configure a virtual server to be dependent on one or more virtual servers. In such a configuration, the virtual server is available only if all of the resources in its Dependency List are available as well.

For an example of virtual server dependencies, consider the fictional company SiteRequest. One of the servers, serverMain, at the Tokyo data center has two virtual servers: vsContact, which points to the contacts page of SiteRequest’s Web site, and vsMail, which points to their mail system. The vsContact virtual server has vsMail added in its Dependency List. As a result, the Global Traffic Manager considers the vsContact virtual server available only if the vsMail virtual server is also available.

Setting virtual server dependencies

You can set dependencies for a virtual server at any time.

To set the dependency of a virtual server






Chapter 8


6. In the Dependency List option, select a virtual server from the Server list and click Add.The virtual server appears as part of the Dependency List.

7. Add additional virtual servers as needed.


Removing virtual server dependencies

You can remove a virtual server from another virtual server’s Dependency List at any time.

To remove a virtual server from a Dependency List


2. Click the name of the server that contains the virtual server you want to configure.The properties screen for the server opens.


4. Click the name of the virtual server that you want to configure.The properties screen for the virtual server opens.


6. In the Dependency List option, select a virtual server from the Dependency List and click Remove.

7. Remove additional virtual servers as needed.


Organizing virtual server dependencies

When you configure the Dependency List option for a virtual server, the Global Traffic Manager checks each virtual server in the order in which you added them to the Configuration utility. You can change this order at any time.

8 - 8


To organize virtual server dependencies






6. In the Dependency List option, use the buttons provided to move the listed virtual servers up or down in the list.



Chapter 8

Resuming connections to resourcesWhen a network resource, such as a virtual server, goes offline, the Global Traffic Manager considers that resource to be unavailable and proceeds to send name resolution requests to other resources based on the configured load balancing mode. By default, the Global Traffic Manager resumes sending requests to an offline resource as soon as that the resource becomes available again, provided that the resource meets the appropriate load balancing requirements.

Under certain circumstances, you might not want the Global Traffic Manager to resume connections to a resource immediately. For example, a server for the fictional company, SiteRequest, goes offline. The Global Traffic Manager detects that the virtual servers associated with this server are unavailable, and proceeds to send name resolution requests to other virtual servers as appropriate. When the server is online again, it must still run several synchronization processes before it is fully ready to handle name resolution requests. However, the Global Traffic Manager might detect that the server is available before these processes are complete, and send requests to the server before that server can handle them.

To avoid this possibility, you can configure pools to use the manual resume feature. The manual resume feature ensures that the Global Traffic Manager does not load balance requests to a virtual server within a pool until you manually re-enable it.

To activate the manual resume feature


2. Click the name of the pool.The properties screen of the pool opens.


4. Check Manual Resume.


8 - 10


Establishing persistent connectionsMost load balancing modes divide name resolution requests among available pools or virtual servers. Each time the Global Traffic Manager receives a request, it sends that request to the most appropriate resource. For example, when a user visits a web site it results in multiple name resolution requests as that user moves from page to page. Depending on the load balancing mode selected, the Global Traffic Manager could send each request to a completely different virtual server, server, or even data center.

In certain circumstances, you might want to ensure that a user remains with a given set of resources throughout the session. For example, a user attempting to conduct a transaction through an online bank needs to remain with the same set of resources to ensure the transaction is completed successfully.

To ensure that users stay with a specific set of resources, the Global Traffic Manager includes a persistence option. The persistence option instructs the Global Traffic Manager to send a user to the same set of resources until a specified period of time has elapsed.

To establish persistent connections to a wide IP

1. On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.The main wide IP screen opens.

2. Click the name of the wide IP.The Properties screen for the wide IP opens.

3. On the menu bar, click Pools.The Pools List screen opens.

4. From the Persistence list, select Enabled.A new option, Persistent TTL, appears in which you can state how long a connection should persist to the same resources.

5. In the Persistent TTL box, type the time-to-live value, in seconds.


Draining persistent requestsIf you elect to use persistent connections with your load balancing mode, you must decide how to handle connection requests when you need to take a specific pool of virtual servers offline. By default, the Global Traffic Manager immediately sends connection requests to other pools when you take that pool offline, even if you enabled persistent connections. In some situations, this behavior might not be desirable. For example, consider an online store. You might need to take a pool of virtual servers for this store offline; however, you do not want to interrupt shoppers currently purchasing any products. In this situation, you want to drain persistent requests. Draining requests refers to allowing existing sessions to continue accessing


Chapter 8

a specific set of resources while disallowing new connections. In the Global Traffic Manager, you configure this capability through the Drain Persistent Requests option.

Note

The Drain Persistent Requests option applies only when you manually disable the pool. It does not apply when the pool becomes offline for any other reason.

To drain persistent requests


2. From the Global Traffic menu, choose General.The General Global Properties screen opens.

3. Check Drain Persistent Requests.


Setting the last resort poolWhen the Global Traffic Manager load balances name resolution requests, it considers any pool associated with a given wide IP as a potential resource. You can, however, modify this behavior by creating a last resort pool. A last resort pool is a pool of virtual servers to which the Global Traffic Manager sends connection requests in the event that all other pools are unavailable.

It is important to remember that any pool you assign as the last resort pool is not a part of the normal load balancing operations of the Global Traffic Manager. Instead, this pool is kept in reserve. The Global Traffic Manager uses the resources included in this pool only if no other resources are available to handle the name resolution request.

To set the last resort pool

1. On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.The main wide IP screen opens.



4. From the Last Resort Pool list, select a pool to be used as the last resort pool.


8 - 12

9

Working with Topologies

• Overview of topologies

• Setting up and removing topology records

• Using topology load balancing in a wide IP

• Using topology load balancing in a pool

• Understanding user-defined regions

• Other load balancing options for topologies


Overview of topologiesAs the name implies, the Global Traffic Manager handles name resolution requests at an international level. Consequently, one of the methods you can employ to load balance requests is through the use of topologies. A topology is a set of characteristics that identify the origin of a given name resolution request. In the Global Traffic Manager, topologies belong to one of several categories, including:

• Continent

• Country

• IP Subnet

• ISP

In addition to these topology types, the Global Traffic Manager also supports regions. A region is a customized collection of topologies. For example, you could create a topology for Denmark, Iceland, Finland, Norway, and Sweden. These topologies could then compose a custom region called Scandinavia.

Through topologies, you can instruct the Global Traffic Manager to select a data center or resource based on its physical proximity to the client making the name resolution request. This process helps ensure that name resolution requests are answered and managed in the fastest possible time.

You can instruct the Global Traffic Manager to use topologies to load balance name resolution requests across pools at the wide IP level, and across virtual servers at the pool level.

Understanding topologiesA fictional company, SiteRequest, allows its customers to download applications from its web site. SiteRequest has three data centers: New York, Paris, and Tokyo. To ensure that customers can download their purchased application as quickly as possible, the IT department has decided to create topologies with which to load balance name resolution requests.

The New York data center is chosen as the designated data center for any name resolution requests originating in the western hemisphere. To ensure that these requests go only to the New York data center, the IT department first creates a custom region, called Western Hemisphere, that contains the continents North America and South America. With this custom region created, the next step is to create a topology record for the Global Traffic Manager. A topology record is a statement that tells the Global Traffic Manager how to handle name resolution requests based on topologies. In this case, the IT department creates the record as follows:

• Request Source: Region is Western Hemisphere

• Destination Source: Data Center is New York

• Weight: 10


Chapter 9

The final step to implement this topology is to configure the corresponding wide IP, www.siterequest.com, to use topology load balancing. See Using topology load balancing in a wide IP, on page 9-5 for more information.

Implementing topologiesWhen you want to load balance connection requests using one or more topologies, you must complete two tasks:

• Configure the given wide IP or pool to use topology as a load balancing method.

• Access the Topology screen to create your topology statements.

To configure a wide IP or pool to use topology as a load balancing method, see Configuring load balancing, on page 7-14.

To access the topology screen

1. On the Main tab of the navigation pane, expand Global Traffic.

2. Click Topology.The Topology Records screen opens.

3. Create and manage your topology statements as needed.

See Setting up and removing topology records, on page 9-3, for more information.

9 - 2


Setting up and removing topology recordsA topology record has several elements: a request source statement, a destination statement, an operator, and a weight.

A request source statement defines the origin of a name resolution request. You can define the origin of a request as one of the following:

• A continent

• A country (based on the ISO 3166 top-level domain codes)

• An IP subnet (CIDR definition)

• An Internet Service Provider (ISP)

• A custom region

A destination statement defines the resource to which the Global Traffic Manager directs the name resolution request. The types of resources available for a destination statement are as follows:

• A continent


• A data center

• An IP subnet (CDIR definition)


• A pool of virtual servers

• A custom region

You can select one of two operators for both a request source and a destination statement. The is operator indicates that the name resolution request matches the statement. The is not operator indicates that the name resolution request does not match the statement.

The last element of a topology record, called the topology score or weight, allows the Global Traffic Manager to evaluate the best resolution option for a DNS request. In the event that a name resolution request matches more than one topology record, the Global Traffic Manager uses the record with the highest weight attribute to determine which statement it uses to load balance the request.

Note

A group of topology records defined for the Global Traffic Manager is referred to as a topology statement.

To set up a topology record

1. On the Main tab of the navigation pane, expand Global Traffic and then click Topology.The main screen for topologies opens.

2. Click the Create button.The New Record screen opens.


Chapter 9

3. To create a request source statement, use the request resource settings:

a) Select an origin type from the corresponding list.

b) Select an operator, either is or is not.

c) Define the criteria for the request source statement. For example, if the statement focuses on a country, a list appears from which you select the country. If the statement focuses on an IP subnet, a box appears that allows you to define that subnet.

4. To create a destination statement, use the destination settings:

a) Select a destination type from the corresponding list.

b) Select an operator, either is or is not.

c) Define the criteria for the destination statement. For example, if the statement focuses on a country, a list would appear from which you select the country. If the statement focuses on an IP subnet, a box appears that allows you to define that subnet.

5. In the Weight box, specify the priority this record has over topology records.

6. Click the Create button to save the new topology.

Removing topology recordsAs your network changes, you might find that you need to refine your existing topology records, or remove outdated topology records.

For example, the fictional company SiteRequest has an existing topology statement that routes all traffic originating from the United States to the New York data center. Last week, a new data center in Los Angeles came online. One of the results of this new data center is that the topology record that the Global Traffic Manager used to direct traffic was obsolete, and needed to be removed.

To remove a topology record

1. On the Main tab of the navigation pane, expand Global Traffic and then click Topology.The main screen for topologies opens.

2. Select the topology record that you want to remove from the topology records list by checking the corresponding Select check box.

3. Click the Delete button.

9 - 4


Using topology load balancing in a wide IPYou can use the Topology load balancing mode to distribute traffic among the pools in a wide IP. To do this, you must have at least two pools configured in the wide IP. With topology load balancing, you send name resolution requests to specific data centers or other resources based on the origin of the request.

To configure a wide IP to use topology load balancing


2. Click the name of the wide IP for which you want to assign topology-based load balancing.The properties screen for the wide IP opens.


4. From the Load Balancing Method list, select Topology.


Repeat this process for each wide IP as needed.


Chapter 9

Using topology load balancing in a poolIn addition to setting up the topology load balancing mode to select a pool within a wide IP, you can also set up the topology load balancing mode to select a virtual server within a pool. However, you must configure the topology records before the Global Traffic Manager can use the topology load balancing mode within a pool.

To configure a pool to use topology load balancing


2. Click the name of the pool for which you want to assign topology-based load balancing.The properties screen for the pool opens.

3. On the menu bar, click Members.The Members screen opens. This screen contains a list of the virtual servers currently assigned to the pool.

4. From the Load Balancing Method list, select Topology.


Repeat this process for each pool as needed.

9 - 6


Understanding user-defined regionsTo further refine the topology load balancing capabilities of the Global Traffic Manager, you can create custom topology regions. A region is a customized collection of topologies. For example, you could create a topology for Denmark, Iceland, Finland, Norway, and Sweden. These topologies could than compose a custom region for Scandinavia. Regions allow you to extend the functionality of your topologies by allowing you to define specific geographical regions that have meaning for your network.

You create a custom region by adding one or more region member types to the region member list. The available region member types are as follows:

• A continent


• A data center

• An IP subnet (CDIR definition)


• A pool of virtual servers

• Another custom region

Once you select a region member type, you then fill in the details about that region member and add it to the region member list. The region member options change based on the region member type that you select. When you have finished adding region members to your new region, the new region becomes an option in the Create Topology screen.

To create a region

1. On the Main tab of the navigation pane, expand Global Traffic and then click Topology.The main topology screen opens.

2. On the menu bar, click Regions.The main region screen opens.

3. Click the Create button.The Create Region screen opens.

4. In the Name box, type a name for the new region.

5. Using the Member List settings, define the appropriate region members.

6. Click the Create button to create the new region.


Chapter 9

Other load balancing options for topologiesThe Global Traffic Manager supports additional options that affect how the system load balances name resolution requests. These options are:

• ACL Threshold

• Longest Match

The ACL Threshold creates an exclusion list based on the topology record score of a given name resolution request. If the topology record score is lower than the value entered into this option, the name resolution request does not have access to the listed virtual servers. This option is set to 0 by default, which disables it.

The Longest Match option instructs the Global Traffic Manager to use the topology statement that most completely matches the source IP address of the name resolution request. For example, two topology statements exist: one that matches a source IP address of 10.0.0.0 and one that matches 10.15.0.0. A name resolution request arrives with a source IP address of 10.15.65.8. With the Longest Match setting enabled, the Global Traffic Manager will use the topology statement with 10.15.0.0 because it has the longest, and therefore most complete, match. If this option was disabled, the Global Traffic Manager could use either topology statement, depending on factors such as the weight of the statement or the order in which the statements are listed. This option is enabled by default.

To access the ACL Threshold and Longest Match options



3. Using the Topology Options settings, assign a value for the ACL Threshold option, then enable or disable the Longest Match option as needed.


9 - 8

10

Configuring Monitors

• Introducing monitors

• Creating a custom monitor

• Configuring monitor settings

• Special configuration considerations

• Associating monitors with resources

• Managing monitors


Introducing monitorsAn important feature of the Global Traffic Manager is set of load-balancing tools called monitors. Monitors verify connections on pools and virtual servers. A monitor can be either a health monitor or a performance monitor. Monitors are designed to check the status of a pool or virtual server on an ongoing basis, at a set interval. If a pool or virtual server being checked does not respond within a specified timeout period, or the status of a pool or virtual server indicates that performance is degraded, then the Global Traffic Manager can redirect the traffic to another resource.

Some monitors are included as part of the Global Traffic Manager, while other monitors are user-created. Monitors that the Global Traffic Manager provides are called pre-configured monitors. User-created monitors are called custom monitors. For more information on pre-configured and custom monitors, see Understanding pre-configured and custom monitors, on page 10-4.

Before configuring and using monitors, it is helpful to understand some basic concepts regarding monitor types, monitor settings, and monitor implementation.

◆ Monitor typesEvery monitor, whether pre-configured or custom, belongs to a certain category, or monitor type. Each monitor type checks the status of a particular protocol, service, or application. For example, an HTTP type of monitor allows you to monitor the availability of the HTTP service on a pool, pool member, or virtual server. An ICMP type of monitor simply determines whether the status of a resource is up or down. For more information on monitor types, see Summary of monitor types, on page 10-2, and Configuring monitor settings, on page 10-8.

◆ Monitor settingsEvery monitor consists of settings with values. The settings and their values differ depending on the type of monitor. In some cases, the Global Traffic Manager assigns default values. For example, the following are the default values for the ICMP-type monitor:

• Interval: 30 seconds

• Timeout: 120 seconds

• Transparent: No

These settings specify that an ICMP type of monitor is configured to check the status of an IP address every 30 seconds, and to time out every 120 seconds. For more information on monitor settings, see Overview of monitor settings, on page 10-4, and Configuring monitor settings, on page 10-8.

◆ Monitor implementationThe task of implementing a monitor varies depending on whether you are using a pre-configured monitor or creating a custom monitor. If you want to implement a pre-configured monitor, you need only associate the monitor with a pool or virtual server. If you want to implement a custom monitor, you must first create the custom monitor, and then associate it


Chapter 10

with a pool or virtual server. For more information on implementing a monitor, see Understanding pre-configured and custom monitors, on page 10-4, Creating a custom monitor, on page 10-7, and Configuring monitor settings, on page 10-8.

Summary of monitor typesThe Global Traffic Manager includes many different types of monitors, each designed to perform a specific type of monitoring. The monitors belong to one of three categories: simple, extended content verification (ECV), and extended application verification (EAV). Simple monitors check the health of a resource by sending a packet using the specified protocol, and waiting for a response from the resource. If the monitor receives a response, then the health check is successful and the resource is considered up. ECV monitors check the health of a resource by sending a query for content using the specified protocol, and waiting to receive the content from the resource. If the monitor receives the correct content, then the health check is successful and the resource is considered up. EAV monitors check the health of a resource by accessing the specified application. If the monitor receives the correct response, then the health check is successful and the resource is considered up.

Table 10.1 describes the types of monitors that you can apply to your load balancing resources. You can find details about the settings for each monitor type in Configuring monitor settings, on page 10-8.

Monitor Category Monitor Type Description

Simple ICMP Checks the status of a resource, using Internet Control Message Protocol (ICMP).

Simple TCP Echo Checks the status of a resource, using Transmission Control Protocol (TCP).

ECV TCP Verifies the Transmission Control Protocol (TCP) service by attempting to receive specific content from a resource.

ECV HTTP Verifies the Hypertext Transfer Protocol (HTTP) service by attempting to receive specific content from a web page.

ECV HTTPS Verifies the Hypertext Transfer Protocol Secure (HTTPS) service by attempting to receive specific content from a web page protected by Secure Socket Layer (SSL) security.

EAV BIG IP Acquires data captured through monitors managed by a BIG-IP Local Traffic Manager.

EAV BIG IP Link Acquires data captured through monitors managed by a BIG-IP Link Controller.

EAV External Allows users to monitor services using their own programs.

Table 10.1 Monitor types available on a Global Traffic Manager system

10 - 2


EAV FTP Verifies the File Transfer Protocol (FTP) service by attempting to download a specific file to the /var/tmp directory on the system. Once downloaded successfully, the file is not saved.

EAV IMAP Verifies the Internet Message Access Protocol (IMAP) by attempting to open a specified mail folder on a server. This monitor is similar to the pop3 monitor.

EAV LDAP Verifies the Lightweight Directory Access Protocol (LDAP) service by attempting to authenticate the specified user.

EAV MSSQL Verifies Microsoft® Windows SQL-based services.

EAV NNTP Verifies the Usenet News protocol (NNTP) service by attempting to retrieve a newsgroup identification string from the server.

EAV Oracle Verifies services based on Oracle® by attempting to perform an Oracle login to a service.

EAV POP3 Verifies the Post Office Protocol (pop3) service by attempting to connect to a pool, pool member, or virtual server, log on as the specified user, and log off.

EAV RADIUS Verifies the Remote Access Dial-in User Service (RADIUS) service by attempting to authenticate the specified user.

EAV Real Server Checks the performance of a pool, pool member, or virtual server that is running the RealServer data collection agent, and then dynamically load balances traffic accordingly.

EAV SIP Checks the status of Session Initiation Protocol (SIP) Call-ID services on a device. The SIP protocol enables real-time messaging, voice, data, and video.

EAV SMTP Checks the status of a pool, pool member, or virtual server by issuing standard Simple Mail Transport Protocol (SMTP) commands.

EAV SNMP DCA Checks the current CPU, memory, and disk usage of a pool, pool member, or virtual server that is running an SNMP data collection agent, and then dynamically load balances traffic accordingly.

EAV SOAP Tests a Web service based on the Simple Object Access Protocol (SOAP).

EAV UDP Verifies the User Datagram Protocol (UDP) service by attempting to send UDP packets to a pool, pool member, or virtual server and receiving a reply.

EAV WMI Checks the performance of a pool, pool member, or virtual server that is running the Windows Management Infrastructure (WMI) data collection agent and then dynamically load balances traffic accordingly.

Monitor Category Monitor Type Description

Table 10.1 Monitor types available on a Global Traffic Manager system


Chapter 10

Overview of monitor settingsMonitors contain settings with corresponding values. These settings and their values affect the way that a monitor performs its status check. When you create a custom monitor, you must configure these setting values. For those settings that have default values, you can either retain the default values, or modify them to suit your needs. You can find details about the settings for each monitor type in Configuring monitor settings, on page 10-8.

Understanding pre-configured and custom monitorsWhen you want to monitor the health or performance of pool members or virtual servers, you can either use a pre-configured monitor, or create and configure a custom monitor.

Using pre-configured monitors

For a subset of monitor types, the Global Traffic Manager includes a set of pre-configured monitors. A pre-configured monitor is an existing monitor that the Global Traffic Manager provides for you, with its settings already configured. You cannot modify pre-configured monitor settings, as they are intended to be used as is. The purpose of a pre-configured monitor is to eliminate the need for you to explicitly create one. You use a pre-configured monitor when the values of the settings meet your needs as is.

The Global Traffic Manager includes these pre-configured monitors:

• big ip

• big ip link

• gateway icmp

• http

• https

• icmp

• real_server

• snmp

• tcp

• tcp_echo

An example of a pre-configured monitor is the icmp monitor. If the default values of this monitor meet your needs, you simply assign the icmp pre-configured monitor directly to a pool or virtual server. In this case, you do not need to use the Monitors screens, unless you simply want to view the default settings of the pre-configured monitor.

If you do not want to use the values configured in a pre-configured monitor, you can create a custom monitor.

10 - 4


Using custom monitors

A custom monitor is a monitor that you create based on one of the allowed monitor types.You create a custom monitor when the values defined in a pre-configured monitor do not meet your needs, or no pre-configured monitor exists for the type of monitor you are creating. (For information on monitor types, see Summary of monitor types, on page 10-2.)

Selecting a custom monitor is straightforward. Like icmp, each of the custom monitors has a Type setting based on the type of service it checks, for example, http, https, ftp, pop3, and takes that type as its name. (Exceptions are port-specific monitors, like the external monitor, which calls a user-supplied program.)

For procedures on selecting and configuring a monitor, see Creating a custom monitor, on page 10-7.

Importing settings from a pre-configured monitor

If a pre-configured monitor exists that corresponds to the type of custom monitor you are creating, you can import the settings and values of that pre-configured monitor into the custom monitor. You are then free to change those setting values to suit your needs. For example, if you create a custom monitor called my_icmp, the monitor can inherit the settings and values of the pre-configured monitor icmp. This ability to import existing setting values is useful when you want to retain some setting values for your new monitor but modify others.

The following list shows an example of a custom ICMP-type monitor called my_icmp, which is based on the pre-configured monitor icmp. Note that the Interval value has been changed from the default value of 30 to 60. The other settings retain the values defined in the pre-configured monitor.

• Name: my_icmp

• Type: ICMP

• Interval: 60

• Timeout: 120

• Transparent: No

Importing settings from a custom monitor

You can import settings from another custom monitor instead of from a pre-configured monitor. This is useful when you would rather use the setting values defined in another custom monitor, or when no pre-configured monitor exists for the type of monitor you are creating. For example, if you create a custom monitor called my_oracle_server2, you can import settings from an existing Oracle-type monitor such as my_oracle_server1. In this case, because the Global Traffic Manager does not provide a pre-configured Oracle-type monitor, a custom monitor is the only kind of monitor from which you can import setting values.


Chapter 10

Importing settings from a monitor template

If no pre-configured or custom monitor exists that corresponds to the type of monitor you are creating, the Global Traffic Manager imports settings from a monitor template. A monitor template is an abstraction that exists within the Global Traffic Manager for each monitor type and contains a group of settings and default values. A monitor template merely serves as a tool for the Global Traffic Manager to use for importing settings to a custom monitor when no monitor of that type already exists.

10 - 6


Creating a custom monitorWhen you create a custom monitor, you use the Configuration utility to give the monitor a unique name, specify a monitor type, and, if a monitor of that type already exists, import settings and their values from the existing monitor. You can then change the values of any imported settings.

You must base each custom monitor on a monitor type. When you create a monitor, the Configuration utility displays a list of monitor types. To specify a monitor type, select the one that corresponds to the service you want to check. For example, if you want to want to create a monitor that checks the health of the HTTP service on a pool, you choose HTTP as the monitor type.

If you want to check more than one service on a pool or virtual server (for example HTTP and HTTPS), you can associate more than one monitor on that pool or virtual server. For more information, see Chapter 7, Load Balancing with the Global Traffic Manager.

Checking services is not the only reason for implementing a monitor. If you want to verify only that the destination IP address is live, or that the path to it through a transparent virtual server is live, use one of the simple monitors, icmp or tcp_echo. Or, if you want to verify TCP only, use the monitor tcp.

Note

Before creating a custom monitor, you must decide on a monitor type. For information on monitor types, see Configuring monitor settings, on page 10-8.

To create a custom monitor

1. On the Main tab of the navigation pane, expand Global Traffic and then click Monitors.The main monitors screen opens.

2. Click the Create button.The New Monitor screen opens.

3. In the Name box, type a name for the monitor.

4. For the Type setting, select the type of monitor that you want to create.If a monitor of that type already exists, Import Settings appears. The screen refreshes to display settings specific to the monitor type you selected.


6. Configure all settings shown.

7. Click the Finished to save your changes.


Chapter 10

Configuring monitor settingsThe Global Traffic Manager supports a wide variety of monitor types. Each of these monitor types contains specific settings that you can configure to ensure that the monitor accurately tests a given resource before determining if that resource is available for load balancing operations. When you configure these settings, you are creating a custom monitor for your network.

The types of monitors the Global Traffic Manager supports correspond to three categories:

◆ Simple monitorsThese are health monitors that monitor the status of a resource.

◆ Extended Content Verification (ECV) monitorsThese are health monitors that verify service status by retrieving specific content from pool members or virtual servers.

◆ External Application Verification (EAV) monitorsThese are health or performance monitors that verify service status by accessing remote applications, using an external service-checker program.

Simple monitorsSimple monitors are those that check the status of a resource. The simple monitor types are:

• ICMP

• Gateway ICMP

• TCP Echo

• TCP Half Open

The Global Traffic Manager system provides a set of pre-configured simple monitors: icmp, gateway_icmp, tcp_echo, and tcp_half_open. You can either use these pre-configured monitors as is, or create custom monitors of these types.

The following sections describe each type of simple monitor and show the pre-configured monitor for each type. Note that each pre-configured monitor consists of settings and their values.

10 - 8


ICMP

Using an ICMP type of monitor, you can use Internet Control Message Protocol (ICMP) to make a simple resource check. The check is successful if the monitor receives a response to an ICMP_ECHO datagram. The following list shows the settings and their values for the pre-configured monitor icmp:

• Name: ICMP

• Type: ICMP



• Transparent: No

• Alias Address: * All Addresses

The Transparent mode is an option for ICMP-type monitors. When you set this mode to Yes, the monitor pings the resource with which the monitor is associated. For more information about Transparent mode, refer to Using transparent and reverse modes, on page 10-35.

Gateway ICMP

A Gateway ICMP type of monitor has a special purpose. You use this monitor for a pool that implements gateway failsafe for high availability.

A Gateway ICMP monitor functions the same way as an ICMP monitor, except that you can apply a Gateway ICMP monitor to a pool. (Remember that you can apply an ICMP monitor to a resource only and not to a pool member.) The following list shows the settings and their values for the pre-configured gateway_icmp monitor.

• Name: Gateway ICMP

• Type: Gateway ICMP



• Transparent: No


• Alias Service Port: * All Ports

TCP Echo

With a TCP Echo type of monitor, you can verify Transmission Control Protocol (TCP) connections. The check is successful if the Global Traffic Manager receives a response to a TCP Echo message. The TCP Echo type also supports Transparent mode. In this mode, the resource with which the monitor is associated is pinged through to the destination resource. (For more information about Transparent mode, see Using transparent and reverse modes, on page 10-35.)


Chapter 10

To use a TCP Echo monitor type, you must ensure that TCP Echo is enabled on the resources being monitored. The following list shows the settings for the pre-configured monitor tcp_echo:

• Name: TCP Echo

• Type: TCP Echo

• Interval 30 seconds

• Timeout 120 seconds


TCP Half Open

A TCP Half Open type of monitor performs a quick check on the associated service by sending a TCP SYN packet to the service. As soon as the monitor receives the SYN-ACK packet from the service, the monitor considers the service to be in an up state, and sends a RESET to the service instead of completing the three-way handshake. The following list shows the settings for the pre-configured monitor tcp_half_open:

• Name: TCP Half Open

• Type: TCP Half Open



• Transparent: No

• Alias Addresses: * All Addresses

• Alias Service Ports: * All Ports

Extended Content Verification (ECV) monitorsECV monitors use Send String and Receive String settings in an attempt to retrieve explicit content from resources. The Global Traffic Manager provides the pre-configured monitors tcp, http, and https for these ECV monitor types:

• TCP

• HTTP

• HTTPS

You can either use the pre-configured ECV monitors as is, or create custom monitors from these monitor types.

The following sections describe each type of ECV monitor and show the pre-configured monitor for each type. Note that each pre-configured monitor consists of settings and their values.

10 - 10


TCP

A TCP type of monitor attempts to receive specific content sent over TCP. The check is successful when the content matches the Receive String value. A TCP type of monitor takes a Send String value and a Receive String value. If the Send String value is blank and a connection can be made, the service is considered up. A blank Receive String value matches any response. Both Transparent and Reverse modes are options. For more information about Transparent and Reverse modes, see Using transparent and reverse modes, on page 10-35.

The following list shows the settings for the pre-configured monitor tcp:

• Name: tcp

• Type: TCP



• Send String: "" (empty)

• Receive String: "" (empty)

• Reverse: No

• Transparent: No



HTTP

You can use an HTTP type of monitor to check the status of Hypertext Transfer Protocol (HTTP) traffic. Like a TCP monitor, an HTTP monitor attempts to receive specific content from a web page, and unlike a TCP monitor, may send a user name and password. The check is successful when the content matches the Receive String value. An HTTP monitor uses a send string, a receive string, a user name, a password, and optional Reverse and Transparent modes. (If there is no password security, you must use blank strings [""] for the Username and Password settings.)

For more information on transparent and reverse modes, see Using transparent and reverse modes, on page 10-35.

The following list shows the settings of the pre-configured monitor http:

• Name: http

• Type: HTTP



• Send String: Get /


• User Name: "" (empty)

• Password: "" (empty)


Chapter 10

• Reverse: No

• Transparent: No



HTTPS

You use an HTTPS type of monitor to check the status of Hypertext Transfer Protocol Secure (HTTPS) traffic. An HTTPS type of monitor attempts to receive specific content from a web page protected by SSL security. The check is successful when the content matches the Receive String value.

HTTPS-type monitors use a send string, a receive string, a user name, a password, and an optional Reverse setting. (If there is no password security, you must use blank strings [""] for the Username and Password settings.) For more information on the Reverse setting, see Using transparent and reverse modes, on page 10-35.

HTTP-type monitors also include the settings Cipher List, Compatibility, and Client Certificate. If you do not specify a cipher list, the monitor uses the default cipher list DEFAULT:+SHA:+3DES:+kEDH. When you set the Compatibility setting to Enabled, this sets the SSL options to ALL. You use the Client Certificate setting to specify a certificate file that the monitor then presents to the server.

The following list shows the settings of the pre-configured monitor https:

• Name: https

• Type: HTTPS



• Send String: Get /


• Cipher List: "" (empty)



• Compatibility: Enabled

• Client Certificate: "" (empty)

• Reverse: No



The Reverse setting is an option for monitors that import settings from the https monitor. In most monitor settings, the Global Traffic Manager considers the resource available when the monitor successfully probes it. However, in some cases you may want the resource to be considered

10 - 12


unavailable after a successful monitor test. You accomplish this configuration with the Reverse setting. For more information on Reverse mode, see Using transparent and reverse modes, on page 10-35.

External Application Verification (EAV) monitorsEAV monitors verify applications on servers by running those applications remotely, using an external service checker program located in the directory /user/bin/monitors.

The types of EAV monitors that you can create are:

• BIG IP

• BIG IP Link

• External

• FTP

• IMAP

• LDAP

• MSSQL

• NNTP

• Oracle

• POP3

• RADIUS

• Real Server

• Scripted

• SIP

• SMTP

• SNMP

• SNMP Link

• SOAP

• UDP

• WAP

• WMI

The Global Traffic Manager provides pre-configured monitors for several of these monitor types. In cases where a pre-configured monitor does not meet your needs or does not exist, you can create a custom monitor. For more information on custom monitors, see Creating a custom monitor, on page 10-7.

The following sections describe each type of simple monitor and show the pre-configured monitor or default values for each type. Note that each pre-configured monitor consists of settings and their values.


Chapter 10

BIG-IP

If you employ the Global Traffic Manager in a network that contains a Local Traffic Manager, you must assign a BIG-IP monitor to the Local Traffic Manager. In fact, this monitor is automatically assigned to the Local Traffic Manager if you do not do so manually.

The BIG-IP monitor gathers metrics and statics information that the Local Traffic Manager acquires through the monitoring of its own resources. In general, it is sufficient to assign only the BIG-IP monitor to a Local Traffic Manager. In situations where you want to verify the availability of a specific resource managed by the Local Traffic Manager, we recommend that you first assign the appropriate monitor to the resource through the Local Traffic Manager, and then assign a BIG-IP monitor to the Local Traffic Manager through the Global Traffic Manager. This configuration provides the most efficient means of tracking resources managed by a BIG-IP system.

The following list shows the settings and default values of a BIG-IP-type monitor:

• Name: my_bigip

• Type: BIG-IP



• Probe Interval: 1 second

• Probe Timeout: 1 second

• Probe Attempts: 1

• Minimum Required Successful Attempts: 1



Note

If the Global Traffic Manager and the Local Traffic Manager are on the same machine, you must still assign a BIG-IP monitor to the server that you added to your configuration that represents the Global Traffic Manager/Local Traffic Manager system. See Chapter 5, Defining the Physical Network for more information.

BIG-IP Link

If you employ the Global Traffic Manager in a network that contains a Link Controller, you must assign a BIG-IP Link monitor to the Link Controller. In fact, this monitor is automatically assigned to the Link Controller if you do not do so manually.

The BIG-IP Link monitor gathers metrics and statics information that the Link Controller acquires through the monitoring of its own resources.

The following list shows the settings and default values of a BIG IP Link-type monitor:

10 - 14


• Name: my_bigip_link

• Type: BIG-IP Link




• Probe Timeout: 1 second





Note

If the Global Traffic Manager and the Link Controller are on the same machine, you must still assign a BIG-IP Link monitor to the server that you added to your configuration that represents the Global Traffic Manager/Link Controller system. See Chapter 5, Defining the Physical Network for more information.

External

Using an External type of monitor, you can create your own monitor type. To do this, you create a custom External-type monitor and within it, specify a user-supplied monitor to run.

The External Program setting specifies the name of your user-supplied monitor program. An External-type monitor searches the directory /user/bin/monitors for that monitor name.

The Arguments setting allows you to specify any command-line arguments that are required.

The following list shows the settings and default values of an External-type monitor:

• Name: my_external

• Type: External



• External Program: "" (empty)

• Arguments: "" (empty)

• Variables: "" (empty)




Chapter 10

FTP

Using an FTP type of monitor, you can monitor File Transfer Protocol (FTP) traffic. A monitor of this type attempts to download a specified file to the /var/tmp directory, and if the file is retrieved, the check is successful.

Note

Once the file has been successfully downloaded, the Global Traffic Manager does not save it.

An FTP monitor specifies a user name, a password, and a full path to the file to be downloaded.

The following list shows the settings and default values of an FTP-type monitor:

• Name: my_ftp

• Type: FTP





• Path/Filename: "" (empty)

• Mode: Passive



• Debug: No

IMAP

With an IMAP type of monitor, you can check the status of Internet Message Access Protocol (IMAP) traffic. An IMAP monitor is essentially a POP3 type of monitor with the addition of the Folder setting. The check is successful if the monitor is able to log into a server and open the specified mail folder.

An IMAP monitor requires that you specify a user name and password. The following list shows the settings and default values of an IMAP-type monitor:

• Name: my_imap

• Type: IMAP





• Folder: INBOX

10 - 16




• Debug: No

Note

Servers to be checked by an IMAP monitor typically require special configuration to maintain a high level of security, while also allowing for monitor authentication.

LDAP

An LDAP type of monitor checks the status of Lightweight Directory Access Protocol (LDAP) servers. The LDAP protocol implements standard X.500 for email directory consolidation. A check is successful if entries are returned for the base and filter specified. An LDAP monitor requires a user name, a password, and base and filter strings. The following list shows the settings and default values of an LDAP-type monitor:

• Name: my_ldap

• Type: LDAP





• Base: "" (empty)

• Filter: "" (empty)

• Security: None

• Mandatory Attributes: No



• Debug: No

The User Name setting specifies a distinguished name, that is, an LDAP-format user name.

The Base setting specifies the starting place in the LDAP hierarchy from which to begin the query.

The Filter setting specifies an LDAP-format key of the search item.

The Security setting specifies the security protocol to be used. Acceptable values are SSL, TLS, or None.


Chapter 10

MSSQL

You use an MSSQL type of monitor to perform service checks on Microsoft SQL Server-based services such as Microsoft SQL Server versions 6.5 and 7.0.

The Global Traffic Manager requires installation of a JDBC driver before performing the actual login. For more information, see the Configuration Guide for BIG-IP® Local Traffic Management.

If you receive a message that the connection was refused, verify that the IP address and port number or service are correct. If you are still having login trouble, see Troubleshooting MSSQL logins, on page 10-19.

The remainder of this section on MSSQL monitors describes prerequisite tasks, the default monitor settings, and troubleshooting tips.

Before using an MSSQL-type monitor, you must download a set of JDBC JavaTM Archive (JAR) files and install them on the Global Traffic Manager system.

MSSQL monitor settings and their default values

The following list shows the settings and default settings of an MSSQL-type monitor:

• Name: my_mssql

• Type: mssql







• Database: "" (empty)

• Receive Row: "" (empty)

• Receive Column: "" (empty)



• Debug: No

In an MSSQL-type monitor, the Database setting specifies the name of the data source on the Microsoft® SQL-based server. Examples are sales and hr.

10 - 18


The Send String setting is optional and specifies a SQL query statement that the Global Traffic manager should send to the server. Examples are SELECT * FROM sales and SELECT FirstName, LastName From Employees. If you configure the Send String setting, you can also configure the following settings:

◆ Receive StringThe Receive String setting is an optional parameter that specifies the value expected to be returned for the row and column specified with the Receive Row and Receive Column settings. An example of a Receive String value is ALAN SMITH. You can only configure this setting when you configure the Send String setting.

◆ Receive RowThe Receive Row setting is optional, and is useful only if the Receive String setting is specified. This setting specifies the row in the returned table that contains the Receive String value. You can only configure this setting when you configure the Send String setting.

◆ Receive ColumnThe Receive Column setting is optional and is useful only if the Receive String setting is specified. This setting specifies the column in the returned table that contains the Receive String value. You can only configure this setting when you configure the Send String setting.

Troubleshooting MSSQL logins

If an MSSQL monitor cannot log in to the server, and you have checked that the specified IP address and port number or service are correct, try the following:

◆ Verify that you can log in using another tool. For example, the server program Microsoft NT SQL Server version 6.5 includes a client program named ISQL/w. This client program performs simple logins to SQL servers. Use this program to test whether you can log in to the server using the ISQL/w program.

◆ Add login accounts using the Microsoft SQL Enterprise Manager.On the Microsoft SQL Server, you can run the SQL Enterprise Manager to add login accounts. When first entering the SQL Enterprise Manager, you may be prompted for the SQL server that you want to manage.

You can register servers by entering the machine name, user name, and password. If these names are correct, the server becomes registered and you are then able to click an icon for the server. When you expand the subtree for the server, there is an icon for login accounts.

Beneath this subtree, you can find the SQL logins. Here, you can change passwords or add new logins by right-clicking the Logins icon. Click this icon to access the Add login option. After you open this option, type the user name and password for the new login, as well as which databases the login is allowed to access. You must grant the test account access to the database you specify in the EAV configuration.


Chapter 10

NNTP

You use an NNTP type of monitor to check the status of Usenet News traffic. The check is successful if the monitor retrieves a newsgroup identification line from the server. An NNTP monitor requires a newsgroup name (for example, alt.cars.mercedes) and, if necessary, a user name and password.

The following list shows the settings and default values of an NNTP-type monitor:

• Name: my_nntp

• Type: NNTP





• Newsgroup: "" (empty)



• Debug: No

Oracle

With an Oracle type of monitor, you can check the status of an Oracle database server. The check is successful if the monitor is able to connect to the server, log in as the indicated user, and log out.

The following list shows the settings and default values of an Oracle-type monitor:

• Name: my_oracle

• Type: Oracle







• Database: "" (empty)

• Receive Row: "" (empty)

• Receive Column: "" (empty)



• Debug: No

10 - 20


The Send String setting specifies a SQL statement that the Global Traffic Manager system should send to the Oracle server. An example is SELECT * FROM sales.

The Receive String setting is an optional parameter that specifies the value expected to be returned for a specific row and column of the table that the Send String setting retrieved. An example of a Receive String value is SMITH.

In an Oracle type of monitor, the Database setting specifies the name of the data source on the Oracle server. Examples are sales and hr.

The Receive Row setting is optional, and is useful only if the Receive String setting is specified. This setting specifies the row in the returned table that contains the Receive String value.

The Receive Column setting is optional and is useful only if the Receive String setting is specified. This setting specifies the column in the returned table that contains the Receive String value.

POP3

A POP3 type of monitor checks the status of Post Office Protocol (POP) traffic. The check is successful if the monitor is able to connect to the server, log in as the indicated user, and log out. A POP3 monitor requires a user name and password.

The following list shows the settings and default values of a POP3-type monitor:

• Name: my_pop3

• Type: POP3







• Debug: No

RADIUS

Using a RADIUS type of monitor, you can check the status of Remote Access Dial-in User Service (RADIUS) servers. The check is successful if the server authenticates the requesting user. A RADIUS monitor requires a user name, a password, and a shared secret string for the code number.

Note

Servers to be checked by a RADIUS monitor typically require special configuration to maintain a high level of security while also allowing for monitor authentication.


Chapter 10

The following list shows the settings and default values of a RADIUS-type monitor:

• Name: my_radius

• Type: RADIUS

• Interval:10 seconds




• Secret: "" (empty)



• Debug: No

Real Server

A Real Server type of monitor checks the performance of a pool or virtual server that is running the RealSystem Server data collection agent. The monitor then dynamically load balances traffic accordingly. Performance monitors are generally used with dynamic ratio load balancing. For more information on performance monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.

Note

Unlike health monitors, performance monitors do not report on the status of a pool, pool member, or virtual server.

The Global Traffic Manager provides a pre-configured Real Server monitor named real_server. The following list shows the settings and default values of the real_server monitor:

• Name: real_server

• Type: Real Server



• Method: GET

• Command: GetServerStatsMetrics: ServerBandwidth: 1.5, CPUPercentUsage, MemoryUsage, TotalClientCount

• Agent: Mozilla/4.0 (compatible: MSIE 5.0, Windows NT)

10 - 22


Like all pre-configured monitors, the real_server monitor is not user-modifiable. However, if you want to modify the Metrics setting, you can create a custom Real Server monitor, to which you can add metrics and modify metric values.

Note

When creating a custom Real Server monitor, you cannot modify the values of the Method, Command, and Agent settings.

Table 10.2 shows the complete set of server-specific metrics and metric setting default values that apply to the GetServerStats command.

Metric Default Coefficient Default Threshold

ServerBandwidth (Kbps) 1.0 10,000

CPUPercentUsage 1.0 80

MemoryUsage (Kb) 1.0 100,000

TotalClientCount 1.0 1,000

RTSPClientCount 1.0 500

HTTPClientCount 1.0 500

PNAClientCount 1.0 500

UDPTransportCount 1.0 500

TCPTransportCount 1.0 500

MulticastTransportCount 1.0 500

Table 10.2 Metrics for a Real Server monitor


Chapter 10

The metric coefficient is a factor determining how heavily the metric’s value counts in the overall ratio weight calculation. The metric threshold is the highest value allowed for the metric if the metric is to have any weight at all. To understand how to use these values, it is necessary to understand how the overall ratio weight is calculated. The overall ratio weight is the sum of relative weights calculated for each metric. The relative weights, in turn, are based on three factors:

• The value for the metric returned by the monitor

• The coefficient value

• The threshold value

Given these values, the relative weight is calculated as follows:

w=((threshold-value)/threshold)*coefficient

You can see that the higher the coefficient, the greater the relative weight calculated for the metric. Similarly, the higher the threshold, the greater the relative weight calculated for any metric value that is less than the threshold. (When the value reaches the threshold, the weight goes to zero.)

Note that the default coefficient and default threshold values shown in Table 10.2 are metric defaults, not monitor defaults. The monitor defaults take precedence over the metric defaults, just as user-specified values in the custom real_server monitor take precedence over the monitor defaults. For example, the monitor shown specifies a coefficient value of 1.5 for ServerBandwidth and no value for the other metrics. This means that the monitor uses the monitor default of 1.5 for the ServerBandwidth coefficient and the metric default of 1 for the coefficients of all other metrics. However, if a custom monitor my_real_server were configured specifying 2.0 as the ServerBandwidth coefficient, this user-specified value would override the monitor default.

Metric coefficient and threshold are the only non-monitor defaults. If a metric not in the monitor is to be added to the custom monitor, it must be added to the list of metrics for the Metrics setting. The syntax for specifying non-default coefficient or threshold values is:

<metric>:<coefficient |<*>:<threshold>

Scripted

You use the Scripted type of monitor to generate a simple script that reads a file that you create. The file contains send and expect strings to specify lines that you want to send or that you expect to receive. For example, Figure

10 - 24


10.1 shows a sample file that you could create, which specifies a simple SMTP sequence. Note that the lines of the file are always read in the sequence specified.

Using a Scripted monitor, you can then generate a script that acts on the above file. When the Scripted monitor script reads this file, the script examines each line, and if the line has no quotation marks, the line is sent or expected as is. If the line is surrounded by quotation marks, the script strips off the quotation marks, and examines the line for escape characters, treating them accordingly.

The following list shows the settings and default values of a Scripted-type monitor:

• Name: scripted

• Type: Scripted



• File name: "" (empty)



• Debug: No

Note

When you create a file containing send and expect strings, store the file in the directory /config/eav.

SIP

You use a SIP type of monitor to check the status of SIP Call-ID services. This monitor type uses UDP to issue a request to a server device. The request is designed to identify the options that the server device supports. If the proper request is returned, the device is considered to be up and responding to commands.

The following list shows the settings and default values of a SIP-type monitor:

• Name: my_sip

• Type: SIP



expect 220send “HELLO bigip1.siterequest.com\r\n”expect “250”send “quit\r\n

Figure 10.1 A sample file specifying an SMTP sequence


Chapter 10

• Mode: UDP

• Additional Accepted Status Codes: None

• Status Code List: "" (empty)



• Debug: No

Possible values for the Mode setting are TCP and UDP.

Possible values for the Additional Accepted Status Codes setting are Any, None, and Status Code List. The Status Code List setting specifies one or more status codes, in addition to status code 200, that are acceptable in order to indicate an up status. Multiple status codes should be separated by spaces. Specifying an asterisk (*) indicates that all status codes are acceptable.

SMTP

An SMTP type of monitor checks the status of Simple Mail Transport Protocol (SMTP) servers. This monitor type is an extremely basic monitor that checks only that the server is up and responding to commands. The check is successful if the mail server responds to the standard SMTP HELO and QUIT commands. An SMTP-type monitor requires a domain name.

The following list shows the settings and default values of an SMTP-type monitor:

• Name: my_smtp

• Type: SIP



• Domain: "" (empty)




• Debug: No

SNMP

With an SNMP type of monitor, you can check the performance of a server running an SNMP agent such as UC Davis, for the purpose of load balancing traffic to that server. This monitor conducts an SNMP query for a specific number of times, counting the number of times the query is successful. If the number of successful queries matches the number that you set when configuring the monitor, the Global Traffic Manager considers the resource available.

10 - 26


Performance monitors are generally used with dynamic ratio load balancing. For more information on performance monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.

Note

Unlike health monitors, performance monitors do not report on the status of a pool, pool member, or virtual server; they report on the status of the server itself. The exception to this is when you assign the monitor to a Cisco, Alteon, Extreme, or Radware server. In those situations, the monitor can obtain availability information on the virtual servers associated with that server. On Foundry servers, you can only obtain admin status of the virtual server.

The Global Traffic Manager provides a pre-configured SNMP monitor named snmp_gtm. The following list shows the settings and values of the snmp_gtm pre-configured monitor:

• Name: snmp_gtm

• Type: SNMP




• Probe Timeout; 1 second



• Community: public

• Version: v1



Pre-configured monitors are not user-modifiable. Thus, if you want to change the values for the SNMP monitor settings, you must create an SNMP-type custom monitor. Possible values for the Version setting are v1, v2c, and Other.

Using the SNMP monitor on third-party servers

If you want to assign the SNMP monitor to a non-BIG-IP server, that server must have at least one virtual server assigned to it. The SNMP monitor cannot probe third-party servers that do not have any virtual servers configured.

If you want to use the AutoDiscovery feature on a non-BIG-IP server in conjunction with an SNMP monitor, first ensure that the server has at least one virtual server configured, then assign the monitor and activate AutoDiscovery.


Chapter 10

SNMP Link

You use an SNMP Link type of monitor to check the performance of links that are running an SNMP agent.

The Global Traffic Manager system provides a pre-configured SNMP monitor named snmp_link. The following list shows the settings and values of the snmp_link pre-configured monitor:

• Name: snmp_link

• Type: SNMP Link




• Probe Timeout; 1 second





Performance monitors are generally used with dynamic ratio load balancing. For more information on performance monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.

Note

Unlike health monitors, performance monitors do not report on the status of pool, pool member, or virtual server.

Pre-configured monitors are not user-modifiable. Thus, if you want to change the values for the SNMP Link monitor settings, you must create an SNMP Link-type custom monitor.

SOAP

A SOAP monitor tests a Web service based on the Simple Object Access protocol (SOAP). More specifically, the monitor submits a request to a SOAP-based Web service, and optionally, verifies a return value or fault. The following list shows the settings and default values of a SOAP-type monitor:

• Name: my_soap

• Type: SOAP





• Protocol: HTTP

10 - 28


• URL Path: "" (empty)

• Namespace: "" (empty)

• Method: "" (empty)

• Parameter Name: "" (empty)

• Parameter Type: bool

• Parameter Value: "" (empty)

• Return Type: bool

• Expect Fault: No



Possible values for the Protocol setting are HTTP and HTTPS.

Possible values for the Parameter Type setting are: bool, int, long, and string.

Possible values for the Return Type setting are: bool, int, short, long, float, double, and string.

Possible values for the Expect Fault setting are No and Yes.

UDP

You use a UDP type of monitor when the system is sending User Datagram Protocol (UDP) packets. Designed to check the status of a UDP service, a UDP-type monitor sends one or more UDP packets to a target pool, pool member, or virtual server.

The following list shows the settings and default values of a UDP-type monitor.

• Name: my_udp

• Type: UDP



• Send String: default send string

• Send Packets: 2

• Timeout Packets: 2



As shown in this list, the value in seconds of the Timeout Packets setting should be lower than the value of the Interval setting.


Chapter 10

When using a UDP-type monitor to monitor a pool or virtual server, you must also enable another monitor type, such as ICMP, to monitor the pool or virtual server. Until both a UDP-type monitor and another type of monitor to report the status of the UDP service as up, the UDP service receives no traffic. See Table 10.3 for details.

WAPYou use a WAP monitor to monitor Wireless Application Protocol (WAP) servers. The common usage for the WAP monitor is to specify the Send String and Receive String settings only. The WAP monitor functions by requesting a URL (the Send String setting) and finding the string in the Receive String setting somewhere in the data returned by the URL response. The following list shows the settings and default values of a WAP-type monitor:

• Name: my_wap

• Type: WAP





• Secret: "" (empty)

• Accounting Node: "" (empty)

• Accounting Port: "" (empty)

• Server ID: "" (empty)

• Call ID: "" (empty)

• Session ID: "" (empty)

• Framed Address: "" (empty)



• Debug: No

If a UDP monitor reports status as

And another monitor reports status as

Then the UDP service is

up up up

up down down

down up down

down down down

Table 10.3 Determining status of the UDP service

10 - 30


The Secret setting is the RADIUS secret, a string known to both the client and the RADIUS server, and is used in computing the MD5 hash.

The Accounting Node setting specifies the RADIUS resource. If this a null string and RADIUS accounting has been requested (accounting port is non-zero), then the WAP server resource is assumed to also be the RADIUS resource.

If set to non-zero, the Accounting Port setting requests RADIUS accounting and uses the specified port.

The Server ID setting specifies the RADIUS NAS-ID of the requesting server (that is, the BIG-IP system). It is a string used as an alias for the FQDN. See the section on testing WAP_monitor just below.

The Call ID setting is an identifier similar to a telephone number, that is, a string of numeric characters. For testing purposes, this value is usually a string of eleven characters.

The Session ID setting is a RADIUS session ID, used to identify this session. This is an arbitrary numeric character string, often something like 01234567.

The Framed Address setting is a RADIUS framed IP address. The setting has no special use and is usually specified simply as 1.1.1.1.

RADIUS accounting is optional. To implement RADIUS accounting, you must set the accounting port to a non-zero value. If you set the Accounting Port setting to a non-zero value, then the monitor assumes that RADIUS accounting is needed, and an accounting request is sent to the specified accounting node and port to start accounting. This is done before the URL is requested. After the successful retrieval of the URL with the correct data, an accounting request is sent to stop accounting.

WMI

A WMI type of monitor checks the performance of a pool or virtual server that is running the Windows Management Infrastructure (WMI) data collection agent and then dynamically load balances traffic accordingly.

You generally use performance monitors such as a WMI monitor with dynamic ratio load balancing. For more information on performance monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.

Note

Unlike health monitors, performance monitors do not report on the status of a pool, pool member, or virtual server.

The following list shows the settings and default values of a WMI-type monitor:

• Name: my_wmi

• Type: WMI


Chapter 10





• Method: POST

• URL: /scripts/F5lsapi.dll

• Command: GetCPUInfo, GetDiskInfo, GetOSInfo

• Metrics: LoadPercentage, DiskUsage, PhsyicalMemoryUsage

• Agent: Mozilla/4.0 (compatible: MSIE 5.0; Windows NT)

• Post: RespFormat=HTML

• Debug: No

Note that when creating a custom WMI monitor, the only default values that you are required to change are the null values for user name and password. Also note that you cannot change the value of the Method setting.

Table 10.4 shows the complete set of commands and metrics that you can specify with the Command and Metrics settings. Also shown are the default metric values.

Command MetricDefault Coefficient

Default Threshold

GetCPUInfo LoadPercentage (%) 1.0 80

GetOSInfo PhysicalMemoryUsage (%) 1.0 80

VirtualMemoryUsage (%) 1.0 80

NumberRunningProcesses 1.0 100

GetDiskInfo DiskUsage (%) 1.0 90

GetPerfCounters TotalKBytesPerSec 1.0 10,000

ConnectionAttemptsPerSec 1.0 500

CurrentConnections 1.0 500

GETRequestsPerSec 1.0 500

PUTRequestsPerSec 1.0 500

POSTRequestsPerSec 1.0 500

AnonymousUsersPerSec 1.0 500

CurrentAnonymousUsers 1.0 500

Table 10.4 WMI-type monitor commands and metrics

10 - 32


NonAnonymousUsersPerSec 1.0 500

CurrentNonAnonymousUser 1.0 500

CGIRequestsPerSec 1.0 500

CurrentCGIRequests 1.0 500

ISAPIRequestsPerSec 1.0 500

CurrentISAPIRequests 1.0 500

GetWinMediaInfo AggregateReadRate 1.0 10,000Kbps

AggregateSendRate 1.0 10,000Kbps

ActiveLiveUnicastStreams 1.0 1000

ActiveStreams 1.0 1000

ActiveTCPStreams 1.0 1000

ActiveUDPStreams 1.0 1000

AllocatedBandwidth 1.0 10,000Kbps

AuthenticationRequests 1.0 1000

AuthenticationsDenied 1.0 100

AuthorizationRequests 1.0 1000

AuthorizationsRefused 1.0 100

ConnectedClients 1.0 500

ConnectionRate 1.0 500

HTTPStreams 1.0 1000

HTTPStreamsReadingHeader 1.0 500

HTTPStreamsStreamingBody 1.0 500

LateReads 1.0 100

PendingConnections 1.0 100


Default Threshold



Chapter 10

PluginErrors 1.0 100

PluginEvents 1.0 100

SchedulingRate 1.0 100

StreamErrors 1.0 100

StreamTerminations 1.0 100

UDPResendRequests 1.0 100

UDPResendsSent 1.0 100


Default Threshold


10 - 34


Special configuration considerationsEvery pre-configured or custom monitor has settings with some default values assigned. The following sections contain information that is useful when changing these default values.

Setting destinationsBy default, the value for the Alias Address setting for most monitors is set to the wildcard * Addresses, and the Alias Service Port setting is set to the wildcard * Ports (exceptions to this rule are the WMI and Real Server monitors). This value causes the monitor instance created for a pool or virtual server to take that resource’s address or address and port as its destination. You can, however, replace either or both wildcard symbols with an explicit destination value, by creating a custom monitor. An explicit value for the Alias Address and/or Alias Service Port setting is used to force the instance destination to a specific address and/or port which may not be that of the pool or virtual server.

The ECV monitors http, https, and tcp have the settings Send String and Receive String for the send string and receive expression, respectively.

The most common Send String value is GET /, which retrieves a default HTML page for a web site. To retrieve a specific page from a web site, you can enter a Send String value that is a fully qualified path name:

"GET /www/support/customer_info_form.html"

The Receive String expression is the text string the monitor looks for in the returned resource. The most common Receive String expressions contain a text string that is included in a particular HTML page on your site. The text string can be regular text, HTML tags, or image names.

The sample Receive expression below searches for a standard HTML tag:

"<HEAD>"

You can also use the default null Receive String value [""]. In this case, any content retrieved is considered a match. If both the Send String and Receive String are left empty, only a simple connection check is performed.

For HTTP monitors, you can use the special settings get or hurl in place of Send String and Receive String statements, respectively.

Using transparent and reverse modesThe normal and default behavior for a monitor is to ping the destination pool or virtual server by an unspecified route, and to mark the resource up if the test is successful. However, with certain monitor types, you can specify a route through which the monitor pings the destination server. You configure this by specifying the Transparent or Reverse setting within a custom monitor.


Chapter 10

◆ Transparent settingSometimes it is necessary to ping the aliased destination through a transparent pool or virtual server. When you create a custom monitor and set the Transparent setting to Yes, the Global Traffic Manager forces the monitor to ping through the pool or virtual server with which it is associated (usually a firewall) to the pool or virtual server. (In other words, if there are two firewalls in a load balancing pool, the destination pool or virtual server is always pinged through the pool or virtual server specified and not through the pool or virtual server selected by the load balancing method.) In this way, the transparent pool or virtual server is tested: if there is no response, the transparent pool or virtual server is marked as down.

Common examples are checking a router, or checking a mail or FTP server through a firewall. For example, you might want to check the router address 10.10.10.53:80 through a transparent firewall 10.10.10.101:80. To do this, you create a monitor called http_trans in which you specify 10.10.10.53:80 as the monitor destination address, and set the Transparent setting to Yes. Then you associate the monitor http_trans with the transparent firewall (10.10.10.101:80).

This causes the monitor to check the address 10.10.10 53:80 through 10.10.10.101:80. (In other words, the Global Traffic Manager routes the check of 10.10.10.53:80 through 10.10.10.101:80.) If the correct response is not received from 10.10.10.53:80, then 10.10.10.101:80 is marked down. For more information on associating monitors with virtual servers, see Associating monitors with resources, on page 10-37.

◆ Reverse settingIn most monitor settings, the Global Traffic Manager considers the resource available when the monitor successfully probes it. However, in some cases you may want the resource to be considered unavailable after a successful monitor test. You accomplish this configuration with the Reverse setting. With the Reverse setting set to Yes, the monitor marks the pool or virtual server down when the test is successful. For example, if the content on your web site home page is dynamic and changes frequently, you may want to set up a reverse ECV service check that looks for the string: Error. A match for this string means that the web server was down.

Figure 10.5 shows the monitors that contain the Transparent setting, the Reverse setting, or both.

Monitor Type Setting

TCP Transparent Reverse

HTTP Transparent Reverse

Reverse

Table 10.5 Monitors that contain the Transparent or Reverse settings

10 - 36


Associating monitors with resourcesOnce you have created a monitor and configured its settings, the final task is to associate the monitor with the resources to be monitored. The resources can be either a pool or virtual server, depending on the monitor type.

When you associate a monitor with a server, the Global Traffic Manager automatically creates an instance of that monitor for that server. A monitor association thus creates an instance of a monitor for each server that you specify. Therefore, you can have multiple instances of the same monitor running on your servers.

The Configuration utility allows you to disable an instance of a monitor that is running on a server. This allows you to suspend health or performance checking, without having to actually remove the monitor association. When you are ready to begin monitoring that server again, you simply re-enable that instance of the monitor.

Types of monitor associationsSome monitor types are designed for association with virtual servers only, while other monitor types are intended for association with pools only. Therefore, when you use the Configuration utility to associate a monitor with a pool or virtual server, the utility displays only those pre-configured monitors that are designed for association with that server. For example, you cannot associate the monitor icmp with a pool, since the icmp monitor is designed to check the status of a virtual server itself and not any service running on that resource.

The types of monitor associations are:

◆ Monitor-to-pool associationThis type of association links a monitor with an entire load balancing pool. In this case, the monitor checks all members of the pool. For example, you can create an instance of the monitor http for the pool my_pool, thus ensuring that all members of that pool are checked.

◆ Monitor-to-pool member associationThis type of association links a monitor with a pool member within a given pool. For example, you can create an instance of the monitor FTP for specific pools within the pool my_pool, ensuring that only specific pool members are verified as available through the FTP monitor.

TCP Echo Transparent

ICMP Transparent

Monitor Type Setting

Table 10.5 Monitors that contain the Transparent or Reverse settings


Chapter 10

◆ Monitor-to-virtual server associationThis type of association links a monitor with a specific virtual server. In this case, the monitor checks only the virtual server itself, and not any services running on that virtual server. For example, you can create an instance of the monitor icmp for virtual server 10.10.10.10. In this case, the monitor checks the specific virtual server only, and not any services running on that virtual server.

10 - 38


Managing monitorsThe procedures for adding and removing monitors is specific to the resource. See Chapter 5, Defining the Physical Network, and Chapter 6, Defining the Logical Network for information on adding and removing monitors from a resource.

In addition to adding and removing monitors from network resources, you can interact with monitors in the following ways:

• Displaying monitor settings

• Deleting monitors

• Enabling and disabling monitor instances

Displaying monitor settingsBecause you can create a large number of monitors to accurately track the performance and availability of your network resources, it is helpful to view monitor settings to determine if a given monitor is the correct one for a given resource.

To display a monitor


2. Click a monitor name.The properties screen of the monitor opens.

Deleting monitorsIn the event that your configuration of the Global Traffic Manager no longer requires a specific monitor, you can delete the monitor. You cannot delete a monitor that has one or more instances assigned to resources on your network. See Chapter 5, Defining the Physical Network, and Chapter 6, Defining the Logical Network for information on adding and removing monitors from a resource.

To delete a monitor


2. Check the Select box for the monitor that you want to delete.

3. Click the Delete button.A confirmation message opens.

4. Click the Delete button to delete the monitor.


Chapter 10

Enabling and disabling monitor instancesWhen you add a monitor to a resource, the Global Traffic Manager creates a copy of that monitor, or instance, and assigns it to that resource. You can enable or disable these instances as needed. For example, if you wanted to temporarily suspend the monitoring of a given virtual server that is undergoing maintenance, you can disable the monitor for that virtual server and then re-enable it when the maintenance is complete.

To enable or disable a monitor instance


2. Click a monitor name in the list.The properties screen for the monitor opens.

3. On the menu bar, click Instances.The monitor instance screen opens.

4. For the instance you want to manage, check the Select box.

5. Click the Enable or Disable button, as appropriate.


10 - 40

11

Viewing Statistics

• Introducing statistics

• Accessing statistics

• Viewing the Status Summary screen

• Understanding the types of statistics

• Understanding persistence records

Viewing Statistics

Introducing statisticsOne of the most important aspects to managing a network is timely access to accurate information on network performance. This information can verify that the Global Traffic Manager is handling your name resolution requests as efficiently as possible, as well as provide data on the overall performance of a specific resource, such as a data center or distributed application.

The Global Traffic Manager gathers statistical data on multiple aspects of your network. You access these statistics through the statistics screen. The types of statistics you can select from this screen include:

• A summary of network components, as defined in the Global Traffic Manager


• Wide IPs

• Pools

• Data centers

• Links

• Servers

• Virtual servers

• iRules

• Paths

• Local DNS

In addition, the Global Traffic Manager also contains persistence records. A persistence record provides information on network load balancing when the persistence option is enabled for a given pool or virtual server. This option ensures that the Global Traffic Manager sends name resolution from the same source within a given session to the same resource on your network.

The Global Traffic Manager gathers statistics through a software component called the big3d agent. This agent is responsible for managing the various monitors that you assign to your network components, and returning statistics based on those monitors back to the Global Traffic Manager.

Statistics are often paired with metrics collection; however, the two have different roles. Statistics pertain to a broad set of data that focuses on how often a given set of resources are used and how well those resources are performing. Metrics collection, on the other hand, focuses specifically on data that relates to overall communication between the Global Traffic Manager and a Local DNS. Unlike statistics, metrics collection is designed to provide performance data, as opposed to usage or historical data. See Chapter 12, Collecting Metrics for more information on metrics.


Chapter 11

Accessing statisticsYou can access Global Traffic Manager statistics in two ways:

• Through the Statistics option on the Main tab of the navigation pane

• Through the Statistics menu from various main screens for different components

Both methods bring you to the same screen within the Global Traffic Manager. When you access statistics through a menu on the main screen for a given network component, the Statistics screen is pre-configured for the given network element, although you can switch to a different set of statistics at any time.

To access statistics through the Main tab

1. On the Main tab of the navigation pane, expand Overview and then click Statistics.The Statistics screen opens.

2. From the Statistics Type list, select the type of statistics you want to view.These statistics are described in later sections of this chapter.

3. Select the data format in which you want to view the statistics:

• If you select Normalized, the Global Traffic Manager rounds the data to the nearest digit.

• If you select Unformatted, the Global Traffic Manager displays the exact value to as many decimal places as the value requires.

4. From the Auto Refresh list, select the frequency at which the Global Traffic Manager refreshes data on the screen.If you select Disabled from this list, the system does not refresh the screen; instead, you can click the Refresh button to update the screen with the latest statistical data.

To access statistics through a component’s main screen

1. On the Main tab of the navigation pane, expand Global Traffic and click a component, such as Wide IPs.The main screen for the component opens.

2. On the menu bar, click Statistics.The Statistics screen opens. This screen is pre-configured to display statistics relevant to the component.

3. Select the data format in which you want to view the statistics:

• If you select Normalized, the Global Traffic Manager rounds the data to the nearest digit.

• If you select Unformatted, the Global Traffic Manager displays the exact value to as many decimal places as the value requires.

11 - 2

Viewing Statistics

4. From the Auto Refresh list, select the frequency at which the Global Traffic Manager refreshes data on the screen.If you select Disabled from this list, the system does not refresh the screen; instead, you can click the Refresh button to update the screen with the latest statistical data.

Viewing the Status Summary screenAs you track the performance of your data centers, virtual servers, and other resources, you may find it helpful to have a single screen in which you can get a snapshot of overall resource availability. In the Global Traffic Manager, you can view this data through the Status Summary screen.

The Status Summary screen consists of a Global Traffic Summary table that contains the following information:

◆ Object TypeThe Object Type column describes the specific resource type. These types are: distributed application, wide IPs, pools, data centers, links, and servers.

◆ TotalThe Total column describes the total number of resources of the type corresponding to the Object Type column, regardless of whether the resource is available.

◆ AvailableThe Available column describes the total number of resources of the type corresponding to the Object Type column that the Global Traffic Manager could verify as available.

◆ UnavailableThe Unavailable column describes the total number of resources of the type corresponding to the Object Type column that the Global Traffic Manager could verify as unavailable.

◆ OfflineThe Offline column describes the total number of resources of the type corresponding to the Object Type column that the Global Traffic Manager could verify as offline.

◆ UnknownThe Available column describes the total number of resources of the type corresponding to the Object Type column that the Global Traffic Manager could verify as available.

Each value within the Total, Available, Unavailable, Offline, and Unknown columns is a link. When you click the link, you access the main screen for that resource, with the list of resources filtered to show only those resources with the corresponding status. For example, if the Available column for data centers has a value of 5, clicking the 5 brings up a filtered main screen for data centers that shows only the five data centers that are available.


Chapter 11

Understanding the types of statisticsYou can view a variety of statistics through the Global Traffic Manager, including:

◆ Distributed applicationsThe statistics for distributed applications provide you with information on what distributed applications exist, what wide IPs make up that application, and how the Global Traffic Manager has load balanced traffic to the application.

◆ Wide IPsThe statistics for wide IPs provide you with information on what wide IPs exist and how the Global Traffic Manager has load balanced traffic to the wide IP.

◆ PoolsThe statistics for pools provide details on how the Global Traffic Manager has load balanced traffic to each pool.

◆ Data centersThe statistics for data centers revolve around the amount of traffic flowing to and from each data center.

◆ LinksThe statistics for links focus on how much traffic is flowing in and out through a specific link to the Internet.

◆ ServersThe statistics for servers display the amount of traffic flowing to and from each server.

◆ Virtual serversThe statistics for virtual servers provide information on the amount of traffic flowing to and from each virtual server.

◆ PathsThe statistics for paths provide information on how quickly traffic moves between a Local DNS and a resource for which the Global Traffic Manager is responsible.

◆ Local DNSThe statistics for local DNS servers provide location details related to the different Local DNS servers that communicate with the Global Traffic Manager.

Distributed application statisticsThe Global Traffic Manager captures several statistics related to the performance of a distributed application. You can use these statistics to see how many resolution requests have been sent for the application, and how the Global Traffic Manager has load balanced these requests. You can

11 - 4

Viewing Statistics

access the wide IP statistics by selecting Distributed Applications from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 11-2.

As an example of distributed application statistics, consider the fictional company SiteRequest. The IT department at SiteRequest has a distributed application, downloader, which contains multiple wide IPs associated with the viewing and downloading of SiteRequest applications. The wide IPs in the downloader application use the Global Availability load balancing mode. This mode sends all name resolution requests for this wide IP to a specific pool until that pool is unavailable. Because the distributed application is critical to SiteRequest’s operations, the IT department wants to track traffic to the application and ensure that it is being managed effectively. The distributed applications statistics provide the IT department the information they need to see how many requests are being sent for the application, allowing them to plan additional resource allocations more effectively.

The distributed application statistics screen consists of a Distributed Application Statistics table. This table contains the following information:

◆ StatusThe Status column indicates the current status of the wide IP. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle.

◆ Distributed ApplicationThe Distributed Application column displays the name of an application for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the distributed application opens.

◆ MembersThe Members column provides a link that opens a wide IP details screen for the distributed application. This screen displays load balancing statistics for each pool within the distributed application. You can return to the main distributed application statistics screen by clicking the Back button in the Display Options area of the screen.

◆ RequestsThe Requests column displays the cumulative number of DNS requests sent to the distributed application.

◆ Load BalancingThe Load Balancing column provides information on how the Global Traffic Manager load balanced connection requests to this resource. This column consists of four subcolumns:

• The Preferred subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the preferred load balancing method.

• The Alternate subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the alternate load balancing method.


Chapter 11

• The Fallback subcolumn displays the cumulative number of requests that the Global Traffic Manager load balanced with the Fallback load balancing method.

• The Returned to DNS subcolumn displays the cumulative number of requests that the Global Traffic Manager could not resolve and returned to the Domain Name Server (DNS).

Wide IP statisticsThe Global Traffic Manager captures several statistics related to the performance of a wide IP. These statistics primarily focus on how many resolution requests have been sent for the wide IP, and how the Global Traffic Manager has load balanced these requests. You can access the wide IP statistics by selecting Wide IPs from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 11-2.

As an example of wide IP statistics, consider the fictional company SiteRequest. The IT department at SiteRequest has a wide IP, www.siterequest.com, which uses the Global Availability load balancing mode. This mode sends all name resolution requests for this wide IP to a specific pool until that pool is unavailable. Because the wide IP, www.siterequest.com, is critical to SiteRequest’s operations, the IT department wants to track traffic to the wide IP and ensure that the primary pool is not at risk of getting overloaded. The wide IP statistics provide the IT department the information they need to see how many requests are being sent for the wide IP, allowing them to plan additional resource allocations more effectively.

The wide IP statistics screen consists of a Wide IP Statistics table. This table contains the following information:

◆ StatusThe Status column indicates the current status of the wide IP. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle.

◆ Wide IPThe Wide IP column displays the name of a wide IP for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the wide IP opens.

◆ PoolsThe Pools column provides a link that opens a pool details screen for the wide IP. This screen displays load balancing statistics for each pool within the wide IP. You can return to the main wide IP statistics screen by clicking the Back button in the Display Options area of the screen.

◆ RequestsThe Requests column displays the cumulative number of DNS requests sent to the wide IP.

11 - 6

Viewing Statistics

◆ Requests PersistedThe Requests Persisted column displays the cumulative number of requests that persisted. Persisted requests use the same pool during a connection session.






Pool statisticsThe Pool statistics available through the Global Traffic Manager focus on how the Global Traffic Manager has load balanced name resolution requests. You can access the pool statistics by selecting Pools from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 11-2.

As an example of pool statistics, consider the fictional company SiteRequest. The IT department at SiteRequest has a wide IP, www.siterequest.com, which contains pools that use the dynamic load balancing mode, Quality of Service. This mode acquires statistical data on response times between the Global Traffic Manager and a Local DNS server sending a name resolution request. There has been some concern of late as to how well this new load balancing mode is working and if the Global Traffic Manager is able to gather the statistical information it needs to load balance with this mode, or if it has to resort to an alternate or fallback method. By using the pool statistics screen, the IT department can track how many name resolution requests are load balanced using the preferred Quality of Service method, and how many are load balanced using another method.


Chapter 11

The pool statistics screen consists of a Pool Statistics table. This table contains the following information:

◆ StatusThe Status column indicates the current status of the pool. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle.

◆ PoolThe Pool column displays the name of a wide IP for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the pool opens.

◆ MembersThe Members column provides a link that opens a virtual server details screen for the pool. This screen displays connection statistics for each virtual server within the pool, including the number of times the virtual server was selected for a name resolution request and the amount of traffic flowing from and to the virtual server. You can return to the main wide IP statistics screen by clicking the Back button in the Display Options area of the screen.






Data center statisticsData center statistics revolve around the amount of traffic flowing to and from each data center. This information can tell you if your resources are distributed appropriately for your network. You can access the data center statistics by selecting Data Centers from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 11-2.

11 - 8

Viewing Statistics

As an example of how the statistics for data centers can help you manage your network resources, consider the fictional company SiteRequest. SiteRequest has decided that its New York data center should handle all name resolution requests originating in North America. However, since a new marketing campaign started in the United States and the IT department is concerned it might overload the data center. By using the data center statistics, the IT department can track the overall amount of traffic that the New York data center is handling, allowing them to make adjustments to their load balancing methods in a timely manner.

The data center statistics screen consists of a Data Center Statistics table. This table contains the following information:

◆ StatusThe Status column indicates the current status of the data center. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle.

◆ Data CenterThe Data Center column displays the name of a data center. Each name appears as a link. When you click the link, the properties screen for the data center opens.

◆ ServersThe Servers column provides a link that opens a server details screen for the data center. This screen displays connection statistics for each server at a data center, including the number of times the server was selected for a name resolution request and the amount of traffic flowing from and to the server. You can return to the main data center statistics screen by clicking the Back button in the Display Options area of the screen.

◆ ConnectionsThe Connections column displays the cumulative number of requests that the Global Traffic Manager resolved using a resource from the corresponding data center.

◆ Throughput (bits/sec)The Throughput (bits/sec) column contains two subcolumns:

• The In column displays the cumulative number of bits per second sent to the data center.

• The Out column displays the cumulative number of bits per second sent from the data center.

◆ Throughput (packets/sec)The Throughput (packets/sec) column contains two subcolumns:

• The In column displays the cumulative number of packets per second sent to the data center.

• The Out column displays the cumulative number of packets per second sent from the data center.


Chapter 11

Link statisticsLink statistics focus on how much traffic is flowing in and out through a specific link to the Internet. This information can help you prevent a link from getting over-used, saving your organization from higher bandwidth costs. You can access the link statistics by selecting Links from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 11-2.

As an example of how the statistics for data centers can help you manage your network resources, consider the fictional company SiteRequest. SiteRequest has two links with two different Internet Service Providers (ISPs). The primary ISP is paid in advance for a specific amount of bandwidth usage. This allows SiteRequest to save money, but if the bandwidth exceeds the prepaid amount, the costs increase considerably. As a result, the IT department uses a second ISP, which has a slower connection but considerably lower costs. By using the links statistics, the IT department can ensure that links to the Internet are used as efficiently as possible.

The link statistics screen consists of a Link Statistics table. This table contains the following information:

◆ StatusThe Status column indicates the current status of the link. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle.

◆ LinkThe Link column displays the name of a link for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the link opens.

◆ Throughput (bits/sec)The Throughput (bits/sec) column contains four subcolumns:

• The In column displays the cumulative number of bits per second sent to the data center.

• The Out column displays the cumulative number of bits per second sent from the data center.

• The Total column displays the cumulative number of both incoming and outgoing bits per second for the link.

• The Over Prepaid displays the amount of traffic, in bits per second, that has exceeded the prepaid traffic allotment for the link.

In addition to viewing the link data as a table, you can also view it in a graph format. To use this format, click the Graph button. A graph screen opens, which shows the amount of traffic used over time. You can change the amount of time shown in the graph by selecting a value from the Graph Interval list, located in the Display Options area of the screen.

11 - 10

Viewing Statistics

Server statisticsWith Server statistics, you can analyze the amount of traffic flowing to and from each server. This information can tell you if your resources are distributed appropriately for your network. You can access the server statistics by selecting Servers from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 11-2.

As an example of how the statistics for servers can help you manage your network resources, consider the fictional company SiteRequest. The IT department at SiteRequest is considering whether it needs a few more servers to better manage name resolution requests; however, there is some debate as to whether the servers should be consolidated at the New York data center (which the New York team would prefer) or spread out over all of the data centers. It is also possible that an under-utilized server at one data center might be moved to another data center. By using the server statistics, the IT department can look at how much traffic is handled by each server, giving them the information they need to decide where these new servers, if any, should go.

The server statistics screen consists of a Server Statistics table. This table contains the following information:

◆ StatusThe Status column indicates the current status of the server. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle.

◆ ServerThe Server column displays the name of a server for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the server opens.

◆ Virtual ServersThe Virtual Servers column provides a link that opens a virtual server details screen for the server. This screen displays connection statistics for each virtual server at a data center, including the number of times the virtual server was selected for a name resolution request and the amount of traffic flowing from and to the server. You can return to the main data center statistics screen by clicking the Back button in the Display Options area of the screen.

◆ PicksThe Picks column displays the cumulative number of times the Global Traffic Manager picked a server to handle a name resolution request.




Chapter 11

• The In column displays the cumulative number of bits per second sent to the server.

• The Out column displays the cumulative number of bits per second sent from the server.


• The In column displays the cumulative number of packets per second sent to the server.

• The Out column displays the cumulative number of packets per second sent from the server.

Virtual server statisticsVirtual server statistics provide information on the amount of traffic flowing to and from each virtual server. This information can tell you if your resources are distributed appropriately for your network. You can access the virtual server statistics by selecting Virtual Servers from the Statistics Type list in the Statistics screen.

As an example of how the statistics for servers can help you manage your network resources, consider the fictional company SiteRequest. SiteRequest recently added a Local Traffic Manager to their Tokyo data center, and the IT department wants to see how well the new system is handling the traffic and if it can perhaps be utilized to handle traffic for a new wide IP, www.SiteRequestAsia.com. After installing the Local Traffic Manager and adding it to the Global Traffic Manager as a server, the IT department can use the virtual server statistics to monitor the performance of the virtual servers that compose the new Local Traffic Manager, allowing them to determine if more resources are required for the new wide IP.

The server statistics screen consists of a Virtual Server Statistics table. This table contains the following information:

◆ StatusThe Status column indicates the current status of the server. The available status types are: Available, Unavailable, Offline, and Unknown. Each status type is represented by a symbol; for example, the available status type is represented by a green circle.

◆ Virtual ServerThe Virtual Server column displays the name of a virtual server for which the Global Traffic Manager is responsible. Each name appears as a link. When you click the link, the properties screen for the virtual server opens.

◆ ServerThe Servers column provides a link that opens a server details screen for the data center. This screen displays connection statistics for each server at a data center, including the number of times the server was selected for

11 - 12

Viewing Statistics

a name resolution request and the amount of traffic flowing from and to the server. You can return to the main data center statistics screen by clicking the Back button in the Display Options area of the screen.

◆ PicksThe Picks column displays the cumulative number of times the Global Traffic Manager picked a server to handle a name resolution request.



• The In column displays the cumulative number of bits per second sent to the server.

• The Out column displays the cumulative number of bits per second sent from the server.


• The In column displays the cumulative number of packets per second sent to the server.

• The Out column displays the cumulative number of packets per second sent from the server.

Paths statisticsThe paths statistics captured by the Global Traffic Manager provide information on how quickly traffic moves between a Local DNS and a resource for which the Global Traffic Manager is responsible. Information presented in the paths statistics screen includes details on round trip times (RTT), hops, and completion rates.You can access the paths statistics by selecting Paths from the Statistics Type list in the Statistics screen. For information on accessing the Statistics screen, see Accessing statistics, on page 11-2.

Paths statistics are primarily used when you employ a dynamic load balancing mode for a given wide IP or pool. You can use the information in the Paths statistics to get an overall sense of how responsive your wide IPs are in relation to the Local DNS servers that have been sending name resolution requests to a wide IP.

The paths statistics screen consists of a paths statistics table. This table contains the following information:

◆ Local DNS AddressThe Local DNS Address column displays the IP address of each Local DNS that has sent a name resolution request for a wide IP for which the Global Traffic Manager is responsible.


Chapter 11

◆ LinkThe Link column displays the ISP link that the Global Traffic Manager used to send and receive data from the Local DNS.

◆ Round Trip Time (RTT)The Round Trip Time (RTT) column contains two subcolumns:

• The Current subcolumn displays the current round trip time between the Local DNS and the Global Traffic Manager.

• The Average subcolumn displays the average round trip time between the Local DNS and the Global Traffic Manager.

◆ HopsThe Hops column contains two subcolumns:

• The Current subcolumn displays the current number of hops between the Local DNS and the Global Traffic Manager.

• The Average subcolumn displays the average number of hops between the Local DNS and the Global Traffic Manager.

◆ Completion RateThe Completion Rate column contains two subcolumns:

• The Current subcolumn displays the current completion rate of transactions between the Local DNS and the Global Traffic Manager.

• The Average subcolumn displays the average completion rate of transactions between the Local DNS and the Global Traffic Manager.

◆ Last Probe TimeThe Last Probe Time column displays the last time the Global Traffic Manager probed the Local DNS for metrics data.

Local DNS statisticsThe Local DNS statistics screen provides location details related to the different Local DNSes that communicate with the Global Traffic Manager. These statistics include the geographical location of the Local DNS as well as the last time that Local DNS accessed the Global Traffic Manager.You can access the local DNS statistics by selecting Local DNS from the Statistics Type list in the Statistics screen.

As an example of how the statistics for servers can help you manage your network resources, consider the fictional company SiteRequest. SiteRequest is currently considering whether it needs a new data center in North America to ensure that its customers can access SiteRequest’s Web site as effectively as possible. To help make their decision, the IT department use the Local DNS statistics to see where most of their European traffic is coming from. By using these statistics, the IT department discovers that a high concentration of Local DNS servers accessing SiteRequest are in the southwest United States. This information proves helpful in determining that a new data center in Las Vegas might be appropriate.

11 - 14

Viewing Statistics

The local DNS statistics screen consists of a local DNS statistics table. This table contains the following information:

◆ IP AddressThe IP Address column displays the IP address of each Local DNS that has sent a name resolution request for a wide IP for which the Global Traffic Manager is responsible.

◆ RequestsThe Requests column displays the number of times this Local DNS has made a name resolution request that the Global Traffic Manager handled.

◆ Last AccessedThe Last Accessed column displays the last time the Local DNS attempted a connection to the Global Traffic Manager.

◆ LocationThe Location column contains four subcolumns:

• The Continent subcolumn displays the continent on which the Local DNS resides.

• The Country subcolumn displays the country in which the Local DNS is located.

• The State subcolumn displays the state in which the Local DNS is located.

• The City subcolumn displays the city in which the Local DNS is located.


Chapter 11

Understanding persistence recordsOne of the common methods of modifying name resolution requests with the Global Traffic Manager is to activate persistent connections. A persistent connection is a connection in which the Global Traffic Manager sends name resolution requests from a specific Local DNS to the same set of resources until a time-to-live value has been reached. If you use persistent connections in your configuration of the Global Traffic Manager, you may want to see what persistent connections are currently active on your network. You can access the persistence records by selecting Persistence Records from the Statistics Type list in the Statistics screen.

The persistence records screen consists of a persistence records table. This table contains the following information:

◆ Local DNS AddressThe LDNS Address column displays the IP address of each Local DNS that has sent a name resolution request for a wide IP for which the Global Traffic Manager is responsible.

◆ LevelThe Level column displays the level at which the persistent connection is based. Available types are wide IPs and distributed applications.

◆ DestinationThe Destination column displays the wide IP or distributed application to which the name resolution request was directed.

◆ Target TypeThe Target Type column displays the type of resource on which persistence is based. Examples of target types include data centers, servers, pools, and virtual servers.

◆ Target NameThe Target Name column displays the name of the resource on which persistence is based.

◆ ExpiresThe Expires column displays the time at which the persistence for the given LDNS request expires.

11 - 16

12

Collecting Metrics

• Introducing metrics collection

• Defining metrics

• Assigning probes to local domain name servers

• Configuring TTL and timer values

• Excluding LDNS servers from probes

Collecting Metrics

Introducing metrics collectionIn Chapter 10, Configuring Monitors, we described how the Global Traffic Manager uses specialized software components, called monitors, to capture data regarding the availability of a resource, such as a virtual server. Monitors represent one half of the statistical gathering capabilities of the Global Traffic Manager. The second half, metrics collection, captures data on how well network traffic flows between the Global Traffic Manager and the external Local Domain Name Systems (LDNS) servers and internal resources with which it communicates.

The resources you make available to your users over the Internet are often critical to your organization; consequently, it is vital that these resources are not only available, but highly responsive to your users. Typically, two main criteria determine the responsiveness of a resource: hops and paths. A hop is one point-to-point transmission between a host and a client server in a network. A network path that includes a stop at a network router would have two hops: the first from the client to the router, and the second from the router to the host server. A path is a logical network route between a data center server and a local DNS server.

It is important to remember that hops and paths can differ from each other widely on a per-connection basis. For example, an LDNS might take a long path to reach a specific resource, but require only a few hops to get there. On the other hand, that same LDNS might select a short path, yet have to move between a larger number of routers, increasing the number of hops it takes to reach the resource. It is up to you to determine what thresholds for hops and paths are acceptable for your network, as the needs of each network, and even each application within the same network, can vary widely.

Through the metrics collection capabilities of the Global Traffic Manager, you can accomplish several tasks related to improving the availability and responsiveness of your network applications and resources. You can:

• Define the types of metrics that the Global Traffic Manager collects, and how long the system keeps those metrics before acquiring fresh data.

• Assign probes to LDNS servers that attempt to acquire the metrics information.

• Configure Time-to-Live (TTL) values for your metrics data.

• Exclude specific LDNS servers from Global Traffic Manager probes.

• Implement the Quality of Service load balancing mode, which uses metrics to determine the best resource for a particular name resolution request.


Chapter 12

Defining metricsWhen you decide to use the Global Traffic Manager to collect metrics on the LDNS servers that attempt to access your network resources, you can define the following characteristics:

• The types of metrics collected (either hops, paths, both, or disabled)

• The time-to-live (TTL) values for each metric

• The frequency at which the system updates the data

• The size of a packet sent (relevant for hop metrics only)

• The length of time that can pass before the system times out the collection attempt

• The number of packets sent for each collection attempt

While each of these settings is important, the ones that perhaps require the most planning beforehand are the TTL values. In general, the lower the TTL value, the more often the Global Traffic Manager probes an LDNS. This improves the accuracy of the data, but increases bandwidth usage. Conversely, increasing the TTL value for a metric lowers the bandwidth your network uses, but increases the chance that the Global Traffic Manager is basing its load balancing operations off of stale data

An additional consideration is the number of LDNS servers that the Global Traffic Manager queries. The more LDNS servers that the system queries, the more bandwidth is required to ensure those queries are successful. As you can see, setting the TTL values for metrics collection can require incremental fine-tuning. We recommend that you periodically check the TTL values that you set, and verify that they are appropriate for your network.

To define metrics


2. From the Global Traffic menu, choose Metrics Collection.The metrics collection screen opens.

3. In the Configuration area, assign values to the different metrics-related settings.For detailed information on these settings, please see the online help.

4. Click the Update button.

12 - 2

Collecting Metrics

Assigning probes to local domain name serversTo capture accurate metrics data from the local domain name servers (LDNS servers) that send name resolution request to the Global Traffic Manager, you assign probes to each LDNS. A probe is a software component that employs a specific methodology to learn more about an LDNS.

You can assign one or more of the following probes to query LDNS servers:

◆ DNS_REVThe DNS_REV probe sends a DNS message to the probe target LDNS querying for a resource record of class IN, type PTR. Most versions of DNS answer with a record containing their fully-qualified domain name. The system makes these requests only to measure network latency and packet loss; it does not use the information contained in the responses.

◆ DNS_DOTThe DNS.DOT probe sends a DNS message to the probe target LDNS querying for a dot (.). If the LDNS is not blocking queries from unknown addresses, it answers with a list of root name servers. The system makes these requests only to measure network latency and packet loss; it does not use the information contained in the responses.

◆ UDPThe UDP probe uses the user datagram protocol (UDP) to query the responsiveness of an LDNS. The UDP protocol provides simple but unreliable datagram services. The UDP protocol adds a checksum and additional process-to-process addressing information. UDP is a connectionless protocol which, like TCP, is layered on top of IP. UDP neither guarantees delivery nor requires a connection. As a result, it is lightweight and efficient, but the application program must take care of all error processing and retransmission.

◆ TCPThe TCP probe uses the transmission control protocol (TCP) to query the responsiveness of an LDNS. The TCP protocol is the most common transport layer protocol used on Ethernet and Internet. The TCP protocol adds reliable communication, flow-control, multiplexing, and connection-oriented communication. It provides full-duplex, process-to-process connections. TCP is connection-oriented and stream-oriented.

◆ ICMPThe ICMP probe uses the Internet control message protocol (ICMP) to query the responsiveness of an LDNS. The ICMP protocol is an extension to the Internet Protocol (IP). The ICMP protocol generates error messages, test packets, and informational messages related to IP.

With these probes, it does not matter if the Global Traffic Manager receives a valid response, such as the name of the LDNS, as queried by the DNS_REV probe, or a request refused statement. The relevant information is the metrics generated between the probe request and the response. For example, the Global Traffic Manager uses the DNS_REV probe to query


Chapter 12

two LDNS servers. The first LDNS responds to the probe with its name, as per the request. The second LDNS, however, responds with a request refused statement, because it is configured to not allow such requests. In both cases, the probe was successful, because the Global Traffic Manager was able to acquire data on how long it took for both LDNS servers to respond to the probe.

You can configure the Global Traffic Manager to use a select number of probes, or you can assign all five. The more probes that the Global Traffic Manager uses, the more bandwidth is required.

To assign a probe

1. On the Main tab of the navigation pane, expand System and then click General Properties.The General screen opens.


3. In the Local DNS (LDNS) area, use the options provided in the Metrics Collection Protocol option to assign the relevant probes.

4. In the Metrics Caching box, define the number of seconds for which the Global Traffic Manager keeps the collected metrics data.This value determines how often the system probes a given LDNS. The default value is 3600 seconds, or one hour.

5. In the Inactive Local DNS TTL box, define the number of seconds for which an LDNS can be inactive before the Global Traffic Manager considers it inactive.The Global Traffic Manager stops probing LDNS servers that are considered inactive. The default value is 2419200, or 28 days.


12 - 4

Collecting Metrics

Configuring TTL and timer valuesEach resource in the Global Traffic Manager has an associated time-to-live (TTL) value. A TTL is the amount of time (measured in seconds) for which the system considers metrics valid. The timer values determine how often the Global Traffic Manager refreshes the information.

Table 12.1 describes each TTL value, as well as its default setting.

Each resource also has a timer value. A timer value defines the frequency (measured in seconds) at which the Global Traffic Manager refreshes the metrics information it collects. In most cases, the default values for the TTL and timer parameters are adequate. However, if you make changes to any TTL or timer value, keep in mind that an object’s TTL value must be greater than its timer value.

Table 12.2 describes each timer value, as well as its default setting.

Parameter Description Default

Hops TTL Specifies the number of seconds that the Global Traffic Manager considers traceroute data to be valid.

604800 (seven days)

Paths TTL Specifies the number of seconds that the Global Traffic Manager uses path information for name resolution and load balancing.

2400

Inactive Path TTL Specifies the number of seconds that a path remains in the cache after its last access.

604800 (seven days)

Inactive Local DNS TTL

Specifies the number of seconds that a local DNS remains in the cache after its last access.

2419200

(28 days)

Table 12.1 TTL values and default settings


Hops data refresh Specifies the frequency (in seconds) at which the Global Traffic Manager retrieves traceroute data (traceroutes between each data center and each local DNS).

60

Paths refresh Specifies the frequency (in seconds) at which the Global Traffic Manager refreshes path information (for example, round trip time or ping packet completion rate).

120

Table 12.2 Time values and default settings


Chapter 12

To configure global TTL and timer values



3. Add the TTL and timer values settings.For help on configuring the TTL and timer values settings, see the online help for this screen.


Sync Time Tolerance Specifies the number of seconds that one system’s time setting is allowed to be out of sync with another system’s time setting.

Note: If you are using NTP to synchronize the time of the Global Traffic Manager with a time server, leave the time tolerance at the default value of 10. In the event that NTP fails, the Global Traffic Manager uses the time_tolerance variable to maintain synchronization.

This setting is available in the General screen of the Global Traffic Manager’s general properties section.

10

Timer Sync State Specifies the interval (in seconds) at which the Global Traffic Manager checks to see if it should change states (from Principal to Receiver or from Receiver to Principal).


30

Metrics Caching Specifies the interval (in seconds) at which the Global Traffic Manager archives the paths and metrics data.


3600


Table 12.2 Time values and default settings

12 - 6

Collecting Metrics

Excluding LDNS servers from probesWhen the Global Traffic Manager attempts to probe a local domain name system (LDNS), it is actively attempting to acquire data from that LDNS. Certain Internet Service Providers and other organizations might request that you do not probe their LDNS servers, while other LDNS servers might be known to act as proxies, which do not provide accurate metrics data. In these situations, you can configure the Global Traffic Manager to exclude LDNS servers from probes. When you exclude an LDNS, the Global Traffic Manager does not probe that system; however, the Global Traffic Manager is also unable to use the Quality of Service load balancing mode to load balance name resolution request from that LDNS.

To exclude an LDNS from probes



3. In the Address Exclusions area, in the IP Subnet box, type the IP address and subnet that contains the LDNS servers you want to exclude.

4. Click the Add button to add the LDNS or network segment to the address exclusion list.


Removing LDNS servers from the address exclusion listYou can remove an LDNS from the address exclusion list at any time. Situations in which you want to remove the LDNS include the LDNS becoming inactive, or the IP address of the LDNS changing to a different network subnet.

To remove an LDNS from the address exclusion list



3. In the Address Exclusion area, select the LDNS that you would like to remove and click the Remove button.



Chapter 12

12 - 8

13

Managing iRules

• Introducing iRules for the Global Traffic Manager

• Creating iRules

• Assigning iRules

• Controlling iRule evaluation

• Using statement commands

• Using wide IP commands

• Using utility commands

• Using protocol commands

• Removing iRules

Managing iRules

Introducing iRules for the Global Traffic ManagerAs you work with the Global Traffic Manager, you might find that you want to incorporate additional customizations beyond the available features associated with load balancing, monitors, or other aspects of your traffic management. For example, you might want to have the Global Traffic Manager respond to a name resolution request with a specific CNAME record, but only when the request is for a particular wide IP and originates from Europe. In the Global Traffic Manager, these customizations are defined through iRules. iRules are code snippets that are based on TCL 8.4. These snippets allow you a great deal of flexibility in managing your global network traffic.

If you are familiar with the BIG-IP Local Traffic Manager, you might already be aware of and use iRules to manage your network traffic on a local level. The iRules in the Global Traffic Manager share a similar syntax with their Local Traffic Manager counterparts, but support a different set of events and objects.

Due to the dynamic nature of iRules development, the following sections focus on providing an overview of iRule operations and describe the events and command specific to the Global Traffic Manager. For additional information on how to write iRules, we recommend you visit F5’s DevCentral Web site: http://devcentral.f5.com. At this site, you can learn more about iRules development, as well as discuss iRules functionality with others.

What is an iRule?An iRule is a script that you write if you want individual connections to target a pool other than the default pool defined for a virtual server. iRules allow you to more directly specify the pools to which you want traffic to be directed. Using iRules, you can send traffic not only to pools, but also to individual pool members or hosts.

The iRules you create can be simple or sophisticated, depending on your content-switching needs. Figure 13.1 shows an example of a simple iRule.

This iRule is triggered when a DNS request has been detected, causing the Global Traffic Manager to send the packet to the pool my_pool, if the IP address of the local DNS making the request matches 10.10.10.10.

when DNS_REQUEST { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { pool my_pool }}

Figure 13.1 Example of an iRule


Chapter 13

iRules can direct traffic not only to specific pools, but also to individual pool members, including port numbers and URI paths, either to implement persistence or to meet specific load balancing requirements.

The syntax that you use to write iRules is based on the Tool Command Language (Tcl) programming standard. Thus, you can use many of the standard Tcl commands, plus a set of extensions that the Global Traffic Manager provides to help you further increase load balancing efficiency.

For information about standard Tcl syntax, see http://tmml.sourceforge.net/doc/tcl/index.html.

Creating iRulesYou create an iRule using the Configuration utility.

To create an iRule

1. On the Main tab of the navigation pane, expand Global Traffic and click iRules.The iRules screen opens.

2. Click the Create button.

3. In the Name box, type a 1- to 31-character name.

4. In the Definition box, type the syntax for your iRule.

5. If you want to expand the length of the Definition box, check Extend Text Area. Also, if you want the contents of the iRule to wrap within the box, check Wrap Text.


For detailed syntax information on writing iRules, see the remainder of this chapter.

13 - 2

Managing iRules

Assigning iRulesWithin the Global Traffic Manager, you assign iRules to the wide IPs in your network configuration. The system then applies the iRules to incoming network traffic.

To assign an iRule

1. On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.The main screen for wide IPs opens.

2. Click the name of the wide IP to which you want to assign an iRule.The properties screen for the wide IP opens.

3. On the menu bar, click iRules.The main iRules screen for the wide IP opens.

4. Click the Manage button.The Manage iRules screen opens.

5. From the iRule list, select an appropriate iRule.

6. Click the Add button.The new rule appears in the list of assigned iRules.



Chapter 13

Controlling iRule evaluationIn a basic system configuration where no iRule exists, the Global Traffic Manager directs incoming traffic to the default pool assigned to the wide IP that receives that traffic based on the assigned load balancing modes. However, you might want the Global Traffic Manager to direct certain kinds of connections to other destinations. The way to do this is to write an iRule that directs traffic to that other destination, contingent on a certain type of event occurring. Otherwise, traffic continues to go to the default pool assigned to the wide IP.

iRules are therefore evaluated whenever an event occurs that you have specified in the iRule. For example, if an iRule includes the event declaration DNS_REQUEST, then the iRule is triggered whenever the Global Traffic Manager receives a name resolution request. The Global Traffic Manager then follows the directions in the remainder of the iRule to determine the destination of the packet.

Specifying eventsThe iRules feature includes several types of event declarations that you can make in an iRule. Specifying an event declaration determines when the Global Traffic Manager evaluates the iRule. The following sections list and describe these event types. Also described is the concept of iRule context and the use of the when keyword.

Event typesThe iRule command syntax includes several types of event declarations that you can specify within an iRule. These event types are listed in table 13.1.

Using the when keywordYou make an event declaration in an iRule by using the when keyword, followed by the event name. For example:

when DNS_REQUEST {

iRule details...

}

iRule Event Description

DNS_REQUEST Triggered when a DNS request is received from a client.

LB_SELECTED Triggered when the Global Traffic Manager has selected a target node.

LB_FAILED Triggered when a connection to the server was unable to complete. This might occur if the pool has no available members or a selected pool member is otherwise not available.

Table 13.1 Event declarations for iRules

13 - 4

Managing iRules

Listing iRules on wide IPsWhen you assign multiple iRules as resources for a wide IP, it is important to consider the order in which you list them on the wide IP. This is because the Global Traffic Manager processes duplicate iRule events in the order that the applicable iRules are listed. An iRule event can therefore terminate the triggering of events, thus preventing the Global Traffic Manager from triggering subsequent events.

To organize the list of iRules




4. Click Manage.The Manage iRules screen opens.

5. Click the name of an assigned iRule and then use either the Up button to move the iRule up one position, or the Down button to move the iRule down one position.



Chapter 13

Using statement commandsSome of the commands available for use within iRules are known as statement commands. Statement commands enable the Global Traffic Manager to perform a variety of different actions. For example, some of these commands specify the pools or servers to which you want the Global Traffic Manager to direct traffic.

Table 13.2 lists and describes statement commands that you can use within iRules.

Statement Command Description

discard Causes the current packet or connection (depending on the context of the event) to be discarded. This statement must be conditionally associated with an if statement.

drop Same as the discard command.

[use] host <string> Causes the server host, as identified by a string, to be used directly, thus bypassing any load-balancing.

if { <expression> } {<statement_command>}

elseif { <expression> } {<statement_command>}

Asks a true or false question and, depending on the answer, takes some action.

Note that the maximum number of if statements that you can nest in an iRule is 100.

log [<facility>.<level>] <message> Generates and logs the specified message to the Syslog facility.

[use] host <addr> [<port>] Causes the server host, as identified by IP address and, optionally, port number, to be used directly, thus bypassing any load-balancing.

[use] pool <pool_name> [member <addr> [<port>]]

Causes the Global Traffic Manager to load balance traffic to the named pool. This statement must be conditionally associated with an if statement. Optionally, you can specify a specific pool member to which you want to direct the traffic.

reject Causes the connection to be rejected, returning a reset as appropriate for the protocol.

return Terminates execution of the iRule event .

Table 13.2 iRule statement commands

13 - 6

Managing iRules

Using wide IP commandsThe Global Traffic Manager supports several iRule commands that are unique to its global traffic management capabilities. These commands can specify a specific CNAME or wide IP name, or determine the geographic origin of the request.

Table 13.3 lists and describes wide IP commands that you can use within iRules.

Statement Command Description

cname <cname> Returns the <cname> referenced.

wideip name Returns the wide IP name requested.

ttl <value> Overrides the default time-to-live value. If this command is used for a CNAME, the value overrides the default of 0. If this command is used for a pool, the value overrides the time-to-live value for that pool.

whereis <ip> [[country] [continent]] Returns the geographic location of a specific IP address. If the keywords [country] or [continent] are not specified, this command returns all location data.

Table 13.3 iRule wide IP commands


Chapter 13

Using utility commandsThe Global Traffic Manager includes a number of utility commands that you can use within iRules. You can use these commands to parse and retrieve content, verify data integrity, and retrieve information about active pools and pool members.

Parsing and manipulating contentTable 13.4 lists and describes the commands that return a string that you specify. The pages following the table provide detail and examples of the commands.

Ensuring data integritySome of the commands available for use within iRules allow you to check the integrity of data. Table 13.5 lists and describes these commands.

Command Description

findstr Finds a string within another string and returns the string starting at the offset specified from the match.

substr Finds a string within another string and returns the string starting at the offset specified from the match.

findclass Finds the member of a data group that contains the result of the specified expression, and returns that data group member or the portion following the separator, if a separator was provided.

host Searches for a specific host name within the supplied <string>.

Table 13.4 Utility commands that parse and manipulate content

Utility Command Description

crc32 <string> Returns the crc32 checksum for the provided string, or if an error occurs, an empty string. Used to ensure data integrity.

md5 <string> Returns the RSA Data Security, Inc. MD5 Message Digest Algorithm (md5) message digest of the provided string, or if an error occurs, an empty string. Used to ensure data integrity.

Table 13.5 Utility commands for ensuring data integrity

13 - 8

Managing iRules

Retreiving resource informationSome of the commands available for use within iRules allow you to retrieve data about servers, pools, and pool members. Table 13.6 lists and describes these commands.

Using protocol commandsThe Global Traffic Manager includes a number of protocol commands that you can use within iRules. You can use these commands to identify IP addresses and ports of both the clients and servers for a given name resolution transaction.

IP commandsThe Global Traffic Manager supports the following IP commands.

Utility Command Description

active_members <pool name> Returns the number of active members in the pool.

member_priority <pool name> member <ip> [<port>]

Returns the priority for pool member ip:port.

LB::server [<pool | name | address | port>

Returns the name of the server selected for a load balancing operation.

LB::status [<up | down | session enabled | session disabled>]

Returns the status of the selected resource.

LB::status pool <name> member <address> [<port> <up | down | session enabled | session disabled>]

Returns the status of the selected pool.

LB::status vs <ip> <port> [<up | down | session enabled | session disabled>]

Returns the status of the selected virtual server.

Table 13.6 Utility commands for retrieving pool information

Protocol Command Description

IP::remote_addr Returns the IP address of the client for a given name resolution request. Equivalent to IP::client_addr.

IP::local_addr Returns the IP address of the server for a given name resolution request. Equivalent to IP::server_addr.

Table 13.7 IP commands for iRules


Chapter 13

TCP commandsThe Global Traffic Manager supports the following TCP commands.

UDP commandsThe Global Traffic Manager supports the following UDP commands.

IP::client_addr Returns the IP address of the client for a given name resolution request. Equivalent to IP::remote_addr.

IP::server_addr Returns the IP address of the server for a given name resolution request. Equivalent to IP::local_addr.

IP::protocol Returns the IP protocol value, such as TCP or UDP.


TCP::client_port Returns the client’s TCP port/service number.

TCP::server_port Returns the server’s TCP port/service number.

Table 13.8 TCP commands for iRules


UDP::client_port Returns the client’s UDP port/service number.

UDP::server_port Returns the server’s UDP port/service number.

Table 13.9 UDP commands for iRules


Table 13.7 IP commands for iRules

13 - 10

Managing iRules

Removing iRulesWithin the Global Traffic Manager, you can remove an iRule from a wide IP at any time.

To remove an iRule




4. Click Manage.The Manage iRules screen opens.

5. Select the iRule that you would like to remove, and then click the Remove button to remove it.



Chapter 13

13 - 12

14

Managing DNS Files with ZoneRunner

• Introducing ZoneRunner

• Working with zone files

• Working with resource records

• Working with views

• Managing the named.conf file


Introducing ZoneRunnerOne of the modes in which you operate the Global Traffic Manager is the node mode. In node mode, the Global Traffic Manager is responsible not only for load balancing name resolution requests and monitoring the health of your physical and logical network; it is also responsible for maintaining the DNS zone files that map name resolution requests to the appropriate network resource.

In the Global Traffic Manager, you create, manage, and maintain DNS files using the ZoneRunner™ utility. The ZoneRunner utility is a zone file management utility that can manage both DNS zone files and your BIND configuration. With the ZoneRunner utility, you can:

• Manage the DNS zones and zone files for your network, including importing and transferring zone files

• Manage the resource records for those zones

• Manage views (a BIND 9 feature)

• Manage a local name server and its configuration file, named.conf

Working with DNS and BINDThe ZoneRunner utility is an advanced feature of the Global Traffic Manager. We highly recommend that you become familiar with the various aspects of BIND and DNS before you use this feature. For in-depth information, we recommend the following resources:

• DNS and BIND, 4th edition, Paul Albitz and Cricket Liu

• The IETF DNS documents, RFC 1034 and RFC 1035

• The Internet Systems Consortium web site, http://www.isc.org/index.pl?/sw/bind/

Understanding ZoneRunner tasksWhen you use the ZoneRunner utility to manage your DNS zones and resource records, you can accomplish several tasks, including:

• Configure a zone

• Configure the resource records that make up the zone

• Configure a view, for access control

• Configure options in the named.conf file

Note

In the Configuration utility, you must configure a zone before you configure any other objects in the ZoneRunner utility.

The remainder of this chapter discusses these tasks in detail.


Chapter 14

Working with zone filesWith the ZoneRunner utility, you can create, modify, and delete zone files. Additionally, you can transfer zone files to another name server, or import zone files from another name server. A zone file contains resource records and directives that describe the characteristics and hosts of a zone, otherwise known as a domain or sub-domain.

Types of zone filesThere are five types of zone files. Each type has its own content requirements and role in the DNS.

The types of zones are:

◆ Primary (Master)Zone files for a primary zone contain, at minimum, the start of authority (SOA) and name server (NS) resource records for the zone. Primary zones are authoritative, that is, they respond to DNS queries for the domain or sub-domain. A zone can have only one SOA record, and must have at least one NS record.

◆ Secondary (Slave)Zone files for a secondary zone are copies of the principal zone files. At an interval specified in the SOA record, secondary zones query the primary zone to check for and obtain updated zone data. A secondary zone responds authoritatively for the zone as long as the zone data is valid.

◆ StubStub zones are similar to secondary zones, except that stub zones contain only the NS records for the zone. Note that stub zones are a specific feature of the BIND implementation of DNS. We recommend that you use stub zones only if you have a specific requirement for this functionality.

◆ ForwardThe zone file for a forwarding zone contains only information to forward DNS queries to another name server on a per-zone (or per-domain) basis.

◆ HintThe zone file for a hint zone specifies an initial set of root name servers for the zone. Whenever the local name server starts, it queries a root name server in the hint zone file to obtain the most recent list of root name servers.

Creating zone filesYou can use the ZoneRunner utility to create any of the zone types described in the previous section.

14 - 2


To create a zone

1. On the Main tab of the navigation pane, expand Global Traffic and click ZoneRunner.The Resource Records List screen opens.

2. On the menu bar, click Zone List.The Zone List screen opens.

3. Click the Create button.The New Zone screen opens.

4. From the View Name list, select a view with which to associate the new zone.The default setting is external.

5. In the Zone Name box, type a fully-qualified domain name for the zone.

Note: Do not forget the trailing dot ( . ) at the end of the name.

6. From the Zone Type list, select the type of zone that you are configuring.The screen refreshes to display the configuration settings for the zone type.

Note

Each zone type has unique characteristics. The following sections describe how to create each zone type.

Creating a primary zone

Primary zones have many components. When you create a primary zone, you create a zone file, an SOA record, and an initial NS record. You can also create a reverse zone and its corresponding reverse zone file.

Important

To complete these steps, you must first complete the process as described in the previous section, Creating zone files, on page 14-2.

To create a primary zone configuration




4. On the New Zone screen, select Master from the Zone Type list.The screen refreshes to display the configuration options and records creation options for a primary zone.


Chapter 14

5. From the Records Creation Method list, select Manual. The configuration options in the Records Creation section in the following procedure change, depending on the record creation method that you select in this step.

Note: The Records Creation Method list has two additional options: Load From File and Transfer from Server. These options are discussed in the section, Importing zone files, on page 14-7.

6. In the Zone File Name box, type the name you want to use for the zone file.

7. In the Options box, you can type any additional statements that the zone requires. Do not delete the allow-update statement as the system needs this to maintain compatibility with the wide IP information.

Important: Exercise caution when typing in the Options box. The system writes any changes you make directly to the named.conf file. For information on available options and syntax, refer to the BIND documentation mentioned at the beginning of this chapter.

8. Check the Create Reverse Zone box to specify that the system creates a reverse zone for this zone.

9. In the Reverse Zone Name box, type a name for the reverse zone, and then select whether the reverse zone applies to IPv4 or IPv6 networks.

10. In the Reverse Zone File Name box, type the name you want to use for the reverse zone file.

11. In the SOA Record section, supply the relevant configuration for the Start of Authority (SOA) record associated with this zone.

12. In the NS Record section, supply the information for the first Name Server associated with this zone.See Creating NS resource records, on page 14-16 for more information.


Creating a secondary zone

Secondary zones are essentially copies of primary zones. Secondary zones can respond to DNS queries, which significantly reduces the possibility that a query goes unanswered. Secondary zones regularly poll primary zones to get up-to-date zone information.

Important


14 - 4


To create a secondary zone




4. On the New Zone screen, select Slave from the Zone Type list.The screen refreshes to display the configuration options for a secondary zone.


6. In the Options box, you can type any additional statements that the zone requires. Do not delete the allow-update statement as the system needs this to maintain compatibility with the wide IP information.



Creating a stub zone

Stub zones contain only the NS records for a zone. Stub zones are a unique feature of the BIND implementation of DNS. As such, we recommend that you carefully evaluate using stub zones in your configuration. Refer to the BIND documentation for additional information about stub zones.

Important


To create a stub zone





Chapter 14

4. On the New Zone screen, select Slave from the Zone Type list.The screen refreshes to display the configuration options for a secondary zone.


6. In the Options box, you can type any additional statements that the zone requires. Do not delete the allow-update statement, as the system needs this to maintain compatibility with the wide IP information.



Creating a hint zone

Hint zones designate a subset of the root servers list. When the local name server starts (or restarts), the name server queries the root servers in the hint zone for the most current list of root servers.

Important


To create a hint zone




4. On the New Zone screen, select Hint from the Zone Type list.The screen refreshes to display the configuration options for a hint zone.


14 - 6


Creating a forward zone

Forward zones provide forwarding information for a zone or a domain. When a query comes in that matches a forward zone, the ZoneRunner utility sends the query to the server specified in the forward zone, rather than returning the query to the requesting local DNS server.

Important


To create a forward zone




4. On the New Zone screen, select Slave from the Zone Type list.The screen refreshes to display the configuration options for a slave zone.

5. In the Options box, you can type any additional statements that the zone requires. Do not delete the forwarders statement as the system needs this to maintain compatibility with the wide IP information.



Importing zone filesOften, when you add the Global Traffic Manager to your network, you already have a DNS server that manages your zone files. Typically, the Global Traffic Manager can then become either a secondary server that provides backup DNS information in case your primary DNS server goes offline, or becomes the primary DNS server. In either situation, you can use the ZoneRunner utility to import existing zone files into the Global Traffic Manager instead of re-creating them manually.

Through the ZoneRunner utility, you can import zone files using one of two methods:

• Loading zones from a file


Chapter 14

• Transferring zones from a server

Note

You can import only primary zones files.

Loading zones from a file

If you know where the zone files you want to import reside on your server, you can load these files directly into the Global Traffic Manager through the ZoneRunner utility. Once you load a zone file into the Global Traffic Manager, the ZoneRunner utility displays information about the zone and any of its resource records within the Configuration utility.

Note

You can load only primary zones files.

To load a zone from a file

1. On the Main tab, expand Global Traffic and click ZoneRunner.The Resource Records List screen opens.





6. From the Zone Type list, select Master.

7. From the Records Creation Method, select Load From File.

8. In the Upload Records File box, located in the Records Creation section, type the path to the zone file.Alternatively, you can click the Browse button to navigate to the file.


Transferring zones from servers

Instead of loading zones from a file, you have the option of transferring them from existing DNS server. This method is useful if the zone files you need reside at a remote location. Once you transfer a zone file into the Global Traffic Manager, the ZoneRunner utility displays information about the zone and any of its resource records within the Configuration utility.

14 - 8


Before you can transfer zone files from another server, you must ensure that the you have configured the source server to allow transfers to the destination server. You typically accomplish this task using the allow-transfer option. See your DNS and BIND documentation for more information.

Note

You can transfer only primary zones files.

To transfer a zone from a server






6. From the Zone Type list, select Master.

7. From the Records Creation Method, select Transfer from Server.

8. In the Source Server box, located in the Records Creation section, type the path to DNS server.

9. In the Source Zone box, type the name of the zone you want to transfer to the Global Traffic Manager.


Modifying zonesThrough the ZoneRunner utility, you can modify zones on an as-needed basis. For example, you can increase or decrease the time-to-live (TTL) value for the zone, or change the master server for the zone.

Note

You can also add resource records to an existing zone file. See Working with resource records, on page 14-11.


Chapter 14

To modify a zone


2. On the menu bar, click Zone List.The main screen for the zone opens.

3. Click the name of the zone that you want to modify.The properties screen for the zone opens.

4. Modify the settings for the zone as needed.


Deleting zonesWith the ZoneRunner utility, you can delete zones that either have become obsolete or are no longer relevant to the Global Traffic Manager due to a network configuration change. For example, you might adjust your name servers, after which the Global Traffic Manager is no longer responsible for a specific zone.

To delete a zone


2. On the menu bar, click Zone List.The main screen for the zone opens.

3. Click the name of the zone that you want to modify.The properties screen for the zone opens.

4. Modify the settings for the zone as needed.


6. Click the Delete button again to delete the zone.

14 - 10


Working with resource recordsResource records are the files that contain the details about a zone. These resource records, in a hierarchical structure, make up the domain name system (DNS). Once you have created a zone, you can use the ZoneRunner utility to view, create, modify, and delete the resource records for that zone.

Note

Although case is preserved in names and data fields when loaded into the name server, comparisons and lookups in the name server database are not case-sensitive.

Types of resource recordsThis section describes the common resource records that the ZoneRunner utility supports. For information on additional resource record types, see DNS and BIND, 4th edition, Albitz and Liu.

The types of resource records are:

◆ SOA (Start of authority)The start of authority resource record, SOA, starts every zone file and indicates that a name server is the best source of information for a particular zone. The SOA record indicates that a name server is authoritative for a zone. There must be exactly one SOA record per zone. Unlike other resource records, you create a SOA record only when you create a new master zone file.

◆ A (Address)The Address record, or A record, lists the IP address for a given host name. The name field is the host’s name, and the address is the network interface address. There should be one A record for each IP address of the machine.

◆ AAAA (IPv6 Address)The IPv6 Address record, or AAAA record, lists the 128-bit IPv6 address for a given host name.

◆ CNAME (Canonical Name)The Canonical Name resource record, CNAME, specifies an alias or nickname for the official, or canonical, host name. This record must be the only one associated with the alias name. It is usually easier to supply one A record for a given address and use CNAME records to define alias host names for that address.

◆ DNAME (Delegation of Reverse Name)The Delegation of Reverse Name resource record, DNAME, specifies the reverse lookup of an IPv6 address. These records substitute the suffix of one domain name with another. The DNAME record instructs the Global Traffic Manager (or any DNS server) to build an alias that substitutes a portion of the requested IP address with the data stored in the DNAME record.


Chapter 14

◆ HINFO (Host Information)The Host Information resource record, HINFO, contains information on the hardware and operating system relevant to the Global Traffic Manager (or other DNS).

◆ MX (Mail Exchanger)The Mail Exchange resource record, MX, defines the mail system(s) for a given domain.

◆ NS (Name Server)The name server resource record, NS, defines the name servers for a given domain, creating a delegation point and a subzone. The first name field specifies the zone that is served by the name server that is specified in the name servers name field. Every zone needs at least one name server.

◆ PTR (Pointer)A name pointer resource record, PTR, associates a host name with a given IP address. These records are used for reverse name lookups.

◆ SRV (Service)The Service resource record, SRV, is a pointer that allows an alias for a given service to be redirected to another domain. For example, if the fictional company SiteRequest had an FTP archive hosted on archive.siterequest.com, the IT department could create an SRV record that allows an alias, ftp.siterequest.com to be redirected to archive.siterequest.com.

◆ TXT (Text)The Text resource record, TXT, allows you to supply any string of information, such as the location of a server or any other relevant information that you want available.

Creating resource recordsYou can use the ZoneRunner utility to create any of the resource record types described in Types of zone files, on page 14-2.

To create a resource record


2. Click the Create button.The New Resource Record screen opens.


4. In the Zone Name box, select the zone with which this record is associated.

5. In the Name box, type the name for the resource record.

14 - 12


6. In the TTL box, type the time-to-live value for the record.

7. From the Type list, select the type of resource record that you are configuring.The screen refreshes to display the configuration settings for the resource record type.

Note

Each resource record type has unique characteristics. The following sections describe how to create each resource record type, and build on the steps listed in this procedure.

Creating A resource records

The Address record, or A record, lists the IP address for a given host name. The following steps describe how to create an A record for a zone.

Important

To complete these steps, you must first complete the process as described in Creating resource records, on page 14-12.

To create an A record

1. On the New Resource Record screen, select A from the Type list.The screen refreshes to display the configuration options for an A resource record.

2. In the IP Address box, type the IP address for the A record.

3. If you want to create a reverse record that corresponds to this record, check Create Reverse Record.


Creating AAAA resource records

The IPv6 Address record, or AAAA record, is a record used for 128-bit IPv6 addresses. The following steps describe how to create an AAAA record for a zone.

Important


To create an AAAA record

1. On the New Resource Record screen, select AAAA from the Type list.The screen refreshes to display the configuration options for an AAAA resource record.


Chapter 14

2. In the IP Address box, type the IP address for the AAAA record.

3. If you want to create a reverse record that corresponds to this record, check Create Reverse Record.


Creating CNAME resource records

The Canonical Name resource record, CNAME, specifies an alias or nickname for the official, or canonical, host name. The following steps describe how to create a CNAME record for a zone.

Important


To create a CNAME record

1. On the New Resource Record screen, select CNAME from the Type list.The screen refreshes to display the configuration options for an CNAME resource record.

2. In the CNAME box, type the appropriate alias for the resource record.


Creating DNAME resource records

The Delegation of Reverse Name resource record, DNAME, specifies the reverse lookup of an IPv6 address. The following steps describe how to create a DNAME record for a zone.

Important


To create a DNAME record

1. On the New Resource Record screen, select DNAME from the Type list.The screen refreshes to display the configuration options for an DNAME resource record.

2. In the DNAME box, type the appropriate reverse name for the resource record.


14 - 14


Creating HINFO resource records

The Host Information resource record, HINFO, contains information on the hardware and operating system relevant to the Global Traffic Manager (or other DNS). The following steps describe how to create an HINFO record for a zone.

Important


To create an HINFO record

1. On the New Resource Record screen, select HINFO from the Type list.The screen refreshes to display the configuration options for an HINFO resource record.

2. In the Hardware box, type the appropriate hardware information for the resource record.

3. In the OS box, type the appropriate operating system information for the resource record.


Creating MX resource recordsThe Mail Exchange resource record, MX, defines the mail system(s) for a given domain. The following steps describe how to create an MX record for a zone.

Important


To create an MX record

1. On the New Resource Record screen, select MX from the Type list.The screen refreshes to display the configuration options for an MX resource record.

2. In the Preference box, type the preference for the mail server.Preference is a numeric value for the preference of this mail exchange host relevant to all other mail exchange hosts for the domain. Lower numbers indicate a higher preference, or priority.

3. In the Mail Server box, type the appropriate domain name for the mail server.



Chapter 14

Creating NS resource records

The name server resource record, NS, defines the name servers for a given domain, creating a delegation point and a subzone. The following steps describe how to create an NS record for a zone.

Important


To create an NS record

1. On the New Resource Record screen, select NS from the Type list.The screen refreshes to display the configuration options for an NS resource record.

2. In the Name Server box, type the appropriate domain name for the resource record.


Creating PTR resource records

A name pointer resource record, PTR, associates a host name with a given IP address. These records are used for reverse name lookups.

Important


To create a PTR record

1. On the New Resource Record screen, select PTR from the Type list.The screen refreshes to display the configuration options for a PTR resource record.

2. In the Domain box, type the appropriate domain name for the resource record.


Creating SRV resource records

The Service resource record, SRV, is a pointer that allows an alias for a given service to be redirected to another domain. The following steps describe how to create an SRV record for a zone.

Important


14 - 16


To create an SRV record

1. On the New Resource Record screen, select SRV from the Type list.The screen refreshes to display the configuration options for an SRV resource record.

2. In the Priority box, type the appropriate priority level for this host.The lower the number in this box, the higher the priority level.

3. In the Weight box, type the proportion of requests that should be targeted at this server.This value is used when two hosts have the same priority. The higher the number in this box, the greater the weight.

4. In the Port box, type the port on which the service is running.

5. In the Target Server box, type the domain name of a host running the service on the port specified in the Port box.


Creating TXT resource records

The Text resource record, TXT, allows you to supply any string of information, such as the location of a server or any other relevant information that you want available. The following steps describe how to create a TXT record for a zone.

Important


To create a TXT record

1. On the New Resource Record screen, select TXT from the Type list.The screen refreshes to display the configuration options for an TXT resource record.

2. In the Text box, type the appropriate text for the resource record.


Modifying a resource recordIf you decide you need to change the settings for a given resource record, you can modify it at any time.


Chapter 14

To modify a resource record


2. Click the name of the resource record that you want to modify.The properties screen for the resource record opens.

3. Modify the resource record as needed.


Adding resource records to an existing zone file

In addition to creating a resource record through the Record List screen, you can create one when you modify an existing zone file.

To add a resource record to an existing zone file



3. Click the name of the zone to which you want to add a resource record.The properties screen for that zone opens.

4. Click the Add Resource Record button, located at the bottom of the screen.The New Resource Record screen opens, with the View and Zone Name options filled out to reflect the appropriate settings for the zone file.

5. Create the new resource record as needed.See Creating resource records, on page 14-12 for more information.


Working with viewsOne of the features available in BIND 9 is the addition of views to your DNS configuration. A view allows you to modify the name server configuration based on the community attempting to access it. For example, if your DNS handles request from both inside and outside your company, you could create two views: internal and external. Through views, you can

14 - 18


build name server configurations on the same server, and have those configurations apply dynamically when the request originates from a specified source.

In the Global Traffic Manager, a single view is created automatically within the ZoneRunner utility: external. If you do not want to create views, all zones that the Global Traffic Manager maintains are associated with this default view.

Through the ZoneRunner utility, you can:

• Add views

• Modify views

• Delete views

Adding viewsIf you have a DNS that is accessed from multiple communities, you can create a view for each community. Depending on the community, the name server uses a different configuration for resolving name requests.

To add a view


2. On the menu bar, click View List.The View List screen opens.

3. Click the Create button.The New View screen opens.

4. In the View Name box, type a name for the view.

5. In the View Order box, select where the view resides in the view hierarchy for the name server.

6. In the Options box, specify the criteria that determines when the DNS should use the zone files associated with this view.


Modifying viewsAs the needs of the communities attempting to access the Global Traffic Manager as a DNS change, you might need to modify your views. Through the ZoneRunner utility, you can modify a view at any time.


Chapter 14

To modify a view



3. Click the name of the view you want to modify.The properties screen for the view opens.

4. Modify the view settings as needed. Note that you cannot change the name of the view.

5. Click Update to apply your changes.

Deleting viewsIf a view is no longer necessary for your name resolutions, you can delete it from the ZoneRunner utility.

To delete a view



3. Click the name of the view you want to delete.The properties screen for the view opens.


5. Click the Delete button again to delete the view.

Adding zones to viewsOnce you create a view, you can create zones that will belong to the view.

To add a zone to a view



3. Click the name of the view you want to delete.The properties screen for the view opens.

14 - 20


4. Click the Add Zone button.The New Zone screen opens.

5. Create the new zone as needed.See Creating zone files, on page 14-2 for more information on creating zone files.


Chapter 14

Managing the named.conf fileYou define the primary operational characteristics of BIND using a single file, named.conf. The functions defined in this file include views, access control list definitions, and zones.

You can control most of the contents of the named.conf file through the ZoneRunner utility, as this utility updates the named.conf file to implement any modifications that you make. However, you can also use the ZoneRunner utility to edit the named.conf file directly.

Important

In this procedure, we assume that you are fully familiar with the named.conf file and the syntax of its contents. Modifying the named.conf file carries a high level of risk, as a syntax error can prevent the entire BIND system from performing as expected. For this reason, we recommend that you use the user interface of the ZoneRunner utility whenever possible, and that you exercise caution when editing the named.conf file.

To modify the named.conf file


2. On the menu bar, click Named Configuration.The named.conf configuration screen opens.

3. Edit the contents of the named.conf file as needed:

• You can increase the size of the box containing the named.conf contents by checking Extend Text Area.

• You can have the contents of the named.conf file wrap to fit the box by checking Wrap Text.


14 - 22

A

Working with the big3d Agent

• Introducing the big3d agent

• Collecting path data and server performance metrics

• Setting up communication between Global Traffic Managers and other servers


Introducing the big3d agentThe big3d agent collects performance information on behalf of the Global Traffic Manager. The big3d agent runs on all BIG-IP systems. In most cases, you want to run a big3d agent on all of these systems in the network, but you can turn off the big3d agent on any system at any time. If you turn off the big3d agent on a server, the Global Traffic Manager can no longer check the availability of the server or its virtual servers, and the statistics screens display the status as unknown (blue ball). The big3d agent is a critical component of the Global Traffic Manager; without it, the Global Traffic Manager cannot access much of the information you need regarding other BIG-IP systems on the network.

Note

We recommend that you have a big3d agent running on at least one system in each data center in your network. This configuration ensures that the Global Traffic Manager has timely access to the metrics associated with network traffic

Configuration Guide for BIG-IP® Global Traffic Management A - 1

Appendix A

Collecting path data and server performance metricsA big3d agent collects the following types of performance information used for load balancing. The big3d agent broadcasts this information to all Global Traffic Managers in your network.

◆ Network path round trip timeThe big3d agent calculates the round trip time for the network path between the agent’s data center and the client’s LDNS server that is making the resolution request. The Global Traffic Manager uses round trip time to determine the best virtual server to answer the request when a pool uses a dynamic load balancing mode, such as Round Trip Time, or Quality of Service.

◆ Network path packet lossThe big3d agent calculates the packet completion percentage for the network path between the agent’s data center and the client’s LDNS server that is making the resolution request. The Global Traffic Manager uses the packet completion rate to determine the best virtual server to answer the request when a wide IP or pool uses either the Completion Rate or the Quality of Service load balancing modes.

◆ Router hops along the network pathThe big3d agent calculates the number of intermediate system transitions (router hops) between the agent’s data center and the client’s LDNS server. The Global Traffic Manager uses hops to determine the best virtual server to answer the request when a pool uses the Hops or the Quality of Service load balancing modes.

◆ Server performance The big3d agent returns server metrics, such as the packet rate, for BIG-IP systems or SNMP-enabled hosts. The Global Traffic Manager uses packet rate to determine the best virtual server to answer the request when a pool uses the Packet Rate, KBPS, Least Connections, or Quality of Service load balancing modes.

◆ Virtual server availability and performance The big3d agent queries virtual servers to verify whether they are up and available to receive connections, and uses only those virtual servers that are up for load balancing. The big3d agent also determines the number of current connections to virtual servers that are defined on BIG-IP systems or SNMP-enabled hosts. The Global Traffic Manager uses the number of current connections to determine the best virtual server when a pool uses the Least Connections or VS Capacity load balancing mode.

Setting up data collection with the big3d agentSetting up the big3d agents involves the following tasks:

◆ Installing big3d agents on BIG-IP systemsEach new version of the Global Traffic Manager software includes the latest version of the big3d agent. You need to distribute that copy of the

A - 2


big3d agent to each BIG-IP system in the network. See the release notes provided with the Global Traffic Manager software for information about which versions of the BIG-IP software the current big3d agent supports. For details on installing the big3d agent, see Installing the big3d agent, following.

◆ Setting up communications between big3d agents and other systemsBefore the big3d agents can communicate with the Global Traffic Managers in the network, you need to configure the appropriate ports and tools to allow communication between the devices running the big3d agent and Global Traffic Managers in the network. These planning issues are discussed in Setting up communication between Global Traffic Managers and other servers, on page A-5.

Installing the big3d agent

The big3d agent is installed by running the big3d_install script. With the correct ports open, the Global Traffic Manager also automatically updates older big3d agents on the network.

When you install the big3d agent, you must complete the following tasks:

• Install the Global Traffic Manager.

• Add the BIG-IP systems as servers to the Global Traffic Manager.

• Exchange the appropriate Web certificates between the Global Traffic Manager and other systems.

• Open ports 22 and 4353 between the Global Traffic Manager and the other BIG-IP systems.

Understanding the data collection and broadcasting sequenceThe big3d agents collect and broadcast information on demand. The Global Traffic Manager in a synchronization group issues a data collection request to all big3d agents running in the network. In turn, the big3d agents collect the requested data, and then broadcast that data to all Global Traffic Managers running in the network.

Evaluating big3d agent configuration trade-offs

You must run a big3d agent on each BIG-IP system in your network if you use dynamic load balancing modes (those that rely on path data). (For information about dynamic load balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.) You must have a big3d agent running on at least one system in each data center to gather the necessary path metrics.

The load on the big3d agents depends on the timer settings that you assign to the different types of data the big3d agents collect. The shorter the timers, the more frequently the big3d agent needs to refresh the data. While short timers guarantee that you always have valid data readily available for load balancing, they also increase the frequency of data collection.


Appendix A

Another factor that can affect data collection is the number of client LDNS servers that make name resolution requests. The more LDNS servers that make resolution requests, the more path data that the big3d agents have to collect. While round trip time for a given path may vary constantly due to current network load, the number of hops along a network path between a data center and a specific LDNS does not often change. Consequently, you may want to set short timer settings for round trip time data so that it refreshes more often, but set high timer settings for hops data because it does not need to be refreshed often.

A - 4


Setting up communication between Global Traffic Managers and other servers

In order to copy big3d agents from a Global Traffic Manager to BIG-IP systems, the Global Traffic Manager must be able to communicate with the other systems.

Setting up iQuery communications for the big3d agentThe iQuery protocol uses one of two ports to communicate between the big3d agents throughout the network and Global Traffic Managers. The ports used by iQuery traffic change, depending on whether the traffic is inbound from the big3d agent or outbound from the Global Traffic Manager.

Table A.1 shows the protocols and ports for both inbound and outbound iQuery communications between Global Traffic Managers and big3d agents distributed in your network.

Table A.2 shows the protocols and corresponding ports used for iQuery communications between big3d agents and SNMP agents that run on host servers.

Allowing iQuery communications to pass through firewalls The payload information of an iQuery packet contains information that potentially requires network address translation when there is a firewall in the path between the big3d agent and the Global Traffic Manager. The firewall translates only the packet headers, not the payloads.

From To Protocol From Port To Port

GTM system big3d agent TCP >1023 4353

Table A.1 Communication protocols and ports between Global Traffic Managers and big3d agents

From To Protocol From Port To Port Purpose

big3d agent host SNMP agent UDP >1023 161 Ephemeral ports used to make SNMP queries for host statistics

host SNMP agent big3d agent UDP 161 >1023 Ephemeral ports used to receive host statistics using SNMP

Table A.2 Communication protocols and ports between big3d agents and SNMP agents on hosts


Appendix A

The virtual server translation option resolves this issue. When you configure address translation for virtual servers, the iQuery packet stores the original IP address in the packet payload itself. When the packet passes through a firewall, the firewall translates the IP address in the packet header normally, but the IP address within the packet payload is preserved. The Global Traffic Manager reads the IP address out of the packet payload, rather than out of the packet header.

For example, firewall separates the path between a BIG-IP system running a big3d agent, and the Global Traffic Manager. The packet addresses are translated at the firewall. However, addresses within the iQuery payload are not translated, and they arrive at the BIG-IP system in their original states.

Communications between Global Traffic Managers, big3d agents, and local DNS servers

Table A.3 shows the protocols and ports that the big3d agent uses when collecting path data for local DNS servers.

From To Protocol From Port To Port Purpose

big3d LDNS ICMP N/A N/A Probe using ICMP pings

big3d LDNS TCP >1023 53 Probe using TCP (Cisco© routers: allow establish)

LDNS big3d TCP 53 >1023 Replies using TCP (Cisco© routers: allow establish)

big3d LDNS UDP 53 33434 Probe using UDP or traceroute utility

LDNS big3d ICMP N/A N/A Replies to ICMP, UDP pings, or traceroute probes

big3d LDNS dns_revdns_dot

>1023 53 Probe using DNS rev or DNS dot

LDNS big3d dns_revdns_dot

53 >1023 Replies to DNS rev or DNS dot probes

Table A.3 Communications between big3d agents and local DNS servers

A - 6

B

Understanding Probes

• Introducing probes

• Understanding iQuery

• Determining probe responsibility

• Selecting a big3d agent

• Designating a specific server

• Managing LDNS probes


Introducing probesWhen you install a Global Traffic Manager in a network, that system typically works within a larger group of BIG-IP® products. These products include other Global Traffic Managers, Link Controllers, and Local Traffic Managers. The Global Traffic Manager must be able to communicate with these other systems to maintain an accurate assessment of the health and availability of different network components. For example, the Global Traffic Manager must be able to acquire statistical data from resources that are managed by a Local Traffic Manager in a different data center. BIG-IP systems acquire this information through the use of probes. A probe is an action a BIG-IP system takes to acquire data from other network resources.

Probes are an essential means by which the Global Traffic Manager tracks the health and availablity of network resources; however, it is equally important that the responsibility for conducting probes be distributed across as many BIG-IP products as possible. This distribution ensures that no one system becomes overloaded with conducting probes, which would cause a decrease in performance in the other tasks for which a BIG-IP system is responsible.

Note

If you are familiar with the precursor to the Global Traffic Manager, the 3-DNS Controller, you are likely already familiar with probes. With 3-DNS Controllers, a single system, the principal system, was responsible for managing all of the probe requests. With the introduction of the Global Traffic Manager, these requests are distributed more efficiently across other BIG-IP Global Traffic Manager systems.

To distribute probe requests effectively across multiple BIG-IP systems, Global Traffic Managers employ several different technologies and methodologies, including:

• iQuery, which is the communication protocoal used between Global Traffic Managers and the big3d agents that reside on other BIG-IP systems

• A selection methodology that determines which Global Traffic Manager is responsible for managing the probe request

• A selection methodology that determines which big3d agent actually conducts the probe

One of the important concepts to remember when understanding how the Global Traffic Manager acquires network data is that the process consists of several tasks:

• A Global Traffic Manager is chosen to be responsible for the probe.

• The Global Traffic Manager delegates the probe to a big3d agent.

• The big3d agent conducts the probe.

• The big3d agent broadcasts the results of the probe, allowing all Global Traffic Managers to receive the information.

Configuration Guide for BIG-IP® Global Traffic Management B - 1

Appendix B

Understanding iQueryAt the heart of probe management with Global Traffic Manager systems is iQuery, the communications protocol that these systems use to send information from one system to another. With iQuery, Global Traffic Managers in the same synchronization group can share configuration settings, assign probe requests to big3d agents, and receive data on the status of network resources.

The iQuery protocol is an XML protocol that is sent between each system using gzip compression and SSL. These communications can only be allowed between systems that have a trusted relationship established, which is why configuration tools such as big3d_install, bigip_add, and gtm_add are critical when installing or updating Global Traffic Managers. If two systems have not exchanged their SSL certificates, they cannot share information with each other using iQuery.

In addition to requiring trusted relationships, systems send iQuery communications only on the VLAN in which the system received the incoming message. Also, iQuery communications occur only within the same synchronization group. If your network consists of two synchronization groups, with each group sharing a subset of network resources, these groups both probe the network resources and communicate with iQuery separately.

Generally, iQuery communications require no user intervention; however, on occasion it can be necessary to view the data transmitted between each system. For example, you might be troubleshooting the reason that a Global Traffic Manager is exhibiting a particular behavior. In such a situation, you can use the command, iqdump.

To use the iqdump command

1. Access the system prompt for the BIG-IP system.

2. Type iqdump <ip address> <synchronization group name>.The IP address that you type must be the IP address with which the system is communicating with iQuery. This IP address can be either the local system or a remote system.

3. Press Enter.

Immediately, information the BIG-IP system has received through iQuery appears in the command window. Note that the data displayed represents only the information the system receives; it does not display the information the system has sent through iQuery.

Note

One of the first pieces of information displayed when running iQuery is the version of the remote big3d agent. This is an excellent way of determining if a system is running the latest version of the big3d agent.

B - 2


Determining probe responsibilityWhen you assign a monitor to a network resource through the Configuration utility of the Global Traffic Manager, the first action is for a Global Traffic Manager to be responsible for ensuring that a big3d agent probes the selected resource. It is important to remember that this does not necessarily mean the selected Global Traffic Manager actually conducts the probe; it means only that a specific Global Traffic Manager is in charge of assigning a big3d agent to probe the resource. The big3d agent could be installed on the same system as the Global Traffic Manager, a different Global Traffic Manager, or the big3d agent on another BIG-IP system.

A crucial component to determining which system manages a probe request is the data centers that you defined in the Global Traffic Manager configuration. For each probe, the Global Traffic Manager systems determine the following:

• Is there a Global Traffic Manager in the same data center as the resource?

• Is there more than one Global Traffic Manager at that data center?

By default, Global Traffic Manager systems delegate probe management to a system that belongs to the same data center as the resource, since the close proximity of system and resource improves probe response time.

To illustrate how these considerations factor into probe management, consider a fictional company, SiteRequest. This company has three data centers: one in Los Angeles, one in New York, and one in London. The following table lists a few characteristics of each data center.

Now, consider that you want to acquire statistical data from a resource in the New York data center. First, the Global Traffic Manager systems, based on their iQuery communications with each other, identify whether there is a Global Traffic Manager that belongs to the New York data center. In this case, the answer is yes; the New York data center contains a Global Traffic Manager. Next, the systems determine if more than one Global Traffic Manager belongs to the New York data center. In this case, the answer is no; the New York data center has only a stand-alone system. Consequently, the Global Traffic Manager in the New York data center assumes responsibility for conducting the probe on this particular resource.

Data Center Characteristics

Los Angeles Two Global Traffic Manager systems, configured as a redundant system

New York A single Global Traffic Manager

London Resources only; no Global Traffic Managers

Table B.1 Characteristics of the data centers at SiteRequest


Appendix B

In situations where more than one Global Traffic Manager belongs to a data center, the systems use an algorithm to distribute the responsibility for probes equally among Global Traffic Manager systems. This distribution ensures that each Global Traffic Manager system has an equal chance of being responsible for managing a probe request.

To demonstrate how probe requests are delegated between two Global Traffic Manager systems at the same data center, consider again the network configuration at SiteRequest. This time, the company needs to acquire data from a resource that resides at the Los Angeles data center. As with the previous example, the first step identifies whether the Los Angeles data center has any Global Traffic Managers; in this case, the answer is yes. The next criteria is whether there is more than one Global Traffic Manager at that data center; in this case, the answer is also yes: the Los Angeles data center has a redundant system that consists of two Global Traffic Managers. Because there are two Global Traffic Managers at this data center, each system compares the hash value of the resource with its own information; whichever Global Traffic Manager has the closest value to the resource becomes responsible for managing the probe request.

A final consideration is if a data center does not have any Global Traffic Managers at all, such as the London data center in the configuration for SiteRequest. In these situations, the responsibility for probing a resource at that data center is divided among the other Global Traffic Managers; much in the same way as the responsibility is divided among Global Traffic Managers within the same data center.

Once a Global Traffic Manager becomes responsible for managing a probe, it remains responsible for that probe until the network configuration changes in one of the following ways:

• The Global Traffic Manager goes offline.

• A new Global Traffic Manager is added to the data center.

• The network configuration of the resource (such as its IP address) changes.

B - 4


Selecting a big3d agentAs described in Determining probe responsibility, on page B-3, the first stage in conducting a probe of a network resource is to select the Global Traffic Manager. In turn, the Global Traffic Manager delegates the probe to a big3d agent, which is responsible for querying the given network resource for data.

One way in which you can consider the probe delegation process of network resources is in the similar to the two-tiered load balancing method the Global Traffic Manager uses when delegating traffic. With DNS traffic, the Global Traffic Manager identifies the wide IP to which the traffic belongs. Then, it load balances that traffic among the pools associated with the wide IP. One it selects a pool, the system load balances the request across the pool members within that pool.

Delegating probe requests occurs in a similar two-tiered fashion. First, the Global Traffic Managers within a synchronization group determine which system is responsible for managing the probe. This does not necessarily mean that the selected Global Traffic Manager conducts the probe itself; it means only that a specific Global Traffic Manager ensures that the probe takes place. Next, the Global Traffic Manager selects one of the available big3d agents to actually conduct the probe. As each BIG-IP system has a big3d agent, the number of agents available to conduct the probe depends on the number of BIG-IP systems.

To illustrate how these considerations factor into probe management, consider a fictional company, SiteRequest, that was used in Determining probe responsibility, on page B-3. This company has three data centers: one in Los Angeles, one in New York, and one in London. The following table lists a few characteristics of each data center:

Now, consider that a Global Traffic Manager in the Los Angeles data center has assumed responsibility for managing a probe for a network resource. At this data center, the system can assign the probe to one of four big3d agents: one for each BIG-IP system at the data center. To select a big3d, the Global Traffic Manager looks to see which big3d agent has the fewest number of

Data Center Characteristics

Los Angeles Two Global Traffic Manager systems, configured as a redundant system

Two Local Traffic Manager systems

New York A single Global Traffic Manager

Two Local Traffic Manager systems, configured as a redundant system

London Resources only; no Global Traffic Manager systems

A single Local Traffic Manager

Table B.2 Characteristics of the data centers at SiteRequest


Appendix B

probes for which it is responsible. The big3d agent with the lowest number of probes is tasked with conducting the probe. The Global Traffic Manager checks this statistic each time the it needs to delegate the probe; as a result, the big3d select could change from probe instance to probe instance.

In situations where a big3d agent does not reside in the same data center as the resource, the designated Global Traffic Manager selects a big3d from all available big3d agents on the network. Again, the agent selected is the agent with the fewest number of probe requests, and this check occurs each time the probe is conducted.

For example, SiteRequest adds a new set of web servers in Tokyo. At this location, the company has yet to install its BIG-IP systems; however, the current set of Global Traffic Managers in Los Angeles and New York are managing traffic to these web servers. When initiating a probe request to determine the availability of one of these servers, a Global Traffic Manager is selected to manage the probe request. Then, that system chooses a big3d agent to probe the web server, selecting any big3d agent located in Los Angeles, New York, or London.

B - 6


Designating a specific serverIn most cases, the probes sent to internal network resources are handled through a distributed load balancing system that first selects a Global Traffic Manager, and then selects a big3d agent. However, in some circumstances you might want to assign a specific server to conduct a probe of a given resource. For those situations, you can use the Statistics Collection Server setting. This option is only available for non-BIG-IP sytems.

To designate a specific server

1. On the Main tab of the navigation pane, expand Global Traffic and then click Servers.The main Servers screen opens.


Alternatively, you can select an existing server by clicking the appropriate server entry from the main Servers screen.

3. Define the appropriate settings for the new server.

4. From the Configuration list, select Advanced.A new set of configuration options appear.

5. From the Statistics Collection Server list, select a BIG-IP system that you want to use to conduct probes for this server.


The Global Traffic Manager uses the specified BIG-IP system to conduct probes on this server unless that system becomes unavailable.


Appendix B

Managing LDNS probesOne of the probes for which Global Traffic Manager systems are responsible are probes of Local Domain Name Systems, or LDNS servers. Unlike probes conducted on internal systems, such as web servers, probes of LDNS servers require that the Global Traffic Manager verify data from a resource that exists outside the network. Typically, this data is the path information the Global Traffic Manager requires when conducting Quality of Service, Round Trip Time, Completion Rate, and Hops load balancing methods.

Note

If you do not use Quality of Service load balancing, the Global Traffic Manager does not conduct probes of LDNS servers.

When a given LDNS server makes a DNS request for a wide IP, that request is sent to a single Global Traffic Manager. The Global Traffic Manager then creates an LDNS server entry, and assigns that entry one of the following states:

• New: the Global Traffic Manager has not come across this particular LDNS server before

• Active: the Global Traffic Manager already has an existing entry for this LDNS server

• Pending: the Global Traffic Manager has been contacted by this LDNS server before, however, this server has yet to respond to a probe from a Global Traffic Manager on this network

In general, the New and Pending states are temporary states; an LDNS server remains in one of these states only until it responds to the first probe request from a Global Traffic Manager. Once the Global Traffic Manager receives a response, the LDNS entry is moved to the Active state. Each Global Traffic Manager within a given synchronization group shares the LDNS entries that are assigned this state, resulting in the synchronization group having a common list of known LDNS servers.

Unlike internal probes, LDNS probes are not load balanced across Global Traffic Managers. Instead, the Global Traffic Manager that the LDNS server first queries becomes reponsible for the initial probe to that LDNS. These probes are load balanced, however, across the multiple big3d agents, with preference given to big3d agents that either belong to the same data center as the responding Global Traffic Manager, or belong to the same link through which the Global Traffic Manager received the LDNS query. After the initial probe, an algorithm is used to load balance subsequent probes across the available Global Traffic Manager systems.

The process for identifying and managing LDNS probe requests is as follows:

1. An LDNS server sends a DNS request to a Global Traffic Manager.

B - 8


2. The Global Traffic Manager that responds to the request determines if it already has an entry for the LDNS server. If it does not, it creates an entry with a status of New.

3. The Global Traffic Manager delegates the probe of the LDNS server to a big3d agent; preferrably a big3d agent that resides in the same data center as the Global Traffic Manager.

4. When the LDNS server responds to the probe, it sends its information to the Global Traffic Manager.

5. The Global Traffic Manager updates its entry for the LDNS server, assigning it an Active status.

6. The Global Traffic Manager synchronizes its list of active LDNS servers with the other members of its synchronization group.

Again, if you do not use Quality of Service load balancing modes, the Global Traffic Managers do not conduct LDNS server probe.


Appendix B

B - 10

Glossary

Glossary

3-DNS Controller

See Global Traffic Manager.

A record

The A record is the ADDRESS resource record that a Global Traffic Manager returns to a local DNS server in response to a name resolution request. The A record contains a variety of information, including one or more IP addresses that resolve to the requested domain name.

access control list (ACL)

An access control list is a list of local DNS server IP addresses that are excluded from path probing or hops queries.

active unit

In a redundant system, an active unit is a system that currently load balances name resolution requests. If the active unit in the redundant system fails, the standby unit assumes control and begins to load balance requests.

alternate method

The alternate method specifies the load balancing mode that the Global Traffic Manager uses to pick a virtual server if the preferred method fails. See also fallback method, preferred method.

big3d agent

The big3d agent is a monitoring agent that collects metrics information about server performance and network paths between a data center and a specific local DNS server. The Global Traffic Manager uses the information collected by the big3d agent for dynamic load balancing.

BIND (Berkeley Internet Name Domain)

BIND is the most common implementation of the Domain Name System (DNS). BIND provides a system for matching domain names to IP addresses. For more information, refer to http://www.isc.org/products/BIND.

CNAME record

A canonical name (CNAME) record acts as an alias to another domain name. A canonical name and its alias can belong to different zones, so the CNAME record must always be entered as a fully qualified domain name. CNAME records are useful for setting up logical names for network services so that they can be easily relocated to different physical hosts.

completion rate

The completion rate is the percentage of packets that a server successfully returns during a given session.

Configuration Guide for BIG-IP® Global Traffic Management Glossary - 1

Glossary

Completion Rate mode

The Completion Rate mode is a dynamic load balancing mode that distributes connections based on which network path drops the fewest packets, or allows the fewest number of packets to time out.

Configuration utility

The Configuration utility is the browser-based application that you use to configure the Global Traffic Manager.

content delivery network (CDN)

A content delivery network (CDN) is an architecture of Web-based network components that helps dramatically reduce the wide-area network latency between a client and the content they wish to access. A CDN includes some or all of the following network components: wide-area traffic managers, Internet service providers, content server clusters, caches, and origin content providers.

data center

A data center is a physical location that houses one or more Global Traffic Managers, BIG-IP systems, or host machines.

data center server

A data center server is any server recognized in the Global Traffic Manager configuration. A data center server can be any of the following: a Global Traffic Manager, a BIG-IP system, or a host.

domain name

A domain name is a unique name that is associated with one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.f5.com/index.html, the domain name is f5.com.

dynamic load balancing modes

Dynamic load balancing modes base the distribution of name resolution requests to virtual servers on live data, such as current server performance and current connection load.

dynamic site contentDynamic site content is a type of site content that is automatically generated each time a user accesses the site. Examples are current stock quotes or weather satellite images.

EAV (Extended Application Verification)

EAV is a health check that verifies an application on a node by running that application remotely. EAV health check is only one of the three types of health checks available on an Link Controller. See also health check, health monitor, and external monitor.

Glossary - 2

Glossary

Extended Content Verification (ECV)

On the Global Traffic Manager, ECV is a service monitor that checks the availability of actual content, (such as a file or an image) on a server, rather than just checking the availability of a port or service, such as HTTP on port 80.

fail-over

Fail-over is the process whereby a standby unit in a redundant system takes over when a software failure or hardware failure is detected on the active unit.

fail-over cable

The fail-over cable is the cable that directly connects the two system units in a hardware-based redundant system.

fallback method

The fallback method is the third method in a load balancing hierarchy that the Global Traffic Manager uses to load balance a resolution request. The Global Traffic Manager uses the fallback method only when the load balancing modes specified for the preferred and alternate methods fail. Unlike the preferred method and the alternate method, the fallback method uses neither server nor virtual server availability for load balancing calculations. See also preferred method, alternate method.

Global Availability mode

Global Availability is a static load balancing mode that bases connection distribution on a particular server order, always sending a connection to the first available server in the list. This mode differs from Round Robin mode in that it searches for an available server always starting with the first server in the list, while Round Robin mode searches for an available server starting with the next server in the list (with respect to the server selected for the previous connection request).

Global Traffic Manager

The Global Traffic Manager provides wide-area traffic management and high availability of IP applications/services running across multiple data centers.

host

A host is a network server that manages one or more virtual servers that the Global Traffic Manager uses for load balancing.

ICMP (Internet Control Message Protocol)

ICMP is an Internet communications protocol used to determine information about routes to destination addresses, such as virtual servers managed by BIG-IP systems and Global Traffic Managers.


Glossary

iQuery

The iQuery protocol is used to exchange information between Global Traffic Managers and BIG-IP systems. The iQuery protocol is officially registered with IANA for port 4353, and works on UDP and TCP connections.

Kilobytes/Second mode

The Kilobytes/Second mode is a dynamic load balancing mode that distributes connections based on which available server currently processes the fewest kilobytes per second.

Least Connections mode

The Least Connections mode is a dynamic load balancing mode that bases connection distribution on which server currently manages the fewest open connections.

load balancing methods

Load balancing methods are the settings that specify the hierarchical order in which the Global Traffic Manager uses three load balancing modes. The preferred method specifies the first load balancing mode that the Global Traffic Manager tries, the alternate method specifies the next load balancing mode to try if the preferred method fails, and the fallback method specifies the last load balancing mode to use if both the preferred and the alternate methods fail.

load balancing mode

A load balancing mode is the way in which the Global Traffic Manager determines how to distribute connections across an array.

local DNS

A local DNS is a server that makes name resolution requests on behalf of a client. With respect to the Global Traffic Manager, local DNS servers are the source of name resolution requests. Local DNS is also referred to as LDNS.

metrics information

Metrics information is the data that is typically collected about the paths between BIG-IP systems and local DNS servers. Metrics information is also collected about the performance and availability of virtual servers. Metrics information is used for load balancing, and it can include statistics such as round trip time, packet rate, and packet loss.

name resolution

Name resolution is the process by which a name server matches a domain name request to an IP address, and sends the information to the client requesting the resolution.

Glossary - 4

Glossary

name server

A name server is a server that maintains a DNS database, and resolves domain name requests to IP addresses using that database.

named

The named daemon manages domain name server software.

Network Time Protocol (NTP)

Network Time Protocol functions over the Internet to synchronize system clocks to Universal Coordinated Time. NTP provides a mechanism to set and maintain clock synchronization within milliseconds.

NS record

A name server (NS) record is used to define a set of authoritative name servers for a DNS zone. A name server is considered authoritative for some given zone when it has a complete set of data for the zone, allowing it to answer queries about the zone on its own, without needing to consult another name server.

packet rate

The packet rate is the number of data packets per second processed by a server.

Packet Rate mode

The Packet Rate mode is a dynamic load balancing mode that distributes connections based on which available server currently processes the fewest packets per second.

path

A path is a logical network route between a data center server and a local DNS server.

path probing

Path probing is the collection of metrics data, such as round trip time and packet rate, for a given path between a requesting LDNS server and a data center server.

persistence

On a Global Traffic Manager, persistence is a series of related requests received from the same local DNS server for the same wide IP name. When persistence is turned on, a Global Traffic Manager sends all requests from a particular local DNS server for a specific wide IP to the same virtual server, instead of load balancing the requests.


Glossary

picks

Picks represent the number of times a particular virtual server is selected to receive a load balanced connection.

pool

A pool is a group of virtual servers managed by a BIG-IP system, or a host. The Global Traffic Manager load balances among pools (using the Pool LB Mode), as well as among individual virtual servers.

pool ratio

A pool ratio is a ratio weight applied to pools in a wide IP. If the Pool LB mode is set to Ratio, the Global Traffic Manager uses each pool for load balancing in proportion to the weight defined for the pool.

preferred method

The preferred method specifies the first load balancing mode that the Global Traffic Manager uses to load balance a resolution request. See also alternate method, fallback method.

probe

A probe is a specific query, initiated by a big3d agent, that attempts to gather specific data from a given network resource. Probes are most often employed when a health monitor attempts to verify the availability of a resource.

QOS equation

The QOS equation is the equation on which the Quality of Service load balancing mode is based. The equation calculates a score for a given path between a data center server and a local DNS server. The Quality of Service mode distributes connections based on the best path score for an available data center server. You can apply weights to the factors in the equation, such as round trip time and completion rate.

Quality of Service mode

The Quality of Service load balancing mode is a dynamic load balancing mode that bases connection distribution on a configurable combination of the packet rate, completion rate, round trip time, hops, virtual server capacity, kilobytes per second, link capacity, and topology information.

ratio

A ratio is the parameter in a virtual server statement that assigns a weight to the virtual server for load balancing purposes.

Ratio mode

The Ratio load balancing mode is a static load balancing mode that distributes connections across an pool of virtual servers in proportion to the ratio weight assigned to each individual virtual server.

Glossary - 6

Glossary

redundant system

A redundant system is a pair of units that are configured for fail-over. In a redundant system, one system runs as the active unit and the other system runs as the standby unit. If the active unit fails, the standby unit takes over and manages resolution requests.

resource record

A resource record is a record in a DNS database that stores data associated with domain names. A resource record typically includes a domain name, a TTL, a record type, and data specific to that record type. See also A record, CNAME record, NS record.

reverse domains

A type of DNS resolution request that matches a given IP address to a domain name. The more common type of DNS resolution request starts with a given domain name and matches that to an IP address.

root name server

A root name server is a master DNS server that maintains a complete DNS database. There are approximately 13 root name servers in the world that manage the DNS database for the World Wide Web.

Round Robin mode

Round Robin mode is a static load balancing mode that bases connection distribution on a set server order. Round Robin mode sends a connection request to the next available server in the order.

round trip time (RTT)

Round trip time is the calculation of the time (in microseconds) that a local DNS server takes to respond to a ping issued by the big3d agent running on a data center server. The Global Traffic Manager takes RTT values into account when it uses dynamic load balancing modes.

Round Trip Time mode

Round Trip Time is a dynamic load balancing mode that bases connection distribution on which virtual server has the fastest measured round trip time between the data center server and the local DNS server.

secondary DNS

The secondary DNS is a name server that retrieves DNS data from the name server that is authoritative for the DNS zone.

Setup utility

The Setup utility is a utility that takes you through the initial system configuration process. The Setup utility runs automatically when you turn on a system for the first time.


Glossary

SNMP (Simple Network Management Protocol)

SNMP is the Internet standard protocol, defined in STD 15, RFC 1157, that was developed to manage nodes on an IP network.

standby unit

A standby unit is a system in a redundant system that is always prepared to become the active unit if the active unit fails.

static load balancing modes

Static load balancing modes base the distribution of name resolution requests to virtual servers on a pre-defined list of criteria and server and virtual server availability; they do not take current server performance or current connection load into account. See also dynamic load balancing modes.

subdomain

A subdomain is a sub-section of a higher level domain. For example, .com is a high level domain, and F5.com is a subdomain within the .com domain.

synchronization group

A synchronization group is a group of Global Traffic Managers that synchronize system configurations and zone files (if applicable). All synchronization group members receive broadcasts of metrics data from the big3d agents throughout the network. All synchronization group members also receive broadcasts of updated configuration settings from the Global Traffic Manager that has the latest configuration changes.

Topology mode

The Topology mode is a static load balancing mode that bases the distribution of name resolution requests on the weighted scores for topology records. Topology records are used by the Topology load balancing mode to redirect DNS queries to the closest virtual server, geographically, based on location information derived from the DNS query message.

topology record

A topology record specifies a score for a local DNS server location endpoint and a virtual server location endpoint.

topology score

The topology score is the weight assigned to a topology record when the Global Traffic Manager is filtering the topology records to find the best virtual server match for a DNS query.

topology statement

A topology statement is a collection of topology records.

Glossary - 8

Glossary

TTL (Time to Live)

The TTL is the number of seconds for which a specific DNS record or metric is considered to be valid. When a TTL expires, the server usually must refresh the information before using it again.

unavailable

The unavailable is a status used for data center servers and virtual servers. When a data center server or virtual server is unavailable, the Global Traffic Manager does not use it for load balancing.

unknown

The unknown status is used for data center servers and virtual servers. When a data center server or virtual server is new to the Global Traffic Manager and does not yet have metrics information, the Global Traffic Manager marks its status as unknown. The Global Traffic Manager can use unknown servers for load balancing, but if the load balancing mode is dynamic, the Global Traffic Manager uses default metrics information for the unknown server until it receives live metrics data.

up

The up status is used for data center servers and virtual servers. When a data center server or virtual server is up, the data center server or virtual server is available to respond to name resolution requests.

virtual server

A virtual server is a specific combination of a virtual IP address and virtual port, and is associated with a content site that is managed by a BIG-IP system or host server.

wide IP

A wide IP is a collection of one or more domain names that maps to one or more groups of virtual servers managed either by BIG-IP systems, or by host servers. The Global Traffic Manager load balances name resolution requests across the virtual servers that are defined in the wide IP that is associated with the requested domain name.

zone

In DNS terms, a zone is a subset of DNS records for one or more domains.

zone file

In DNS terms, a zone file is a database set of domains with one or many domain names, designated mail servers, a list of other name servers that can answer resolution requests, and a set of zone attributes, which are contained in an SOA record.


Glossary

ZoneRunner

ZoneRunner™ is the utility that allows you manage your resource records, zone files, and named configuration associated with your implementation of DNS and BIND.

Glossary - 10

Index

3-DNSSee Global Traffic Manager.

AA record

creating 14-13defined 14-11

AAAA recordcreating 14-13defined 14-11

ACL threshold option 9-8address exclusion list 12-7alias addresses 10-35applications

See distributed applications.authoritative 14-2auto-discovery

enabling 2-13setting the polling frequency 2-13

Bbig3d agent

and broadcasting sequence A-3and configuration trade-offs A-3and data collection A-3and dynamic load balancing 7-7and iQuery A-5, B-2and metrics A-2defined 1-5getting version number B-2installing A-3introducing A-1selecting for probe requests B-3, B-5setting up A-2using with system communications 2-4

big3d_install scriptand setup tasks 2-5, 2-6running 2-6

BIG-IP health monitor 10-14BIG-IP link health monitor 10-14BIG-IP system

about 1-1See Local Traffic Manager.

bigip_add scriptand setup tasks 2-5running 2-7

billingand links 5-23

broadcast sequence and big3d agent A-3browsers, supported versions 1-11

CCNAME record


command syntax, conventions 1-12communications

and big3d A-5and probes B-1system 2-4

completion rate mode 7-7configuration guide, using 1-7Configuration utility

about online help 1-13and supported browser versions 1-11and the Welcome screen 1-13introducing 1-10

connections, resuming 8-10CPU mode 7-7custom monitors

importing from another custom monitor 10-5importing from pre-configured monitor 10-5importing from template 10-6using 10-5

Ddata center statistics 11-8data centers

about 3-2configuring 5-2creating 2-2deleting 5-3disabling 5-4enabling 5-4managing 5-2modifying 5-3

data collection, and big3d agent A-3dependencies

creating for virtual servers 8-7organizing for virtual servers 8-8removing from virtual servers 8-8setting 6-20

destination statement 9-3distributed application statistics 11-4distributed applications

adding wide IPs 6-19and dependencies 6-20and persistent connections 6-23defined 6-18disabling traffic 6-22enabling traffic 6-22removing wide IPs 6-19

DNAME recordcreating 14-14defined 14-11

Configuration Guide for BIG-IP® Global Traffic Management Index - 1

Index

DNS zone filesadding to views 14-20synchronizing 2-10

domain names, maximum supported 1-5drop packet mode 7-3dynamic load balancing

and big3d agents 7-7overview of 7-7

dynamic load balancing modes 7-7dynamic ratio

and Quality of Service mode 7-9introducing 7-12using with Quality of Service mode 7-12

EEAV monitors 10-2ECV monitors 10-2event declarations 13-4event execution, terminating 13-5event-based traffic management 13-4external health monitor 10-15

Ffail-over

hardware-based 1-6network-based 1-6

fallback IP mode 7-4fallback load balancing

configuring 7-16introducing 7-16

features of Global Traffic Manager 1-2firewalls and iQuery A-5forward zone files


FTP health monitors 10-16

Ggateway ICMP health monitor 10-9global availability mode 7-4Global Traffic Manager

and operation modes 4-1components of 3-1defining current 2-2, 5-5resources 1-2selecting for probe requests B-3

gtm_add scriptand setup tasks 2-5running 2-6

Hhardware-based fail-over 1-6health monitor settings 10-1

health monitor types 10-1health monitors

and alias addresses 10-35and association types 10-37and disabled resources 2-16and extended content verification 10-10and external application verification 10-13and health monitor types 10-2and links 5-22and number of queries 2-15and reverse mode 10-35and simple monitors 10-8and transparent mode 10-35assigning heartbeat intervals 2-14assigning servers to 5-12associating resources to 10-37configuring 10-8creating 10-7creating custom health monitors 10-4defined 10-2deleting 10-39determining availability with 8-4disabling 10-39displaying 10-39enabling 10-39introducing 10-1managing 10-39using BIG-IP link monitor 10-14using BIG-IP monitor 10-14using external 10-15using FTP 10-16using gateway ICMP 10-9using HTTP 10-11using HTTPS 10-12using ICMP 10-9using IMAP 10-16using LDAP 10-17using MSSQL 10-18using NNTP 10-20using Oracle 10-20using POP3 10-21using pre-configured health monitors 10-4using RADIUS 10-21using Real Server 10-22using scripted 10-25using SIP 10-25using SMTP 10-26using SNMP 10-26using SNMP link 10-28using SOAP 10-28using TCP 10-11using TCP echo 10-9using TCP half open 10-10using UDP 10-29using WAP 10-30using WMI 10-31

Index - 2

Index

heartbeat interval, about 2-14help, online 1-13HINFO record


HINT zone filescreating 14-6defined 14-2

hops mode 7-7host servers

defined 5-11using the generic host option 5-12

HTTP health monitor 10-11HTTPS health monitor 10-12

IICMP health monitor 10-9if statement syntax 13-6if statement, nesting 13-6ignore traffic TTL option 7-18IMAP health monitor 10-16internet protocols 1-4iqdump, using B-2iQuery

about B-2and firewalls A-5and probes B-1and VLANs B-2defined A-5

iRule evaluation, controlling 13-4iRule event types 13-4iRule functions, introducing 13-8iRule statement syntax 13-6, 13-7, 13-8, 13-9, 13-10iRules

adding to wide IPs 6-15and statement commands, 13-6and wide IPs 6-14assigning 13-5creating 13-2introducing 13-1organizing within wide IPs 6-16removing from wide IPs 6-15

Kkilobyte/second mode 7-8

Llast resort pool 8-12LDAP health monitor 10-17LDNS probes B-8least connections mode 7-8limit settings

See limit thresholds.

limit thresholdsand pool members 5-15and pools 5-14and servers 5-13and virtual servers 5-16introducing 5-13

Link Controller, defined 5-8link statistics 11-10links

about 3-2adding 5-21, 5-22and monitors 5-22billing 5-23managing 5-21removing 5-22weighting 5-23

listenersdeleting 4-5introducing 4-1modifying 4-4

load balancingand dynamic modes 7-7and pools 7-15and static modes 7-3and wide IPs 7-14configuring 7-14enabling ignore traffic TTL option 7-18introducing 7-1using the fallback method 7-16using topology mode 9-5verifying virtual server availability 7-18

load balancing modesusing completion rate 7-7using CPU 7-7using drop packet 7-3using fallback IP 7-4using global availability 7-4using hops 7-7using kilobytes/second 7-8using least connections 7-8using none 7-4using packet rate 7-8using Quality of Service 7-9using ratio 7-5using return to dns 7-5using round robin 7-5using round trip times 7-8using Static Persist 7-5using topology 7-6using VS capacity 7-9

load balancing serversdefined 5-9using generic load balancing server option 5-10


Index

local DNSassigning probes to 12-3excluding from probes 12-7removing from probes 12-7

local DNS statistics 11-14Local Traffic Manager

and resources 1-4defined 5-7

log statements 13-6logical network components

and distributed applications 3-4and listeners 3-3and pools 3-4and wide IPs 3-4introducing 6-1reviewing 3-3

longest match option 9-8

Mmanual resume 8-10master zone files

See primary zone filesmedia options 1-5metrics

assigning to local DNS 12-3defined 12-2introducing 12-1

metrics collectionand big3d agent A-2and probes 12-7and TTL and timers 12-5excluding local DNS from probes 12-7removing local DNS from probes 12-7sequence of A-3setting TTL and timer values 12-5

Microsoft Internet Explorer 1-11monitor types 10-2monitors

See health monitors.MSSQL health monitor 10-18mx record


Nnamed.conf 14-22Netscape Navigator 1-11network management tools 1-4network-based fail-over 1-6NNTP health monitor 10-20none mode 7-4NS record


NTPdefining 2-9synchronizing systems 2-9

Oonline help 1-13Oracle health monitor 10-20

Ppacket rate mode 7-8path statistics 11-13persistence records 11-16persistent connections

and distributed applications 6-23and persistent records 11-16draining 8-11introducing 8-11

physical network componentsabout 5-1and virtual servers 3-3configuring data centers 5-2using data centers 3-2using links 3-2using servers 3-2

pool members, using with limit thresholds 5-15pool statistics 11-7pools

adding to wide IPs 6-10and limit thresholds 5-14and load balancing 7-15and topology load balancing 9-6and virtual servers 6-4defined 6-3disabling 6-8enabling 6-8organizing virtual servers 6-5organizing within wide IPs 6-12removing from wide IPs 6-11removing virtual servers 6-5weighting virtual servers 6-6weighting within wide IPs 6-12

POP3 health monitor 10-21primary zone files

creating 14-3defining 14-2

probesand LDNS B-8defined B-1designating servers B-7determining responsibility for B-3selecting big3d agents B-5selecting Global Traffic Managers B-3

PTR recordcreating 14-16defined 14-12

Index - 4

Index

QQOS

See Quality of Service mode.Quality of Service coefficients 7-11Quality of Service mode

and default settings 7-9customizing 7-9, 7-11introducing 7-9understanding coefficients 7-10using dynamic ratio 7-9, 7-12

RRADIUS health monitor 10-21ratio mode 7-5Real Server health monitor 10-22regions 9-7request source statements 9-3resource availability 10-2resource records

adding to zone files 14-18and CNAME records 14-14and HINFO records 14-15and MX records 14-15and NS records 14-12and PTR records 14-12and SOA records 14-11and SRV records 14-16and TXT recrods 14-17modifying 14-17types of records 14-11

resourcesdiscovering automatically 5-16monitoring disabled 2-16

return to DNS mode 7-5reverse mode 10-35Round Robin mode 7-5round trip times mode 7-8rule statement syntax 13-6, 13-7, 13-8, 13-9, 13-10

Sscalability 1-5scripted health monitor 10-25secondary zone files

about 14-2creating 14-4

security features 1-4server statistics 11-11servers

about 3-2and BIG-IP systems defined 5-5and limit thresholds 5-13defining current Global Traffic Manager 5-5defining host servers 5-11defining Link Controllers 5-8

defining load balancing servers 5-9defining Local Traffic Managers 5-7introducing 5-5

servers, NTP 2-9service checks, troubleshooting 10-19setup tasks 2-1Setup Utility, using 2-1simple monitors 10-2SIP health monitor 10-25slave zone files

See secondary zone files.SMTP 1-4SMTP health monitors 10-26SNMP health monitor 10-26SNMP link health monitor 10-28SNMP MIB 1-10SNMP, using for system communications 2-4SOA record, defined 14-11SOAP health monitor 10-28SQL Enterprise Manager 10-19SQL-based service checks, troubleshooting 10-19SQL-based services, and service checks 10-18SRV record


SSL 1-5statement commands, specifying 13-6static load balancing modes 7-3

using Static Persist 7-5Static Persist load balancing mode 7-5static persist mode 7-5statistics

accessing 11-2and data centers 11-8and distributed applications 11-4and links 11-10and local DNS servers 11-14and paths 11-13and pools 11-7and servers 11-11and status summary 11-3and virtual servers 11-12and wide IPs 11-6introducing 11-1understanding 11-4

status summary 11-3strings, returning 13-8stub zone files


stylistic conventions 1-11synchronization

activating 2-9and DNS zone files 2-10and NTP 2-9and time 2-9


Index

configuring 2-8controlling 2-9creating groups 2-11deactivating 2-10using other synchronization options 1-5

synchronization groups 2-8, 2-11syntax, for iRule statements 13-6, 13-7, 13-8, 13-9, 13-10system communications 2-4system resources

and dependencies 8-7associating health monitors to 10-37determining availability 8-3resuming connections to 8-10

systemsavailability of 8-3defining BIG-IP 2-5discovering automatically 5-16

Ttasks, setup 2-1Tcl syntax 13-2TCP echo health monitor 10-9TCP half open health monitor 10-10TCP health monitor 10-11test accounts, creating 10-19timer values

and metrics collection 12-5introducing 12-5

Tools Command Language syntax 13-2topologies

and ACL threshold option 9-8and destination statements 9-3and longest match option 9-8and pools 9-6and records 9-3and regions 9-7and request source statements 9-3and wide IPs 9-5introducing 9-1setting up 9-3

topology mode 7-6topology records

introducing 9-3removing 9-4

transparent mode 10-35TTL values

and metrics collection 12-5introducing 12-5

TXT recordcreating 14-17defined 14-12

txt record, creating 14-17

UUDP health monitor 10-29use pool statement syntax 13-6

Vverify virtual server availability option 7-18views

adding 14-19adding zones to 14-20and BIND 9 14-18deleting 14-20modifying 14-19

virtual server statistics 11-12virtual servers

about 3-3adding 5-19adding to pools 6-4and iRules 13-5and limit thresholds 5-16creating dependencies 8-7editing 5-20introducing 5-19organizing dependencies 8-8organizing within pools 6-5removing 5-20removing dependencies 8-8removing from pools 6-5weighting within pools 6-6

VS capacity mode 7-9

WWAP health monitor 10-30weighting, using with links 5-23Welcome screen 1-13when keyword, using with iRules 13-4wide IP statistics 11-6wide IPs

adding iRules to 6-15adding pools to 6-10adding to distributed applications 6-19and iRules 6-14and load balancing 7-14and persistent connections 8-11and topology load balancing 9-5creating 6-9disabling 6-14enabling 6-14maintaining 6-10organizing iRules 6-16organizing pools 6-12removing from distributed applications 6-19removing iRules from 6-15

Index - 6

Index

removing pools from 6-11setting up 2-1weighting pools 6-12

wildcard charactersand wide IPs 6-10examples of 6-10

Wireless Application Protocol monitorSee WAP health monitor.

WMI health monitor 10-31

Zzone files

adding to views 14-20synchronizing 2-10

zonescreating 14-2


Index

Index - 8

configuration guide for big-ip global traffic management, version 9.4.3[1]

Documents