Manual Chapter :
Configuring Protocol Validation and Response Cache
Applies To:
Show VersionsBIG-IP LTM
- 14.0.1, 14.0.0
BIG-IP DNS
- 14.0.1, 14.0.0
Configuring Protocol Validation and Response Cache
Overview: Configuring Protocol Validation and Response Cache
You can configure Protocol Validation so that responses, both authoritative and
non-authoritative, are cached to hardware in order to mitigate against random source flood
attacks. By configuring DNS Response Cache to offload/accelerate commonly requested entries in
hardware, entries can still be responded to when the software is overwhelmed.
If you have a DNS Services rate-limited license, Response Cache is automatically disabled.
Task summary
for configuring protocol validation and response cache
Perform these tasks to configure DNS in order to accelerate DNS responses in hardware:
Enabling a bitstream
Ensure you are using a VIPRION platform that supports FPGA firmware.
Enable the intelligent bitstream as part of the process to configure Protocol
Validation and Response Cache.
- On the Main tab, click.
- For theFPGA Firmware Selectionsetting, select thel7-intelligent-fpgacheck box.This setting is hidden if the appropriate hardware is not present.
- ClickSubmit.
Supported platforms for FPGA firmware selection
Platform family | Platform model |
---|---|
VIPRION® | B2250 blade |
VIPRION | C2200 chassis |
VIPRION | C2400 chassis |
Hardware DNS features are only available on platforms that support Altera FPGA,
including Vic2 and later platforms.
Configuring
Protocol Validation and Response Cache in a DNS profile
Ensure that the BIG-IP system has a DNS Services license.
Configure Protocol Validation for dropping
malformed packets and Response Cache to offload/accelerate commonly asked entries in
hardware.
- On the Main tab, click.The DNS list screen opens.
- In the name column, click the system-supplieddnsprofile.The DNS properties list screen opens.
- In the Hardware Acceleration area, from theProtocol Validationlist, selectEnabled.
- From theResponse Cachelist, selectEnabled.
- ClickUpdate.
Applying a DNS
profile to a listener
Apply a DNS profile as part of the process to
configure Protocol Validation and Response Cache.
- On the Main tab, click.The Listeners List screen opens.
- In theNamecolumn, click the name of a listener you want to modify.
- In the Service area, for theDNS Profilesetting, select thednsprofile.When the listener is defined from the BIG-IP LTM Virtual Server page, select theudp_gtm_dnsprofile.
- ClickUpdate.