F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP DNS Services: Implementations
  3. Configuring IP Anycast (Route Health Injection)
Manual Chapter : Configuring IP Anycast (Route Health Injection)

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Configuring IP Anycast (Route Health Injection)

Overview: Configuring IP Anycast (Route Health Injection)

You can configure IP Anycast for DNS services on the BIG-IP system to help mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with traffic management. This configuration adds routes to and removes routes from the routing table based on availability. Advertising routes to virtual addresses based on the status of attached listeners is known as
Route Health Injection (RHI)
.

Enabling the ZebOS dynamic routing protocol

Before you enable ZebOS dynamic routing on the BIG-IP system:
  • Ensure that the system license includes the Routing Bundle add-on.
  • Ensure that ZebOS is configured correctly. If you need help, refer to the following resources on AskF5:
    • BIG-IPTMOS: Concepts
    • BIG-IPTMOS: Implementations
    • BIG-IPTMOS: IP Routing Administration
    • BIG-IP Advanced Routing
       (multiple manuals are available)
Enable ZebOS protocols to allow the BIG-IP system to dynamically learn routes.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the command prompt, type
    zebos enable <protocol_type>
     and press Enter.
    The system returns an enabled response.
  3. To verify that the ZebOS dynamic routing protocol is enabled, at the command prompt, type
    zebos check
     and press Enter.
    The system returns a list of all enabled protocols.

Creating a custom DNS profile

Before you start, make sure that you have activated licenses for BIG-IP DNS, and both the CGNAT and DNS services.
You can create a custom DNS profile to configure how the BIG-IP system handles DNS queries.
  1. On the Main tab, click
    DNS
    Delivery
    Profiles
    DNS
    or
    Local Traffic
    Profiles
    Services
    DNS
    .
    The DNS profile list screen opens.
  2. Click
    Create
    .
    The New DNS Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. In the General Properties area, from the
    Parent Profile
     list, accept the default
    dns
     profile.
  5. Select the
    Custom
     check box.
  6. In the DNS Features area, from the
    GSLB
     list, accept the default value
    Enabled
    .
  7. In the DNS Features area, from the
    DNS IPv6 to IPv4
     list, select how you want the system to handle IPv6 to IPv4 address mapping in DNS queries and responses.
    Option
    Description
    Disabled
    The BIG-IP system does not map IPv4 addresses to IPv6 addresses.
    Immediate
    The BIG-IP system receives an AAAA query and forwards the query to a DNS server. The BIG-IP system then forwards the first good response from the DNS server to the client. If the system receives an A response first, it appends a 96-bit prefix to the record and forwards it to the client. If the system receives an AAAA response first, it simply forwards the response to the client. The system disregards the second response from the DNS server.
    Secondary
    The BIG-IP system receives an AAAA query and forwards the query to a DNS server. Only if the server fails to return a response does the BIG-IP system send an A query. If the BIG-IP system receives an A response, it appends a 96-bit user-configured prefix to the record and forwards it to the client.
    v4 Only
    The BIG-IP system receives an AAAA query, but forwards an A query to a DNS server. After receiving an A response from the server, the BIG-IP system appends a 96-bit user-configured prefix to the record and forwards it to the client.
    Select this option only if you know that all your DNS servers are IPv4 only servers.
    If you selected
    Immediate
    ,
    Secondary
    , or
    V4 Only
     two new fields display.
  8. In the DNS Features area, in the
    IPv6 to IPv4 Prefix
     field, specify the prefix the BIG-IP system appends to all A query responses to an IPv6 request.
  9. In the DNS Features area, from the
    IPv6 to IPv4 Additional Section Rewrite
     list, select an option to allow improved network efficiency for both Unicast and Multicast DNS-SD responses.
    Option
    Description
    Disabled
    The BIG-IP system does not perform additional rewrite.
    v4 Only
    The BIG-IP system accepts only A records. The system appends the 96-bit user-configured prefix to a record and returns an IPv6 response to the client.
    v6 Only
    The BIG-IP system accepts only AAAA records and returns an IPv6 response to the client.
    Any
    The BIG-IP system accepts and returns both A and AAAA records. If the DNS server returns an A record in the Additional section of a DNS message, the BIG-IP system appends the 96-bit user-configured prefix to the record and returns an IPv6 response to the client.
  10. In the DNS Features area, from the
    Use BIND Server on BIG-IP
     list, select
    Enabled
    .
    Enable this setting only when you want the system to forward non-wide IP queries to the local BIND server on BIG-IP DNS.
  11. To have the BIG-IP system set the client subnet option to the query source address for queries that do not already contain a client subnet option, from the
    Insert Source Address into Client Subnet Option
     list, select
    Enabled
    .
    This also causes the BIG-IP system to remove the client subnet option from responses to clients that did not send a client subnet option in their most recent query.
    Enabling this setting prevents the configuration of a DNS cache on the same DNS profile.
  12. Click
    Finished
    .

Configuring a listener for route advertisement

Ensure that ZebOS dynamic routing is enabled on BIG-IP DNS.
To allow BIG-IP DNS to advertise the virtual address of a listener to the routers on your network, configure the listener for route advertisement.
  1. On the Main tab, click
    DNS
    Delivery
    Listeners
    .
    The Listeners List screen opens.
  2. Click
    Create
    .
    The Listeners properties screen opens.
  3. In the
    Name
     field, type a unique name for the listener.
  4. For the Destination setting, in the
    Address
     field, type the IP address on which BIG-IP DNS listens for network traffic.
    The destination cannot be a self IP address on the system, because a listener with the same IP address as a self IP address cannot be advertised.
  5. From the
    VLAN Traffic
     list, select
    All VLANs
    .
  6. From the
    Listener
     list, select
    Advanced
    .
  7. For the
    Route Advertisement
     setting, select the
    Enabled
     check box.
  8. In the Service area, from the
    Protocol
     list, select
    UDP
    .
  9. From the
    DNS Profile
     list, select:
    dns
    This is the default DNS profile. With the default
    dns
     profile, BIG-IP DNS forwards non-wide IP queries to the BIND server on the BIG-IP DNS system itself.
    <custom profile>
    If you have created a custom DNS profile to handle non-wide IP queries in a way that works for your network configuration, select it.
  10. Click
    Finished
    .

Verifying advertisement of the route

Ensure that ZebOS dynamic routing is enabled on the BIG-IP system.
Run a command to verify that the BIG-IP system is advertising the virtual address.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the command prompt, type
    zebos cmd sh ip route | grep <listener IP address>
     and press Enter.
    An advertised route displays with a code of K and a 32 bit kernel, for example:
    K 127.0.0.1/32

Implementation result

You now have an implementation in which the BIG-IP system broadcasts virtual IP addresses that you configured for route advertisement.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information