Manual Chapter : Configuring Protocol Validation and Response Cache

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Configuring Protocol Validation and Response Cache

Configuring Protocol Validation and Response Cache

You can configure Protocol Validation so that responses, both authoritative and non-authoritative, are cached to hardware in order to mitigate against random source flood attacks. By configuring DNS Response Cache to offload/accelerate commonly requested entries in hardware, entries can still be responded to when the software is overwhelmed.
If you have a DNS Services rate-limited license, Response Cache is automatically disabled.

Enable a bitstream

Ensure you are using a VIPRION platform that supports FPGA firmware.
Enable the intelligent bitstream as part of the process to configure Protocol Validation and Response Cache.
  1. On the Main tab, click
    System
    Resource Provisioning
    .
  2. For the
    FPGA Firmware Selection
    setting, select the
    l7-intelligent-fpga
    check box.
    This setting is hidden if the appropriate hardware is not present.
  3. Click
    Submit
    .

Supported platforms for FPGA firmware selection

Platform family
Platform model
VIPRION
B2250 blade
VIPRION
C2200 chassis
VIPRION
C2400 chassis
Hardware DNS features are only available on platforms that support Altera FPGA, including Vic2 and later platforms.

Configure Protocol Validation and Response Cache in a DNS profile

Ensure that the BIG-IP system has a DNS Services license.
Configure Protocol Validation for dropping malformed packets and Response Cache to offload/accelerate commonly asked entries in hardware.
  1. On the Main tab, click
    DNS
    Delivery
    Profiles
    DNS
    .
    The DNS list screen opens.
  2. In the name column, click the system-supplied
    dns
    profile.
    The DNS properties list screen opens.
  3. In the Hardware Acceleration area, from the
    Protocol Validation
    list, select
    Enabled
    .
  4. From the
    Response Cache
    list, select
    Enabled
    .
  5. Click
    Update
    .

Apply a DNS profile to a listener

Apply a DNS profile as part of the process to configure Protocol Validation and Response Cache.
  1. On the Main tab, click
    DNS
    Delivery
    Listeners
    .
    The Listeners List screen opens.
  2. In the
    Name
    column, click the name of a listener you want to modify.
  3. In the Service area, for the
    DNS Profile
    setting, select the
    dns
    profile.
    When the listener is defined from the BIG-IP LTM Virtual Server page, select the
    udp_gtm_dns
    profile.
  4. Click
    Update
    .