Applies To:Show Versions
- 17.0.0, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
- 17.0.0, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Configuring BIG-IP DNS on a Network with One Route Domain
Overview: How do I deploy BIG-IP DNS on a network with one route domain?
Creating VLANs for a route domain on BIG-IP LTM
- On the Main tab, click.The VLAN List screen opens.
- ClickCreate.The New VLAN screen opens.
- In theNamefield, typeexternal.
- In theTagfield, type a numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag.The VLAN tag identifies the traffic from hosts in the associated VLAN.
- If you want to use Q-in-Q (double) tagging, use theCustomer Tagsetting to perform the following two steps. If you do not see theCustomer Tagsetting, your hardware platform does not support Q-in-Q tagging and you can skip this step.
The customer tag specifies the inner tag of any frame passing through the VLAN.
- From theCustomer Taglist, selectSpecify.
- Type a numeric tag, from 1-4094, for the VLAN.
- For theInterfacessetting:
- From theInterfacelist, select an interface number or trunk name.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- If you specified a numeric value for theCustomer Tagsetting and from theTagginglist you selectedTagged, then from theTag Modelist, select a value.
- Repeat these steps for each interface or trunk that you want to assign to the VLAN.
- If you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated, select theSource Checkcheck box.
- For theHardware SYN Cookiesetting, select or clear the check box.When you enable this setting, the BIG-IP system triggers hardware SYN cookie protection for this VLAN.Enabling this setting causes additional settings to appear. These settings appear on specific BIG-IP platforms only.
- For theSyncache Thresholdsetting, retain the default value or change it to suit your needs.TheSyncache Thresholdvalue represents the number of outstanding SYN flood packets on the VLAN that will trigger the hardware SYN cookie protection feature.When theHardware SYN Cookiesetting is enabled, the BIG-IP system triggers SYN cookie protection in either of these cases, whichever occurs first:
- The number of TCP half-open connections defined in the LTM settingGlobal SYN Check Thresholdis reached.
- The number of SYN flood packets defined in thisSyncache Thresholdsetting is reached.
- For theSYN Flood Rate Limitsetting, retain the default value or change it to suit your needs.TheSYN Flood Rate Limitvalue represents the maximum number of SYN flood packets per second received on this VLAN before the BIG-IP system triggers hardware SYN cookie protection for the VLAN.
- ClickFinished.The screen refreshes, and it displays the new VLAN in the list.
Creating a route domain on the BIG-IP system
- Ensure that an external and an internal VLAN exist on the BIG-IP system.
- Verify that you have set the current partition on the system to the partition in which you want the route domain to reside.
- On the Main tab, click.The Route Domain List screen opens.
- ClickCreate.The New Route Domain screen opens.
- In theNamefield, type a name for the route domain.This name must be unique within the administrative partition in which the route domain resides.
- In theIDfield, type an ID number for the route domain.This ID must be unique on the BIG-IP system; that is, no other route domain on the system can have this ID.An example of a route domain ID is1.
- For theParent Namesetting, retain the default value.
- For theVLANssetting, from theAvailablelist, select a VLAN name and move it to theMemberslist.Select the VLAN that processes the application traffic relevant to this route domain.Configuring this setting ensures that the BIG-IP system immediately associates any self IP addresses pertaining to the selected VLANs with this route domain.
- ClickFinished.The system displays a list of route domains on the BIG-IP system.
Creating a self IP address for a route domain on BIG-IP LTM
- On the Main tab, click.
- ClickCreate.The New Self IP screen opens.
- In theNamefield, type a unique name for the self IP address.
- In theIP Addressfield, type an IP address.This IP address must represent a self IP address in a route domain. Use the formatx.x.x.x%n, wherenis the route domain ID, for example, 10.1.1.1%1.The system accepts IPv4 and IPv6 addresses.
- In theNetmaskfield, type the network mask for the specified IP address.For example, you can type255.255.255.0.
- From theVLAN/Tunnellist, select the VLAN that you assigned to the route domain that contains this self IP address.
- From thePort Lockdownlist, selectAllow Default.
- ClickFinished.The screen refreshes, and displays the new self IP address.
Defining a server for a route domain on BIG-IP DNS
- On the Main tab, click.The Server List screen opens.
- ClickCreate.The New Server screen opens.
- In theNamefield, type a name for the server.Server names are limited to 63 characters.
- From theProductlist, selectBIG-IP System.
- From theData Centerlist, select the data center where the server resides.
- From theProber Preferencelist, select the preferred type of prober(s).Inherit From Data CenterBy default, a server inherits the prober preference selection assigned to the data center in which the server resides.Inside Data CenterA server selects the probers from inside the data center where the server resides.Outside Data CenterA server selects the probers from outside the data center where the server resides.Specific Prober PoolSelect one of the Prober pools from the drop-down list. When assigning the Prober pool at the server level.Note:Prober pools are not used by the bigip monitor.
- From theProber Fallbacklist, select the type of prober(s) to be used if insufficient numbers of the preferred type are available.Inherit From Data CenterBy default, a server inherits the prober fallback selection assigned to the data center in which the server resides.Any AvailableFor selecting any available prober.Inside Data CenterA server selects probers from inside the data center where the server resides.Outside Data CenterA server selects probers from outside the data center where the server resides.NoneNo fallback probers are selected. Prober fallback is disabled.Specific Prober PoolSelect one of the probers from the list When you want to assign a prober pool at the server level.
- In the BIG-IP System devices area, add the self IP address that you assigned to the VLAN that you assigned to the route domain.Do not include the route domain ID in this IP address. Use the format x.x.x.x, for example, 10.10.10.1.
- In theHealth Monitorssetting, assign thebigipmonitor to the server by moving it from theAvailablelist to theSelectedlist.
- From theAvailability Requirementslist, select an option and enter any required values.All Health MonitorsBy default, specifies that all of the selected health monitors must be successful before the server is considered up (available).At LeastThe minimum number of selected health monitors that must be successful before the server is considered up.RequireThe minimum number of successful probes required from the total number of probers requested.
- From theVirtual Server Discoverylist, select how you want virtual servers to be added to the system.Virtual server discovery is supported when you have only one route domain.DisabledUse this option when you plan to manually add virtual servers to the system, or if your network uses multiple route domains. This is the default value.EnabledThe system automatically adds virtual servers using the discovery feature.Enabled (No Delete)The system uses the discovery feature and does not delete any virtual servers that already exist.
- ClickFinished.The Server List screen opens displaying the new server in the list.
Running the big3d_install script
- Log in asrootto the BIG-IP DNS system you are adding to your network.
- Run this command to accesstmsh:tmsh
- Run this command to run thebig3d_installscript:run gtm big3d_install<IP_addresses_of_target BIG-IP_systems>The script instructs BIG-IP DNS to connect to each specified BIG-IP system.
- If prompted, enter therootpassword for each system.
Running the bigip_add script
- Log in asrootto the BIG-IP DNS system you are installing on your network.
- Run this command to accesstmsh.tmsh
- Run this command to run thebigip_addutility:run gtm bigip_add<IP_addresses_of_BIG-IP_LTM_systems>The utility exchanges SSL certificates so that each system is authorized to communicate with the other.