Manual Chapter : Integrating BIG-IP DNS Into a Network with BIG-IP LTM Systems

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.0.0, 16.1.5, 16.1.4, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0

BIG-IP DNS

  • 17.0.0, 16.1.5, 16.1.4, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Manual Chapter

Integrating BIG-IP DNS Into a Network with BIG-IP LTM Systems

Overview: Integrating BIG-IP DNS (formerly GTM) with other BIG-IP systems on a network

You can add BIG-IP DNS systems to a network in which BIG-IP Local Traffic Manager (LTM) systems and BIG-IP Link Controller systems are already present. This expands your load balancing and traffic management capabilities beyond the local area network. For this implementation to be successful, you must authorize communications between the systems.
The BIG-IP DNS devices in a BIG-IP DNS synchronization group, and the LTM and Link Controller devices that are configured to communicate with the devices in the BIG-IP DNS synchronization group must have TCP port
4353
open through the firewall between the systems. The BIG-IP devices connect and communicate through this port.

About iQuery and communications between BIG-IP systems

The
gtmd
agent on BIG-IP DNS uses the iQuery protocol to communicate with the local
big3d
agent, and the
big3d
agents installed on other BIG-IP systems. The
gtmd
agent monitors both the availability of the BIG-IP systems, and the integrity of the network paths between the systems that host a domain and the local DNS servers that attempt to connect to that domain.
Communications between big3d and gtmd agents using iQuery
Example of communications between big3d and gtmd agents

Integrating gtm with other BIG-IP systems

To authorize communications between BIG-IP systems, perform the following tasks on the BIG-IP DNS system that you are adding to the network.

Defining a data center

On BIG-IP DNS, create a data center to contain the servers that reside on a subnet of your network.
  1. On the Main tab, click
    DNS
    GSLB
    Data Centers
    .
    The Data Center List screen opens.
  2. Click
    Create
    .
    The New Data Center screen opens.
  3. In the
    Name
    field, type a name to identify the data center.
    The data center name is limited to 63 characters.
  4. In the
    Location
    field, type the geographic location of the data center.
  5. In the
    Contact
    field, type the name of either the administrator or the department that manages the data center.
  6. From the
    Prober Preference
    list, select the preferred type of prober(s).
    Inside Data Center
    By default, select probers inside the data center.
    Outside Data Center
    Select probers outside the data center.
    Specific Prober Pool
    Select one of the Probers from the drop-down list. When you want to assign a Prober pool at the data center level.
    Note
    : Prober pools are not used by the bigip monitor.
  7. From the
    Prober Fallback
    list, select the type of prober(s) to use if insufficient numbers of the preferred type are available.
    Any Available
    By default, select any available prober.
    Inside Data Center
    Select probers inside the data center.
    Outside Data Center
    Select probers outside the data center.
    None
    No fallback probers are selected. Prober fallback is disabled.
    Specific Prober Pool
    Select one of the Probers from the drop-down list. When you want to assign a Prober pool at the data center level.
  8. From the
    State
    list, select
    Enabled
    .
  9. Click
    Finished
    .
Now you can create server objects and assign them to this data center.
Repeat these steps to create additional data centers.

Defining BIG-IP DNS systems

Ensure that at least one data center exists in the configuration before you start creating a server.
On BIG-IP DNS, you create a server object to represent the BIG-IP DNS system itself.
  1. On the Main tab, click
    DNS
    GSLB
    Servers
    .
    The Server List screen opens.
  2. Click
    Create
    .
    The New Server screen opens.
  3. In the
    Name
    field, type a name for the server.
    Server names are limited to 63 characters.
  4. From the
    Product
    list, select
    BIG-IP System
    .
  5. From the
    Data Center
    list, select the data center where the server resides.
  6. From the
    Prober Preference
    list, select the preferred type of prober(s).
    Inherit From Data Center
    By default, a server inherits the prober preference selection assigned to the data center in which the server resides.
    Inside Data Center
    A server selects the probers from inside the data center where the server resides.
    Outside Data Center
    A server selects the probers from outside the data center where the server resides.
    Specific Prober Pool
    Select one of the prober pools from the drop-down list. When assigning the prober pool at the server level.
    Note
    : Prober pools are not used by the bigip monitor.
  7. From the
    Prober Fallback
    list, select the type of prober(s) to be used if insufficient numbers of the preferred type are available.
    Inherit From Data Center
    By default, a server inherits the prober fallback selection assigned to the data center in which the server resides.
    Any Available
    For selecting any available prober.
    Inside Data Center
    A server selects probers from inside the data center where the server resides.
    Outside Data Center
    A server selects probers from outside the data center where the server resides.
    None
    No fallback probers are selected. Prober fallback is disabled.
    Specific Prober Pool
    Select one of the probers from the list When you want to assign a prober pool at the server level.
  8. From the
    State
    list, select
    Enabled
    .
  9. For the
    BIG-IP System Devices
    setting, click
    Add
    to add a device (server).
    1. Type a name in the
      Device Name
      field.
    2. Type an external (public) non-floating IP address in the
      Address
      field.
    3. If you use NAT, type an internal (private) IP address in the
      Translation
      field, and then click
      Add
      .
    4. Click
      Add
      .
    5. Click
      OK
      .
  10. From the
    Configuration
    list, select
    Advanced
    .
    Additional controls display on the screen.
  11. In the
    Health Monitors
    setting, assign the
    bigip
    monitor to the server by moving it from the
    Available
    list to the
    Selected
    list.
  12. From the
    Availability Requirements
    list, select an option and enter any required values.
    All Health Monitors
    By default, specifies that all of the selected health monitors must be successful before the server is considered up (available).
    At Least
    The minimum number of selected health monitors that must be successful before the server is considered up.
    Require
    The minimum number of successful probes required from the total number of probers requested.
  13. For the
    iQuery Options
    setting, for the
    TLS Minimum Version
    list, specify whether to use global or specific settings.
    • To inherit the global setting values, retain the default (
      Use Global Setting
      ).
    • To select a TLS minimum version, first select
      Server Specific
      , then specify the version. The default is
      TLSv1
      .
  14. For the
    iQuery Options
    setting, for the
    SSL Cipher List
    , specify whether to use global or specific settings.
    • To inherit the global setting values, retain the default (
      Use Global Setting
      ).
    • To display the cipher string, select
      Server Specific
      . The
      Reset String
      button also displays, which allows you to get the base cipher string back in the text box.
  15. From the
    Virtual Server Discovery
    list, select how you want virtual servers to be added to the system.
    If the virtual server IP address translation feature is going to be used, then BIG-IP DNS will automatically disable Virtual Server Discovery for the given server object globally.
    Disabled
    The system does not use the discovery feature to automatically add virtual servers. This is the default value. Use this option for a standalone BIG-IP DNS system or for a BIG-IP DNS/LTM combo system when you plan to manually add virtual servers to the system, or if your network uses multiple route domains.
    Enabled
    The system uses the discovery feature to automatically add and delete virtual servers. Use this option for a BIG-IP DNS/LTM combo system when you want the BIG-IP DNS system to discover LTM virtual servers.
    Enabled (No Delete)
    The system uses the discovery feature to automatically add virtual servers and does not delete any virtual servers that already exist in the configuration. Use this option for a BIG-IP DNS/LTM combo system when you want the BIG-IP DNS system to discover LTM virtual servers.
  16. In the
    Virtual Server List
    setting, if you selected
    Disabled
    from the
    Virtual Server Discovery
    list, specify the virtual servers that are resources on this server.
    1. In the
      Name
      field, type the name of the virtual server.
    2. In the
      Address
      field, type the IP address of the virtual server.
    3. From the
      Service Port
      list, select the port the server uses.
    4. Click
      Add
      .
  17. From the
    Link Discovery
    list, select how you want links to be added to the system.
    Disabled
    The system does not use the discovery feature to automatically add links. This is the default value. Use this option for a standalone BIG-IP DNS system or for a BIG-IP DNS/LTM combo system when you plan to manually add links to the system.
    Enabled
    The system uses the discovery feature to automatically add and delete links. Use this option for a BIG-IP DNS/LTM combo system when you want BIG-IP DNS to discover links.
    Enabled (No Delete)
    The system uses the discovery feature to automatically add links and does not delete any links that already exist in the configuration. Use this option for a BIG-IP DNS/LTM combo system when you want BIG-IP DNS to discover links.
  18. Click
    Finished
    .
    The Server List screen opens displaying the new server in the list.

Defining BIG-IP LTM systems

On DNS, define servers that represent the LTM systems in your network.
  1. On the Main tab, click
    DNS
    GSLB
    Servers
    .
    The Server List screen opens.
  2. Click
    Create
    .
    The New Server screen opens.
  3. In the
    Name
    field, type a name for the server.
    Server names are limited to 63 characters.
  4. From the
    Product
    list, select
    BIG-IP System
    .
  5. From the
    Data Center
    list, select the data center where the server resides.
  6. From the
    Prober Preference
    list, select the preferred type of prober(s).
    Inherit From Data Center
    By default, a server inherits the prober preference selection assigned to the data center in which the server resides.
    Inside Data Center
    A server selects the probers from inside the data center where the server resides.
    Outside Data Center
    A server selects the probers from outside the data center where the server resides.
    Specific Prober Pool
    Select one of the Prober pools from the drop-down list. When assigning the Prober pool at the server level.
    Note
    :
    Prober pools are not used by the bigip monitor.
  7. From the
    Prober Fallback
    list, select the type of prober(s) to be used if insufficient numbers of the preferred type are available.
    Inherit From Data Center
    By default, a server inherits the prober fallback selection assigned to the data center in which the server resides.
    Any Available
    For selecting any available prober.
    Inside Data Center
    A server selects probers from inside the data center where the server resides.
    Outside Data Center
    A server selects probers from outside the data center where the server resides.
    None
    No fallback probers are selected. Prober fallback is disabled.
    Specific Prober Pool
    Select one of the probers from the list When you want to assign a prober pool at the server level.
  8. From the
    State
    list, select
    Enabled
    .
  9. For the
    BIG-IP System Devices
    setting, click
    Add
    to add a device (server).
    1. Type a name in the
      Device Name
      field.
    2. Type an external (public) non-floating IP address in the
      Address
      field.
    3. If you use NAT, type an internal (private) IP address in the
      Translation
      field, and then click
      Add
      .
    4. Click
      Add
      .
    5. Click
      OK
      .
  10. From the
    Configuration
    list, select
    Advanced
    .
    Additional controls display on the screen.
  11. In the
    Health Monitors
    setting, assign the
    bigip
    monitor to the server by moving it from the
    Available
    list to the
    Selected
    list.
  12. From the
    Availability Requirements
    list, select an option and enter any required values.
    All Health Monitors
    By default, specifies that all of the selected health monitors must be successful before the server is considered up (available).
    At Least
    The minimum number of selected health monitors that must be successful before the server is considered up.
    Require
    The minimum number of successful probes required from the total number of probers requested.
  13. For the
    iQuery Options
    setting, for the
    TLS Minimum Version
    list, specify whether to use global or specific settings.
    • To inherit the global setting values, retain the default (
      Use Global Setting
      ).
    • To select a TLS minimum version, first select
      Server Specific
      , then specify the version. The default is
      TLSv1
      .
  14. For the
    iQuery Options
    setting, for the
    SSL Cipher List
    , specify whether to use global or specific settings.
    • To inherit the global setting values, retain the default (
      Use Global Setting
      ).
    • To display the cipher string, select
      Server Specific
      . The
      Reset String
      button also displays, which allows you to get the base cipher string back in the text box.
  15. From the
    Virtual Server Discovery
    list, select how you want virtual servers to be added to the system.
    If the virtual server IP address translation feature is going to be used, then BIG-IP DNS will automatically disable Virtual Server Discovery for the given server object globally.
    Disabled
    The system does not use the discovery feature to automatically add virtual servers. This is the default value. Use this option for a standalone BIG-IP DNS system or for a BIG-IP DNS/LTM combo system when you plan to manually add virtual servers to the system, or if your network uses multiple route domains.
    Enabled
    The system uses the discovery feature to automatically add and delete virtual servers. Use this option for a BIG-IP DNS/LTM combo system when you want the BIG-IP DNS system to discover LTM virtual servers.
    Enabled (No Delete)
    The system uses the discovery feature to automatically add virtual servers and does not delete any virtual servers that already exist in the configuration. Use this option for a BIG-IP DNS/LTM combo system when you want the BIG-IP DNS system to discover LTM virtual servers.
  16. In the
    Virtual Server List
    setting, if you selected
    Disabled
    from the
    Virtual Server Discovery
    list, specify the virtual servers that are resources on this server.
    1. In the
      Name
      field, type the name of the virtual server.
    2. In the
      Address
      field, type the IP address of the virtual server.
    3. From the
      Service Port
      list, select the port the server uses.
    4. Click
      Add
      .
  17. From the
    Link Discovery
    list, select how you want links to be added to the system.
    Disabled
    The system does not use the discovery feature to automatically add links. This is the default value. Use this option for a standalone BIG-IP DNS system or for a BIG-IP DNS/LTM combo system when you plan to manually add links to the system.
    Enabled
    The system uses the discovery feature to automatically add and delete links. Use this option for a BIG-IP DNS/LTM combo system when you want BIG-IP DNS to discover links.
    Enabled (No Delete)
    The system uses the discovery feature to automatically add links and does not delete any links that already exist in the configuration. Use this option for a BIG-IP DNS/LTM combo system when you want BIG-IP DNS to discover links.
  18. Click
    Finished
    .
    The Server List screen opens displaying the new server in the list.
  19. In the Server List screen, select the name of the new server.
  20. Select the Virtual Servers tab.
  21. From the
    Virtual Servers
    list, select the name of a virtual server previously created.
    A Virtual Server list screen opens.
  22. From the
    Configuration
    list, select
    Advanced
    .
    Additional controls display on the screen.
  23. In the
    Health Monitors
    setting, assign the
    bigip
    monitor to the server by moving it from the
    Available
    list to the
    Selected
    list.
  24. Click
    Update
    .

Running the big3d_install script

Determine the self IP addresses of the BIG-IP systems that you want to upgrade with the latest
big3d
agent. Ensure that port
22
is open on these systems.
Run the
big3d_install
script on the DNS system you are adding to your network. This upgrades the
big3d
agents on the other BIG-IP systems on your network. It also instructs these systems to authenticate with the other BIG-IP systems through the exchange of SSL certificates. For additional information about running the script, see K13312 on AskF5.com (
www.askf5.com
).
You must perform this task from the command-line interface.
All target BIG-IP systems must be running the same or an older version of BIG-IP software.
  1. Log in as
    root
    to the BIG-IP DNS system you are adding to your network.
  2. Run this command to access
    tmsh
    :
    tmsh
  3. Run this command to run the
    big3d_install
    script:
    run gtm big3d_install
    <IP_addresses_of_target BIG-IP_systems>
    The script instructs BIG-IP DNS to connect to each specified BIG-IP system.
  4. If prompted, enter the
    root
    password for each system.
The SSL certificates are exchanged, authorizing communications between the systems. The
big3d
agent on each system is upgraded to the same version as is installed on the BIG-IP DNS system from which you ran the script.

Running the bigip_add script

You must determine the self IP addresses of the LTM systems that you want to communicate with BIG-IP DNS before you start this task.
You run the
bigip_add
script on the BIG-IP DNS system you are installing on a network that includes other BIG-IP systems of the same version. This script exchanges SSL certificates so that each system is authorized to communicate with the other. For additional information about running the script, see K13312 on AskF5.com (
www.askf5.com
).
The BIG-IP DNS and BIG-IP LTM systems must have TCP port
22
open for the script to work. You must perform this task from the command-line interface.
  1. Log in as
    root
    to the BIG-IP DNS system you are installing on your network.
  2. Run this command to access
    tmsh
    .
    tmsh
  3. Run this command to run the
    bigip_add
    utility:
    run gtm bigip_add
    <IP_addresses_of_BIG-IP_LTM_systems>
    The utility exchanges SSL certificates so that each system is authorized to communicate with the other.

Implementation result

You now have an implementation in which the BIG-IP systems can communicate with each other. DNS can now use the other BIG-IP systems when load balancing DNS queries, and can acquire statistics and status information for the virtual servers these systems manage.