Applies To:
Show Versions
3-DNS Controller versions 1.x - 4.x
- 2.0.1 PTF-01, 2.0.1, 2.0.0
4
Defining the Network Setup
- Setting up a basic configuration
- Setting up a data center
- Setting up servers
- Setting up sync groups
- Configuring global variables
- Configuring IP filters
- Configuring Sendmail
Setting up a basic configuration
The second phase of installing 3DNS Controllers is to define the network setup. Each 3DNS Controller in the network setup needs to understand which data center stores specific servers, and which other 3DNS Controllers it can share configuration and load balancing information with. A basic network setup includes data centers, servers, wide IPs, and one sync group.
In addition, you can also configure global variables that apply to all servers and wide IPs in your network. Because the default values work well for most situations, configuring global variables is entirely optional, and you can find more information about it in Configuring global variables , on page 4-29.
- Data centers
Data centers are the top level of your network setup. We recommend that you configure one data center for each physical location in your global network. A data center defines the servers (3DNS Controllers, BIG/ip Controllers, and hosts) that reside at that location.Each data center can contain any type of server. For example, in Figure 4.1 , the Tokyo data center contains a 3DNS Controller and a host, while the New York and Los Angeles data centers contain 3DNS Controllers and BIG/ip Controllers.
To configure data centers, see Setting up a data center , on page 4-2.
- Servers
The servers that you define in the network setup include 3DNS Controllers, BIG/ip Controllers, and host machines. You need to configure the 3DNS Controllers that manage the BIG/ip Controllers and hosts, as well as the virtual servers that are managed by the BIG/ip Controllers and hosts. Virtual servers are the ultimate destination for connection requests.To configure servers, see Setting up servers , on page 4-5.
- Sync groups
Sync groups contain only 3DNS Controllers. By setting up a sync group, you define which 3DNS Controllers have the same configuration. In most cases, you should define all 3DNS Controllers as part of the same sync group.To configure sync groups, see Setting up sync groups , on page 4-27.
- Wide IPs
After you configure virtual servers on your BIG/ip Controllers and hosts, you need to specify how connections are distributed among the virtual servers by defining wide IPs. A wide IP maps a domain name to a pool of virtual servers, and it specifies the load balancing modes that the 3DNS Controller uses to choose a virtual server from the pool. When a local DNS requests a connection to a specific domain name, the wide IP definition specifies which virtual servers are eligible to answer the request, as well as which load balancing modes to use in choosing one virtual server for resolving each request.To configure wide IPs, see Defining a wide IP , on page 5-2.
Setting up a data center
The first step in configuring your 3DNS Controller network is to create data centers. A data center defines the group of 3DNS Controllers, BIG/ip Controllers, and hosts that reside in a single physical location.
Figure 4.1 Example network setup
The advantage of grouping all machines in one location into one data center is that, by doing so, you are allowing path information collected by one machine to be shared with all other machines in the data center. For example, when a host machine belongs to a data center, the host can take advantage of the information collected by the big3d agent, which only runs on 3DNS Controllers and BIG/ip Controllers. Without the information that the big3d agent collects, you would not be able to use dynamic load balancing modes for virtual servers owned by host machines.
To configure a data center using the F5 Configuration utility
- In the navigation pane, click Data Centers.
- On the toolbar, click Add Datacenter.
The Add New Datacenter screen opens. - In the Name box, type a name for the data center.
- In the Location box, type the physical location of the data center (optional).
- In the Contact box, type the name of the data center administrator or the name of the department that manages the data center.
Although this information is not required, it can be useful if problems later arise or changes are required.
- Click Add.
The data center is added to your configuration. Repeat this process for each data center in your network. When you add servers to the network setup, you will assign the servers to the appropriate data centers.
To configure a data center manually
- On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
An environment variable determines whether this command starts vi or pico. - Locate or add the datacenter statement.
The datacenter statement should be the second statement in the file, after the globals statement and before server statements.
- In the first line of the datacenter statement, type a name for the data center and enclose the name in quotation marks, as shown in Figure 4.2 .
- Enter the server type and IP address for each server that is part of the specified data center.
Figure 4.2 shows the correct syntax for the datacenter statement:
datacenter {
name <"data center name">
[ location <"location info"> ]
[ contact <"contact info"> ]
[ 3dns <3DNS IP address> ]
[ bigip <BIG/ip IP address> ]
[ host <host IP address> ]
}Figure 4.2 Syntax for the datacenter statement
Repeat the above procedure until you have added a separate datacenter statement for each data center on your network.
Figure 4.3 shows a sample datacenter statement:
datacenter {
name "New York"
location "NYC"
contact "3DNS_Admin"
3dns 192.168.101.2
bigip 192.168.101.40
host 192.168.105.40
}
Setting up servers
There are three types of servers: 3DNS Controllers, BIG/ip Controllers, and other hosts. At the very minimum, your network includes at least two servers: one 3DNS Controller and one server (BIG/ip Controller or host) that it manages.
This section describes how to set up each 3DNS Controller, BIG/ip Controller, and host machine that make up your network. The setup procedures here assume that the BIG/ip Controllers and hosts are up and running, and that they already have virtual servers defined. Note that 3DNS Controllers do not manage virtual servers.
Defining 3DNS Controller servers
The purpose of defining a 3DNS Controller server is to establish where the 3DNS Controller resides (in which data center) and to change big3d agent settings if you prefer. In setting up a 3DNS Controller server, you also make that 3DNS Controller available to be added to a sync group.
To define a 3DNS Controller server using the F5 Configuration utility
- In the navigation pane, click 3DNS Servers.
- On the toolbar, click Add 3DNS Server.
The Add New 3DNS Server screen opens. - In the 3DNS Server Name box, type the name of the 3DNS Controller.
- In the 3DNS Server IP Address box, type the IP address of the 3DNS Controller. If the server is actually a redundant system, type the shared IP alias.
- Check the Secure option to specify that the 3DNS Controller uses ssh (secure shell) for remote connections. The default setting for US 3DNS Controllers is to use ssh. The default setting for international 3DNS Controllers is to use rsh, an uninterrupted shell.
- In the User box, specify the user name that you want to use for remote logins. Enclose this name in quotation marks. If you omit this parameter, the default, "root", is used.
- If you want to turn the big3d agent off, clear the check boxes next to each factory.
- If you want to change the number of factories that the big3d agent runs, type the new value in the corresponding factory box (you can specify separate numbers for each factory).
- If the server is actually a redundant system, type the IP address of each unit in the system in the Interface Settings boxes.
- Click Next.
The Data Centers screen opens. - Select the data center where the 3DNS Controller is located, and click Finish.
The 3DNS Controller is added to your configuration. Repeat this procedure for each 3DNS Controller you need to add.
To define a 3DNS Controller server manually
- On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
- Use the syntax shown in Figure 4.4 to define a 3DNS Controller.
All server statements should appear after the sync_group statement and before wideip statements.
server {
type 3dns
address <IP address>
name <"3dns_name">
[ remote {
secure <yes | no>
user <"user name">
} ]
[ interface {
address <NIC IP address>
address <NIC IP address>
} ]
[ factories {
prober <number>
discovery <number>
snmp <number>
hops <number>
} ]
[ prober <IP address> ]
probe_protocol < icmp | udp | tcp >
port <port to probe>
}Figure 4.4 Syntax for defining a 3DNS Controller server
Figure 4.5 shows a sample server statement that defines a 3DNS Controller:
// New York
server {
type 3dns
address 192.168.101.2
name "3dns-newyork"
remote {
secure no
user "root"
}
prober 192.168.101.40
probe_protocol icmp
port 53
}
Defining BIG/ip Controller servers
Before you define BIG/ip Controller servers, you need to have the following information:
- The IP address and service name or port number of each virtual server to be managed by the BIG/ip Controller.
- The IP address of the server itself.
To define a BIG/ip Controller server using the F5 Configuration utility
- In the navigation pane, click BIG/ips.
- On the toolbar, click Add BIG/ip.
The Add BIG/ip Server screen opens. - In the BIG/ip Server Name box, type the name of the BIG/ip Controller.
- In the BIG/ip IP Address box, type the IP address of the BIG/ip Controller. If the server is actually a redundant system, type the shared IP alias.
- Check the Secure option to specify that the BIG/ip Controller uses ssh (secure shell) for remote connections. The default setting for US BIG/ip Controllers is to use ssh. The default setting for international BIG/ip Controllers is to use rsh, an unencrypted shell.
- In the User box, specify the user name that you want to use for remote logins. Enclose this name in quotation marks. If you omit this parameter, the default, "root", is used.
- If you want to turn the big3d agent off, clear the check boxes next to each factory.
- If you want to change the number of factories that the big3d agent runs, type the new value in the corresponding factory box (you can specify separate numbers for each factory).
- If the server is actually a redundant system, type the IP address of each unit in the system in the Interface Settings boxes.
- Click Next.
The Data Centers screen opens. - Select the data center where the BIG/ip Controller is located, and click Next.
The Configure Virtual Server screen opens. - In the Virtual Server IP Address box, type the virtual server's IP address.
- In the Virtual Server Port box, type the virtual server's port number or select a service from the list.
- To allow iQuery packets to pass through firewalls, complete the Translate IP Address and Translate Port boxes. See Setting up iQuery communications for the big3d agent , on page 2-20 for details.
- Click Finish.
The BIG/ip Controller and the specified virtual server are added to your configuration.
To add additional virtual servers using the F5 Configuration utility
- In the navigation pane, click BIG/ips.
- In the BIG/ip Virtual Servers column, click the BIG/ip Controller that you just added.
- On the toolbar, click Add Virtual Servers.
- In the Virtual Server IP Address box, type the virtual server's IP address.
- In the Virtual Server Port box, type the virtual server's port number or select a service from the list.
- To allow iQuery packets to pass through firewalls, complete the Translate IP Address and Translate Port boxes. See Setting up iQuery communications for the big3d agent , on page 2-20 for details.
- Click Add.
Repeat this process for each virtual server you want to add to this BIG/ip Controller.
To define a BIG/ip Controller server manually
- On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
- Use the syntax shown in Figure 4.6 to define a BIG/ip Controller.
All server statements should appear after the sync_group statement and before wideip statements.
If you need to allow iQuery packets to pass through firewalls, include the translate keyword in the server statement that defines the BIG/ip Controller. When you include the translate keyword, the iQuery utility includes translated IP addresses in the packets sent to the specific BIG/ip Controller. See Setting up iQuery communications for the big3d agent , on page 2-20 for details.
server {
type bigip
address <IP address>
name <"bigip_name">
[ remote {
secure <yes | no>
user <"user name">
} ]
[ interface {
address <NIC IP address>
address <NIC IP address>
} ]
[ factories {
prober <number>
discovery <number>
snmp <number>
hops <number>
} ]
vs {
address <virtual server IP address>
port <port number> | service <"service name">
[ translate {
address <IP address>
port <port number>|service <"service name">
} ]
}
}Figure 4.6 Syntax for defining a BIG/ip Controller server
Figure 4.7 shows a sample server statement that defines a BIG/ip Controller:
server {
type bigip
address 192.168.101.40
name "bigip-newyork"
remote {
secure yes
user "administrator"
}
# Tell 3DNS about the 2 interfaces on a BIG/ip HA
interface {
address 192.168.101.41
address 192.168.101.42
}
# Change the number of factories doing the work at big3d
factories {
prober 6
discovery 1
snmp 1
hops 2
}
vs {
address 192.168.101.50
service "http"
translate {
address 10.0.0.50
port 80
}
}
vs {
address 192.168.101.50:25 // smtp
translate {
address 10.0.0.50:25
}
}
}
Defining host servers
A host is an individual network server or server array controller other than the BIG/ip Controller. Before you configure a host, you should know the following:
- Address information
Collect the IP address and service name or port number of each virtual server to be managed by the host. - SNMP information for host probing
If you want to implement host probing, you need to specify SNMP agent settings after you define the host server. The settings you specify include the type and version of SNMP agent that runs on the host, the community string, and the number of communication attempts that you want the big3d agent to make while gathering host metrics. SNMP agent settings for hosts are described in Configuring host SNMP settings , on page 4-17.
Note: To fully configure host probing, you need to configure the SNMP agent settings in the host definition as previously described, but you also need to set up the big3d agents to run SNMP factories, and you need to configure the SNMP agents on the hosts themselves. See Setting up SNMP probing for hosts , on page 2-14 for details.
To define a host server using the F5 Configuration utility
- In the navigation pane, click Hosts.
- On the toolbar, click Add Host IP.
- In the Host Name box, enter the name of the host.
- In the Host IP Address box, type the IP address of the host.
- In the Host Port box, type the host's port number or select a service from the list.
- If you want a big3d agent to collect path data on behalf of the host, type the IP address of a 3DNS Controller or BIG/ip Controller that runs the big3d agent in the Prober IP Address box. Note that the controller that runs the big3d agent must be located in the same data center as the host.
- If you specify a prober IP address, specify whether the prober uses the ICMP, TCP, or UDP protocol in the Probe Protocol box.
- Click Next.
The Data Centers screen opens. - Select the data center where the host is located, and click Next.
The Configure Virtual Server screen opens. - In the IP Address box, type the virtual server's IP address.
- In the Port box, type the virtual server's port number or select a service from the list.
- If you are using the Ratio load balancing mode, specify a ratio weight in the Ratio box. The ratio weight determines proportionally how often a virtual server will be chosen. The default ratio weight is 1.
- Click Finish.
The host and the specified virtual server are added to your configuration.
To add additional virtual servers using the F5 Configuration utility
- In the navigation pane, click Hosts.
- In the table, find the host that you just added.
- Click the entry in its Host Virtual Servers column.
- On the toolbar, click Add Host Virtual Servers.
- Enter the virtual server's IP address, port, and ratio values as shown in the preceding procedure.
- Click Add.
Repeat this process for each virtual server you want to add to this host.
To define a host server manually
- On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
- Use the syntax shown in Figure 4.8 to define a host.
All server statements should appear after the sync_group statement and before wideip statements.
server {
type host
address <IP address>
name <"host_name">
[ prober <ip_address> ]
probe_protocol <tcp | icmp | udp>
port <port number> | service <"service name">
[ snmp {
agent <generic | ucd | solstice | ntserv>
port <port number>
community <"community string">
timeout <seconds>
retries <number>
version <SNMP version>
} ]
vs {
address <virtual server IP address>
port <port number> | service <"service name">
[ probe_protocol <tcp | icmp| udp> ]
}
}Figure 4.8 Syntax for defining a host server
Figure 4.9 shows a sample server statement that defines a host:
server {
type host
address 192.168.104.40
name "host-tokyo"
prober 192.168.101.40
probe_protocol icmp
port 53
snmp {
agent ucd
community "public"
version 1
}
vs {
address 192.168.104.50:25
}
vs {
address 192.168.104.50:80
}
}
Configuring host SNMP settings
After defining a host server, you need to configure its SNMP settings if you want to use SNMP host probing. Remember that you must first set up at least one SNMP probing factory on each 3DNS Controller and BIG/ip Controller that runs the big3d agent.
Although the 3DNS Controller does not use all of the following information for load balancing, the SNMP prober collects it and the Hosts screen in the Configuration utility displays it for your convenience.
- Memory utilization
- CPU utilization
- Disk space utilization
- Bytes in/out
- Packet rate
Of these metrics, the 3DNS Controller uses only the packets in/out metrics to make load balancing decisions.
The 3DNS Controller supports the following host SNMP agents:
- Generic
The 3DNS Controller can work with a generic SNMP agent running on a host. - UCD SNMPD
The UCD SNMPD is a free SNMP agent provided by the University of California at Davis. It is freely available on the web at http://ucd-snmp.ucdavis.edu, ftp://ucd-snmp.ucdomain.edu/ucd-snmp.tar.gz. - Solstice Enterprise
The Solstice Enterprise agent is a product of SunSoft. - Windows NT 4.0 SNMP
The Windows NT 4.0 SNMP matrix agent is distributed with the Microsoft Windows NT 4.0 server.Configuring SNMP agents on hosts , on page 4-20, provides some useful tips for configuring the different SNMP agents on the hosts themselves. We recommend that you use the information in conjunction with the documentation originally provided with the SNMP agent.
To configure host SNMP settings using the F5 Configuration utility
- In the navigation pane, click Hosts.
- Select a host server from the list.
- On the toolbar, click SNMP Configuration.
The Host SNMP Configuration screen opens. - Check the SNMP Enabled box.
- In the SNMP Port box, type the port number that the SNMP agent runs on, or select a service from the list.
- Specify the type of SNMP agent you have in the Type box.
- In the Community box, specify the password to use for basic SNMP security and for grouping SNMP hosts.
- Type the SNMP agent version number in the Version box.
- Accept the defaults in the Retries and Timeout boxes.
The defaults are appropriate in most cases. If you are contacting a host through a very slow network, you can try increasing both values to improve performance. However, the problem with increasing these values is that a host that is down can hang up the SNMP for an excessive amount of time.
- Click Update to save these settings.
To configure host SNMP settings manually
- On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
- Locate or add the host server statement.
All server statements should appear after the sync_group statement and before wideip statements.
- Define the server type, address, name, prober, probe protocol, and port information as usual.
- Add the snmp statement. Figure 4.10 shows the SNMP syntax in bold.
- Define the virtual server information as usual.
server {
type host
address <IP address>
name <"host_name">
probe_protocol <tcp | icmp>
[ prober <IP address> ]
port <port number> | service <"service name">
[ snmp {
agent <generic | ucd | solstice | ntserv>
port <port number>
community <"community string">
timeout <seconds>
retries <number>
version <SNMP version>
} ]
vs {
address <virtual server IP address>
port <port number> | service <"service name">
[ probe_protocol <tcp | icmp> ]
}
}
Configuring SNMP agents on hosts
For host probing to work, you need to verify that the SNMP agent is properly configured on the host. The following sections offer some tips and hints on configuring each type of supported SNMP agent, but you may want to refer to the documentation provided with your SNMP software for more complete configuration information.
Configuring the UCD SNMP agent on the host
The UCD SNMP agent runs on HP-UX, Ultrix, Solaris, SunOS, OSF, NetBSD, FreeBSD, BSDi, Linux, AIX, OpenBSD, Irix, Windows 95, and Windows NT. Please refer to the ucdFAQ.txt file for details. On UNIX and UNIX-like systems, the default location for the configuration and MIB files is in the /usr/share/snmp directory. You can find help on snmpd options in the snmpd man page.
Figure 4.11 shows a sample configuration file in /usr/share/snmp/snmpd.conf. This file configures the SNMP agent to define a community. Our example uses 3dnspwd as the community, which is retrieved from the address 192.168.254.4 using the prober at 192.168.254.240. It allows read access of the entire SNMP MIB tree, but does not allow write access.
------------begin /usr/share/snmp/snmpd.conf------------
#
# To allow write access to the 'system' subgroup from the local
# network with the community string "sysadmin":
#
# - amend the "source" address in the com2sec section
# to match your local network address
# - uncomment the "access admin" line below
#
# You are also strongly advised to change the community string
# to something other than "sysadmin"
# sec.name source community
com2sec local localhost private
com2sec 3dns 192.168.254.240/32 3dnspwd
# sec.model sec.name
group local any local
group public any public
group 3dnsgroup any 3dns
# incl/excl subtree mask
view all included .1 80
view system included system fe
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
# context sec.model sec.level prefix read write not
#access admin "" any noauth 0 mib2 system none
access public "" any noauth 0 system none none
access local "" any noauth 0 all all all
access 3dnsgroup "" any noauth 0 all none none
------------eof /usr/share/snmp/snmpd.conf------------
Figure 4.11 Configuring a UCD SNMP agent on the host
Figure 4.12 shows the corresponding host server statement:
server {
type host
address 192.168.254.4 # address of host + SNMP agent
prober 192.168.254.240 # SNMP prober reader
snmp {
agent ucd
community 3dnspwd
}
vs {
address 192.168.254.201
}
: : :
}
Figure 4.12 Configuring the host server statement to run the UCD SNMP agent
Configuring the Solstice SNMP agent on the host
The Solaris or SunOS 5.x should include the Solstice Master Agent in the distribution CD. The following is a sample configuration that should work for host probing.
-------begin /etc/snmp/conf/snmpd.conf------
# Copyright 1988-01/28/97 Sun Microsystems, Inc. All Rights Reserved.
#pragma ident "@(#)snmpd.conf 2.22 97/01/28 Sun Microsystems"
# See below for file format and supported keywords
sysdescr Sun SNMP Agent,
syscontact System administrator
sysLocation System administrators office
#
system-group-read-community public
#system-group-write-community private
#
read-community public
#write-community private
#
trap localhost
trap-community SNMP-trap
#
#kernel-file /vmunix
#
#managers 192.168.254.240
#############################
# File Format:
# Each entry consists of a keyword followed by a parameter
# string, terminated by a newline. The keyword must begin in the
# first position. The parameters are separated from the keyword
# (and fromone another) by whitespace. All text following (and
# including) a '#' character is ignored. Case in keywords is
# ignored, but case inparameter strings is NOT ignored.
Figure 4.13 Configuring a Solstice SNMP agent on the host (continued on next page)
# Supported Keywords:
# sysdescr String to use for sysDescr.
# syscontact String to use for sysContact.
# syslocation String to use for sysLocation.
# system-group-read-community Community name needed for read
# access to the system group.
# system-group-write-community Community name needed for write
# accessto the system group.
# read-community Community name needed for read access
# to the entire MIB.
# write-community Community name needed for write access
# to the entire MIB (implies read access).
#
# trap Host names where traps should be sent.
# A maximum of 5 hosts may be listed.
# trap-community Community name to be used in traps.
#
# kernel-file Filename to use for kernel symbols.
#
# managers Hosts that can send SNMP queries.
# Only five hosts may be listed on any one line.
# This keyword may be repeated for a total of 32 hosts.
#
# newdevice Additional devices which are not built in snmpd
# format as below
#
# newdevice type speed name
#
# where newdevice is keyword, type is an interger which has to
# match yourschema file, speed is the new device's speed, and
# name is this newdevice's name
------eof /etc/snmp/conf/snmpd.conf------
Figure 4.14 Configuring a Solstice SNMP agent on the host (continued from previous page)
This allows 192.168.254.240 to query the Solstice SNMP agent. And, its community is public. The wideip.conf would be similar to the example for UCD except that the community is "public".
Configuring the Windows NT 4.0 SNMP agent on the host
To configure the Windows NT 4.0 SNMP agent, you need to complete the following tasks.
Install the SNMP agent via the Network Services
- Right-click the Network Neighborhood icon on your desktop.
- From the popup menu, select Properties.
- In the Properties dialog box, click the Services tab.
- Click Add, and then choose the SNMP service from the service list.
- Configure community name, IP address allowed to query, etc., so as to reflect the same configuration as specified in the wideip.conf file.
Note that whatever service pack you have previously installed into your Windows NT server you must reinstall in order for the SNMP agent to work.
Configure the SNMP server
When you configure the SNMP server, you need to provide the contact, community, and permission information that allows the big3d agent to read the SNMP MIB. Note that you cannot change the SNMP configuration when the SNMP service is running. You can temporarily stop the SNMP service by typing net stop snmp at the command prompt, and you can restart the service by typing net start snmp when you are finished making configuration changes.
Install the Windows NT Resource Kit
If you are doing a typical setup, you should install the Windows NT Resource Kit if it is not already installed on the server. These utilities should provide you with the following important files:
- MIBCC.EXE (MIB compiler)
- SNMPMON.EXE (SNMP monitor)
- SNMPUTIL.EXE (get/walk/getnext utility)
- PERF2MIB.EXE
- LMMIB2.MIB
- MIB_II.MIB
- SMI.MIB
Verify that the SNMP server is running
- Go to the Services tab to make sure the SNMP server is up and running.
- From the directory where you installed the resource kit utilities, run the following at the command prompt:
c:\utilities\perfm
The perfm.bat file effectively creates the performance monitoring agent's .dll, automatically loads it, and then restarts the SNMP agent.
Verify the installation
To verify that the Windows NT SNMP is working, go to the 3DNS Controller or BIG/ip Controller that runs the big3d SNMP factory. Run either the snmptest or snmpwalk commands.
Note: Before running snmptest or snmpwalk be sure that the ephemeral ports are open by typing the command:
sysctl -w bigip.open_3dns_lockdown_ports=1
Warning: We strongly recommend that you do not run a screensaver on your Windows NT server when it is running an SNMP agent. If you run a screensaver and the SNMP agent simultaneously, the CPU utilization reported by NT may show as 100% busy.
Setting up sync groups
A sync group defines the group of 3DNS Controllers that synchronize their configuration settings and metrics data. You configure a sync group from the principal 3DNS Controller. First list the IP address of the principal itself. Then list all other 3DNS Controllers, in the order that they should become principals should previously listed 3DNS Controllers fail.
Each 3DNS Controller in your network must be included in a sync group. There may be cases where you do not want a 3DNS Controller to share its configuration with other controllers. In this case, you can create a separate sync group for each 3DNS Controller. Each sync group would only contain its own name or IP address.
sync_group {
name "sync-ny"
3dns 192.168.101.2 // New York
}
sync_group {
name "sync-la"
3dns 192.168.102.2 // Los Angeles
}
Figure 4.15 Sample non-syncing sync groups statements
Note: To implement such a configuration, you must modify each 3DNS Controller's wideip.conf file; the F5 Configuration utility does not support this function.
To define a sync group using the F5 Configuration utility
- In the navigation pane, click 3DNS Sync.
The System - Synchronization screen opens. - In the Sync Group box, type the name of the new sync group and click Add Group.
- On the toolbar, click Add to Group.
The Add a 3DNS to a SyncGroup screen opens. - In the list of 3DNS Controllers, check the box next to the IP address of each 3DNS Controller that you want to add to the sync group. Select the principal 3DNS Controller first.
- Click Update.
To define a sync group manually
- On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
- Use the syntax shown in Figure 4.16 to define sync groups.
The sync_group statement should appear after the datacenter statement and before server statements.
sync_group {
name "<name>"
3dns <ip_address | "domain_name">
[ 3dns <ip_address | "domain_name"> ] ...
}Figure 4.16 Syntax for setting up a sync group
Figure 4.17 shows a sample sync_group statement:
sync_group {
name "sync"
3dns 192.168.101.2 // New York
3dns 192.168.102.2 // Los Angeles
}
Setting the time tolerance value
The time tolerance value is a global variable that defines the number of seconds that one 3DNS Controller's time setting is allowed to be out of sync with another 3DNS Controller's time setting. See Understanding how the time tolerance variable affects sync groups , on page 2-9 for details.
To check the value for the time tolerance setting using the F5 Configuration utility
- In the navigation pane, click System.
The System - General screen opens. - On the toolbar, click Timers & Task Intervals.
- Note the value in the 3DNS Sync Time Tolerance box, and change it if necessary.
- If you change this setting, click Update to save it.
To check the value for the time tolerance setting in the configuration file
- On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
- Search for time_tolerance. If you don't find the time_tolerance sub-statement in the configuration file, the default (10) is used.
Configuring global variables
Default values for global parameters are adequate for most situations. However, we do recommend that you specifically enable encryption for US 3DNS Controllers.
To configure global parameters using the F5 Configuration utility
- In the navigation pane, click System.
The System - General screen opens. Note that global parameters are grouped into several categories on this screen. Each category has its own toolbar item, and online help is available for each parameter. - Make general global changes at the System - General screen or, to make changes to global parameters in other categories, click the appropriate toolbar item.
- Enter the value you want to change in the appropriate box.
For example, to enable encryption for iQuery transactions (which is recommended), go to the System - General screen and check the Enabled box. If you want to use a non-default name for the encryption key file, type it in the Key File box.
- Click Update.
The new global parameters are added to your configuration.
To configure global parameters manually
- On the 3DNS Maintenance menu, select Edit 3DNS Configuration to open the wideip.conf file.
- Locate or add the globals statement. The globals statement should be at the top of the file.
- Under the globals statement, type the appropriate sub-statement and value.
For example, to enable encryption for iQuery transactions (which is recommended), change the encryption parameter to yes (the default setting is no). If you want to use a non-default name for the encryption key file, type it on the next line.
Figure 4.18 shows the correct syntax for enabling encryption:
globals {
encryption yes
encryption_key_file "/etc/F5key.dat"
}Figure 4.18 Syntax for enabling encryption
For descriptions of all global parameters, see The globals statement , on page A-6.
Configuring IP filters
Filters control network traffic by specifying whether packets are accepted or rejected by the 3DNS Controller. Filters apply to both incoming and outgoing traffic. When creating a filter, you define the criteria to apply to each packet that is processed by the 3DNS Controller. You can configure the 3DNS Controller to accept or block each packet based on whether the packet matches the criteria.
Typical criteria that you define in IP filters are packet source IP addresses, packet destination IP addresses, and upper-layer protocol of the packet. However, each protocol has its own specific set of criteria that can be defined.
For a single filter, you can define multiple criteria in multiple, separate statements. Each of these statements should reference the same identifying name or number, to tie the statements to the same filter. You can have as many criteria statements as you want, limited only by the available memory. Of course, the more statements you have, the more difficult it is to understand and maintain your filters.
Defining the filter criteria
When you define an IP filter, you can filter traffic in two ways:
- You can filter traffic going to a specific destination or coming from a specific destination, or both.
- The filter can allow network traffic through, or it can reject network traffic.
To define an IP filter using the F5 Configuration utility
- Click IP Filters in the navigation pane.
The IP Filters screen opens. - In the IP Filters screen, click Add Filter.
The Add IP Filter screen opens. - In the Name box, type a filter name.
- From the Type list, choose Accept Packet to allow traffic, or Deny Packet to reject traffic.
- If you want to filter traffic based on its source, specify the client source information:
a) In the Source IP Address box, enter the IP address from which you want to filter traffic.
b) In the Source Port box, enter the port number from which you want to filter traffic.
- If you want to filter traffic based on its destination, specify the destination information:
a) In the Destination IP Address box, enter the IP address to which you want to filter traffic.
b) In the Destination Port box, enter the port number to which you want to filter traffic.
- Click Add to add the IP filter to the system.
Note: For information on configuring IP filters and rate filter on the command line, refer to the IPFW man page.
Configuring Sendmail
You can configure the 3DNS Controller to send email notifications to you, or to other administrators. The 3DNS Controller includes a sample Sendmail configuration file that you can use to start with, but you will have to customize the Sendmail setup for your network environment before you can use it.
Before you begin setting up Sendmail, you may need to look up the name of the mail exchanger for your domain. If you already know the name of the mail exchanger, go to Setting up Sendmail , on page 4-34 for details about setting up the sendmail daemon itself.
Finding the mail exchanger for your domain
You can use the nslookup command on any workstation that is configured for lookup. Once you find the primary IP address for your domain, you can find the mail exchanger for your domain.
To find the mail exchanger
- Identify the default server name for your domain. From a workstation capable of name resolution, type the following on the command line:
/etc# nslookup
The command returns a default server name and corresponding IP address:
Default Server: <server name>
Address: <server>
- Use the domain name to query for the mail exchanger:
set q=mx
<domain name>
The returned information includes the name of the mail exchanger. For example, the sample information shown in Figure 4.19 lists bigip.net as the preferred mail exchanger.
bigip.net preference = 10, mail exchanger = mail.SiteOne.com
bigip.net nameserver = ns1.bigip.net
bigip.net nameserver = ns2.bigip.net
bigip.net internet address = 192.17.112.1
ns1.bigip.net internet address = 192.17.112.2
ns2.bigip.net internet address = 192.17.112.3
Figure 4.19 Sample mail exchanger information
Setting up Sendmail
When you actually set up Sendmail, you need to open and edit a couple of configuration files. Note that the 3DNS Controller does not accept email messages, and that you can use the crontab utility to purge unsent or returned messages, and that you can send those messages to yourself or another administrator.
To set up and start Sendmail
- Copy /etc/sendmail.cf.off to /etc/sendmail.cf.
- To set the name of your mail exchange server, open the /etc/sendmail.cf file and set the DS variable to the name of your mail exchanger. The syntax for this entry is:
DS<MAILHUB_OR_RELAY>
- Save and close the /etc/sendmail.cf file.
- To allow Sendmail to flush outgoing messages from the queue for mail that cannot be delivered immediately, open the /etc/crontab file, and change the last line of the file to read:
0,15,30,45 * * * * root /usr/sbin/sendmail -q > /dev/null 2>&1
- Save and close the /etc/crontab file.
- To prevent returned or undelivered email from going unnoticed, open the /etc/aliases file and create an entry for root to point to you or another administrator at your site.
root: networkadmin@SiteOne.com
- Save and close the /etc/aliases file.
- Run the newaliases command to generate a new aliases database that incorporates the information you added to the /etc/aliases file.
- To turn Sendmail on, either reboot the system or type the following command:
/usr/sbin/sendmail -bd -q30m
