Applies To:
Show Versions
3-DNS Controller versions 1.x - 4.x
- 2.1 PTF-01, 2.1.2, 2.1.0
4
Defining the Network Setup
Setting up a basic configuration
The second phase of installing 3-DNS Controllers is to define the network setup. Each 3-DNS Controller in the network setup must have information regarding which data center stores specific servers, and with which other 3-DNS Controllers it can share configuration and load balancing information. A basic network setup includes data centers, servers, wide IPs, and one sync group.
You can configure global variables that apply to all servers and wide IPs in your network. However, the default values of the global variables work well for most situations, so configuring global variables is optional. You can find more information about global variables in Configuring global variables, on page 4-33 .
The following sections describe the various elements of a basic network:
- Data centers
Data centers are the top level of your network setup. We recommend that you configure one data center for each physical location in your global network. The data center element of your configuration defines the servers (3-DNS Controllers, BIG-IP Controllers, and hosts) that reside at that location.A data center can contain any type of server. For example, in Figure 4.1 , the Tokyo data center contains a 3-DNS Controller and a host, while the New York and Los Angeles data centers contain 3-DNS Controllers and BIG-IP Controllers.
To configure data centers, see Setting up a data center, on page 4-2 .
- Servers
The servers that you define in the network setup include 3-DNS Controllers, BIG-IP Controllers, and host machines. You define the 3-DNS Controllers that manage the BIG-IP Controllers and hosts, and you also define the virtual servers that are managed by the BIG-IP Controllers and hosts. Virtual servers are the ultimate destination for connection requests.To configure servers, see Setting up servers, on page 4-5 .
- Sync groups
Sync groups contain only 3-DNS Controllers. When setting up a sync group, you define which 3-DNS Controllers have the same configuration. In most cases, you should define all 3-DNS Controllers as part of the same sync group.To configure sync groups, see Setting up sync groups, on page 4-30 .
- Wide IPs
After you define virtual servers for your BIG-IP Controllers and hosts, you need to specify how connections are distributed among the virtual servers by defining wide IPs. A wide IP maps a domain name to a pool of virtual servers, and it specifies the load balancing modes that the 3-DNS Controller uses to choose a virtual server from the pool.
When an LDNS requests a connection to a specific domain name, the wide IP definition specifies which virtual servers are eligible to answer the request, and which load balancing modes to use in choosing a virtual server to resolve the request.To configure wide IPs, see Adding a wide IP, on page 5-12 ,
Setting up a data center
The first step in configuring your 3-DNS Controller network is to create data centers. A data center defines the group of 3-DNS Controllers, BIG-IP Controllers, and hosts that reside in a single physical location.
Figure 4.1 Example network setup
The advantage of grouping all machines from a single location into one data center is to allow path information collected by one machine to be shared with all other machines in the data center. For example, when a host machine belongs to a data center, the host can take advantage of the information collected by the big3d agent, which runs only on 3-DNS Controllers and BIG-IP Controllers. Without the information that the big3d agent collects, virtual servers owned by host machines would not be able to use advanced load balancing modes.
To configure a data center using the Configuration utility
- In the navigation pane, click Data Centers.
- On the toolbar, click Add Data Center.
The Add New Data Center screen opens. - Add the new data center settings. For help on defining data centers, click Help on the toolbar.
The data center is added to your configuration. - Repeat this process for each data center in your network.
When you add servers to the network setup, you assign the servers to the appropriate data centers.
To configure a data center manually
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- Select Edit 3-DNS Configuration to open the wideip.conf file.
An environment variable determines whether this command starts vi or pico. - Locate or add the datacenter statement.
The datacenter statement should be the second statement in the file, after the globals statement and before server statements.
- In the first line of the datacenter statement, type a name for the data center and enclose the name in quotation marks, as shown in Figure 4.2 .
- Type the server type and IP address for each server that is part of the specified data center.
Figure 4.2 shows the correct syntax for the datacenter statement.
Figure 4.2 Syntax for the datacenter statement
datacenter {
name <"data center name">
[ location <"location info"> ]
[ contact <"contact info"> ]
[ 3dns <3-DNS IP address> ]
[ bigip <BIG-IP IP address> ]
[ host <host IP address> ]
}Repeat the above procedure until you have added a separate datacenter statement for each data center on your network.
Figure 4.3 shows a sample datacenter statement.
Figure 4.3 Sample data center definition
datacenter {
name "New York"
location "NYC"
contact "3DNS_Admin"
3dns 192.168.101.2
bigip 192.168.101.40
host 192.168.105.40
}
Setting up servers
There are three types of servers: 3-DNS Controllers, BIG-IP Controllers, and other hosts. At the minimum, your network includes one 3-DNS Controller, and at least one server (BIG-IP Controller or host) that it manages.
This section describes how to set up each 3-DNS Controller, BIG-IP Controller, and host machine that make up your network. The setup procedures here assume that the BIG-IP Controllers and hosts are up and running, and that they already have virtual servers defined. Note that 3-DNS Controllers do not manage virtual servers.
Defining 3-DNS Controller servers
The purpose of defining a 3-DNS Controller server is to establish in which data center the 3-DNS Controller resides and, if necessary, to change big3d agent settings. In setting up a 3-DNS Controller server, you also make that 3-DNS Controller available so you can add it to a sync group.
To define a 3-DNS Controller server using the Configuration utility
- In the navigation pane, click 3-DNS Controllers.
- On the toolbar, click Add 3-DNS Controller.
The Add New 3-DNS Controller screen opens. - Add the new 3-DNS Controller settings. For help on defining 3-DNS Controllers, click Help on the toolbar.
The 3-DNS Controller is added to your configuration. Repeat this procedure for each 3-DNS Controller you need to add.
To define a 3-DNS Controller server manually
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Use the syntax shown in Figure 4.4 to define a 3-DNS Controller.
All server statements should appear after the sync_group statement and before wideip statements.
Figure 4.4 Syntax for defining a 3-DNS Controller server
server {
type 3dns
address <IP address>
name <"3dns_name">
iquery_protocol [ udp | tcp ]
[ remote {
secure <yes | no>
user <"user name">
} ]
[ interface {
address <NIC IP address>
address <NIC IP address>
} ]
[ factories {
prober <number>
discovery <number>
snmp <number>
hops <number>
} ]
[ prober <IP address> ]
probe_protocol < icmp | udp | tcp | dns_ver| dns_dot>
port <port to probe>
}Figure 4.5 shows a sample server statement that defines a 3-DNS Controller.
Figure 4.5 Sample 3-DNS Controller server definition
// New York
server {
type 3dns
address 192.168.101.2
name "3dns-newyork"
iquery_protocol udp
remote {
secure no
user "root"
}
prober 192.168.101.40
probe_protocol icmp
port 53
}
Defining BIG-IP Controller servers
Before you define BIG-IP Controller servers, you should have the following information:
- The IP address and service name or port number of each virtual server to be managed by the BIG-IP Controller
- The IP address of the server itself
To define a BIG-IP Controller server using the Configuration utility
- In the navigation pane, click BIG-IP Controllers.
- On the toolbar, click Add BIG-IP Controller.
The Add New BIG-IP Controller screen opens. - Add the new BIG-IP Controller settings. (For help on defining BIG-IP Controllers, click Help on the toolbar.)
The BIG-IP Controller and specified virtual server are added to your configuration.
To add more virtual servers using the Configuration utility
- In the navigation pane, click BIG-IP Controllers.
- In the table, find the BIG-IP Controller that you just added.
- Click the entry in its BIG-IP Virtual Servers column.
- On the toolbar, click Add Virtual Server.
The Add Virtual Server to BIG-IP screen opens. - Add the new virtual server settings. For help on adding virtual servers, click Help on the toolbar.
Repeat this process for each virtual server you want to add to this BIG-IP Controller.
To define a BIG-IP Controller server manually
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Use the syntax shown in Figure 4.6 to define a BIG-IP Controller.
All server statements should appear after the sync_group statement and before wideip statements.
If you need to allow iQuery packets to pass through firewalls, include the translate keyword in the server statement that defines the BIG-IP Controller. When you include the translate keyword, the iQuery utility includes translated IP addresses in the packets sent to the specific BIG-IP Controller. See Setting up iQuery communications for the big3d agent, on page 2-21 for details.
Figure 4.6 Syntax for defining a BIG-IP Controller server
server {
type bigip
address <IP address>
name <"bigip_name">
iquery_protocol [ udp | tcp ]
[ remote {
secure <yes | no>
user <"user name">
} ]
[ interface {
address <NIC IP address>
address <NIC IP address>
} ]
[ factories {
prober <number>
discovery <number>
snmp <number>
hops <number>
} ]
vs {
address <virtual server IP address>
port <port number> | service <"service name">
[ translate {
address <IP address>
port <port number>|service <"service name">
} ]
}
}Figure 4.7 shows a sample server statement that defines a BIG-IP Controller.
Figure 4.7 Sample BIG-IP Controller server definition
server {
type bigip
address 192.168.101.40
name "bigip-newyork"
iquery_protocol udp
remote {
secure yes
user "administrator"
}
# Tell 3-DNS about the 2 interfaces on a BIG-IP HA
interface {
address 192.168.101.41
address 192.168.101.42
}
# Change the number of factories doing the work at big3d
factories {
prober 6
discovery 1
snmp 1
hops 2
}
vs {
address 192.168.101.50
service "http"
translate {
address 10.0.0.50
port 80
}
}
vs {
address 192.168.101.50:25 // smtp
translate {
address 10.0.0.50:25
}
}
}
Defining host servers
A host is an individual network server or server array controller other than the BIG-IP Controller. Before configuring a host, you should have the following information:
- Address information
The IP address and service name or port number of each virtual server to be managed by the host. - SNMP information for host probing
To implement host probing, you must specify SNMP agent settings after you define the host server. The settings you specify include the type and version of SNMP agent that runs on the host, the community string, and the number of communication attempts that you want the big3d agent to make while gathering host metrics. SNMP agent settings for hosts are described in Configuring host SNMP settings, on page 4-15 .
Note: To fully configure host probing, you must configure the SNMP agent settings in the host definition as previously described, and you must also set up the big3d agents to run SNMP factories, and configure the SNMP agents on the hosts themselves. See Setting up SNMP probing for hosts, on page 2-14 for details.
To define a host server using the Configuration utility
- In the navigation pane, click Host Servers.
- On the toolbar, click Add Host Server.
The Add New Host Server screen opens - Add the new host server settings. For help on adding host servers, click Help on the toolbar.
The host and the specified virtual server are added to your configuration.
To add more virtual servers using the Configuration utility
- In the navigation pane, click Host Servers.
- In the table, find the host that you just added.
- Click the entry in its Host Virtual Servers column.
- On the toolbar, click Add Host Virtual Server. The Add Virtual Server to Host screen opens.
- Add the new virtual server settings. For help on adding virtual servers, click Help on the toolbar.
Repeat this process for each virtual server you want to add to this host.
To define a host server manually
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Use the syntax shown in Figure 4.8 to define a host.
All server statements should appear after the sync_group statement and before wideip statements.
Figure 4.8 Syntax for defining a host server
server {
type host
address <IP address>
name <"host_name">
[ prober <ip_address> ]
probe_protocol <tcp | icmp | udp | dns_ver | dns_dot>
port <port number> | service <"service name">
[ snmp {
agent <generic | ucd | solstice | ntserv | ciscoldv2 | ciscoldv3>
port <port number>
community <"community string">
timeout <seconds>
retries <number>
version <SNMP version>
} ]
vs {
address <virtual server IP address>
port <port number> | service <"service name">
[ probe_protocol <tcp | icmp | udp | dns_ver| dns_dot> ]
}
}Figure 4.9 shows a sample server statement that defines a host.
Figure 4.9 Sample host server definition
server {
type host
address 192.168.104.40
name "host-tokyo"
prober 192.168.101.40
probe_protocol icmp
port 53
snmp {
agent ucd
community "public"
version 1
}
vs {
address 192.168.104.50:25
}
vs {
address 192.168.104.50:80
}
}
Configuring host SNMP settings
After defining a host server, you need to configure its SNMP settings if you want to use SNMP host probing. Remember that you must first set up at least one SNMP probing factory on any 3-DNS Controller or BIG-IP Controller that runs the big3d agent.
The SNMP prober collects the following information. The 3-DNS Controller uses the packet rate information for load balancing. The remaining information is displayed in the Host Statistics screen in the Configuration utility for your convenience.
- Memory utilization
- CPU utilization
- Disk space utilization
- Packet rate
The 3-DNS Controller supports the following host SNMP agents:
- Generic
A generic SNMP agent is an SNMP agent that collects metrics provided by OIDs as specified in the RFC 1213 document. - UCD SNMPD
This free SNMP agent is provided by the University of California at Davis. It is available on the web at http://ucd-snmp.ucdavis.edu, or you can download the ucd-snmp.tar.gz file from ftp://ucd-snmp.ucdavis.edu. - Solstice Enterprise
This SNMP agent is a product of Sun Microsystems. - Windows NT 4.0 SNMP
This SNMP matrix agent is a product of Microsoft and is distributed with the Microsoft Windows NT 4.0 server. - Cisco LDV2
This SNMP agent is a product of Cisco and is distributed with the Cisco LocalDirector, version 2.X. - Cisco LDV3
This SNMP agent is a product of Cisco and is distributed with the Cisco LocalDirector, version 3.X.Configuring SNMP agents on hosts, on page 4-18 , provides some useful tips for configuring the different SNMP agents on the hosts themselves. We recommend that you use the information in conjunction with the documentation originally provided with the SNMP agent.
To configure host SNMP settings using the Configuration utility
- In the navigation pane, click Host Servers.
- From the Host Server column, click a host server.
The Modify Host screen opens. - On the toolbar, click SNMP Configuration.
The Host SNMP Configuration screen opens. - Add the host SNMP settings. For help on configuring the host SNMP settings, click Help on the toolbar.
To configure host SNMP settings manually
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Locate or add the host server statement.
All server statements should appear after the sync_group statement and before wideip statements.
- Define the server type, address, name, prober, probe protocol, and port information as usual.
- Add the snmp statement. Figure 4.10 shows the SNMP syntax in bold.
- Define the virtual server information as usual.
Figure 4.10 Configuring host SNMP settings
server {
type host
address <IP address>
name <"host_name">
probe_protocol <tcp | icmp>
[ prober <IP address> ]
port <port number> | service <"service name">
[ snmp {
agent <generic | ucd | solstice | ntserv | ciscold2 | ciscold3>
port <port number>
community <"community string">
timeout <seconds>
retries <number>
version <SNMP version>
} ]
vs {
address <virtual server IP address>
port <port number> | service <"service name">
[ probe_protocol <tcp | icmp> ]
}
}
Configuring SNMP agents on hosts
For host probing to work, you need to verify that the SNMP agent is properly configured on the host. The following sections offer some tips and hints on configuring each type of supported SNMP agent, but you may want to refer to the documentation provided with your SNMP software for more complete configuration information.
Configuring the UCD SNMP agent on the host
The UCD SNMP agent runs on HP-UX, Ultrix, Solaris, SunOS, OSF, NetBSD, FreeBSD, BSDi, Linux, AIX, OpenBSD, Irix, Windows 95, and Windows NT. Please refer to the ucdFAQ.txt file for details. On UNIX and UNIX-like systems, the default location for the configuration and MIB files is in the /usr/share/snmp directory. You can find help on snmpd options in the snmpd man page.
Figure 4.11 shows a sample configuration file in /usr/share/snmp/snmpd.conf. This file configures the SNMP agent to define a community. Our example uses 3dnspwd as the community, which is retrieved from the address 192.168.254.4 using the prober at 192.168.254.240. It allows read access of the entire SNMP MIB tree, but does not allow write access.
Figure 4.11 Configuring a UCD SNMP agent on the host
------------begin /usr/share/snmp/snmpd.conf------------
#
# To allow write access to the 'system' subgroup from the local
# network with the community string "sysadmin":
#
# - amend the "source" address in the com2sec section
# to match your local network address
# - uncomment the "access admin" line below
#
# You are also strongly advised to change the community string
# to something other than "sysadmin"
# sec.name source community
com2sec local localhost private
com2sec 3dns 192.168.254.240/32 3dnspwd
# sec.model sec.name
group local any local
group public any public
group 3dnsgroup any 3dns
# incl/excl subtree mask
view all included .1 80
view system included system fe
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
# context sec.model sec.level prefix read write not
#access admin "" any noauth 0 mib2 system none
access public "" any noauth 0 system none none
access local "" any noauth 0 all all all
access 3dnsgroup "" any noauth 0 all none none
------------eof /usr/share/snmp/snmpd.conf------------
Figure 4.12 shows the corresponding host server statement.
Figure 4.12 Configuring the host server statement to run the UCD SNMP agent
server {
type host
address 192.168.254.4 # address of host + SNMP agent
prober 192.168.254.240 # SNMP prober reader
snmp {
agent ucd
community 3dnspwd
}
vs {
address 192.168.254.201
}
: : :
}
Configuring the Solstice SNMP agent on the host
The Solaris or SunOS 5.x should include the Solstice Master Agent in the distribution CD. Figure 4.13 shows a sample configuration that should work for host probing.
Figure 4.13 Configuring a Solstice SNMP agent on the host (continued on next page)
-------begin /etc/snmp/conf/snmpd.conf------
# Copyright 1988-01/28/97 Sun Microsystems, Inc. All Rights Reserved.
#pragma ident "@(#)snmpd.conf 2.22 97/01/28 Sun Microsystems"
# See below for file format and supported keywords
sysdescr Sun SNMP Agent,
syscontact System administrator
sysLocation System administrators office
#
system-group-read-community public
#system-group-write-community private
#
read-community public
#write-community private
#
trap localhost
trap-community SNMP-trap
#
#kernel-file /vmunix
#
#managers 192.168.254.240
#############################
# File Format:
# Each entry consists of a keyword followed by a parameter
# string, terminated by a newline. The keyword must begin in the
# first position. The parameters are separated from the keyword
# (and fromone another) by whitespace. All text following (and
# including) a '#' character is ignored. Case in keywords is
# ignored, but case inparameter strings is NOT ignored.
Figure 4.13 Configuring a Solstice SNMP agent on the host (continued from previous page)
# Supported Keywords:
# sysdescr String to use for sysDescr.
# syscontact String to use for sysContact.
# syslocation String to use for sysLocation.
# system-group-read-community Community name needed for read
# access to the system group.
# system-group-write-community Community name needed for write
# accessto the system group.
# read-community Community name needed for read access
# to the entire MIB.
# write-community Community name needed for write access
# to the entire MIB (implies read access).
#
# trap Host names where traps should be sent.
# A maximum of 5 hosts may be listed.
# trap-community Community name to be used in traps.
#
# kernel-file Filename to use for kernel symbols.
#
# managers Hosts that can send SNMP queries.
# Only five hosts may be listed on any one line.
# This keyword may be repeated for a total of 32 hosts.
#
# newdevice Additional devices which are not built in snmpd
# format as below
#
# newdevice type speed name
#
# where newdevice is keyword, type is an interger which has to
# match yourschema file, speed is the new device's speed, and
# name is this newdevice's name
------eof /etc/snmp/conf/snmpd.conf------
This allows 192.168.254.240 to query the Solstice SNMP agent-- and its community is public. The wideip.conf would be similar to the example for UCD except that the community is "public."
Configuring the Windows NT 4.0 SNMP agent on the host
To configure the Windows NT 4.0 SNMP agent, you need to complete five tasks:
- Install the SNMP agent
- Configure the SNMP server
- Install the Windows NT resource kit
- Verify that the server is running
- Verify that the installation is good
To install the SNMP agent via the Network Services
- Right-click the Network Neighborhood icon on your desktop.
- From the popup menu, select Properties.
- In the Properties dialog box, click the Services tab.
- Click Add, and then choose the SNMP service from the service list.
- Configure the community name, IP address allowed to query, and so on, to reflect the same configuration as specified in the wideip.conf file.
For the SNMP agent to work, you must reinstall, into your Windows NT server, whatever service pack you have previously installed.
To configure the SNMP server
When you configure the SNMP server, you need to provide the contact, community, and permission information that allows the big3d agent to read the SNMP MIB. You cannot change the SNMP configuration when the SNMP service is running. However, you can temporarily stop the SNMP service by typing net stop snmp at the command prompt. Then make the configuration changes, and when you are finished, restart the service by typing net start snmp.
To install the Windows NT Resource Kit
If you are doing a typical setup, you should install the Windows NT Resource Kit (if it is not already installed on the server). These utilities should provide you with the following important files:
- MIBCC.EXE (MIB compiler)
- SNMPMON.EXE (SNMP monitor)
- SNMPUTIL.EXE (get/walk/getnext utility)
- PERF2MIB.EXE
- LMMIB2.MIB
- MIB_II.MIB
- SMI.MIB
To verify that the SNMP server is running
- Click the Services tab and make sure the SNMP server is up and running.
- From the directory where you installed the resource kit utilities, run the following at the command prompt:
c:\utilities\perfm
The perfm.bat file effectively creates the performance monitoring agent's .dll, automatically loads it, and then restarts the SNMP agent.
To verify the installation
To verify that the Windows NT SNMP is working, use the 3-DNS Controller or BIG-IP Controller that runs the big3d SNMP factory. Run either the snmptest or snmpwalk commands.
Note: Before running snmptest or snmpwalk, be sure that the ephemeral ports are open by typing the command:
sysctl -w bigip.open_3dns_lockdown_ports=1
Warning: We strongly recommend that you do not run a screensaver on your Windows NT server when it is running an SNMP agent. If you run a screensaver and the SNMP agent simultaneously, the CPU utilization reported by NT may show as 100% busy.
Configuring the Cisco SNMP agent on the host
The Cisco LocalDirector versions 2.x and 3.x should include the Cisco SNMP agent in the distribution CD. Figure 4.14 is a sample configuration (in the ciscold.txt file) that should work for host probing.
Figure 4.14 Configuring a Cisco SNMP agent on the host (continued on next page)
: Saved
: LocalDirector 410 Version 3.1.3
syslog output 5.5
no syslog console
enable password c88f22962f5d2b7e09cc8fbf48f92b encrypted
hostname localdirector
no shutdown ethernet 0
no shutdown ethernet 1
shutdown ethernet 2
interface ethernet 0 auto
interface ethernet 1 auto
interface ethernet 2 auto
mtu 0 1500
mtu 1 1500
mtu 2 1500
multiring all
no secure 0
no secure 1
no secure 2
ping-allow 0
ping-allow 1
no ping-allow 2
ip address 192.168.254.6 255.255.255.0
no rip passive
failover ip address 192.168.254.7
no failover
password foobar
Figure 4.14 Configuring a Cisco SNMP agent on the host (continued from previous page)
telnet 192.168.254.0 255.255.255.0
snmp-server host 192.168.254.206
snmp-server host 192.168.254.4
snmp-server host 192.168.254.238
snmp-server host 192.168.254.240
snmp-server enable traps
snmp-server contact SystemAdministration's name
snmp-server location F5 5/F SystemAdmin's location
tftp-server 192.168.254.206 port 69 /usr/sysadm/f5/ciscold
virtual 192.168.254.201:80:0:tcp is
virtual 192.168.254.202:80:0:tcp is
virtual 192.168.254.203:80:0:tcp is
predictor 192.168.254.201:80:0:tcp roundrobin
predictor 192.168.254.202:80:0:tcp roundrobin
predictor 192.168.254.203:80:0:tcp roundrobin
real 192.168.254.10:80:0:tcp is
real 192.168.254.11:80:0:tcp is
real 192.168.254.12:80:0:tcp is
real 192.168.254.13:80:0:tcp is
real 192.168.254.14:80:0:tcp is
no names
bind 192.168.254.201:80:0:tcp 192.168.254.10:80:0:tcp
192.168.254.11:80:0:tcp
bind 192.168.254.202:80:0:tcp 192.168.254.12:80:0:tcp
192.168.254.13:80:0:tcp
bind 192.168.254.203:80:0:tcp 192.168.254.14:80:0:tcp
: end
Figure 4.15 shows the corresponding host server statement.
Figure 4.15 Configuring the host server statement to run the ciscold3 SNMP agent
server {
type host
address 192.168.254.6
vsmetrics yes
snmp {
agent ciscold3
}
vs {
address 192.168.254.201:80
}
}
: : : :
Setting up sync groups
A sync group defines the group of 3-DNS Controllers that synchronize their configuration settings and metrics data. You configure a sync group from the principal 3-DNS Controller. First list the IP address of the principal itself. Then list all other 3-DNS Controllers in the order that they should become principals if previously listed 3-DNS Controllers fail.
Each 3-DNS Controller in your network must be included in a sync group. There may be cases where you do not want a 3-DNS Controller to share its configuration with other controllers. In this case, you can create a separate sync group for each 3-DNS Controller. Each sync group would contain only its own name or IP address.
Figure 4.16 Sample non-syncing sync groups statements
sync_group {
name "sync-ny"
3dns 192.168.101.2 // New York
}
sync_group {
name "sync-la"
3dns 192.168.102.2 // Los Angeles
}
Note: To implement such a configuration, you must modify each 3-DNS Controller's wideip.conf file; the Configuration utility does not support this function.
To define a sync group using the Configuration utility
- In the navigation pane, click 3-DNS Sync.
The System - Add a New Sync Group screen opens. - In the New Sync Group Name box, type the name of the new sync group and click Add.
The Add a 3-DNS to a Sync Group screen opens. - From the list of 3-DNS Controllers, first select the 3-DNS Controller that you want to be the principal controller. Then check the box next to each 3-DNS Controller that you want to add to the sync group.
- Click Add.
To define a sync group manually
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Use the syntax shown in Figure 4.17 to define sync groups.
The sync_group statement should appear after the datacenter statement and before server statements.
Figure 4.17 Syntax for setting up a sync group
sync_group {
name "<name>"
3dns <ip_address | "domain_name">
[ 3dns <ip_address | "domain_name"> ] ...
}Figure 4.18 shows a sample sync_group statement.
Figure 4.18 Sample sync group definition
sync_group {
name "sync"
3dns 192.168.101.2 // New York
3dns 192.168.102.2 // Los Angeles
}
Setting the time tolerance value
The time tolerance value is a global variable that defines the number of seconds that one 3-DNS Controller's time setting is allowed to be out of sync with another 3-DNS Controller's time setting. See Understanding how the time tolerance variable affects sync groups, on page 2-9 for details.
To check the value for the time tolerance setting using the Configuration utility
- In the navigation pane, click System.
The System - General screen opens. - On the toolbar, click Timers and Task Intervals.
- Note the value in the 3-DNS Sync Time Tolerance box, and change it if necessary.
- If you change this setting, click Update to save it.
To check the value for the time tolerance setting in the configuration file
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Search for time_tolerance. If the time_tolerance sub-statement is not in the configuration file, the default (10) is used.
Configuring global variables
Default values for global parameters are adequate for most situations. However, we recommend that you specifically enable encryption for crypto 3-DNS Controllers.
To configure global parameters using the Configuration utility
- In the navigation pane, click System.
The System - General screen opens. Note that global parameters are grouped into several categories on this screen. Each category has its own toolbar item, and online help is available for each parameter. - Make general global changes at the System - General screen or, to make changes to global parameters in other categories, click the appropriate toolbar item.
- Add the new global settings. For help on configuring the global settings, click Help on the toolbar.
The new global parameters are added to your configuration.
To configure global parameters manually
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Locate or add the globals statement. The globals statement should be at the top of the file.
- Under the globals statement, type the appropriate sub-statement and value.
For example, to enable encryption for iQuery transactions (which is recommended), change the encryption parameter to yes (the default setting is no). If you want to use a non-default name for the encryption key file, type it on the next line.
Figure 4.19 shows the correct syntax for enabling encryption.
Figure 4.19 Syntax for enabling encryption
globals {
encryption yes
encryption_key_file "/etc/F5key.dat"
}For descriptions of all global parameters, see The globals statement, on page A-7 .
Configuring IP filters
Filters control network traffic by specifying whether packets are accepted or rejected by the 3-DNS Controller. Filters apply to both incoming and outgoing traffic. When creating a filter, you define the criteria to apply to each packet that is processed by the 3-DNS Controller. You can configure the 3-DNS Controller to accept or block each packet based on whether the packet matches the criteria.
Typical criteria that you define in IP filters are packet source IP addresses, packet destination IP addresses, and upper-layer protocol of the packet. However, each protocol has its own specific set of criteria that can be defined.
For a single filter, you can define multiple criteria in multiple, separate statements. To tie the statements to the same filter, each of these statements should reference the same identifying name or number. You can have as many criteria statements as you want, limited only by the available memory. Of course, the more statements you have, the more difficult it is to understand and maintain your filters.
Defining the filter criteria
When you define an IP filter, you can filter traffic in two ways:
- You can filter traffic going to a specific destination or coming from a specific destination, or both.
- The filter can allow network traffic through, or it can reject network traffic.
To define an IP filter using the Configuration utility
- In the navigation pane, click IP Filters.
The IP Filters screen opens. - On the toolbar, click Add Filter.
The Add IP Filter screen opens - Add the IP filter settings. For help on configuring the IP filter, click Help on the toolbar.
Note: For information on configuring IP filters and rate filter on the command line, refer to the IPFW man page.
Configuring Sendmail
You can configure the 3-DNS Controller to send email notifications to you, or to other administrators. The 3-DNS Controller includes a sample Sendmail configuration file that you can use to start with, but you must customize the Sendmail setup for your network environment before you can use it.
Before you begin setting up Sendmail, you may need to look up the name of the mail exchanger for your domain. If you already know the name of the mail exchanger, refer to Setting up Sendmail, on page 4-37 for details about setting up the sendmail daemon itself.
Finding the mail exchanger for your domain
You can use the nslookup command on any workstation that is configured for lookup. Once you find the primary IP address for your domain, you can find the mail exchanger for your domain.
To find the mail exchanger
- Identify the default server name for your domain. From a workstation capable of name resolution, type the following on the command line:
/etc# nslookup
The command returns a default server name and corresponding IP address:
Default Server: <server name>
Address: <server>
- Use the domain name to query for the mail exchanger:
set q=mx
<domain name>
The returned information includes the name of the mail exchanger. For example, the sample information shown in Figure 4.20 lists bigip.net as the preferred mail exchanger.
Figure 4.20 Sample mail exchanger information
bigip.net preference = 10, mail exchanger = mail.SiteOne.com
bigip.net nameserver = ns1.bigip.net
bigip.net nameserver = ns2.bigip.net
bigip.net internet address = 192.17.112.1
ns1.bigip.net internet address = 192.17.112.2
ns2.bigip.net internet address = 192.17.112.3
Setting up Sendmail
When you set up Sendmail, you must edit a couple of configuration files. Since the 3-DNS Controller does not accept email messages, you can use the crontab utility to purge unsent or returned messages and send them to yourself or another administrator.
To set up and start Sendmail
- Copy /etc/sendmail.cf.off to /etc/sendmail.cf.
- To set the name of your mail exchange server, open the /etc/sendmail.cf file and set the DS variable to the name of your mail exchanger. The syntax for this entry is:
DS<MAILHUB_OR_RELAY>
- Save and close the /etc/sendmail.cf file.
- To allow Sendmail to flush outgoing messages from the queue containing mail that cannot be delivered immediately, open the /etc/crontab file, and change the last line of the file to read:
0,15,30,45 * * * * root /usr/sbin/sendmail -q > /dev/null 2>&1
- Save and close the /etc/crontab file.
- To prevent returned or undelivered email from going unnoticed, open the /etc/aliases file and create an entry so root points to you or another administrator at your site.
root: networkadmin@SiteOne.com
- Save and close the /etc/aliases file.
- Run the newaliases command to generate a new aliases database that incorporates the information you added to the /etc/aliases file.
- To turn Sendmail on, either reboot the system or type the following command:
/usr/sbin/sendmail -bd -q30m
Note: The 3-DNS Controller supports only outgoing mail for Sendmail servers.
