Applies To:
Show Versions3-DNS Controller versions 1.x - 4.x
- 4.5 PTF-06
Updated Date: 04/18/2019
Summary:
This product temporary fix (PTF) provides new features and fixes for 3-DNS Controller version 4.5. The PTF includes all fixes released since version 4.5, including fixes released in prior PTFs. We recommend this PTF only for those customers who want the new features and fixes listed below. You can apply the PTF to 3-DNS Controller version 4.5 and later. For information about installing the PTF, please refer to the instructions below.
Contents:
Minimum system requirements
This section describes the minimum system requirements for this release.
- Intel® Pentium® III 550MHz processor
- 512MB disk drive or CompactFlash® card
- 256MB RAM
- Supported browsers: Microsoft® Internet Explorer 5.0, 5.5, or 6.0; Netscape® Navigator 4.7x
Note: The IM package for this PTF is quite large. If the disk drive in your platform does not meet the minimum requirement, you may not be able to successfully install this PTF.
Installing the software
The following instructions explain how to install the 3-DNS Controller version 4.5 PTF-06 onto existing systems running version 4.5 and later. The installation script saves your current configuration.
Important: If you are upgrading a 3-DNS Controller that belongs to a sync group, you must remove the controller from the sync group before you apply the PTF. Failure to do so may cause irrevocable damage to the controllers in the sync group that are running older versions of the software. Once you have upgraded all controllers to the same version, you can then re-create the sync group. For details on removing a controller from a sync group, see Removing a controller from a sync group. Once you have removed the controller from the sync group, you can proceed with the PTF installation.
Note: If you are updating the 3-DNS Controller module on a BIG-IP system, refer to the BIG-IP version 4.5 PTF-06 note for instructions on installing the PTF. Applying the PTF for BIG-IP version 4.5 also applies the PTF to the 3-DNS module. The enhancements, fixes, and known issues for the 3-DNS Controller, however, are available only in the 3-DNS Controller version 4.5 PTF-06 PTF note.
Note: If you have installed prior PTFs, this installation does not overwrite any configuration changes that you made for prior PTFs.
Once you install and license the software, refer to the Required configuration changes section, which contains important information about changes you must make before using the new software.
Note: This upgrade overwrites the 3dns_snmptrap.conf file. If you are running the 3-DNS software and you have added traps to the 3dns_snmptrap.conf file, before you apply the upgrade, we recommend that you make a copy of the 3dns_snmptrap.conf file.
To copy the 3dns_snmptrap.conf file, use the following command:
cp /etc/3dns_snmptrap.conf /etc/3dns_snmptrap.conf.save
After you apply the upgrade, edit the /etc/3dns_snmptrap.conf file and add your company's traps.
- Change to the /var/tmp/ directory by typing:
cd /var/tmp/ - Connect to the F5 Networks FTP site (ftp.f5.com).
- Make sure the FTP client on the 3-DNS Controller is in passive mode before you download the file. If you are unsure which mode the client is in, at the command line, type pass. The system indicates which mode the client is in; if it is not in passive mode, type pass again, and the client will change to passive mode.
- Download the BIGIP_4.5PTF-06.im file from the /crypto/bigip/ptfs/bigip45ptf6/ directory to the /var/tmp directory on the target 3-DNS Controller, by typing the following command:
get /crypto/bigip/ptfs/bigip45ptf6/BIGIP_4.5-PTF06.im /var/tmp/BIGIP_4.5PTF-06.im
- To install the PTF, type the following command:
im BIGIP_4.5PTF-06.im
The 3-DNS Controller automatically reboots once it completes installation.
Updating the big3d agent
After the PTF installation has completed, you need to install the new version of the big3d agent on all BIG-IP systems and EDGE-FX Cache systems known to the 3-DNS Controller, as follows:
- Log on to the 3-DNS Controller at the command line.
- Type 3dnsmaint to open the 3-DNS Maintenance menu.
- Select Install and Start big3d, and press Enter.
The 3-DNS Controller detects all BIG-IP systems and EDGE-FX systems in the network, and updates their big3d agents with the appropriate version of the agent. - Press Enter to return to the 3-DNS Maintenance menu.
- Type Q to quit.
For more information about the big3d agent, see the 3-DNS Reference Guide.
New features and fixes in this PTF
The following features and fixes are new in the current release.
Limits for current connections on BIG-IP systems (CR27048)
When you set a limit on current connections for a BIG-IP system, the 3-DNS Controller no longer uses the virtual server belonging to the BIG-IP system as a response to a query if the current connection limit has been surpassed.
Fallback load balancing method and Round Robin load balancing mode (CR27590)
If you set the fallback load balancing method for a wide IP pool to Round Robin, and no virtual servers in the pool are available for load balancing, the 3-DNS Controller no longer returns only the first virtual server listed in the pool.
Adding virtual servers to hosts and Configuration utility errors (CR27926)
The Configuration utility no longer experiences fatal errors when you add a virtual server to an existing host definition.
Features and fixes released in prior PTFs
The current PTF includes the following features and fixes, which were released in prior PTFs, as listed below. (Prior PTFs are listed with the most recent first.)
Version 4.5 PTF-05
The following issues were resolved in the 4.5 PTF-05 release.
Specified gigabit duplex setting on switches with fixed duplex settings (CR27755)
If your 3-DNS Controller is using gigabit interfaces and is plugged into a switch with a fixed duplex setting, you no longer need to configure the 3-DNS Controller gigabit interface and the port on the switch to Auto before applying this PTF. The link between the 3-DNS Controller and the switch now functions correctly.
Router link status no longer displays incorrectly (CR27756)
Receiver 3-DNS Controllers in a sync group now correctly probe the state of the router links that are in their own data center. When the controller monitors virtual servers in the same data center, the virtual servers inherit the correct state of the router link.
bigpipe system configuration commands now function properly (CR27759)
The bigpipe commands that write system configuration information (such as b save and b list) now function properly on the 3-DNS Controller.
Version 4.5 PTF-04
The following issues were resolved in the 4.5 PTF-04 release.
Changing the CORBA port number using the Configuration Utility (CR19780)
You can no longer change the CORBA port number using the Configuration Utility. The CORBA IIOP port should be set only to the default setting of 683.
SNMP traffic and a VLAN that has port lockdown enabled (CR22677)
A VLAN configured with port lockdown enabled no longer accepts SNMP traffic, unless you have explicitly enabled the SNMP port using the open_snmp_port global setting.
Disabling SNMP and rebooting the controller (CR22762)
When you disable SNMP using the Configuration utility and you reboot the controller, the bigstart script no longer generates a new snmp.conf file.
Network failover option (CR23127)
You can now configure network failover using the Configuration utility. You use either hard-wired failover or network failover when you have a redundant system. You configure network failover on the System - General screen, in the Configuration utility. For more information on the settings on this screen, click Help on the toolbar.
Address translation for host virtual servers (CR24370)
You can now configure address translations for host virtual servers. If firewall devices in your network separate the 3-DNS Controller from the host servers, you can use address translations to ensure that the 3-DNS Controller distributes the routable address for the virtual server, rather than the actual address. To configure address translations for host virtual servers, see the Configuring address translations for host virtual servers section of this PTF note.
Upgrades and process checking in the snmpd.conf file (CR24450)
When you upgrade the software, the process checking entries (proc) in the snmpd.conf file are no longer populated with incorrect values.
Obsolete script (CR24478)
The 3-DNS Controller no longer uses the sync_requests script. This script has been removed from the controller.
Remote LDAP authentication and login errors (CR24487)
If you mistype the login name, as you are using remote LDAP authentication rather than RADIUS authentication, you no longer see a RADIUS error message.
Performance enhancements (CR24491)
The automatic discovery process, autoconf, has been improved so that it loads larger configurations more quickly.
Enabling one-time automatic discovery in the Setup utility (CR24565)
The Setup utility now includes an option to enable automatic discovery of the local system's configuration, and its peer's configuration, if applicable, when you run the Setup utility for the first time. Note that this option is most useful if you are running the 3-DNS Controller module on a BIG-IP system. You can find more information about automatic discovery (autoconf) in the 3-DNS Reference Guide, version 4.5.
Logging for synchronization (CR24598)
The synchronization process now generates informational and error log messages. You can view the synchronization log messages either by using the Configuration utility, or from the command line. To view the log messages using the Configuration utility, expand the Log Files item in the navigation pane, and then click 3-DNS.
Naming pools (CR24767)
When you create a new pool, and you use the name of a pool that already exists, the 3-DNS Controller no longer overwrites the original pool with the new pool's information.
LDAP authentication and user names (CR24880)
If you use LDAP authentication, and you use the user name, user, the system no longer fails to update the configuration.
Changing the iQuery protocol when you have a sync group configured (CR24927)
In the Configuration utility, on the System - General screen, when you change the iQuery Protocol setting from TCP to UDP, the synchronization process no longer breaks.
The OID for the shutdown trap in the SNMP MIB (CR25059)
The shutdown trap, in the SNMP MIB, now has the correct object identifier (OID) associated with it so this trap now functions properly.
Probing for host virtual servers and scalability (CR25153)
The service checks and probing for host virtual servers have been optimized so that the probing is more efficient. Host virtual server probes are better distributed throughout the probing interval, and require less system resources.
Broken links on the Configuration utility welcome screen (CR25249)
In the Configuration utility, under Additional Software Downloads on the welcome screen, the 3-DNS MIB and DNS MIB links now work properly.
The big3d agent for version 4.1.1 and version 4.1.1 PTFs (CR25251)
The big3d agent for products running version 4.1.1 software, or any version 4.1.1 PTF, is now included in this PTF. If you are running a version 4.1.1 system, be sure to update the big3d agent using the process in the Updating the big3d agent section of this PTF note.
Obsolete variables removed from system (CR25322, CR25325)
The following variables are now obsolete, and have been removed from the system:
Configuration utility format | Command line format |
Allow Fragmentation | allow_frag |
Probe From Distance | probe_from_distance |
n/a | dump_regions |
Several non-configurable variables no longer exposed in the Configuration utility (CR25324, CR25892)
The following non-configurable variables are no longer listed on the Global Statistics screen, in the Configuration utility:
dns_ttl, dump_regions, dump_topology, iquery_tag, link_compensate_inbound, link_compensate_outbound, link_compensation_history, link_limit_factor, link_prepaid_factor, lower_bound_pcnt_col, lower_bound_pcnt_row, max_link_over_limit_count, over_limit_link_limit_factor, paths_noclobber, persist_mask, probe_from_distance, resolver_rx_buf_size, resolver_tx_buf_size, rtt_allow_frag, rtt_retire_zero, rx_buf_size, tdapi_gap_ttl, tdapi_msg_ttl, timer_sync_state, traceroute_port, tx_buf_size.
The following settings were removed from the System - General screen, in the Configuration utility:
iQuery Settings, Transfer Buffer, iQuery Settings, Receive Buffer, Resolver Buffer Sizes, Transfer, Resolver Buffer Sizes, Receive.
Synchronization and removing the include geoloc "netIana.inc" directive (CR25402)
If you have a sync group configured, and you remove the include geoloc "netIana.inc" directive from one of the sync group members because you are not using Topology load balancing for any pool or wide IP, the synchronization process now removes the directive from the other members of the sync group.
Probing large configurations on BIG-IP systems and CPU usage (CR25407)
The big3d agent has been optimized so that it no longer consumes a large percentage of the CPU when the 3-DNS Controller is probing larger BIG-IP configurations.
BIG-IP virtual server status and node connection limits (CR25473)
When you have configured a node connection limit for a BIG-IP virtual server, the 3-DNS Controller no longer displays that virtual server as down (red ball) if the node connection limit is set to zero (0).
Error messages for the checkd process on standalone 3-DNS Controllers (CR25476)
If you have a standalone 3-DNS Controller, the checkd process (which is not used by the 3-DNS Controller) no longer generates error messages in the /var/log/bigd file.
Interoperating with SEE-IT® Network Manager (CR25573)
In 3-DNS Controller version 4.5, the format of the /VERSION file has been modified so that the version 4.5 software is now compatible with the SEE-IT Network Manager.
Synchronizing Link Controllers with 3-DNS Controllers (CR25753)
If your network includes both 3-DNS Controllers and Link Controllers, you can add the Link Controllers to the 3-DNS sync group, if you have one configured. For details on adding a Link Controller to a 3-DNS sync group, see the Adding a Link Controller to a 3-DNS sync group section of this PTF note.
New support for NetApp server (CR25847)
The 3-DNS Controller can now load balance to, and collect metrics from, the Network Appliance™ NetApp® server. In addition to load balancing to virtual servers on the NetApp server, the 3-DNS Controller can collect the following metrics: kilobytes per second throughput, packets per second throughput, current connections, disk usage percentage, memory usage percentage, CPU usage percentage.
You configure the NetApp server as a host server type. For more information on adding a NetApp server as a host server, see the Adding a NetApp server to the configuration section of this PTF note.
Errors in the 3dparse script and virtual server dependencies (CR26031)
If you configure a virtual server dependencies list for a virtual server that contains the virtual server itself, the 3dparse script no longer causes system errors.
Users with read-only or partial read/write permissions and deleting objects in the Configuration utility (CR26171)
Users who have read-only or partial read/write permissions for the Configuration utility can no longer delete self IPs for 3-DNS Controllers or for routers. By default, users with these permission levels are not able to delete any objects in the Configuration utility.
Loading large configurations and web server errors (CR26248)
When the 3-DNS Controller is loading a large configuration, you no longer see server errors in the Configuration utility.
Using the Hops load balancing method and CPU usage (CR26261)
The CPU usage no longer spikes under the following conditions:
- You are using the Hops load balancing mode
- You have configured a hops access control list (ACL) that consists of topology regions
- You have set a probe threshold for topology
The OpenSSL package has been upgraded (CR26518)
The OpenSSL package has been upgraded to version 0.9.7a. This upgrade addresses several recent security issues with OpenSSL. For more information on the resolved security issues, see the CERT web site at http://www.cert.org.
Virtual servers with disabled VLANs and memory leak (CR26535)
A virtual server with a disabled VLAN no longer causes the 3-DNS Controller to experience a slow memory leak.
Version 4.5 encryption key size and system errors on previous software versions (CR26550)
The encryption key size in version 4.5 software is now backward-compatible with BIG-IP systems running previous software versions. The affected software versions are BIG-IP version 3.1 through BIG-IP version 4.2 PTF-09.
Log rotation for the ITCM.log file (CR26781)
The frequency of the log rotation for the ITCM.log file has been increased from once every 7 days to once every 24 hours. This improves the system efficiency if you are monitoring the controller with the iControl Services Manager.
RADIUS authentication for the default role on the 3-DNS Controller module (CR26931)
If you are running the 3-DNS Controller module on a BIG-IP system, the module no longer ignores the RADIUS authentication parameters for the default user role.
OpenSSL timing attack vulnerability (VU#997481) (CR26966)
The vulnerability that is outlined in VU#997481, Cryptographic libraries and applications do not adequately defend against timing attacks, has been addressed in this PTF. For details on the vulnerability, see http://www.cert.org.
Memory leak in the 3dnsd daemon and large configurations (CR27015)
The 3dnsd daemon no longer experiences a memory leak if a BIG-IP definition in the configuration contains more than 50 virtual servers, and you are using automatic discovery (autoconf).
Script to set up core capture
We have added a new script to automate core capturing on a 3-DNS Controller, if the controller has a hard drive. The script runs automatically after you install this PTF and reboot the system. It provides functionality to enable and disable core capture.
After you install this PTF, the script runs, and creates the /var/crash directory. In addition, if the swap partition on the primary drive is not sufficiently large to capture the core file, but another unused partition is found to be, that partition is used for core capture.
You can disable this functionality with the following command:
config_savecore -disable
You can re-enable the functionality with the following command:
config_savecore -enable
Important: As long as this functionality is enabled, you see the message savecore: no core dump during boot time.
Version 4.5 PTF-03
There are no fixes or enhancements for 3-DNS Controller in version 4.5 PTF-03.
Version 4.5 PTF-02
The following issues were resolved in the 4.5 PTF-02 release.
Enhancements to load balancing
This PTF adds two new load balancing modes, Drop Packet and Explicit IP. We recommend that you use these new load balancing modes only for the fallback method. The 3-DNS Controller uses the fallback method when the preferred and alternate load balancing modes do not provide at least one virtual server to return as an answer to a query. When you specify the Drop Packet mode, the 3-DNS Controller does nothing with the packet, and simply drops the request. (Note that a typical LDNS server iteratively queries other authoritative name servers when it times out on a query.) When you specify the Explicit IP mode, the 3-DNS Controller returns the IP address that you specify as the fallback IP as an answer to the query. Note that the IP address that you specify is not monitored for availability before being returned as an answer. When you use the Explicit IP mode, you can specify a disaster recovery site to return when no load balancing mode returns an available virtual server.
You can configure the new load balancing modes for the fallback method either using the Configuration utility or from the command line. For information on configuring the fallback method with the new load balancing modes, see the Configuring the Drop Packet and Explicit IP load balancing modes section of this PTF note.
Large configurations and misleading error messages (CR19843)
When the 3dnsd process is loading a large configuration, you may see a warning message now, instead of an error message.
Updated 3-DNS Reference Guide PDF (CR22017)
The 3-DNS Reference Guide has been updated to include Appendix A, 3-DNS Configuration File. The updates to this appendix include the revised data structures and the new configuration options for routers and links.
UDP checksums and TFTP packets (CR22113, CR25181)
In rare instances, the checksums for TFTP packets were incorrect. This issue has been resolved.
Apache web server and the CERT Coordination Center vulnerability, VU#672683 (CR24689)
This PTF addresses the vulnerability in the Tomcat package for the Apache web server that is described in Vulnerability Note VU#672683 on the CERT® Coordination Center web site. For more information on the vulnerability, see http://www.kb.cert.org/vuls/id/672683.
Turning off automatic synchronization and persistent LDNS requests (CR24869)
If you turn off automatic synchronization on a 3-DNS Controller, and if the 3dnsd process on that controller loses network communications with the other 3dnsd processes in the network, the controller now synchronizes LDNS requests that occur during the time that the 3dnsd process is offline.
iControl BaseServer::get_interfaces function and the 3dnsd process (CR24912)
The following iControl function, ITCMGlobalLB::BaseServer::get_interfaces, no longer causes the 3dnsd process to stop running when you specify an invalid type within the function.
Synchronization and the netIana.inc file (CR24928)
The include geoloc "netIana.inc" directive is now synchronized between the members of a sync group.
Root servers list for BIND (CR25064)
The root servers list file for BIND, root.hint, has been updated to include the most current list of root servers.
Errors on the System - General screen in the Configuration utility (CR25143)
You can now change any of the settings on the System - General screen in the Configuration utility, and you no longer see error messages when you do so.
Invalid metrics statistics and graphs for down remote links (CR25146)
The Link Statistics screen, in the Configuration utility, no longer displays very large, invalid values for remote links that are down (red ball). The link statistics graphs now accurately display the data for both the link that is down, and any available links.
Path probing requests and data centers with no defined router (CR25155)
If a data center contains at least one 3-DNS Controller, BIG-IP system, or EDGE-FX system, the big3d agent now issues path probing requests to that data center, regardless of whether you have defined a router for the data center.
Using a serial terminal as a console (CR25183)
This PTF fixes the serial terminal as the console functionality, as described in the 3-DNS Reference Guide, Chapter 6, Monitoring and Administration, so that it works with all 2U controller platforms.
Version 4.5 PTF-01
The following issue was resolved in the 4.5 PTF-01 release.
CA-2002-31, Multiple Vulnerabilities in BIND
This PTF addresses the security vulnerabilities that are listed in CERT® advisory, CA-2002-31, Multiple Vulnerabilities in BIND. This PTF upgrades the BIND package to version 8.3.4. For more information on the CERT advisory, see http://www.cert.org/advisories/CA-2002-31.html.
Required configuration changes
Once you have installed the software, you must make the following required configuration changes.
Updated big3d agent for version 4.5 and later (CR25255)
The big3d agent has been updated, and is not compatible with the previously-released big3d agents. Therefore, you must distribute the updated big3d agent to the BIG-IP systems in your network so that the metrics collection on the 3-DNS Controller functions properly. For details on distributing the updated big3d agent, see the Updating the big3d agent section of the installation instructions for this PTF.
Optional configuration changes
The following sections provide details on configuring the features that are new in this release.
Adding a Link Controller to a 3-DNS sync group
If you have both 3-DNS Controllers and one or more Link Controllers in your network, you can add the Link Controllers to the 3-DNS Controllers' sync group in a few simple steps. There are three tasks to adding a Link Controller to a 3-DNS sync group:
- Run the merge_configs script on the sync group's principal controller.
- Add the Link Controller to the sync group using the principal controller's Configuration utility.
- Run the 3dns_add script on the Link Controller.
The following sections explain the specific steps for each of the previous tasks. You must perform these tasks in the order they are listed.
Important: Before you add the Link Controller to the 3-DNS sync group, we recommend that you back up both the 3-DNS configuration and the Link Controller configuration.
To run the merge_configs script
From the command line on the principal 3-DNS Controller, run the merge_configs script by typing the following command, where <ip_address> is the IP address of the Link Controller that you want to add to the sync group.
/usr/local/bin/merge_configs -peer <ip_address>
To make the sync group aware of the Link Controller
Using the Configuration utility on the principal 3-DNS Controller, add the Link Controller to the sync group.
- In the navigation pane, click 3-DNS Sync.
The Synchronization screen opens. - On the toolbar, click Add to Group.
The Add a 3-DNS to a Sync Group screen opens. - Check the box next to the controller that you want to add to the sync group, and click Add.
To add the Link Controller to the sync group and start synchronization
The final step in adding the Link Controller to a 3-DNS sync group is to run the 3dns_add script on the Link Controller. The script moves the synchronized configuration to the Link Controller, and finalizes the sync group setup.
- From the command line of the Link Controller, run the 3dns_add script.
3dns_add
The script runs, and finalizes the setup of the sync group.
Adding a NetApp server to the configuration
You add a NetApp server to the 3-DNS configuration as a host.
To add a NetApp server using the Configuration utility
- In the navigation pane, expand the Servers item, and then click Host.
The Host List screen opens. - On the toolbar, click Add Host.
The Add New Host screen opens. - Add the settings for the NetApp server, and click Next.
The Data Centers screen opens. - Select the data center where the NetApp server is located, and click Next.
The Configure Virtual Server screen opens. - Add the settings for the virtual server, and click Finish.
The Host List screen opens, where the new NetApp server is listed at the bottom of the list. - In the Server Name column, click the name of the newly-created server.
The Modify Host screen opens. - On the toolbar, click SNMP Configuration.
The Host SNMP Configuration screen opens. - On the Host SNMP Configuration screen, configure the following settings:
- Check the SNMP Enabled box.
- In the Type list, select NetApp.
- Modify the remaining settings, if required.
- Click Update.
The 3-DNS Controller can now collect metrics and performance information about the NetApp server.
Note: For more information on any of the settings on the screens in the Configuration utility, click Help on the toolbar.
Configuring the Drop Packet and Explicit IP load balancing modes
You can configure the fallback method using the new load balancing modes either by using the Configuration utility, or by editing the wideip.conf file from the command line. You can specify either the Drop Packet load balancing mode, or the Explicit IP load balancing mode. Note that if you specify the Explicit IP mode, you also specify a fallback IP address.
To configure the fallback method with the Drop Packet mode using the Configuration utility
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens. - In the Wide IP column, click the name of the wide IP that you want to modify.
The Modify Wide IP screen opens. - On the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens. - In the Pool Name column, click the name of the pool that you want to modify.
The Modify Load Balancing screen opens. - In the Load Balancing Modes, Fallback box, select Drop Packet.
- Click Update.
The Configuration utility updates the configuration with the changes.
To configure the fallback method with the drop_packet mode from the command line
- To ensure that the configuration files contain the same information as the memory cache, type the following command:
3ndc dumpdb - Open the /etc/wideip.conf file in a text editor (either vi or pico).
- Use the syntax highlighted in the following sample to configure the fallback method with the drop_packet mode.
- Save and close the file.
- Commit the changes to the configuration by typing:
3ndc reload
wideip { ... pool { name "Pool" dynamic_ratio yes preferred qos alternate rr fallback drop_packet address <vs_ip_address> address <vs_ip_address> |
To configure the fallback method with the Explicit IP mode using the Configuration utility
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens. - In the Wide IP column, click the name of the wide IP that you want to modify.
The Modify Wide IP screen opens. - On the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens. - In the Pool Name column, click the name of the pool that you want to modify.
The Modify Load Balancing screen opens. - In the Load Balancing Modes, Fallback box, select Explicit IP.
- In the Fallback IP box, type the IP address for the server or host to which you want the 3-DNS Controller to forward the packet.
- Click Update.
The Configuration utility updates the configuration with the changes.
To configure the fallback method with the explicit_ip mode from the command line
- To ensure that the configuration files contain the same information as the memory cache, type the following command:
3ndc dumpdb - Open the /etc/wideip.conf file in a text editor (either vi or pico).
- Use the syntax highlighted in the following sample to configure the fallback method with the explicit_ip mode.
- Save and close the file.
- Commit the changes to the configuration by typing:
3ndc reload
wideip { ... pool { name "Pool" dynamic_ratio yes preferred qos alternate rr fallback explicit_ip fallback_ip <ip_address> address <vs_ip_address> address <vs_ip_address> |
Configuring address translations for host virtual servers
You can now configure address translations for host virtual servers. This is beneficial when there is a firewall separating the 3-DNS Controller from the host.
To configure an address translation for a host virtual server using the Configuration utility
- In the navigation pane, expand the Servers item, and then click Hosts.
The Host List screen opens. - In the Host column, click the name of the host whose virtual servers you want to modify.
The Modify Host screen opens. - On the toolbar, click Translate Virtual Server.
The Modify Virtual Server Translations screen opens. - On the toolbar, click Add Translate.
The Add Translation to Host Virtual Server screen opens. - In the Host Virtual Server list, select the virtual server for which you want to add an address translation.
- Add the translation settings, and click Add.
The Modify Virtual Server Translations screen opens, where the virtual server and its translation are now listed.
Note: For more information on any of the settings on the screens in the Configuration utility, click Help on the toolbar.
Known issues
The following items are known issues in the current release.
Statistics screens and viewing 3-DNS status (CR9452)
When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens (in the disabled system's Configuration utility only) display an inaccurate status (a red ball) for all of the other 3-DNS systems in the same sync group. You can see the correct status of the systems in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group.
Prober statistics and Internet Explorer 5.0 and later (CR10153)
When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later. We recommend using the following procedure to view the Histograms or Metrics.
- In the navigation pane, expand the Statistics item, and click Probers.
- In the Prober Statistics screen, click either Metrics or Histogram.
A dialog box appears. - Select Save this file to disk and click OK.
The browser saves the file, and you can now open the file using Microsoft Excel.
ArrowPoint CS150 and metrics collection (CR10361)
The 3-DNS Controller collects metrics on packets per second and kilobytes per second only for HTTP traffic on the current ArrowPoint CS150 server.
The kilobytes per second rate as displayed for the ArrowPoint CS150 is approximately 16 times smaller than it should be. The total byte count returned from the ArrowPoint MIB is 16 times smaller than the total byte count that was actually handled.
Netscape Navigator and the Network Map (CR11161)
The Network Map does not display large configurations properly when you run Netscape on a UNIX or Linux platform. We recommend that you use a Windows-based browser to view large network configurations with the Network Map.
Network Map and multiple browser sessions (CR11173)
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape Navigator. This error only occurs if the additional browser sessions use Java applets. We recommend that you close any additional browser sessions before viewing the Network Map.
Wide IP production rules (CR11710)
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box. We recommend that you do not configure a production rule with the Date/Time time variable.
Global Availability or Ratio load balancing within a pool (CR13112)
When you create a pool for a new or for an existing wide IP, and you use the Global Availability or Ratio load balancing method, you may experience problems when all of the following circumstances are met:
- You are using Internet Explorer 5.0 or 5.5.
- You select Global Availability or Ratio in the Load Balancing Modes, Preferred list or the Load Balancing Modes, Alternate list on the Configure Load Balancing for New Pool screen.
- You have a large quantity of virtual servers in your configuration.
If you want to use the Global Availability or Ratio load balancing method, and you meet the previous criteria, please see the Using the Global Availability or Ratio load balancing mode within a wide IP pool work-around following this section.
Sync group names in the Configuration utility (CR14955)
In the Configuration utility, you may get an internal server error, and you may not be able to delete the sync group, if you use special characters in the sync group names. To avoid this error, use only alphanumeric, underscore ( _ ), hyphen ( - ) or space characters in the sync group names.
Adding servers using the Configuration utility and the Back button in Internet Explorer (CR15345)
Occasionally, when you add a new server to the 3-DNS configuration using the Configuration utility, and you are using the Configuration utility in a Microsoft® Internet Explorer browser session, you may get an error when you use the Back button to return to a previous screen. The error is benign, and you can click any item in the navigation screen to clear the error.
Opening PDF files from the 3-DNS Controller home screen (CR15901)
Occasionally, when you open any of the PDF files available on the home screen of the Configuration utility, the CPU usage for your work station may spike to 100%. To avoid this problem, right-click the name of the PDF file that you want to open, and choose Save Target As to save the PDF file on your workstation. You can then open the PDF file using Adobe® Acrobat® Reader, version 3.0 and later.
Enabling the IP classifier (CR18264)
If you use the Topology load balancing feature, you must make the following change to the wideip.conf file so the 3-DNS Controller can classify continent and country of origin for local DNS servers.
- From the command line, type the following command to ensure that the configuration files contain the same information as the memory cache.
3ndc dumpdb - Open the /etc/wideip.conf file using either the pico or vi text editor.
- Add the following line to the include statement in the wideip.conf file.
include geoloc "netIana.inc"
The include statement loads the IP classifier so Topology load balancing can classify LDNS requests. - Save and close the wideip.conf file.
- Commit the change to the configuration:
3ndc reload
Note: If you have a sync group configured, you must enable the IP classifier on each member of the sync group.
Upgrading the software and the MindTerm SSH Console (CR18436)
When you upgrade the software for 3-DNS Controller, you cannot use the MindTerm SSH Console, because the upgrade stops and restarts the SSH service. To upgrade the software, use a serial console instead.
Using the 3-DNS Controller in bridge mode (CR18873)
You cannot configure the 3-DNS Controller in bridge mode using a remote connection or using the Configuration utility. You must configure bridge mode using a local connection. For details on configuring bridge mode, see the Configuring bridge mode section of this release note.
Special characters in pool names and viewing the Network Map (CR19756)
When you use the colon character ( : ) in a pool name, and then try to view the Network Map, the Network Map does not display. To avoid this error, do not use the colon character in pool names.
The 3dpipe utility and pool names (CR20183)
The 3dpipe utility does not properly parse pool names that contain numbers only.
CPU usage statistics for EDGE-FX Caches (CR21325)
On the EDGE-FX Cache Statistics screen, in the Configuration utility, the 3-DNS Controller incorrectly reports the CPU usage statistic for the EDGE-FX Cache.
Time-to-live (TTL) values for resource records (CR22025)
If you set the pool TTL to a value that is different from the wide IP TTL, the dig command displays the wide IP TTL rather than the pool TTL in the answer packet. This occurs only when all the virtual servers in the pool are unavailable. Resource records in the DNS configuration are set with the wide IP TTL instead of the pool TTL. If you change the pool TTL, the TTL for the resource records does not change to the updated TTL. Therefore, when the 3-DNS Controller is unable to load balance a request, and returns the request to DNS, the resource record contains the wide IP TTL rather than the pool TTL.
Clean installations of the 3-DNS Controller software and the Default data center (CR23028)
When you install the 3-DNS Controller version 4.5 software, and you do not have a previous configuration file, the controller creates a default data center labeled Default. To move any objects that are in the Default data center to a data center that you create, see Moving objects from the Default data center to a newly-created data center section of this release note. Note that this occurs only on a BIG-IP system with the 3-DNS module.
Renaming a wide IP that has aliases using the Configuration utility and synchronization (CR23224)
When you rename a wide IP, and the wide IP has aliases, the order of the wide IP name and alias may appear in reverse order when you look at the wide IP in the Configuration utility of another controller in the sync group. Note that this error does not affect domain name resolution.
Configuring production rules (CR23327)
In the Configuration utility, when you create a production rule, you cannot use the Description box to add a description of the production rule. If you type text into the Description box, the controller ignores it, and the text is not saved.
Upgrading the software and home screen errors in the Configuration utility (CR23710)
When you are upgrading a 3-DNS Controller from version 4.2 to version 4.5, you may see the BIG-IP system home screen instead of the 3-DNS home screen. This occurs only once: after you upgrade the software and before you upgrade the license file using the new licensing process. Refer to the Activating the license section of this release note for details on upgrading your license file to the new version. Note that this does not affect the 3-DNS Controller module on the BIG-IP system.
Graph titles on the P95 Billing Estimate statistics screen (CR23770)
When you change the date or time range on the P95 Billing Estimate statistics screen in the Link Statistics, the titles on the graphs do not update to reflect the changes. If you are using Internet Explorer, you can update the titles by holding down the Control key, right-clicking in the screen, and then clicking Refresh. If you are using Netscape Navigator, you can update the titles by holding down the Shift key, right-clicking in the screen, and then clicking Refresh.
Date ranges on the P95 statistics screen (CR23784)
The graphs on the P95 statistics screen do not check for dates in the future. If you enter a date that is past today's current date, you may get inaccurate graphs.
Synchronization and modifying the configuration (CR24081)
If you are updating a configuration using the Configuration utility, and another member of the sync group initiates the synchronization process, you get a notification screen that indicates that you cannot update the configuration. To work around this issue, wait for a minute, click the browser's Back button, and continue updating the configuration. Note that this issue is most likely to occur when you are using multiple browser sessions to update the sync group's configuration. We recommend that you use only one browser session (and controller) to update the sync group's configuration.
Unit ID numbers for a redundant system and the auto-configuration process (Discovery) (CR24734)
The auto-configuration process does not recognize the unit ID numbers for the units in redundant system. The process does, however, properly add the configuration information for both units.
The Network Map and viewing wide IP information (CR24750)
In the Network Map, in the Configuration utility, when you highlight a wide IP, the information table displays an IP address for the wide IP. The IP address is not a valid IP address; rather it is a randomly generated number. Note that this error is benign because the 3-DNS Controller no longer associates an IP address with a wide IP.
The Network Map and viewing the enabled/disable status of a virtual server (CR24751)
When you disable a virtual server that is in a wide IP that has manual resume enabled, the information table in the Network Map does not display the correct status for the virtual server. To view the correct status for the virtual server, in the navigation pane, expand the Statistics item, and then click Virtual Servers. The E/D column displays the correct status for the virtual server.
Viewing wide IPs created in the 3-DNS Controller module from the Link Controller module (CR24842)
Wide IPs that you create in the 3-DNS Controller module that contain more than one pool display only the first pool of the wide IP in the Inbound LB screen in the Link Controller module. You may encounter this known issue only when you are running a BIG-IP system with both the 3-DNS Controller module and the Link Controller module.
Configuring SSH access host restrictions (CR25530)
In previous versions, the /etc/ssh3/sshd2_config and /etc/sshd_config files controlled SSH access. Upgrading to version 4.5 ignores previously-configured SSH access restrictions configured in the /etc/ssh3/sshd2_config and /etc/sshd_config files. This upgrade reverts to an SSH access level that allows all hosts to connect. If you require restricted SSH access to certain networks/IP addresses, you need to reconfigure these restrictions once you have completed the upgrade. To do this, type the following command to start the Setup utility, and then press Enter:
setup
Choose option (S) Configure SSH, and set the restrictions you prefer.
Adding support access after initial setup (CR25821)
If you add support access with the (Y) Set support access option in the Setup utility after you complete the initial setup of the system, the support IP addresses are not added to the hosts.allow file. To correct this situation, run the (S) Configure SSH option in the Setup utility to re-initialize the SSH information on the system.
VLAN names and syntax errors (CR25890)
VLAN names that start with the text vlan, and are followed by any number of digits (for example, vlan123), cause a syntax error. We recommend that you do not use the text, vlan, as the initial portion of a VLAN name.
Creating invalid interface names (CR25950)
It is possible to create invalid interface names in your configuration by entering an invalid VLAN name from the command line. For more information about invalid VLAN names, see (CR25890).
Changing the prober IP address for a host (CR26318)
In the Configuration utility, on the Modify Host screen, you can successfully change the prober IP address to an address other than the default (which is 127.0.0.1), however, you cannot subsequently change the prober IP address back to the default. You can edit the wideip.conf file to work around this issue, as explained in the Setting the host prober IP address to the default section following these known issues.
Changing iControl settings and restarting the CORBA portal (CR26384)
If you use the Setup utility (setup) to change iControl settings, you must manually restart the CORBA portal. To restart the CORBA portal, type the following commands from the command line:
bigstart shutdown portal
bigstart startup
LDAP group name naming conventions (CR26418)
LDAP authentication for groups does not work properly when there are spaces in the group name. To avoid authentication issues with groups when you use LDAP authentication, do no use spaces in the group names.
Disabling the SNMP Auth Trap Enable setting using the Configuration utility (CR26610)
If you try to disable the Auth Trap Enable setting on the SNMP Administration screen in the Configuration utility, the SNMP configuration file, /etc/snmpd.conf , is modified with an incorrect setting of 0 (zero), and the following error is generated in the SNMP log:
"/etc/snmpd.conf: line ##: Error: authtrapenable must be 1 or 2To correct this error and disable the Auth Trap Enable setting, you can edit the /etc/snmpd.conf file, and change the authtrapenable value to 2, disable.
Losing connectivity during configuration of second unit in a redundant system (CR26705)
When you configure a unit from the command line Setup utility (setup), we recommend that you reboot the unit after you complete the configuration. This activates the license and allows traffic to pass through the system. Also, before you reboot the system, the unit is in the active mode and unlicensed. While the unit is in the active mode, the other unit in the redundant system is placed in standby mode. If left in this state, traffic cannot pass through the system.
Sync groups and upgrading software versions (CR26784)
When you are upgrading the software on 3-DNS Controllers that belong to a sync group, you must temporarily remove the controller you are upgrading from the sync group before you apply the upgrade. This is because the synchronization process cannot synchronize controllers that are running different software versions, including different PTF versions. See the Removing a controller from a sync group work-around, following the Known issues section of this release note, for configuration details.
The 3dns_add script and mixed versions of the 3-DNS software (CR26884)
If you are adding a new 3-DNS Controller to an existing sync group, the new 3-DNS Controller must be running the same version of the 3-DNS software as the controllers that are already in the sync group. If the controllers are running mixed versions of the 3-DNS software (for example, 3-DNS Controller, version 4.2 PTF-09, and 3-DNS Controller, version 4.5 PTF-03), the 3dns_add script fails because the script does not check versions. For more information on working with the 3dns_add script, see the 3-DNS Administrator Guide, version 4.5.
The regkey.license file, synchronization, and system backup files (CR27020)
In a redundant system, the regkey.license file is synchronized, both when you synchronize the configuration (using the b config sync command), and when you create a system backup file (*.ucs), and it should not be. To avoid this issue, you can add the regkey.license file to the list of files in the bigdb database that are ignored when you either synchronize the system or create a backup file. To add the regkey.license file to the list of files that are ignored, type the following command:
b db set Common.Bigip.CS.save.120.ignore = "regkey.license"
Changing the system IP address and updating the IP address for the CORBA portal in bigdb (CR27037)
If you change the IP address of the system using the Configuration utility, the system does not update the IP address for IIOP and FSSL for the CORBA portal in the bigdb. To change the CORBA address for IIOP and FSSL, run the Setup utility (setup) from the command line, and choose the option (I) Initialize iControl portal.
CompactFlash® media drives and logging for the named daemon (CR27132)
When the named daemon is running, it generates status and usage messages as part of its normal behavior. If you are running the named daemon on a system with a CompactFlash media drive, these messages may fill up the /var/log/messages file. To avoid this, periodically delete the status and usage messages for the named daemon.
BIG-IP version 3.3.1 and compatibility with 3-DNS Controller version 4.5 (CR27201)
The big3d agent that is shipped in 3-DNS Controller version 4.5 may cause fatal errors on a BIG-IP system version 3.3.1 if you update the big3d agent on the BIG-IP system to the newer big3d agent. To avoid this issue, do not update the big3d agent on BIG-IP systems running version 3.3.1 software.
RADIUS server configuration and Netscape (CR27212)
If you configure remote login for RADIUS, and you set an invalid IP address for the primary RADIUS server, and a valid IP address for the secondary RADIUS server, you may not be able to log in using a Netscape browser. This can also happen if your primary RADIUS server is down. We recommend that you use an alternative browser with this type of configuration.
User administration for remote authentication using the Configuration utility (CR27223)
With remote authentication configured, if you use the Configuration utility to add a new user, you may receive an internal server error message when you press Enter, and then click the Done button. The user is added when you press Enter. When using local authorization, the Enter key is ignored, and you must click the Done button in order to add a new user.
Auto-discovery and 127.0.0.X addresses (CR27252)
The auto-discovery process discovers all addresses on a BIG-IP system, even those in a non-routable address space (for example 127.0.0.X). This may cause the 3dnsd daemon to stop running. To avoid this issue, turn off auto-discovery for the BIG-IP systems that manage resources on a non-routable subnet, as detailed in the Turning off the auto-discovery process for a BIG-IP system work-around, which follows the Known issues section of this release note.
Deleting the default gateway pool using the Setup utility (CR27260)
The command line Setup utility, (setup), does not delete the default gateway pool when you remove all of the pool's members. To work around this issue, delete the default gateway pool using the browser-based Configuration utility.
Sync groups and the default wideip.conf file (CR27366)
If you manage your 3-DNS Controllers using a sync group, and on one of the sync group members, you delete the wideip.conf file and then restart the 3dnsd daemon, the 3dnsd daemon creates a new default wideip.conf file that contains only basic system configuration information. The new wideip.conf file has the most recent time stamp, so the sync process overwrites the wideip.conf file of the other sync group members with the newer file, effectively erasing the real configuration. We recommend that you do not remove the wideip.conf file, and then restart the 3dnsd daemon, on a controller that is a sync group member. Remove the controller from the sync group first.
Installing the PTF from CD and 3dnsd error messages (CR27501)
When you install the version 4.5 PTF-05 software from a CD, you may see the following error message just before you run the Setup utility:
ERR: An instance of 3dnsd (pid:xxx) is already running! Exiting.
The error message is benign and does not affect the software installation in any way.
The NameSurfer log file does not get rotated by the system (CR27542)
The NameSurfer™ application does not use the syslog utility to rotate its log file, /var/log/namesurfer.log, so the file does not get rotated on a regular basis. This can result in the log file becoming large. If you find that the NameSurfer log file has become too large, you can remove the file from the system, and then run the bigstart restart namesurfer command.
Copper gigabit NICs and setting media speeds (CR27772)
If you want to set media speeds, and you have a copper gigabit NIC, you must configure auto-negotiate between the 3-DNS Controller and the connected switches.
Viewing router and link status in the Configuration utility (CR27776)
In the Configuration utility, on the Metrics & Limits statistics screen, when all the links for a router are down (red ball), the router status may not be updated or display correctly. The incorrect router status display does not affect load balancing.
HTTP ECV service checks and file names (CR27823)
When you configure an HTTP ECV service check for a wide IP using the Configuration utility, the Configuration utility incorrectly adds a slash ( / ) to the beginning of the file name. To work around this issue, you can either configure the HTTP ECV service check in the wideip.conf file from the command line, or you can edit the wideip.conf file and remove the slash.
NameSurfer application and PTR records (CR27832)
The NameSurfer application deletes PTR records when you change the time-to-live (TTL) value.
MindTerm SSH console, Java™ Virtual Machine, and the Configuration utility (CR27864)
The Configuration utility may become unresponsive, when all of the following conditions are met:
- You have Java Virtual Machine enabled on a Windows® workstation
- You are using the Configuration utility to configure the system
- You open a MindTerm SSH console session from the navigation pane
- You return to the Configuration utility without closing the MindTerm SSH console
If you experience this problem, you must use the Windows Task Manager to close the browser session and the SSH session. To avoid this issue, we recommend that you either disable Java Virtual Machine while you are configuring the system, or that you close the MindTerm SSH console session before returning to the Configuration utility.
Hops calculations for Hops load balancing mode (CR27878)
The 3-DNS Controller is inaccurately calculating the number of hops for the Hops load balancing mode for inbound load balancing. This results in all configured links appearing to use the same number of router hops for inbound traffic. We recommend that you use one of the other load balancing modes for inbound load balancing. Note that this also affects the data for average router hops on the Internet Weather Map screen, in the Configuration utility.
Running 3-DNS Maintenance menu commands and 3dparse warning messages (CR27910)
If the wideip.conf file contains configuration errors (for example, you have a wide IP pool configured that does not contain any virtual servers), and you run one of the following commands in the 3-DNS Maintenance menu: Install and start big3d, Check remote versions of big3d, or Configure SSH communication with remote devices, you see 3dparse warning messages on the console. The warning messages are benign, and do not affect the functionality of the commands.
The Check Static Depends settings and load balancing virtual servers (CR27919)
When the Check Static Dependencies global setting and the Check Static Depends setting for a specific wide IP pool are different, the 3-DNS Controller may load balance to unavailable virtual servers in the pool. This is because the controller is bypassing the wide IP pool setting, and using only the global setting, for load balancing calculations.
Network Map and the enabled or disabled status for pool virtual servers (CR27923)
The Network Map does not display the correct enabled or disabled status for virtual servers, in the context of a wide IP pool. To see the correct enabled or disabled status of the virtual servers, view the Disabled Objects statistics screen.
The include geoloc "netIana.inc" directive and modifying the configuration using the Configuration utility (CR27929)
When you use the Configuration utility to modify your configuration, and you have added the include geoloc "netIana.inc" directive to the wideip.conf file, the Configuration utility deletes the include directive when you make any changes to the configuration.
SNMP version and probing (CR27971)
If you have enabled SNMP probing for a host or similar device, and you specify SNMP version 2, the SNMP probing may fail if the host or device is using SNMP version 1. This happens because SNMP version 2 uses 64-bit counters and SNMP version 1 uses 32-bit counters. To avoid this error, ensure that you specify the SNMP version (1 or 2) that corresponds with the SNMP version on the device that is being probed.
Creating user-defined regions using the Configuration utility (CR28101)
In the Configuration utility, when you create a user-defined region for Topology load balancing, you get a syntax error if you add more than 39 entries to the custom region. To avoid this error if you are creating a large user-defined region (with more than 39 entries), we recommend that you create the custom region from the command line, by editing the wideip.conf file.
Reconfiguring a standalone system as a unit in a redundant system (CR28116)
If you have a standalone system that you later decide to reconfigure as a unit in a redundant system, the system may experience failures when you reconfigure the networking and IP addresses.
Duplicate node UP messages in the log table (CR28194)
In certain circumstances you may see duplicate node UP messages in the log table (/var/run/alarm_log_tbl). You can ignore these messages; they do not affect the function of the BIG-IP system.
Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.
Cisco CSS series (formerly ArrowPoint) servers and metrics collection
The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.
3-DNS Controllers and CD upgrades
When you rebuild a 3-DNS Controller (or a BIG-IP system) using a CD, the SSH key changes. This breaks the trust relationship between the updated 3-DNS Controller and any devices with which it interacts. As a result, synchronization between the systems in the sync group stops, and you cannot update the big3d agent. You can correct this situation by removing the newer SSH key and synchronizing the updated 3-DNS Controller with other 3-DNS Controllers or BIG-IP systems. Refer to the Resetting the SSH key work-around to reset the SSH key and synchronize the systems in your network.
Solstice SNMP agent and metrics collection
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds. As a result, in the 3-DNS SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value. If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds.
Work-arounds for known issues
The following sections describe work-arounds for some of the known issues listed in the previous section.
Configuring bridge mode
If you want to configure the 3-DNS Controller to run in bridge mode, you need to do so using a local connection to the 3-DNS Controller. First, you create a VLAN group that includes both the internal and external VLANs. Next, you delete the self IP address for the 3-DNS Controller, and re-assign the IP address to the newly-created VLAN group. Finally, you save the configuration. The following instructions detail how to configure bridge mode.
To configure bridge mode
- Open the Setup utility by typing setup from the command line.
- Type D, and press Enter, to configure the 3-DNS mode.
- Using the arrow keys, choose Bridge, and press Enter.
- Type Q to close the Setup utility.
- To create a VLAN group, type the following command:
b vlangroup <vlan group name> vlans add <vlan 1> <vlan 2>
where <vlan 1> and <vlan 2> are the names of the two networks you want to link with bridge mode. - To delete the self IP address of the 3-DNS interface, type the following command:
b self <ip address> delete
where <ip address> is the IP address that you want to assign to the newly-created VLAN group. - To assign the IP address that you deleted as the self IP address in the previous step to the VLAN group, type the following command:
b self <ip address> vlan <group name> netmask <netmask> - To save the changes you just made, type the following command:
b save - Last, to save the entire base network configuration, type the following command:
b base save
The 3-DNS Controller saves the changes and you can now use the 3-DNS Controller in bridge mode.
Moving objects from the Default data center to a newly-created data center
The following instructions describe how to move objects from the default data center to a data center that you create.
To move objects from the data center, Default, to a newly-created data center
- In the navigation pane, click Data Centers. The Data Centers screen opens.
- On the toolbar, click Add Data Center.
The Add New Data Center screen opens. - Add the settings for your new data center, and click Add.
The new data center is added to the configuration, and the Data Centers screen opens. - On the Data Centers screen, click the Remove button for the Default data center.
A popup screen opens, where you can select the new data center for any objects that are currently in the Default data center. - In the Data Center column, select the data center that you just created, and click Update. Note that you must do this for each of the listed objects.
The Data Centers screen opens, and the Default data center is no longer listed.
Removing a controller from a sync group
If you are upgrading the software on 3-DNS Controllers that are in a sync group, you must remove the controllers from the sync group before you apply the software. This is because the synchronization process cannot synchronize controllers that are running different software versions, including different PTF versions.
Note: You can re-create the sync group once you have upgraded the software for all of the controllers that belong to the sync group.
To remove a controller from a sync group using the Configuration utility
- In the navigation pane, click 3-DNS Sync.
The Synchronization screen opens. - In the Remove column, next to the controller that you want to remove from the sync group, click the Remove button.
A popup screen opens to confirm the removal of the controller. - Click OK.
The screen refreshes, and the controller is no longer listed as a member of the sync group. - Repeat these tasks for any additional sync group members that you want to remove from the sync group.
Alternately, you can remove the entire sync group, instead of removing the controllers one at a time.
To remove a sync group using the Configuration utility
- In the navigation pane, click 3-DNS Sync.
The Synchronization screen opens. - On the toolbar, click Remove this Group.
A popup screen opens to confirm the removal of the sync group. - Click OK.
The screen refreshes, and the Add a New Sync Group screen opens, where you can re-create your sync group once you have upgraded the software on all of the controllers that belong to the sync group.
Resetting the SSH key
The following instructions describe how to reset the SSH key for a system that you have upgraded using a CD.
To reset the SSH key for an updated 3-DNS Controller
- From the command line of each 3-DNS Controller in the sync group that has not been upgraded, change to the /root/.ssh/ directory.
- In the known_hosts file, the authentication_keys file, and the authentication_keys2 file, remove the SSH key for the upgraded system. (The upgraded system's IP address is part of the key name in the file.)
- Run the 3dns_add script to upgrade the controller to the new software:
3dns_add
The script imports the upgraded controller's configuration to the controller that has not yet been upgraded.
Setting the host prober IP address to the default
In the Configuration utility, on the Modify Host screen, when you change the prober IP address to a value other than the default, and later try to change it back to the default, 127.0.0.1, the change does not take effect. If you have modified the prober IP address, and you now want to return it to the default setting, you can do so using the following process.
To return the host prober IP address to the default setting
- From the command line, open the wideip.conf file using the text editor of your choice (vi or pico).
- In the wideip.conf file, locate the host definition that you want to modify.
- In the host definition, locate the prober variable, and change the address to 127.0.0.1.
- Save and close the wideip.conf file.
- Commit the changes, and update the system by typing:
3ndc reload
Turning off the auto-discovery process for a BIG-IP system
You can turn off auto-discovery for a BIG-IP system using the following process. We recommend that you do not use auto-discovery when you are managing a non-routable address space with the BIG-IP system.
To turn off auto-discovery for a BIG-IP system
- In the navigation pane, click BIG-IP.
The BIG-IP List screen opens. - In the BIG-IP name column, click the name of the BIG-IP system that you want to modify.
The Modify BIG-IP screen opens. - In the Discovery box, select OFF.
- Click Update.
The Configuration utility updates the configuration with the changes.
Using the Global Availability or Ratio load balancing mode within a pool
The following instructions describe how to configure the Global Availability or Ratio load balancing mode within a pool. You need to use these instructions only if you meet the criteria listed in the Using the Global Availability or Ratio load balancing mode within a pool item in the Known Issues section.
To configure Global Availability or Ratio load balancing within a pool in a new wide IP
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens. - On the toolbar, click Add Wide IP.
The Add a New Wide IP screen opens. - Type the settings for the new wide IP, and click Next.
The Configure Load Balancing for New Pool screen opens. - Select a load balancing mode other than Global Availability in all of the following lists:
- Load Balancing Modes, Preferred
- Load Balancing Modes, Alternate
- Load Balancing Modes, Fallback
Note that you can accept the default settings, rather than changing the settings. - Click Next.
The Select Virtual Servers screen opens. - Once you have finished configuring the virtual servers for the pool, click Finish to save your changes.
- On the Wide IP List screen, select the wide IP that you just created.
- On the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens. - Click the pool that you just created.
The Modify Load Balancing for [pool name] screen opens. - Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred, or the Load Balancing Modes, Alternate, or the Load Balancing Modes, Fallback list, and click Update.
The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.
To configure Global Availability or Ratio load balancing within a pool in an existing wide IP
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens. - On the toolbar, click Add Pool.
The Configure Load Balancing for New Pool screen opens. - Select a load balancing mode other than Global Availability in all of the following lists:
- Load Balancing Modes, Preferred
- Load Balancing Modes, Alternate
- Load Balancing Modes, Fallback
Note that you can accept the default settings; you do not have to change the settings. - Once you have finished configuring the pool, click Finish to save your changes.
The Wide IP List screen opens. - In the Pools column, select the pools for the wide IP that you just modified.
The Modify Wide IP Pools screen opens. - In the Pool Name column, click the name of the pool that you just created.
The Modify Load Balancing for [pool name] screen opens. - Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred list, or the Load Balancing Modes, Alternate list, or the Load Balancing Modes, Fallback list, and click Update.
The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.