Release Notes : 3-DNS Controller Release Note

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 2.0.0
Release Notes
Updated Date: 04/18/2019

Summary:

Contents:

Installing the upgrade

The following instructions explain how to install the 3DNS Controller version 2.0 onto existing systems.  Note that the sum file available on the FTP site provides the checksum numbers for the upgrade files.

  1. Click here and follow the instructions for using the F5 Networks FTP site.

  2. Download the appropriate file (3dns20domkit.f5.tar for domestic users or 3dns20intkit.f5.tar for international users) to the /var/tmp/ directory on the target 3DNS Controller.

  3. Verify the integrity of the file using the sum command:
    <file name>

  4. Extract the kit file in the /var/tmp/ directory:
    cd /var/tmp
    tar -xvf 3dns20domkit.f5.tar
    (for domestic users, or 3dns20intkit.f5.tar for international users).

  5. Verify the integrity of each extracted file by typing the command:
    ./checksum

  6. Run the upgrade install script in the /var/tmp directory:
    ./upgrade_install

    After the upgrade install script completes, the 3DNS Controller prompts you to enter configuration information for the 3DNS web server and for NameSurfer, the third-party DNS zone file management application.

  7. Enter the web server configuration information.  The 3DNS Controller prompts you to enter the host name on the external interface, and on US 3DNS Controllers, it prompts you to enter information used for the web server certificate.  (Does not apply if you are upgrading from version 2.0BETA1.)

  8. Enter the NameSurfer configuration information.  The 3DNS Controller prompts you to choose whether you want the NameSurfer application to control DNS zone file management.  You need to allow NameSurfer to control the zone file management only for the 3DNS Controller that is authoritative for the zone.  All other 3DNS Controllers copy the zone files from the primary 3DNS Controller.  (Does not apply if you are upgrading from version 2.0BETA1.)

  9. Restart the 3DNS Controller.
    sync
    sync
    reboot

Note:   Once you install the 3DNS Controller software, you need to install new versions of the big3d agent on all BIG/ip Controllers managed by the 3DNS Controller.  Use the Install and Start big3d command on the 3DNS Maintenance menu to install the new version of the big3d agent.

Once you install the software update, refer to the Configuring and using the new software section below, which contains important information about required configuration changes and new configuration options.


What's new in this version

New features and enhancements

  • Replacement for the 3DNS Web Administration tool
    The F5 Configuration utility now replaces the 3DNS Web Administration tool.  The Configuration utility is a browser-based application that you use to configure standard 3DNS Controller features including wide IPs, virtual servers, data centers, and production rules.  Note that the new Configuration utility includes all of the statistical information that was previously available in the Web Administration tool.  For details, see Working with the F5 Configuration utility.
    Warning:    At this time the F5 Configuration utility does not support using more than two pools for load balancing. Also, you cannot configure the names of pools using the Configuration utility. If your wideip.conf file includes multiple pools, do not use the F5 Configuration utility.

  • SNMP probing for hosts
    The 3DNS Controller now supports SNMP probing for hosts that run one of the following types of SNMP agents:  UCD snmpd, Solstice Enterprise, and the NT/4.0 SNMP agent.  You must have BIG/ip version 2.1.1 or later to use SNMP probing.  To set up probing for hosts using SNMP, see Configuring host SNMP probing.

  • Production rules
    The 3DNS Controller now supports production rules, which you use to dynamically change your 3DNS Controller configuration at specific times of the day, or under certain operating conditions. For example, you can switch from static load balancing to dynamic load balancing during the time of day when you expect network traffic to be at its peak.  For details, see Working with production rules.

  • SNMP support for the 3DNS Controller
    The 3DNS Controller now supports an SNMP agent and a proprietary MIB that allows SNMP management applications to read statistical data about the current performance of the 3DNS Controller.  For details about setting up SNMP on the 3DNS Controller, see Setting up the SNMP agent on the 3DNS Controller.

  • Data centers and sync groups
    The 3DNS Controller now allows you to create logical groups of network equipment that reside in the same physical location.  For example, you could view a list of BIG/ip Controllers and host machines that are housed in your New York data center, and these BIG/ip Controllers and host machines can share the path probing responsibilities.  For details about setting up data centers when you upgrade your software, see Configuring and using the new software below.

  • New load balancing mode
    The 3DNS Controller now supports a new load balancing mode called Hops.  The new Hops mode bases load balancing on the number of intermediate system transitions the client makes before connecting to the virtual server (the 3DNS Controller selects virtual servers that require the fewest transitions [or hops]).  For details about the new load balancing mode, see Additions to the wideip statement in the following section.

  • New wide IP attribute
    The 3DNS Controller now supports a new attribute called LDNS round robin.  When you apply the LDNS round robin attribute, the 3DNS Controller returns a full list of available servers for name resolution.  Certain types of browsers cache the list of available servers and use the list for subsequent connections, rather than returning to the 3DNS Controller for a fresh name resolution.

  • New options for the Quality of Service load balancing mode
    The Quality of Service load balancing mode supports two new options.  The qos equation includes a new coefficient called hops.  The hops coefficient is based on the number of intermediate system transitions between the client and the LDNS.  The fewer number of transitions (or hops), the higher the score.  The Quality of Service load balancing mode also supports a new option called Dynamic Ratio.  When you use Dynamic Ratio, the 3DNS Controller treats qos scores as ratios, and it uses each server in proportion to the ratio determined by the qos calculation.   For details about these new load balancing options, see Additions to the wideip statement in the following section.

  • Addition of NameSurfer, a third-party application for editing zone files
    The F5 Configuration utility provides direct access to NameSurfer, a browser-based application that you use to edit DNS zone files.  You can open the NameSurfer application directly from the Configuration utility by clicking the NameSurfer icon in the navigation pane.  You can find a PDF version of the NameSurfer administration guide on the F5 Configuration utility home page (see the list of documentation for third-party products), and the NameSurfer application itself provides online help.

  • Hardware redundancy
    The 3DNS Controller supports enhanced reliability including hardware redundant systems, synchronization, multiple interfaces to the network, and the ability to broadcast metrics to all systems in the network.  If you would like to take advantage of these features, please contact F5 technical support for more information.

  • New versions of the big3d agent
    The 3DNS Controller includes a new big3d agent for BIG/ip Controller version 2.1; you must have version 2.1 or higher of the BIG/ip Controller as a minimum requirement.  Note that you must install the new big3d agent as part of the 3DNS Controller upgrade process--use 3dnsmaint or big3d_install.

Configuring and using the new software

Updated documentation

To ensure you have the most up-to-date documentation, check our technical support site, AskF5

Required configuration changes

The configuration changes described below are required, but you need to make these changes only to each 3DNS Controller that runs as a data collector.  The new sync group feature allows the 3DNS Controllers that run as data copiers to synchronize their configurations to the data collector 3DNS Controller in their sync group.  Note that the upgrade install automatically makes required syntax changes to the wideip.conf file.

Setting up data centers

A data center represents one or more 3DNS Controllers, BIG/ip Controllers and host machines that are in a specific physical location.   The 3DNS Controller upgrade script automatically creates a temporary data center name for each 3DNS Controller, host, and BIG/ip Controller defined in the configuration. The upgrade script uses the following naming scheme where <IP address> is the IP address of the BIG/ip Controller or host machine itself:
implicit-<IP address>

After you run the upgrade install script, you need to open the F5 Configuration utility and change the temporary data center names to the real data center names.  For configurations where you have multiple 3DNS Controllers, BIG/ip Controllers, or host machines in a data center, you need to change one of those temporary data center names to the real data center name, move the remaining 3DNS Controllers, BIG/ip Controllers or host machines into that data center, and then delete the remaining temporary data center names.

To setup and modify data centers in the F5 Configuration utility:

  1. Open a web browser and connect to the 3DNS Controller.  Note that on US 3DNS Controllers, you need to use https in the host address, rather than http. On international 3DNS Controllers, you need to use http in the host address.

  2. Type your user ID and password, when prompted, to connect to the 3DNS Controller home page.

  3. In the 3DNS Controller home page, click Configure your 3DNS Controller using the F5 Configuration utility.
    The F5 Configuration utility opens and displays configuration options in the navigation pane on the left side of the screen.

  4. In the navigation pane, click Data Centers.
    The Data Centers screen opens.

  5. In the toolbar, click Add Data Center.

  6. In the appropriate boxes, type the Name, Location, and Contact information, and click Add. The Data Centers screen opens with the new data center added to the list.

  7. Next to the implicit data center you want to delete, click Remove. The Add Server to New Data Center screen opens.

  8. From the Data Center column, select the data center to which you want to add each server.

    Repeat the previous three steps until you have deleted all of your implicit data centers.

  9. Add additional data centers if needed.

Once you have added and defined all of your data centers you should start the next task of the upgrade process and begin defining 3DNS servers.

Creating 3DNS servers

Before you can create a sync group, you need to define each machine that goes into the sync group.  The existing bigip and host statements are converted to server statements when the wideip.conf file runs through the upgrade script.  You need to define 3DNS servers so that the corresponding server statements can be added to the wideip.conf file. 

For each 3DNS server that you need to set up:

  1. Open your web browser and connect to the 3DNS Controller.  Note that on US 3DNS Controllers, you need to use https in the host address, rather than http. On international 3DNS Controllers, you need to use http in the host address.

  2. Type your user ID and password, when prompted, to connect to the 3DNS Controller home page.

  3. In the navigation pane, click 3DNS Servers.
    The 3DNS Server Addresses screen opens.

  4. In the toolbar, click Add 3DNS Server.
    The Add New 3DNS Server screen opens.

  5. In the 3DNS Server IP Address box, type the IP address of the 3DNS Controller.

  6. In the 3DNS Server Name box, type the host name of the 3DNS Controller.

  7. If you want the 3DNS Controller to use a secure or encrypted shell (ssh) to access the controller, check the Secure box.  International controllers do not support this method, so if this is an international controller, clear the Secure box, and a non-encrypted shell (rsh) will be used.

  8. In the User box, type the user name of the person who has administrative access to the 3DNS Controller.

  9. In the Factories group, check each type of probing factory that you want to run on the 3DNS Controller, and also enter the number of factories that you want to run for each type.

  10. In the Interface Settings group, type the IP address of each NIC card installed on the 3DNS Controller.

  11. Click Next.
    The Data Centers screen opens.

  12. In the Data Centers screen, select the data center where the 3DNS Controller is located, and click Finish.
    You return to the list of 3DNS Servers.  To add an additional 3DNS Server, repeat steps 3 through 10.

Creating the sync group

Sync groups define the group of 3DNS Controllers that synchronize their configuration settings and metrics data.  Note that you define the sync group only on the data collector 3DNS Controller, and that all of the data copier 3DNS Controllers that you add to the sync group synchronize their configuration settings and their metrics data to the data collector 3DNS Controller that you are configuring.

Note:  Each 3DNS Controller in your network must be included in a sync group.  If you do not want to synchronize the configuration between controllers, you can create an individual sync group for each controller; you must do this by modifying the wideip.conf file, as the Configuration utility does not support this function.

  1. In the navigation pane, click 3DNS Sync.
    The System - Synchronization screen opens.

  2. In the sync group box, type the name of the new sync group and click Add Group.

  3. In the toolbar, click Add to Group.
    The Add a 3DNS to a SyncGroup screen opens.

  4. In the list of 3DNS Controllers, check the box next to the IP address of each 3DNS Controller that you want to add to the sync group.

  5. Click Add.

New configuration options

New load balancing modes and options

3DNS Controller 2.0 supports the new load balancing options outlined in the following table.

Load Balancing Mode Description
Hops A new dynamic load balancing mode that bases load balancing on the number of intermediate system transitions between a local DNS and a virtual server.  The 3DNS Controller chooses the virtual server with the least number of transitions (or hops) between the local DNS and the virtual server.
Quality of Service The Quality of Service load balancing mode supports two new options:  a hops coefficient, and a dynamic_ratio wide IP attribute, which allows the 3DNS Controller to use qos scores as ratio weights.  If you use the dynamic ratio feature, the 3DNS Controller uses all virtual servers for load balancing in proportion to their qos scores.  The dynamic ratio feature can be used with any dynamic load balancing mode.

Additions to the globals statement

There are a series of new variables added to the globals statement.

Parameter Description
3dns_ttl  Defines the number of seconds that the 3DNS Controller considers performance data for other 3DNS Controllers in the sync group to be valid.  The default setting is 60 seconds.
default_ttl  Defines the number of seconds that the 3DNS Controller considers the returned A record to be valid. This global provides the default value for the wideip ttl; that is, if you do not specify the ttl in a wideip statement, it takes on the value of this global.  The default setting is 30 seconds.
qos_coeff_hops  Defines the relative weighting for the number of intermediate system transitions (or hops) when the load balancing mode is set to Hops. You can enter a value between 0 and 100. The default setting is 0.
qos_factor_completion_rate  Defines the default coefficient applied to completion rate data in a qos equation.  This global is not new; it has simply been renamed (the original name was qos_factor_hit_ratio )  The default setting is 10000 seconds.
time_tolerance  Defines the number of seconds that one 3DNS Controller's time setting is allowed to be out of sync with another 3DNS Controller's time setting. If the difference between the times on the controllers is higher than the time tolerance, the time setting on the controller running behind is reset to match the controller with the most recent time. For example, if the time tolerance is 5 seconds, and one 3DNS Controller is running 10 seconds ahead of the other, the controller running behind has its time reset to match the one running 10 seconds ahead. If the second controller was running only 2 seconds ahead of the other, the time settings would remain unchanged. The values are 0, 5, and higher. (1-4 will automatically be set to 5, and 0 will turn time syncing off.) The default setting is 10 seconds.

Note that for the new 3DNS Controller sync group feature, the time setting on 3DNS Controllers is important because a 3DNS Controller compares time stamps on files when deciding whether to synchronize files with other 3DNS Controllers in the sync group. The synchd daemon, which controls file synchronization, compares the time stamps on files only if the time settings on the controllers themselves are either the same, or if the difference falls within the time_tolerance setting (if the time on the controllers is out of sync, the time stamps on the files are considered invalid and syncd does not synchronize any files).
timer_get_3dns_data  Sets the frequency for retrieving performance data for other 3DNS Controllers in the sync group.  The default setting is 20 seconds.
timer_get_trace_data  Sets the frequency for retrieving trace route data (traces routes between each data center and each local DNS).  The default setting is 60 seconds.
trace_ttl  Sets the number of seconds that the 3DNS Controller considers trace route data to be valid.  The default setting is 604800 seconds (7 days).
timer_persist_cache  Sets the frequency for dumping paths and other metrics data.  The default setting is 600 seconds (5 minutes).
trace_route_port  Defines the port used by traceroute to calculate the number of hops.  The default setting is 33434.

Changes to the wideip.conf file

The wideip.conf file contains several new syntax options, including a new generic server statement that replaces the bigip and host statements, and two other new statements, data center and sync_group.  Note that the functionality of the primary_ip substatement is replaced by the new sync_group statement.  The new syntax options for the different statement types are described below.

Additions to the wideip statement

The wideip statement contains the following syntax changes:

  • New load balancing mode
    The new hops load balancing mode is a dynamic mode that you can use as the preferred load balancing mode in a pool substatement.

  • New qos coefficient
    The Quality of Service load balancing mode now supports a hops coefficient.

  • Dynamic Ratio
    The dynamic_ratio wide IP attribute allows you to use qos scores as ratio weights. When you have dynamic ratio turned off, the 3DNS Controller uses only the server with the highest qos score for load balancing. When you have dynamic ratio turned on, the 3DNS Controller uses each server for load balancing in proportion to its qos score.

The following wideip statement highlights the new syntax and provides sample configuration settings:

wideip {
   address 192.168.102.70
   port 80
   port_list 80 443
   name "www.domain.com"
   alias "home.domain.com"
   ttl 120
   qos_coeff {
      rtt 20
      completion_rate 5
      packet_rate 3
      topology 1

      hops 3
   }
 pool_lbmode rr
   pool {
      name "New York"
      type vsb
      ratio 2

      dynamic_ratio yes
      preferred qos
      alternate ratio

      fallback rr
      address 192.168.101.50 ratio 2
      address 192.168.101.60 ratio 1
      address 192.168.101.70 ratio 1
   }
   pool {
      name "Los Angeles"
      type vsb

      preferred hops
      alternate rr
      fallback return_to_dns
      address 192.168.102.50
      address 192.168.102.60
      address 192.168.102.70
   }
}

New datacenter statement

The datacenter statement is required and it defines the group of 3DNS Controllers, BIG/ip Controllers, and hosts that reside in a single physical location. You can have any number of 3DNS Controllers, BIG/ip Controllers, and host statements defined in each data center. The datacenter statement uses the following syntax:

datacenter {
    name "<data center name>"
    3dns <IP address>
    bigip <IP address>
    host <IP address>
}

New sync_group statement

The sync_group statement is also required and it defines the group of 3DNS Controllers that synchronize their configuration settings and metrics data. Note that the sync group should not contain the other 3DNS Controllers running in the network; it should only contain its own 3DNS Controller. The sync_group statement uses the following syntax:

sync_group {
    name "<sync group name>"
    3dns <IP address>
    3dns <IP address>
}

New server statement

The server statement replaces both the bigip and host statements, and can define three different server types: 3DNS Controllers, BIG/ip Controllers, and hosts.  Note that the server statement syntax varies depending on the type of server you are defining.  For example, for BIG/ip and 3DNS Controllers, the server statement allows you to define the number of path probing factories you want to run on the server (see the factories substatement below).  However, for host servers you can define settings for SNMP agents running on host machines, enabling 3DNS to gather richer metrics for monitoring and load balancing.

The following server statement syntax applies to BIG/ip Controller servers only:

server {
    type bigip
    address <IP address>
    name "<bigip host name>"
    remote {
         secure <yes | no>
         user "<user ID>"
    }
    interface {
         address <NIC IP address>
         address <NIC IP address>
    }
    factories {
          prober <number>

          discovery <number>
          snmp <number>
          hops <number>
     }
     vs {
          address <virtual server IP address>
          port <port number> | service "<service name>"
          translate {
              address <IP address>
              port <port number>
          }
     }
}

The following server statement syntax applies to 3DNS Controller servers only.  Note that it does not contain individual virtual servers; one purpose of defining a 3DNS Controller server is to set up the big3d agent to obtain path probing and other metrics information; the other purpose is to set up sync groups.

server {
    type 3dns
    address <IP address>
    name "<3dns host name>"
    remote {
         secure <yes | no>
         user "<user ID>"
     }
    interface {
         address <NIC IP address>
         address <NIC IP address>
     }
     factories {
          prober <number>

          discovery <number>
          snmp <number>
          hops <number>
     }
}

The following server statement syntax applies to host servers only.  Note that you need the snmp substatement only if you want the big3d agent to collect metrics information from an SNMP agent on the host.

server {
    type host
    address <IP address>
    name "<host name>"
    probe_protocol <tcp | udp | icmp>
    port <port to probe>
    snmp {
         agent <generic | ucd | solstice | ntserv>
         port <port number>
         community "<community string>"
         timeout <seconds>
         retries <number>
         version <SNMP version>
     }
     vs {
          address <virtual server IP address>
          port <port number> | service "<service name>"
          probe_protocol <tcp | udp>
     }
}

 


Working with the F5 Configuration utility

Warning:    Before configuring your 3DNS Controller, decide whether you want to configure it by modifying the wideip.conf file or by using the F5 Configuration utility. To prevent problems, you should use only one of these methods, not both.

The F5 Configuration utility is a browser-based application that you use to configure and monitor the 3DNS Controller.  The F5 Configuration utility supports Netscape Navigator, version 4.5, and Internet Explorer, version 4.x.

The F5 Configuration utility displays a navigation pane in the left side of the browser, and a configuration or monitor screen in the right side of the browser. 

The navigation pane provides the following links:

  • System
    Opens the System - General screen shown above.  In the System - General screen you set general system settings for the 3DNS Controller, and you can use the items on the toolbar to specify settings for various global values.

  • BIG/ips
    Opens the BIG/ips screen where you define the BIG/ip Controllers and corresponding virtual servers that the 3DNS Controller uses for load balancing and for running the big3d path probing agent.

  • Hosts
    Opens the Host Servers screen where you define the host machines and corresponding virtual servers that the 3DNS Controller uses for load balancing.

  • 3DNS Servers
    Opens the 3DNS Server Addresses screen where you define the other 3DNS Controllers in the network.

  • Wide IPs
    Opens the Wide IP List screen where you define the wide IPs for each domain that you want to load balance.

  • Topology
    Opens the Configure Topology screen where you define topology settings, and add local DNS servers and virtual servers to the list of topology records.

  • Data Centers
    Opens the Data Centers screen where you define groups of machines that reside in the same physical location.

  • 3DNS Sync
    Opens the System - Synchronization screen where you define the group of data copier 3DNS Controllers that copy metrics data from the current data collector 3DNS Controller.

  • IP Filters
    Opens the IP Filters screen where you define filters that block network traffic based on source IP addresses or destination IP addresses.

  • SNMP
    Opens the SNMP Configuration screen where you set up the 3DNS SNMP agent.

  • Production Rules
    Opens the Production Rules Wizard where you define rules that change load balancing settings based on network traffic patterns or time of day.

  • NameSurfer
    Opens the NameSurfer application that you use to manage DNS zone files.

  • Statistics
    Expands the list of available statistics screens including 3DNS, BIG/ips, probers, hosts, virtual servers, paths, local DNS, wide IPs, globals, summary statistics, data centers, and sync groups.

  • Log Files
    Expands the list of available log files including the system log and the 3DNS log.

  • User Admin
    Opens the User Administration screen where you define new user accounts and set user access privileges.


Configuring host SNMP probing

The 3DNS Controller obtains host metrics data by requesting that a big3d agent establish a conversation with an SNMP agent running on the host.  The 3DNS Controller then uses the metrics for load balancing.

The 3DNS Controller supports the following host SNMP agents:

  • Generic
    The 3DNS Controller can work with a generic SNMP agent running on a host.

  • UCD SNMPD
    The UCD SNMPD is a free SNMP agent provided by the University of California at Davis. It is freely available on the web at http://ucd-snmp.ucdavis.edu, or you can download the ucd-snmp.tar.gz file from ftp://ucd-snmp.ucdavis.edu.

  • Solstice Enterprise
    The Solstice Enterprise agent is a product of SunSoft.

  • Windows NT 4.0 SNMP
    The Windows NT 4.0 SNMP matrix agent is distributed with the Microsoft Windows NT 4.0 server.

To set up host SNMP probing, you need to include the snmp substatement in the server statement for the host.  In the snmp substatement, you can either specify one of the supported SNMP agents in the agent line (see the highlighted agent line below), or you can leave the agent line out of the substatement in which case the big3d agent uses the generic SNMP agent.

server {
   type host
   address 192.168.254.206
   snmp {
      agent ucd
      port 161
      community "public"
      timeout 1
      retries 3
      version 1
      }
   vs {
      address 192.168.101.4
   }
   : : :
}

Note:  For host probing to work, you need to verify that the SNMP agent is properly configured on the host.  The following sections offer some tips and hints on configuring each type of supported SNMP agent, but you may want to refer to the documentation provided with your SNMP software for more complete configuration information.

Configuring the UCD SNMP agent on the host

The UCD SNMP agent runs on HP-UX, Ultrix, Solaris, SunOS, OSF, NetBSD, FreeBSD, BSDi, Linux, AIX, OpenBSD, Irix, Windows 95, and Windows NT.   Please refer to the ucdFAQ.txt file for details.  On UNIX and UNIX-like systems, the default location for the configuration and MIB files is in the /usr/share/snmp directory.   You can find help on snmpd options in the snmpd man page.

A sample configuration file in /usr/share/snmp/snmpd.conf is as follows.  This file configures the SNMP agent to define a community named wideip that can be probed from the address 192.168.254.240.  It allows read access of the entire SNMP MIB tree, but does not allow write access.

------------------------begin /usr/share/snmp/snmpd.conf----------------------------------------
#
# To allow write access to the 'system' subgroup from the local network
# with the community string "sysadmin":
#
# - amend the "source" address in the com2sec section
# to match your local network address
# - uncomment the "access admin" line below
#
# You are also strongly advised to change the community string
# to something other than "sysadmin"
# sec.name source community
com2sec local localhost private
com2sec 3dns 192.168.254.240/32 wideip
# sec.model sec.name
group local any local
group public any public
group 3dnsgroup any 3dns
# incl/excl subtree mask
view all included .1 80
view system included system fe
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
# context sec.model sec.level prefix read write not
#access admin "" any noauth 0 mib2 system none
access public "" any noauth 0 system none none
access local "" any noauth 0 all all all
access 3dnsgroup "" any noauth 0 all none none
----------------------eof /usr/share/snmp/snmpd.conf-------------------------------------------

The following is the corresponding server statement for the host:

server {
    type host
    address 192.168.254.4 # address of host + SNMP agent
    prober 192.168.254.240 # SNMP prober reader
    snmp {
       agent ucd
       community wideip
    }
    vs {
       address 192.168.254.201
    }
    : : :
}

Configuring the Solstice SNMP agent on the host

The Solaris or SunOS 5.x should include the Solstice Master Agent in the distribution CD.  The following is a sample configuration that should work for host probing.

-----------------------begin /etc/snmp/conf/snmpd.conf-------------------------------------
# Copyright 1988 - 01/28/97 Sun Microsystems, Inc. All Rights Reserved.
#pragma ident "@(#)snmpd.conf 2.22 97/01/28 Sun Microsystems"
# See below for file format and supported keywords
sysdescr Sun SNMP Agent,
syscontact System administrator
sysLocation System administrators office
#
system-group-read-community public
#system-group-write-community private
#
read-community public
#write-community private
#
trap localhost
trap-community SNMP-trap
#
#kernel-file /vmunix
#
#managers 192.168.254.240
#############################
# File Format:
# Each entry consists of a keyword followed by a parameter string,
# terminated by a newline. The keyword must begin in the first
# position. The parameters are separated from the keyword (and from
# one another) by whitespace. All text following (and including) a '#'
# character is ignored. Case in keywords is ignored, but case in
# parameter strings is NOT ignored.
# Supported Keywords:
# sysdescr String to use for sysDescr.
# syscontact String to use for sysContact.
# syslocation String to use for sysLocation.
# system-group-read-community Community name needed for read access
# to the system group.
# system-group-write-community Community name needed for write access
# to the system group.
# read-community Community name needed for read access
# to the entire MIB.
# write-community Community name needed for write access
# to the entire MIB (implies read access).
#
# trap Host names where traps should be sent.
# A maximum of 5 hosts may be listed.
# trap-community Community name to be used in traps.
#
# kernel-file Filename to use for kernel symbols.
#
# managers Hosts that can send SNMP queries.
# Only five hosts may be listed on any one line.
# This keyword may be repeated for a total of 32 hosts.
#
# newdevice Additional devices which are not built in snmpd
# format as below
#
# newdevice type speed name
#
# where newdevice is keyword, type is an interger which has to match your
# schema file, speed is the new device's speed, and name is this new
# device's name
-------------------------eof /etc/snmp/conf/snmpd.conf----------------------------------------

This allows 192.168.254.240 to query the Solstice SNMP agent. And, its community is public. The wideip.conf would be similar to the example for UCD except that the community is "public".

Configuring the Windows NT 4.0 SNMP agent on the host

To configure the Windows NT 4.0 SNMP agent, you need to complete the following tasks. 

  • Install the SNMP agent via the Network Services
    1. Right-click the Network Neighborhood icon on your desktop.
    2. From the popup menu, select Properties.
    3. In the Properties dialog box, click the Services tab.
    4. Click Add, and then choose the SNMP service from the service list.
    5. Configure community name, IP address allowed to query, etc., so as to reflect the same configuration as specified in wideip.conf.
    Please note that whatever service pack you have previously installed into your Windows NT server you must reinstall in order for the SNMP agent to work.

  • Configure the SNMP server
    When you configure the SNMP server, you need to provide the contact, community, and permission information that allows the big3d agent to read the SNMP MIB.  Note that you cannot change the SNMP configuration when the SNMP service is running.  You can temporarily stop the SNMP service by typing net stop snmp at the command prompt, and you can restart the service by typing net start snmp when you are finished making configuration changes.

  • Install Windows NT Resource Kit
    If you are doing a typical setup, you should install the Windows NT Resource Kit if it is not already installed on the server. These utilities should provide you with the following important files: MIBCC.EXE (MIB compiler), SNMPMON.EXE (SNMP monitor), SNMPUTIL.EXE (get/walk/getnext utility), PERF2MIB.EXE, LMMIB2.MIB, MIB_II.MIB, and SMI.MIB.

  • Verify that the SNMP server is running
    Go to the Services tab to make sure the SNMP server is up and running.  From the directory where you installed the resource kit utilities, run the following at the command prompt c:\utilities\perfm. The perfm.bat file effectively creates the performance monitoring agent's .dll, automatically loads it, and then restarts the SNMP agent.

  • Verify the installation
    To verify that the Windows NT SNMP is working, go to the 3DNS Controller or BIG/ip Controller that runs the big3d SNMP prober.  Run either the snmptest or snmpwalk commands.

Warning:  We strongly recommend that you do not run a screensaver on your Windows NT server when it is running an SNMP agent.  If you run a screensaver and the SNMP agent simultaneously, the CPU utilization reported by NT may show as 100% busy.


Working with production rules

Production rules essentially allow you to set the 3DNS Controller configuration to change based on current network traffic patterns or on time of day.  For example, you can configure a production rule that changes the load balancing mode to QOS during peak business hours.  A production rule applies to an individual wide IP, and it needs to be defined within the wideip statement.

The following sample production rules are actually an excerpt from the sample wideip.conf file provided on the 3DNS Controller. 

If you are creating a wide IP production rule, make sure the pool name in the wideip.conf file is named either vsb or vsh.  If you are creating the production rule through the F5 Configuration utility, this does not apply.

Note that if you want to set up production rules, we recommend that you contact F5 technical support for detailed information on syntax rules and general implementation options.

wideip {
   address           192.168.101.50
   service           "http"
   name              "www.wip.domain.com"
   ttl               60      // increase the domain default ttl
   qos_coeff {
      rtt             21
      hops            0
      completion_rate 7
      packet_rate     5
      topology        1
   }
   pool {
      name           "Pool_1"
      ratio          2         // applies to pool_lbmode == ratio

      preferred      leastconn
      alternate      ratio

      // Production rules can start anywhere after the pool name
      // and before the virtual servers.

      // Add some special rules to switch lbmodes:
      //   Weekday 6am-5pm: qos
      //   Weekday 5pm-6am: leastconn
      //   Weekend        : packet_rate

      /*** If a weekday ***/
      rule "myRule1"
      if(day != "sat" && day != "sun") {

         /*** If during business hours 6am-5pm, do QOS ***/
         rule "myRule2"
         if(preferred != "qos" && (time >= "6:00" && time <= "17:00")) {

            // switch the lbmode and log a message that it happened
            preferred qos
            log("Switching preferred to $preferred")
         }

         /*** Otherwise, do least connections ***/
         else {
            rule "myRule3"
            if(preferred != "leastconn") {
               preferred leastconn
               log("Switching preferred to $preferred")
            }
         }
      }

      /*** If weekend, switch to packet rate ***/
      else {
         rule "weekendPolicy"
         if(preferred != "packet_rate") {
              preferred packet_rate
              log("Switching preferred to $preferred")
         }
      }

      address       192.168.101.50   ratio 2
      address       192.168.102.50   ratio 1
      address       192.168.103.50   ratio 1

   }
   pool {
      name           "Pool_2"
      type           VSb
      ratio          1
      preferred      rr
      address       192.168.102.60   ratio 2
      address       192.168.103.60   ratio 1
   }
}


Setting up the SNMP agent on the 3DNS Controller

The 3DNS Controller now supports an SNMP agent that is automatically started when you complete the 2.0 upgrade process (note that you have to enter additional SNMP configuration information before you can use the SNMP agent).  The 3DNS SNMP agent and MIBs allow you to manage the 3DNS Controller by configuring traps for the SNMP agent or polling the controller with your standard network management station (NMS).   You can use the F5 Configuration utility to set up the 3DNS SNMP agent, or you can set up custom traps by editing several configuration files.

Note that the 3DNS SNMP MIB offers security options including:

  • Community names
  • TCP wrappers
  • View access control mechanism (VACM)

Downloading the MIBs

SNMP management software requires that you use the MIB files associated with the device. You may obtain two MIB files from the 3DNS directory /usr/contrib/f5/mibs, or you can download the files from the Additional Software Downloads section of the F5 Configuration utility home page.

  • 3dns.my
    This is a text-format vendor MIB that contains specific information for properties associated with specific F5 functionality, such as load balancing.

  • rfc1611.my
    This is a text-format DNS server MIB (RFC 1611) that provides standard management information.

For information about the objects defined in 3dns.my, refer to the descriptions in the object identifier (OID) in the F5 section of the MIB file. For information about the objects defined in rfc1611.my, refer to RFC 1611.

Understanding configuration file requirements

You need to make changes to several configuration files on the 3DNS Controller before you use the SNMP agent. Once you change these configuration files, you need to restart the SNMP agent.


/etc/hosts.deny

This file must be present to deny, by default, all UDP connections to the SNMP agent. The contents of this file are as follows:

ALL : ALL


/etc/hosts.allow

The /etc/hosts.allow file specifies the hosts that are allowed to access the SNMP agent. You can configure access to the SNMP agent with the /etc/host.allow file in one of two ways: either type an IP address, or list of IP addresses, that are allowed to access the SNMP agent, or type an IP address and mask to allow a range of addresses in a subnetwork to access the SNMP agent.

For a specific list of address, type the list of addresses you will allow access to the SNMP agent. Addresses in the list must be separated by blank space or commas. The basic syntax is as follows:

daemon: <IP address> <IP address> <IP address>


For example, you can type the following line which sets the SNMP agent to accept connections from the IP addresses specified:

snmpd: 128.95.46.5 128.95.46.6 128.95.46.7


For a range of addresses, the basic syntax is as follows, where daemon is the name of the daemon, and IP/MASK specifies the network that is allowed access:

daemon: IP/MASK


For example, you might use the following line which sets the snmpd daemon to allow connections from the 128.95.46.0/255.255.255.0 address:

snmpd: 128.95.46.0/255.255.255.0


The example above allows the 256 possible hosts from the network address 128.95.46.0 to access the SNMP daemon. Additionally, you may use the keyword ALL to allow access for all hosts or all daemons.


/usr/contrib/isode/etc/snmpd.rc

The /usr/contrib/isode/etc/snmpd.rc file controls most of the SNMP agent. This file is used to set up and configure certain traps, passwords, and general SNMP variable names.  A few of the necessary variables are listed below:

  • System Contact Name
    The system contact is a MIB-II simple string variable defined by almost all SNMP boxes. It usually contains a user name, as well as an email address. This is set by the variable sysContact line.

  • Machine Location (string)
    The Machine Location is a MIB-II variable that almost all boxes support. It is a simple string that defines the location of the box. This is set by the variable sysLocation line.

  • Community String
    The community string clear text password is used for basic SNMP security.  This also maps to VACM groups, but for initial read/only access it is limited to only one group.

  • Trap Configuration
    Trap configuration is controlled by these entries in the /usr/contrib/isode/etc/snmpd.rc file. Each line defines the three parameters for a trap:
    trap <community> <trap sink> [trap port]

    The <community> parameter specifies the password, the <trap sink> parameter specifies the IP address to which the trap is sent, and the [trap port] specifies the port on which the trap is received; [trap port] is an optional parameter, and the default setting is 162.


  • Authentication Traps
    Authentication traps are triggered by a user trying to use a bad community name or by some other authentication failure.   The following entry allows or disallows authentication traps; the default setting is disabled:
    Variable snmpEnableAuthenTraps <enabled | disabled>

  • System IP Setting
    You must set the system IP using the sysip command; if this setting is not present, checktrap.pl will fail to send all 3dns specific traps. The following entry sets the system IP:
    Sysip <system ip address>


/etc/rc.local

The following entry in the /etc/rc.local sets the SNMP agent to automatically starts up when you boot the 3DNS Controller.

# 3DNS SNMP Agent
if [ -f /usr/contrib/isode/etc/snmpd.rc ]; then
/sbin/snmpd -c /usr/contrib/isode/etc/snmpd.rc
fi

If the /usr/contrib/isode/etc/snmpd.rc file is present on your system, the SNMP agent starts automatically.


Syslog

You must configure syslog to send syslog lines to checktrap.pl.  If the syslog lines match the specified configuration in the snmptrap.conf file, the SNMP agent generates a valid SNMP trap. The following line in the /etc/syslog.conf file requires the syslog utility to compare the logged information against the snmptrap.conf file to determine if a trap should be generated:

local2.* | exec /sbin/checktrap.pl.


Configuring the 3DNS SNMP agent

You can use the F5 Configuration utility to configure the following aspects of the 3DNS SNMP agent:

  • Client access
    You can define an address(es) and corresponding netmask(s) for a workstation from which SNMP requests are acceptable.

  • System information
    You can name a system contact, a machine location, and a community string.

  • Trap configuration
    You can enter a trap sink and a trap community.

Configuring SNMP settings

The F5 Configuration utility provides sample SNMP settings for your reference.  To use the 3DNS SNMP MIB, you need to replace these sample settings with settings appropriate to your environment and your specific SNMP management software.

  1. Click SNMP in the navigation pane.
    The 3DNS SNMP Configuration screen opens.

  2. In the 3DNS SNMP Configuration screen, check Enabled to allow access to the 3DNS SNMP agent.

  3. In the Allow Address box, type the IP address, or addresses, of the management system from which the agent can accept requests. This allows you to restrict access to management information to a specific computer or computers running a management system.

  4. In the Allow Netmask box, type the netmask for a range of IP addresses for machines from which the agent can accept requests.
    Note that if you typed a list of IP addresses in the Allow Address box, you should leave the Allow Netmask box blank.

  5. In the System Contact box, type the contact name and email address for the person who should be contacted if the 3DNS Controller generates a trap.

  6. In the Machine Location box, enter a machine location, such as First Floor, or Building 1,that describes the physical location of the 3DNS Controller.

  7. In the Community String box, type a community name. The community name is a clear text password used for basic SNMP security and for grouping machines that you manage.

  8. In the Trap Sink box, type the host that should be notified when a trap is sent by the 3DNS SNMP agent.

  9. In the Trap Community box, type the community name to which this 3DNS Controller belongs. Traps sent from this box are sent to the management system managing this community.

  10. Click Update.

Configuring options for the checktrap script

The checktrap.pl script reads a set of lines from standard input.  The script checks each line against a set of regular expressions. If a line matches the regular expression, an SNMP trap is sent.  The lines in the checktrap script provide the following information.


snmpd_conf_file= <snmp configuration file>

The checktrap.pl gets trap configuration information from the file specified by the <snmp configuration file> parameter.  The default setting is /usr/contrib/isode/etc/snmpd.rc.


trapd_conf_file=<snmp trap configuration file>

This file contains the regular expression to SNMP trap OID mappings.  It also contains a description string that is added to the trap message. The default setting is /etc/snmptrap.conf.


trap_program=<snmp trap program>

This program sends the trap. This program should be the snmptrap program included with the 3DNS Controller.  The default setting is /sbin/snmptrap.


no_date_strip

This line turns off automatic date stripping.  Normally, each input line is expected to begin with a date.  Typically, this date is stripped off before the trap is sent, but when you include this line in the script, the date information in the trap is maintained.  The default setting is to strip the date from the trap.

usage

Prints a usage string.


Known issues

  • Before configuring your 3DNS Controller, decide whether you want to configure it by modifying the wideip.conf file or by using the F5 Configuration utility.  To prevent problems, you should use only one of these methods, not both.
  • SNMP host probing is available for big3d agents that run on BIG/ip Controller version 2.11 or higher.
  • The F5 Configuration utility does not support wide IP configurations that use multiple pools for load balancing.   If your wideip.conf file includes multiple pools, you should modify the configuration from the command line only. 
  • SNMP should send a cold start trap, though this functionality is not completely reliable at this time.
  • The Back button may not function properly when you are defining a wide IP.
  • On the Add Virtual Server to Topology screen, do not put .0 at the end of the IP address when filling in the Virtual Server/Mask or LDNS/Mask boxes. For example, to specify 10.20.30.0/24, use 10.20.30.1/24.
  • If you want to delete a wide IP that contains production rules, delete the wide IP's production rules before deleting the wide IP.
  • If you restart named, your path will not load; named will have to build up its path cache from scratch.
  • If you are manually upgrading from a beta version, type the following command before you perform the upgrade install:

    touch -amt 197001010000.00 /var/f5/namesurfer/db/*


    This resets the time for the namesurfer db file back to 1/1/1970 so that all the NameSurfer files have the same time stamp.
  • If you are manually upgrading from a beta version, and your 3DNS Controller contains the list of master zone files which have now been imported into NameSurfer, then type the following command after you have performed the upgrade install:

    touch /var/f5/namesufer/db/*


    This will ensure that these files have the highest time stamps and, hence, will be synchronized across all machines.
  • When upgrading from version 1.0.6, if you have more than one 3DNS Controller to upgrade, and you want the 3DNS Controllers to sync with one another, you must do the following:


    1. Complete the upgrade on the first 3DNS Controller.
    2. Manually copy the wideip.conf file from the first 3DNS Controller to the other 3DNS Controller(s).

  • When dealing with Topology, you cannot modify the Score setting in the Modify Virtual Server to Topology screen.  Thus, to modify an existing score, you must delete the Topology, and add the Topology settings again—this time with the modified score.
  • To take advantage of the Hops load balancing mode, you must set the number of Hops factories on your BIG/ip Controllers and 3DNS Controllers to 1 or more.
  • If you must reset the clock on a 3DNS Controller to a previous date or time, note that the wideip.conf file on that 3DNS Controller can conceivably have a timestamp that is (according to the 3DNS Controller) set in the future.  And since the syncing process always syncs the file with the most recent (future) date, you run the risk of losing your changes if you modify the wideip.conf file before the time on the 3DNS Controller passes the timestamp on the file.

    Call F5 technical support if you want to reset the clock on your 3DNS Controller.
  • The support password has been turned off, by default, so if you want to give F5 technical support access to your 3DNS Controller, you must turn on the support password function.
  • When you add or delete a wide IP, NameSurfer's zone files may not update correctly.  To ensure that NameSurfer and the 3DNS Controller configurations remain synchronized, follow these guidelines:

    • Always select one of the virtual server IPs when configuring your wide IP address.
      If the proper reverse zone for the virtual server IP addresses does not exist (for example, an XX.YY.ZZ.in-addr.arpa zone), the F5 Configuration utility will silently fail to add all the proper reverse pointer addresses for the virtual IPs.
    • Set up your reverse lookup zones within the usual Class A, Class B, and Class C netmasks, using the following formats (where XX, YY, and ZZ are the IP address octets which represent the network number of the IP—for example, in the Class A address 10.0.0.1, the corresponding zone would be 10.in-addr.arpa):

      • Class A reverse zone files:  'XX.in-addr.arpa'
      • Class B reverse zone files:  'XX.YY.in-addr.arpa'
      • Class C reverse zone files:  'XX.YY.ZZ.in-addr.arpa'

      If you set up your reverse lookup zones outside these netmasks, the reverse zones will not update properly when you delete the wide IP.  A dialog box will pop up, indicating a problem with NameSurfer, and ask if you wish to switch to the NameSurfer UI to clean up the problem.
  • We have corrected our response to resource records that are not understood by the 3DNS Controller.
  • When removing a 3DNS Controller from a synchronization group, we recommend that you use the edit_wideip command line option, and from the sync_group statement, remove the line containing the 3DNS Controller.  Removing the 3DNS Controller in this manner causes a restart on the 3DNS Controller you are running, the 3DNS Controller you are removing, and on each remaining 3DNS Controller in the sync group.  Only one 3DNS Controller is restarted at a time, so one or more 3DNS Controllers should always be up during the restarts.
  • When importing BIND zone files into NameSurfer, the config_namesurfer script (which runs automatically when you initially install the product or upgrade to version 2.0) does not import zone files that contain errors.  As a guide to correct those zone files, use the /var/3dns/etc/bind2namesurfer.log file, which contains the results of the config_namesurfer script.   After correcting the zone files, re-run the config_namesurfer script to import the remaining zones.
  • When using the Configuration utility, you should declare only one production rule per wideip pool.  If you declare more, only the last production rule declared will take effect.  This will be addressed in a future release.