Installing the upgrade

The following instructions explain how to install the 3-DNS Controller version 2.1 onto existing systems.  Note that the sum file available on the FTP site provides the checksum numbers for the upgrade files.

1. Click here and follow the instructions for using the F5 Networks FTP site.
2. Download the appropriate file (3dns21domkit.f5.tar for domestic users or 3dns21intkit.f5.tar for international users) to the /var/tmp/ directory on the target 3-DNS Controller.

3. Verify the integrity of the file using the sum command:
   sum <file name>

4. Extract the kit file in the /var/tmp/ directory:
   cd /var/tmp/
   tar -xvf 3dns21domkit.f5.tar (for domestic users, or 3dns21intkit.f5.tar for international users)

5. Verify the integrity of each extracted file by typing the command:
   ./checksum

6. Run the upgrade install script in the /var/tmp/ directory:
   ./upgrade_install

   If you are upgrading from version 2.0 or 2.0.1, after the upgrade install script completes, the 3-DNS Controller prompts you to enter configuration information for the 3-DNS web server, for NameSurfer™—the third-party DNS zone file management application, and for NTP (Network Time Protocol).

7. (This step applies only if you are upgrading from 3-DNS Controller, version 1.0.6.)  Enter the web server configuration information.  The 3-DNS Controller prompts you to enter the host name on the external interface, and on US 3-DNS Controllers, it prompts you to enter information used for the web server certificate. 

8. (This step applies only if you are upgrading from 3-DNS Controller, version 1.0.6.)  Enter the NameSurfer configuration information.  The 3-DNS Controller prompts you to choose whether you want the NameSurfer application to control DNS zone file management.  You need to let NameSurfer control the zone file management only for the 3-DNS Controller that is authoritative for the zone.  All other 3-DNS Controllers copy the zone files from the principal 3-DNS Controller. 

9. The upgrade install script checks whether you have already configured NTP support.  If you have not, a screen appears, giving you the option to configure NTP support, disable NTP support, or leave NTP support unchanged.
   
   If you do not wish to sync to a public time server, select Do Not Change NTP Settings, and exit the NTP configuration screen.
   
   If you wish to configure NTP support, select Configure NTP Support, and the screen presents a list of available public clock servers, based on your time zone setting.  Either use the spacebar to select one or more of the servers, or type the host name or IP address of one or more servers next to the Clock Servers command, which appears after the list of time servers.
   
   

   Note:   If you already have NTP configured, you can change the configuration by running config_ntpclocks from the command line.

10. Restart the 3-DNS Controller.
    reboot
    

Note:  Once you install the 3-DNS Controller software, you need to install new versions of the big3d utility on all BIG-IP Controllers managed by the 3-DNS Controller.

Once you install the software update, refer to the Configuring and using the new software section below, which contains important information about required configuration changes and new configuration options.

---

What's new in this version

New features and enhancements

• Dynamic persistence
  The 3-DNS Controller now provides dynamic persistence, enabling you to maintain a connection between an LDNS server and a particular virtual server in a wide IP, rather than load-balancing the connection to any available virtual server.  For information on how to configure this option, view the Configuration utility online help for the Edit Wide IP screen.
  
  
• Advanced load balancing to the Cisco® LocalDirector™
  The 3-DNS Controller can now acquire metrics from the Cisco LocalDirector and load balance to a LocalDirector using both basic and advanced load balancing modes.  For information on how to configure this option, view the Configuration utility online help for the Host SNMP Configuration screen.
  
  
• New load balancing mode
  The 3-DNS Controller has a new, advanced load balancing mode called VS Capacity.  This dynamic load balancing mode selects the virtual server which has the most nodes up.  This is a stand alone mode as well as part of the Quality of Service (QOS) mode.
  
  
• iQuery enhancements
  The TCP protocol has been added, so you can now choose UDP or TCP as an iQuery transport option when defining BIG-IP and 3-DNS Controllers.
  
  Also, the iQuery protocol is now backward compatible with the 3-DNS Controller, version 2.0.x
  
  
• BIND Upgrade
  The 3-DNS Controller, version 2.1 incorporates BIND version 8.2.2 p5.
  
  
• Configurable probe protocols
  You can now specify precisely which protocols to use when probing LDNS servers and hosts, and in what order to use the protocols.  In addition, we have added two new protocols to the list, DNS_VER and DNS_DOT.  For information on how to configure this option, view the Configuration utility online help for the System - Metric Collection screen or the Modify Host screen.
  
  
• Enable/disable option to change status of objects
  You can now use the Configuration utility to change the status of objects, and either disable or enable the objects.  The objects you can change the status of include wide IPs, wide IP pools, sync groups, data centers, 3-DNS Controllers, BIG-IP Controllers, host servers, and virtual servers.  There is a hierarchy among these objects.  If one object is disabled, all objects that the object owns are implicitly disabled.  For example, by disabling a data center, you implicitly disable all of its servers and virtual servers.  To enable these servers and virtual servers, you must first enable the data center.  The following table indicates what it means when each of these objects is disabled:
  
  

  Disabled object	What it means
  Wide IP	Resolution requests return to DNS.  All pools in the wide IP are disabled.
  Wide IP Pool	The pool is not chosen for load balancing.  The status of the virtual servers in the pool is not affected.
  Sync Group	There is no synchronizing among the 3-DNS Controllers in the group.  The status of the 3-DNS Controllers in the sync group is not affected.
  Data Center	All of the servers in the data center are disabled.
  3-DNS Controller	No iQuery is available for path-based or SNMP-based metrics collection.
  BIG-IP Controller	All virtual servers are unavailable for load balancing.  No iQuery is available for path-based or SNMP-based metrics collection.
  Host Server	All virtual servers are unavailable for load balancing.  The host is not probed with SNMP factories.
  Virtual Server	The virtual server is unavailable for load balancing.

  
  
  You can also view the status of the various objects in each object's statistics screen.  For information on how to configure this option, view the online help for any of the objects listed in the table.
  
  

  Note:   The enable/disable feature does not change the status of the actual object itself.  For example, if you disable a BIG-IP Controller from the 3-DNS Controller Configuration utility, though the 3-DNS Controller shows the BIG-IP Controller as disabled, the status on the actual BIG-IP Controller still shows enabled.

• Scripts to back up and restore 3-DNS Controller configurations
  The 3dns_backup script creates a backup file that, once restored, configures a 3-DNS Controller with the same configuration as the 3-DNS Controller that created the backup.  You can copy the backup file to another computer system or to a diskette.
  
  The 3dns_restore script restores a backup file that was created using the 3dns_backup script, and configures a 3-DNS Controller with the same configuration as the 3-DNS Controller that originally created the backup.  For information on these scripts, see New backup and restore scripts.
  
  
• Multiple pool support using the Configuration utility
  You can now configure multiple pools for specific wide IPs using the Configuration utility.  These pools may now contain both host server and BIG-IP Controller virtual servers.  For information on how to configure multiple pools, view the online help associated with the screens in the Wide IPs navigation pane.
  
  
• 3-DNS Controller subnetting
  When you use NameSurfer, subnetting management is now integrated into the Configuration utility.
  
  
  • When you create a wide IP, the NameSurfer zone files allow forward and reverse references to the virtual servers and the wide IP itself.
    
    
  • When you delete a virtual server or wide IP using the Configuration utility, the 3-DNS Controller now deletes the appropriate forward and reverse records from the NameSurfer zones.
    
    
  • When you add virtual servers to the wide IP, the 3-DNS Controller now creates the appropriate forward and reverse records in the NameSurfer zones.
    
    
  • When you add or change a wide IP alias, the 3-DNS Controller now makes the appropriate changes to the NameSurfer zones.
    
    
• New probing exclusion lists
  Using the command line interface, you can now create a probing exclusion list that contains a group of LDNS IP addresses whose paths the 3-DNS Controller will not probe.  There are three different types of probing exclusion lists:
  
  
  • probe_acl - The 3-DNS Controller restricts any big3d agent from probing this group of LDNS servers.  For example, in the wideip.conf file you would type:
      probe_acl {
         10.20.30.0/24
         192.168.0.0/16
         209.221.0.0/16
      }
    
    
  • hops_acl - The 3-DNS Controller restricts any big3d agent from tracerouting this group of LDNS servers.  For example, in the wideip.conf file you would type:
      hops_acl {
         10.20.30.0/24
         192.168.0.0/16
         209.221.0.0/16
      }
    
    
  • discovery_acl - The 3-DNS Controller restricts any big3d agents from performing port discovery on this group of LDNS servers.  For example, in the wideip.conf file you would type:
    
      discovery_acl {
         10.20.30.0/24
         192.168.0.0/16
         209.221.0.0/16
      }
  
  
  
• Rollup and rollback scripts
  When upgrading the product, the upgrade_install script rolls up the old installation.  This enables you, if necessary, to uninstall the newest installation and restore the old one.  For information, see New rollback script.
  
  
• NTP support
  When installing the product, you now have the option to synchronize to a public time server.  For additional information, see step number 9 in the installation instructions.
  
  
• New variable to check principal/receiver status
  The 3-DNS Controller includes a new timer_sync_state variable which enables you to specify the interval (in seconds) at which the 3-DNS Controller checks to see if it should change states (from principal to receiver or from receiver to principal).
  
  The first enabled 3-DNS Controller listed in a sync list is the principal, and the others are receivers.  The controller changes states under the following circumstances:
  
  
  • If the principal is disabled, the next enabled controller listed in the sync list becomes the principal.
  
  
  
  • When the original principal becomes enabled, it returns to a principal state, and the temporary principal returns to a receiver state.
  
  For information on how to configure this feature, view the online help for the System - Timers & Task Intervals screen.
  
  
• New settings for reap parameters
  The new default settings for the reap parameters in the System - Reaping screen will now work for all configurations of 3-DNS Controllers, including controllers with 64MB, 128MB, 256MB, 512MB, or more.  These new default settings will overwrite current reap settings to take advantage of the enhanced memory management.  If you must change these settings, contact your local technical support representative for assistance.
  
  
• Improved log messages
  The 3-DNS Controller now supplies more detailed log messages.
  
  
• Single Interface Management
  You can now manage F5 products from a single screen.  For example, the BIG-IP Controllers screen shows all BIG-IP Controllers managed by the 3-DNS Controller.  If you click a BIG-IP Controller from the Launch column, the Configuration utility for the corresponding BIG-IP Controller opens.

---

Configuring and using the new software

Required configuration changes

The configuration changes described below are required, but you need make these changes only to each 3-DNS Controller that runs as the principal.  The sync group feature allows the 3-DNS Controllers that run as receivers to synchronize their configurations to the principal 3-DNS Controller in their sync group.  Note that the upgrade install automatically makes required syntax changes to the wideip.conf file.

Change in default settings for certain global parameters

The default values for the parameters in the following table have changed.  Please note these changes, and if necessary, modify your configuration accordingly.

Parameter	New default
paths_noclobber	yes (With this default, the 3-DNS Controller does not overwrite existing path data with blank data when a path probe fails.)
path_ttl	2400 (With this default, the 3-DNS Controller uses path information for name resolution and load balancing for 2400 seconds, instead of the previously-set default of 600 seconds.)
use_alternate_iq_port	yes (With this default, the 3-DNS Controller runs iQuery traffic on port 4353, the IANA registered iQuery port, instead of the previously-set default port of 245.)
multiplex_iq	yes (With this default, the 3-DNS Controller forces the iQuery traffic that returns from the big3d agent to use a single port defined by the use_alternate_iq_port parameter.)

New configuration options

Additions to the globals statement

A series of new variables have been added to the globals statement.

Parameter	Description
rtt_allow_probe	Determines whether to allow any probing requests.  You can turn off all probing with this parameter.
rtt_allow_hops	Determines whether to allow hops probing requests when probing paths.  You can turn off all Hops probing with this parameter.
rtt_allow_frag	Determines whether each probe packet can be broken into smaller packets when probing paths.
aol_aware	This parameter works in conjunction with the static_persist load balancing mode.  It determines whether the LDNS is in the AOL family of subnets, and if it is, the preferred load balancing mode switches from static_persist to global_availability.

New rollback script

Restoring your previous installation

After running the upgrade_install script, you should have a file in your /var/save/ directory named rollback.tgz.

If you decide to uninstall the upgrade, you can restore your previous installation by typing the command:

./rollback

New backup and restore scripts

Backing up a 3-DNS Controller configuration

The new 3dns_backup script creates a backup file that, once restored, configures a 3-DNS Controller with the same configuration as the 3-DNS Controller that created the backup.  You can copy the backup file to another computer system or to a diskette.  You can create this backup file by typing the command:

3dns_backup [non-default file with list of 3-DNS Controller configuration files]

By default, the list of files and directories to back up are in the file /var/3dns/etc/conf_files, which is part of the standard 3-DNS Controller file system.  To back up a different list of files, you can enter the path to those files as an argument on the command line.

The backup file will be stored, by default, at the path /var/tmp/3dns-conf-backup.tar.gz.  (The file is a gzip compressed tar archive.)  If you want a different path for the backup file, you can enter the path when the 3dns_backup script prompts you for the path.

If a directory is included in the list of files to back up, all of the files and directories beneath the directory will be backed up, with the exception of the files containing the following extensions: .bak, .bk, ~, .no_sync, .core, and .gz.

Use the script 3dns_restore to restore the backed-up configuration; see the following section for details.

Restoring a 3-DNS Controller configuration

The 3dns_restore script restores a backup file that was created using the 3dns_backup script; this configures a 3-DNS Controller with the same configuration as the 3-DNS Controller that originally created the backup.  You can restore this backup file by typing the command:

3dns_restore [non-default backup file path]

By default, the script uses the backup file /var/tmp/3dns-conf-backup.tar.gz.  (The file is a gzip compressed tar archive.)

When restoring the backup, the script offers you a choice of restoring the original timestamps on the backup files or putting the current date and time on them.  If the 3-DNS Controller is a member of a sync group, this is a very important choice:

• When you restore the backup files with their original time stamps, the synchronized files (wideip.conf and production rules files) from the backup synchronize with the most recent version of the synchronized files in the sync group.  (We recommend that you choose this option in most cases.)

• When you restore the backup files with new timestamps, the synchronized files in the sync group sync with the backup files, since the backup files have the most recent timestamp.  Thus, any changes that have been made to the sync group files since the time of the backup will be lost.

  Note:  These changes are not really lost; syncd backs up each version of the files it synchronizes in /var/3dns/staging/backup.

---

Known issues

Configuration methods

• Before configuring your 3-DNS Controller, decide whether you want to configure it by modifying the wideip.conf file via the command line interface, or by using the browser-based Configuration utility.  To prevent problems, use only one of these methods, not both.

Date/Time Reset

• If you reset the date or timestamp to a date in the past, any other 3-DNS Controller in the same group may overwrite your configuration files.
  
  Call F5 technical support if you want to reset the clock on your 3-DNS Controller.

Enable/Disable

• When children objects are disabled, the parent objects continue to show as enabled.

Load Balancing

• To take advantage of the Hops load balancing mode, you must set the number of Hops factories on your BIG-IP Controllers and 3-DNS Controllers to 1 or more.

NameSurfer

• When importing BIND zone files into NameSurfer, the config_namesurfer script (which runs automatically when you initially install the product or upgrade to version 2.0) does not import zone files that contain errors.  As a guide to correct those zone files, use the /var/3dns/etc/bind2namesurfer.log file, which contains the results of the config_namesurfer script.  After correcting the zone files, re-run the config_namesurfer script to import the remaining zones.
• If you change the ttl (time to live) of a host that is not in your wideip.conf file, the serial number for the zone does not get updated. (5787)

Probing

• SNMP host probing is unavailable for big3d agents that run on BIG-IP Controllers prior to version 2.1.1.

Sync

• You will receive errors if you give a BIG-IP Controller and a 3-DNS Controller the same name. (8580)
• If you wish to automate the synchronization of your configurations, all 3-DNS Controllers in the synchronization group must be upgraded to version 2.1.  Synchronization groups should only be defined after the upgrade has occurred. (8273)
• When using redundancy, you must ensure that each 3-DNS Controller is a member of the same sync group. (6929)
• If you are using the sync feature, do not create the sync group until all the 3-DNS Controllers have been upgraded.

Topology

• When dealing with Topology, you cannot modify the Score setting in the Modify Virtual Server to Topology screen.  To modify an existing score, you must delete the original Topology list record, and add the Topology list record again—this time with the modified score. (5238, 7342)

---

---