Applies To:
Show Versions
3-DNS Controller versions 1.x - 4.x
- 3.0.0
Summary:
Contents:
Installing the upgrade
The following instructions explain how to install the 3-DNS Controller, version 3.0 onto existing crypto or non-crypto systems that are running version 2.1.2 and later.
Important: If you are running 3-DNS
Controller, version 2.1 or earlier, you must first upgrade to version
2.1.2. You can then upgrade to version 3.0.
If you want to upgrade
from 3-DNS Controller, version 2.X non-crypto to version 3.0 crypto, you must
first upgrade to version 2.1.2 crypto, and then upgrade to version 3.0
crypto.
- On the 3-DNS Controller, change to the /var/tmp/
directory:
cd /var/tmp/ - Connect to the F5 Networks FTP site at ftp.f5.com.
To find out how to download software from the F5 FTP site, see SOL167: Downloading software from F5 Networks
- Download the upgrade file to the /var/tmp/ directory on the target
3-DNS Controller:
- For crypto 3-DNS Controllers, download the 3dns3.0upgrade.tgz file.
- For non-crypto 3-DNS Controllers, download the 3dns3.0upgrade-nocrypto.tgz file.
- Download the sum file to the /var/tmp/ directory on the
target 3-DNS Controller.
- Verify the integrity of the upgrade file by typing the sum command
where <file name> is the name of the upgrade file:
sum <file name>If the checksum numbers match, the upgrade file is valid. If they do not match, open a new FTP connection, and try to download the upgrade file again.
- Extract the kit file in the /var/tmp/ directory as follows:
- For crypto 3-DNS Controllers, type the following command:
tar -xvzf 3dns3.0upgrade.tgz
- For non-crypto 3-DNS Controllers, type the following command:
tar -xvzf 3dns3.0upgrade-nocrypto.tgz
- For crypto 3-DNS Controllers, type the following command:
- Verify the integrity of the extracted files by typing the following
command:
./checksum - Run the upgrade_install script in the /var/tmp/
directory:
./upgrade_installThe upgrade_install script performs a backup of your critical system files and executables. When the script is done, it automatically reboots your system.
- Once you install the 3-DNS Controller software, you need to install the
new version of the big3d agent on all BIG-IP Controllers and EDGE-FX
Caches managed by the 3-DNS Controller, as follows:
- Log in to the 3-DNS Controller.
- Type 3dnsmaint to open the 3-DNS Maintenance menu.
- Select Install and Start big3d, and press Enter.
The 3-DNS Controller detects all BIG-IP Controllers and EDGE-FX Caches in the network and updates their big3d agents. - Press the Enter key to return to the 3-DNS Maintenance menu.
- Press the Q key to quit.
Once you install the software update, refer to the Configuring and using the new software section, which contains important information about required configuration changes and new configuration options.
New features and enhancements
3-DNS Console
If you are running a browser on a Windows-based PC,
you can configure your 3-DNS Controller using command line entries, in the
Configuration utility, by clicking the 3-DNS Console item in the
navigation pane; this opens an SSH (version 1) console.
big3d agent
The big3d agent now runs as a single
process.
CDN
You can now configure a wide IP pool to work as part of your
content delivery network (CDN). After you configure a CDN pool, you can
specify the CDN provider with which you are working. The 3-DNS Controller
then delegates requests to the CDN provider, based on the terms of the service
level agreement you have set up with the CDN provider. For information on
configuring CDN pools using the Configuration utility, view the online help for
the Select CDN Pool screen. For information on configuring a CDN, see
Chapter 4, Configuring a Content Delivery Network, in the 3-DNS
Controller Administrator Guide.
Extended content verification (ECV)
With ECV monitoring, you can
monitor not only the availability of a port or service on a server or virtual
server, but also the availability of a specific file on a particular server or
virtual server. If the server or virtual server responds appropriately to
the query, the server or virtual server is marked as up; if the server or
virtual server does not respond as expected, the server or virtual server is
marked as down. You can use ECV to test the HTTP, HTTPS, or FTP
protocols. For information on how to configure this option using the
Configuration utility, view the online help for the Modify Wide IP screen.
EDGE-FX Cache
The 3-DNS Controller now supports the F5 Networks
EDGE-FX Cache as a standalone server type. For information on how to
configure an EDGE-FX Cache server type in the Configuration utility, view the
online help for the Add EDGE-FX Cache screen. For general information on
configuring the EDGE-FX Cache server type, see the 3-DNS Controller
Reference Guide.
FreeBSD
The 3-DNS Controller now runs on the FreeBSD platform.
Geographic load balancing
For crypto 3-DNS Controllers, the IP
geolocation classifier has been updated, and now accurately and reliably
supports IP address resolution at the country level, in addition to the
continent level.
Host load balancing
The 3-DNS Controller can now load balance hosts
that are not managed by a BIG-IP Controller (or similar local traffic director)
when you choose the Packet Rate or Kilobytes/Second load balancing modes.
Limits for current connections
You can now set limits for current
connections for BIG-IP Controllers, EDGE-FX Caches, hosts, and their respective
virtual servers and pools. For information on setting metric limits, see
the online help for the Modify Limit Settings screens in the Configuration
utility.
Metrics collection
The 3-DNS Controller now captures metrics for
several new host devices. For the BIG-IP Controller and the EDGE-FX Cache,
the 3-DNS Controller uses iQuery to capture the metrics indicated in the
following table. For the other hosts listed in the table, the 3-DNS
Controller uses SNMP to capture the metrics. For more information on
iQuery, see Chapter 3, big3d Agent, in the 3-DNS Controller
Reference Guide. For more information on SNMP metrics, see Chapter
10, SNMP, in the 3-DNS Controller Reference Guide.
Note: New host devices are highlighted in yellow.
| Server/OS | Kilobytes/ Second |
Packets/ Second |
CPU | Memory | Disk | Current Connections |
| BIG-IP Controller | X | X | X | |||
| EDGE-FX Cache | X | X | X | X | ||
| Windows 2000 Server | X | X | X | X | X | |
| Windows NT 4.0 | X | X | X | X | X | |
| BSD, UC Davis | X | X | X | X | X | X |
| Linux, UC Davis | X | X | X | X | X | |
| Sun Solaris | X | X | X | X | ||
| Cisco LocalDirector1 | X | X | X | |||
| Alteon Ace Director | X | X | ||||
| Foundry ServerIron | X | X | X | |||
| Cisco CSS series2 | X | X | X | |||
| CacheFlow | X | X | X | X |
1 The Cisco LocalDirector metric shows new connections per
second rather than current connections.
2 Formerly
ArrowPoint Communications.
Network Map
The Network Map displays physical and logical networks
together on one screen using an illustrative tree. By viewing the Network
Map, you can see the relationships between the different components of your
networks, such as how wide IPs are related to data centers, and how virtual
server pools are related to servers. For more information on the Network
Map, in the Configuration utility view the online help for the Network Map
screen, or see Network Map in the 3-DNS Controller Reference
Guide.
Open SSH
The 3-DNS Controller now runs OpenSSH 2.3.0, which is
compliant with SSH1 and SSH2.
Pool limits
You can now define or modify system resource thresholds
or limits at the wide IP pool level. When a pool exceeds any resource
threshold, the 3-DNS Controller marks the entire pool as unavailable and directs
load-balancing traffic to another pool in the wide IP. For information on
how to configure this option using the Configuration utility, view the online
help for the Modify Limit Settings screen.
Scripts
We have added a new script, called 3dns_add, to the
3-DNS Maintenance menu. This script facilitates the process of adding a
new 3-DNS Controller to an existing network and sync group. For
information on how to use the 3dns_add script, see Chapter 5, Adding
3-DNS Controllers to the Network, in the 3-DNS Controller
Administrator Guide.
Virtual server dependencies
With the virtual server dependencies
feature, you create a list of virtual servers that must all be available for
load balancing so that the virtual server you are configuring is also available
for load balancing. For more information on virtual server dependencies,
view the online help for the Virtual Server Dependencies List screen, in the
Configuration utility.
Wide IPs
When you create a new wide IP, you must enter a
fully-qualified domain name (for example, www.f5.com) in the Wide IP
Name box. If you do not enter a fully-qualified domain name, the 3-DNS
Controller displays a message reminding you to do so.
Configuring and using the new software
Required configuration changes
There are no required configuration changes in this release.
Fixes
The following issues are resolved in the current release.
| Type | Description | Number |
| Refreshing statistics | Clicking the Refresh button in the Statistics screen no longer prompts a web server login error message. | CR11597 |
| Launching online help | Clicking the Help button on the tool bar while using Microsoft Internet Explorer 5.5 no longer prompts a warning dialog box to display. | CR12522 |
| Removing host servers from data centers | Removing host servers from data center configurations no longer causes inaccurate displays in the Configuration utility. | CR12624 |
| Adding multiple wide IP aliases | Adding more than three wide IP aliases no longer causes intermittent, irregular system behavior. | CR12116 |
| Metrics values | If you restart the named agent or the big3d agent, the 3-DNS Controller now generates an accurate value for the first calculation of the packets per second or kilobytes per second metrics. | CR10127 |
| Using static load balancing |
When you use a static load balancing method in a pool that has a host virtual server with Unknown status (denoted by a blue ball in the Virtual Server Metrics screen in the Configuration utility), the 3-DNS Controller no longer returns the IP address of that host as the resolution to a DNS request. |
Known issues
The following items are known issues in the current release.
| Type | Description | Number |
| Running the upgrade_install script |
If you have changed the host name or domain name of the 3-DNS Controller without using the config utility, the upgrade_install script stops with the following messsage: "Your hostname in /etc/netstart does not match the hostname stored in the configuration database. Please run the 'config' utility to update your configuration before upgrading the system." You must update the configuration of the 3-DNS Controller, by running the config utility, before you can perform the upgrade. To run the config utility, type config at the command line, and follow the prompts. |
CR12761 |
 Administrative IP addresses in the hosts.allow file and SSH |
The config_sshd script writes any administrative IP addresses to the hosts.allow file in the CIDR format, which the hosts.allow file does not properly interpret. For example, if you type 192.168.100.* for the administrative IP address, the hosts.allow file logs the IP address as 192.168.100.0/24, and SSH communications to the 3-DNS Controller do not work. You can edit the tweak_sshd script so that the hosts.allow file properly interprets the administrative IP addresses for SSH communications. Refer to the Editing the tweak_sshd script section (following the Known Issues table) for instructions on modifying the tweak_sshd script. | CR15551 |
The NTP utility syntax is incorrect |
The syntax for the network time protocol (NTP) utility is incorrect in the rc.conf file. You can correct the syntax using the following workaround. Note that you can make this change only from the command line. To correct the NTP utility syntax
|
CR15548 |
System error log file rotation |
The System error log file rotation does not function properly. You can correct the log file rotation using the following work around. To initiate log file rotation for the System error log
|
CR15573 |
Using Global Availability load balancing within a pool |
When you create a pool for a new or for an existing wide IP, and you use the Global Availability load balancing method, you may experience problems under the following circumstances:
|
CR13112 |
| Synchronizing controllers |
The 3-DNS Controller, version 3.0 does not synchronize with 3-DNS Controllers that are running versions prior to 3.0, if your 3.0 configuration includes any of the following new features: an EDGE-FX Cache server type, ECV functionality, CDN functionality, or pool limits functionality. To synchronize a version 3.0 controller with a version 2.1.2 controller,
create a symlink from the /usr/contrib/bin/rsync file to the /usr/local/bin/rsync
file on all 2.1.2 versions of the controller, as follows: |
CR11186 |
| Using encrypted communications |
(This applies only to crypto 3-DNS Controllers.) When you rebuild a 3-DNS Controller (or BIG-IP Controller) using a CD, the RSA key for sshd changes. This breaks the trust relationship between the updated controller and any devices with which it interacts. As a result, synchronization between the controllers in the sync group stops, and you cannot update the big3d agent. You can correct this situation by removing the newer RSA key and synchronizing the updated controller with other F5 devices.
|
|
|
Running Netscape Navigator 6.0 |
The Configuration utility does not currently support Netscape 6.0. |
CR12116 |
| Running Netscape Navigator on UNIX systems |
If you are running Netscape on a UNIX (LINUX, *BSD, Solaris) system, the 3-DNS Console item is not available in the navigation pane of the Configuration utility. Instead you can access the 3-DNS Controller command line utility using an SSH connection. |
CR12132 |
| Displaying the Network Map |
The Network Map does not display large configurations properly when you run Netscape on a UNIX or LINUX platform. We recommend that you use a Windows-based browser to view large network configurations with the Network Map. |
CR11161 |
| Creating wide IP production rules |
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box. When you create a wide IP production rule using the Configuration utility, in the Select Local DNS screen, you must type the IP address and subnet mask in the appropriate boxes. You cannot use the CIDR format (for example, 192.168.10.10/24) in these boxes. |
CR11710
CR11202 |
| Connecting to an EDGE-FX Cache using RSH |
When using an RSH session to connect to an EDGE-FX Cache that does not have SSH available (a non-crypto EDGE-FX Cache), you may get a connection refused error message.
|
CR11035 |
| Viewing prober statistics |
Sometimes NAN (not a number) appears in the Probers Statistics screen. This error is harmless and does not affect the operation of the 3-DNS Controller. When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later. We recommend using the following procedure view the Histograms or Metrics:
|
CR10153 |
| Using the Configuration utility |
Parts of the Configuration utility for the 3-DNS Controller use Java applets and require the presence of the Java Virtual Machine (JVM) on your local machine. However, some default installations of Internet Explorer do not contain the JVM. If your version of Internet Explorer does not contain a JVM, you can obtain a JVM by going to the Tools menu, selecting the Windows Update link, selecting Product Update, and looking in the Additional Windows Features section. Alternately, you can go to the Internet Explorer section of Microsoft's web site. |
CR10381 |
| Creating wide IP names and aliases |
When you add or modify a wide IP definition, either by using the Configuration utility or by editing the wideip.conf file, you cannot use the same fully-qualified domain name (FQDN) more than once. If you try to use the same FQDN as a wide IP name in one definition, and as an alias in another definition, the Configuration utility stops working. |
CR12314 |
| Updating metrics for the Solstice SNMP agent |
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds. As a result, in the 3-DNS Controller SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value. If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds. |
|
| Editing the snmpd.conf file |
If you have SNMP configured on your 3-DNS Controller, the 3dns.log file may fill up quickly. To correct this, you must edit the snmpd.conf file from the command line. To edit the snmpd.conf file
|
|
| Checking SNMP connectivity |
The F5 Networks snmptest utility has been removed from the 3-DNS Controller. You can use the UC-Davis snmptest utility instead. Please refer to the following web site, http://net-snmp.sourceforge.net/ for more information about the UC-Davis snmptest utility. |
|
| Setting screen resolution |
If the screen resolution on your monitor is set to less than 1024 x 768 pixels, you may not see the entire 3-DNS Controller toolbar in the Configuration utility. If your monitor allows it, we recommend that you set your screen resolution to 1024 x 768 pixels. |
CR10518 |
| Running the named daemon |
The granularity of the IP classifier in the Topology load balancing mode
has increased dramatically. As a result, when you enable the Topology
load balancing mode, you may notice the following:
|
CR10556 |
| Viewing the Network Map |
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape. This error only occurs if the additional browser sessions use Java applets. We recommend that you close any additional browser sessions before viewing the Network Map. |
CR11173 |
| Removing dependencies entries |
If you remove seven or more entries at one time from a Virtual Server Dependencies List and you are running Internet Explorer 5.0, you may get an error. To avoid this error, remove fewer entries at a time. |
CR11414 |
| Displaying status of a controller in a sync group |
When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens in the disabled controller's Configuration utility display an inaccurate status (a red ball) for all of the other 3-DNS Controllers in the same sync group. You can see the correct status of the controllers in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group. |
CR9452 |
| Collecting metrics for Cisco CSS series (formerly ArrowPoint) servers |
The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0. |
|
| Interpreting ArrowPoint CS150 server data |
The 3-DNS Controller collects packets per second and kilobytes per second metrics for only http traffic on the current ArrowPoint CS150 server. |
CR10361 |
| Rolling back to 3-DNS Controller, version 2.1.2 from version 3.0BETA1 |
If you installed 3-DNS Controller, version 3.0BETA1, and you then rolled back to 3-DNS Controller, version 2.1.2, be sure to delete all of the regular files (not the subdirectories) in the /var/tmp/ directory before downloading and installing 3-DNS Controller, version 3.0. |
|
| Opening multiple instances of the 3-DNS Console in Netscape |
If you have more than one 3-DNS Console session open, and you are running Netscape, you can close only one session. We recommend that you open only one instance of the 3-DNS Console. |
CR12121 |
| Probing local DNS servers |
We recommend that you use the ICMP, DNS_REV, or DNS_DOT probing methods, and that you do not use the Port Discovery probing method, to probe local DNS servers. |
|
| Accessing documentation for the wideip.conf file |
To obtain the most current syntax information for the wideip.conf file, see the Wideip.conf Syntax link on tech.f5.com; the current guides for the 3-DNS Controller do not include this information. |
Using the Global Availability load balancing mode within a pool
The following instructions describe how to configure the Global Availability load balancing mode within a pool. You need to use these instructions only if you meet the criteria listed in the Using the Global Availability load balancing mode within a pool item in the Known Issues section.
To configure Global Availability load balancing within a pool in a new wide IP
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens. - On the toolbar, click Add Wide IP.
The Add a New Wide IP screen opens. - Type the settings for the new wide IP, and click Next.
The Configure Load Balancing for New Pool screen opens. - Select a load balancing mode other than Global Availability in the following lists:
- Load Balancing Modes, Preferred
- Load Balancing Modes, Alternate
- Load Balancing Modes, Fallback
Note that you can accept the default settings, rather than changing the settings. - Click Next.
The Select Virtual Servers screen opens. - Once you have finished configuring the virtual servers for the pool, click Finish to save your changes.
- On the Wide IP List screen, select the wide IP you just created.
- On the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens. - Click the pool you just created.
The Modify Load Balancing for [pool name] screen opens. - Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred, or the Load Balancing Modes, Alternate, or the Load Balancing Modes, Fallback list, and click Update.
The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.
To configure Global Availability load balancing within a pool in an existing wide IP
- In the navigation pane, click Wide IPs.
The Wide IP List screen opens. - On the toolbar, click Add Pool.
The Configure Load Balancing for New Pool screen opens. - Select a load balancing mode other than Global Availability in the following lists:
- Load Balancing Modes, Preferred
- Load Balancing Modes, Alternate
- Load Balancing Modes, Fallback
Note that you can accept the default settings, rather than changing the settings. - Once you have finished configuring the pool, click Finish to save your changes.
The Wide IP List screen opens. - In the Pools column, select the pools for the wide IP you just modified.
The Modify Wide IP Pools screen opens. - In the Pool Name column, click the name of the pool you just created.
The Modify Load Balancing for [pool name] screen opens. - Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred list, or the Load Balancing Modes, Alternate list, or the Load Balancing Modes, Fallback list, and click Update.
The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.
Editing the tweak_sshd script
The following instructions describe how to edit the tweak_sshd script so that the 3-DNS Controller recognizes any specific administrative IP addresses in the hosts.allow file. Note that if you use the default setting for administrative IP addresses ( *.*.*.* ), SSH communications work properly and you do not need to edit the tweak_sshd script.
To edit the tweak_sshd script from the command line
- At the command line, change to the first_time directory, by typing:
cd /usr/sbin/first_time/ - Using the text editor of your choice (vi or pico), open the tweak_sshd script.
- Locate the sub add_host function in the tweak_sshd script.
- In the sub add_host function, change the following lines:
s/\*\.\*\.\*/0.0.0\/8/;
s/\*\.\*/0.0\/16/;
s/\*/0\/24/;
to
s/\*\.\*\.\*/0.0.0\/255.0.0.0/;
s/\*\.\*/0.0\/255.255.0.0/;
s/\*/0\/255.255.255.0/; - Save the changes and exit the script.
Note: If you want to reset the administrative IP addresses after you have modified the tweak_sshd script, you can do so by simply typing config_sshd at the command line, and following the prompts.
