Release Notes : 3-DNS Module for BIG-IP Controller, Release Note

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.0.0
Release Notes
Updated Date: 04/18/2019

Summary:

Contents:

New features and enhancements

BIG-IP Controller with the 3-DNS module

Some versions of the BIG-IP Controller are available with the 3-DNS module installed on them.  Combining both the local-area load balancing capabilities of the BIG-IP Controller with the wide area traffic management capabilities of the 3-DNS Controller on one controller allows for maximum rack space efficiency.  In the 3-DNS Controller configuration, you treat the BIG-IP Controller and the 3-DNS module as if they were separate devices.  For more information, see the Configuring the BIG-IP Controller with the 3-DNS module section of this release note.

ECV prober IP address

For BIG-IP Controller ECV probes, you can now specify the IP address of the prober you want to use when you have set up ECV service monitors.  For more information, see the online help for the Modify BIG-IP screen in the Configuration utility.

GLOBAL-SITE Controller

The 3-DNS Controller can now collect path and metrics data from the GLOBAL-SITETM Controller using iQuery and the big3d agent.  The GLOBAL-SITE Controller is a unique global data management appliance that manages and automates the task of publishing, distributing, and synchronizing file-based content and applications to multiple servers at local and geographically-distributed Internet sites.  Note that the GLOBAL-SITE Controller does not manage virtual servers.

For more information on configuring the GLOBAL-SITE Controller, please refer to the 3-DNS online help for the GLOBAL-SITE Controller server type.  You can also review the Defining GLOBAL-SITE Controllers section in Chapter 2, Essential Configuration Tasks, in the 3-DNS Administrator Guide.

New global variables

The 3-DNS Controller has two new global variables:  probe_from_distance and bleed_requests.

  • The probe_from_distance variable
    The probe_from_distance variable, when set to yes, specifies that ECV probes and server and virtual server availability checks should be initiated from a big3d agent that is on a remote device.  If no remote big3d agent is available, then the probes and availability checks are initiated by any available big3d agent.  You can configure the probe_from_distance variable in either the Configuration utility, or in the wideip.conf file.  To turn on the probe_from_distance variable in the Configuration utility, check the Probe From Distance box on the System - General screen.


  • The bleed_requests variable
    The bleed_requests variable, when set to yes, specifies that load-balanced persistent connections are allowed to remain connected, until the TTL expires, when you disable a pool.  When you set the bleed_requests variable to no, the connections are terminated immediately when the pool is disabled.  This variable affects the persist variable in the load balancing sub-statement.  You can only configure the bleed_requests variable in the wideip.conf file, by adding it to the globals statement.  For more information, see Chapter 13, wideip.conf Configuration, in the 3-DNS Controller Reference Guide.

Split from BIND

The 3-DNS Controller DNS engine no longer relies on BIND for DNS resolution.  The benefits are as follows:

  • You can upgrade the version of BIND independently of 3-DNS Controller upgrades.
  • You can use the 3-DNS Controller to load balance DNS queries to your wide IPs, and redirect other DNS requests to an alternate DNS server.
  • You can now add an unlimited number of wide IP aliases to your configuration.
  • You can use the following wildcard characters in wide IP names and aliases:
    • The asterisk character ( * ) can replace multiple characters in a wide IP name or alias.
    • The question mark character ( ? ) can replace a single character in a wide IP name or alias.
For more information about using wildcard characters, see the Using wildcard characters section of this release note.  See also the online help for either the Add a New Wide IP screen or the Modify a Wide IP Alias screen, in the Configuration utility.

User administration

The 3-DNS Controller now has a partial read/write user level.  When you assign the partial read/write level to a user, he or she can enable or disable data centers, servers, virtual servers, wide IPs, and pools, but cannot add or delete any part of the configuration.  For more information on configuring user administration in the Configuration utility, see the online help for the User Administration screen.  For more information on user administration Guide.


Configuring and using the new software

Required configuration changes

There are no required configuration changes in this release.

Configuring the BIG-IP Controller with the 3-DNS module

In the 3-DNS Controller configuration, you treat the BIG-IP Controller and the 3-DNS module as if they were separate devices.  You can add the two server types either by using the Configuration utility or by editing the wideip.conf file.  The following instructions describe how to add a BIG-IP Controller with the 3-DNS module with the name combo.domain.net and the IP address 192.168.100.100.

To add the BIG-IP Controller with the 3-DNS module using the Configuration utility

  1. In the navigation pane, click the Servers item, and then click BIG-IP Controllers.
    The BIG-IP Controllers screen opens.
  2. On the toolbar, click Add BIG-IP Controller.
    The Add BIG-IP Controller screen opens.
  3. In the BIG-IP Controller Name box, type combo.domain.net.
  4. In the BIG-IP IP Address box, type 192.168.100.100.
  5. Add the rest of the settings as needed.

When you have finished configuring the BIG-IP Controller, you can add the 3-DNS module to the configuration.

  1. In the navigation pane, click the Servers item, and then click 3-DNS Controllers.
    The 3-DNS Controllers screen opens.
  2. On the toolbar, click Add 3-DNS Controller.
    The Add 3-DNS Controller screen opens.
  3. In the 3-DNS Controller Name box, type combo.domain.net.
  4. In the 3-DNS IP Address box, type 192.168.100.100.
  5. Add the rest of the settings as needed.

Note that both server types use the same name and IP address, as indicated by the highlighted text in the foollowing example.  If you are configuring a redundant system, you use the shared IP address.  For assistance, contact technical support.

To add the BIG-IP Controller with the 3-DNS module from the command line

  1. At the command line, type 3dnsmaint.
    The 3-DNS Maintenance menu opens.
  2. Using the arrow keys, choose Edit 3-DNS Configuration.
  3. Add the following syntax to the wideip.conf file:
  4. server { // datacenter=DC1, #VS=1
       type     bigip
       address    192.168.100.68
       name    "birch.win.net"

       limit { /* none */ }
       iquery_protocol udp
       remote {
         secure    yes
         user    "root"
       }
       factories {
         snmp    1
       }
       prober    127.0.0.1
    }


    server { // datacenter=DC1, #VS=0
       type     3dns
       address    192.168.100.68
       name    "birch.win.net"

       limit { /* none */ }
       iquery_protocol udp
       remote {
         secure    yes
         user    "root"
       }
       factories {
         snmp    1
       }
    }

Using wildcard characters

The 3-DNS Controller now supports wildcard characters in wide IP names and wide IP aliases.  You can use the wildcard characters to simplify your maintenance tasks if you have a large quantity of wide IP names and/or wide IP aliases.  The wildcard characters you can use are:  the question mark ( ? ), and the asterisk ( * ).  The guidelines for using the wildcard characters are as follows:

  • The question mark ( ? )
    • You can use the question mark to replace a single character, with the exception of dots ( . ).
    • You can use more than one question mark in a wide IP name or alias.
    • You can use both the question mark and the asterisk in the same wide IP name or alias.
  • The asterisk ( * )
    • You can use the asterisk to replace multiple consecutive characters, with the exception of dots ( . ).
    • You can use more than one asterisk in a wide IP name or alias.
    • You can use both the question mark and the asterisk in the same wide IP name or alias.

The following examples are all valid uses of the wildcard characters for the wide IP name, www.mydomain.net.

  • ???.mydomain.net
  • www.??domain.net
  • www.my*.net
  • www.??*.net
  • www.my*.*
  • ???.my*.*
  • *.*.net
  • www.*.???

Note:  There are two important things to keep in mind when you use wildcard characters.  First, wildcard characters are not inserted into NameSurfer.  Second, if you are using ECV service monitors, they do not scan wide IP names or aliases that contain wildcard characters.


Fixes

The following issues are resolved in the current release.

Type Description Number
3-DNS Console

In the Configuration utility, the 3-DNS Console has been renamed to the MindTerm SSH Console.

CR12878
The 3dnsd daemon and the IP classifier

When you restart the 3dnsd daemon, you no longer experience a delay due to the size of the IP classifier.

CR10556
Adding hosts and virtual server quantity

When you add a host using the Configuration utility, the virtual server quantity now displays correctly on the Host Servers screen.

CR13643
ECV status changes

The 3-DNS Controller now issues a message to the 3-DNS Log when the status of an ECV service check changes from up to down, or down to up.

CR12394

Foundry ServerIron and big3d agent probes

The big3d agent no longer dumps the core when probing a Foundry server with an SNMP prober.

CR#
Generic data center

The 3-DNS Controller no longer generates a generic data center in the configuration after you run the First-Time Boot utility.

 
Prober factories

The maximum number of prober factories was 56.  You can now specify up to 255 prober factories.

 
Server names and IP addresses

The 3-DNS Controller, version 4.0 allows you to use the same name for more than one server type in your configuration.  For example, if you are adding a BIG-IP HA Controller (that has the 3-DNS module enabled) to your configuration, you can use the same name for both the BIG-IP Controller and the 3-DNS Controller.  You cannot, however, use the same name for two servers that are the same server type.

CR13789


Known issues

The following items are known issues in the current release.

Type Description Number
BIG-IP Controllers with the 3-DNS module and copying iQuery keys

When you use the Generate and Copy iQuery Encryption Key command on the 3-DNS Maintenance menu, the command sometimes fails to copy the key from a previously configured BIG-IP Controller on to a newly configured BIG-IP Controller with the 3-DNS module.  The command may also copy the key to the local controller and fail to copy the key to any remote controller.  If the copy fails (in either instance), re-run the command, and select either the Keep option (which retains the local system's key and copies it out to the other systems), or the Build option (which creates a new key and copies it out to the other systems). 

CR14926
3-DNS Maintenance menu and new installations

When you are working with a new 3-DNS Controller, you need to add a data center and a 3-DNS Controller to the configuration using the Configuration utility, before you can use the Edit 3-DNS Configuration command on the 3-DNS Maintenance menu.

CR14777
ArrowPoint CS150 and metrics collection

The 3-DNS Controller collects metrics on packets per second and kilobytes per second only for HTTP traffic on the current ArrowPoint CS150 server. 

The kilobytes per second rate displayed for the ArrowPoint CS150 is approximately 16 times smaller than it should be.  The total byte counts returned from the ArrowPoint MIB are 16 times smaller than the number of bytes that were actually handled. 

CR10361
Cisco CSS series (formerly ArrowPoint) servers and metrics collection

The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.

 
Crypto 3-DNS Controllers and CD upgrades

(This applies only to crypto 3-DNS Controllers.)  When you rebuild a 3-DNS Controller (or BIG-IP Controller) using a CD, the RSA key for sshd is changed.  This breaks the trust relationship between the updated controller and any devices with which it interacts.  As a result, synchronization between the controllers in the sync group stops, and you cannot update the big3d agent.  You can correct this situation by removing the newer RSA key and synchronizing the updated controller with other F5 devices.

To reset the RSA key for an updated 3-DNS Controller

  1. In the /root/.ssh/known_hosts file of each controller in the sync group that has not been updated, remove the RSA key for the replaced controller.
  2. Type 3dnsmaint at the command line to open the 3-DNS Maintenance menu.
  3. Choose Configure secure communication between all 3-DNS and BIG-IP systems, and press Enter. 
    The 3-DNS Controller updates the RSA key with the correct information.
  4. Press Enter to return to the 3-DNS Maintenance menu.
  5. Press Q to quit.

 
Data center names in the Configuration utility

In the Configuration utility, you may get an internal server error if you use special characters in the data center names.  To avoid this error, use only alphanumeric, space, underscore ( _ ), or hyphen ( - ) characters in the data center names.

  CR14990
First-Time Boot Utility in the Configuration Utility

On BIG-IP Controllers with the 3-DNS module enabled, the browser-based First-Time Boot Utility does not properly configure the 3-DNS module.  To configure BIG-IP Controllers with the 3-DNS module, use the config command to run the First-Time Boot utility at the command line.

CR14979
Fully qualified domain names in wide IPs

When you add or modify a wide IP definition, either by using the Configuration utility or by editing the wideip.conf file, you cannot use the same fully-qualified domain name (FQDN) more than once.  If you try to use the same FQDN as a wide IP name in one definition, and as an alias in another definition, the Configuration utility stops working.

CR12314

Global Availability and Ratio load balancing modes in the Configuration Utility

On the Modify Load Balancing for [pool name] screen, when you select the Global Availability or Ratio load balancing modes, the popup screens where you configure either the order (for Global Availability) or the ratio (for Ratio) do not appear.  To set the order or ratio for the Global Availability or Ratio load balancing modes, click Modify Virtual Servers on the toolbar, and set the order or ratio on the Modify Virtual Servers screen.

CR14978
Global Availability load balancing within a pool

When you create a pool for a new or for an existing wide IP, and you use the Global Availability load balancing method, you may experience problems under the following circumstances:

  • You are using Internet Explorer 5.0 or 5.5.
  • You select Global Availability in the Load Balancing Modes, Preferred list on the Configure Load Balancing for New Pool screen.
  • You have a large quantity of virtual servers in your configuration.
If you want to use the Global Availability load balancing method, and you meet the previous criteria, please see the Using Global Availability load balancing for pools section following this table.
CR13112
Java applets and the Configuration utility

Parts of the Configuration utility for the 3-DNS Controller use Java applets and require the presence of the Java Virtual Machine (JVM) on your local machine.  However, some default installations of Internet Explorer do not contain the JVM.  If your version of Internet Explorer does not contain a JVM, you can obtain a JVM by going to the Tools menu, choosing the Windows Update link, selecting PRODUCT UPDATES, and looking in the Additional Windows Features section.  Alternately, you can go to the Internet Explorer section of Microsoft's web site.

CR10381
Modify Virtual Server Translations screen and proper data display

If you have configured more than one virtual server translation using the Configuration utility (for BIG-IP Controller virtual servers only), the Modify Virtual Server Translations screen does not refresh properly when you remove a virtual server translation.  To view the correct information on the Modify Virtual Server Translations screen, after you have removed a virtual server translation, click the Refresh button on the browser toolbar, and then go back to the Modify Virtual Server Translations screen.

CR14029

Netscape Navigator 6.0

The Configuration utility does not currently support Netscape 6.0.

CR12116
Netscape Navigator on UNIX systems

If you are running Netscape on a UNIX (LINUX, *BSD, Solaris) system, the MindTerm SSH Client item is not available in the navigation pane of the Configuration utility.  Instead you can access the 3-DNS Controller command line utility using a standard SSH connection.

CR12132
Netscape Navigator and the Network Map

The Network Map does not display large configurations properly when you run Netscape on a UNIX or LINUX platform.  We recommend that you use a Windows-based browser to view large network configurations with the Network Map.

CR11161
Network Map and multiple browser sessions

When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape.  This error only occurs if the additional browser sessions use Java applets.  We recommend that you close any additional browser sessions before viewing the Network Map.

CR11173
Non-crypto controllers and RSH

If you have non-crypto controllers, you must configure RSH from the command line to establish secure communications between the controller and other F5 devices.  If you have a mixed environment, with crypto and non-crypto controllers, you must configure RSH as well as SSH on the crypto controllers, so that they can communicate with the non-crypto controllers.  For details on how to configure the rsh utility, see the Configuring RSH on non-crypto controllers section of this release note.

CR14832
Non-crypto EDGE-FX Caches

When using an RSH session to connect to an EDGE-FX Cache that does not have SSH available (a non-crypto EDGE-FX Cache), you may get a connection refused error message.

To use an RSH session with a non-crypto EDGE-FX Cache

  1. Use Telnet or a terminal console to connect to the EDGE-FX Cache.
  2. In the /etc/inetd.conf file, remove the comment (#) character from the line:
    #shell stream tcp nowait root /usr/libexec/rshd rshd
  3. Type the following command:
    kill -HUP `cat /var/run/inetd.pid`
    This causes the inetd daemon to re-read its configuration.

CR11035

Prior 3-DNS Controller versions and synchronization

The 3-DNS Controller, version 4.0 does not synchronize with 3-DNS Controllers that are running versions prior to 4.0.

CR11186
Probe protocol for local DNS servers

We recommend that you use the ICMP, DNS_REV, or DNS_DOT probing methods, and that you do not use the Port Discovery probing method, to probe local DNS servers.

 
Prober statistics

Sometimes NAN (not a number) appears in the Probers Statistics screen.  This error is harmless and does not affect the operation of the 3-DNS Controller.

CR12863
Prober statistics and Internet Explorer 5.0 and later

When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later.  We recommend using the following procedure to view the Histograms or Metrics:

  1. In the navigation pane, expand the Statistics item, and click Probers.


  2. In the Prober Statistics screen, click either Metrics or Histogram.
    A dialog box appears.


  3. Select Save this file to disk and click OK.
The browser saves the file, and you can now open the file using Microsoft Excel.

CR10153
Screen resolution and the Configuration utility

If the screen resolution on your monitor is set to less than 1024 x 768 pixels, you may not see the entire 3-DNS Controller toolbar in the Configuration utility.  If your monitor allows it, we recommend that you set your screen resolution to 1024 x 768 pixels.

CR10518
Secure/Non-secure warnings in the Configuration utility

When you are using Internet Explorer 5.X, the Configuration utility sometimes displays a popup screen with a warning message about secure and non-secure items.  When you click OK or Cancel, the Configuration utility displays a Page Not Found error.  The error occurs intermittently and is harmless.  To clear the error, click either the Refresh button or the Back button on the browser toolbar.

CR13878
Solstice SNMP agent and metrics collection

The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds.  As a result, in the 3-DNS Controller SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value.  If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds.

 
The snmpd.conf file and the 3dns.log file

If you have SNMP configured on the 3-DNS Controller, the 3dns.log file may fill up quickly.  To correct this, you must edit the snmpd.conf file from the command line.

To edit the snmpd.conf file
  1. At the command line, change to the /etc/snmpd.conf directory.
  2. Using the text editor of your choice, locate the following line in the file:
    trapsink 192.168.101.62
  3. Comment out the line by adding the comment (#) character in front of trapsink.

 
Statistics screens and viewing 3-DNS Controller status

When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens in the disabled controller's Configuration utility display an inaccurate status (a red ball) for all of the other 3-DNS Controllers in the same sync group.  You can see the correct status of the controllers in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group.

CR9452
Virtual server dependencies entries

If you remove seven or more entries at one time from a Virtual Server Dependencies List and you are running Internet Explorer 5.0, you may get an error.  To avoid this error, remove fewer entries at a time.

CR11414
Wide IP production rules

When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box.

When you create a wide IP production rule using the Configuration utility, in the Select Local DNS screen, you must type the IP address and subnet mask in the appropriate boxes.  You cannot use the CIDR format (for example, 192.168.10.10/24) in these boxes.

CR11710

CR11202
Windows 2000 Server metrics collection

Table 10.1 on page 10-10, in the 3-DNS Reference Guide, incorrectly indicates that the 3-DNS Controller collects memory usage metrics for the Windows 2000 Server SNMP agent.

CR15002


Configuring RSH on non-crypto controllers

The following instructions describe how to configure the rsh utility from the command line.  You need to configure the rsh utility on all the non-crypto controllers for which you want to establish secure communications, as well as crypto controllers that communicate with non-crypto controllers.

To set up the rsh utility from the command line

  1. On the local controller, open the /etc/hosts file.


  2. Add the host name and IP address of the remote controller (the controller from which you want to log on) to the file.


  3. Save and close the file.


  4. Next, open the /etc/hosts.equiv file.


  5. Add the host name and user name for the remote controller to the /etc/hosts.equiv file.  The host name is the same as the one you added to the /etc/hosts file.  The user name is the login name of the user on the local controller that you want to allow access to the remote controller.  Add the host name and user name to the file in the following format:

    hostname     username

  6. Save and close the file.


  7. Last, change to the /root directory.


  8. In the /root directory, create a .rhosts file.  The syntax is the same as the /etc/hosts file.


  9. For the .rhosts file, set the file permissions using the chmod 600 command.


  10. Save and close the file.


You can now use the rsh utility to run commands on the remote controller.


Using the Global Availability load balancing mode within a pool

The following instructions describe how to configure the Global Availability load balancing mode within a pool.  You need to use these instructions only if you meet the criteria listed in the Using the Global Availability load balancing mode within a pool item in the Known Issues section.

To configure Global Availability load balancing within a pool in a new wide IP

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.
  2. On the toolbar, click Add Wide IP.
    The Add a New Wide IP screen opens.
  3. Type the settings for the new wide IP, and click Next.
    The Configure Load Balancing for New Pool screen opens.
  4. Select a load balancing mode other than Global Availability in all of the following lists:
    • Load Balancing Modes, Preferred
    • Load Balancing Modes, Alternate
    • Load Balancing Modes, Fallback

    Note that you can accept the default settings, rather than changing the settings.
  5. Click Next.
    The Select Virtual Servers screen opens.
  6. Once you have finished configuring the virtual servers for the pool, click Finish to save your changes.
  7. On the Wide IP List screen, select the wide IP that you just created.
  8. On the toolbar, click Modify Pool.
    The Modify Wide IP Pools screen opens.
  9. Click the pool that you just created.
    The Modify Load Balancing for [pool name] screen opens.
  10. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred, or the Load Balancing Modes, Alternate, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.

To configure Global Availability load balancing within a pool in an existing wide IP

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.
  2. On the toolbar, click Add Pool.
    The Configure Load Balancing for New Pool screen opens.
  3. Select a load balancing mode other than Global Availability in the following lists:
    • Load Balancing Modes, Preferred
    • Load Balancing Modes, Alternate
    • Load Balancing Modes, Fallback

    Note that you can accept the default settings, rather than changing the settings.
  4. Once you have finished configuring the pool, click Finish to save your changes.
    The Wide IP List screen opens.
  5. In the Pools column, select the pools for the wide IP that you just modified.
    The Modify Wide IP Pools screen opens.
  6. In the Pool Name column, click the name of the pool that you just created.
    The Modify Load Balancing for [pool name] screen opens.
  7. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred list, or the Load Balancing Modes, Alternate list, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.