Release Notes : 3-DNS Controller, version 4.5

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.5.0
Release Notes
Software Release Date: 10/31/2002
Updated Date: 04/18/2019

Summary:

This release note documents version 4.5 of the 3-DNS Controller.

Contents:

Minimum system requirements

This section describes the minimum system requirements for this release.

  • Intel® Pentium® III 550MHz processor
  • 512MB disk drive or CompactFlash® card
  • 256MB RAM
  • Supported browsers: Microsoft® Internet Explorer 5.0 or 5.5; Netscape® Navigator 4.7x

 

[ Top ]

Installing the upgrade

The following instructions explain how to install the 3-DNS Controller, version 4.5 onto existing systems running version 4.2 and later. Once you install the software update, and license the controller, refer to the Configuring and using the new software section, which contains important information about required configuration changes and the new configuration options.

Warning:  Before you install the upgrade, you must have a valid registration key. If you do not have a valid registration key DO NOT attempt to install the upgrade; please contact your vendor first. If you choose to continue without obtaining a registration key, the 3-DNS Controller will not be fully functional.

Important! If you are running the 3-DNS module on a BIG-IP system, do not apply this upgrade. Instead refer to the installation instructions for BIG-IP, version 4.5, as published in the BIG-IP version 4.5 release note. When you apply the BIG-IP software, version 4.5 upgrade, the 3-DNS module is also updated to version 4.5.

  1. On the 3-DNS Controller, change to the /var/tmp/ directory:
    cd /var/tmp/

  2. Download the following files to the /var/tmp directory from the F5 FTP site, ftp.f5.com (contact your vendor to get a user ID and password for the F5 FTP site).
    BIGIP_4.5_Upgrade.im
    BIGIP_4.5_Upgrade.md5

  3. Verify the integrity of the upgrade file by typing the md5 command where BIGIP_4.5_Upgrade.im is the name of the upgrade file:
    md5 BIGIP_4.5_Upgrade.im

    If the md5 numbers match, the upgrade file is valid. If they do not match, open a new FTP connection, and try to download the upgrade file again.

  4. Start the upgrade process by typing the following command from the /var/tmp directory:
    im BIGIP_4.5_Upgrade.im

  5. Press Enter.
    The upgrade script installs the upgrade and reboots the controller several times during that process.

    Note:  The upgrade process does not preserve any non-standard files that you may have on your 3-DNS Controller. If you want to retain any non-standard files during this upgrade, then you need to save the files to a remote location before you perform the upgrade, and manually restore the non-standard files after the upgrade process is complete.

[ Top ]

Activating the license

Once you install the upgrade and connect the controller to the network, you need a valid license certificate to activate the software. To obtain a license certificate, you need to provide two items to the license server: a registration key and a dossier. The registration key is a 25-character string. You should have received the key by email. The registration key lets the license server know which F5 products you are entitled to license. The dossier is obtained from the software, and is an encrypted list of key characteristics used to identify the platform. If you do not have a registration key, please contact your vendor.

You can obtain a license certificate using one of the following methods:

  • Automatic license activation
    You perform automatic license activation from the command line or from the web-based Configuration utility of an upgraded controller. This method automatically retrieves and submits the dossier to the F5 Networks license server, as well as installs the signed license certificate. In order for you to use this method, the controller must be installed on a network with Internet access.

  • Manual license activation
    You perform manual license activation from the Configuration utility, which is the browser-based user interface. With this method, you submit the dossier to, and retrieve the signed license file from, the F5 Networks license server manually. In order for you to use this method, the administrative work station must have Internet access.

Note:  You can open the Configuration utility using either Netscape Navigator 4.7, or Microsoft Internet Explorer 5.0 or 5.5. Netscape Navigator 6.0 and Microsoft Internet Explorer 6.0 are not supported.

To automatically activate a license from the command line for first time installation

  1. Type the user name root and the password default at the log on prompt.

  2. At the prompt, type license. The following prompts appear:
    IP:
    Netmask:
    Default Route:
    Select interface to use to retrieve license:

    The 3-DNS Controller uses this information to make an Internet connection to the license server.

  3. After you type the Internet connection information, continue to the following prompt:
    The Registration Key should have been included with the software or given when the order was placed. Do you have your Registration Key? [Y/N]:

    Type Y, and the following prompt displays:
    Registration Key:

  4. Type the 25-character registration key you received. If you received more than one key, enter all of the keys separated by a space.
    The controller retrieves and sends the dossier to the F5 Networks license server, and the F5 Networks license server returns and installs a signed license file. A message displays indicating the process was successful.

  5. You are asked to accept the End User License Agreement (EULA). Note that the system is not fully functional until you accept the EULA.

  6. Press Enter to reboot the system. The system is not fully functional until you reboot.

  7. If the licensing process is not successful, contact your vendor's technical support team.

To automatically activate a license from the command line for upgrades

  1. Type your user name and password at the log on prompt.

  2. At the prompt, type setup.

  3. Choose menu option (L) License Activation.

  4. The following prompt displays:
    Number of keys: 1
    If you have more than one registration key, enter the appropriate number, and press Enter.

  5. The following prompt displays:
    Registration Key:

    Type the 25-character registration key you received. If you received more than one key, enter all of the keys separated by a space.
    The controller retrieves and sends the dossier to the F5 Networks license server, and the F5 Networks license server returns and installs a signed license file. A message displays indicating the process was successful.

  6. If the licensing process is not successful, contact your vendor.

To manually activate a license using the Configuration utility

You can use the Configuration utility to manually activate a license for a previously-configured 3-DNS Controller and for a new controller. Before you can activate the license, however, you must log on to the Configuration utility.

To open the Configuration utility for an existing 3-DNS Controller

  1. Open the Configuration utility using the configured address.

  2. Type your user name and password at the log on prompt, and click OK.
    The Configuration utility home screen displays.

To open the Configuration utility for a new 3-DNS Controller

  1. From the administrative work station, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. Type the user name root and the password default at the log on prompt, and click OK.
    The Configuration utility home screen displays.

Once you have successfully logged in to the Configuration utility, you can proceed with the manual license activation.

To manually activate a license using the Configuration utility

  1. Click License Utility to open the License Administration screen.

  2. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Manual Authorization.

  3. At the Manual Authorization screen, retrieve the dossier using one of the following methods:

    • Copy the entire contents of the Product Dossier box.

    • Click Download Product Dossier, and save the dossier to the hard drive.

  4. Click the link in the License Server box.
    The Activate F5 License screen opens in a new browser window.

  5. From the Activate F5 License screen, submit the dossier using one of the following methods:

    • Paste the data you just copied into the Enter your dossier box, and click Activate.

    • At the Product Dossier box, click Browse to locate the dossier on the hard drive, and then click Activate.


    The screen returns a signed license file.

  6. Retrieve the license file using one of the following methods:

    • Copy the entire contents of the signed license file.

    • Click Download license, and save the license file to the hard drive.


  7. Return to the Manual Authorization screen, and click Continue.

  8. At the Install License screen, submit the license file using one of the following methods:

    • Paste the data you copied into the License Server Output box, and click Install License.

    • At the License File box, click Browse to locate the license file on the hard drive, and then click Install License.


    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  9. Click License Terms, review the EULA, and accept it.

  10. At the Reboot Prompt screen, select when you want to reboot the platform.
    You must reboot the controller to complete the license activation.

To automatically activate a license using the Configuration utility

You can use the Configuration utility automatically activate a license for a previously-configured 3-DNS Controller and for a new controller. Before you can activate the license, however, you must log on to the Configuration utility.

To open the Configuration utility for an existing 3-DNS Controller

  1. Open the Configuration utility using the configured address.

  2. Type your user name and password at the log on prompt, and click OK.
    The Configuration utility home screen displays.

To open the Configuration utility for a new 3-DNS Controller

  1. From the administrative work station, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. Type the user name root and the password default at the log on prompt, and click OK.
    The Configuration utility home screen displays.

Once you have successfully logged in to the Configuration utility, you can proceed with the automatic license activation.

To automatically activate a license using the Configuration utility

  1. Click License Utility to open the License Administration screen.

  2. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Automated Authorization.

    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  3. Click License Terms, review the EULA, and accept it.

  4. At the Reboot Prompt screen, select when you want to reboot the platform.
    You must reboot the controller to complete the license activation.
[ Top ]

Updating the big3d agent

After the 3-DNS Controller upgrade installation has completed, and you have successfully licensed the controller, you need to install the new version of the big3d agent on all BIG-IP systems and EDGE-FX systems known to the 3-DNS Controller, as follows:

  1. Log on to the 3-DNS Controller at the command line.

  2. Type 3dnsmaint to open the 3-DNS Maintenance menu.

  3. Select Install and Start big3d, and press Enter.
    The controller detects all BIG-IP systems and EDGE-FX systems in the network and updates their big3d agents.

  4. Press Enter to return to the 3-DNS Maintenance menu.

  5. Type Q to quit.
[ Top ]

New features and enhancements

Automatic discovery of BIG-IP system and host configuration information

The 3-DNS Controller can now automatically collect and add the configuration information for BIG-IP systems, including the BIG-IP Link Controller, and host servers. The Discovery setting has three levels:

  • ON
    When the Discovery setting is set to ON, the 3-DNS Controller polls the BIG-IP and host systems in the network every 30 seconds to update the configuration information for those systems. Any changes, additions, or deletions are then made to the controller's configuration. Note that this is the default setting.

  • ON/NO DELETE
    When the Discovery setting is set to ON/NO DELETE, the 3-DNS Controller polls the BIG-IP systems and host systems in the network every 30 seconds to update the configuration information for those systems. Any changes or additions are then made to the controller's configuration. Any deletions in the configuration are ignored. This setting is helpful if you want to take systems in and out of service without modifying the 3-DNS configuration.

  • OFF
    When the Discovery setting is set to OFF for a 3-DNS Controller, a BIG-IP system, or a host, the 3-DNS Controller does not collect any configuration information. Instead, you must make all changes to the configuration using either the Configuration utility, or by editing the wideip.conf file.

We recommend that you leave the Discovery setting off if there is a firewall separating the 3-DNS Controller from the BIG-IP systems and host systems in the network. For details on configuring the Discovery setting, review the online help for the Modify BIG-IP screen and the Modify Host screen. See also the Overview of auto-configuration section in Chapter 5, Essential Configuration Tasks, in the 3-DNS Administrator Guide.

Easy system account and password creation

With this release, the 3-DNS Controller now offers one screen, in the web-based Setup utility, where you can set the passwords for the three system accounts: root, admin, and support. On this screen, you can also specify whether to allow command line access, web access, or both for the support account. You can view the User Access screen by opening the Setup utility from the home screen.

Enhanced synchronization

The configuration synchronization process for the 3-DNS Controller has been updated and improved. The controller no longer relies on the syncd daemon for synchronization. Instead, synchronization occurs automatically, based on file timestamps, whenever you make any type of change to the configuration. The 3-DNS Controller also polls any Link Controllers that you have in your network, and synchronizes the link information across the sync group. If you want to turn automatic synchronization off, review the Turning off automatic synchronization procedure in the Optional configuration changes section of this release note.

Expanded statistics

The statistics screens on the 3-DNS Controller have been enhanced and expanded. You can now view statistics for the following objects:

  • The Detailed Wide IP Statistics screen, available from the Wide IP Statistics screen, now displays information about virtual servers in the context of the wide IP pools of which they are members.
  • The Link Statistics screen displays information about any router links you have configured.
  • The P95 Billing Estimate statistics screen displays graphs of your actual bandwidth usage compared to your purchased bandwidth if you have links configured, or your network has both 3-DNS Controllers and Link Controllers in it.
  • The Internet Weather Map statistics screen now displays information for both the data centers and the links in your network.
  • The Disabled Objects statistics screen now displays these additional objects: wide IPs, pools, and virtual servers.

    For details on these screens, review the online help for the screen.

Integration with BIG-IP Link Controller

The 3-DNS Controller has been enhanced to both monitor and share configuration information with the BIG-IP Link Controller. The benefits include:

  • Enhanced wide area traffic management capabilities
  • Additional Internet link statistics
  • Broader monitoring of the network

 

Multihoming and firewall support

The 3-DNS Controller now supports multiple links to the Internet and network address translations for firewalls. You can designate one or more self IP addresses and translations for the controller itself, as well as for any BIG-IP systems, host servers, or routers that are configured as part or the controller’s network. For details on adding multiple self IP addresses and translations to the server definitions, see the online help for the Self IP screens for each server type.

New licensing process

With this release, all users must migrate to the updated F5 Networks licensing process. For details, contact Support to obtain a registration key for each of your current products.

New server type, Router

You can now include routers in the 3-DNS configuration. By adding routers to the 3-DNS configuration, you can load balance traffic over the router's links. Note that if you have any BIG-IP Link Controllers in your network, the 3-DNS Controller recognizes them as routers so that you can manage the links. For details on configuring the new server type, see the online help for Router, in the Configuration utility.

Security enhancements

You can now use the Setup utility to configure a remote LDAP or RADIUS authentication server. With this feature, you no longer need to directly edit configuration files to set up your LDAP or RADIUS authentication server.

This release of the 3-DNS Controller also expands the number of user roles that you can assign to user accounts for the purpose of user authorization. In addition to the standard Full Read/Write, Partial Read/Write, and Read-Only access levels, you can now define which user interface an administrator uses to access the 3-DNS Controller (the Configuration utility, the command line interface, or the iControl interface). These user authorization roles are stored in the local LDAP database on the 3-DNS Controller, and are designed to operate in concert with centralized LDAP and RADIUS authentication.

For more information on these security enhancements, review Managing user accounts, in Chapter 6, Administration and Monitoring, in the 3-DNS Reference Guide.

[ Top ]

Fixes

The following issues are resolved in the current release.

CERT Advisory CA-2002-17, Apache Web Server Chunk Handling Vulnerability
The security vulnerability that is outlined in CERT Advisory CA-2002-17, Apache Web Server Chunk Handling Vulnerability, has been fixed.

CERT Advisory CA-2002-18, OpenSSH Vulnerabilities in Challenge Response Handling
The OpenSSH software running on the 3-DNS Controller has been upgraded to version 3.4p1 to address the security vulnerability that is outlined in CERT Advisory CA-2002-18.

CERT Advisory CA-2002-23, Multiple Vulnerabilities In OpenSSL
The security vulnerabilities that are outlined in CERT Advisory CA-2002-23, Multiple Vulnerabilities In OpenSSL, have been fixed.

BSDI security vulnerability (CR16430)
A potential denial of service vulnerability in the C library (libc) of BSDI has been addressed. For information about the vulnerability, see Vulnerability Note VU#808552, Multiple ftpd implementations contain buffer overflows, which is available on the CERT website at http://www.cert.org.

Support for iControl, version 2.1 (CR19847, CR20178)
This release includes support for iControl, version 2.1.

New command argument for 3ndc (CR19886)
You can now monitor 3-DNS resolutions without using tcpdump by using the 3ndc querylog command.  For additional information, refer to the 3ndc man page.

Updated big3d agents (CR21360, CR21637)
The big3d agent has been updated. To ensure that the BIG-IP systems, EDGE-FX Caches, and GLOBAL-SITE systems in your network are running the most recent big3d agent, be sure to follow the instructions in the Updating the big3d agent section of this release note.

Configuring GLOBAL-SITE Controllers in the 3-DNS network (CR21409)
You no longer configure the GLOBAL-SITE Controller as a separate server type in the 3-DNS configuration. If you have GLOBAL-SITE Controllers in your network, you now configure them as EDGE-FX systems. Additionally, in most instances, the 3-DNS documentation now refers to both the EDGE-FX Cache and the GLOBAL-SITE Controller as an EDGE-FX system.

Updated version of BIND (CR21639)
The version of BIND running on the 3-DNS Controller has been updated from version 8.2.3 to version 8.3.3.

Manually re-enabling virtual servers when they change status from down to up (CR21894)
Previously, when a virtual server changed status from down to up, the virtual server was immediately available for load balancing. You can now choose to manually re-enable virtual servers for load balancing availability when their status changes from down to up by activating the Manual Resume setting. If you activate the Manual Resume setting, when a virtual server changes status from up to down, the controller also disables the virtual server. When the virtual server’s status changes back to up, you have to re-enable the virtual server before it is actually available for load balancing.

For details on configuring the Manual Resume setting, see the Optional configuration changes section of this release note.

Updating persistence records when the 3dnsd daemon restarts (CR22380)
In situations where the 3dnsd daemon restarts, for example, when you reboot the 3-DNS Controller, the controller now synchronizes any persistent connections with all 3-DNS controllers in the network.

New SNMP OIDs for enable and disable actions (CR22631)
When you enable or disable an object in the 3-DNS configuration, this action now generates an SNMP trap based on new object identifiers (OIDs) in the 3-DNS MIB. You can view the 3-DNS MIB from the home screen of the Configuration utility.

EDNS0 requests from BIND 8.3.3 and BIND 9 name servers (CR22697)
The 3-DNS can now process EDNS0 requests that originate from BIND 8.3.3 and BIND 9 name servers. When the 3-DNS Controller receives an EDNS0 request, the controller embeds the additional EDNS0 record in the DNS response packet.

3-DNS Maintenance menu revisions (CR23262, 23266)
Several options have been removed from the 3-DNS Maintenance menu due to obsolescence. For a list of the removed menu options and the updated procedure for each option, see the 3-DNS Maintenance menu revisions section of this release note.

[ Top ]

Configuring and using the new software

The following section provides information about both required and optional configuration changes.

Required configuration changes

The current release has the following required configuration change.

New licensing process

F5 Networks has implemented a new product licensing process. You must obtain a valid registration key from your vendor before you can install the version 4.5 software. You can contact http://tech.f5.com/license/license.html to obtain a valid registration key for the licensing process. To obtain a new license once you have a valid registration key, follow the instructions for Activating the license.

Important:  You must complete the authorization and licensing process before you run the configuration utility to configure the unit. If you do not obtain a license before you run the configuration utility, the system may behave in an unexpected manner.

[ Top ]

Optional configuration changes

Changes to the admin account during an upgrade

When upgrading to 3-DNS Controller version 4.5 from a previous version, the controller manages the access level assigned to the admin account by retaining the same access level that was assigned to the account prior to the upgrade. Once the upgrade is completed, we recommend that you promote the access level on this account to CLI + Full Read/Write.

Turning off automatic synchronization

By default, the 3-DNS Controller now synchronizes with any Link Controllers in the network, in addition to the 3-DNS Controllers that you have added to the sync group. The following process describes how to turn off automatic synchronization. Note that you must repeat this process on all of the 3-DNS Controllers for which you want to turn automatic synchronization off.

To turn off automatic synchronization using the Configuration utility

  1. In the navigation pane, click System.
    The System - General screen opens.

  2. Clear the Sync Enabled check box.

  3. Click Update.
    The controller saves the configuration changes, and automatic synchronization is turned off.

 

To turn off automatic synchronization from the command line

  1. Type the following command to ensure that the configuration files contain the same information as the memory cache.
    3ndc dumpdb

  2. Open the wideip.conf file in a text editor.

  3. In the file, locate the globals statement.

  4. In the globals statement, add the autosync variable:
    autosync   no

  5. Save and close the file.

  6. Commit the change to the configuration by typing:
    3ndc reload

    The controller updates the configuration with the changes.
[ Top ]

Rolling back the upgrade

The following process describes how to return a 3-DNS Controller to the previous software version, version 4.2, after you upgrade to version 4.5. The rollback process has four tasks:

  • Save the current configuration so that you can restore it after the rollback
  • Create a CD of the version 4.2 software
  • Install the version 4.2 software
  • Restore the configuration file that you created

The following sections provide instructions for the four tasks. Note that these instructions do not apply to the 3-DNS Controller module running on a BIG-IP system.

To save the current configuration using the Configuration utility

  1. In the navigation pane, click System.
    The System - General screen opens.

  2. On the toolbar, click Platform.
    The System - Platform screen opens.

  3. In the Configuration Files, Path and File Name box, type a name for the file, for example, current_config.

  4. Click Save.
    The controller saves the file with the name that you typed in the previous steps, for example, current_config.ucs.

To create a CD of the version 4.2 software

  1. Log on to AskF5, at http://tech.f5.com. Note that if you do not already have a user name and password, you need to register for one before you can log into the site.

  2. Once you have logged into AskF5, review Solution 167 for details on connecting to the F5 Networks FTP site.

  3. From the FTP site, download the *.iso image for the version 4.2 release.

  4. Use the *.iso image to create a CD of the version 4.2 software.

To install the version 4.2 software

  1. Insert the CD that you just created into the CD-ROM drive of the upgraded system that you want to roll back to version 4.2.

  2. Reboot the controller to start the installation.

  3. When the installation is complete, remove the CD and reboot the controller again.

To restore the configuration file that you saved, using the Configuration utility

  1. In the navigation pane, click System.
    The System - General screen opens.

  2. On the toolbar, click Platform.
    The System - Platform screen opens.

  3. In the Configuration Files, Use Existing Files box, select the configuration file that you created in the first task, for example, current_config.ucs.

  4. Click Restore.
    The controller restores the configuration that you saved.
[ Top ]

3-DNS Maintenance menu revisions

The following table contains the specific menu options that were removed from the 3-DNS Maintenance menu, and the replacement command or process for each.

Menu Option Replacement
Edit BIND Configuration From the command line, open the named.conf file with a text editor (either vi or pico), and make any required changes. You edit the zone files in the same manner.
Edit 3-DNS Configuration From the command line, open the wideip.conf file with a text editor (either vi or pico), and make any required changes. Commit the changes by typing 3ndc reload.
Backup the 3-DNS Use the following command: bigpipe config save <file name>, where <file name> is the name of the saved configuration file.
Restore a 3-DNS from a backup Use the following command: bigpipe config install <file name>, where <file name> is the name of the saved configuration file that you want to restore.
Synchronize Metrics Data This functionality is obsolete.
Edit big3d matrix This functionality is obsolete.
Reconfigure 3-DNS Configuration Utility Use the (W) Configure web servers option in the Setup utility.
Restart 3-DNS Configuration Utility From the command line, type 3ndc restart.
Change/Add Users for 3-DNS Configuration Utility Modify users and permissions from the System Administration screen in the Configuration utility.
Dump 3dnsd Statistics Use the Statistics screens in the Configuration utility to view statistics.
Stop syncd Obsolete daemon so no longer required
Restart syncd Obsolete daemon so no longer required.
Configure connection to NTP time server Use the (M) Define time servers option in the Setup utility.
Configure NameSurfer (TM) Use the (N) Configure NameSurfer option in the Setup utility.

 

[ Top ]

Working with the Manual Resume setting

Use the following instructions to activate the Manual Resume setting. Note that this setting affects all of the virtual servers in a wide IP.

To activate the Manual Resume setting using the Configuration utility

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.

  2. In the Wide IP Name column, click the name of the wide IP that you want to modify.
    The Modify Wide IP screen opens.

  3. Check the Manual Resume box.

  4. Click Update.
    The Configuration utility updates the configuration with the changes.

When you activate the Manual Resume setting on a wide IP, it affects all of the virtual servers in that wide IP’s pools. When a virtual server changes status from up to down, the virtual server remains disabled even after it changes status from down to up. The following instructions describe how to determine whether a virtual server is disabled by the Manual Resume setting, and how to re-enable the virtual server.

To determine how a virtual server is disabled using the Configuration utility

  1. On the navigation pane, expand the Statistics item, and then click Disabled.
    The Disabled Objects screen opens.

  2. Using the Object Type and ID columns, locate the virtual server that you are reviewing.

  3. The Disabled By column for the virtual server that you want to review displays the method by which the virtual server was disabled. For example, if you see manual_resume, the virtual server is disabled by the Manual Resume setting, and will remain disabled indefinitely.

The following instructions describe how to re-enable a virtual server that has been disabled by the Manual Resume setting. Note that you re-enable the virtual server in the context of the pool and wide IP that it belongs to, not in the context of the server that it belongs to.

To re-enable a virtual server that is disabled by the Manual Resume setting using the Configuration utility

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.

  2. In the Pools column, click # Pools for the wide IP that disabled the virtual server you want to re-enable.
    The Modify Pools screen opens.

  3. In the Virtual Servers column, click # Virtual Servers for the pool that disabled the virtual server you want to re-enable.
    The Modify Virtual Servers screen opens.

  4. Click the Status button for the virtual server that you want to re-enable.
    A popup screen appears to confirm that you want to enable the virtual server.

  5. Click OK.
    The screen refreshes, and the virtual server is enabled.

[ Top ]

Known issues

The following items are known issues in the current release.

Statistics screens and viewing 3-DNS status (CR9452)
When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens, in the disabled system's Configuration utility, display an inaccurate status (a red ball) for all of the other 3-DNS systems in the same sync group. You can see the correct status of the systems in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group.

Prober statistics and Internet Explorer 5.0 and later (CR10153)
When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later. We recommend using the following procedure to view the Histograms or Metrics.

  1. In the navigation pane, expand the Statistics item, and click Probers.
  2. In the Prober Statistics screen, click either Metrics or Histogram.
    A dialog box appears.
  3. Select Save this file to disk and click OK.

The browser saves the file, and you can now open the file using Microsoft Excel.

ArrowPoint CS150 and metrics collection (CR10361)
The 3-DNS Controller collects metrics on packets per second and kilobytes per second only for HTTP traffic on the current ArrowPoint CS150 server.

The kilobytes per second rate as displayed for the ArrowPoint CS150 is approximately 16 times smaller than it should be. The total byte count returned from the ArrowPoint MIB is 16 times smaller than the total byte count that was actually handled.

Netscape Navigator and the Network Map (CR11161)
The Network Map does not display large configurations properly when you run Netscape on a UNIX or Linux platform. We recommend that you use a Windows-based browser to view large network configurations with the Network Map.

Network Map and multiple browser sessions (CR11173)
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape Navigator. This error only occurs if the additional browser sessions use Java applets. We recommend that you close any additional browser sessions before viewing the Network Map.

Wide IP production rules (CR11710)
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box. We recommend that you do not configure a production rule with the Date/Time time variable.

Global Availability or Ratio load balancing within a pool (CR13112)
When you create a pool for a new or for an existing wide IP, and you use the Global Availability or Ratio load balancing method, you may experience problems under the following circumstances:

  • You are using Internet Explorer 5.0 or 5.5.
  • You select Global Availability or Ratio in the Load Balancing Modes, Preferred list on the Configure Load Balancing for New Pool screen.
  • You have a large quantity of virtual servers in your configuration.

If you want to use the Global Availability or Ratio load balancing method, and you meet the previous criteria, please see the Using Global Availability or Ratio load balancing for pools work-around following this section.

Sync group names in the Configuration utility (CR14955)
In the Configuration utility, you may get an internal server error, and you may not be able to delete the sync group, if you use special characters in the sync group names. To avoid this error, use only alphanumeric, underscore ( _ ), hyphen ( - ) or space characters in the sync group names.

Adding servers using the Configuration utility and the Back button in Internet Explorer (CR15345)
Occasionally, when you add a new server to the 3-DNS configuration using the Configuration utility, and you are using the Configuration utility in a Microsoft® Internet Explorer browser session, you may get an error when you use the Back button to return to a previous screen. The error is benign, and you can click any item in the navigation screen to clear the error.

Opening PDF files from the 3-DNS Controller home screen (CR15901)
Occasionally, when you open any of the PDF files available on the home screen of the Configuration utility, the CPU usage for your work station may spike to 100%. To avoid this problem, right-click the name of the PDF file that you want to open, and choose Save Target As to save the PDF file on your workstation. You can then open the PDF file using Adobe® Acrobat® Reader, version 3.0 and later.

Enabling the IP classifier (CR18264)
If you use the Topology load balancing feature, you must make the following change to the wideip.conf file so the 3-DNS Controller can classify continent and country of origin for local DNS servers.

  1. From the command line, type the following command to ensure that the configuration files contain the same information as the memory cache.
    3ndc dumpdb
  2. Open the /etc/wideip.conf file using either the pico or vi text editor.
  3. Add the following line to the include statement in the wideip.conf file.
    include geoloc "netIana.inc"
    The include statement loads the IP classifier so Topology load balancing can classify LDNS requests.
  4. Save and close the wideip.conf file.
  5. Commit the change to the configuration:
    3ndc reload

 

Note: If you have a sync group configured, you must enable the IP classifier on each member of the sync group.

Using the 3-DNS Controller in bridge mode (CR18873)
You cannot configure the 3-DNS Controller in bridge mode using a remote connection or using the Configuration utility. You must configure bridge mode using a local connection. For details on configuring bridge mode, see the Configuring bridge mode section of this release note.

Special characters in pool names and viewing the Network Map (CR19756)
When you use the colon character ( : ) in a pool name, and then try to view the Network Map, the Network Map does not display. To avoid this error, do not use the colon character in pool names.

The 3dpipe utility and pool names (CR20183)
The 3dpipe utility does not properly parse pool names that contain numbers only.

Denial of service (DOS) attacks and the UDP protocol for iQuery (CR20195)
The 3dnsd daemon may mark the big3d agent (running on the same system) as down, under the following conditions:

  • The iQuery protocol is set to UDP (the default)
  • The DNS port experiences a DOS attack
  • The DNS attack generates more than 50,000 requests per second

When these conditions are met, the 3-DNS Controller cannot properly handle persistent requests until you run the 3ndc restart command from the command line. To avoid this issue, you can use the TCP protocol for iQuery.

Note: This issue does not occur with SYN attacks or PING floods.

CPU usage statistics for EDGE-FX Caches (CR21325)
On the EDGE-FX Cache Statistics screen, in the Configuration utility, the 3-DNS Controller incorrectly reports the CPU usage statistic for the EDGE-FX Cache.

Large configurations and 3dnsd error messages (CR21513)
Occasionally, when you have a large configuration file, you may see the following error message:
ERROR: 3dnsd is running but has not written to the file /var/run/3dnsd.pid
( it may still be loading)


The error is benign.

3-DNS Reference Guide does not include the 3-DNS Configuration File appendix (CR22017)
The data structures for 3-DNS Controller were completely revised and updated for version 4.5. The documentation does not yet reflect these changes, so Appendix A, 3-DNS Configuration File, is not included in the 3-DNS Reference Guide. To view the data structures in the wideip.conf file, click the Conf View button for any object in the Configuration utility.

Time-to-live (TTL) values for resource records (CR22025)
If you set the pool TTL to a value that is different than the wide IP TTL, the dig command displays the wide IP TTL rather than the pool TTL in the answer packet. This occurs only when all the virtual servers in the pool are unavailable. Resource records in the DNS configuration are set with the wide IP TTL instead of the pool TTL. If you change the pool TTL, the TTL for the resource records does not change to the updated TTL. Therefore, when the 3-DNS Controller is unable to load balance a request, and returns the request to DNS, the resource record contains the wide IP TTL rather than the pool TTL.

UDP checksums and TFTP packets (CR22113)
In rare instances, the checksums for TFTP packets are incorrect.

Disabling SNMP and rebooting the controller (CR22762)
When you disable SNMP using the Configuration utility, the utility renames the SNMP configuration file from snmpd.conf to /etc/snmpd.conf.disabled. When you reboot the controller, the bigstart script checks for the snmpd.conf file before trying to start the SNMP daemon. Because the file has been renamed, however, the bigstart script assumes that the file does not exist and generates a new snmp.conf file.

Clean installations of the 3-DNS Controller software and the Default data center (CR23028)
When you install the 3-DNS Controller version 4.5 software, and you do not have a previous configuration file, the controller creates a default data center labeled Default. To move any objects that are in the Default data center to a data center that you create, see Moving objects from the Default data center to a newly-created data center section of this release note. Note that this occurs only on a BIG-IP system with the 3-DNS module.

Renaming a wide IP that has aliases using the Configuration utility and synchronization (CR23224)
When you rename a wide IP, and the wide IP has aliases, the order of the wide IP name and alias may appear in reverse order when you look at the wide IP in the Configuration utility of another controller in the sync group. Note that this error does not affect domain name resolution.

Configuring production rules (CR23327)
In the Configuration utility, when you create a production rule, you cannot use the Description box to add a description of the production rule. If you type text into the Description box, the controller ignores it, and the text is not saved.

Upgrading the software and home screen errors in the Configuration utility (23710)
When you are upgrading a 3-DNS Controller from version 4.2 to version 4.5, you may see the home screen, in the Configuration utility, for a BIG-IP system. This occurs only once: after you upgrade the software and before you upgrade the license file using the new licensing process. Refer to the Activating the license section of this release note for details on upgrading your license file to the new version. Note that this does not affect the 3-DNS Controller module on the BIG-IP system.

Inaccurate titles for graphs on the P95 Billing Estimate statistics screen (CR23770)
When you change the date or time range on the P95 Billing Estimate statistics screen in the Link Statistics, the titles on the graphs do not update to reflect the changes. If you are using Internet Explorer, you can update the titles by holding down the Control key, right-clicking in the screen, and then clicking Refresh. If you are using Netscape Navigator, you can update the titles by holding down the Shift key, right-clicking in the screen, and then clicking Refresh.

Date ranges on the P95 statistics screen (CR23784)
The graphs on the P95 statistics screen do not check for dates in the future. If you enter a date that is past today's current date, you may get inaccurate graphs.

Synchronization and modifying the configuration (CR24081)
If you are updating a configuration using the Configuration utility, and another member of the sync group initiates the synchronization process, you get a notification screen that indicates that you cannot update the configuration. To work around this issue, wait for a minute, click the browser's Back button, and continue updating the configuration. Note that this issue is most likely to occur when you are using multiple browser sessions to update the sync group's configuration. We recommend that you use only one browser session (and controller) to update the sync group's configuration.

Unit ID numbers for a redundant system and the auto-configuration process (Discovery) (CR24734)
The auto-configuration process does not recognize the unit ID numbers for the units in redundant system. The process does, however, properly add the configuration information for both units.

Synchronization and inaccurate virtual server status display (CR24738)
Virtual servers that are in a wide IP that has the manual resume setting enabled may occasionally display the wrong status (for example, disabled when the virtual server is really enabled). Note that this happens only when you have a sync group configured, and each controller in the sync group has synchronization enabled.

The Network Map and viewing wide IP information (CR24750)
In the Network Map, in the Configuration utility, when you highlight a wide IP, the information table displays an IP address for the wide IP. The IP address is not a valid IP address; rather it is a randomly generated number. Note that this error is benign because the 3-DNS Controller no longer associates an IP address with a wide IP.

The Network Map and viewing the enabled/disable status of a virtual server (CR24751)
When you disable a virtual server that is in a wide IP that has manual resume enabled, the information table in the Network Map does not display the correct status for the virtual server. To view the correct status for the virtual server, in the navigation pane, expand the Statistics item, and then click Virtual Servers. The E/D column displays the correct status for the virtual server.

Viewing wide IPs created in the 3-DNS Controller module from the Link Controller module (CR24842)
Wide IPs that you create in the 3-DNS Controller module that contain more than one pool display only the first pool of the wide IP in the Inbound LB screen in the Link Controller module. You may encounter this known issue only when you are running a BIG-IP system with both the 3-DNS Controller module and the Link Controller module.

Turning off automatic synchronization causes the 3dnsd daemon to lose interim persistent LDNS requests (CR24869)
When you turn off automatic synchronization on a 3-DNS Controller, and the 3dnsd daemon on that controller loses network communications with the other 3dnsd daemons in the network, the controller does not synchronize LDNS requests that occurred during the time that the 3dnsd daemon was offline.

Rebooting the controller and mra.config.log.[nn] files in the /var/log directory (CR24922)
When you reboot the 3-DNS Controller, you may see the following file, mra.config.log.[nn] in the /var/log directory. These files and their output are not relevant to the 3-DNS Controller server appliance, and are, therefore, benign. Note that these files are not automatically removed from the /var/log directory. Periodically, you should manually remove them.

Changing the iQuery protocol when you have a sync group configured (CR24927)
In the Configuration utility, on the System - General screen, when you change the iQuery Protocol setting from TCP to UDP, the synchronization process breaks. If you want to change the iQuery protocol from TCP to UDP, you must do so on all of the controllers in the sync group. (Note that the default setting the iQuery protocol is UDP.)

Synchronization and the netiana.inc file (CR24928)
The include geoloc "netIana.inc" directive is not synchronized between the members of a sync group. You must add this include directive on each 3-DNS Controller in your network.

Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.

Cisco CSS series (formerly ArrowPoint) servers and metrics collection
The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.

3-DNS Controllers and CD upgrades
When you rebuild a 3-DNS Controller (or a BIG-IP system) using a CD, the SSH key changes. This breaks the trust relationship between the updated 3-DNS Controller and any devices with which it interacts. As a result, synchronization between the systems in the sync group stops, and you cannot update the big3d agent. You can correct this situation by removing the newer SSH key and synchronizing the updated 3-DNS Controller with other 3-DNS Controllers or BIG-IP systems. Refer to the Resetting the SSH key work-around to reset the SSH key and synchronize the systems in your network.

Solstice SNMP agent and metrics collection
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds. As a result, in the 3-DNS SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value. If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds.

[ Top ]

Work-arounds for known issues

The following sections describe work-arounds for some of the known issues listed in the previous section.

Configuring bridge mode

If you want to configure the 3-DNS Controller to run in bridge mode, you need to do so using a local connection to the 3-DNS Controller. First, you create a VLAN group that includes both the internal and external VLANs. Next, you delete the self IP address for the 3-DNS Controller, and re-assign the IP address to the newly-created VLAN group. Finally, you save the configuration. The following instructions detail how to configure bridge mode.

To configure bridge mode

  1. Open the Setup utility by typing config from the command line.

  2. Type D, and press Enter, to configure the 3-DNS mode.

  3. Using the arrow keys, choose Bridge, and press Enter.

  4. Type Q to close the Setup utility.

  5. To create a VLAN group, type the following command:
    b vlangroup <vlan group name> vlans add <vlan 1> <vlan 2>

    where <vlan 1> and <vlan 2> are the names of the two networks you want to link with bridge mode.

  6. To delete the self IP address of the 3-DNS interface, type the following command:
    b self <ip address> delete

    where <ip address> is the IP address that you want to assign to the newly-created VLAN group.

  7. To assign the IP address that you deleted as the self IP address in the previous step to the VLAN group, type the following command:
    b self <ip address> vlan <group name> netmask <netmask>

  8. To save the changes you just made, type the following command:
    b save

  9. Last, to save the entire base network configuration, type the following command:
    b base save

The 3-DNS Controller saves the changes and you can now use the 3-DNS Controller in bridge mode.

[ Top ]

Moving objects from the Default data center to a newly-created data center

The following instructions describe how to move objects from the default data center to a data center that you create.

To move objects from the data center, Default, to a newly-created data center

  1. In the navigation pane, click Data Centers. The Data Centers screen opens.

  2. On the toolbar, click Add Data Center.
    The Add New Data Center screen opens.

  3. Add the settings for your new data center, and click Add.
    The new data center is added to the configuration, and the Data Centers screen opens.

  4. On the Data Centers screen, click the Remove button for the Default data center.
    A popup screen opens, where you can select the new data center for any objects that are currently in the Default data center.

  5. In the Data Center column, select the data center that you just created, and click Update. Note that you must do this for each of the listed objects.
    The Data Centers screen opens, and the Default data center is no longer listed.

[ Top ]

Resetting the SSH key

The following instructions describe how to reset the SSH key for a system that you have upgraded using a CD.

To reset the SSH key for an updated 3-DNS Controller

  1. From the command line of each 3-DNS Controller in the sync group that has not been upgraded, change to the /root/.ssh/ directory.

  2. In the known_hosts file, the authentication_keys file, and the authentication_keys2 file, remove the SSH key for the upgraded system. (The upgraded system's IP address is part of the key name in the file.)

  3. Run the 3dns_add script to upgrade the controller to the new software:
    3dns_add

    The script imports the upgraded controller's configuration to the controller that has not yet been upgraded.

[ Top ]

Using the Global Availability or Ratio load balancing mode within a pool

The following instructions describe how to configure the Global Availability or Ratio load balancing mode within a pool. You need to use these instructions only if you meet the criteria listed in the Using the Global Availability or Ratio load balancing mode within a pool item in the Known Issues section.

To configure Global Availability or Ratio load balancing within a pool in a new wide IP

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.

  2. On the toolbar, click Add Wide IP.
    The Add a New Wide IP screen opens.

  3. Type the settings for the new wide IP, and click Next.
    The Configure Load Balancing for New Pool screen opens.

  4. Select a load balancing mode other than Global Availability in all of the following lists:
    • Load Balancing Modes, Preferred
    • Load Balancing Modes, Alternate
    • Load Balancing Modes, Fallback

    Note that you can accept the default settings, rather than changing the settings.

  5. Click Next.
    The Select Virtual Servers screen opens.

  6. Once you have finished configuring the virtual servers for the pool, click Finish to save your changes.

  7. On the Wide IP List screen, select the wide IP that you just created.

  8. On the toolbar, click Modify Pool.
    The Modify Wide IP Pools screen opens.

  9. Click the pool that you just created.
    The Modify Load Balancing for [pool name] screen opens.

  10. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred, or the Load Balancing Modes, Alternate, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.

To configure Global Availability or Ratio load balancing within a pool in an existing wide IP

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.

  2. On the toolbar, click Add Pool.
    The Configure Load Balancing for New Pool screen opens.

  3. Select a load balancing mode other than Global Availability in the following lists:
    • Load Balancing Modes, Preferred
    • Load Balancing Modes, Alternate
    • Load Balancing Modes, Fallback

    Note that you can accept the default settings; you do not have to change the settings.

  4. Once you have finished configuring the pool, click Finish to save your changes.
    The Wide IP List screen opens.

  5. In the Pools column, select the pools for the wide IP that you just modified.
    The Modify Wide IP Pools screen opens.

  6. In the Pool Name column, click the name of the pool that you just created.
    The Modify Load Balancing for [pool name] screen opens.

  7. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred list, or the Load Balancing Modes, Alternate list, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.
[ Top ]