Applies To:Show Versions
- 13.0.1, 13.0.0
Overview: How do I deploy BIG-IP DNS on a network with one route domain?
You can deploy BIG-IP® DNS on a network where BIG-IP Local Traffic Manager™ (LTM®) is configured with one route domain and no overlapping IP addresses.
BIG-IP DNS deployed on a network in front of a BIG-IP LTM configured with a route domain
Perform these tasks to configure a route domain, and then to configure BIG-IP DNS to be able to monitor the LTM systems.
Creating VLANs for a route domain on BIG-IP LTM
On the Main tab, click
.The VLAN List screen opens.
The New VLAN screen opens.
- In the Name field, type external.
In the Tag field, type a numeric tag, between 1-4094,
for the VLAN, or leave the field blank if you want the BIG-IP system to
automatically assign a VLAN tag.
The VLAN tag identifies the traffic from hosts in the associated VLAN.
For the Interfaces setting:
- From the Interface list, select an interface number or trunk name.
From the Tagging list, select
Select Tagged when you want traffic for that interface to be tagged with a VLAN ID.
- If you specified a numeric value for the Customer Tag setting and from the Tagging list you selected Tagged, then from the Tag Mode list, select a value.
- Click Add.
- Repeat these steps for each interface or trunk that you want to assign to the VLAN.
- If you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated, select the Source Check check box.
For the Hardware SYN Cookie setting, select or clear the check
When you enable this setting, the BIG-IP system triggers hardware SYN cookie protection for this VLAN.Enabling this setting causes additional settings to appear. These settings appear on specific BIG-IP platforms only.
For the Syncache Threshold setting, retain the default value or
change it to suit your needs.
The Syncache Threshold value represents the number of outstanding SYN flood packets on the VLAN that will trigger the hardware SYN cookie protection feature.
When the Hardware SYN Cookie setting is enabled, the BIG-IP system triggers SYN cookie protection in either of these cases, whichever occurs first:
- The number of TCP half-open connections defined in the LTM® setting Global SYN Check Threshold is reached.
- The number of SYN flood packets defined in this Syncache Threshold setting is reached.
For the SYN Flood Rate Limit setting, retain the default value or
change it to suit your needs.
The SYN Flood Rate Limit value represents the maximum number of SYN flood packets per second received on this VLAN before the BIG-IP system triggers hardware SYN cookie protection for the VLAN.
The screen refreshes, and displays the new VLAN in the list.
Creating a route domain on the BIG-IP system
- Ensure that an external and an internal VLAN exist on the BIG-IP® system.
- If you intend to assign a static bandwidth controller policy to the route domain, you must first create the policy. You can do this using the BIG-IP Configuration utility.
- Verify that you have set the current partition on the system to the partition in which you want the route domain to reside.
On the Main tab, click
.The Route Domain List screen opens.
The New Route Domain screen opens.
In the Name field, type a name for the route
This name must be unique within the administrative partition in which the route domain resides.
In the ID field, type an ID number for the route
This ID must be unique on the BIG-IP system; that is, no other route domain on the system can have this ID.An example of a route domain ID is 1.
In the Description field, type a description of the
For example: This route domain applies to application traffic for Customer A.
- For the Strict Isolation setting, select the Enabled check box to restrict traffic in this route domain from crossing into another route domain.
- For the Parent Name setting, retain the default value.
For the VLANs setting, from the
Available list, select a VLAN name and move it to the
Select the VLAN that processes the application traffic relevant to this route domain.Configuring this setting ensures that the BIG-IP system immediately associates any self IP addresses pertaining to the selected VLANs with this route domain.
For the Dynamic Routing Protocols setting, from the
Available list, select one or more protocol names and
move them to the Enabled list.
You can enable any number of listed protocols for this route domain.
- From the Bandwidth Controller list, select a static bandwidth control policy to enforce a throughput limit on traffic for this route domain.
From the Partition Default Route Domain list, select
either Another route domain (0) is the Partition Default Route
Domain or Make this route domain the Partition
Default Route Domain.
This setting does not appear if the current administrative partition is partition Common.When you configure this setting, either route domain 0 or this route domain becomes the default route domain for the current administrative partition.
The system displays a list of route domains on the BIG-IP system.
Creating a self IP address for a route domain on BIG-IP LTM
- On the Main tab, click .
The New Self IP screen opens.
- In the Name field, type a unique name for the self IP address.
In the IP Address field, type an IP address.
This IP address must represent a self IP address in a route domain. Use the format x.x.x.x%n, where n is the route domain ID, for example, 10.1.1.1%1.The system accepts IPv4 and IPv6 addresses.
In the Netmask field, type the network mask for the
specified IP address.
For example, you can type 255.255.255.0.
- From the VLAN/Tunnel list, select external.
- From the Port Lockdown list, select Allow Default.
The screen refreshes, and displays the new self IP address.
Defining a server for a route domain on BIG-IP DNS
On the Main tab, click
.The Server List screen opens.
The New Server screen opens.
In the Name field, type a name for the server.
Important: Server names are limited to 63 characters.
- From the Product list, select BIG-IP System.
- From the Data Center list, select the data center where the server resides.
From the Prober Preference list, select the preferred
type of prober(s).
Option Description Inherit From Data Center By default, a server inherits the prober preference selection assigned to the data center in which the server resides. Inside Data Center A server selects the probers from inside the data center where the server resides. Outside Data Center A server selects the probers from outside the data center where the server resides. Specific Prober Pool Select one of the Prober pools from the drop-down list. When assigning the Prober pool at the server level.
Note: Prober pools are not used by the bigip monitor.
From the Prober Fallback list, select the type of
prober(s) to be used if insufficient numbers of the preferred type are
Option Description Inherit From Data Center By default, a server inherits the prober fallback selection assigned to the data center in which the server resides. Any Available For selecting any available prober. Inside Data Center A server selects probers from inside the data center where the server resides. Outside Data Center A server selects probers from outside the data center where the server resides. None No fallback probers are selected. Prober fallback is disabled. Specific Prober Pool Select one of the Probers from the drop-down list. When you want to assign a Prober pool at the server level.
In the BIG-IP System devices area, add the self IP address that you assigned to the VLAN
that you assigned to the route domain.
Important: Do not include the route domain ID in this IP address. Use the format x.x.x.x, for example, 10.10.10.1.
- In the Health Monitors area, assign the bigip monitor to the server by moving it from the Available list to the Selected list.
From the Availability Requirements list, select one of
the following and enter any required values.
Option Description All Health Monitors By default, specifies that all of the selected health monitors must be successful before the server is considered up (available). At Least The minimum number of selected health monitors that must be successful before the server is considered up. Require The minimum number of successful probes required from the total number of probers requested.
From the Virtual Server Discovery list, select how you
want virtual servers to be added to the system.
Virtual server discovery is supported when you have only one route domain.
Option Description Disabled Use this option when you plan to manually add virtual servers to the system, or if your network uses multiple route domains. This is the default value. Enabled The system automatically adds virtual servers using the discovery feature. Enabled (No Delete) The system uses the discovery feature and does not delete any virtual servers that already exist.
The Server List screen opens displaying the new server in the list.
Running the big3d_install script
- Log in as root to the BIG-IP DNS system you are adding to your network.
Run this command to access tmsh:
Run this command to run the big3d_install script:
run gtm big3d_install <IP_addresses_of_target BIG-IP_systems>The script instructs BIG-IP DNS to connect to each specified BIG-IP system.
- If prompted, enter the root password for each system.
Running the bigip_add script
- Log in as root to the BIG-IP DNS system you are installing on your network.
Run this command to access tmsh.
Run this command to run the bigip_add utility:
run gtm bigip_add <IP_addresses_of_BIG-IP_LTM_systems>The utility exchanges SSL certificates so that each system is authorized to communicate with the other.
You now have an implementation in which BIG-IP® DNS can monitor virtual servers on BIG-IP LTM® systems configured with one route domain.