Manual Chapter : Configuring IP Anycast Route Health Injection

Applies To:

Show Versions Show Versions

BIG-IP GTM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP LTM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Manual Chapter

Configuring IP Anycast (Route Health Injection)

Overview: Configuring IP Anycast (Route Health Injection)

You can configure IP Anycast for DNS services on the BIG-IP® system to help mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with traffic management. This configuration adds routes to and removes routes from the routing table based on availability. Advertising routes to virtual addresses based on the status of attached listeners is known as Route Health Injection (RHI).

Task Summary

Enabling the ZebOS dynamic routing protocol

Before you enable ZebOS® dynamic routing on the BIG-IP® system:
  • Ensure that the system license includes the Routing Bundle add-on.
  • Ensure that ZebOS is configured correctly. If you need help, refer to the following resources on AskF5®:
    • BIG-IP®TMOS®: Concepts
    • BIG-IP®TMOS®: Implementations
    • BIG-IP®TMOS®: IP Routing Administration
    • BIG-IP® Advanced Routing (multiple manuals are available)
Enable ZebOS protocols to allow the BIG-IP system to dynamically learn routes.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the command prompt, type zebos enable <protocol_type> and press Enter.
    The system returns an enabled response.
  3. To verify that the ZebOS dynamic routing protocol is enabled, at the command prompt, type zebos check and press Enter.
    The system returns a list of all enabled protocols.

Creating a custom DNS profile

Create a custom DNS profile based on your network configuration, to specify how you want the BIG-IP® system to handle non-wide IP DNS queries.
  1. On the Main tab, click DNS > Delivery > Profiles > DNS .
    The DNS profile list screen opens.
  2. Click Create.
    The New DNS Profile screen opens.
  3. In the Name field, type a unique name for the profile.
  4. In the General Properties area, from the Parent Profile list, accept the default dns profile.
  5. Select the Custom check box.
  6. In the DNS Features area, from the GSLB list, accept the default value Enabled.
  7. In the DNS Features area, from the Unhandled Query Actions list, select how you want the BIG-IP system to handle a query that is not for a wide IP or DNS Express zone.
    Option Description
    Allow The BIG-IP system forwards the query to a DNS server or a member of a pool of DNS servers. Note that if the pool is not associated with a listener and the Use BIND Server on BIG-IP option is set to enabled, queries are forwarded to the local BIND server. (Allow is the default value.)
    Drop The BIG-IP system does not respond to the query.
    Reject The BIG-IP system returns the query with the REFUSED return code.
    Hint The BIG-IP system returns the query with a list of root name servers.
    No Error The BIG-IP system returns the query with the NOERROR return code.
  8. In the DNS Features area, from the Use BIND Server on BIG-IP list, select Enabled.
    Note: Enable this setting only when you want the system to forward non-wide IP queries to the local BIND server on BIG-IP GTM.
  9. Click Finished.

Configuring a listener for route advertisement

Ensure that ZebOS® dynamic routing is enabled on BIG-IP® Global Traffic Manager™ (GTM™).
To allow BIG-IP GTM to advertise the virtual address of a listener to the routers on your network, configure the listener for route advertisement.
  1. On the Main tab, click DNS > Delivery > Listeners .
    The Listeners List screen opens.
  2. Click Create.
    The Listeners properties screen opens.
  3. In the Name field, type a unique name for the listener.
  4. For the Destination setting, in the Address field, type the IP address on which GTM listens for network traffic.
    CAUTION:
    The destination cannot be a self IP address on the system, because a listener with the same IP address as a self IP address cannot be advertised.
  5. From the VLAN Traffic list, select All VLANs.
  6. From the Listener list, select Advanced.
  7. For the Route Advertisement setting, select the Enabled check box.
  8. In the Service area, from the Protocol list, select UDP.
  9. From the DNS Profile list, select:
    Option Description
    dns This is the default DNS profile. With the default dns profile, GTM forwards non-wide IP queries to the BIND server on the GTM system itself.
    <custom profile> If you have created a custom DNS profile to handle non-wide IP queries in a way that works for your network configuration, select it.
  10. Click Finished.

Verifying advertisement of the route

Ensure that ZebOS® dynamic routing is enabled on the BIG-IP® system.
Run a command to verify that the BIG-IP system is advertising the virtual address.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the command prompt, type zebos cmd sh ip route | grep <listener IP address> and press Enter.
    An advertised route displays with a code of K and a 32 bit kernel, for example: K 127.0.0.1/32

Implementation result

You now have an implementation in which the BIG-IP® system broadcasts virtual IP addresses that you configured for route advertisement.