GTM Guide 922 PDF

Configuration Guide
for BIG-IP® Global Traffic Management
version 9.2.2
MAN-0186-00
Service and Support Information
Product Version
This manual applies to product version 9.2.2 of the BIG-IP® Global Traffic Manager.
Publication Date
This manual was published on April 20, 2006.
Legal Notices
Copyright
Copyright 1998-2006, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicable
user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, iControl, GLOBAL-SITE, SEE-IT, EDGE-FX, FireGuard,
Internet Control Architecture, IP Application Switch, iRules, OneConnect, Packet Velocity, SYN Check,
Control Your World, ZoneRunner, uRoam, FirePass, TrafficShield, WANJet, and WebAccelerator are
registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other countries. All other
trademarks mentioned in this document are the property of their respective owners. F5 Networks'
trademarks may not be used in connection with any product or service except as permitted in writing by
F5.
Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United States
government may consider it a criminal offense to export this product from the United States.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's
authority to operate this equipment under part 15 of the FCC rules.
Canadian Regulatory Compliance

This class A digital apparatus complies with Canadian I CES-003.
Configuration Guide for BIG-IP® Global Traffic Management i

Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to
Information Technology products at the time of manufacture.
Acknowledgments
This product includes software developed by Gabriel Forté.
This product includes software developed by Bill Paul.
This product includes software developed by Jonathan Stone.
This product includes software developed by Manuel Bouyer.
This product includes software developed by Paul Richards.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by the Politecnico di Torino, and its contributors.
This product includes software developed by the Swedish Institute of Computer Science and its
contributors.
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications,
http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.
This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was
developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.
"Similar operating systems" includes mainly non-profit oriented systems for research and education,
including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License (© 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
This product includes the standard version of Perl software licensed under the Perl Artistic License (©
1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current
standard version of Perl at http://www.perl.com.
This product includes software developed by Jared Minch.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
ii
This product contains software based on oprofile, which is protected under the GNU Public License.
This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)
and licensed under the GNU General Public License.
This product contains software licensed from Dr. Brian Gladman under the GNU General Public License
(GPL).
This product includes software developed by the Apache Software Foundation <http://www.apache.org/>.
This product includes Hypersonic SQL.
This product contains software developed by the Regents of the University of California, Sun
Microsystems, Inc., Scriptics Corporation, and others.
This product includes software developed by the Internet Software Consortium.
This product includes software developed by Nominum, Inc. (http://www.nominum.com).
This product contains software developed by Broadcom Corporation, which is protected under the GNU
Public License.
Configuration Guide for BIG-IP® Global Traffic Management iii

iv
Table of Contents
Table of Contents
1
Introducing the Global Traffic Manager
Introducing the BIG-IP system .....................................................................................................1-1
Introducing the Global Traffic Manager .....................................................................................1-2
Overview of Global Traffic Manager Resources ............................................................1-2
Internet protocol and network management support ..................................................1-4
Security features ....................................................................................................................1-4
Configuration scalability .......................................................................................................1-5
System synchronization options .........................................................................................1-5
Configuring data collection for server status and network path data .......................1-5
Redundant system configurations ......................................................................................1-6
Monitoring the Global Traffic Manager and the network ............................................1-6
Using the Configuration Guide ....................................................................................................1-7
Additional information ..........................................................................................................1-8
Introducing the Configuration utility ....................................................................................... 1-10
Configuration utility components ................................................................................... 1-10
Browser support ................................................................................................................. 1-10
Stylistic conventions in this document .................................................................................... 1-11
Using the solution examples ............................................................................................ 1-11
Identifying new terms ......................................................................................................... 1-11
Identifying references to products .................................................................................. 1-11
Identifying references to objects, names, and commands ......................................... 1-11
Identifying references to other documents .................................................................. 1-11
Identifying command syntax ............................................................................................. 1-12
Finding help and technical support resources ....................................................................... 1-13
2
Essential Configuration Tasks
Reviewing the essential configuration tasks ..............................................................................2-1
Setting system-level settings .........................................................................................................2-2
Defining listeners ...................................................................................................................2-2
Defining NTP servers ............................................................................................................2-3
Defining synchronization settings .......................................................................................2-3
Setting up data centers ..................................................................................................................2-5
Setting up servers ...........................................................................................................................2-6
Defining the current Global Traffic Manager ..................................................................2-6
Defining servers .....................................................................................................................2-7
Setting up pools ...............................................................................................................................2-8
Setting up wide IPs ..........................................................................................................................2-9
Assigning health monitors .......................................................................................................... 2-10
3
Communicating with External Systems
Introducing external system communication ...........................................................................3-1
Communicating with BIG-IP systems .........................................................................................3-2
Establishing communications between the Global Traffic Manager and other external
systems .....................................................................................................................................3-2
Communicating with third-party systems .................................................................................3-9
Adding third-party systems to the Global Traffic Manager ..........................................3-9
Adding virtual servers from third-party systems ......................................................... 3-10
4
Working with Listeners
Configuration Guide for BIG-IP® Global Traffic Management 1

Table of Contents
Introducing listeners .......................................................................................................................4-1

Selecting listeners ............................................................................................................................4-2
Selecting listeners for node mode operation ..................................................................4-2
Selecting listeners for bridge mode operation ................................................................4-3
Selecting listeners for router mode operation ...............................................................4-3
Setting up listeners .........................................................................................................................4-4
Modifying listeners .................................................................................................................4-4
Deleting listeners ...................................................................................................................4-5
VLANs and listeners .......................................................................................................................4-6
Setting up a listener for all VLANs ....................................................................................4-6
Enabling a listener for specific VLANs ..............................................................................4-6
Disabling a listener for specific VLANs .............................................................................4-7
5
Defining the Physical Network
Introducing physical network components ...............................................................................5-1
Managing data centers ....................................................................................................................5-2
Configuring data centers ......................................................................................................5-2
Modifying data centers ..........................................................................................................5-3
Deleting data centers ............................................................................................................5-3
Enabling and disabling data centers ....................................................................................5-4
Managing servers .............................................................................................................................5-5
Defining BIG-IP systems .......................................................................................................5-5
Defining load balancing servers ..........................................................................................5-9
Defining host servers ......................................................................................................... 5-11
Assigning monitors to servers ......................................................................................... 5-12
Setting limit thresholds ...................................................................................................... 5-13
Discovering resources automatically ............................................................................. 5-16
Managing virtual servers ............................................................................................................. 5-19
Adding virtual servers manually ....................................................................................... 5-19
Modifying virtual servers ................................................................................................... 5-20
Removing virtual servers ................................................................................................... 5-20
Managing links ............................................................................................................................... 5-21
Defining links ........................................................................................................................ 5-21
Adding and removing routers .......................................................................................... 5-21
Assigning monitors to links .............................................................................................. 5-22
Configuring link weighting and billing properties ........................................................ 5-23
6
Defining the Logical Network
Introducing logical network components ..................................................................................6-1
Understanding logical components ....................................................................................6-1
Setting up pools ...............................................................................................................................6-3
Defining pools .........................................................................................................................6-3
Adding virtual servers to pools ..........................................................................................6-4
Removing virtual servers from pools ................................................................................6-5
Organizing virtual servers within pools ............................................................................6-5
Weighting virtual servers within pools .............................................................................6-6
Disabling and enabling pools ...............................................................................................6-8
Setting up wide IPs ..........................................................................................................................6-9
Defining wide IPs ....................................................................................................................6-9
Adding pools to wide IPs .................................................................................................. 6-10
Removing pools from wide IPs ........................................................................................ 6-11
Organizing pools within wide IPs .................................................................................... 6-12
2
Table of Contents
Weighting pools within wide IPs ..................................................................................... 6-12

Disabling and enabling wide IPs ....................................................................................... 6-14
Incorporating iRules ........................................................................................................... 6-14
Setting up distributed applications ........................................................................................... 6-18
Defining distributed applications ..................................................................................... 6-18
Adding wide IPs to distributed applications .................................................................. 6-19
Removing wide IPs from distributed applications ....................................................... 6-19
Setting dependencies for distributed applications ....................................................... 6-20
Enabling and disabling distributed application traffic ................................................... 6-22
Enabling persistent connections ...................................................................................... 6-23
7
Load Balancing with the Global Traffic Manager
Understanding load balancing on the Global Traffic Manager ..............................................7-1
Using static load balancing modes ...............................................................................................7-4
Drop Packet mode ................................................................................................................7-4
Fallback IP ................................................................................................................................7-4
Global Availability mode .......................................................................................................7-5
None mode .............................................................................................................................7-5
Ratio mode ..............................................................................................................................7-5
Return to DNS mode ...........................................................................................................7-6
Round Robin mode ...............................................................................................................7-6
Static Persist mode ................................................................................................................7-6
Topology mode ......................................................................................................................7-6
Using dynamic load balancing modes .........................................................................................7-7
Types of dynamic load balancing modes ...........................................................................7-7
Implementing the Quality of Service load balancing mode ..........................................7-9
Using the Dynamic Ratio option ..................................................................................... 7-12
Configuring load balancing ......................................................................................................... 7-13
Configuring load balancing methods for wide IPs ....................................................... 7-13
Configuring load balancing methods for pools ............................................................. 7-14
Using the fallback load balancing method ............................................................................... 7-15
Configuring the fallback load balancing method .......................................................... 7-15
Employing additional load balancing options ......................................................................... 7-17
8
Managing Connections
Introducing connection management .........................................................................................8-1
Determining resource health .......................................................................................................8-2
Determining resource availability ................................................................................................8-3
Establishing limit settings ......................................................................................................8-3
Using monitors to determine availability ..........................................................................8-4
Managing dependencies for virtual servers ......................................................................8-6
Resuming connections to resources ..........................................................................................8-9
Establishing persistent connections ......................................................................................... 8-10
Draining persistent requests ............................................................................................ 8-10
Setting the last resort pool ........................................................................................................ 8-12
9
Working with Topologies
Overview of topologies .................................................................................................................9-1
Understanding topologies ....................................................................................................9-1
Implementing topologies ......................................................................................................9-2

Table of Contents
Setting up and removing topology records ...............................................................................9-3

Removing topology records ................................................................................................9-4
Using topology load balancing in a wide IP ...............................................................................9-5
Using topology load balancing in a pool ....................................................................................9-6
Understanding user-defined regions ...........................................................................................9-7
Other load balancing options for topologies ............................................................................9-8
10
Configuring Monitors
Introducing monitors .................................................................................................................. 10-1
Summary of monitor types ............................................................................................... 10-2
Overview of monitor settings .......................................................................................... 10-4
Understanding pre-configured and custom monitors ................................................ 10-4
Creating a custom monitor ....................................................................................................... 10-7
Configuring monitor settings .................................................................................................... 10-8
Simple monitors .................................................................................................................. 10-8
Extended Content Verification (ECV) monitors ....................................................... 10-10
External Application Verification (EAV) monitors .................................................... 10-13
Special configuration considerations ..................................................................................... 10-34
Setting destinations ........................................................................................................... 10-34
Using transparent and reverse modes ......................................................................... 10-34
Associating monitors with resources .................................................................................... 10-37
Types of monitor associations ....................................................................................... 10-37
Managing monitors ..................................................................................................................... 10-38
Displaying monitor settings ............................................................................................ 10-38
Deleting monitors ............................................................................................................. 10-38
Enabling and disabling monitor instances .................................................................... 10-39
11
Synchronizing Global Traffic Managers
Introducing synchronization ...................................................................................................... 11-1
Defining NTP servers ......................................................................................................... 11-1
Activating synchronization ......................................................................................................... 11-2
Controlling file synchronization ................................................................................................ 11-3
Deactivating file synchronization ..................................................................................... 11-3
Synchronizing DNS zone files ................................................................................................... 11-4
Creating synchronization groups ............................................................................................. 11-5
12
Discovering Resources through Auto-Discovery
Introducing auto-discovery ........................................................................................................ 12-1
Enabling auto-discovery .............................................................................................................. 12-2
Setting the discovery frequency ................................................................................................ 12-2
Discovering virtual servers ........................................................................................................ 12-3
Discovering links .......................................................................................................................... 12-3
13
Viewing Statistics
Introducing statistics ................................................................................................................... 13-1
Accessing statistics ....................................................................................................................... 13-2
Viewing the Status Summary screen ........................................................................................ 13-3
Understanding the types of statistics ...................................................................................... 13-4
Distributed application statistics ..................................................................................... 13-4
4
Table of Contents
Wide IP statistics ................................................................................................................ 13-6

Pool statistics ....................................................................................................................... 13-7
Data center statistics ......................................................................................................... 13-8
Link statistics ...................................................................................................................... 13-10
Server statistics ................................................................................................................. 13-11
Virtual server statistics .................................................................................................... 13-12
Paths statistics .................................................................................................................... 13-13
Local DNS statistics ......................................................................................................... 13-14
Understanding persistence records ....................................................................................... 13-16
14
Collecting Metrics
Introducing metrics collection .................................................................................................. 14-1
Defining metrics ........................................................................................................................... 14-2
Assigning probes to local domain name servers ................................................................... 14-3
Configuring TTL and timer values ............................................................................................ 14-5
Excluding LDNS servers from probes .................................................................................... 14-7
Removing LDNS servers from the address exclusion list ......................................... 14-7
15
Writing iRules
Introducing iRules for the Global Traffic Manager ............................................................... 15-1
What is an iRule? ................................................................................................................ 15-1
Basic iRule elements ........................................................................................................... 15-2
Specifying traffic destinations ........................................................................................... 15-4
Creating iRules ............................................................................................................................. 15-5
Assigning iRules ............................................................................................................................ 15-6
Controlling iRule evaluation ...................................................................................................... 15-7
Specifying events ................................................................................................................. 15-7
Using statement commands ....................................................................................................... 15-8
Using wide IP commands ......................................................................................................... 15-10
Using utility commands ............................................................................................................. 15-11
Parsing and manipulating content .................................................................................. 15-11
Ensuring data integrity ..................................................................................................... 15-13
Retreiving resource information ................................................................................... 15-13
Using protocol commands ....................................................................................................... 15-14
IP commands ...................................................................................................................... 15-14
TCP commands ................................................................................................................. 15-14
UDP commands ................................................................................................................ 15-15
Removing iRules ......................................................................................................................... 15-16
16
Managing DNS Files with ZoneRunner
Introducing ZoneRunner ............................................................................................................ 16-1
Working with DNS and BIND ........................................................................................ 16-1
Understanding ZoneRunner tasks .................................................................................. 16-1
Working with zone files ............................................................................................................. 16-2
Types of zone files .............................................................................................................. 16-2
Creating zone files .............................................................................................................. 16-2
Importing zone files ............................................................................................................ 16-8
Modifying zones ................................................................................................................. 16-10
Deleting zones ................................................................................................................... 16-10
Working with resource records ............................................................................................ 16-11

Table of Contents
Types of resource records ............................................................................................. 16-11

Creating resource records ............................................................................................. 16-12
Modifying a resource record .......................................................................................... 16-18
Working with views .................................................................................................................. 16-19
Adding views ...................................................................................................................... 16-19
Modifying views ................................................................................................................. 16-20
Deleting views ................................................................................................................... 16-20
Adding zones to views ..................................................................................................... 16-21
Managing the named.conf file .................................................................................................. 16-21
A
Working with the big3d Agent
Introducing the big3d agent .........................................................................................................A-1
Collecting path data and server performance metrics ..........................................................A-2
Setting up data collection with the big3d agent .............................................................A-2
Understanding the data collection and broadcasting sequence .................................A-3
Setting up communication between Global Traffic Managers and other servers ...........A-5
Setting up iQuery communications for the big3d agent ..............................................A-5
Allowing iQuery communications to pass through firewalls .....................................A-6
Communications between Global Traffic Managers, big3d agents, and local DNS
servers .....................................................................................................................................A-6
B
Working with SNMP
Introducing SNMP in a BIG-IP system environment .............................................................. B-1
Configuring SNMP on the Global Traffic Manager ................................................................. B-2
Downloading the MIBs ........................................................................................................ B-2
Understanding configuration file requirements ............................................................. B-3
Configuring options for the checktrap.pl script ............................................................ B-6
Configuring the Global Traffic Manager SNMP agent using the Configuration utility ... B-8
Configuring SNMP settings to probe hosts ............................................................................. B-9
Configuring the SNMP agent on host servers ....................................................................... B-11
Glossary
Index
6
1
• Introducing the BIG-IP system
• Introducing the Global Traffic Manager
• Using the Configuration Guide
• Introducing the Configuration utility
• Stylistic conventions in this document
• Finding help and technical support resources

Introducing the BIG-IP system

F5 Networks’ BIG-IP® system is a port-based, multilayer switch that
supports virtual local area network (VLAN) technology. Because hosts
within a VLAN can communicate at the data-link layer (Layer 2), a BIG-IP
system reduces the need for routers and IP routing on the network. This in
turn reduces equipment costs and boosts overall network performance. At
the same time, the BIG-IP system’s multilayer capabilities enable the
system to process traffic at other OSI layers. The BIG-IP system can
perform IP routing at Layer 3, as well as manage and secure TCP, UDP, and
other application traffic at Layers 4 through 7. The following software
modules provide comprehensive traffic management and security for all
traffic types. The modules are fully integrated to provide efficient solutions
to meet any network, traffic management, and security needs.
BIG-IP® Local Traffic Manager
The Local Traffic Manager includes local traffic management features
that help you make the most of network resources such as web servers.
Using the powerful Configuration utility, you can customize the way that
the BIG-IP system processes specific types of protocol and application
traffic. By using features such as virtual servers, server pools, profiles,
and iRulesTM, you ensure that traffic passing through the BIG-IP system
is processed quickly and efficiently, while meeting all of your security
needs. For more information, see the Configuration Guide for Local
Traffic Management.
BIG-IP® Global Traffic Manager
The Global Traffic Manager provides intelligent traffic management to
your globally available network resources. Through the Global Traffic
Manager, you can select from an array of load balancing modes, ensuring
that your clients access the most responsive and robust resources at any
given time. In addition, the Global Traffic Manager provides extensive
monitoring capabilities so the health of any given resource is always
available. For more information, see the Configuration Guide for
BIG-IP® Global Traffic Management.
BIG-IP® Link Controller
The Link Controller seamlessly monitors availability and performance of
multiple WAN connections to intelligently manage bi-directional traffic
flows to a site; providing fault tolerant, optimized Internet access
regardless of connection type or provider. The Link Controller ensures
that traffic is always sent over the best available link to maximize user
performance and minimize bandwidth cost to a data center. For more
information, see the Configuration Guide for the BIG-IP® Link
Controller.
BIG-IP®Application Security Module

The Application Security Module provides web application protection
from application-layer attacks. The Application Security Module protects
Web applications from both generalized and targeted application layer
Configuration Guide for BIG-IP® Global Traffic Management 1-1

Chapter 1
attacks including buffer overflow, SQL injection, cross-site scripting,

and parameter tampering. For more information, see the Configuration
Guide for the BIG-IP® Application Security Module.

The Global Traffic Manager is a system that monitors the availability and
performance of global resources and uses that information to manage
network traffic patterns. The Global Traffic Manager uses load balancing
algorithms, topology-based routing, and iRules to control and distribute
traffic according to specific policies. The system is highly configurable, and
its web-based configuration utility allows for easy system setup and
monitoring.
The Global Traffic Manager provides a variety of features that meet special
needs. For example, with this product you can:
• Ensure wide-area persistence by maintaining a mapping between a local
DNS server and a virtual server in a wide IP pool
• Direct local clients to local servers for globally-distributed sites using
Topology load balancing
• Change the load balancing configuration according to current traffic
patterns or time of day
• Customize load balancing modes
• Set up global load balancing among Local Traffic Managers and other
load-balancing hosts
• Monitor real-time network conditions
• Configure a content delivery network with a CDN provider
• Guarantee multiple port availability for e-commerce sites
Overview of Global Traffic Manager Resources

The Global Traffic Manager manages multiple resources within your
network. Each resource represents either a physical presence, such as a
server, or a logical presence, such as a wide IP. Effective management of
your network traffic requires that you understand and configure these
resources correctly.
The following is a list of the resources that the Global Traffic Manager
manages:
Virtual server
A virtual server is a collection of IP addresses and port combinations
that, together, provide access to an application or data source on your
1-2
network. These collections are called virtual servers because they might
span more than one physical machine, or might be a subset of available
ports on a single machine.
Server
A server is a a physical device that manages one or more virtual servers.
An example of a server is the Local Traffic Manager; however, the
Global Traffic Manager can manage other server types as well, such as a
Windows 2000 Server.
Listener
To manage your network traffic, the Global Traffic Manager also
requires that you configure an additional resource: a listener. A listener
instructs the Global Traffic Manager to listen for network traffic destined
for a specific IP address. Listeners are critical for the Global Traffic
Manager; without them, the Global Traffic Manager does not know what
traffic it must manages and what traffic it can safely ignore.
Link
A link is a physical device that connects your network to the rest of the
Internet. Often, links are logically attached to a collection of servers for
managing access to your data sources.
Data center
A data center is a logical collection of both servers and links. Typically,
data centers represent devices that reside in a physical location.
Pool
A pool is a collection of multiple virtual servers. The Global Traffic
Manager uses pools to load balance incoming network traffic among
multiple virtual servers. Pools differentiate from servers in that a pool
can encompass virtual servers on multiple servers on the network. This
provides you with more significant load balancing granularity, because
you can load balance across multiple pools of virtual servers and then
have the appropriate server load balance across the virtual servers
themselves.
Wide IP
A wide IP is a collection of one or more pools. Through the use of wide
IPs, you can load balance network traffic between multiple pools.
Distributed application
A distributed application is a collection of wide IPs, data centers, and
links, and is the highest-level component that the Global Traffic Manager
supports. You can configure the availability of distributed applications to
be dependent on a specific data center, link, or server. For example, if
you configure a data center to have its availability depend on a link, and
that link goes down, the Global Traffic Manager considers the
application to be unavailable.
Through the configuration of wide IPs and pools, you can use the Global
Traffic Manager to load balance across a collection of data, while resources
such as distributed applications, data centers, and servers give you visibility
into the performance and availability of these sources.

Chapter 1
Local Traffic Manager resources

If you use the Global Traffic Manager in conjunction with a Local Traffic
Manager, you might also want to familiarize yourself with the following
additional network resources. These resources are not managed directly
through the Global Traffic Manager, but understanding their role in your
network configuration can assist you in optimizing your network’s
availability and performance:
Self IP
A self IP is what most people think of when they think of an IP address.
In a Global Traffic Manager or Local Traffic Manager environment, the
term self IP helps distinguish actual IP addresses from other types of
addresses, such as those that identify a virtual server.
Node
A node is an self IP combined with a specific port number. For example,
153.54.7.86:443.
Internet protocol and network management support

The Global Traffic Manager supports both the standard DNS protocol and
the BIG-IP iQuery protocol (a protocol used for collecting dynamic load
balancing information). The Global Traffic Manager also supports
administrative protocols, such as Simple Network Management Protocol
(SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for
performance monitoring and notification of system events. For
administrative purposes, you can use SSH, RSH, Telnet, and FTP. The
Configuration utility supports HTTPS, for secure web browser connections
using SSL, as well as standard HTTP connections.
The proprietary Global Traffic Manager SNMP agent allows you to monitor
status and current traffic flow using popular network management tools.
This agent provides detailed data such as current connections being handled
by each virtual server.
Security features
The Global Traffic Manager offers a variety of security features that can
help prevent hostile attacks on your site or equipment.
Secure administrative connections
The Global Traffic Manager supports Secure Shell (SSH) administrative
connections for remote administration from the command line. The GTM
web server, which hosts the web-based Configuration utility, supports
SSL connections as well as user authentication.
1-4
Secure iQuery communications

The Global Traffic Manager also supports Web certificate authentication
for iQuery communications between the Global Traffic Manager and
other systems running the big3d agent.
TCP wrappers
TCP wrappers provide an extra layer of security for network connections.
Configuration scalability
The Global Traffic Manager is a highly scalable and versatile solution. You
can configure the Global Traffic Manager to manage up to several hundred
domain names, including full support of domain name aliases. The Global
Traffic Manager supports a variety of media options, including Fast
Ethernet, and Gigabit Ethernet; the Global Traffic Manager also supports
multiple network interface cards that can provide redundant or alternate
paths to the network.
System synchronization options

The Global Traffic Manager synchronization feature allows you to
automatically synchronize configurations from one Global Traffic Manager
to any other Global Traffic Manager or Link Controller in the network,
simplifying administrative management. The synchronization feature offers
a high degree of administrative control. For example, you can set the Global
Traffic Manager to synchronize a specific configuration file set, and you can
also set which GTM Controllers or Link Controllers in the network receive
the synchronized information and which ones do not.
Configuring data collection for server status and network path

data
The Global Traffic Manager includes the big3d agent, which is an integral
part of its load balancing operations. The big3d agent continually monitors
the availability of the servers that the Global Traffic Manager load balances.
It also monitors the integrity of the network paths between the servers that
host the domain, and the various local DNS servers that attempt to connect
to the domain. The big3d agent runs on any of the F5 modules, including
Global Traffic Manager, Local Traffic Manager, Link Controller,
Application Accelerator, and Load Balancer Limited. Each big3d agent
broadcasts its collected data to all of the Global Traffic Managers and Link
Controllers in your network, ensuring that all Global Traffic Managers work
with the latest information.
The big3d agent offers a variety of configuration options that allow you to
choose the data collection methods you want to use. For example, you can
configure the big3d agent to track the number of router hops (intermediate

Chapter 1
system transitions) along a given network path, and you can also set the
big3d agent to collect host server performance information using the SNMP
protocol. For further details on the big3d agent, refer to Appendix A,
Working with the big3d Agent.
Redundant system configurations

A redundant system is a pair of Global Traffic Managers, with one
operating as the active unit that responds to DNS queries, and the other one
operating as the standby unit. If the active unit fails, the standby unit takes
over and begins to respond to DNS queries while the other Global Traffic
Manager restarts and becomes the standby unit.
The Global Traffic Manager actually supports two methods of checking the
status of the peer system in a redundant system:
Hardware-based fail-over
In a redundant system that has been set up with hardware-based fail-over,
the two units in the system are connected to each other directly using a
fail-over cable attached to the serial ports. The standby unit checks on the
status of the active unit once every second using this serial link.
Network-based fail-over
In a redundant system that has been set up with network-based fail-over,
the two units in the system communicate with each other across an
Ethernet network instead of going across a dedicated fail-over serial
cable. The standby unit checks on the status of the active unit once every
second using the Ethernet.
Note
In a network-based fail-over configuration, the standby Global Traffic

Manager immediately takes over if the active unit fails. If a client has
queried the failed Global Traffic Manager, and has not received an answer,
it automatically re-issues the request (after 5 seconds) and the standby unit,
functioning as the active unit, responds.
Monitoring the Global Traffic Manager and the network

The Global Traffic Manager includes sophisticated monitoring tools to help
you monitor the Global Traffic Manager and the traffic it manages. See
Chapter 10, Configuring Monitors for more information.
1-6
Using the Configuration Guide

The Configuration Guide for BIG-IP® Global Traffic Management is
designed to help you understand how you can use the features of the Global
Traffic Manager to accomplish the tasks associated with managing name
resolution request on a global level. These tasks include tracking the
performance of different servers and services and identifying the load
balancing methods that best suit the needs of your company.
The configuration guide contains the following chapters:
This chapter provides an overview of the Global Traffic Manager and
this guide.
This chapter describes the steps you need to follow to have a functional
Global Traffic Manager on the network. This chapter is for situations
where you want to get the Global Traffic Manager up and running
quickly in order to explore and learn about its functionality.
This chapter describes how to configure the Global Traffic Manager so it
can communicate with the external systems on your network. External
systems include other BIG-IP systems, such as Local Traffic Managers;
third-party load balancers, and hosts.
This chapter describes how to configure listeners for the Global Traffic
Manager. A listener instructs the Global Traffic Manager to listen for
network traffic destined for a specific IP address.
This chapter describes how to define the physical components of your
network, such as servers and data centers. You can use these components
to determine load balancing modes and track traffic statistics.
This chapter describes how to define the logical components of your
network, such as pools and wide IPs. These components determine how
the Global Traffic Manager load balances requests.
Load balancing with the Global Traffic Manager
This chapter describes the load balancing modes that the Global Traffic
Manager supports, and how to apply those modes to your pools and wide
IPs.
This chapter describes topologies, which allow you to define load
balancing modes and resolution controls based on the origin or
destination of a given name resolution request.

Chapter 1
This chapter describes how to use monitors to track the components of
your network. Monitors are components of the Global Traffic Manager
that perform specific tests to see if a given component is available for
load balancing.
This chapter describes how to synchronize the configuration settings
between several Global Traffic Managers. Through synchronization, you
can configure one Global Traffic Manager and have that change copied
to any other Global Traffic Manager in that synchronization group.
This chapter describes how to use the auto-discovery feature of the
Global Traffic Manager to automatically detect network components,
such as links or virtual servers, and add them to the configuration of the
Global Traffic Manager.
Viewing Statistics
This chapter describes how to use the Global Traffic Manager to view
statistics on the different physical and logical network components.
Collecting Metrics
This chapter describes how to use the Global Traffic Manager to gather
metrics on the different physical and logical network components.
Writing iRules
This chapter describes how to write iRules; scripts that allow you to fully
customize the load balancing capabilities of the Global Traffic Manager.
This chapter describes how to use ZoneRunner, a BIG-IP utility, to
manage and maintain your DNS zone files.
In addition the preceding list of chapters, this guide contains the following
appendices:
This appendix describes the big3d agent, a utility that is responsible for
much of the communication between different BIG-IP components.
Working with SNMP
This appendix describes how the Global Traffic Manager uses SNMP to
acquire information from non-BIG-IP systems.
Additional information
In addition to this guide, there are other sources of the documentation you
can use in order to work with the BIG-IP system. The information is
organized into the guides and documents described below. The following
printed documentation is included with the BIG-IP system.
1-8
Configuration Worksheet
This worksheet provides you with a place to plan the basic configuration
for the BIG-IP system.
BIG-IP Quick Start Instructions
This pamphlet provides you with the basic configuration steps required
to get the BIG-IP system up and running in the network.
The following guides are available in PDF format from the Ask F5 web site,
http://tech.f5.com. These guides are also available from the first Web page
you see when you log in to the administrative web server on the BIG-IP
system.
Platform Guide
This guide includes information about the BIG-IP system. It also
contains important environmental warnings.
Installation, Licensing, and Upgrades for BIG-IP Systems
This guide provides detailed information about installing upgrades to the
BIG-IP system. It also provides information about licensing the BIG-IP
system software and connecting the system to a management workstation
or network.

Chapter 1
Introducing the Configuration utility

The Configuration utility is a web-based application that you use to
configure and monitor the Global Traffic Manager. Using the Configuration
utility, you can define the load balancing configuration along with the
network setup, including data centers, synchronization groups, and servers
used for load balancing and path probing. In addition, you can configure
advanced features such as topology settings and SNMP agents. The
Configuration utility also monitors network traffic, current connections,
load balancing statistics, performance metrics, and the operating system
itself. The home screen of the Configuration utility provides convenient
access to downloads such as the SNMP MIB, and documentation for
third-party applications such as ZebOS.
Configuration utility components

The Configuration utility consists of three main components:
The navigation pane
This component contains the following tabs: the Main tab, which allows
you to select the area of your network (global, local, and so on); and the
Help tab, which displays online help relevant to the main screen.
The menu bar
The content of this component changes depending on what you select on
the Main tab in the navigation section. Through the menu bar, you can
access into more detailed aspects of a given network component.
The active screen
The active screen changes depending on what you select on the Main tab
in the navigation section. Through the active screen you configure the
different aspects of the Global Traffic Manager.
It is important to note that the Global Traffic Manager often co-exists with
other BIG-IP system modules, such as a Local Traffic Manager or a Link
Controller. Consequently, you might see features in the Configuration utility
that are not described in this guide. See Finding help and technical support
resources, on page 1-13 for a list of other guides that will help you learn
about your BIG-IP solution.
Browser support
The Configuration utility, which provides web-based access to the GTM
configuration and features, supports the following browser versions:
• Netscape Navigator 4.7X
• Microsoft Internet Explorer, version 5.0,5.5, or 6.0
1 - 10
Stylistic conventions in this document

To help you easily identify and understand certain types of information, this
documentation uses the following stylistic conventions.
Using the solution examples

All examples in this documentation use only private IP addresses. When you
set up the solutions we describe, you must use IP addresses suitable to your
own network in place of our sample IP addresses.
Identifying new terms

When we first define a new term, the term is shown in bold italic text. For
example, a wide IP is a mapping of a fully-qualified domain name to one or
more pools of virtual servers that host the domain’s content.
Identifying references to products

We refer to all products in the BIG-IP product family as BIG-IP systems.
We refer to the software modules by their name; for example, we refer to the
Global Traffic Manager module as simply the Global Traffic Manager. If
configuration information relates to a specific hardware platform, we note
the platform.
Identifying references to objects, names, and commands

We apply bold text to a variety of items to help you easily pick them out of a
block of text. These items include web addresses, IP addresses, utility
names, and portions of commands, such as variables and keywords. For
example, the nslookup command requires that you include at least one
<ip_address> variable.
Identifying references to other documents

We use italic text to denote a reference to another document. In references
where we provide the name of a book as well as a specific chapter or section
in the book, we show the book name in bold, italic text, and the
chapter/section name in italic text to help quickly differentiate the two. For
example, you can find information about the Local Traffic Manager in the
Configuration Guide for Local Traffic Management.
Configuration Guide for BIG-IP® Global Traffic Management 1 - 11

Chapter 1
Identifying command syntax

We show actual, complete commands in bold Courier text. Note that we do
not include the corresponding screen prompt, unless the command is shown
in a figure that depicts an entire command line screen. For example, the
following command sets the Global Traffic Manager load balancing mode to
Round Robin:
lb_mode rr
Table 1.1 explains additional special conventions used in command line

syntax.
Item in text Description
\
Continue to the next line without typing a line break.
< >
You enter text for the enclosed item. For example, if the command
has <your name>, type in your name.
|
Separates parts of a command.
[ ]
Syntax inside the brackets is optional.
...
Indicates that you can type a series of items.
Table 1.1 Command line conventions used in this manual
1 - 12
Finding help and technical support resources

You can find additional technical documentation and product information
using the following resources:
Online help for the Global Traffic Manager
The Configuration utility has online help for each screen. The online help
contains descriptions of each control and setting on the screen. Click the
Help tab in the left navigation pane to view the online help for a screen.
Welcome screen in the Configuration utility
The Welcome screen in the Configuration utility contains links to many
useful web sites and resources, including:
• The F5 Networks Technical Support web site
• The F5 Solution Center
• The F5 DevCentral web site
F5 Networks Technical Support web site
The F5 Networks Technical Support web site, http://tech.f5.com,
provides the latest documentation for the product, including:
• Release notes for the <product names>, current and past
• Updates for guides (in PDF form)
• Technical notes
• Answers to frequently asked questions
• The Ask F5 natural language question and answer engine.
Note
To access this site, you need to register at http://tech.f5.com.

Chapter 1
1 - 14
2
• Reviewing the essential configuration tasks
• Setting system-level settings
• Setting up data centers
• Setting up servers
• Setting up pools
• Setting up wide IPs
• Assigning health monitors

Reviewing the essential configuration tasks

After you have completed the Setup Utility, you can integrate the Global
Traffic Manager into your network. Integrating the GTM system into your
network requires that you complete the following tasks:
Configure system-level settings
System-level settings include tasks such as: configuring a listener, which
allows the Global Traffic Manager to identify the network traffic for
which it is responsible; assigning an NTP server, and establishing
synchronization with other Global Traffic Managers.
Configure the physical aspects of your load balancing network
Physical aspects of your network include resources such as: Data centers,
servers, and virtual servers.
Configure the logical aspects of your load balancing network
Logical aspects of your network include pools of virtual servers; wide
IPs, which consist of one or more pools; and health monitors, which
determine the availability of pools, and servers.
Note
If your environment requires that the Global Traffic Manager operate in a

fail-safe or high availability mode, see the section titled Configuring
fail-safe in Chapter 13: Setting Up a Redundant System, in the BIG-IP
Network and Systems Management Guide.

Chapter 2
Setting system-level settings

Before you add various network components into the Global Traffic
Manager, you must configure several system-level settings. These settings
determine:
• How the Global Traffic Manager identifies the network traffic for which
it is responsible
• Which default actions the Global Traffic Manager applies when
processing network traffic
• How the Global Traffic Manager interacts with other Global Traffic
Managers that exist on the network
Defining listeners
One of the most crucial aspects of integrating the Global Traffic Manager
into your network is providing it with a listener. A listener is a resource for
the Global Traffic Manager that identifies the network traffic for which the
Global Traffic Manager is responsible. Listeners accomplish this task by
listening for traffic on a specified IP address. Listening is a process in which
a component, such as a listener, passively checks incoming traffic and
initiates an action only if a packet matches a set of criteria. Each listener that
you define listens for DNS packets on port 53.
The Global Traffic Manager then handles only network traffic sent to that IP
address. The IP address that you supply for a listener typically is the IP
address you assigned to the Global Traffic Manager. If the Global Traffic
Manager must manage traffic across several VLANs, you can select each
VLAN through the VLAN Traffic list.
To configure a listener
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Listeners.
The main listener screen opens.
2. Click the Create button.
The New Listener screen opens.
3. In the Destination box, type the IP address on which the Global
Traffic Manager will listen for network traffic.
The Global Traffic Manager will handle only network traffic sent to
this IP address. In typical configurations, the IP address for a
listener is the IP address assigned to the Global Traffic Manager.
4. From the VLAN Traffic list, select a VLAN setting appropriate for
this listener.
For additional assistance with this setting, please see the online help.
5. Click the Finished button to save the new listener.
For more information on managing and maintaining listeners, see Chapter 4,
Working with Listeners.
2-2
Defining NTP servers

When conducting synchronization and metrics collection operations, the
Global Traffic Manager requires time measurements that are synchronized
with the rest of your network. To ensure the Global Traffic Manager uses
the correct time, you define the Network Time Protocol (NTP) servers that
the Global Traffic Manager references.
To define an NTP server

1. On the Main tab of the navigation pane, expand System and then
click General Properties.
The General Properties screen appears.
2. From the Device menu, choose NTP.
The NTP screen appears.
3. In the Address box, type either the IP address or fully-qualified
domain name for the time server.
4. Click the Add button to add the NTP server to your configuration.
The time server appears as an entry in the Time Server List.
5. Click the Update to save your changes.
Repeat this process for any additional time servers.
Defining synchronization settings

Most network environments contain multiple Global Traffic Managers
installed at various locations on the network. You can synchronize these
systems, allowing them to share their configurations.
Synchronization across Global Traffic Managers is based on the timestamps
associated with the configuration files for each system. Each Global Traffic
Manager periodically compares the timestamps on its configuration files
against the timestamps on other systems. If the Global Traffic Manager
discovers a newer set of files, it automatically downloads them and replaces
its existing files. This process ensures that all Global Traffic Managers share
the same configurations.
Collections of Global Traffic Managers that share configurations must share
a common group name, which is called the synchronization group name.
This name differentiates different groups of Global Traffic Managers.
Note
If you plan to synchronize all of your Global Traffic Managers as a single

group, you do not need to define a synchronization group name, as the
Global Traffic Manager automatically assigns the group the name, default.

Chapter 2
To define synchronization settings

The General Properties screen appears.
2. From the Global Traffic menu, choose General.
The General screen appears.
3. Configure the following settings:
• Synchronization
• Synchronization Time Tolerance
• Synchronize DNS Zone Files
• Synchronization Group Name
4. Click the Update button to save your changes.
For more information on synchronizing Global Traffic Managers, see

Chapter 11, Synchronizing Global Traffic Managers.
2-4
Setting up data centers

After you configure the system settings for the Global Traffic Manager, the
next step is to create data centers. A data center defines the group of Global
Traffic Managers, other BIG-IP systems, and host systems that reside in a
single physical location.
Note
You must configure at least one data center before you can add servers to
the global traffic configuration.
When you add servers to the global traffic configuration, you assign the
servers to the appropriate data centers.
To configure a data center

then click Data Centers.
The main data centers screen opens.
The New Data Center screen opens.
3. Add the new data center settings.
For additional assistance with these settings, please see the online
help.
4. Click the Finished button save the new data center.
For more information on managing and maintaining data centers, see

Managing data centers, on page 5-2.

Chapter 2
Setting up servers
The Global Traffic Manager can manage many different server types. The
server types fall into three main categories: BIG-IP systems, load balancing
hosts, and non-load balancing hosts. The server categories each contain
multiple server types. Please see Managing servers, on page 5-5, for a list of
the available server types.
At the minimum, you must set up the following servers within the Global
Traffic Manager:
• The current Global Traffic Manager. You must set up the Global Traffic
Manager as a server within the configuration. This configuration allows
the system to gather information correctly, and ensures that its own
settings are shared with other Global Traffic Managers during
synchronization tasks.
• A server of any other type.
• One or more virtual servers, depending on whether the servers you added
load balance across multiple sources.
For detailed information on managing and maintaining servers, see

Managing servers, on page 5-5.
Defining the current Global Traffic Manager

The purpose of defining the current Global Traffic Manager in the
configuration is to establish in which data center the Global Traffic Manager
resides and, if necessary, to change big3d agent settings. Before you add
other Global Traffic Managers to the configuration, you should add the
current Global Traffic Manager you are configuring to its own
configuration. When you add any additional Global Traffic Managers to the
configuration, you make those Global Traffic Managers available so that
you can synchronize them with other Global Traffic Managers on the
network.
To define the current Global Traffic Manager

then click Servers.
The main servers screen opens.
The New Server screen opens.
3. In the Name box, type an identifying name for the Global Traffic
Manager.
4. From the Product list, select BIG-IP System (Single).
5. In the Address area, define the IP address that specifies the current
2-6
6. Configure the other server settings.

help.
7. Click the Create button to create the new server.
The Global Traffic Manager is added to your configuration.
You can repeat this process for any additional Global Traffic Managers on
the network. This process is mandatory if you want to synchronize the
settings of multiple Global Traffic Managers.
Defining servers
After you have defined the current Global Traffic Manager as a server, you
can add any number of additional servers. Servers fall into two main
categories:
• Load balancing servers. These servers, like the Local Traffic Manager,
balance connection requests across multiple resources, or virtual servers.
• Non-load balancing servers. These servers are resources on your
network. Connection requests for these resources are not load balanced.
You can apply the same steps for creating both load balancing and non-load
balancing servers to the Global Traffic Manager.
To define a server
then click Servers.
3. In the Name box, type an identifying name for the server.
4. From the Product list, select a server type.
If you cannot find a specific type in the list, select either Generic
Load Balancer or Generic Host, depending on whether the server
load balances connection requests.
5. From the Data Center list, select a data center where this server
resides.
6. Configure the other server settings.
Please see the online help for additional information on the various
settings available when defining a server.
The server is added to your configuration.

Chapter 2
Setting up pools
When you add multiple virtual servers into the Global Traffic Manager, you
can combine them into specific groups, called pools. The Global Traffic
Manager can then load balance across the virtual servers in each pool,
ensuring the best possible response for each connection request.
A pool must contain at least one pool member. Pool members are virtual
servers that represent either a load balancing server, such as a Local Traffic
Manager, or a stand-alone host.These resources can be either virtual servers
managed with a Local Traffic Manager or other system, or a stand-alone
host.
To set up a pool
then click Pools.
The main pools screen opens.
3. In the Name box, type a name that identifies the pool.
4. In the Member List area, add the appropriate virtual servers.
5. Configure the rest of the pool settings as needed.
For additional help with these settings, please see the online help.
6. Click the Finished button to save the new pool.
For detailed information on managing and maintaining pools, see Setting up
pools, on page 6-3.
2-8
Setting up wide IPs

As you organize the resources available on your network, it is highly likely
that you will have multiple pools that share a similar role on your network.
Through the Global Traffic Manager, you can organize these pools into
groups called wide IPs. A wide IP is a mapping of a fully-qualified domain
name (FQDN) to a set of pools, with each pool containing virtual servers
that host the domain’s content, such as a web site, an e-commerce site, or a
content delivery network (CDN).
A wide IP must contain at least one pool, with each pool containing at least
one virtual server.
To set up a wide IP
then click Wide IPs.
The main wide IP page opens.
The New Wide IP screen opens.
3. In the Name box, type a name that identifies the wide IP.
4. In the Member List area, add the appropriate pools.
5. Configure the rest of the wide IP settings as needed.
For additional help with these settings, please see the online help.
6. Click the Finished button to save the new wide IP.
For detailed information on managing and maintaining wide IPs, see Setting
up wide IPs, on page 6-9.

Chapter 2
Assigning health monitors

The Global Traffic Manager includes several components, called health
monitors, that determine the availability of a given set of resources. A
health monitor is a software component that uses a specific metric to
determine the availability of a given set of resources. For example, the
POP3 health monitor tests a mail server resource to ensure that it is
accessible through the Post Office Protocol 3.
You can assign as many health monitors as you need to pools, servers, and
virtual servers. For more information on the health monitors available in the
Global Traffic Manager, see Chapter 10, Configuring Monitors.
To assign health monitors to a pool

1. On the Main tab of the navigation pane, expand Global Traffic, and
then click Pools.
2. From the Pool list, click the name of a pool.
The properties screen for that pool appears.
3. In the Health Monitors area, select the appropriate health monitors
from the Available list, and use the Move buttons provided to move
them to the Selected list.
4. Click the Finished button to save the updated pool.
To assign health monitors to a server

then click Servers.
The main server page opens.
2. From the Server list, click the name of a server.
The properties screen for that server appears.
from the Available list and use the Move buttons provided to move
4. Click the Finished button to save the updated server.
To assign health monitors to a virtual server

then click Servers.
The main server page opens.
2. From the Server list, click the name of a server.
3. On the menu bar, click Virtual Servers.
The virtual servers screen opens.
2 - 10
4. From the Virtual Server list, click the name of the virtual server.
The properties screen for that virtual server opens.
from the Available list and use the Move buttons provided to move
6. Click the Finished button to save the updated server.

Chapter 2
2 - 12
3
• Introducing external system communication
• Communicating with BIG-IP systems
• Communicating with third-party systems

Introducing external system communication

The previous chapter described the essential tasks associated with
configuring a Global Traffic Manager system. With these tasks completed,
you have a system that is fully capable of handling name resolution requests,
although it is likely that some additional configuration steps might be
required to customize the Global Traffic Manager to meet the needs of your
specific network.
However, before the Global Traffic Manager can operate as an integrated
component within your network, you must first establish how the Global
Traffic Manager can communicate with other external systems. An external
system is any server with which the Global Traffic Manager must exchange
information to perform its functions. Examples of external systems include:
• Other BIG-IP products, such as Local Traffic Managers, Link
Controllers, or Global Traffic Managers
• Third-party load balancing servers
• Third-party hosts
In general there are three different methods of establishing communications

with external systems. You can:
• Add an initial Global Traffic Manager (the first Global Traffic Manager
that you install on the network)
• Add subsequent Global Traffic Managers
• Add third-party servers

Chapter 3
Communicating with BIG-IP systems

When the Global Traffic Manager communicates with other BIG-IP
systems, such as Local Traffic Managers or Link Controllers, it uses a
proprietary protocol called iQuery to send and receive information. If the
Global Traffic Manager is communicating with a BIG-IP system, it uses a
software utility called big3d to handle the information traffic. If the Global
Traffic Manager is instead talking with another Global Traffic Manager, it
uses a different utility, called gtmd, which is designed for that purpose. For
more details on how the Global Traffic Manager uses SNMP, see Appendix
A, Working with the big3d Agent.
The Global Traffic Manager can communicate with older BIG-IP products;
however, all products must receive an updated big3d utility. Consequently,
part of the process when establishing communications between the Global
Traffic Manager and other BIG-IP products is to open ports 22 and port
4353 between the two systems. Port 22 allows the Global Traffic Manager
to copy the newest version of the big3d utility to existing systems, while
iQuery requires the port 4353 for its normal communications.
Table 3.1 lists the requirements for each communication component
between the Global Traffic Manager and other BIG-IP systems.
Communication Component Requirements
Ports Port 22, for secure file copying of entities like

big3d.
Port 4353, for iQuery communication.
Utilities big3d, for Global Traffic Manager to BIG-IP

system communication.
Protocols iQuery
Table 3.1 Requirements for communication components (BIG-IP).
Establishing communications between the Global Traffic Manager

and other external systems
The steps you follow to establish communications between a Global Traffic
Manager and other systems on your network are different, depending on
whether the Global Traffic Manager is the first Global Traffic Manager that
you are adding to your network, or a subsequent system.
To establish communications between the initial Global Traffic Manager
and other systems, you must complete the following tasks:
• Add BIG-IP systems to the Global Traffic Manager
• Secure communications between the systems
• Add virtual servers to the Global Traffic Manager
3-2
Adding BIG-IP systems to the Global Traffic Manager

The following steps outline how to add a BIG-IP system to the Global
Traffic Manager through the Configuration utility. For more information on
adding BIG-IP systems and other servers, see Chapter 5, Defining the
Physical Network.
To add a BIG-IP system to the Global Traffic Manager

then click Servers.
The main screen for servers opens.
3. In the Name box, type a name that identifies the BIG-IP system.
Global Traffic Managers, Local Traffic Managers, and Link
Controllers all fall under the BIG-IP product family. Any time you
add one of these systems as a server you use the same criteria:
• If the system is a primary system, select BIG-IP System
(Single).
• If the system is part of a redundant system, select BIG-IP
System (Redundant).
5. For the Address List setting, add the IP address of the server.
To add the IP address, type the address in the Address box, and then
click Add.
You can add more than one address to any given server, depending
on how that server interacts with the rest of your network. For
example, if the current Global Traffic Manager is part of a
redundant system, you would add the IP addresses of the primary
and backup systems.
6. From the Data Center list, select a data center to which the BIG-IP
system belongs.
A server must belong to a data center. See Chapter 5, Defining the
Physical Network for additional information.
7. Configure the remaining server settings, including the virtual
servers managed by the BIG-IP system.
For additional assistance on these settings, see the online help.
Securing communications
In order for the Global Traffic Manager to communicate with another
BIG-IP system, two criteria must be met:
• The Global Traffic Manager must be able to authenticate with the BIG-IP
system

Chapter 3
• The BIG-IP system must be able to authenticate with the Global Traffic
Manager
To meet these two criteria, the Global Traffic Manager employs SSL
certificate authentication. This type of authentication involves a SSL
certificate, along with a corresponding key. When the Global Traffic
Manager needs to communicate with another BIG-IP system, that system
first informs the Global Traffic Manager that it must authenticate using a
specific SSL certificate.
In this type of authentication scenario, there are two roles: a client role and a
server role. Each role must complete the authentication process; it is not
enough, for example, for a client, such as the Global Traffic Manager, to
authenticate itself to a server, such as a Local Traffic Manager. That
external server must also authenticate its role with the client as well. This
configuration ensures that both systems can trust each other’s information. It
is important to note that this type of authentication occurs on a per-role
basis. If, in another exchange of information, the Global Traffic Manager
fills a server role, then it must be able to authenticate itself as a server. The
authentication offered when it filled the client role is no longer sufficient.
Acquiring SSL certificates through scripts (all product versions)

For all versions of Global Traffic Manager and Local Traffic Manager, you
can acquire SSL certificates through the use of the big3d_install and
gtm_add scripts. If the Global Traffic Manager is the first Global Traffic
Manager that you are installing, you use the big3d_install script to specify
the IP addresses of any Local Traffic Managers with which the Global
Traffic Manager must communicate. If the Global Traffic Manager is a
subsequent unit (a Global Traffic Manager that will belong to a
synchronization group that includes other Global Traffic Managers that you
have already integrated into your network infrastructure), then you use the
gtm_add script. This script acquires the configuration files of an
already-configured Global Traffic Manager, which includes the SSL
certificates of external systems.
Note
Information on using the gtm_add script is available in Configuring

subsequent Global Traffic Managers, on page 3-8.
Through the big3d_install script, you specify the IP addresses of any Local
Traffic Managers with which the Global Traffic Manager must
communicate. This script then accomplishes two tasks:
• It adds the SSL certificate to the client.crt file of the Local Traffic
Manager.
• It acquires the SSL certificate of the Local Traffic Manager, and adds
that it to the server.crt file for the Global Traffic Manager.
• It installs the big3d utility on the ssytem.
3-4
After the big3d_install script completes these tasks, the Global Traffic
Manager and the specified Local Traffic Managers can exchange
information. The Global Traffic Manager is authorized to fill the client role
in the exchange, while the Local Traffic Manager is authorized to fill the
server role.
Note
You must run the big3d_install script for the Global Traffic Manager to
communicate with other BIG-IP systems.
To run the big3d_install script

1. Log into the system that hosts the Global Traffic Manager.
2. At the command prompt, type the following:
big3d_install [IP address]...
Note: You can supply multiple IP addresses when running the
big3d_install script. In this situation, you separate each IP address
with a space.
3. Press the Enter key to run the script.
As the script completes each configuration task, it prompts you for a
password that allows it to access the Local Traffic Manager and
update the SSL certificates. This prompt can appear several times.
Acquiring SSL certificates using the Configuration utility

(product version 9.0 or later)
If the SSL certificate you want resides on a BIG-IP system version 9.0 or
later, you can use the Configuration utility to export the SSL certificate and
then import it into the Global Traffic Manager.
Exporting SSL certificates

If the BIG-IP system is version 9.0 or later, you can export the SSL
certificate and then add to the Global Traffic Manager.
To export a SSL certificate

1. On the Main tab of the navigation pane, expand System and click
Device Certificates.
The Device Certificate screen opens.
2. Click the Export button.
The export screen appears.

Chapter 3
3. Determine if you want to copy the certificate or export it to a file:

• If you want to copy the certificate, select the contents of the
Certificate Text box and copy it.
• If you want to export the certificate to a file, click the Download
server.crt button. A dialog box opens that allows you to save the
certificate to the location of your choice.
Importing SSL certificates

When you incorporate a Global Traffic Manager into your network, you
must configure it with the appropriate SSL certificates of the other systems
with which the Global Traffic Manager will communicate. If the external
system fulfills the role of a server in its communications with the Global
Traffic Manager, you must add its SSL certificate to the Trusted Server
Certificates section of the Configuration utility.
To import a SSL certificate as a client

1. On the Main tab of the navigation pane, expand System and click
Device Certificates.
The Device Certificate screen opens.
2. On the menu bar, click Trusted Device Certificates.
The Trusted Device Certificates screen opens.
3. Click the Import button.
The import certificate screen opens.
4. From the Import Type box, select Certificate.
5. Determine if you want to paste the certificate or upload it as a file:
• If you exported the certificate through copying it from the
external system, enable the Paste Text option.
A box appears in which you can paste the certificate.
• If you saved the certificate as a file, enable the Upload File
option. You can then either type the path to the file manually, or
use the Browse button to navigate to the file’s location.
To import a SSL certificate as a server

click Servers.
The main server screen opens.
2. On the menu bar, click Trusted Server Certificates.
The Trusted Server Certificates screen opens.
3. Click the Import button.
The import certificate screen opens.
4. From the Import Method list, determine if you want to replace the
existing certificate file, or append the certificate to the existing file.
3-6
Note: You can only upload a certificate file if you are replacing the
existing file. You cannot upload a file if you want to append the
certificate to an existing file.
5. If you chose to replace the existing certificate file, select whether
you want to paste the certificate or upload it as a file.
• If you exported the certificate through copying it from the
external system, enable the Paste Text option.
A box appears in which you can paste the certificate.
• If you saved the certificate as a file, enable the Upload File
option. You can then either type the path to the file manually, or
use the Browse button to navigate to the file’s location.
Adding virtual servers to the BIG-IP system

Before the Global Traffic Manager can load balance requests to a new
server, you must add virtual servers that the new server manages. You can
add virtual servers using two methods: manually, or automatically.
Adding virtual servers manually

You can use the Configuration utility to add a virtual server manually to the
Global Traffic Manager. This task is helpful when you have only a select
number of virtual servers that you would like to include with your Global
Traffic Manager configuration.
To add a virtual server manually

click Servers.
2. Click the name of the server to which you want to add virtual
servers.
4. From the Virtual Server Discovery list, select Disabled.
5. Click the Update button to implement this change.
6. Click the Add button to begin adding a new virtual server.
The new virtual server screen opens.
7. Add the virtual server, using the settings on this screen.
For more information on these settings, see the online help.
8. Click the Create button to save the new virtual server.
For more information, see Chapter 5, Defining the Physical Network.

Chapter 3
Adding virtual servers automatically

The Global Traffic Manager includes a feature, called auto-discovery, with
which you can add virtual servers automatically to a given server. To add
virtual servers using this method, see Chapter 12, Discovering Resources
through Auto-Discovery.
Configuring subsequent Global Traffic Managers

If you are integrating multiple Global Traffic Managers within your
network, you do not need to use the big3d_install script for each one.
Instead, you can use the gtm_add script. This script accomplishes a single
task: it acquires the configuration files of another Global Traffic Manager on
your network.
The gtm_add script is very important, especially if you want the Global
Traffic Manager to be part of an existing synchronization group. As
described in Chapter 11, Synchronizing Global Traffic Managers,
synchronization works by having each Global Traffic Manager check to
ensure that it has the latest configuration files and, if not, to acquire the
latest files. This has a potential drawback when you install a new Global
Traffic Manager into your network, because the new system has the most
recent files (based on the timestamps) but has yet to be configured. As a
result, there is a risk that the unconfigured files of the new Global Traffic
Manager could override the configurations of your existing Global Traffic
Managers.
The gtm_add script circumvents this issue. With this script, you specify the
IP address of an existing Global Traffic Manager. The script then access that
system and copies its configuration files to the new Global Traffic Manager.
The new system can then be incorporated into the synchronization group
without adversely affecting it.
The gtm_add script acquires all configuration files, including SSL
certificates. As a result, it is ideal for acquiring SSL certificates for a new
To configure subsequent Global Traffic Managers

1. Log into the system that hosts the Global Traffic Manager.
2. At the command prompt, type the following:
gtm_add <IP address of existing Global Traffic Manager>
The script logs into the specified Global Traffic Manager and acquires its
configuration files, including relevant SSL certificates. You can then add the
Global Traffic Manager to the appropriate synchronization group.
3-8
Communicating with third-party systems

When the Global Traffic Manager communicates with third-party systems,
whether that system is a load balancing server or a host, it can use SNMP to
send and receive information. For details on how the Global Traffic
Manager uses SNMP, see Appendix B, Working with SNMP.
Table 3.2 lists the requirements for each communication component
between the big3d agent and other external systems.
Communication Component Requirements
Ports Port 161
Protocols SNMP
Table 3.2 Requirements for communication components (third-party

systems).
Communications between the Global Traffic Manager and third-party

systems involves completing the following tasks:
• Adding the external system to the Global Traffic Manager
• Adding virtual servers from the third-party system to the Global Traffic
Manager
Adding third-party systems to the Global Traffic Manager

The following procedure guides you through adding third-party systems to
the Global Traffic Manager. Third-party systems are any load-balancing or
host server that is not a part of the BIG-IP product family.
To add a third-party system to the Global Traffic Manager

1. On the Main tab of the navigation pane, click Servers.
3. In the Name box, type a name that identifies the server.
4. From the Product list, select the appropriate server.
Note: The type of server you select from the Product list determines
the MIB the Global Traffic Manager uses to interact with the server.
We recommend that you be as specific as possible when selecting a
server from the Product list.

Chapter 3
5. For Address List, add the IP address of the server.

click Add. You can add more than one address to any given server,
depending on how that server interacts with the rest of your
network.
6. From the Data Center list, select a data center to which the server
belongs.
A server must belong to a data center.
7. Configure the remaining server settings.
For additional assistance on these settings, please see the online
help.
Adding virtual servers from third-party systems

The following procedure guides you through adding virtual servers that a
given third-party system manages to the Global Traffic Manager.
To add virtual servers from third-party systems to the

Global Traffic Manager
1. On the Main tab of the navigation pane, click Servers.
servers.
7. In the Virtual Server List option, supply the appropriate
information for the virtual servers. and then click the Add button to
add the virtual server to the server.
For more information on these options, see the online help.
3 - 10
4
• Introducing listeners
• Selecting listeners
• Setting up listeners
• VLANs and listeners

Introducing listeners
As traffic flows across your network, it is necessary to identify what traffic
is relevant to your Global Traffic Managers for load balancing and other
operations. A listener is a specialized resource that is assigned a specific IP
address. When traffic is sent to that IP address, the listener alerts the Global
Traffic Manager, allowing it to forward the traffic to the appropriate
resource.
The IP address that you assign to a listener depends on the following
criteria:
• The configuration of the Global Traffic Managers and Local Traffic
Managers in the data center
• The number of VLANs (if any) on which the Global Traffic Manager is
load balancing data
Listeners have another important role beyond just identifying the network
packets that are relevant to the Global Traffic Manager: listeners also
determine the operation mode in which the Global Traffic Manager
operates. An operation mode defines the specific role or function the Global
Traffic Manager servers on the network. These modes are:
Node
The node mode is the traditional installation of the Global Traffic
Manager. In this mode, the Global Traffic Manager replaces a DNS
server in a network and uses the DNS server’s IP address. All DNS
traffic is directed at the Global Traffic Manager because it is registered
with InterNIC as authoritative for the domain. In node mode, you usually
run BIND on the system to manage DNS zone files. Also, you may use
the ZoneRunner module included with the Global Traffic Manager to
manage your zone files.
Bridge
In bridge mode, the Global Traffic Manager acts as an IP bridging device
by forwarding packets between two LAN segments (usually on the same
IP subnet). The system usually has one IP address, and is installed
between the router or switch, and the authoritative DNS server. The
Global Traffic Manager does not replace the authoritative DNS server.
The Global Traffic Manager filters all DNS packets that match wide IPs,
and forwards the remaining packets to the authoritative DNS server for
resolution. Note that this may be the preferred method of using the
Global Traffic Manager because you do not have to replace the
authoritative DNS server, and you can perform out-of-band testing
before you deploy Global Traffic Manager software upgrades.
Router
In router mode, the Global Traffic Manager acts as a router by
forwarding packets between two different IP subnets. You can put the
Global Traffic Manager anywhere in the network topology so that
packets destined for the authoritative DNS server have to pass through it.
Router mode requires at least two IP addresses and two VLANs. This
mode is probably most useful for Internet service providers (ISPs) that

Chapter 4
want to redirect traffic to local content servers. For example, if you use
the Global Traffic Manager in router mode, an ISP can redirect requests
for ads.siterequest.net to a local ad server.
Selecting listeners
A listener is a specialized resource that forwards data sent to a specific IP
address to the Global Traffic Manager. Selecting the correct listener is
important; if the listener is configured to the wrong IP address, the Global
Traffic Manager will not be aware of the data for which it is responsible.
The IP address you assign to a listener generally depends on what BIG-IP
systems are in the data center. How you select a listener depends on the
operation mode you want the Global Traffic Manager to use. You can select
either node, bridge, or router mode, as described in Introducing listeners, on
page 4-1.
Selecting listeners for node mode operation

The node mode is the traditional installation of the Global Traffic Manager.
In this mode, the Global Traffic Manager replaces a DNS server in a
network and uses the DNS server’s IP address. All DNS traffic is directed at
the Global Traffic Manager because it is registered with InterNIC as
authoritative for the domain.
If you want the Global Traffic Manager to operate in node mode, the listener
you define depends on whether the Global Traffic Manager resides alone,
with one or more Local Traffic Managers, or as a redundant pair of Global
Traffic Managers:
Global Traffic Manager only
In this configuration, the Global Traffic Manager resides independently
of any other BIG-IP system on the given network segment. For such
environments, the listener IP address corresponds to the self IP address
of the Global Traffic Manager system.
Global Traffic Manager with a single Local Traffic Manager
In this configuration, the Global Traffic Manager resides with a single
Local Traffic Manager (this configuration is typically referred to as a
combination, or "combo" box). For such environments, the listener IP
address corresponds to the self IP address of the Global Traffic Manager
system.
Global Traffic Manager with redundant Local Traffic Managers
In this configuration, the Global Traffic Manager resides with both a
primary Local Traffic Manager and a backup secondary Local Traffic
Manager. For such environments, the listener IP address corresponds to
the self IP address of the Global Traffic Manager system.
4-2
Redundant Global Traffic Managers

In this configuration, the Global Traffic Manager is paired with a backup
secondary Global Traffic Manager. For such environments, the listener
IP address corresponds to the floating IP address shared between the
Global Traffic Managers. A floating IP address is an IP address that
points to the primary Global Traffic Manager system unless that system
fails, at which time the backup system takes over the IP address until the
primary system returns.
See Setting up listeners, on page 4-4 for more information on the steps
needed to set up a listener.
Selecting listeners for bridge mode operation

In bridge mode, the Global Traffic Manager acts as an IP bridging device by
forwarding packets between two LAN segments (usually on the same IP
subnet). The system usually has one IP address, and is installed between the
router or switch, and the authoritative DNS server. The Global Traffic
Manager does not replace the authoritative DNS server. The Global Traffic
Manager filters all DNS packets that match wide IPs, and forwards the
remaining packets to the authoritative DNS server for resolution.
If you want the Global Traffic Manager to operate in bridge mode, you
create a listener that represents each subnet for which the Global Traffic
Manager acts as a bridge, such as 192.168.5.0, or 172.73.0.0. See Setting up
listeners, on page 4-4 for more information on the steps needed to set up a
listener.
Selecting listeners for router mode operation

In router mode, the Global Traffic Manager acts as a router by forwarding
packets between two different IP subnets. You can put the Global Traffic
Manager anywhere in the network topology so that packets destined for the
authoritative DNS server have to pass through it. Router mode requires at
least two IP addresses and two VLANs.
If you want the Global Traffic Manager to operate in router mode, you
create a listener that represents a valid IP address that belongs to multiple
VLANs, such as 192.168.5.0, or 172.73.0.0. See Setting up listeners, on
page 4-4 for more information on the steps needed to set up a listener.

Chapter 4
Setting up listeners
The Global Traffic Manager handles only network traffic sent to the IP
address specified for any listeners that you create. The IP address that you
supply for a listener typically is the IP address you assigned to the Global
Traffic Manager.
In most situations, a Global Traffic Manager is responsible for traffic that
traverses multiple VLANs. Consequently, you can configure a listener to
monitor as many or as few VLANs as necessary. See VLANs and listeners,
on page 4-6 for more information.
Common tasks you will perform while working with listeners include:
Configuring listeners
Modifying listeners
Deleting listeners
To set up a listener
1. On the Main tab in the navigation pane, expand Global Traffic and
The main listeners screen opens.
The new listener screen opens.
4. From the VLAN Traffic list, select a VLAN setting appropriate for
this listener. For additional assistance with this setting, please see
the online help.
5. Click the Finished button to save the new listener.
Repeat this process for any additional listeners.
Modifying listeners
After you create a listener, you can access its settings, changing them as
needed. Common instances in which you need to modify a listener include
adding an additional VLAN, or modifying the IP address of the listener.
To modify a listener
2. Click the name of the listener.
The properties screen for that listener appears.
4-4
3. Modify the settings for the listener.

4. Click the Update button to save your changes to the listener.
Deleting listeners
In the event that a listener is no longer needed within the Global Traffic
Manager, you can delete it.
To delete a listener
2. Check the Select check box that corresponds to the listener entry.
3. Click the Delete button.
A confirmation screen appears.
4. Click the Delete button to delete the listener.

Chapter 4
VLANs and listeners

In the event that the Global Traffic Manager is responsible for traffic on
multiple VLANs, you must configure a listener for each VLAN. When you
configure listeners for use in multiple-VLAN environments, you have the
following options:
All VLANs
Enabled for specific VLANs
Disabled for specific VLANs
For more information about BIG-IP systems and VLANs, see the
Configuration Guide for Local Traffic Management.
Setting up a listener for all VLANs

If the Global Traffic Manager resides on a network segment that does not
use VLANs, or if the IP address you assign as a listener is valid for all
VLANs for which the Global Traffic Manager is responsible, you set the
VLAN Traffic option to All VLANs.
To set up a listener for all available VLANs

3. In the Destination text box, type the IP address on which the Global
4. From the VLAN Traffic list, select All VLANs.
5. Click the Finished button to save your changes.
Enabling a listener for specific VLANs

If your installation of the Global Traffic Manager requires it to manage
traffic for only some of the VLANs available on the network segment, you
set the VLAN Traffic option to Enabled on.

4-6

4. From the VLAN Traffic list, select Enabled on.
A new option, VLAN List, appears on the screen.
5. Select the appropriate VLANs from the Available list and use the
buttons provided to move them to the Selected list.
The listener only alerts the Global Traffic Manager about traffic on
the VLANs in the Selected list.
Disabling a listener for specific VLANs

In instances where the Global Traffic Manager resides on a network
segment with several VLANs, and you want to exclude some VLANs from
listener, you set the VLAN Traffic option to Disabled on.

3. From the VLAN Traffic list, select Disabled on.
A new option, VLAN List, appears on the screen.
4. Select the appropriate VLANs from the Available list and use the
buttons provided to move them to the Selected list.
The listener will alert the Global Traffic Manager about traffic on
all VLANs except those listed in the Selected list.

Chapter 4
4-8
5
• Introducing physical network components
• Managing data centers
• Managing servers
• Managing virtual servers
• Managing links
Introducing physical network components

The components that make up the Global Traffic Manager fall into two
categories: logical components and physical components. Logical
components are abstractions of network resources, such as a virtual server.
Physical components, on the other hand, have a direct correlation with one
or more physical entities on the network. This chapter deals with the
physical components of the Global Traffic Manager. For information on the
logical components of the Global Traffic Manager, see Chapter 6, Defining
the Logical Network.
Through the Global Traffic Manager, you define several primary types of
physical network components:
• Data centers
• Servers
• Virtual servers
• Links
A data center defines the group of Global Traffic Managers, Local Traffic
Managers, and host systems that reside in a single physical location. Within
the Global Traffic Manager, a data center contains at least one server and
one link. Every resource, whether physical or logical, is associated in some
way with a data center.
A server defines a specific system on the network. A system can be a single
Global Traffic Manager, Local Traffic Manager, or host system. Within the
Global Traffic Manager, a server, with the exception of Global Traffic
Managers and Link Controllers, must also contain at least one virtual server.
A virtual server, in the context of the Global Traffic Manager, is a
combination of IP address and port number that points to a specific resource
on the network.
A link defines a physical connection to the Internet. Links are associated
with one or more routers on the network. The Global Traffic Manager tracks
the performance of links, which in turn can dictate the overall availability of
a given pool, data center, wide IP, or distributed application.
This chapter describes how to define the physical components that make up
your network, including setting up data centers, servers, and links.

Chapter 5
Managing data centers

Managers, host systems, and links that share the same subnet on the
network. The Global Traffic Manager consolidates the paths and metrics
data collected from both servers, virtual servers, and links into the data
center, and uses that consolidated data when conducting load balancing
operations. Any server or link that you add to the Global Traffic Manager
configuration must belong to one and only one data center, and you must
configure at least one data center before you can add servers to the Global
Common tasks you perform while working with data centers include:
• Configuring data centers
• Modifying data centers
• Deleting data centers
• Enabling and deleting data centers
Configuring data centers

Managers, host systems, and links that share the same subnet on the
network. Depending on your router configuration, the following data center
configurations are available:
• A single data center encompasses a single physical location
• A single data center encompasses multiple physical locations
• A single physical location includes multiple data centers
For example, the fictional company SiteRequest has a network operation

center in New York, which contains two subnets: 192.168.11.0/24 and
192.168.22.0/24. Because there are two subnets, the IT team needs to create
two data centers: New York 1 and New York 2, within the Global Traffic
Manager. On the opposite side of the country, SiteRequest has three
operational centers, but they all share the same subnet of 192.168.33.0/24.
To reflect this in the Global Traffic Manager, the IT team needs to create a
single data center: West Coast.
Within the Global Traffic Manager, you define a data center by the
following characteristics:
• Name. The descriptive name of the data center, such as New York 1 or
West Coast.
• Physical location. A description of the geographical area in which the
data center resides, such as New York City - Building A.
• Contact. The name of a individual responsible for managing the network
at the data center.
5-2
• State. The state of the data center. Available options are Enabled or
Disabled.
To configure a data center

click Data Centers.
The main screen for data centers opens.
The New Data Center screen opens.
3. Add the new data center settings.
help.
4. Click the Finished button.
Repeat this process for each data center in your network.
Modifying data centers

After you create a data center, you can access its settings, changing them as
needed.
To modify a data center

click Data Centers.
2. Click the name of the data center that you want to modify.
The properties screen for that data center appears.
3. Modify the settings for the data center.
help.
Deleting data centers

In the event that a data center is no longer needed within the Global Traffic
Manager, you can delete it from the system.
To delete a data center

click Data Centers.

Chapter 5
2. Check the Select check box that corresponds to the data center that
you want to delete.
A confirmation screen opens.
4. Click the Delete button to delete the data center.
Enabling and disabling data centers

When you create a data center, you determine whether you want the data
center enabled or not. Resources associated with a data center are available
only if the following criteria are met:
• The data center is enabled.
• The data center is available, based on the metrics collected by the Global
Traffic Manager.
You can enable or disable a data center manually, allowing you to remove a
data center temporarily from the Global Traffic Manager’s load balancing
operations; for example, during a maintenance period. When the
maintenance period has ended, you can enable the data center, allowing the
Global Traffic Manager to consider the resources of that data center when
load balancing connection requests.
To enable a data center

click Data Centers.
you want to enable.
3. Click the Enable button to enable the data center.
Note that the icon representing the availability of the data center
changes to a blue square to reflect its current level of availability.
To disable a data center

click Data Centers.
you want to disable.
3. Click the Disable button to disable the data center.
Note that the icon representing the availability of the data center
changes to a black square, indicating that it is disabled.
5-4
Managing servers
A server defines a specific system on the network. In the Global Traffic
Manager, servers are not only physical entities that you can change and
modify as needed; they also house the virtual servers that are the ultimate
destinations of name resolution requests. In essence, servers are the core of
the physical components that you manage with the Global Traffic Manager.
The Global Traffic Manager supports three types of servers:
BIG-IP systems
A BIG-IP system can be a Global Traffic Manager (including the current
Global Traffic Manager), a Local Traffic Manager, or a Link Controller.
Third-party load balancing systems
A third-party load balancing system is any system, other than a BIG-IP
system, that supports and manages virtual servers on the network. See
Defining load balancing servers, on page 5-9 for information on how to
define these servers and a list of supported load balancing servers.
Third-party host servers
A third-party host system is any server resource on the network that does
not support virtual servers. See Defining host servers, on page 5-11 for
information on how to define these servers and a list of supported host
servers.
At a minimum, you must set up the following servers on your Global Traffic
Manager:
• Your current Global Traffic Manager
• A managed server (either a load balancing server or a host)
This section describes how to set up each server type in your network. The
setup procedures here assume that the servers are up and running in the
network, and that they already have virtual servers defined (if the server
manages virtual servers).
Defining BIG-IP systems

A BIG-IP system is defined as any Global Traffic Manager, a Local Traffic
Manager, or a Link Controller. Defining a BIG-IP system includes defining
the Global Traffic Manager that you are currently configuring. This ensures
that the Global Traffic Manager communicates correctly with the rest of the
network and can be synchronized with other Global Traffic Managers on the
network.
Defining the current Global Traffic Manager

One type of server that you must define for your physical network is the
Global Traffic Manager itself. This process includes defining two types of
Global Traffic Managers. The first is the current Global Traffic Manager,

Chapter 5
which is the Global Traffic Manager that you are currently configuring. The
second type of Global Traffic Managers is subsequent Global Traffic
Managers, which include backup systems on the current network segment,
or systems that reside at another data center. The information you provide
on these systems allows the agents and other utilities, such as the big3d
agent, to gather and analyze path and metrics information on network traffic.
In addition, adding Global Traffic Managers as part of defining the physical
network is necessary when you want to synchronize the settings across
multiple systems.
Important
If you have multiple Global Traffic Managers on your network, we
recommend that you define the current Global Traffic Manager first,
followed by any additional systems.
To define the current Global Traffic Manager

click Servers.
3. In the Name box, type a name that identifies the Global Traffic
Manager.
4. From the Product list, select the appropriate server product.
add one of these systems as a server, you can select one of two
server products from the Product list:
(Single).
• If the system is a backup system, select BIG-IP System
(Redundant).
network. For example, if the current Global Traffic Manager is part
of a redundant system, you would add the IP addresses of the
primary and backup systems.
6. From the Data Center list, select a data center to which the Global
Traffic Manager belongs.
A server must belong to a data center. See Managing data centers,
on page 5-2 for additional information.
5-6
Defining Local Traffic Managers

Local Traffic Managers are load balancing servers that manages virtual
servers on the network. There are two standard configurations for a Local
Traffic Manager:
• A stand-alone system on the network
• A component module residing on the same hardware as the Global
Traffic Manager
Regardless of whether the Local Traffic Manager shares the same hardware
as the Global Traffic Manager, you should ensure that you have the
following information available before you define the system:
• The self IP addresses and translations of the Local Traffic Manager’s
interfaces
• The IP address and service name or port number of each virtual server
managed by the Local Traffic Manager, only if you do not want to use
auto-configuration to discover the Local Traffic Manager’s virtual
servers
Important
If your installation of the Global Traffic Manager resides on the same
system as a Local Traffic Manager, you define only one BIG-IP server. This
server entry represents both the Global Traffic Manager and Local Traffic
Manager modules.
To define a Local Traffic Manager

click Servers.
3. In the Name box, type a name that identifies the Local Traffic
Manager.
4. From the Product list, select the appropriate server product.
add one of these systems as a server, you can select one of two
server products from the Product list:
(Single).
(Redundant).

Chapter 5

network. For example, if the current Global Traffic Manager is part
of a redundant pair, you would add the IP addresses of the primary
and backup systems.
6. From the Data Center list, select a data center to which the Local
Traffic Manager belongs.
7. Configure the remaining server settings, including the virtual
servers managed by the Local Traffic Manager.
Defining Link Controllers

The Link Controller is also part of the BIG-IP product family. Link
Controllers are systems that monitor the performance and availability of
wide-area connections.
To define a Link Controller

click Servers.
3. In the Name box, type a name that identifies the Link Controller.
add one of these systems as a server:
(Single).
(Redundant).
network.
6. From the Data Center list, select a data center to which the Link
Controller belongs.
A server must belong to a data center. Please see Managing data
centers, on page 5-2 for additional information.
5-8

help.
Defining load balancing servers

In addition to BIG-IP systems, the Global Traffic Manager can interact with
other load-balancing servers to determine availability and performance
metrics for load balancing connection requests.
The Global Traffic Manager supports these load balancing servers:
• Alteon Ace Director
• Cisco CSS
• Cisco LocalDirector v2
• Cisco LoadDirector v3
• Cisco SLB
• Extreme
• Foundry ServerIron
• Radware WSD
Note
If your network uses a load balancing server not found on this list, you can
use the Generic Load Balancer option. See Using the generic load balancer
option, on page 5-10.
Adding load balancing servers

You can add as many third-party load balancing servers as you need into
your configuration of the Global Traffic Manager.
To add a load balancing server

click Servers.
4. From the Product list, select the appropriate load balancing server.
If your network uses a load balancing server not found on this list,
you can use the Generic Load Balancer option. See Using the
generic load balancer option, on page 5-10.

Chapter 5

network.
belongs.
Using the generic load balancer option

In the event that your network uses a load balancing server that is not
explicitly supported by the Global Traffic Manager, you can add it through
the use of the generic load balancer option.
To define a generic load balancing server

click Servers.
4. From the Product list, select Generic Load Balancer.
network.
belongs.
A server must belong to a data center. Please see Managing data
centers, on page 5-2 for additional information.
help.
5 - 10
Defining host servers

Another server type that you might include as part of your network is a host.
A host is an individual network resource, such as web page or a database,
that is not a part of the BIG-IP product family and does not provide load
balancing capabilities for the resources is supports.
The following is a list of host servers that the Global Traffic Manager
supports:
• CacheFlow
• NetApp
• Sun Solaris
• Windows 2000 Server
• Windows NT 4.0
Note
If your network uses a host server not found on this list, you can use the
Generic Load Balancer option. See Using the generic host server option, on
page 5-12.
To define a host server

click Servers.
4. From the Product list, select the appropriate host server.
If your network uses a server not found on this list, you can use the
generic host server option. See Using the generic host server option,
on page 5-12.
network.
belongs.
For additional assistance on these settings, See the online help.

Chapter 5
Using the generic host server option

In the event that your network uses a host server that is not explicitly
supported by the Global Traffic Manager, you can add it through the use of
the generic host server option.
To define a generic host server

click Servers.
4. From the Product list, select Generic Host.
network.
belongs.
A server must belong to a data center. see Managing data centers,
Assigning monitors to servers

Each server that you add to the Global Traffic Manager, whether it is a
BIG-IP system, a third-party load balancing server, or a host server, has a
variety of monitors available. You can assign these monitors to track
specific data, and use that data to determine load balancing or other actions.
Detailed information about monitors is available in Chapter 10, Configuring
Monitors.
To add monitors to a server

click Servers.
2. Click the name of the server to which you want to add monitors.
The properties screen for that server opens.
5 - 12
3. From the Configuration list, select Advanced.

This displays additional fields, and allows you to modify additional
default settings.
4. For Health Monitors, use the Move buttons provided to move
monitors from the Available list to the Selected list.
Monitors in the Selected list are active for the server.
Setting limit thresholds

When you set limit thresholds for availability, the Global Traffic Manager
can detect when a managed server is low on system resources, and can
redirect the traffic to another server. Setting limits can help eliminate any
negative impact on a server's performance of service tasks that may be time
critical, require high bandwidth, or put high demand on system resources.
The system resources vary depending on the monitors you have assigned to
the server.
You can set limits thresholds for the following elements:
• Servers
• Pools
• Pool members
• Virtual servers
Setting limit thresholds for servers

The available thresholds for which you can set limits for servers depends on
whether the server is part of the BIG-IP product family, such as a Local
Traffic Manager, or another server type. If the server is part of the BIG-IP
product family, the available thresholds are:
• Bits (per second)
• Packets (per second)
• Current Connections
If the server is not part of the BIG-IP product family, such as a generic host
server, the available thresholds are:
• CPU
• Memory
• Bits
• Packets
The following procedure provides general instructions for configuring these

thresholds. For detailed information on these thresholds, see the online help.

Chapter 5
To set limit thresholds for servers

click Servers.
2. Click the name of the server for which you want to set limits.
default settings.
4. For Limit Settings, select Enabled from the list that corresponds to
the threshold you want to use.
A new setting appears.
5. Type the appropriate value for each threshold.
Note
You can also set limits thresholds on virtual server resources. If a server
meets or exceeds its limits settings, both the server and the virtual servers it
manages are marked as unavailable for load balancing. You can quickly
review the availability of any of your servers or virtual servers in the
Statistics screens.
Setting limit thresholds for pools

The available thresholds for which you can set limits for pools are:
• New connections
• Total connections

To set limit thresholds for pools

click Pools.
The main screen for pools opens.
2. Click the name of the pool for which you want to set limits.
default settings.
5 - 14
Note
You can also set limits thresholds on pool members. If a pool meets or
exceeds its limits settings, both the pool and the pool members it manages
are marked as unavailable for load balancing. You can quickly review the
availability of any of your pools or pool members in the Statistics screens.
Setting limit thresholds for pool members

The available thresholds for which you can set limits for pool members are:
• Connection Rate

thresholds. For detailed information on these thresholds, please see the
online help.
To set limit thresholds for pool members

click Pools.
2. Click the name of the pool that contains the pool member.
3. On the menu bar, click Members.
The members screen opens.
4. Click the name of the pool member for which you want to set limits.
default settings.

Chapter 5
Setting limit thresholds for virtual servers

The available thresholds for which you can set limits for virtual servers are:
• Connection rate
• Current connections

To set limit thresholds for virtual servers

click Servers.
2. Click the name of the server that contains the virtual server.
4. Click the name of the virtual server for which you want to set limits.
default settings.
Discovering resources automatically

The Global Traffic Manager is able to automatically discover virtual servers
and links that are associated with any member of the BIG-IP product family.
This capability is available through the virtual server discovery option,
which identifies virtual servers, and link discovery, which discovers links.
When you enable either virtual server or link discovery, the system
automatically searches for resources of the specified type, and adds them to
the Global Traffic Manager configuration. Discovery options are established
on a per-server basis. For more information on discovery options, see
Chapter 12, Discovering Resources through Auto-Discovery.
The discovery feature of the Global Traffic Manager supports four settings:
5 - 16
Disabled
When the Discovery setting is set to Disabled, the Global Traffic
Manager does not collect any configuration information from the
relevant system in the network. Instead, you must make all changes to the
configuration manually. This is the default setting.
Enabled
When the Discovery setting is set to ON, the Global Traffic Manager
polls the relevant system every 30 seconds to update the configuration
information for those systems. Any changes, additions, or deletions are
then made to the controller's configuration.
Enabled/No Delete
When the Discovery setting is set to Enabled/No Delete, the Global
Traffic Manager polls the relevant system in the network every 30
seconds to update the configuration information for those systems. Any
changes or additions are then made to the controller's configuration. Any
deletions in the configuration are ignored. This setting is helpful if you
want to take systems in and out of service without modifying the Global
One-time Discovery
When the Discovery setting is set to One-time Discovery, the Global
Traffic Manager polls the relevant system once to update the
configuration information for that system. After this initial discovery, the
Global Traffic Manager does not poll the system for changes that might
have occurred. This feature is useful when you are first installing the
Global Traffic Manager on the network and you have a lot of resources
to add in, but do not want to have the discovery feature on continually.
Depending on the server you are configuring, you have two discovery
options available:
• On BIG-IP Systems, specifically Local Traffic Managers, you can enable
discovery for virtual servers and links.
• On load balancing servers, you can enable discovery for virtual servers
only.
To discover virtual servers

click Servers.
2. Click the name of the server for which you want to discover virtual
servers.

Chapter 5
4. From the Virtual Server Discovery list, select the appropriate

setting.
If you select Disabled, the virtual server list appears, which
provides options for adding virtual servers manually.
To discover links
You can enable discovery for links only on BIG-IP systems.
click Servers.
2. Click the name of the server for which you want to discover links.
4. From the Link Discovery option, select the appropriate setting.
5 - 18
Managing virtual servers

Any server, excluding Global Traffic Managers and Link Controllers,
contains at least one virtual server. A virtual server, in the context of the
Global Traffic Manager, is a specific IP address and port number that points
to a resource on the network. In the case of host servers, this IP address and
port number likely point to the resource itself. With load balancing systems,
such as the Local Traffic Manager, these virtual servers are often proxies
that allow the load balancing server to manage the resource request across a
multitude of resources.
You can add virtual servers in two ways:
• Automatically, through the use of the Global Traffic Manager’s
discovery feature. For more information on automatically discovering
virtual servers, see Discovering resources automatically, on page 5-16.
• Manually, through the properties screens of the given server.
Adding virtual servers manually

The following procedure describes how to add a virtual server manually to a
given server. If you want to add virtual servers through the use of the
discovery feature, see Discovering resources automatically, on page 5-16.
To add a virtual server

click Servers.
servers.
7. In the Virtual Server List option, supply the appropriate
information for the virtual servers. and then click the Add button to
add the virtual server to the server.

Chapter 5
Modifying virtual servers

You can modify the information related to a virtual server at any time; for
example, if the IP address and port number on the virtual server changes, or
if you modify your IP address translation settings.
To edit a virtual server

click Servers.
2. Click the name of the server to which you want to edit virtual
servers.
4. Click the name of the virtual server that you want to modify.
The properties page of the virtual server opens.
5. Edit the virtual server as needed.
Removing virtual servers

If a virtual server is no longer available on a specific system you can remove
it; for example, if the virtual server has been replaced by a newer one.
To remove a virtual server

click Servers.
2. Click the name of the server from which you want to remove virtual
servers.
4. Check the Select check box that corresponds to the virtual server
that you want to remove.
5. Click the Remove button to remove the virtual server from the
server.
5 - 20
Managing links
A link defines a physical connection to the Internet that is associated with
one or more routers on the network. When you configure the links that you
want to load balance in the Global Traffic Manager. you add a link entry
into the Global Traffic Manager and associating one or more routers with
that entry. In addition, you can also configure monitors to check certain
metrics associated with the link, and modify how the Global Traffic
Manager selects a link for network traffic
You can interact with links in the Global Traffic Manager in a variety of
ways. You can:
• Define a link
• Add routers to a link
• Assign monitors to a link
• Configure link weighting and billing properties
Defining links
Before you can load balance inbound and outbound traffic, you must
configure the basic link properties. The following procedure describes how
to configure the basic properties of a link.
To configure a link
click Links.
The main screen for links opens.
2. In the Name box, type a name that identifies the link.
3. For Router Address List, add the router address of the link.
To add the router address, type the address in the Address box, and
then click Add. You can add more than one address to any given
link, depending on how that server interacts with the rest of your
network.
4. From the Data Center list, select the appropriate data center.
A link must be associated with a data center.
5. Configure the other link options as needed.
For detailed information on these options, See the online help.
6. Click the Create button to create the link.
Adding and removing routers

You can add or remove routers associated with a link at any time.

Chapter 5
To add a router to a link

click Links.
2. Click the name of the link that you want to modify.
The properties screen for that link opens.
3. For Router Address List, add the router address of the link.
To add the router address, type the address in the Address box, and
then click Add. You can add more than one address to any given
link, depending on how that server interacts with the rest of your
network.
To remove a router from a link

click Links.
2. Click the name of the link that you want to modify.
The Properties screen for that link opens.
3. For Router Address List, select a router and then click Remove.
Repeat this step for any other routers that you want to remove.
Assigning monitors to links

Each link that you add has a variety of monitors available. You can assign
these monitors to track specific data, and use that data to determine load
balancing or other actions. Detailed information about monitors is available
in Chapter 10, Configuring Monitors.
To add monitors to a link

click Links.
2. Click the name of the link to which you want to add monitors.
default settings.
4. For Health Monitors, use the Move buttons provided to move
monitors from the Available list to the Enabled list.
Monitors in the Enabled list are active for the link.
5 - 22
Configuring link weighting and billing properties

On the properties screen for a given link, you determine how traffic is
managed and distributed, using these settings:
Duplex Billing
If your ISP provider uses duplex billing, you can set the Duplex Billing
option so that the statistics and billing report screens accurately reflect
the bandwidth usage for the link.
Price Weighting
If you want to load balance traffic based on the cost of the bandwidth,
then select the Price (Dynamic Ratio) option. You can use this
weighting option to avoid the costs associated with exceeding your
prepaid bandwidth. You can also use this weighting option to direct
traffic over the least expensive link first.
Ratio Weighting
If you want to load balance the total traffic to the controller based on a
ratio, then select the Ratio option. When you have links of varying
bandwidth sizes, you can use this weighting option to avoid
oversaturating a smaller link with too much traffic.
Important
You can use either the price weighting option or the ratio weighting option
to load balance your link traffic for all of your links. You cannot use both
options. Regardless of which weighting option you use, you must use the
same weighting option for all links.
To configure link weighting properties

click Links.
2. Click the name of the link to which you want to configure link
weighting properties.
default settings.
4. From the Weighting list, select either Ratio or Price (Dynamic
Ratio), depending on how you want to weight the link.
5. Configure additional options as needed.
For more information, see the online help.

Chapter 5
To configure duplex billing properties

click Links.
2. Click the name of the link to which you want to configure duplex
billing properties.
default settings.
4. Check the Duplex Billing option to enable duplex billing for the
link.
5 - 24
6
• Introducing logical network components
• Setting up pools
• Setting up wide IPs
• Setting up distributed applications

Introducing logical network components

After you define the physical components of your network, such as data
centers, servers, and links, you can configure the Global Traffic Manager
with the logical components. Logical components are abstractions of
network resources, such as a virtual servers. Unlike physical components,
logical networks can often span multiple physical devices, or encompass a
subsection of a single device.
Through the Global Traffic Manager, you define three primary types of
logical network components:
• Pools
• Wide IPs
• Distributed applications
Just as a virtual server is a collection of IP addresses and port numbers, a

pool is a collection of virtual servers. Pools represent virtual servers that
share a common role on the network. A virtual server, in the context of the
Global Traffic Manager, is a combination of IP address and port number that
points to a specific resource on the network.
A wide IP is a mapping of a fully-qualified domain name (FQDN) to a set of
virtual servers that host the domain’s content, such as a web site, an
e-commerce site, or a content-delivery network (CDN). Wide IPs use pools
to organize virtual servers, which creates a tiered load balancing effect: the
Global Traffic Manager first load balances requests to a wide IP to the
appropriate pool, then load balances within the pool to the appropriate
virtual server.
The broadest collection of logical network components is distributed
applications. A distributed application is a group of wide IPs that serves as
a single application to a site visitor. The Global Traffic Manager does not
load balance on wide IPs in a distributed application; however, using
distributed applications within the Global Traffic Manager provides better
visibility into the applications users access.
Understanding logical components

To better understand the interactions between pools, wide IPs, and data
centers, consider the fictional company of SiteRequest. SiteRequest is an
online application repository. Currently, its Web presence consists of a main
site, www.siterequest.com, a download area, downloads.siterequest.com,
and a search area, search.siterequest.com.
These three fully-qualified domain names (FQDNs), www.siterequest.com,
downloads.siterequest.com, and search.siterequest.com, are wide IPs.
Each of these wide IPs contain several pools of virtual servers. For example,
www.siterequest.com contains two pools of virtual servers: poolMain, and

Chapter 6
poolBackup. When the Global Traffic Manager receives a connection

request for www.siterequest.com, it applies its load balancing logic to
select an appropriate pool to handle the request.
Once the Global Traffic Manager selects a pool, it then load balances the
request to the appropriate virtual server. For example, mainPool contains
three virtual servers: 192.168.3.10:80, 192.168.4.20:80, and
192.168.5.30:80. The Global Traffic Manager responds to the system that
made the connection request with the selected virtual server. From then on,
the Global Traffic Manager steps out of the communication, and the system
requesting the resource communicates directly with the virtual server.
Note
If one of these virtual servers was managed by a load balancing server, the
IP address and port number would likely point to a proxy on which the load
balancing server listened for connection requests. In that case, the load
balancing server would manage the connection to the appropriate resource.
For administration purposes, the wide IPs downloads.siterequest.com and

search.siterequest.com are added to a single distributed application,
siterequest_download_store. This configuration provides the IT staff the
ability to track the performance of the distributed application, as that has an
immediate impact on users visiting their web sites.
6-2
Setting up pools
A pool represents one or more virtual servers that share a common role on
the network. A virtual server, in the context of the Global Traffic Manager,
is a combination of IP address and port number that points to a specific
resource on the network.
The Global Traffic Manager considers any virtual servers that you add to a
pool to be pool members. A pool member is a virtual server that has specific
attributes that pertain to the virtual server only in the context of that pool.
Through this differentiation, you can customize settings, such as thresholds,
dependencies, and health monitors, for a given virtual server on a per-pool
basis.
As an example of the difference between pool members and virtual servers,
consider the fictional company SiteRequest. In the London data center, the
IT team has a virtual server that acts as a proxy for a Local Traffic Manager.
This virtual server provides the main resources for name resolution requests
for the company’s main Web page that originate from Europe. This same
virtual server provides backup resources for name resolution requests that
originate from the United States. Because these are two distinctly different
roles, the virtual server is a pool member in two different pools. This
configuration allows the IT team to customize the virtual server for each
pool to which it belongs, without modifying the actual virtual server itself.
As described in Chapter 5, Defining the Physical Network, you can add
virtual servers to the Global Traffic Manager only by first defining a server
that represents a physical component of your network. Once you add these
virtual servers, however, you can divide them into as many or as few pools
as needed.
You interact with pools in a variety of ways. You can:
• Define pools
• Add virtual servers to pools
• Remove virtual servers from pools
• Organize virtual servers within pools
• Weight virtual servers within pools
• Disable or enable pools
Defining pools
The first step in working with pools is defining them. The basic definition of
a pool is a name and at least one virtual server. You can expand on this
definition by assigning specific load balancing methods, a fallback IP
address (in the event that the load balancing methods fail to return a valid
virtual server), and one or more health monitors, which use various methods
to determine if the virtual servers within the pool are available.

Chapter 6
To define a pool
then click Pools.
3. In the Name box, type a name for the pool.
4. In the Members area, for Member List, add the virtual servers that
belong to this pool.
Note that a virtual server can belong to more than one pool.
5. Configure the remaining pool settings.
help.
6. Click the Finished button to save the new pool.
Repeat this process for each pool that you want to create.
Adding virtual servers to pools

A pool is defined as one or more virtual servers that share a common role on
the network. When you first defined a pool, you added at least one virtual
server to it. This virtual server becomes a pool member and, as a pool
member, can be customized as it pertains to its specific role within the pool.
As your network changes, you might find that you need to add new virtual
servers to a pool.
To add a virtual server to a pool

then click Pools.
2. Click the name of the pool to which you want to add a virtual server.
The properties screen of that pool opens.
3. On the menu bar at the top of the screen, click Members.
The pool members screen opens. This screen lists the virtual servers
currently assigned to the pool, and allows you to modify how the
Global Traffic Manager load balances requests across these virtual
servers.
4. In the Members area, click the Manage button.
The manage members screen opens.
5. In Members List, use the options provided to add a virtual server to
the pool.
You can repeat this step to add more than one virtual server at a
time. For more information on these options, see the online help.
6-4
6. Click the Finished button to update the pool with the new virtual
server.
Removing virtual servers from pools

Your network likely changes over time. As a result, you might find that you
need to remove virtual servers from a pool. For example, the virtual server
underlying this pool member might be obsolete due to an upgrade, or you
might reconfigure the pool to perform a different role and certain virtual
servers no longer apply.
You can remove a virtual server from a pool at any time. Removing a virtual
server does not delete it completely from the Global Traffic Manager; it is
still exists and remains associated with its physical server. However, it
ceases to be a pool member for the given pool, so any customizations that
pertain to that pool member are deleted.
If you want to delete a virtual server completely from the Global Traffic
Manager, see Removing virtual servers, on page 5-20.
To remove a virtual server from a pool

then click Pools.
2. Click the name of the pool to which you want to remove a virtual
server.
currently assigned to the pool and allows you to modify how the
servers.
4. Click the Manage button.
The Manage Members screen opens.
5. In Members List, select the virtual server you want to remove and
click Remove.
You can repeat this step to remove more than one virtual server at a
time.
6. Click the Finished button to update the pool without the virtual
server.
Organizing virtual servers within pools

Certain load balancing methods within the Global Traffic Manager select
virtual servers based on the order in which they are listed in the pool. For
example, the load balancing method, Global Availability, instructs the

Chapter 6
Global Traffic Manager to select the first virtual server in the pool until it
reaches capacity or goes offline, at which point it selects the next virtual
server until the first pool becomes available again.
See Chapter 7, Load Balancing with the Global Traffic Manager for more
information on load balancing methods that the Global Traffic Manager
supports.
If you use one of these load balancing methods, you may want to arrange the
order in which virtual servers are listed in a pool at any time. When you
organize your virtual servers in conjunction with these load balancing
methods, you can ensure that your most robust virtual server always
receives resolution requests, while the other virtual servers act as backups in
case the primary virtual server becomes unavailable.
To organize virtual servers within a pool

then click Pools.
2. Click the name of the pool to which you want to organize virtual
servers.
3. From the menu bar at the top of the screen, click Members.
servers.
The Manage Members screen opens.
5. In Members List, select a virtual server and click either the Up or
Down buttons to arrange it.
You can repeat this step to organize more than one virtual server at a
time.
6. Click the Finished button to update the pool with the organized
virtual servers.
Weighting virtual servers within pools

One of the load balancing methods that the Global Traffic Manager supports
is the Ratio mode. This mode instructs the system to load balance network
requests based on the weights assigned a specific resource. If you use the
Ratio mode to load balance across virtual servers in a pool, you must assign
weights to those virtual servers. A weight is a value assigned to a resource,
such as a pool, that the Global Traffic Manager uses to determine the
frequency at which the resource receives connection requests. The Global
Traffic Manager selects a resource based on the weight of that resource as a
percentage of the total of all weights in that resource group.
6-6
To illustrate the use of weights in connection load balancing, consider the

fictional company SiteRequest. One of SiteRequest’s wide IPs,
www.siterequest.com, contains a pool labeled poolMain. This pool uses
the Ratio load balancing mode and contains three virtual servers, with the
following weight assignments:
• Virtual server 1: weight 50
Notice that the total of all the weights in this pool is 100. Each time the
Global Traffic Manager selects this pool, it load balances across all three
virtual servers. Over time, the load balancing statistics for this pool will
appear as follows:
• Virtual server 1: selected 50 percent of the time
This pattern exists because the weight value, 50, is 50 percent of the total
weight for all virtual servers (100), while the weight value, 25, is 25 percent
of the total.
For information on the Ratio mode and other load balancing methods, see
Chapter 7, Load Balancing with the Global Traffic Manager.
To weight virtual servers within a pool

then click Pools.
2. Click the name of the pool to which you want to organize virtual
servers.
servers.
The manage members screen opens.
5. From the Virtual Server list, select the virtual server to which you
want to assign a ratio value.
If the virtual server already belongs to the pool, you must first
remove the virtual server from the pool and then add it back in
again. For more information, see Removing virtual servers from
pools, on page 6-5.

Chapter 6
6. In the Ratio box, type a numerical value that represents the weight
of the virtual server as compared to other virtual servers within the
same pool. The higher the value in this setting, the greater the
frequency at which the Global Traffic Manager selects the virtual
server.
7. Click the Add button to add the virtual server, with ratio value, to
the pool.
Repeat this process for each virtual server.
Disabling and enabling pools

By default, any pool that you create in the Global Traffic Manager is
enabled. This state means that the pool is accessible to the Global Traffic
Manager as it balances connection requests. If you need to temporarily
disable a pool, such as for a maintenance period, you can do so at any time
and re-enable it when it is ready to receive name resolution requests.
To disable a pool
then click Pools.
2. Check the Select box for the pool that you want to enable.
3. Click the Disable button.
After a few seconds, the pool becomes disabled. You can verify that
the pool is disabled by looking at its status icon, located in the
Status column in the table of pools. The status of a disabled pool is a
black square.
To enable a pool
then click Pools.
2. Check the Select check box for the pool that you want to enable.
3. Click the Enable button.
After a few seconds, the pool becomes enabled. The status icon of
the pool, located in the Status column in the table of pools, will
change to reflect the current availability of the pool. For example, a
pool that is enabled and verified as available by the Global Traffic
Manager will have a status icon of a green circle.
6-8
Setting up wide IPs

A wide IP is a mapping of a fully-qualified domain name (FQDN) to a set of
virtual servers that host the domain’s content, such as a web site, an
e-commerce site, or a CDN. Wide IPs use pools to organize virtual servers,
which creates a tiered load balancing effect: the Global Traffic Manager
first load balances requests to a wide IP to the appropriate pool, then load
balances within the pool to the appropriate virtual server.
You can interact with wide IPs in many ways. You can:
• Define a wide IP
• Add pools to wide IPs
• Remove pools from wide IPs
• Organize pools within wide IPs
• Weight pools within wide IPs
• Disable and enable wide IPs
• Incorporate iRules
Defining wide IPs

The first step in working with wide IPs is defining them. The basic
definition of a wide IP is a name and at least one pool. You can expand on
this definition by assigning specific load balancing methods, adding iRules,
which are scripts that programmatically control how the Global Traffic
Manager handles name resolution requests.
To define a wide IP
The wide IP screen opens.
The New Wide IP screen opens.
3. In the Name box, type the fully-qualified domain name for the wide
IP.
4. In the Pools section, use the Pool List option to add the pools that
belong to this wide IP.
Note that a pool can belong to more than one wide IP.
5. Configure the remaining wide IP settings.
help.
6. Click the Finish button to save the new wide IP.
Repeat this process for each wide IP that you want to create.

Chapter 6
Using wildcard characters in wide IP names

The Global Traffic Manager supports wildcard characters in both wide IP
names and wide IP aliases. You can use the wildcard characters to simplify
your maintenance tasks if you have a large quantity of wide IP names and/or
wide IP aliases. The wildcard characters you can use are: the question mark
( ? ), and the asterisk ( * ). The guidelines for using the wildcard characters
are as follows:
The question mark ( ? )
• You can use the question mark to replace a single character, with the
exception of dots ( . ).
• You can use more than one question mark in a wide IP name or alias.
• You can use both the question mark and the asterisk in the same wide
IP name or alias.
The asterisk ( * )
• You can use the asterisk to replace multiple consecutive characters,
with the exception of dots ( . ).
• You can use more than one asterisk in a wide IP name or alias.
• You can use both the question mark and the asterisk in the same wide
IP name or alias.
The following examples are all valid uses of the wildcard characters for the
wide IP name, www.mydomain.net.
• ???.mydomain.net
• www.??domain.net
• www.my*.net
• www.??*.net
• www.my*.*
• ???.my*.*
• *.*.net
• www.*.???
Adding pools to wide IPs

A wide IP must contain at least one pool, which then must contain at least
one pool member. This hierarchal configuration allows the Global Traffic
Manager to load balance connection requests for a wide IP at two levels:
first, the connection is load balanced across the pools assigned to the wide
IP; second, the connection is load balanced across the pool members within
the given pool.
Note
You can assign the same pool to multiple wide IPs.
6 - 10
To add a pool to a wide IP

The Wide IPs screen opens.
2. Click the name of the wide IP to which you want to add a pool.
The properties screen of that wide IP opens.
3. On the menu bar at the top of the screen, click Pools.
The pools screen opens. This screen contains a list of the pools
currently assigned to the wide IP.
The manage pools screen opens.
5. Use the Pool List settings to add a pool to the wide IP.
6. Click the Finished button to save your changes to the wide IP.
Repeat this process for each pool that you want to add to the wide IP.
Removing pools from wide IPs

When you remove a pool from a wide IP, the Global Traffic Manager ceases
to use that pool when load balancing name resolution requests. Removing a
pool does not delete it from the Global Traffic Manager; it remains available
so you can add it to another wide IP.
To remove a pool from a wide IP

2. Click the name of the wide IP from which you want to remove a
pool.
The properties screen of that wide IP opens.
The Pools screen opens. This screen contains a list of the pools
5. Use the Pools List option to select the pool that you want to remove
and click Remove.
6. Click the Update button to save your changes to the wide IP.
Repeat this process for each pool that you want to remove from the wide IP.

Chapter 6
Organizing pools within wide IPs

Certain load balancing methods within the Global Traffic Manager select
pools based on the order in which they are listed in the wide IP. For
example, the load balancing method, Global Availability, instructs the
Global Traffic Manager to select the first pool in the wide IP until it
becomes unavailable, at which point it selects the next pool until the first
pool becomes available again.
See Chapter 7, Load Balancing with the Global Traffic Manager for more
information on load balancing methods that the Global Traffic Manager
supports.
If you use one of these load balancing methods, you may want to arrange the
order in which pools are listed in a wide IP. When you organize your pools
in conjunction with these load balancing methods, you can ensure that your
most robust pool always receives resolution requests, while the other pools
act as backups in case the primary pool becomes unavailable.
To organize pools within a wide IP

2. Click the name of the wide IP in which you want to organize pools.
The properties page of that wide IP opens.
5. Use the Pools List settings to select the pool and click either the Up
or Down buttons to change its sequence.
Repeat this process until the pools are listed in the necessary order.
Weighting pools within wide IPs

One of the load balancing methods that the Global Traffic Manager supports
is the Ratio mode. This mode instructs the system to load balance network
requests based on the weights assigned a specific resource. If you use the
Ratio mode to load balance across pools in a wide IP, you must assign
weights to those pools. A weight is a value assigned to a resource, such as a
pool, that the Global Traffic Manager uses to determine the frequency at
which the resource receives connection requests. The Global Traffic
Manager selects a resource based on the weight of that resource as a
percentage of the total of all weights in that resource group.
6 - 12
To illustrate the use of weights in connection load balancing, consider the

fictional company SiteRequest. One of SiteRequest’s wide IPs,
www.siterequest.com, uses the Ratio load balancing mode and contains
three pools, with the following weight assignments:
• Pool 1: weight 50
Notice that the total of all the weights in this wide IP is 100. Each time the
Global Traffic Manager selects this wide IP, it load balances across all three
pools. Over time, the load balancing statistics for this wide IP will appear as
follows:
• Pool 1: selected 50 percent of the time
This pattern exists because the weight value, 50, is 50 percent of the total
weight for all pools, while the weight value, 25, is 25 percent of the total.
For information on the Ratio mode and other load balancing methods, see
To weight pools within a wide IP

2. Click the name of the wide IP in which you want to weight pools.
3. On the menu bar, click Pools.
The Manage Pools screen opens.
5. Use the Pool List to select the pool to which you want to assign a
ratio value.
If the pool already belongs to the wide IP, you must first remove the
pool from the wide IP and then add it back in again.
6. In the Ratio box, type a numerical value that represents the weight
of the pool as compared to other pools within the same pool. The
higher the value in this box, the greater the frequency at which the
Global Traffic Manager selects the pool.
7. Click the Add button to add the pool, with ratio value, to the pool.
Repeat this process for each pool.

Chapter 6
Disabling and enabling wide IPs

By default, any wide IP that you create in the Global Traffic Manager is
enabled. This state means that the wide IP is accessible to the Global Traffic
Manager as it balances connection requests. If you need to temporarily
disable a wide IP, such as for a maintenance period, you can do so at any
time and re-enable it later.
To disable a wide IP
2. Check the Select box for the wide IP that you want to disable.
3. Click the Disable button.
After a few seconds, the wide IP becomes disabled. You can verify
that the wide IP is disabled by looking at its status icon, located in
the Status column in the table of wide IPs. The status of a disabled
wide IP is a black square.
To enable a pool
The wide IP screen opens.
2. Check the Select check box for the wide IP that you want to enable.
3. Click the Enable button.
After a few seconds, the wide IP becomes enabled. The status icon
of the pool, located in the Status column in the table of wide IP, will
change to reflect the current availability of the wide IP. For
example, a wide IP that is enabled and verified as available by the
Global Traffic Manager will have a status icon of a green circle.
Incorporating iRules
Wide IPs also support iRules for further managing and directing network
traffic. An iRule is a set of one or more Tcl-based expressions that direct
network traffic beyond load balancing operations.
6 - 14
For example, the iRule in the following figure redirects a connection request
to a wide IP using HTTP to one using HTTP over SSL (HTTPS):
rule redirect_iRule
{
when HTTP_REQUEST
{
HTTP::redirect https://[HTTP:host][HTTP:uri]
}
}
Figure 6.1 An example of an iRule
A wide IP does not require iRules to operate effectively. However, iRules

are a powerful mechanism for customizing how the Global Traffic Manager
handles network connection requests.
You can interact with iRules in a variety of ways. You can:
• Add an iRule to a wide IP
• Remove an iRule from a wide IP
• Organize multiple iRules assigned to a wide IP
For information on creating iRules, please see Chapter 15, Writing iRules.
Adding iRules to wide IPs

You can add an iRule to a wide IP at any time. When you add an iRule to a
wide IP, the Global Traffic Manager starts to use the iRule to determine how
to load balance name resolution requests.
To add an iRule to a wide IP

2. Click the name of the wide IP in which you want to add an iRule.
3. On the menu bar, click iRules.
The iRules screen opens. This screen contains a list of the iRules
The manage iRules screen opens.
5. Use the iRules List option to use the options provided to add an
iRule to the wide IP.
6. Click the Finished button to save your iRule to the wide IP.
Repeat this process for each iRule that you want to add to the wide IP.

Chapter 6
Removing iRules from wide IPs

When you remove an iRule from a wide IP, the Global Traffic Manager no
longer uses the iRule when determining how to load balance a name
resolution request. Removing an iRule does not delete it from the Global
Traffic Manager; you can still access the iRule by clicking iRules in the
Global Traffic section of the Main tab.
To remove an iRule from a wide IP

2. Click the name of the wide IP in which you want to remove an
iRule.
3. On the menu bar at the top of the screen, click iRules.
5. Use the iRules List option to select the iRule that you want to
remove and click Remove.
Repeat this process for each iRule that you want to remove from the wide
IP.
Organizing iRules within wide IPs

Often, you might find that a wide IP can benefit from more than one iRule.
For example, a wide IP might have an iRule that focuses on the geographical
source of the name resolution request, and another that focuses on
redirecting specific requests to a different wide IP. If you assign more than
one iRule to a wide IP, the Global Traffic Manager applies iRules in the
order in which they are listed in the iRules List for the wide IP.
You can change the order in which the Global Traffic Manager applies
iRules to network connection requests at any time.
To organize iRules within a wide IP

2. Click the name of the wide IP in which you want to organize iRules.
6 - 16
3. On the menu bar at the top of the screen, click iRules.

5. Use the iRules List to select the iRule and click either the Up or
Down buttons to arrange it.
Repeat this process until the iRules are listed in the necessary order.

Chapter 6
Setting up distributed applications

A distributed application is a collection of wide IPs that serve as a single
application to a site visitor. Within the Global Traffic Manager, you have
several advantages when creating a distributed application:
You can organize logical network components into groups that represent
the business environment for which these components were designed.
You can configure a distributed application so that it is dependent on a
physical component of your network, such as a data center, server, or
link. If this physical component becomes unavailable, the Global Traffic
Manager flags the distributed application as unavailable as well. These
dependencies ensure that a user cannot access a distributed application
that does not have all of its resources available.
You can define persistence for a distributed application, ensuring that a
user accessing the distributed application uses the same network
resources until they end their session.
You can work with distributed applications in a variety of ways. You can:
• Define distributed applications
• Add wide IPs to distributed applications
• Remove wide IPs from distributed applications
• Set dependencies
• Enable and disable distributed application traffic
• Enable persistent connections
Defining distributed applications

The first step in working with distributed applications is defining them. The
basic definition of a distributed application is a name and at least one wide
IP. You can expand on this definition by determining that the availability of
application depends on virtual servers, servers, or data centers and
determining if requests coming from the same source during a specific
period of time should go to the same pool, or to a different one.
To define a distributed application

then click Distributed Applications.
The distributed applications screen opens.
The New Distributed Application screen opens.
3. In the Name box, type a name for the distributed application.
6 - 18
4. Use the Member List settings to add the wide IPs that belong to this
distributed application.
Note that a wide IP can belong to only one distributed application.
For more information on wide IPs, see Setting up wide IPs, on page
6-9.
5. Configure the remaining distributed application settings.
help.
6. Click the Finish button to create the distributed application.
Repeat this process for each distributed application that you want to create.
Adding wide IPs to distributed applications

A distributed application typically consists of multiple wide IPs that,
collectively, provide a common set of functions for end-users. Through the
Global Traffic Manager, you can add wide IPs to a distributed application at
any time.
Note
A wide IP can belong to only one distributed application.
To add a wide IP to a distributed application

2. Click the name of the distributed application to which you want to
add a wide IP.
The members screen opens. This screen contains a list of the wide
IPs currently assigned to the distributed application.
The manage wide IPs screen opens.
5. Use the Member List settings to add a wide IP to the distributed
application.
6. Click the Finished button to save the distributed application.
Removing wide IPs from distributed applications

You can remove a wide IP from a distributed application at any time. For
example, the role of the distributed application might change, resulting in
one of its original wide IPs being unnecessary. Alternatively, a wide IP

Chapter 6
might be removed because it has been replaced with a newer one. Removing
a wide IP does not delete it from the Global Traffic Manager; it remains
available to the Global Traffic Manager when load balancing connection
requests.
To remove a wide IP from a distributed application

2. Click the name of the distributed application from which you want
to remove a wide IP.
The Manage Wide IPs screen opens.
5. Use the Members List settings to select the wide IP that you want
to remove and click Remove.
6. Click the Finished button to save the distributed application.
Repeat this process for each wide IP that you want to add to the distributed
application.
Setting dependencies for distributed applications

When you create a distributed application in the Global Traffic Manager, the
system acquires information about the data centers, servers, and links that
make up the application. You have the option of setting the distributed
application to be dependent on any one type of these physical components.
With dependency, when a resource such as a virtual server becomes
unavailable, the Global Traffic Manager considers all other resources that
share the same physical component of that resource to be unavailable as
well.
The following examples illustrate how dependencies can affect the
availability of a given distributed application. These examples involve the
fictional company SiteRequest.com. This company has a distributed
application that consists of two wide IPs: www.siterequest.com and
downloads.siterequest.com. They also have data centers in New York,
Paris, and Tokyo, each of which provides resources that the distributed
application can access. In each example, a lightning storm caused the New
York data center to lose power. Although the emergency power starts
immediately, one of the virtual servers and one of the Internet links used by
the application has gone offline.
6 - 20
Example 1: Data Center Dependency

If the application uses data center dependency, the Global Traffic
Manager considers the entire data center to be unavailable to the
application, even if other virtual servers for the application remain
available at the data center. Other connection requests, independent of
the application, can still be sent to the data center.
Example 2: Server Dependency
If the application uses server dependency, the Global Traffic Manager
treats the server hosting the virtual server to be unavailable to the
application, even if other virtual servers on that server are online. Other
connection requests, independent of the application, can still be sent to
the server.
Example 3: Link Dependency
If the application uses link dependency, the Global Traffic Manager
treats all resources for the application that use that link to be unavailable
to the application. Other connection requests, independent of the
application, can still be sent to these resources through other links.
Note
Dependencies are not required for a given distributed application. If you do

not define a dependency, then the Global Traffic Manager considers the
application available as long as there is at least one resource to which it
can load balance a name resolution request.
To set a dependency for a distributed application

2. Click the name of the distributed application for which you want to
set a dependency.
4. In the General Properties area, select a dependency level from the
Dependency Level list. This is the physical component on which
you want the distributed application to depend.
If one of these components becomes unavailable, the Global Traffic
Manager considers the distributed application to be unavailable as
well.
5. Click the Update button to save the changes to the application.

Chapter 6
Enabling and disabling distributed application traffic

Distributed applications often consist of many data centers, servers, and
links. Consequently, you might find that you need to remove a given
physical component without interrupting access to the application. For
example, you might want to take a server down to update it, yet do not want
its absence to affect the application. To accommodate this and similar
situations, the Global Traffic Manager provides options so you can enable
and disable distributed application traffic for a specific physical component
on the network.
Note
Distributed application traffic is enabled by default for any physical

components added to the application.
To disable distributed application traffic

2. Click the name of distributed application for which you want to
disable traffic.
The properties screen for that application opens.
3. On the menu bar at the top of the Distributed Applications list
screen, click Data Centers, Links, or Servers.
A screen listing the available physical components opens.
4. Check the appropriate Select box for each physical component for
which you want to disable application traffic.
5. Click Disable Distributed Application Traffic.
To enable distributed application traffic

enable traffic.
screen, click either Data Centers, Links, or Servers.
A screen listing the available physical components opens.
4. Check the appropriate select box for each physical component for
which you want to enable application traffic.
5. Click Enable Distributed Application Traffic.
6 - 22
Enabling persistent connections

Many distributed applications require that users access a single set of
resources until they complete their transaction. For example, customers
purchasing a product online might need to remain with the same data center
until they finish their order. In the context of the Global Traffic Manager,
this requirement is called persistence. Persistence is the state in which a user
of the system remains with the same set of resources until the customer
closes the connection.
To enable persistence for a distributed application

enable persistent connections.
screen, click Members.
The Members screen appears.
4. In the General Properties section, click the Persistence box.
5. Click the Update button to save your changes to the application.

Chapter 6
6 - 24
7
Load Balancing with the Global Traffic
Manager
• Understanding load balancing on the Global Traffic

Manager
• Using static load balancing modes
• Using dynamic load balancing modes
• Configuring load balancing
• Using the fallback load balancing method
• Employing additional load balancing options

Understanding load balancing on the Global Traffic

Manager
When the Global Traffic Manager receives a name resolution request, the
system employs a load balancing mode to determine the best available
virtual server. Once the Global Traffic Manager identifies the virtual server,
it constructs a DNS answer and sends that answer back to the requesting
client’s local DNS server. The DNS answer, or resource record, can be
either an A record that contains the IP address of the virtual server, or a
CNAME record that contains the canonical name for a DNS zone.
Within the Global Traffic Manager, you have two categories of load
balancing modes from which to select: static and dynamic. A static load
balancing mode selects a virtual server based on a pre-defined pattern. A
dynamic load balancing mode selects a virtual server based on current
performance metrics.
The Global Traffic Manager provides tiered load balancing system. A tiered
load balancing system is a load balancing system that occurs at more than
one point during the resolution process. The tiers within the Global Traffic
Manager are as follows:
Wide IP-level load balancing
Wide IPs that contain two or more pools use a load balancing mode first
to select a pool. Once the Global Traffic Manager selects a pool, the
system then uses pool-level load balancing mode to choose a virtual
server within the selected pool. If the Global Traffic Manager does not
choose a virtual server in the first pool, it applies the load balancing
mode to the next pool, either until it selects the best virtual server to
respond to the request, or all the pools are tried.
Pool-level load balancing

A pool contains one or more virtual servers. After the Global Traffic
Manager uses wide IP-level load balancing to select the best available
pool, it uses a pool-level load balancing to select a virtual server within
that pool. If the first virtual server within the pool is unavailable, the
Global Traffic Manager selects the next best virtual server based on the
load balancing mode assigned to that pool.
For each pool that you manage, the Global Traffic Manager supports three
types of load balancing methods: preferred, alternate, and fallback. The
preferred load balancing method is the load balancing mode that the system
will attempt to use first. If the preferred method fails to provide a valid
resource, the system uses the alternate load balancing method. Should the
alternate load balancing method also fail to provide a valid resource, the
system uses the fallback method.
One of the key differences between the alternate methods and the other two
load balancing methods is that only static load balancing modes are
available from the alternate load balancing list. This limitation exists
because dynamic load balancing modes, by definition, rely on metrics

Chapter 7
collected from different resources. If the preferred load balancing mode does
not return a valid resource, it is highly likely that the Global Traffic
Manager was unable to acquire the proper metrics to perform the load
balancing operation. By limiting the alternate load balancing options to
static methods only, the Global Traffic Manager can better ensure that,
should the preferred method prove unsuccessful, the alternate method will
return a valid result.
Note
You can select static and dynamic load balancing modes for the fallback
load balancing method.
Table 7.1 shows a complete list of the supported load balancing modes, and
indicates where you can use each mode in the Global Traffic Manager
configuration. The following sections in this chapter describe how each load
balancing mode works.
Use for wide IP Use for preferred Use for alternate Use for fallback
Load Balancing mode load balancing method method method
Completion Rate X X
Global Availability X X X X
Hops X X
Kilobytes/Second X X
Least Connections X X
None X X
Packet Rate X X X
Quality of Service X X
Ratio X X X X
Return to DNS X X X
Round Robin X X X X
Round Trip Time X X
Static Persist X X X
Topology X X X X
CPU X X
Fallback IP X X X
Table 7.1 Load balancing mode usage
7-2
Use for wide IP Use for preferred Use for alternate Use for fallback
Load Balancing mode load balancing method method method
Drop Packet X X X
Connection Rate X X X
VS Capacity X X X
Table 7.1 Load balancing mode usage

Chapter 7
Using static load balancing modes

Static load balancing modes distribute connections across the network
according to predefined patterns, and take server availability into account.
The Global Traffic Manager supports the following static load balancing
modes:
• Drop Packet
• Fallback IP
• Global Availability
• None
• Ratio
• Return to DNS
• Round Robin
• Static Persist
• Topology
The None and Return to DNS load balancing modes are special modes that
you can use to skip load balancing under certain conditions. The other static
load balancing modes perform true load balancing as described in the
following sections.
Drop Packet mode

When you specify the Drop Packet load balancing mode, the Global Traffic
Manager does nothing with the packet, and simply drops the request.
Note
A typical Local DNS server iteratively queries other authoritative name

servers when it times out on a query.
We recommend that you use the Drop Packet load balancing mode only for
the fallback method. The Global Traffic Manager uses the fallback method
when the preferred and alternate load balancing modes do not provide at
least one virtual server to return as an answer to a query.
Fallback IP
When you specify the Fallback IP mode, the Global Traffic Manager returns
the IP address that you specify as the fallback IP as an answer to the query.
Note that the IP address that you specify is not monitored for availability
before being returned as an answer. When you use the Fallback IP mode,
you can specify a disaster recovery site to return when no load balancing
mode returns an available virtual server. We recommend that you use the
Fallback IP load balancing mode only for the fallback method. The Global
7-4
Traffic Manager uses the fallback method when the preferred and alternate
load balancing modes do not provide at least one virtual server to return as
an answer to a query.
Global Availability mode

The Global Availability load balancing mode uses the virtual servers
included in the pool in the order in which they are listed. For each
connection request, this mode starts at the top of the list and sends the
connection to the first available virtual server in the list. Only when the
current virtual server is full or otherwise unavailable does Global
Availability mode move to the next virtual server in the list. Over time, the
first virtual server in the list receives the most connections and the last
virtual server in the list receives the least number of connections.
None mode
The None load balancing mode is a special mode you can use if you want to
skip the current load balancing method, or skip to the next pool in a multiple
pool configuration. For example, if you set an alternate method to None in a
pool, the Global Traffic Manager skips the alternate method and
immediately tries the load balancing mode specified as the fallback method.
If the fallback method is set to None, and you have multiple pools
configured, the Global Traffic Manager uses the next available pool.
You could also use the mode to limit each pool to a single load balancing
mode. For example, you would set the preferred method in each pool to the
desired load balancing mode, and then you would set both the alternate and
fallback methods to None in each pool. If the preferred method fails, the
None mode in both the alternate and fallback methods forces the Global
Traffic Manager to go to the next pool for a load balancing answer.
Ratio mode
The Ratio load balancing mode distributes connections among a pool of
virtual servers as a weighted round robin. Weighted round robin refers to a
load balancing pattern in which the Global Traffic Manager rotates
connection requests among several resources based on a priority level, or
weight, assigned to each resource. For example, you can configure the Ratio
mode to send twice as many connections to a fast, new server, and only half
as many connections to an older, slower server.
The Ratio load balancing mode requires that you define a ratio weight for
each virtual server in a pool, or for each pool if you are load balancing
requests among multiple pools. The default ratio weight for a server or a
pool is set to 1.

Chapter 7
Return to DNS mode

The Return to DNS mode is another special load balancing mode that you
can use to immediately return connection requests to the Local DNS for
resolution. This mode is particularly useful if you want to temporarily
remove a pool from service, or if you want to limit a pool in a single pool
configuration to only one or two load balancing attempts.
Round Robin mode

The Round Robin load balancing mode distributes connections in a circular
and sequential pattern among the virtual servers in a pool. Over time, each
virtual server receives an equal number of connections.
Static Persist mode

The Static Persist load balancing mode provides static persistence of local
DNS servers to virtual servers; it consistently maps an LDNS IP address to
the same available virtual server for the duration of the session. This mode
guarantees that certain transactions are routed through a single transaction
manager (for example, a Local Traffic Manager or other server array
manager); this is beneficial for transaction-oriented traffic, such as
e-commerce shopping carts, online trading, and online banking.
Topology mode
The Topology load balancing mode allows you to direct or restrict traffic
flow by adding topology records to a topology statement in the
configuration file. When you use the Topology load balancing mode, you
can develop proximity-based load balancing. For example, a client request
in a particular geographic region can be directed to a data center or server
within that same region. The Global Traffic Manager determines the
proximity of servers by comparing location information derived from the
DNS message to the topology records.
This load balancing mode requires you to do some advanced configuration
planning, such as gathering the information you need to define the topology
records. The Global Traffic Manager contains an IP classifier that accurately
maps local DNS servers, so when you create topology records, you can refer
to continents and countries, instead of IP subnets.
See Chapter 9, Working with Topologies, for detailed information about
working with this and other topology features.
7-6
Using dynamic load balancing modes

Dynamic load balancing modes distribute connections to servers that show
the best current performance. The performance metrics taken into account
depend on the particular dynamic mode you are using.
All dynamic load balancing modes make load balancing decisions based on
the metrics collected by the big3d agents running in each data center. The
big3d agents collect the information at set intervals that you define when
you set the global timer variables. If you want to use the dynamic load
balancing modes, you must run one or more big3d agents in each of your
data centers, to collect the required metrics.
Types of dynamic load balancing modes

The Global Traffic Manager supports the following dynamic load balancing
modes:
• CPU
• Connection Rate
• Completion Rate
• Hops
• Kilobytes/Second
• Least Connections
• Packet Rate
• Round Trip Times (RTT)
• Quality of Service (QOS)
• VS Capacity
CPU mode
The CPU load balancing mode selects the virtual server that currently has
the most CPU processing time available to handle name resolution requests.
Connection Rate mode

The Connection Rate mode selects the virtual server that is currently
accepting the fewest number of connections.
Completion Rate mode

The Completion Rate load balancing mode selects the virtual server that
currently maintains the least number of dropped or timed-out packets during
a transaction between a data center and the client LDNS.

Chapter 7
Hops mode
The Hops load balancing mode is based on the traceroute utility, and tracks
the number of intermediate system transitions (router hops) between a client
LDNS and each data center. Hops mode selects a virtual server in the data
center that has the fewest router hops from the Local DNS.
Kilobyte/Second mode
The Kilobytes/Second load balancing mode selects a virtual server that is
currently processing the fewest number of kilobytes per second.
Note
You can use the Kilobytes/Second mode only with servers for which the
Global Traffic Manager can collect the kilobytes per second metric.
See Chapter 14, Collecting Metrics, for details on the metrics the Global
Traffic Manager collects.
Least Connections mode

The Least Connections load balancing mode is used for load balancing to
virtual servers managed by a load balancing server, such as a Local Traffic
Manager. The Least Connections mode simply selects a virtual server on the
Local Traffic Manager that currently hosts the fewest connections.
Packet Rate mode

The Packet Rate load balancing mode selects a virtual server that is
currently processing the fewest number of packets per second.
Round Trip Times mode

The Round Trip Times (RTT) load balancing mode selects the virtual server
with the fastest measured round trip time between a data center and a client
LDNS.
Quality of Service mode

The Quality of Service load balancing mode uses current performance
information to calculate an overall score for each virtual server, and then
distributes connections based on each virtual server’s score. The
performance factors that the Global Traffic Manager takes into account
include:
• Round trip time
• Hops
• Connection rate
7-8
• Packet rate
• Topology
• Link Capacity
• VS Capacity
• Kilobytes/Second
The Quality of Service load balancing mode is a customizable load

balancing mode. For simple configurations, you can easily use this load
balancing mode with its default settings. For more advanced configurations,
you can specify different weights for each performance factor in the
equation.
You can also configure the Quality of Service load balancing mode to use
the dynamic ratio feature. With the dynamic ratio feature turned on, the
Quality of Service mode becomes similar to the Ratio mode, where the
connections are distributed in proportion to ratio weights assigned to each
virtual server. The ratio weights are based on the QOS scores: the better the
score, the higher percentage of connections the virtual server receives.
For details about customizing the Quality of Service mode, see the
Implementing the Quality of Service load balancing mode, following.
VS Capacity mode
The VS Capacity load balancing mode creates a list of the virtual servers,
weighted by capacity, then picks one of the virtual servers from the list. The
virtual servers with the greatest capacity are picked most often, but over
time all virtual servers are returned. If more than one virtual server has the
same capacity, then the Global Traffic Manager load balances using the
Round Robin mode among those virtual servers.
Implementing the Quality of Service load balancing mode

The Quality of Service mode is a dynamic load balancing mode that
includes a configurable combination of the Round Trip Time (RTT),
Completion Rate, Packet Rate, Topology, Hops, Link Capacity, VS
Capacity, and Kilobytes/Second (KBPS) modes. The Quality of Service
mode is based on an equation that takes each of these performance factors
into account. When the Global Traffic Manager selects a virtual server, it
chooses the server with the best overall score.
The Quality of Service mode has default settings that make it easy to use:
simply specify Quality of Service as your preferred load balancing mode.
There is no need to configure Quality of Service, but if you want to change
the settings, you can customize the equation to put more or less weight on
each individual factor. The following topics explain how to use and adjust
the various settings.

Chapter 7
Understanding QOS coefficients

Table 7.2 lists each Quality of Service (QOS) coefficient, its scale, a likely
upper limit for each, and whether a higher or lower value is more efficient.
Example Higher or
Coefficient How measured Default value upper limit lower?
Packet rate Packets per second 1 700 Lower
Round trip time Microseconds 50 2,000,000 Lower
Completion rate Percentage of successfully 5 100% Higher

transferred packets (0-100%)
Topology Score that defines network 0 100 Higher

proximity by comparing server and
LDNS IP addresses (0-232)
Hops Number of intermediate systems 0 64 Lower

transitions (hops)
Link Capacity Bandwidth usage 30 2,000,000 Higher
VS capacity Number of nodes up 0 20 Higher
Connection Rate Percentage of connections made 0 100 Lower
Kilobytes/second Kilobytes per second throughput 3 15000 Lower
Table 7.2 QOS coefficients: Default values, ranges, and limits
If you change the default QOS coefficients, keep the following issues in
mind.
Scale
The raw metrics for each coefficient are not on the same scale. For
example, completion rate is measured in percentages, while the packet
rate is measured in packets per second.
Normalization
The Global Traffic Manager normalizes the raw metrics to values in the
range of 0 to10. As the QOS value is calculated, a high measurement for
completion rate is good, because a high percentage of completed
connections are being made, but a high value for packet rate is not
desirable because the packet rate load balancing mode attempts to find a
virtual server that is not overly taxed at the moment.
• Emphasis
You can adjust coefficients to emphasize one normalized metric over
another. For example, consider the following QOS configuration:
7 - 10
• Round Trip Time: 50

• Hops: 0
• Topology: 0
• Completion Rate: 5
• Packet Rate: 1
• VS Capacity: 0
• Bits/second: 3
• Link Capacity: 30
• Connection Rate: 0
In this configuration, if the completion rates for two virtual servers are
close, the virtual server with the best packet rate is chosen. If both the
completion rates and the packet rates are close, the round trip time (RTT)
breaks the tie. In this example, the metrics for Topology, Hops, Link
Capacity, VS Capacity, and Kilobytes/Second modes are not used in
determining how to distribute connections.
Note
You cannot set a value for both the Round Trip Time and Hops settings
simultaneously. In situations where the Global Traffic Manager has a value
for both settings, the Round Trip Time value is incorporated, while the value
for the Hops setting is reset to 0.
Customizing the QOS equation

If you want to establish your own custom settings for the Quality of Server
load balancing method, you can do so at any time. You can only customize
the Quality of Service equation at the pool level.
To customize the QOS equation

then click Pools.
2. Click the name of the pool for which you want to modify the QOS
equation.
The properties screen for that pool opens.
The members screen opens.
4. From either the Preferred or Fallback list, select Quality of
Service.
5. Define the global QOS coefficients in the appropriate fields.

Chapter 7
Using the Dynamic Ratio option

The dynamic load balancing modes also support the Dynamic Ratio option.
When you activate this option, the Global Traffic Manager treats dynamic
load balancing values as ratios, and it uses each server in proportion to the
ratio determined by this option. When the Dynamic Ratio option is off, the
Global Traffic Manager uses only the server with the best result based on
the dynamic load balancing mode you implemented (in which case it is a
winner-takes-all situation), until the metrics information is refreshed.
Note
By default, the Dynamic Ratio option is off.
To illustrate how the Dynamic Ratio option works, consider a pool,

primaryOne, that contains several pool members. This pool is configured
so that the Global Traffic Manager load balances name resolution requests
based on the Round Trip Time load balancing mode. The primaryOne pool
contains two pool members: memberOne and memberTwo. For this
example, the Global Traffic Manager determines that the round trip time for
memberOne is 50 microseconds, while the round trip time for
memberTwo is 100 microseconds.
If the primaryOne pool has the Dynamic Ratio option disabled (the default
setting), the Global Traffic Manager will always load balance to the pool
with the best value. In this case, this results in requests going to
memberOne, because it has the lowest round trip time value.
If the primaryOne pool has the Dynamic Ratio option enabled, however,
the Global Traffic Manager will treat the round trip time values as ratios and
divide requests among pool members based on these ratios. In this case, this
results in memberOne getting twice as many connections as memberTwo,
because the round trip time for memberOne is twice as fast as the round trip
time for memberTwo. Note that, with the Dynamic Ratio option enabled,
both pool members are employed to handle connections, while if the option
is disabled, only one pool member receives connections.
To turn on the Dynamic Ratio option

then click Pools.
2. Click the name of the pool for which you want to enable the
Dynamic Ratio option.
The properties screen for the pool opens.
default settings.
4. Check the Dynamic Ratio check box
7 - 12
Configuring load balancing

You configure load balancing at the wide IP and pool levels:
Wide IP
When you define a wide IP, and you have multiple pools in your wide IP,
you first specify which load balancing mode to use in selecting a pool in
the wide IP. To configure load balancing for a wide IP, see Configuring
load balancing methods for wide IPs, following.
Pool
After the Global Traffic Manager selects a pool of virtual servers, it then
employs the settings you specified as the preferred, alternate, and
fallback load balancing methods to select a virtual server within the
selected pool. To configure load balancing for a pool, see Configuring
load balancing methods for pools, on page 7-14.
There may be situations (for example, e-commerce, and other sites with
multiple services) where you need to configure a wide IP so that
connections are not sent to a given address unless multiple ports or services
are available. You configure this behavior after you define the wide IP. For
details, see Employing additional load balancing options, on page 7-17.
Configuring load balancing methods for wide IPs

The Global Traffic Manager supports a wide variety of load balancing
methods for distributing network connection requests across the pools in a
wide IP. For information on these load balancing methods, see
Understanding load balancing on the Global Traffic Manager, on page 7-1.
To configure load balancing methods for a wide IP

then select Wide IPs.
The main screen for wide IPs opens.
2. Click the name of the wide IP for which you want to configure a
load balancing method.
The properties screen for the wide IP opens.
4. Select the appropriate load balancing options.
For additional information on these load balancing options, please
see the online help, or Understanding load balancing on the Global
Traffic Manager, on page 7-1.
Repeat this process for each wide IP as needed.

Chapter 7
Configuring load balancing methods for pools

The Global Traffic Manager supports a wide variety of load balancing
methods for distributing network connection requests across the virtual
servers in a pool. For information on these load balancing modes, see
Understanding load balancing on the Global Traffic Manager, on page 7-1.
For each pool that you manage, the Global Traffic Manager supports three
types of load balancing methods: preferred, alternate, and fallback. The
preferred load balancing method is the load balancing method that the
system attempts to use first. If the preferred method fails to provide a valid
resource, the system uses the alternate load balancing method. Should the
alternate load balancing method also fail to provide a valid resource, the
system uses the fallback method.
To configure load balancing methods for a pool

1. On the Main tab in the navigation pane, expand Global Traffic, and
then click Pools.
2. Click the name of the pool for which you want to configure load
balancing methods.
The properties screen for that pool opens.
The members screen opens. This screen contains a list of the virtual
servers currently assigned to the pool.
4. Select the appropriate load balancing options.
For additional information on these load balancing options, please
see the online help, or Understanding load balancing on the Global
Traffic Manager, on page 7-1.
5. Click the Update button to save your changes to the pool.
Repeat this process for each pool as needed.
7 - 14
Using the fallback load balancing method

The Global Traffic Manager supports three types of load balancing methods
at the pool level: preferred, alternate, and fallback. The preferred load
balancing method is the load balancing method that the system attempts to
use first. If the preferred method fails to provide a valid resource, the system
uses the alternate load balancing method. Should the alternate load
balancing method also fail to provide a valid resource, the system uses the
fallback method.
The fallback load balancing method is unique among the three load
balancing method that you can apply to a pool. Unlike the Preferred and
Alternate method, the Fallback method ignores the availability status of a
resource. This occurs to ensure that the Global Traffic Manager returns a
response to the DNS request. For more information on the determining
resource health and availability, see Chapter 8, Managing Connections.
Note
If you do not want the Global Traffic Manager to return an address that is
potentially unavailable, We recommend that you set the Fallback load
balancing method to None.
The Global Traffic Manager contains several options that help you control
how the system will respond when using a fallback load balancing setting.
These options allow you to:
• Configure the fallback load balancing method
• Configure the fallback IP load balancing mode
Configuring the fallback load balancing method

When you assign a load balancing mode to the fallback load balancing
method for a pool, the Global Traffic Manager uses the mode differently
than for the preferred and alternate methods. With the fallback load
balancing method, the Global Traffic Manager load balances the name
resolution request after verifying that the virtual server address returned is
up or down. However, unlike with other load balancing methods, you can
opt to use the fallback load balancing method to resolve a name resolution
request without verifying the status of the virtual server.
To use the fallback load balancing method without verifying

virtual server availability
The general properties screen opens.
2. From the Global Traffic menu, choose Load Balancing.
The load balancing properties screen opens.

Chapter 7
3. Clear the Respect Fallback Dependency check box.

To reset the Global Traffic Manager to verify that a virtual server is
available, re-check this option.
In addition, you can also configure how the Global Traffic Manager treats
the address exclusion list when using the fallback load balancing method.
The address exclusion list consists of Local Domain Name System (LDNS)
servers that the Global Traffic Manager does not probe for metrics data.
Load balancing modes that use this data include the Round Trip Time,
Completion Rate, and other dynamic modes. With the fallback load
balancing mode, you can determine if the system respects this list or ignores
it.
Note
For additional information on the address exclusion list, see Chapter 14,
Collecting Metrics.
To configure how the Global Traffic Manager uses the

address exclusion list for fallback load balancing
3. Check the Respect Fallback ACL check box.
7 - 16
Employing additional load balancing options

The Global Traffic Manager supports additional options that affect how the
system load balances name resolution requests. These options are:
• Ignore traffic TTL
• Verify virtual server availability
The Ignore Traffic TTL option instructs the Global Traffic Manager to use
path information gathered during metrics collection even if the time-to-live
value for that information has expired. This option is often used when you
want the Global Traffic Manager to continue using a dynamic load
balancing mode even if some metrics data is temporarily unavailable, and
you would prefer the Global Traffic Manager to use old metric data than
employ an alternate load balancing method. This option is disabled by
default.
The Verify Virtual Server Availability option instructs the Global Traffic
Manager to verify that a virtual server is available before returning it as a
response to a name solution request. If this option is disabled, the system
responds to a name resolution request with the virtual server’s IP address
regardless as to whether the server is up or down. This option is rarely
deactivated outside of a test or staging environment, and is enabled by
default.
To access the Ignore Traffic TTL and Verify Virtual Server

Availability options
3. Enable or disable the Ignore Traffic TTL and Verify Virtual
Server Availability options as needed.

Chapter 7
7 - 18
8
• Introducing connection management
• Determining resource health
• Determining resource availability
• Resuming connections to resources
• Establishing persistent connections
• Setting the last resort pool

Introducing connection management

When you integrate a Global Traffic Manager into your network, one of its
primary responsibilities is to load balance incoming connection requests to
the virtual server resource that best fits the configuration parameters you
defined. However, load balancing is only one part of managing connections
to your network resources. Additional issues that you must consider include:
Resource health
Resource health refers to the ability of a given resource to handle
incoming connection requests. For example. the Global Traffic Manager
uses a green circle to identify a resource, such as a wide IP, that has
available pools and virtual servers, while a pool that is down appears as a
red diamond. These visual clues can help you identify connection issues
quickly and efficiently.
Resource availability
Resource availability refers to the settings within the Configuration
utility that you use to control when a resource is available for connection
request. For example, you can establish limit settings, which instruct the
Global Traffic Manager to consider a resource as unavailable when a
statistical threshold (such as CPU usage) is reached.
Restoring availability
When a resource goes offline, the Global Traffic Manager immediately
sends incoming connection requests to the next applicable resource.
When you bring that resource online again, you can control how to
restore its availability to the Global Traffic Manager, ensuring that
connections are sent to the resource only when it is fully ready to receive
them.
Persisting connections
Certain interactions with your network require that a given user access
the same virtual server resource until their connection is completed. An
example of this situation is an online store, in which you want the user to
access the same virtual server for their shopping cart until they place
their order. With the Global Traffic Manager, you can configure your
load balancing operations to take persistent connections into account.
Selecting a last resort pool
The Global Traffic Manager includes the ability to create a last resort
pool. A last resort pool is a collection of virtual servers that are not used
during normal load balancing operations. Instead, these virtual servers
are held in reserve unless all other pools for a given wide IP become
unavailable.
In addition, it is important to understand what happens when the Global

Traffic Manager cannot find an available resource with which to respond to
a connection request. You can find more information on this topic in
Determining resource health, following.

Chapter 8
Determining resource health

In the Global Traffic Manager, resource health refers to the ability of a
given resource to handle incoming connection requests. The Global Traffic
Manager determines this health through the use of limit settings, monitors,
and dependencies on other network resources.
The health of a resource is indicated by a status code in the Configuration
utility. A status code is a visual representation of the availability of a given
resource. The Global Traffic Manager displays these status codes in the
main screens for a given resource. The types of status codes available for a
resource are:
Blue
A blue status code indicates that the resource has not been checked. This
status often appears when you first add a resource into the Configuration
utility.
Green
A green status code indicates that the resource is available and
operational. The Global Traffic Manager uses this resource to manage
traffic as appropriate.
Red
A red status code indicates that the resource did not respond as expected
to a monitor. The Global Traffic Manager uses this resource only when
two conditions are met:
• The Global Traffic Manager is using the load balancing mode
specified in the Fallback load balancing setting.
• The Fallback load balancing setting for the pool is not None.
Yellow
A yellow status code indicates that the resource is operational, but has
exceeded one of its established bandwidth thresholds. The Global Traffic
Manager only uses a resource that has a yellow status code if no other
resource is available.
Black
A black status code indicates that the resource has been manually
disabled and is no longer available for load balancing operations.
As the preceding list illustrates, the health of a resource does not necessarily
impact the availability of that resource. For example, a virtual server that
has a red status code could still be selected by the Global Traffic Manager.
To view the resource health of a given resource

1. On the Main tab of the navigation pane, expand Global Traffic
Manager.
2. Click the resource type that you want to view, such as Wide IPs.
The main screen for the resource opens. This screen displays a list
of the resources of that type currently managed through the Global
Traffic Manager, including the latest status code for each resource.
8-2
Determining resource availability

To load balance effectively, the Global Traffic Manager must determine
whether the appropriate resources are available. In the context of the Global
Traffic Manager, availability means that the resource meets one or more sets
of pre-defined requirements. These requirements can be a set of statistical
thresholds, a dependency on another resource, or set of values returned by a
monitoring agent. If a resource fails to meet one or more of these
requirements, the Global Traffic Manager considers it unavailable and
attempts to select the next resource based on the load balancing
methodology you defined.
The Global Traffic Manager includes three methods of determining resource
availability:
• Limit settings
• Monitor availability requirements
• Virtual server dependencies
The following sections describe each of these methods and how you can
configure them within the Global Traffic Manager.
Establishing limit settings

One of the methods for determining the availability of a resource is to
establish limit settings. A limit setting is a threshold for a particular statistic
associated with a system.
The Global Traffic Manager supports the following limit settings:
• Kilobytes
• Packets
• Total Connections
For BIG-IP systems, the Global Traffic Manager also supports a

Connections limit setting.
For hosts, the Global Traffic Manager also supports CPU and Memory limit
settings.
To establish limit settings for a BIG-IP system

then click Servers.
2. Click the name of the server that you want to configure.
The properties screen for the server appears.
default settings.

Chapter 8
4. For each limit setting you want to configure, select Enabled from
the corresponding list.
The screen refreshes to show a box in which you can type a value
for the limit setting.
5. Type the value for each limit setting in the corresponding box.
Using monitors to determine availability

Another method for determining the availability of a given resource is
through the use of monitors. A monitor is a software utility that specializes
in a specific metric of a Global Traffic Manager resource. You can
customize monitors to be as specific or as general as needed.
To illustrate the use of monitors to determine the availability of a resource,
consider the fictional company SiteRequest. One of the servers at
SiteRequest’s Paris data center, serverWeb1, contains the main Web site
content for the wide IP, www.siterequest.com. To ensure that this server is
available, SiteRequest configures an HTTP monitor within the Global
Traffic Manager and assigns it to serverWeb1. This monitor periodically
accesses the server to verify that the main index.html page is available. If
the monitor cannot access the page, it notifies the Global Traffic Manager,
which then considers the server unavailable until the monitor is successful.
Monitors provide a robust, customizable means of determining the
availability of a given resource with the Global Traffic Manager. The
following procedure describes how to control the impact that a set of
monitors has on the availability of a resource. For more detailed information
on the types of monitors available to the Global Traffic Manager and how to
configure them, see Chapter 10, Configuring Monitors.
To control how monitors determine the availability of a

virtual server
then click Servers.
2. Click the name of the server that contains the virtual server you
want to configure.
The virtual server screen opens.
4. Click the name of the virtual server that you want to configure.
The properties screen for the virtual server appears.
default settings.
8-4
6. Determine the availability requirements for the virtual server:

• If you want the Global Traffic Manager to consider the virtual
server only if all monitors assigned to the virtual server are
successful, select All Health Monitors from the Availability
Requirements list.
• If you want the Global Traffic Manager to consider the virtual
server as available only if some monitors assigned to it are
successful, select At Least from the Availability Requirements
list. When you select At Least, a box appears where you can type
the number of monitors that must be successful for the virtual
server to be available.

server
then click Servers.
2. Click the name of the server that you want to configure.
default settings.
4. Determine the availability requirements for the server:
• If you want the Global Traffic Manager to consider the server
only if all monitors assigned to the server are successful, select
All Health Monitors from the Availability Requirements list.
• If you want the Global Traffic Manager to consider the server as
available only if some monitors assigned to it are successful,
select At Least from the Availability Requirements list. When
you select At Least, a box appears where you can type the
number of monitors that must be successful for the server to be
available.

pool
then click Pools.
2. Click the name of the pool that you want to configure.
The properties screen for the pool appears.

Chapter 8

default settings.
4. Determine the availability requirements for the pool:
• If you want the Global Traffic Manager to consider the pool only
if all monitors assigned to the pool are successful, select All
Health Monitors from the Availability Requirements list.
• If you want the Global Traffic Manager to consider the pool as
number of monitors that must be successful for the pool to be
available.
To control how monitors determine the availability of a link

then click Links.
2. Click the name of the link that you want to configure.
The properties screen for the link appears.
default settings.
4. Determine the availability requirements for the link:
• If you want the Global Traffic Manager to consider the link only
if all monitors assigned to the link are successful, select All
Health Monitors from the Availability Requirements list.
• If you want the Global Traffic Manager to consider the link as
number of monitors that must be successful for the link to be
available.
Managing dependencies for virtual servers

Within the Global Traffic Manager, you can configure a virtual server to be
dependent on one or more virtual servers. In such a configuration, the virtual
server is available only if all of the resources in its Dependency List are
available as well.
8-6
For an example of virtual server dependencies, consider the fictional

company SiteRequest. One of the servers, serverMain, at the Tokyo data
center has two virtual servers: vsContact, which points to the contacts page
of SiteRequest’s Web site, and vsMail, which points to their mail system.
The vsContact virtual server has vsMail added in its Dependency List. As
a result, the Global Traffic Manager considers the vsContact virtual server
available only if the vsMail virtual server is also available.
Setting virtual server dependencies

You can set dependencies for a virtual server at any time.
To set the dependency of a virtual server

then click Servers.
want to configure.
default settings.
6. In the Dependency List option, select a virtual server from the
Server list and click Add.
The virtual server appears as part of the Dependency List.
7. Add additional virtual servers as needed.
Removing virtual server dependencies

You can remove a virtual server from another virtual server’s Dependency
List at any time.
To remove a virtual server from a Dependency List

then click Servers.
want to configure.
The properties screen for the server opens.

Chapter 8
3. From the menu bar, click Virtual Servers.

The properties screen for the virtual server opens.
default settings.
6. In the Dependency List option, select a virtual server from the
Dependency List and click Remove.
7. Remove additional virtual servers as needed.
Organizing virtual server dependencies

When you configure the Dependency List option for a virtual server, the
Global Traffic Manager checks each virtual server in order. You can change
this order at any time.
To organize virtual server dependencies

then click Servers.
want to configure.
default settings.
6. In the Dependency List option, use the buttons provided to move
the listed virtual servers up or down in the list.
8-8
Resuming connections to resources

When a network resource, such as a virtual server, goes offline, the Global
Traffic Manager considers that resource to be unavailable and proceeds to
send name resolution requests to other resources based on the configured
load balancing mode. By default, the Global Traffic Manager will resume
sending requests to an offline resource as soon as that the resource becomes
available again, provided that the resource meets the appropriate load
balancing requirements.
Under certain circumstances, you might not want the Global Traffic
Manager to resume connections to a resource immediately. For example, a
server for the fictional company, SiteRequest, goes offline. The Global
Traffic Manager detects that the virtual servers associated with this server
are unavailable, and proceeds to send name resolution requests to other
virtual servers as appropriate. When the server is online again, it must still
run several synchronization processes before it is fully ready to handle name
resolution requests. However, the Global Traffic Manager might detect that
the server is available before these processes are complete, and send
requests to the server before that server can handle them.
To avoid this possibility, you can configure pools to use the manual resume
feature. The manual resume feature ensures that the Global Traffic
Manager does not load balance requests to a virtual server within a pool
until you manually re-enable it.
To activate the manual resume feature

then click Pools.
2. Click the name of the pool.
The properties screen of the pool opens.
default settings.
4. Check Manual Resume.

Chapter 8
Establishing persistent connections

Most load balancing modes divide name resolution requests among
available pools or virtual servers. Each time the Global Traffic Manager
receives a request, it sends that request to the most appropriate resource. For
example, when a user visits a web site it results in multiple name resolution
requests as that user moves from page to page. Depending on the load
balancing mode selected, the Global Traffic Manager could send each
request to a completely different virtual server, server, or even data center.
In certain circumstances, you might want to ensure that a user remains with
a given set of resources throughout the session. For example, a user
attempting to conduct a transaction through an online bank needs to remain
with the same set of resources to ensure the transaction is completed
successfully.
To ensure users stay with a specific set of resources, the Global Traffic
Manager includes a persistence option. The persistence option instructs the
Global Traffic Manager to send a user to the same set of resources until a
specified period of time has elapsed.
To establish persistent connections to a wide IP

The main wide IP screen opens.
2. Click the name of the wide IP.
The Properties screen for the wide IP opens.
The Pools List screen opens.
4. From the Persistence list, select Enabled.
A new option, Persistent TTL, appears in which you can state how
long a connection should persist to the same resources.
5. In the Persistent TTL box, type the time-to-live value, in seconds.
Draining persistent requests

If you elect to use persistent connections with your load balancing mode,
you must decide how to handle connection requests when you need to take a
specific pool of virtual servers offline. By default, the Global Traffic
Manager immediately sends connection requests to other pools when you
take that pool offline, even if you enabled persistent connections. In some
situations, this behavior might not be desirable. For example, consider an
online store. You might need to take a pool of virtual servers for this store
offline; however, you do not want to interrupt shoppers currently purchasing
any products. In this situation, you want to drain persistent requests.
Draining requests refers to allowing existing sessions to continue accessing
8 - 10
a specific set of resources while disallowing new connections. In the Global

Traffic Manager, you configure this capability through the Drain Persistent
Requests option.
Note
The Drain Persistent Requests option applies only when you manually
disable the pool. It does not apply when the pool becomes offline for any
other reason.
To drain persistent requests

The General Global Properties screen opens.
3. Check Drain Persistent Requests.

Chapter 8
Setting the last resort pool

When the Global Traffic Manager load balances name resolution requests, it
considers any pool associated with a given wide IP as a potential resource.
You can, however, modify this behavior by creating a last resort pool. A last
resort pool is a pool of virtual servers to which the Global Traffic Manager
sends connection requests in the event that all other pools are unavailable.
It is important to remember that any pool you assign as the last resort pool is
not a part of the normal load balancing operations of the Global Traffic
Manager. Instead, this pool is kept in reserve. The Global Traffic Manager
uses the resources included in this pool only if no other resources are
available to handle the name resolution request.
To set the last resort pool

The main wide IP screen opens.
4. From the Last Resort Pool list, select a pool to be used as the last
resort pool.
8 - 12
9
• Overview of topologies
• Setting up and removing topology records
• Using topology load balancing in a wide IP
• Using topology load balancing in a pool
• Understanding user-defined regions
• Other load balancing options for topologies

Overview of topologies
As the name implies, the Global Traffic Manager handles name resolution
requests at an international level. Consequently, one of the methods you can
employ to load balance requests is through the use of topologies. A topology
is a set of characteristics that identify the origin of a given name resolution
request. In the Global Traffic Manager, topologies fall into several
categories, including:
• Continent
• Country
• IP Subnet
• ISP
In addition to these topology types, the Global Traffic Manager also

supports regions. A region is a customized collection of topologies. For
example, you could create a topology for Denmark, Iceland, Finland,
Norway, and Sweden. These topologies could than compose a custom
region called Scandinavia.
Through topologies, you can instruct the Global Traffic Manager to select a
data center or resource based on its physical proximity to the client making
the name resolution request. This process helps ensure that name resolution
requests are answered and managed in the fastest possible time.
You can instruct the Global Traffic Manager to use topologies to load
balance name resolution requests across pools at the wide IP level, and
across virtual servers at the pool level.
Understanding topologies
A fictional company, SiteRequest, allows its customers to download
applications from its web site. SiteRequest has three data centers: New
York, Paris, and Tokyo. To ensure that customers can download their
purchased application as quickly as possible, the IT department has decided
to create topologies with which to load balance name resolution requests.
The New York data center is chosen as the designated data center for any
name resolution requests originating in the western hemisphere. To ensure
that these requests go only to the New York data center, the IT department
first creates a custom region, called Western Hemisphere, that contains the
continents North America and South America. With this custom region
created, the next step is to create a topology record for the Global Traffic
Manager. A topology record is a statement that tells the Global Traffic
Manager how to handle name resolution requests based on topologies. In
this case, the IT department creates the record as follows:
• Request Source: Region is Western Hemisphere
• Destination Source: Data Center is New York
• Weight: 10

Chapter 9
The final step to implement this topology is to configure the corresponding

wide IP, www.siterequest.com, to use topology load balancing. See Using
topology load balancing in a wide IP, on page 9-5 for more information.
Implementing topologies
When you want to load balance connection requests using one or more
topologies, you must complete two tasks:
• Configure the given wide IP or pool to use topology as a load balancing
method.
• Access the Topology screen to create your topology statements.
To configure a wide IP or pool to use topology as a load balancing method,

see Configuring load balancing, on page 7-13.
To access the topology screen

1. On the Main tab of the navigation pane, expand Global Traffic.
2. Click Topology.
The Topology Records screen opens.
3. Create and manage your topology statements as needed.
See Setting up and removing topology records, on page 9-3 for more
information.
9-2
Setting up and removing topology records

A topology record has several elements: a request source statement, a
destination statement, an operator, and a weight.
A request source statement defines specific the origin of a name resolution
request. You can define the origin of a request as one of the following:
• A continent
• A country (based on the ISO 3166 top-level domain codes)
• An IP subnet (CIDR definition)
• An Internet Service Provider (ISP)
• A custom region
A destination statement defines the resource to which the Global Traffic

Manager directs the name resolution request. The types of resources
available for a destination statement are as follows:
• A continent
• A data center
• An IP subnet (CDIR definition)
• A pool of virtual servers
• A custom region
You can select one of two operators for both a request source and a
destination statement. The is operator indicates that the name resolution
request matches the statement. The is not operator indicates that the name
resolution request does not match the statement.
The last element of a topology record, called the topology score or weight,
allows the Global Traffic Manager to evaluate the best resolution option for
a DNS request. In the event that a name resolution request matches more
than one topology record, the Global Traffic Manager uses the record with
the highest weight attribute to determine which statement it uses to load
balance the request.
Note
A group of topology records defined for the Global Traffic Manager is

referred to as a topology statement.
To set up a topology record

then click Topology.
The main screen for topologies opens.
The New Record screen opens.

Chapter 9
3. To create a request source statement, use the request resource

settings:
a) Select an origin type from the corresponding list.
b) Select an operator, either is or is not.
c) Define the criteria for the request source statement. For example,
if the statement focuses on a country, a list appears from which
you select the country. If the statement focuses on an IP subnet, a
box appears that allows you to define that subnet.
4. To create a destination statement, use the destination settings:
a) Select a destination type from the corresponding list.
b) Select an operator, either is or is not.
c) Define the criteria for the destination statement. For example, if
the statement focuses on a country, a list would appear from
which you select the country. If the statement focuses on an IP
subnet, a box appears that allows you to define that subnet.
5. In the Weight box, specify the priority this record has over topology
records.
6. Click the Create button to save the new topology.
Removing topology records

As your network changes, you might find that you need to refine your
existing topology records, or remove outdated topology records.
For example, the fictional company SiteRequest has an existing topology
statement that routes all traffic originating from the United States to the
New York data center. Last week, a new data center in Los Angeles came
online. One of the results of this new data center is that the topology record
that the Global Traffic Manager used to direct traffic was obsolete, and
needed to be removed.
To remove a topology record

The main screen for topologies opens.
2. Select the topology record that you want to remove from the
topology records list by checking the corresponding Select check
box.
9-4
Using topology load balancing in a wide IP

You can use the Topology load balancing mode to distribute traffic among
the pools in a wide IP. To do this, you must have at least two pools
configured in the wide IP. With topology load balancing, you send name
resolution requests to specific data centers or other resources based on the
origin of the request.
To configure a wide IP to use topology load balancing

2. Click the name of the wide IP for which you want to assign
topology-based load balancing.
4. From the Load Balancing Method list, select Topology.
Repeat this process for each wide IP as needed.

Chapter 9
Using topology load balancing in a pool

In addition to setting up the topology load balancing mode to select a pool
within a wide IP, you can also set up the topology load balancing mode to
select a virtual server within a pool. However, you must configure the
topology records before the Global Traffic Manager can use the topology
load balancing mode within a pool.
To configure a pool to use topology load balancing

then click Pools.
2. Click the name of the pool for which you want to assign
topology-based load balancing.
The properties screen for the pool opens.
The Members screen opens. This screen contains a list of the virtual
servers currently assigned to the pool.
4. From the Load Balancing Method list, select Topology.
Repeat this process for each pool as needed.
9-6
Understanding user-defined regions

To further refine the topology load balancing capabilities of the Global
Traffic Manager, you can create custom topology regions. A region is a
customized collection of topologies. For example, you could create a
topology for Denmark, Iceland, Finland, Norway, and Sweden. These
topologies could than compose a custom region for Scandinavia. Regions
allow you to extend the functionality of your topologies by allowing you to
define specific geographical regions that have meaning for your network.
You create a custom region by adding one or more region member types to
the region member list. The available region member types are as follows:
• A continent
• A data center
• An IP subnet (CDIR definition)
• A pool of virtual servers
• Another custom region
Once you select a region member type, you then fill in the details about that
region member and add it to the region member list. The region member
options change based on the region member type that you select. When you
have finished adding region members to your new region, the new region
becomes an option in the Create Topology screen.
To create a region
The main topology screen opens.
2. On the menu bar, click Regions.
The main region screen opens.
The Create Region screen opens.
4. In the Name box, type a name for the new region.
5. Using the Member List settings, define the appropriate region
members.
6. Click the Create button to create the new region.

Chapter 9
Other load balancing options for topologies

The Global Traffic Manager supports additional options that affect how the
system load balances name resolution requests. These options are:
• ACL Threshold
• Longest Match
The ACL Threshold creates an exclusion list based on the topology record
score of a given name resolution request. If the topology record score is
lower than that the value entered into this option, the name resolution
request does not have access to the listed virtual servers. This option is set to
0 by default, which disables it.
The Longest Match option instructs the Global Traffic Manager to use the
topology statement that most completely matches the source IP address of
the name resolution request. For example, two topology statements exist:
one that matches a source IP address of 10.0.0.0 and one that matches
10.15.0.0. A name resolution request arrives with a source IP address of
10.15.65.8. With the Longest Match setting enabled, the Global Traffic
Manager will use the topology statement with 10.15.0.0 because it has the
longest, and therefore most complete, match. If this option was disabled, the
Global Traffic Manager could use either topology statement, depending on
factors such as the weight of the statement or the order in which the
statements are listed. This option is enabled by default.
To access the ACL Threshold and Longest Match options

3. Using the Topology Options settings, assign a value for the ACL
Threshold option, then enable or disable the Longest Match option
as needed.
9-8
10
• Introducing monitors
• Creating a custom monitor
• Configuring monitor settings
• Special configuration considerations
• Associating monitors with resources
• Managing monitors
Introducing monitors
An important feature of the Global Traffic Manager is load-balancing tools
called monitors. Monitors verify connections on pools and virtual servers. A
monitor can be either a health monitor or a performance monitor. Monitors
are designed to check the status of a pool, or virtual server on an ongoing
basis, at a set interval. If a pool or virtual server being checked does not
respond within a specified timeout period, or the status of a pool or virtual
server indicates that performance is degraded, then the Global Traffic
Manager can redirect the traffic to another resource.
Some monitors are included as part of the Global Traffic Manager, while
other monitors are user-created. Monitors that the Global Traffic Manager
provides are called pre-configured monitors. User-created monitors are
called custom monitors. For more information on pre-configured and
custom monitors, see Understanding pre-configured and custom monitors,
on page 10-4.
Before configuring and using monitors, it is helpful to understand some
basic concepts regarding monitor types, monitor settings, and monitor
implementation.
Monitor types
Every monitor, whether pre-configured or custom, belongs to a certain
category, or monitor type. Each monitor type checks the status of a
particular protocol, service, or application. For example, an HTTP type
of monitor allows you to monitor the availability of the HTTP service on
a pool, pool member, or virtual server. An ICMP type of monitor simply
determines whether the status of a resource is up or down. For more
information on monitor types, see Summary of monitor types, on page
10-2, and Configuring monitor settings, on page 10-8.
Monitor settings
Every monitor consists of settings with values. The settings and their
values differ depending on the type of monitor. In some cases, the Global
Traffic Manager assigns default values. For example, the following are
the default values for the ICMP-type monitor:
• Interval: 30 seconds
• Timeout: 120 seconds
• Transparent: No
These settings specify that an ICMP type of monitor is configured to
check the status of an IP address every 30 seconds, and to time out every
120 seconds. For more information on monitor settings, see Overview of
monitor settings, on page 10-4, and Configuring monitor settings, on
page 10-8.
Monitor implementation
The task of implementing a monitor varies depending on whether you are
using a pre-configured monitor or creating a custom monitor. If you want
to implement a pre-configured monitor, you need only associate the
monitor with a pool or virtual server. If you want to implement a custom

Chapter 10
monitor, you must first create the custom monitor, and then associate it
with a pool or virtual server. For more information on implementing a
monitor, see Understanding pre-configured and custom monitors, on
page 10-4, Creating a custom monitor, on page 10-7, and Configuring
monitor settings, on page 10-8.
Summary of monitor types

The Global Traffic Manager includes many different types of monitors, each
designed to perform a specific type of monitoring. The monitors fall into
three categories: simple, extended content verification (ECV), and extended
application verification (EAV). Simple monitors check the health of a
resource by sending a packet using the specified protocol, and waiting for a
response from the resource. If the monitor receives a response, then the
health check is successful and the resource is considered up. ECV monitors
check the health of a resource by sending a query for content using the
specified protocol, and waiting to receive the content from the resource. If
the monitor receives the correct content, then the health check is successful
and the resource is considered up. EAV monitors check the health of a
resource by accessing the specified application. If the monitor receives the
correct response, then the health check is successful and the resource is
considered up.
Table 10.1 describes the types of monitors that you can apply to your load
balancing resources. You can find details about the settings for each monitor
type in Configuring monitor settings, on page 10-8.
Monitor Category Monitor Type Description
Simple ICMP Checks the status of a resource, using Internet Control Message
Protocol (ICMP).
Simple TCP Echo Checks the status of a resource, using Transmission Control
Protocol (TCP).
ECV TCP Verifies the Transmission Control Protocol (TCP) service by

attempting to receive specific content from a resource.
ECV HTTP Verifies the Hypertext Transfer Protocol (HTTP) service by

attempting to receive specific content from a web page.
ECV HTTPS Verifies the Hypertext Transfer Protocol Secure (HTTPS) service by
attempting to receive specific content from a web page protected by
Secure Socket Layer (SSL) security.
EAV BIG IP Acquires data captured through monitors managed by a BIG-IP

Local Traffic Manager.
EAV BIG IP Link Acquires data captured through monitors managed by a BIG-IP
Link Controller.
Table 10.1 Monitor types available on a GTM system
10 - 2
EAV External Allows users to monitor services using their own programs.
EAV FTP Verifies the File Transfer Protocol (FTP) service by attempting to
download a specific file to the /var/tmp directory on the system.
Once downloaded successfully, the file is not saved.
EAV IMAP Verifies the Internet Message Access Protocol (IMAP) by

attempting to open a specified mail folder on a server. This monitor
is similar to the pop3 monitor.
EAV LDAP Verifies the Lightweight Directory Access Protocol (LDAP) service
by attempting to authenticate the specified user.
EAV MSSQL ®
Verifies Microsoft Windows SQL-based services.
EAV NNTP Verifies the Usenet News protocol (NNTP) service by attempting to
retrieve a newsgroup identification string from the server.
EAV Oracle ®
Verifies services based on Oracle by attempting to perform an
Oracle login to a service.
EAV POP3 Verifies the Post Office Protocol (pop3) service by attempting to
connect to a pool, pool member, or virtual server, log on as the
specified user, and log off.
EAV RADIUS Verifies the Remote Access Dial-in User Service (RADIUS) service
by attempting to authenticate the specified user.
EAV Real Server Checks the performance of a pool, pool member, or virtual server
that is running the RealServer data collection agent, and then
dynamically load balances traffic accordingly.
EAV SIP Checks the status of Session Initiation Protocol (SIP) Call-ID
services on a device. The SIP protocol enables real-time
messaging, voice, data, and video.
EAV SMTP Checks the status of a pool, pool member, or virtual server by
issuing standard Simple Mail Transport Protocol (SMTP)
commands.
EAV SNMP DCA Checks the current CPU, memory, and disk usage of a pool, pool
member, or virtual server that is running an SNMP data collection
agent, and then dynamically load balances traffic accordingly.
EAV SOAP Tests a Web service based on the Simple Object Access Protocol
(SOAP).

Chapter 10
EAV UDP Verifies the User Datagram Protocol (UDP) service by attempting to
send UDP packets to a pool, pool member, or virtual server and
receiving a reply.
EAV WMI Checks the performance of a pool, pool member, or virtual server
that is running the Windows Management Infrastructure (WMI) data
collection agent and then dynamically load balances traffic
accordingly.
Overview of monitor settings

Monitors contain settings with corresponding values. These settings and
their values affect the way that a monitor performs its status check. When
you create a custom monitor, you must configure these setting values. For
those settings that have default values, you can either retain the default
values, or modify them to suit your needs. You can find details about the
settings for each monitor type in Configuring monitor settings, on page
10-8.
Understanding pre-configured and custom monitors

When you want to monitor the health or performance of pool members or
virtual servers, you can either use a pre-configured monitor, or create and
configure a custom monitor.
Using pre-configured monitors

For a subset of monitor types, the Global Traffic Manager includes a set of
pre-configured monitors. A pre-configured monitor is an existing monitor
that the Global Traffic Manager provides for you, with its settings already
configured. You cannot modify pre-configured monitor settings, as they are
intended to be used as is. The purpose of a pre-configured monitor is to
eliminate the need for you to explicitly create one. You use a pre-configured
monitor when the values of the settings meet your needs as is.
The names of the pre-configured monitors that the Global Traffic Manager
includes are:
• big ip
• big ip link
• gateway icmp
• http
• https
• icmp
• real_server
10 - 4
• snmp
• tcp
• tcp_echo
An example of a pre-configured monitor is the icmp monitor. If the default

values of this monitor meet your needs, you simply assign the icmp
pre-configured monitor directly to a pool or virtual server. In this case, you
do not need to use the Monitors screens, unless you simply want to view the
default settings of the pre-configured monitor.
If you do not want to use the values configured in a pre-configured monitor,
you can create a custom monitor.
Using custom monitors

A custom monitor is a monitor that you create based on one of the allowed
monitor types.You create a custom monitor when the values defined in a
pre-configured monitor do not meet your needs, or no pre-configured
monitor exists for the type of monitor you are creating. (For information on
monitor types, see Summary of monitor types, on page 10-2.)
Selecting a custom monitor is straightforward. Like icmp, each of the
custom monitors has a Type setting based on the type of service it checks,
for example, http, https, ftp, pop3, and takes that type as its name.
(Exceptions are port-specific monitors, like the external monitor, which
calls a user-supplied program.)
For procedures on selecting and configuring a monitor, see Creating a
custom monitor, on page 10-7.
Importing settings from a pre-configured monitor

If a pre-configured monitor exists that corresponds to the type of custom
monitor you are creating, you can import the settings and values of that
pre-configured monitor into the custom monitor. You are then free to
change those setting values to suit your needs. For example, if you create a
custom monitor called my_icmp, the monitor can inherit the settings and
values of the pre-configured monitor icmp. This ability to import existing
setting values is useful when you want to retain some setting values for your
new monitor but modify others.
The following list shows an example of a custom ICMP-type monitor called
my_icmp, which is based on the pre-configured monitor icmp. Note that the
Interval value has been changed from 30 to 60. The other settings retain the
values defined in the pre-configured monitor.
• Name: my_icmp
• Type: ICMP
• Interval: 60
• Timeout: 120
• Transparent: No

Chapter 10
Importing settings from a custom monitor

You can import settings from another custom monitor instead of from a
pre-configured monitor. This is useful when you would rather use the setting
values defined in another custom monitor, or when no pre-configured
monitor exists for the type of monitor you are creating. For example, if you
create a custom monitor called my_oracle_server2, you can import settings
from an existing Oracle-type monitor such as my_oracle_server1. In this
case, because the Global Traffic Manager does not provide a pre-configured
Oracle-type monitor, a custom monitor is the only kind of monitor from
which you can import setting values.
Importing settings from a monitor template

If no pre-configured or custom monitor exists that corresponds to the type of
monitor you are creating, the Global Traffic Manager imports settings from
a monitor template. A monitor template is an abstraction that exists within
the Global Traffic Manager for each monitor type and contains a group of
settings and default values. A monitor template merely serves as a tool for
the Global Traffic Manager to use for importing settings to a custom
monitor when no monitor of that type already exists.
10 - 6
Creating a custom monitor

When you create a custom monitor, you use the Configuration utility to give
the monitor a unique name, specify a monitor type, and, if a monitor of that
type already exists, import settings and their values from the existing
monitor. You can then change the values of any imported settings.
You must base each custom monitor on a monitor type. When you create a
monitor, the Configuration utility displays a list of monitor types. To specify
a monitor type, select the one that corresponds to the service you want to
check. For example, if you want to want to create a monitor that checks the
health of the HTTP service on a pool, you choose HTTP as the monitor
type.
If you want to check more than one service on a pool or virtual server (for
example HTTP and HTTPS), you can associate more than one monitor on
that pool or virtual server. For more information, see Chapter 7, Load
Balancing with the Global Traffic Manager.
Checking services is not the only reason for implementing a monitor. If you
want to verify only that the destination IP address is live, or that the path to
it through a transparent virtual server is live, use one of the simple monitors,
icmp or tcp_echo. Or, if you want to verify TCP only, use the monitor tcp.
Note
Before creating a custom monitor, you must decide on a monitor type. For
information on monitor types, see Configuring monitor settings, on page
10-8.
To create a custom monitor

then click Monitors.
The main monitors screen opens.
The New Monitor screen opens.
3. In the Name text box, type a name for the monitor.
4. For the Type setting, select the type of monitor that you want to
create.
If a monitor of that type already exists, Import Settings appears.
default settings.
6. Configure all settings shown.
7. Click the Finished to save your changes.

Chapter 10
Configuring monitor settings

The Global Traffic Manager supports a wide variety of monitor types. Each
of these monitor types contain specific settings that you can configure to
ensure the monitor accurate tests a given resource before determining if that
resource is available for load balancing operations. When you configure
these settings, you are creating a custom monitor for your network.
The types of monitors the Global Traffic Manager supports fall into three
categories:
Simple monitors
These are health monitors that monitor the status of a resource.
Extended Content Verification (ECV) monitors
These are health monitors that verify service status by retrieving specific
content from pool members or virtual servers.
External Application Verification (EAV) monitors
These are health or performance monitors that verify service status by
accessing remote applications, using an external service-checker
program.
Simple monitors
Simple monitors are those that check the status of a resource. The simple
monitor types are:
• ICMP
• Gateway ICMP
• TCP Echo
• TCP Half Open
The GTM system provides a set of pre-configured simple monitors: icmp,
gateway_icmp, tcp_echo, and tcp_half_open. You can either use these
pre-configured monitors as is, or create custom monitors of these types.
The following sections describe each type of simple monitor and show the
pre-configured monitor for each type. Note that each pre-configured monitor
consists of settings and their values.
ICMP
Using an ICMP type of monitor, you can use Internet Control Message
Protocol (ICMP) to make a simple resource check. The check is successful
if the monitor receives a response to an ICMP_ECHO datagram. The
following list shows the settings and their values for the pre-configured
monitor icmp:
• Name: ICMP
• Type: ICMP
10 - 8
• Transparent: No
• Alias Address: * All Addresses
The Transparent mode is an option for ICMP-type monitors. When you set
this mode to Yes, the monitor pings the resource with which the monitor is
associated. For more information about Transparent mode, refer to Using
transparent and reverse modes, on page 10-34.
Gateway ICMP
A Gateway ICMP type of monitor has a special purpose. You use this
monitor for a pool that implements gateway failsafe for high availability.
A Gateway ICMP monitor functions the same way as an ICMP monitor,
except that you can apply a Gateway ICMP monitor to a pool. (Remember
that you can apply an ICMP monitor to a resource only and not to a pool
member.) The following list shows the settings and their values for the
pre-configured gateway_icmp monitor.
• Name: Gateway ICMP
• Type: Gateway ICMP
• Transparent: No
• Alias Service Port: * All Ports
TCP Echo
With a TCP Echo type of monitor, you can verify Transmission Control
Protocol (TCP) connections. The check is successful if the Global Traffic
Manager receives a response to a TCP Echo message. The TCP Echo type
also supports Transparent mode. In this mode, the resource with which the
monitor is associated is pinged through to the destination resource. (For
more information about Transparent mode, see Using transparent and
reverse modes, on page 10-34.)
To use a TCP Echo monitor type, you must ensure that TCP Echo is enabled
on the resources being monitored. The following list shows the settings for
the pre-configured monitor tcp_echo:
• Name: TCP Echo
• Type: TCP Echo
• Interval 30 seconds
• Timeout 120 seconds

Chapter 10
TCP Half Open

A TCP Half Open type of monitor performs a quick check on the associated
service by sending a TCP SYN packet to the service. As soon as the monitor
receives the SYN-ACK packet from the service, the monitor considers the
service to be in an up state, and sends a RESET to the service instead of
completing the three-way handshake. The following list shows the settings
for the pre-configured monitor tcp_half_open:
• Name: TCP Half Open
• Type: TCP Half Open
• Transparent: No
• Alias Addresses: * All Addresses
• Alias Service Ports: * All Ports
Extended Content Verification (ECV) monitors

ECV monitors use Send String and Receive String settings in an attempt to
retrieve explicit content from resources. The Global Traffic Manager
provides the pre-configured monitors tcp, http, and https for these ECV
monitor types:
• TCP
• HTTP
• HTTPS
You can either use the pre-configured ECV monitors as is, or create custom
monitors from these monitor types.
The following sections describe each type of ECV monitor and show the
pre-configured monitor for each type. Note that each pre-configured monitor
consists of settings and their values. The boldfaced type within each
pre-configured monitor serves to distinguish the settings from their
corresponding values.
TCP
A TCP type of monitor attempts to receive specific content sent over TCP.
The check is successful when the content matches the Receive String value.
A TCP type of monitor takes a Send String value and a Receive String
value. If the Send String value is blank and a connection can be made, the
service is considered up. A blank Receive String value matches any
response. Both Transparent and Reverse modes are options. For more
information about Transparent and Reverse modes, see Using transparent
and reverse modes, on page 10-34.
10 - 10
The following list shows the settings for the pre-configured monitor tcp:
• Name: tcp
• Type: TCP
• Send String: "" (empty)
• Receive String: "" (empty)
• Reverse: No
• Transparent: No
HTTP
You can use an HTTP type of monitor to check the status of Hypertext
Transfer Protocol (HTTP) traffic. Like a TCP monitor, an HTTP monitor
attempts to receive specific content from a web page, and unlike a TCP
monitor, may send a user name and password. The check is successful when
the content matches the Receive String value. An HTTP monitor uses a
send string, a receive string, a user name, a password, and optional Reverse
and Transparent modes. (If there is no password security, you must use
blank strings [""] for the Username and Password settings.)
For more information on transparent and reverse modes, see Using
transparent and reverse modes, on page 10-34.
The following list shows the settings of the pre-configured monitor http:
• Name: http
• Type: HTTP
• Send String: Get /
• User Name: "" (empty)
• Password: "" (empty)
• Reverse: No
• Transparent: No

Chapter 10
HTTPS
You use an HTTPS type of monitor to check the status of Hypertext
Transfer Protocol Secure (HTTPS) traffic. An HTTPS type of monitor
attempts to receive specific content from a web page protected by SSL
security. The check is successful when the content matches the Receive
String value.
HTTPS-type monitors use a send string, a receive string, a user name, a
password, and an optional Reverse setting. (If there is no password security,
you must use blank strings [""] for the Username and Password settings.)
For more information on the Reverse setting, see Using transparent and
reverse modes, on page 10-34.
HTTP-type monitors also include the settings Cipher List, Compatibility,
and Client Certificate. If you do not specify a cipher list, the monitor uses
the default cipher list DEFAULT:+SHA:+3DES:+kEDH. When you set
the Compatibility setting to Enabled, this sets the SSL options to ALL.
You use the Client Certificate setting to specify a certificate file that the
monitor then presents to the server.
The following list shows the settings of the pre-configured monitor https:
• Name: https
• Type: HTTPS
• Send String: Get /
• Cipher List: "" (empty)
• Compatibility: Enabled
• Client Certificate: "" (empty)
• Reverse: No
The Reverse setting is an option for monitors that import settings from the
https monitor. In most monitor settings, the Global Traffic Manager
considers the resource available when the monitor successfully probes it.
However, in some cases you may want the resource to be considered
unavailable after a successful monitor test. You accomplish this
configuration with the Reverse setting. For more information on Reverse
mode, see Using transparent and reverse modes, on page 10-34.
10 - 12
External Application Verification (EAV) monitors

EAV monitors verify applications on servers by running those applications
remotely, using an external service checker program located in the directory
/user/bin/monitors.
The types of EAV monitors that you can create are:
• BIG IP
• BIG IP Link
• External
• FTP
• IMAP
• LDAP
• MSSQL
• NNTP
• Oracle
• POP3
• RADIUS
• Real Server
• Scripted
• SIP
• SMTP
• SNMP
• SNMP Link
• SOAP
• UDP
• WAP
• WMI
The Global Traffic Manager provides pre-configured monitors for several of

these monitor types. In cases where a pre-configured monitor does not meet
your needs or does not exist, you can create a custom monitor. For more
information on custom monitors, see Creating a custom monitor, on page
10-7.
The following sections describe each type of simple monitor and show the
pre-configured monitor or default values for each type. Note that each
pre-configured monitor consists of settings and their values.
BIG IP
If you employ the Global Traffic Manager in a network that contains a Local
Traffic Manager, you must assign a BIG IP monitor to the Local Traffic
Manager. In fact, this monitor is automatically assigned to the Local Traffic
Manager if you do not do so manually.

Chapter 10
The BIG IP monitor gathers metrics and statics information that the Local
Traffic Manager acquires through the monitoring of its own resources. In
general, it is sufficient to assign only the BIG IP monitor to a Local Traffic
Manager. In situations where you want to verify the availability of a specific
resource managed by the Local Traffic Manager, we recommend that you
first assign the appropriate monitor to the resource through the Local Traffic
Manager, and then assign a BIG IP monitor to the Local Traffic Manager
through the Global Traffic Manager. This configuration provides the most
efficient means of tracking resources managed by a BIG-IP system.
The following list shows the settings and default values of a BIG IP-type
monitor:
• Name: my_bigip
• Type: BIG IP
• Probe Interval: 1 second
• Probe Timeout: 1 second
• Probe Attempts: 1
• Minimum Required Successful Attempts: 1
Note
If the Global Traffic Manager and the Local Traffic Manager are on the
same machine, you must still assign a BIG IP monitor to the server that you
added to your configuration that represents the Global Traffic
Manager/Local Traffic Manager system. See Chapter 5, Defining the
Physical Network for more information.
BIG IP Link
If you employ the Global Traffic Manager in a network that contains a Link
Controller, you must assign a BIG IP Link monitor to the Link Controller. In
fact, this monitor is automatically assigned to the Link Controller if you do
not do so manually.
The BIG IP Link monitor gathers metrics and statics information that the
Link Controller acquires through the monitoring of its own resources.
The following list shows the settings and default values of a BIG IP
Link-type monitor:
• Name: my_bigip_link
• Type: BIG IP Link
10 - 14

• Probe Timeout: 1 second
Note
If the Global Traffic Manager and the Link Controller are on the same
machine, you must still assign a BIG IP Link monitor to the server that you
added to your configuration that represents the Global Traffic
Manager/Link Controller system. See Chapter 5, Defining the Physical
Network for more information.
External
Using an External type of monitor, you can create your own monitor type.
To do this, you create a custom External-type monitor and within it, specify
a user-supplied monitor to run.
The External Program setting specifies the name of your user-supplied
monitor program. By default, an External-type monitor searches the
directory /user/bin/monitors for that monitor name. If the user-supplied
monitor resides elsewhere, you must enter a fully qualified path name.
The Arguments setting allows you to specify any command-line arguments
that are required.
The following list shows the settings and default values of an External-type
monitor:
• Name: my_external
• Type: External
• External Program: "" (empty)
• Arguments: "" (empty)
• Variables: "" (empty)

Chapter 10
FTP
Using an FTP type of monitor, you can monitor File Transfer Protocol
(FTP) traffic. A monitor of this type attempts to download a specified file to
the /var/tmp directory, and if the file is retrieved, the check is successful.
Note
Once the file has been successfully downloaded, the GTM system does not
save it.
An FTP monitor specifies a user name, a password, and a full path to the file
to be downloaded.
The following list shows the settings and default values of an FTP-type
monitor:
• Name: my_ftp
• Type: FTP
• Path/Filename: "" (empty)
• Mode: Passive
• Debug: No
IMAP
With an IMAP type of monitor, you can check the status of Internet
Message Access Protocol (IMAP) traffic. An IMAP monitor is essentially a
POP3 type of monitor with the addition of the Folder setting. The check is
successful if the monitor is able to log into a server and open the specified
mail folder.
An IMAP monitor requires that you specify a user name and password. The
following list shows the settings and default values of an IMAP-type
monitor:
• Name: my_imap
• Type: IMAP
• Folder: INBOX
10 - 16

• Debug: No
Note
Servers to be checked by an IMAP monitor typically require special

configuration to maintain a high level of security, while also allowing for
monitor authentication.
LDAP
An LDAP type of monitor checks the status of Lightweight Directory
Access Protocol (LDAP) servers. The LDAP protocol implements standard
X.500 for email directory consolidation. A check is successful if entries are
returned for the base and filter specified. An LDAP monitor requires a user
name, a password, and base and filter strings. The following list shows the
settings and default values of an LDAP-type monitor:
• Name: my_ldap
• Type: LDAP
• Base: "" (empty)
• Filter: "" (empty)
• Security: None
• Mandatory Attributes: No
• Debug: No
The User Name setting specifies a distinguished name, that is, an

LDAP-format user name.
The Base setting specifies the starting place in the LDAP hierarchy from
which to begin the query.
The Filter setting specifies an LDAP-format key of the search item.
The Security setting specifies the security protocol to be used. Acceptable
values are SSL, TLS, or None.

Chapter 10
MSSQL
You use an MSSQL type of monitor to perform service checks on Microsoft
SQL Server-based services such as Microsoft SQL Server versions 6.5 and
7.0.
The Global Traffic Manager requires installation of a JDBC driver before
performing the actual login. For more information, see the Configuration
Guide for Local Traffic Management.
If you receive a message that the connection was refused, verify that the IP
address and port number or service are correct. If you are still having login
trouble, see Troubleshooting MSSQL logins, on page 10-19.
The remainder of this section on MSSQL monitors describes prerequisite
tasks, the default monitor settings, and troubleshooting tips.
Prerequisite tasks for MSSQL

Before using an MSSQL-type monitor, you must download a set of JDBC
JavaTM Archive (JAR) files and install them on the GTM system. For more
information, see Appendix A, Additional Monitor Considerations.
MSSQL monitor settings and their default values

The following list shows the settings and default settings of an MSSQL-type
monitor:
• Name: my_mssql
• Type: mssql
• Database: "" (empty)
• Receive Row: "" (empty)
• Receive Column: "" (empty)
• Debug: No
In an MSSQL-type monitor, the Database setting specifies the name of the

data source on the Microsoft® SQL-based server. Examples are sales and
hr.
10 - 18
The Send String setting is optional and specifies a SQL query statement
that the Global Traffic manager should send to the server. Examples are
SELECT * FROM sales and SELECT FirstName, LastName From
Employees. If you configure the Send String setting, you can also configure
the following settings:
Receive String
The Receive String setting is an optional parameter that specifies the
value expected to be returned for the row and column specified with the
Receive Row and Receive Column settings. An example of a Receive
String value is ALAN SMITH. You can only configure this setting
when you configure the Send String setting.
Receive Row
The Receive Row setting is optional, and is useful only if the Receive
String setting is specified. This setting specifies the row in the returned
table that contains the Receive String value. You can only configure this
setting when you configure the Send String setting.
Receive Column
The Receive Column setting is optional and is useful only if the Receive
String setting is specified. This setting specifies the column in the
returned table that contains the Receive String value. You can only
configure this setting when you configure the Send String setting.
Troubleshooting MSSQL logins

If an MSSQL monitor cannot log in to the server, and you have checked that
the specified IP address and port number or service are correct, try the
following:
Verify that you can log in using another tool.
For example, the server program Microsoft NT SQL Server version 6.5
includes a client program named ISQL/w. This client program performs
simple logins to SQL servers. Use this program to test whether you can
log in to the server using the ISQL/w program.
Add login accounts using the Microsoft SQL Enterprise Manager.
On the Microsoft SQL Server, you can run the SQL Enterprise Manager
to add login accounts. When first entering the SQL Enterprise Manager,
you may be prompted for the SQL server that you want to manage.
You can register servers by entering the machine name, user name, and
password. If these names are correct, the server becomes registered and
you are then able to click an icon for the server. When you expand the
subtree for the server, there is an icon for login accounts.
Beneath this subtree, you can find the SQL logins. Here, you can change
passwords or add new logins by right-clicking the Logins icon. Click this
icon to access the Add login option. After you open this option, type the
user name and password for the new login, as well as which databases
the login is allowed to access. You must grant the test account access to
the database you specify in the EAV configuration.

Chapter 10
NNTP
You use an NNTP type of monitor to check the status of Usenet News
traffic. The check is successful if the monitor retrieves a newsgroup
identification line from the server. An NNTP monitor requires a newsgroup
name (for example, alt.cars.mercedes) and, if necessary, a user name and
password.
The following list shows the settings and default values of an NNTP-type
monitor:
• Name: my_nntp
• Type: NNTP
• Newsgroup: "" (empty)
• Debug: No
Oracle
With an Oracle type of monitor, you can check the status of an Oracle
database server. The check is successful if the monitor is able to connect to
the server, log in as the indicated user, and log out.
The following list shows the settings and default values of an Oracle-type
monitor:
• Name: my_oracle
• Type: Oracle
• Database: "" (empty)
• Receive Row: "" (empty)
• Receive Column: "" (empty)
• Debug: No
10 - 20
The Send String setting specifies a SQL statement that the GTM system
should send to the Oracle server. An example is SELECT * FROM sales.
The Receive String setting is an optional parameter that specifies the value
expected to be returned for a specific row and column of the table that the
Send String setting retrieved. An example of a Receive String value is
SMITH.
In an Oracle type of monitor, the Database setting specifies the name of the
data source on the Oracle server. Examples are sales and hr.
The Receive Row setting is optional, and is useful only if the Receive
String setting is specified. This setting specifies the row in the returned
table that contains the Receive String value.
The Receive Column setting is optional and is useful only if the Receive
String setting is specified. This setting specifies the column in the returned
table that contains the Receive String value.
POP3
A POP3 type of monitor checks the status of Post Office Protocol (POP)
traffic. The check is successful if the monitor is able to connect to the server,
log in as the indicated user, and log out. A POP3 monitor requires a user
name and password.
The following list shows the settings and default values of a POP3-type
monitor:
• Name: my_pop3
• Type: POP3
• Debug: No
RADIUS
Using a RADIUS type of monitor, you can check the status of Remote
Access Dial-in User Service (RADIUS) servers. The check is successful if
the server authenticates the requesting user. A RADIUS monitor requires a
user name, a password, and a shared secret string for the code number.
Note
Servers to be checked by a RADIUS monitor typically require special

configuration to maintain a high level of security while also allowing for
monitor authentication.

Chapter 10
The following list shows the settings and default values of a RADIUS-type
monitor:
• Name: my_radius
• Type: RADIUS
• Interval:10 seconds
• Secret: "" (empty)
• Debug: No
Real Server
A Real Server type of monitor checks the performance of a pool or virtual
server that is running the RealSystem Server data collection agent. The
monitor then dynamically load balances traffic accordingly. Performance
monitors are generally used with dynamic ratio load balancing. For more
information on performance monitors and dynamic ratio load balancing, see
Note
Unlike health monitors, performance monitors do not report on the status of

a pool, pool member, or virtual server.
The Global Traffic Manager provides a pre-configured Real Server monitor

named real_server. The following list shows the settings and default values
of the real_server monitor:
• Name: real_server
• Type: Real Server
• Method: GET
• Command: GetServerStats
Metrics: ServerBandwidth: 1.5, CPUPercentUsage, MemoryUsage,
TotalClientCount
• Agent: Mozilla/4.0 (compatible: MSIE 5.0, Windows NT)
10 - 22
Like all pre-configured monitors, the real_server monitor is not

user-modifiable. However, if you want to modify the Metrics setting, you
can create a custom Real Server monitor, to which you can add metrics and
modify metric values.
Note
When creating a custom Real Server monitor, you cannot modify the values
of the Method, Command, and Agent settings.
Table 10.2 shows the complete set of server-specific metrics and metric
setting default values that apply to the GetServerStats command.
Metric Default Coefficient Default Threshold
ServerBandwidth (Kbps) 1.0 10,000
CPUPercentUsage 1.0 80
MemoryUsage (Kb) 1.0 100,000
TotalClientCount 1.0 1,000
RTSPClientCount 1.0 500
HTTPClientCount 1.0 500
PNAClientCount 1.0 500
UDPTransportCount 1.0 500
TCPTransportCount 1.0 500
MulticastTransportCount 1.0 500
Table 10.2 Metrics for a Real Server monitor
The metric coefficient is a factor determining how heavily the metric’s value
counts in the overall ratio weight calculation. The metric threshold is the
highest value allowed for the metric if the metric is to have any weight at all.
To understand how to use these values, it is necessary to understand how the
overall ratio weight is calculated. The overall ratio weight is the sum of
relative weights calculated for each metric. The relative weights, in turn, are
based on three factors:
• The value for the metric returned by the monitor
• The coefficient value
• The threshold value
Given these values, the relative weight is calculated as follows:

w=((threshold-value)/threshold)*coefficient

Chapter 10
You can see that the higher the coefficient, the greater the relative weight
calculated for the metric. Similarly, the higher the threshold, the greater the
relative weight calculated for any metric value that is less than the threshold.
(When the value reaches the threshold, the weight goes to zero.)
Note that the default coefficient and default threshold values shown in Table
10.2 are metric defaults, not monitor defaults. The monitor defaults take
precedence over the metric defaults, just as user-specified values in the
custom real_server monitor take precedence over the monitor defaults. For
example, the monitor shown specifies a coefficient value of 1.5 for
ServerBandwidth and no value for the other metrics. This means that the
monitor uses the monitor default of 1.5 for the ServerBandwidth
coefficient and the metric default of 1 for the coefficients of all other
metrics. However, if a custom monitor my_real_server were configured
specifying 2.0 as the ServerBandwidth coefficient, this user-specified
value would override the monitor default.
Metric coefficient and threshold are the only non-monitor defaults. If a
metric not in the monitor is to be added to the custom monitor, it must be
added to the list of metrics for the Metrics setting. The syntax for specifying
non-default coefficient or threshold values is:
<metric>:<coefficient |<*>:<threshold>
Scripted
You use the Scripted type of monitor to generate a simple script that reads a
file that you create. The file contains send and expect strings to specify lines
that you want to send or that you expect to receive. For example, Figure
10.1 shows a sample file that you could create, which specifies a simple
SMTP sequence. Note that the lines of the file are always read in the
sequence specified.
expect 220
send “HELLO bigip1.siterequest.com\r\n”
expect “250”
send “quit\r\n
Figure 10.1 A sample file specifying an SMTP sequence
Using a Scripted monitor, you can then generate a script that acts on the
above file. When the Scripted monitor script reads this file, the script
examines each line, and if the line has no quotation marks, the line is sent or
expected as is. If the line is surrounded by quotation marks, the script strips
off the quotation marks, and examines the line for escape characters, treating
them accordingly.
The following list shows the settings and default values of a Scripted-type
monitor:
• Name: scripted
• Type: Scripted
10 - 24
• File name: "" (empty)
• Debug: No
Note
When you create a file containing send and expect strings, store the file in
the directory /config/eav.
SIP
You use a SIP type of monitor to check the status of SIP Call-ID services.
This monitor type uses UDP to issue a request to a server device. The
request is designed to identify the options that the server device supports. If
the proper request is returned, the device is considered to be up and
responding to commands.
The following list shows the settings and default values of a SIP-type
monitor:
• Name: my_sip
• Type: SIP
• Mode: UDP
• Additional Accepted Status Codes: None
• Status Code List: "" (empty)
• Debug: No
Possible values for the Mode setting are TCP and UDP.
Possible values for the Additional Accepted Status Codes setting are Any,
None, and Status Code List. The Status Code List setting specifies one or
more status codes, in addition to status code 200, that are acceptable in order
to indicate an up status. Multiple status codes should be separated by
spaces. Specifying an asterisk (*) indicates that all status codes are
acceptable.

Chapter 10
SMTP
An SMTP type of monitor checks the status of Simple Mail Transport
Protocol (SMTP) servers. This monitor type is an extremely basic monitor
that checks only that the server is up and responding to commands. The
check is successful if the mail server responds to the standard SMTP HELO
and QUIT commands. An SMTP-type monitor requires a domain name.
The following list shows the settings and default values of an SMTP-type
monitor:
• Name: my_smtp
• Type: SIP
• Domain: "" (empty)
• Debug: No
SNMP
With an SNMP type of monitor, you can check the performance of a server
running an SNMP agent such as UC Davis, for the purpose of load
balancing traffic to that server. This monitor conducts an SNMP query for a
specific number of times, counting the number of times the query is
successful. If the number of successful queries matches the number that you
set when configuring the monitor, the Global Traffic Manager considers the
resource available.
Performance monitors are generally used with dynamic ratio load balancing.
For more information on performance monitors and dynamic ratio load
balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.
Note

The Global Traffic Manager provides a pre-configured SNMP monitor

named snmp_gtm. The following list shows the settings and values of the
snmp_gtm pre-configured monitor:
• Name: snmp_gtm
• Type: SNMP
10 - 26
• Probe Timeout; 1 second

• Community: public
• Version: v1
Pre-configured monitors are not user-modifiable. Thus, if you want to

change the values for the SNMP monitor settings, you must create an
SNMP-type custom monitor. Possible values for the Version setting are v1,
v2c, and Other.
SNMP Link
You use an SNMP Link type of monitor to check the performance of links
that are running an SNMP agent.
The GTM system provides a pre-configured SNMP monitor named
snmp_link. The following list shows the settings and values of the
snmp_link pre-configured monitor:
• Name: snmp_link
• Type: SNMP Link
• Probe Timeout; 1 second
Performance monitors are generally used with dynamic ratio load balancing.
For more information on performance monitors and dynamic ratio load
balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.
Note

pool, pool member, or virtual server.
Pre-configured monitors are not user-modifiable. Thus, if you want to

change the values for the SNMP Link monitor settings, you must create an
SNMP Link-type custom monitor.

Chapter 10
SOAP
A SOAP monitor tests a Web service based on the Simple Object Access
protocol (SOAP). More specifically, the monitor submits a request to a
SOAP-based Web service, and optionally, verifies a return value or fault.
The following list shows the settings and default values of a SOAP-type
monitor:
• Name: my_soap
• Type: SOAP
• Protocol: HTTP
• URL Path: "" (empty)
• Namespace: "" (empty)
• Method: "" (empty)
• Parameter Name: "" (empty)
• Parameter Type: bool
• Parameter Value: "" (empty)
• Return Type: bool
• Expect Fault: No
Possible values for the Protocol setting are HTTP and HTTPS.
Possible values for the Parameter Type setting are: bool, int, long, and
string.
Possible values for the Return Type setting are: bool, int, short, long,
float, double, and string.
Possible values for the Expect Fault setting are No and Yes.
UDP
You use a UDP type of monitor when the system is sending User Datagram
Protocol (UDP) packets. Designed to check the status of a UDP service, a
UDP-type monitor sends one or more UDP packets to a target pool, pool
member, or virtual server.
The following list shows the settings and default values of a UDP-type
monitor.
• Name: my_udp
• Type: UDP
10 - 28
• Send String: default send string
• Send Packets: 2
• Timeout Packets: 2
As shown in this list, the value in seconds of the Timeout Packets setting
should be lower than the value of the Interval setting.
When using a UDP-type monitor to monitor a pool or virtual server, you
must also enable another monitor type, such as ICMP, to monitor the pool
or virtual server. Until both a UDP-type monitor and another type of
monitor to report the status of the UDP service as up, the UDP service
receives no traffic. See Table 10.3 for details.
If a UDP monitor reports And another monitor Then the UDP service
status as reports status as is
up up up
up down down
down up down
down down down
Table 10.3 Determining status of the UDP service
WAP
You use a WAP monitor to monitor Wireless Application Protocol (WAP)
servers. The common usage for the WAP monitor is to specify the Send
String and Receive String settings only. The WAP monitor functions by
requesting a URL (the Send String setting) and finding the string in the
Receive String setting somewhere in the data returned by the URL
response. The following list shows the settings and default values of a
WAP-type monitor:
• Name: my_wap
• Type: WAP
• Secret: "" (empty)

Chapter 10
• Accounting Node: "" (empty)

• Accounting Port: "" (empty)
• Server ID: "" (empty)
• Call ID: "" (empty)
• Session ID: "" (empty)
• Framed Address: "" (empty)
• Debug: No
The Secret setting is the RADIUS secret, a string known to both the client
and the RADIUS server, and is used in computing the MD5 hash.
The Accounting Node setting specifies the RADIUS resource. If this a null
string and RADIUS accounting has been requested (accounting port is
non-zero), then the WAP server resource is assumed to also be the RADIUS
resource.
If set to non-zero, the Accounting Port setting requests RADIUS
accounting and uses the specified port.
The Server ID setting specifies the RADIUS NAS-ID of the requesting
server (that is, the BIG-IP system). It is a string used as an alias for the
FQDN. See the section on testing WAP_monitor just below.
The Call ID setting is an identifier similar to a telephone number, that is, a
string of numeric characters. For testing purposes, this value is usually a
string of eleven characters.
The Session ID setting is a RADIUS session ID, used to identify this
session. This is an arbitrary numeric character string, often something like
01234567.
The Framed Address setting is a RADIUS framed IP address. The setting
has no special use and is usually specified simply as 1.1.1.1.
RADIUS accounting is optional. To implement RADIUS accounting, you
must set the accounting port to a non-zero value. If you set the Accounting
Port setting to a non-zero value, then the monitor assumes that RADIUS
accounting is needed, and an accounting request is sent to the specified
accounting node and port to start accounting. This is done before the URL is
requested. After the successful retrieval of the URL with the correct data, an
accounting request is sent to stop accounting.
WMI
A WMI type of monitor checks the performance of a pool or virtual server
that is running the Windows Management Infrastructure (WMI) data
collection agent and then dynamically load balances traffic accordingly.
10 - 30
You generally use performance monitors such as a WMI monitor with

dynamic ratio load balancing. For more information on performance
monitors and dynamic ratio load balancing, see Chapter 7, Load Balancing
with the Global Traffic Manager.
Note

The following list shows the settings and default values of a WMI-type
monitor:
• Name: my_wmi
• Type: WMI
• Method: POST
• URL: /scripts/F5lsapi.dll
• Command: GetCPUInfo, GetDiskInfo, GetOSInfo
• Metrics: LoadPercentage, DiskUsage, PhsyicalMemoryUsage
• Agent: Mozilla/4.0 (compatible: MSIE 5.0; Windows NT)
• Post: RespFormat=HTML
• Debug: No
Note that when creating a custom WMI monitor, the only default values that
you are required to change are the null values for user name and password.
Also note that you cannot change the value of the Method setting.
Table 10.4 shows the complete set of commands and metrics that you can
specify with the Command and Metrics settings. Also shown are the
default metric values.
Default Default
Command Metric Coefficient Threshold
GetCPUInfo LoadPercentage (%) 1.0 80
GetOSInfo PhysicalMemoryUsage (%) 1.0 80
VirtualMemoryUsage (%) 1.0 80
NumberRunningProcesses 1.0 100
Table 10.4 WMI-type monitor commands and metrics

Chapter 10
Default Default
GetDiskInfo DiskUsage (%) 1.0 90
GetPerfCounters TotalKBytesPerSec 1.0 10,000
ConnectionAttemptsPerSec 1.0 500
CurrentConnections 1.0 500
GETRequestsPerSec 1.0 500
PUTRequestsPerSec 1.0 500
POSTRequestsPerSec 1.0 500
AnonymousUsersPerSec 1.0 500
CurrentAnonymousUsers 1.0 500
NonAnonymousUsersPerSec 1.0 500
CurrentNonAnonymousUser 1.0 500
CGIRequestsPerSec 1.0 500
CurrentCGIRequests 1.0 500
ISAPIRequestsPerSec 1.0 500
CurrentISAPIRequests 1.0 500
GetWinMediaInfo AggregateReadRate 1.0 10,000

Kbps
AggregateSendRate 1.0 10,000

Kbps
ActiveLiveUnicastStreams 1.0 1000
ActiveStreams 1.0 1000
ActiveTCPStreams 1.0 1000
ActiveUDPStreams 1.0 1000
AllocatedBandwidth 1.0 10,000

Kbps
AuthenticationRequests 1.0 1000
AuthenticationsDenied 1.0 100
10 - 32
Default Default
AuthorizationRequests 1.0 1000
AuthorizationsRefused 1.0 100
ConnectedClients 1.0 500
ConnectionRate 1.0 500
HTTPStreams 1.0 1000
HTTPStreamsReadingHeader 1.0 500
HTTPStreamsStreamingBody 1.0 500
LateReads 1.0 100
PendingConnections 1.0 100
PluginErrors 1.0 100
PluginEvents 1.0 100
SchedulingRate 1.0 100
StreamErrors 1.0 100
StreamTerminations 1.0 100
UDPResendRequests 1.0 100
UDPResendsSent 1.0 100

Chapter 10
Special configuration considerations

Every pre-configured or custom monitor has settings with some default
values assigned. The following sections contain information that is useful
when changing these default values.
Setting destinations
By default, the value for the Alias Address setting for most monitors is set
to the wildcard * Addresses, and the Alias Service Port setting is set to the
wildcard * Ports (exceptions to this rule are the WMI and Real Server
monitors). This value causes the monitor instance created for a pool or
virtual server to take that resource’s address or address and port as its
destination. You can, however, replace either or both wildcard symbols with
an explicit destination value, by creating a custom monitor. An explicit
value for the Alias Address and/or Alias Service Port setting is used to
force the instance destination to a specific address and/or port which may
not be that of the pool or virtual server.
The ECV monitors http, https, and tcp have the settings Send String and
Receive String for the send string and receive expression, respectively.
The most common Send String value is GET /, which retrieves a default
HTML page for a web site. To retrieve a specific page from a web site, you
can enter a Send String value that is a fully qualified path name:
"GET /www/support/customer_info_form.html"
The Receive String expression is the text string the monitor looks for in the
returned resource. The most common Receive String expressions contain a
text string that is included in a particular HTML page on your site. The text
string can be regular text, HTML tags, or image names.
The sample Receive expression below searches for a standard HTML tag:
"<HEAD>"
You can also use the default null Receive String value [""]. In this case,
any content retrieved is considered a match. If both the Send String and
Receive String are left empty, only a simple connection check is performed.
For HTTP monitors, you can use the special settings get or hurl in place of
Send String and Receive String statements, respectively.
Using transparent and reverse modes

The normal and default behavior for a monitor is to ping the destination pool
or virtual server by an unspecified route, and to mark the resource up if the
test is successful. However, with certain monitor types, you can specify a
route through which the monitor pings the destination server. You configure
this by specifying the Transparent or Reverse setting within a custom
monitor.
10 - 34
Transparent setting
Sometimes it is necessary to ping the aliased destination through a
transparent pool or virtual server. When you create a custom monitor and
set the Transparent setting to Yes, the Global Traffic Manager forces
the monitor to ping through the pool or virtual server with which it is
associated (usually a firewall) to the pool or virtual server. (In other
words, if there are two firewalls in a load balancing pool, the destination
pool or virtual server is always pinged through the pool or virtual server
specified and not through the pool or virtual server selected by the load
balancing method.) In this way, the transparent pool or virtual server is
tested: if there is no response, the transparent pool or virtual server is
marked as down.
Common examples are checking a router, or checking a mail or FTP
server through a firewall. For example, you might want to check the
router address 10.10.10.53:80 through a transparent firewall
10.10.10.101:80. To do this, you create a monitor called http_trans in
which you specify 10.10.10.53:80 as the monitor destination address,
and set the Transparent setting to Yes. Then you associate the monitor
http_trans with the transparent firewall (10.10.10.101:80).
This causes the monitor to check the address 10.10.10 53:80 through
10.10.10.101:80. (In other words, the Global Traffic Manager routes the
check of 10.10.10.53:80 through 10.10.10.101:80.) If the correct
response is not received from 10.10.10.53:80, then 10.10.10.101:80 is
marked down. For more information on associating monitors with virtual
servers, see Associating monitors with resources, on page 10-37.
Reverse setting
In most monitor settings, the Global Traffic Manager considers the
resource available when the monitor successfully probes it. However, in
some cases you may want the resource to be considered unavailable after
a successful monitor test. You accomplish this configuration with the
Reverse setting. With the Reverse setting set to Yes, the monitor marks
the pool or virtual server down when the test is successful. For example,
if the content on your web site home page is dynamic and changes
frequently, you may want to set up a reverse ECV service check that
looks for the string: Error. A match for this string means that the web
server was down.
Figure 10.5 shows the monitors that contain the Transparent setting, the
Reverse setting, or both.
Monitor Type Setting
TCP Transparent Reverse
HTTP Transparent Reverse
Reverse
Table 10.5 Monitors that contain the Transparent or Reverse settings

Chapter 10
Monitor Type Setting
TCP Echo Transparent
ICMP Transparent
Table 10.5 Monitors that contain the Transparent or Reverse settings
10 - 36
Associating monitors with resources

Once you have created a monitor and configured its settings, the final task is
to associate the monitor with the resources to be monitored. The resources
can be either a pool or virtual server, depending on the monitor type.
When you associate a monitor with a server, the Global Traffic Manager
automatically creates an instance of that monitor for that server. A monitor
association thus creates an instance of a monitor for each server that you
specify. Therefore, you can have multiple instances of the same monitor
running on your servers.
The Configuration utility allows you to disable an instance of a monitor that
is running on a server. This allows you to suspend health or performance
checking, without having to actually remove the monitor association. When
you are ready to begin monitoring that server again, you simply re-enable
that instance of the monitor.
Types of monitor associations

Some monitor types are designed for association with virtual servers only,
while other monitor types are intended for association with pools only.
Therefore, when you use the Configuration utility to associate a monitor
with a pool or virtual server, the utility displays only those pre-configured
monitors that are designed for association with that server. For example, you
cannot associate the monitor icmp with a pool, since the icmp monitor is
designed to check the status of a virtual server itself and not any service
running on that resource.
The types of monitor associations are:
Monitor-to-pool association
This type of association links a monitor with an entire load balancing
pool. In this case, the monitor checks all members of the pool. For
example, you can create an instance of the monitor http for the pool
my_pool, thus ensuring that all members of that pool are checked.
Monitor-to-pool member association
This type of association links a monitor with a pool member within a
given pool. For example, you can create an instance of the monitor FTP
for specific pools within the pool my_pool, ensuring that only specific
pool members are verified as available through the FTP monitor.
Monitor-to-virtual server association
This type of association links a monitor with a specific virtual server. In
this case, the monitor checks only the virtual server itself, and not any
services running on that virtual server. For example, you can create an
instance of the monitor icmp for virtual server 10.10.10.10. In this case,
the monitor checks the specific virtual server only, and not any services
running on that virtual server.

Chapter 10
Managing monitors
The procedures for adding and removing monitors is specific to the
resource. See Chapter 5, Defining the Physical Network, and Chapter 6,
Defining the Logical Network for information on adding and removing
monitors from a resource.
In addition to adding and removing monitors from network resources, you
can interact with monitors in the following ways:
• Displaying monitor settings
• Deleting monitors
• Enabling and disabling monitor instances
Displaying monitor settings

Because you can create a large number of monitors to accurately track the
performance and availability of your network resources, it is helpful to view
monitor settings to determine if a given monitor is the correct one for a
given resource.
To display a monitor
2. Click a monitor name.
The properties screen of the monitor opens.
Deleting monitors
In the event that your configuration of the Global Traffic Manager no longer
requires a specific monitor, you can delete the monitor. You cannot delete a
monitor that has one or more instances assigned to resources on your
network. See Chapter 5, Defining the Physical Network, and Chapter 6,
Defining the Logical Network for information on adding and removing
monitors from a resource.
To delete a monitor
2. Check the Select box for the monitor that you want to delete.
A confirmation message opens.
4. Click the Delete button to delete the monitor.
10 - 38
Enabling and disabling monitor instances

When you add a monitor to a resource, the Global Traffic Manager creates a
copy of that monitor, or instance, and assigns it to that resource. You can
enable or disable these instances as needed. For example, if you wanted to
temporarily suspend the monitoring of a given virtual server that is
undergoing maintenance, you can disable the monitor for that virtual server
and then re-enable it when the maintenance is complete.
To enable or disable a monitor instance

2. Click a monitor name in the list.
The properties screen for the monitor opens.
3. On the menu bar, click Instances.
The monitor instance screen opens.
4. For the instance you want to manage, check the Select box.
5. Click the Enable or Disable button, as appropriate.

Chapter 10
10 - 40
11
• Introducing synchronization
• Activating synchronization
• Controlling file synchronization
• Synchronizing DNS zone files
• Creating synchronization groups

Introducing synchronization
The primary goal of the Global Traffic Manager is to ensure that name
resolution requests are sent to the best available resource on the network.
Consequently, it is typical for multiple Global Traffic Managers to reside in
several locations within a network. For example, a standard installation
might include a Global Traffic Manager at each data center within an
organization.
When a Local Domain Name Server (LDNS) submits a name resolution
request, you cannot control to which Global Traffic Manager the request is
sent. As a result, you will often want multiple Global Traffic Managers to
share the same configuration values, and maintain those configurations over
time. This process is called synchronization.
In network configurations that contain more than one Global Traffic
Manager, synchronization means that each Global Traffic Manager
regularly compares the timestamps of its configuration files with each other.
If, at any time, a system discovers that its configuration files are too old, it
will automatically transfer the newest configuration files to itself. With
synchronization, you can change settings on one system and have that
change distributed to all other systems.
You can separate the Global Traffic Managers on your network into separate
groups, called synchronization groups. A synchronization group is a
collection of multiple Global Traffic Managers that share and synchronize
configuration settings. These groups are identified by a synchronization
group name, and only systems that share this name will share configuration
settings. These synchronization groups allow you to customize the
synchronization behavior. For example, the Global Traffic Managers
residing in data centers in Europe might belong to one synchronization
group, while the systems in North America belong to another group.
The following sections provide additional information on synchronization
and the Global Traffic Manager, and specifically covers the following
topics:
• Activating synchronization
• Controlling file synchronization
• Synchronizing DNS zone files
• Creating synchronization groups
Defining NTP servers

Before you can synchronize Global Traffic Managers, you must define the
the Network Time Protocol (NTP) servers that the Global Traffic Manager
references. These servers ensure that each Global Traffic Manager is
referencing the same time when verifying timestamps for configuration
files.

Chapter 11
To define an NTP server

The general properties screen appears.
2. From the Device menu, choose NTP.
The NTP screen appears.
3. In the Address box, type either the IP address or fully-qualified
domain name for the time server.
4. Click the Add button to add the NTP server to your configuration.
The time server appears as an entry in the Time Server List.
Repeat this process for any additional time servers.
Activating synchronization
Activating synchronization for the Global Traffic Manager has an
immediate affect on its configurations, provided that another Global Traffic
Manager is already available on the network. We recommend that you
activate synchronization after you have finished configuring one of the
systems.
To activate synchronization
The general global properties screen opens.
3. Check the Synchronization check box.
11 - 2
Controlling file synchronization

When you opt to synchronize multiple Global Traffic Managers, you are
instructing each system to share its configuration files with the other
systems on the network. These files are synchronized based on their
timestamp: if a Global Traffic Manager determines that its configuration
files are older than those on another system, it acquires the newer files and
begins using them to load balance name resolution requests.
You can control the synchronization by defining the maximum age
difference between two sets of configuration files. This value is referred to
as synchronization time tolerance.
By default, the value for the synchronization time tolerance is set to 10
seconds. The minimum value you can set for this value is 5 seconds, while
the maximum you can set is 600 seconds.
To control file synchronization

3. In the Synchronization Time Tolerance box, type the maximum
age difference, in seconds, between two sets of configuration files.
Deactivating file synchronization

In the event that you need to deactivate file synchronization, you can do so
at any time. Situations in which you want to disable synchronization include
updating the data center in which the Global Traffic Manager resides, or
when you are testing a new configuration change.
To deactivate file synchronization

3. Clear the Synchronization check box.

Chapter 11
Synchronizing DNS zone files

During synchronization operations, the Global Traffic Manager verifies that
it has the latest configuration files available and, if it does not, the Global
Traffic Manager downloads the newer files from the appropriate system.
You can expand the definition of the configuration files to include the DNS
zone files used to respond to name resolution requests by using the
Synchronize DNS Zone Files option. This option is enabled by default.
To synchronize DNS zone files

2. On the toolbar, from the Global Traffic menu, choose General.
3. Check the Synchronize DNS Zone Files check box.
11 - 4
Creating synchronization groups

Each Global Traffic Manager that you synchronize must belong to a specific
group of systems, called a synchronization group. A synchronization group
is a collection of multiple Global Traffic Managers that share and
synchronize configuration settings. Initially, when you enable
synchronization for a Global Traffic Manager, the system belongs to a
synchronization group called default. However, you can create new groups
at any time. This process allows you to customize the synchronization
process, ensuring that only certain sets of Global Traffic Managers share
configuration values.
To illustrate how synchronization groups work, consider the fictional
company, SiteRequest. SiteRequest has decided to add a new data center in
Los Angeles. As part of bringing this data center online, SiteRequest has
decided that it wants the Global Traffic Managers installed in New York and
in Los Angeles to share configurations, and the Paris and Tokyo data centers
to share configurations. This setup exists because SiteRequest’s network
optimization processes require slightly different settings within the United
States than the rest of the world. To accommodate this new network
configuration, SiteRequest enables synchronization for the New York and
Los Angeles data centers, and assigns them a synchronization group name
of United States. The remaining data centers are also synchronized, but
with a group name of Rest Of World. As a result, a configuration change at
the Paris Global Traffic Manager immediately modifies the Tokyo system,
but does not affect the systems in the United States.
Note
When you change the synchronization group name for a group, you must
manually change it for each system within the synchronization group, as this
value does not synchronize. In addition, synchronization will stop for any
systems with names that do not match.
To create a synchronization group

3. In the Synchronization Group Name box, type a name of either an
existing synchronization group, or a new group.

Chapter 11
11 - 6
12
Discovering Resources through
Auto-Discovery
• Introducing auto-discovery
• Enabling auto-discovery
• Setting the discovery frequency
• Discovering virtual servers
• Discovering links
Introducing auto-discovery
A large network might consist of hundreds of virtual servers. Keeping track
of these virtual servers can be a time-consuming process itself. The Global
Traffic Manager includes a means of simplifying the addition of new virtual
servers into a network: auto-discovery. Auto-discovery is a process through
which the Global Traffic Manager identifies a resource automatically so you
can manage it.
The Global Traffic Manager can discover two types of resources: virtual
servers and links. Each resource is discovered on a per-server basis, so you
can employ auto-discovery only on the servers you specify.
The auto-discovery feature of the Global Traffic Manager has four modes
that control how the system identifies resources. These modes are:
• Disabled. In this mode, the Global Traffic Manager does not attempt to
discover any resources.
• Enabled. In this mode, the Global Traffic Manager regularly checks the
server to discover any new resources. If a previously-discovered resource
cannot be found, the Global Traffic Manager deletes it from the system.
• Enabled (No Delete). In this mode, the Global Traffic Manager
constantly checks the server to discover any new resources. Unlike the
Enabled mode, the Enabled (No Delete) mode does not delete
resources, even if the system cannot currently verify their presence.
• One Time Discovery. In this mode, the Global Traffic Manager checks
once for any new resources. This mode is useful during the initial
configuration and setup of the Global Traffic Manager.
You interact with the auto-discovery feature in a variety of ways. You can:
• Enable auto-discovery
• Set the discovery frequency
• Discover virtual servers
• Discover links

Chapter 12
Enabling auto-discovery
Before you can use the Global Traffic Manager to discover virtual servers or
links, you must enable auto-discovery on the system itself. If you do not
enable auto-discovery, the Global Traffic Manager does not discover new
resources, even you enable discovery on the server level. Auto-discovery is
enabled by default for the Global Traffic Manager.
To enable auto-discovery
3. Check the Auto-Discovery check box.
Setting the discovery frequency

Two discovery modes, Enabled and Enabled (No Delete), instruct the
Global Traffic Manager to continually monitor servers for new resources.
You configure the frequency at which the system queries for new resources
in the general properties screen. By default, the system queries servers for
new resources every 30 seconds.
To set the discovery frequency

3. In the Auto-Discovery Request Interval box, type the frequency at
which you want the system to attempt to discover new resources.
12 - 2
Discovering virtual servers

One of the resources you can discover with the Global Traffic Manager is
virtual servers. Auto-discovery is particularly useful in this situation because
many servers might have a considerable number of associated virtual servers
that would be difficult to add manually. Auto-discovery of virtual servers is
disabled by default when you create a new server.

then click Servers.
2. Click the name of the server.
The properties page for that server opens.
The main virtual servers screen opens.
4. From the Virtual Server Discovery list, select an appropriate
discovery setting.
You can select Disabled, Enabled, Enabled (No Delete), or One
Time Discovery.
Discovering links
One of the resources you can discover with the Global Traffic Manager is
links. A link is a connection between your internal network and the Internet.
Enabling the link discovery feature instructs the system to identify any
Internet links associated with the server. Auto-discovery of virtual servers is
disabled by default when you create a new server.

then click Servers.
The main server screen opens.
2. Click the name of the server.
The properties page for that server opens.
3. On the menu bar, click Links.
The main links screen opens.
4. From the Link Discovery list, select a discovery setting.
You can select Disabled, Enabled, Enabled (No Delete), or One
Time Discovery.

Chapter 12
12 - 4
13
Viewing Statistics
• Introducing statistics
• Accessing statistics
• Viewing the Status Summary screen
• Understanding the types of statistics
• Understanding persistence records

Viewing Statistics
Introducing statistics
One of the most important aspects to managing a network is timely access to
accurate information on network performance. This information can verify
that the Global Traffic Manager is handling your name resolution requests
as efficiently as possible, as well as provide data on the overall performance
of a specific resource, such as a data center or distributed application.
The Global Traffic Manager gathers statistical data on multiple aspects of
your network. You access these statistics through the statistics screen. The
types of statistics you can select from this screen include:
• A summary of network components, as defined in the Global Traffic
Manager
• Distributed applications
• Wide IPs
• Pools
• Data centers
• Links
• Servers
• Virtual servers
• iRules
• Paths
• Local DNS
In addition, the Global Traffic Manager also contains persistence records. A

persistence record provides information on network load balancing when
the persistence option is enabled for a given pool or virtual server. This
option ensures that the Global Traffic Manager sends name resolution from
the same source within a given session to the same resource on your
network.
The Global Traffic Manager gathers statistics through a software component
called the big3d agent. This agent is responsible for managing the various
monitors that you assign to your network components, and returning
statistics based on those monitors back to the Global Traffic Manager.
Statistics are often paired with metrics collection; however, the two have
different roles. Statistics pertain to a broad set of data that focuses on how
often a given set of resources are used and how well those resources are
performing. Metrics collection, on the other hand, focuses specifically on
data that relates to overall communication between the Global Traffic
Manager and a Local DNS. Unlike statistics, metrics collection is designed
to provide performance data, as opposed to usage or historical data. See
Chapter 14, Collecting Metrics for more information on metrics.

Chapter 13
Accessing statistics
You can access Global Traffic Manager statistics in two ways:
• Through the Statistics option on the Main tab of the navigation pane
• Through the Statistics menu from various main screens for different
components
Both methods bring you to the same screen within the Global Traffic
Manager. When you access statistics through a menu on the main screen for
a given network component, the Statistics screen is pre-configured for the
given network element, although you can switch to a different set of
statistics at any time.
To access statistics through the Main tab

1. On the Main tab of the navigation pane, expand Overview and then
click Statistics.
The Statistics screen opens.
2. From the Statistics Type list, select the type of statistics you want
to view.
These statistics are described in later sections of this chapter.
3. Select the data format in which you want to view the statistics:
• If you select Normalized, the Global Traffic Manager rounds the
data to the nearest digit.
• If you select Unformatted, the Global Traffic Manager displays
the exact value to as many decimal places as the value requires.
4. From the Auto Refresh list, select the frequency at which the
Global Traffic Manager refreshes data on the screen.
If you select Disabled from this list, the system does not refresh the
screen; instead, you can click the Refresh button to update the
screen with the latest statistical data.
To access statistics through a component’s main screen

click a component, such as Wide IPs.
The main screen for the component opens.
2. On the menu bar, click Statistics.
The Statistics screen opens. This screen is pre-configured to display
statistics relevant to the component.
3. Select the data format in which you want to view the statistics:
• If you select Normalized, the Global Traffic Manager rounds the
data to the nearest digit.
• If you select Unformatted, the Global Traffic Manager displays
the exact value to as many decimal places as the value requires.
13 - 2
Viewing Statistics
4. From the Auto Refresh list, select the frequency at which the
Global Traffic Manager refreshes data on the screen.
If you select Disabled from this list, the system does not refresh the
screen; instead, you can click the Refresh button to update the
screen with the latest statistical data.
Viewing the Status Summary screen

As you track the performance of your data centers, virtual servers, and other
resources, you may find it helpful to have a single screen in which you can
get a snapshot of overall resource availability. In the Global Traffic
Manager, you can view this data through the Status Summary screen.
The Status Summary screen consists of a Global Traffic Summary table that
contains the following information:
Object Type
The Object Type column describes the specific resource type. These
types are: distributed application, wide IPs, pools, data centers, links, and
servers.
Total
The Total column describes the total number of resources of the type
corresponding to the Object Type column, regardless of whether the
resource is available.
Available
The Available column describes the total number of resources of the type
corresponding to the Object Type column that the Global Traffic
Manager could verify as available.
Unavailable
The Unavailable column describes the total number of resources of the
type corresponding to the Object Type column that the Global Traffic
Manager could verify as unavailable.
Offline
The Offline column describes the total number of resources of the type
Manager could verify as offline.
Unknown
The Available column describes the total number of resources of the type
Manager could verify as available.
Each value within the Total, Available, Unavailable, Offline, and Unknown
columns is a link. When you click the link, you access the main screen for
that resource, with the list of resources filtered to show only those resources
with the corresponding status. For example, if the Available column for data
centers has a value of 5, clicking the 5 brings up a filtered main screen for
data centers that shows only the five data centers that are available.

Chapter 13
Understanding the types of statistics

You can view a variety of statistics through the Global Traffic Manager,
including:
Distributed applications
The statistics for distributed applications provide you with information
on what distributed applications exist, what wide IPs make up that
application, and how the Global Traffic Manager has load balanced
traffic to the application.
Wide IPs
The statistics for wide IPs provide you with information on what wide
IPs exist and how the Global Traffic Manager has load balanced traffic to
the wide IP.
Pools
The statistics for pools provide details on how the Global Traffic
Manager has load balanced traffic to each pool.
Data centers
The statistics for data centers revolve around the amount of traffic
flowing to and from each data center.
Links
The statistics for links focus on how much traffic is flowing in and out
through a specific link to the Internet.
Servers
The statistics for servers display the amount of traffic flowing to and
from each server.
Virtual servers
The statistics for virtual servers provide information on the amount of
traffic flowing to and from each virtual server.
Paths
The statistics for paths provide information on how quickly traffic moves
between a Local DNS and a resource for which the Global Traffic
Manager is responsible.
Local DNS
The statistics for local DNSes provide location details related to the
different Local DNSes that communicate with the Global Traffic
Manager.
Distributed application statistics

The Global Traffic Manager captures several statistics related to the
performance of a distributed application. You can use these statistics to see
how many resolution requests have been sent for the application, and how
the Global Traffic Manager has load balanced these requests. You can
13 - 4
Viewing Statistics
access the wide IP statistics by selecting Distributed Applications from the

Statistics Type list in the Statistics screen. For information on accessing the
Statistics screen, see Accessing statistics, on page 13-2.
As an example of distributed application statistics, consider the fictional
company SiteRequest. The IT department at SiteRequest has a distributed
application, downloader, which contains multiple wide IPs associated with
the viewing and downloading of SiteRequest applications. The wide IPs in
the downloader application use the Global Availability load balancing
mode. This mode sends all name resolution requests for this wide IP to a
specific pool until that pool is unavailable. Because the distributed
application is critical to SiteRequest’s operations, the IT department wants
to track traffic to the application and ensure that it is being managed
effectively. The distributed applications statistics provide the IT department
the information they need to see how many requests are being sent for the
application, allowing them to plan additional resource allocations more
effectively.
The distributed application statistics screen consists of a Distributed
Application Statistics table. This table contains the following information:
Status
The Status column indicates the current status of the wide IP. The
available status types are: Available, Unavailable, Offline, and
Unknown. Each status type is represented by a symbol; for example, the
available status type is represented by a green circle.
Distributed Application
The Distributed Application column displays the name of an application
for which the Global Traffic Manager is responsible. Each name appears
as a link. When you click the link, the properties screen for the
distributed application opens.
Members
The Members column provides a link that opens a wide IP details screen
for the distributed application. This screen displays load balancing
statistics for each pool within the distributed application. You can return
to the main distributed application statistics screen by clicking the Back
button in the Display Options area of the screen.
Requests
The Requests column displays the cumulative number of DNS requests
sent to the distributed application.
Load Balancing
The Load Balancing column provides information on how the Global
Traffic Manager load balanced connection requests to this resource. This
column consists of four subcolumns:
• The Preferred subcolumn displays the cumulative number of requests

that the Global Traffic Manager load balanced with the preferred load
balancing method.
• The Alternate subcolumn displays the cumulative number of requests
that the Global Traffic Manager load balanced with the alternate load
balancing method.

Chapter 13
• The Fallback subcolumn displays the cumulative number of requests

that the Global Traffic Manager load balanced with the Fallback load
balancing method.
• The Returned to DNS subcolumn displays the cumulative number of
requests that the Global Traffic Manager could not resolve and
returned to the Domain Name Server (DNS).
Wide IP statistics
The Global Traffic Manager captures several statistics related to the
performance of a wide IP. These statistics primarily focus on how many
resolution requests have been sent for the wide IP, and how the Global
Traffic Manager has load balanced these requests. You can access the wide
IP statistics by selecting Wide IPs from the Statistics Type list in the
Statistics screen. For information on accessing the Statistics screen, see
Accessing statistics, on page 13-2.
As an example of wide IP statistics, consider the fictional company
SiteRequest. The IT department at SiteRequest has a wide IP,
www.siterequest.com, which uses the Global Availability load balancing
mode. This mode sends all name resolution requests for this wide IP to a
specific pool until that pool is unavailable. Because the wide IP,
www.siterequest.com, is critical to SiteRequest’s operations, the IT
department wants to track traffic to the wide IP and ensure that the primary
pool is not at risk of getting overloaded. The wide IP statistics provide the
IT department the information they need to see how many requests are being
sent for the wide IP, allowing them to plan additional resource allocations
more effectively.
The wide IP statistics screen consists of a Wide IP Statistics table. This table
Status
The Status column indicates the current status of the wide IP. The
Wide IP
The Wide IP column displays the name of a wide IP for which the Global
Traffic Manager is responsible. Each name appears as a link. When you
click the link, the properties screen for the wide IP opens.
Pools
The Pools column provides a link that opens a pool details screen for the
wide IP. This screen displays load balancing statistics for each pool
within the wide IP. You can return to the main wide IP statistics screen
by clicking the Back button in the Display Options area of the screen.
Requests
The Requests column displays the cumulative number of DNS requests
sent to the wide IP.
13 - 6
Viewing Statistics
Requests Persisted
The Requests Persisted column displays the cumulative number of
requests that persisted. Persisted requests use the same pool during a
connection session.
Load Balancing

balancing method.
balancing method.
balancing method.
Pool statistics
The Pool statistics available through the Global Traffic Manager focus on
how the Global Traffic Manager has load balanced name resolution
requests. You can access the pool statistics by selecting Pools from the
As an example of pool statistics, consider the fictional company
SiteRequest. The IT department at SiteRequest has a wide IP,
www.siterequest.com, which contains pools that use the dynamic load
balancing mode, Quality of Service. This mode acquires statistical data on
response times between the Global Traffic Manager and a Local DNS server
sending a name resolution request. There has been some concern of late as
to how well this new load balancing mode is working and if the Global
Traffic Manager is able to gather the statistical information it needs to load
balance with this mode, or if it has to resort to an alternate or fallback
method. By using the pool statistics screen, the IT department can track how
many name resolution requests are load balanced using the preferred Quality
of Service method, and how many are load balanced using another method.
The pool statistics screen consists of a Pool Statistics table. This table

Chapter 13
Status
The Status column indicates the current status of the pool. The available
status types are: Available, Unavailable, Offline, and Unknown. Each
status type is represented by a symbol; for example, the available status
type is represented by a green circle.
Pool
The Pool column displays the name of a wide IP for which the Global
click the link, the properties screen for the pool opens.
Members
The Members column provides a link that opens a virtual server details
screen for the pool. This screen displays connection statistics for each
virtual server within the pool, including the number of times the virtual
server was selected for a name resolution request and the amount of
traffic flowing from and to the virtual server. You can return to the main
wide IP statistics screen by clicking the Back button in the Display
Options area of the screen.
Load Balancing

balancing method.
balancing method.
balancing method.
Data center statistics

Data center statistics revolve around the amount of traffic flowing to and
from each data center. This information can tell you if your resources are
distributed appropriately for your network. You can access the data center
statistics by selecting Data Centers from the Statistics Type list in the
Statistics screen. For information on accessing the Statistics screen, see
Accessing statistics, on page 13-2.
As an example of how the statistics for data centers can help you manage
your network resources, consider the fictional company SiteRequest.
SiteRequest has decided that its New York data center should handle all
name resolution requests originating in North America. However, since a
13 - 8
Viewing Statistics
new marketing campaign started in the United States and the IT department
is concerned it might overload the data center. By using the data center
statistics, the IT department can track the overall amount of traffic that the
New York data center is handling, allowing them to make adjustments to
their load balancing methods in a timely manner.
The data center statistics screen consists of a Data Center Statistics table.
This table contains the following information:
Status
The Status column indicates the current status of the data center. The
Data Center
The Data Center column displays the name of a data center. Each name
appears as a link. When you click the link, the properties screen for the
data center opens.
Servers
The Servers column provides a link that opens a server details screen for
the data center. This screen displays connection statistics for each server
at a data center, including the number of times the server was selected for
a name resolution request and the amount of traffic flowing from and to
the server. You can return to the main data center statistics screen by
clicking the Back button in the Display Options area of the screen.
Connections
The Connections column displays the cumulative number of requests that
the Global Traffic Manager resolved using a resource from the
corresponding data center.
Throughput (bits/sec)
The Throughput (bits/sec) column contains two subcolumns:
• The In column displays the cumulative number of bits per second sent
to the data center.
• The Out column displays the cumulative number of bits per second
sent from the data center.
Throughput (packets/sec)
The Throughput (packets/sec) column contains two subcolumns:
• The In column displays the cumulative number of packets per second
sent to the data center.
• The Out column displays the cumulative number of packets per
second sent from the data center.

Chapter 13
Link statistics
Link statistics focus on how much traffic is flowing in and out through a
specific link to the Internet. This information can help you prevent a link
from getting over-used, saving your organization from higher bandwidth
costs. You can access the link statistics by selecting Links from the
As an example of how the statistics for data centers can help you manage
your network resources, consider the fictional company SiteRequest.
SiteRequest has two links with two different Internet Service Providers
(ISPs). The primary ISP is paid in advance for a specific amount of
bandwidth usage. This allows SiteRequest to save money, but if the
bandwidth exceeds the prepaid amount, the costs increase considerably. As
a result, the IT department uses a second ISP, which has a slower connection
but considerably lower costs. By using the links statistics, the IT department
can ensure that links to the Internet are used as efficiently as possible.
The link statistics screen consists of a Link Statistics table. This table
Status
The Status column indicates the current status of the link. The available
status types are: Available, Unavailable, Offline, and Unknown. Each
status type is represented by a symbol; for example, the available status
type is represented by a green circle.
Link
The Link column displays the name of a link for which the Global
click the link, the properties screen for the link opens.
The Throughput (bits/sec) column contains four subcolumns:
to the data center.
sent from the data center.
• The Total column displays the cumulative number of both incoming
and outgoing bits per second for the link.
• The Over Prepaid displays the amount of traffic, in bits per second,
that has exceeded the prepaid traffic allotment for the link.
In addition to viewing the link data as a table, you can also view it in a graph
format. To use this format, click the Graph button. A graph screen opens,
which shows the amount of traffic used over time. You can change the
amount of time shown in the graph by selecting a value from the Graph
Interval list, located in the Display Options area of the screen.
13 - 10
Viewing Statistics
Server statistics
With Server statistics, you can analyze the amount of traffic flowing to and
from each server. This information can tell you if your resources are
distributed appropriately for your network. You can access the server
statistics by selecting Servers from the Statistics Type list in the Statistics
screen. For information on accessing the Statistics screen, see Accessing
statistics, on page 13-2.
As an example of how the statistics for servers can help you manage your
network resources, consider the fictional company SiteRequest. The IT
department at SiteRequest is considering whether it needs a few more
servers to better manage name resolution requests; however, there is some
debate as to whether the servers should be consolidated at the New York
data center (which the New York team would prefer) or spread out over all
of the data centers. It is also possible that an under-utilized server at one
data center might be moved to another data center. By using the server
statistics, the IT department can look at how much traffic is handled by each
server, giving them the information they need to decide where these new
servers, if any, should go.
The server statistics screen consists of a Server Statistics table. This table
Status
The Status column indicates the current status of the server. The
Server
The Server column displays the name of a server for which the Global
click the link, the properties screen for the server opens.
Virtual Servers
The Virtual Servers column provides a link that opens a virtual server
details screen for the server. This screen displays connection statistics for
each virtual server at a data center, including the number of times the
virtual server was selected for a name resolution request and the amount
of traffic flowing from and to the server. You can return to the main data
center statistics screen by clicking the Back button in the Display
Options area of the screen.
Picks
The Picks column displays the cumulative number of times the Global
Traffic Manager picked a server to handle a name resolution request.
Connections

Chapter 13
to the server.
sent from the server.
sent to the server.
second sent from the server.
Virtual server statistics

Virtual server statistics provide information on the amount of traffic flowing
to and from each virtual server. This information can tell you if your
resources are distributed appropriately for your network. You can access the
virtual server statistics by selecting Virtual Servers from the Statistics
Type list in the Statistics screen.
network resources, consider the fictional company SiteRequest. SiteRequest
recently added a Local Traffic Manager to their Tokyo data center, and the
IT department wants to see how well the new system is handling the traffic
and if it can perhaps be utilized to handle traffic for a new wide IP,
www.SiteRequestAsia.com. After installing the Local Traffic Manager and
adding it to the Global Traffic Manager as a server, the IT department can
use the virtual server statistics to monitor the performance of the virtual
servers that compose the new Local Traffic Manager, allowing them to
determine if more resources are required for the new wide IP.
The server statistics screen consists of a Virtual Server Statistics table. This
table contains the following information:
Status
The Status column indicates the current status of the server. The
Virtual Server
The Virtual Server column displays the name of a virtual server for
which the Global Traffic Manager is responsible. Each name appears as a
link. When you click the link, the properties screen for the virtual server
opens.
Server
The Servers column provides a link that opens a server details screen for
the data center. This screen displays connection statistics for each server
at a data center, including the number of times the server was selected for
13 - 12
Viewing Statistics
a name resolution request and the amount of traffic flowing from and to
the server. You can return to the main data center statistics screen by
clicking the Back button in the Display Options area of the screen.
Picks
The Picks column displays the cumulative number of times the Global
Traffic Manager picked a server to handle a name resolution request.
Connections
to the server.
sent from the server.
sent to the server.
second sent from the server.
Paths statistics
The paths statistics captured by the Global Traffic Manager provide
information on how quickly traffic moves between a Local DNS and a
resource for which the Global Traffic Manager is responsible. Information
presented in the paths statistics screen includes details on round trip times
(RTT), hops, and completion rates.You can access the paths statistics by
selecting Paths from the Statistics Type list in the Statistics screen. For
information on accessing the Statistics screen, see Accessing statistics, on
page 13-2.
Paths statistics are primarily used when you employ a dynamic load
balancing mode for a given wide IP or pool. You can use the information in
the Paths statistics to get an overall sense of how responsive your wide IPs
are in relation to the Local DNSes that have been sending name resolution
requests to a wide IP.
The paths statistics screen consists of a paths statistics table. This table
Local DNS Address
The Local DNS Address column displays the IP address of each Local
DNS that has sent a name resolution request for a wide IP for which the
Global Traffic Manager is responsible.

Chapter 13
Link
The Link column displays the ISP link that the Global Traffic Manager
used to send and receive data from the Local DNS.
Round Trip Time (RTT)
The Round Trip Time (RTT) column contains two subcolumns:
• The Current subcolumn displays the current round trip time between
the Local DNS and the Global Traffic Manager.
• The Average subcolumn displays the average round trip time between
Hops
The Hops column contains two subcolumns:
• The Current subcolumn displays the current number of hops between
• The Average subcolumn displays the average number of hops
between the Local DNS and the Global Traffic Manager.
Completion Rate
The Completion Rate column contains two subcolumns:
• The Current subcolumn displays the current completion rate of
transactions between the Local DNS and the Global Traffic Manager.
• The Average subcolumn displays the average completion rate of
transactions between the Local DNS and the Global Traffic Manager.
Last Probe Time

The Last Probe Time column displays the last time the Global Traffic
Manager probed the Local DNS for metrics data.
Local DNS statistics

The Local DNS statistics screen provides location details related to the
different Local DNSes that communicate with the Global Traffic Manager.
These statistics include the geographical location of the Local DNS as well
as the last time that Local DNS accessed the Global Traffic Manager.You
can access the local DNS statistics by selecting Local DNS from the
Statistics Type list in the Statistics screen.
network resources, consider the fictional company SiteRequest. SiteRequest
is currently considering whether it needs a new data center in North
America to ensure that its customers can access SiteRequest’s Web site as
effectively as possible. To help make their decision, the IT department use
the Local DNS statistics to see where most of their European traffic is
coming from. By using these statistics, the IT department discovers that a
high concentration of Local DNSes accessing SiteRequest are in the
southwest United States. This information proves helpful in determining that
a new data center in Las Vegas might be appropriate.
13 - 14
Viewing Statistics
The local DNS statistics screen consists of a local DNS statistics table. This
IP Address
The IP Address column displays the IP address of each Local DNS that
has sent a name resolution request for a wide IP for which the Global
Traffic Manager is responsible.
Requests
The Requests column displays the number of times this Local DNS has
made a name resolution request that the Global Traffic Manager handled.
Last Accessed
The Last Accessed column displays the last time the Local DNS
attempted a connection to the Global Traffic Manager.
Location
The Location column contains four subcolumns:
• The Continent subcolumn displays the continent on which the Local
DNS resides.
• The Country subcolumn displays the country in which the Local DNS
is located.
• The State subcolumn displays the state in which the Local DNS is
located.
• The City subcolumn displays the city in which the Local DNS is
located.

Chapter 13
Understanding persistence records

One of the common methods of modifying name resolution requests with
the Global Traffic Manager is to activate persistent connections. A
persistent connection is a connection in which the Global Traffic Manager
sends name resolution requests from a specific Local DNS to the same set of
resources until a time-to-live value has been reached. If you use persistent
connections in your configuration of the Global Traffic Manager, you may
want to see what persistent connections are currently active on your
network. You can access the persistence records by selecting Persistence
Records from the Statistics Type list in the Statistics screen.
The persistence records screen consists of a persistence records table. This
Local DNS Address
The LDNS Address column displays the IP address of each Local DNS
that has sent a name resolution request for a wide IP for which the Global
Traffic Manager is responsible.
Level
The Level column displays the level at which the persistent connection is
based. Available types are wide IPs and distributed applications.
Destination
The Destination column displays the wide IP or distributed application to
which the name resolution request was directed.
Target Type
The Target Type column displays the type of resource on which
persistence is based. Examples of target types include data centers,
servers, pools, and virtual servers.
Target Name
The Target Name column displays the name of the resource on which
persistence is based.
Expires
The Expires column displays the time at which the persistence for the
given LDNS request will expire.
13 - 16
14
Collecting Metrics
• Introducing metrics collection
• Defining metrics
• Assigning probes to local domain name servers
• Configuring TTL and timer values
• Excluding LDNS servers from probes

Collecting Metrics
Introducing metrics collection

In Chapter 10, Configuring Monitors, we described how the Global Traffic
Manager uses specialized software components, called monitors, to capture
data regarding the availability of a resource, such as a virtual server.
Monitors represent one half of the statistical gathering capabilities of the
Global Traffic Manager. The second half, metrics collection, captures data
on how well network traffic flows between the Global Traffic Manager and
the external Local Domain Name Systems (LDNS) servers and internal
resources with which it communicates.
The resources you make available to your users over the Internet are often
critical to your organization; consequently, it is vital that these resources are
not only available, but highly responsive to your users. Typically, two main
criteria determine the responsiveness of a resource: hops and paths. A hop is
one point-to-point transmission between a host and a client server in a
network. A network path that includes a stop at a network router would have
two hops: the first from the client to the router, and the second from the
router to the host server. A path is a logical network route between a data
center server and a local DNS server.
It is important to remember that hops and paths can differ from each other
widely on a per-connection basis. For example, an LDNS might take a long
path to reach a specific resource, but require only a few hops to get there. On
the other hand, that same LDNS might select a short path, yet have to move
between a larger number of routers, increasing the number of hops it takes to
reach the resource. It is up to you to determine what thresholds for hops and
paths are acceptable for your network, as the needs of each network, and
even each application within the same network, can vary widely.
Through the metrics collection capabilities of the Global Traffic Manager,
you can accomplish several tasks related to improving the availability and
responsiveness of your network applications and resources. You can:
• Define the types of metrics that the Global Traffic Manager collects, and
how long the system keeps those metrics before acquiring fresh data.
• Assign probes to LDNS servers that attempt to acquire the metrics
information.
• Configure Time-to-Live (TTL) values for your metrics data.
• Exclude specific LDNS servers from Global Traffic Manager probes.
• Implement the Quality of Service load balancing mode, which uses
metrics to determine the best resource for a particular name resolution
request.

Chapter 14
Defining metrics
When you decide to use the Global Traffic Manager to collect metrics on the
LDNS servers that attempt to access your network resources, you can define
the following characteristics:
• The types of metrics collected (either hops, paths, both, or disabled)
• The time-to-live (TTL) values for each metric
• The frequency at which the system updates the data
• The size of a packet sent (relevant for hop metrics only)
• The length of time that can pass before the system times out the
collection attempt
• The number of packets sent for each collection attempt
While each of these settings is important, the ones that perhaps require the
most planning beforehand are the TTL values. In general, the lower the TTL
value, the more often the Global Traffic Manager probes an LDNS. This
improves the accuracy of the data, but increases bandwidth usage.
Conversely, increasing the TTL value for a metric lowers the bandwidth
your network uses, but increases the chance that the Global Traffic Manager
is basing its load balancing operations off of stale data
An additional consideration is the number of LDNS servers that the Global
Traffic Manager queries. The more LDNS servers that the system queries,
the more bandwidth is required to ensure those queries are successful. As
you can see, setting the TTL values for metrics collection can require
incremental fine-tuning. We recommend that you periodically check the
TTL values that you set, and verify that they are appropriate for your
network.
To define metrics
The General properties screen opens.
2. From the Global Traffic menu, choose Metrics Collection.
The metrics collection screen opens.
3. In the Configuration area, assign values to the different
metrics-related settings.
For detailed information on these settings, please see the online
help.
4. Click the Update button.
14 - 2
Collecting Metrics
Assigning probes to local domain name servers

To capture accurate metrics data from the local domain name servers
(LDNS servers) that send name resolution request to the Global Traffic
Manager, you assign probes to each LDNS. A probe is a software
component that employs a specific methodology to learn more about an
LDNS.
You can assign one or more of the following probes to query LDNS servers:
DNS_REV
The DNS_REV probe sends a DNS message to the probe target LDNS
querying for a resource record of class IN, type PTR. Most versions of
DNS answer with a record containing their fully-qualified domain name.
The system makes these requests only to measure network latency and
packet loss; it does not use the information contained in the responses.
DNS_DOT
The DNS.DOT probe sends a DNS message to the probe target LDNS
querying for a dot (.). If the LDNS is not blocking queries from unknown
addresses, it answers with a list of root name servers. The system makes
these requests only to measure network latency and packet loss; it does
not use the information contained in the responses.
UDP
The UDP probe uses the user datagram protocol (UDP) to query the
responsiveness of an LDNS. The UDP protocol provides simple but
unreliable datagram services. The UDP protocol adds a checksum and
additional process-to-process addressing information. UDP is a
connectionless protocol which, like TCP, is layered on top of IP. UDP
neither guarantees delivery nor requires a connection. As a result, it is
lightweight and efficient, but the application program must take care of
all error processing and retransmission.
TCP
The TCP probe uses the transmission control protocol (TCP) to query the
responsiveness of an LDNS. The TCP protocol is the most common
transport layer protocol used on Ethernet and Internet. The TCP protocol
adds reliable communication, flow-control, multiplexing, and
connection-oriented communication. It provides full-duplex,
process-to-process connections. TCP is connection-oriented and
stream-oriented.
ICMP
The ICMP probe uses the Internet control message protocol (ICMP) to
query the responsiveness of an LDNS. The ICMP protocol is an
extension to the Internet Protocol (IP). The ICMP protocol generates
error messages, test packets, and informational messages related to IP.
With these probes, it does not matter if the Global Traffic Manager receives
a valid response, such as the name of the LDNS, as queried by the
DNS_REV probe, or a request refused statement. The relevant information
is the metrics generated between the probe request and the response. For
example, the Global Traffic Manager uses the DNS_REV probe to query

Chapter 14
two LDNS servers. The first LDNS responds to the probe with its name, as
per the request. The second LDNS, however, responds with a request
refused statement, because it is configured to not allow such requests. In
both cases, the probe was successful, because the Global Traffic Manager
was able to acquire data on how long it took for both LDNS servers to
respond to the probe.
You can configure the Global Traffic Manager to use a select number of
probes, or you can assign all five. The more probes that the Global Traffic
Manager uses, the more bandwidth is required.
To assign a probe
The General screen opens.
3. In the Local DNS (LDNS) area, use the options provided in the
Metrics Collection Protocol option to assign the relevant probes.
4. In the Metrics Caching box, define the number of seconds for
which the Global Traffic Manager will keep the collected metrics
data.
This value determines how often the system will probe a given
LDNS. The default value is 3600 seconds, or one hour.
5. In the Inactive Local DNS TTL box, define the number of seconds
for which an LDNS can be inactive before the Global Traffic
Manager considers it inactive.
The Global Traffic Manager stops probing LDNS servers that are
considered inactive. The default value is 2419200, or 28 days.
14 - 4
Collecting Metrics
Configuring TTL and timer values

Each resource in the Global Traffic Manager has an associated time-to-live
(TTL) value. A TTL is the amount of time (measured in seconds) for which
the system considers metrics valid. The timer values determine how often
the Global Traffic Manager refreshes the information.
Table 14.1 describes each TTL value, as well as its default setting.
Parameter Description Default
Hops TTL Specifies the number of seconds that the Global Traffic Manager considers 604800
traceroute data to be valid. (seven days)
Paths TTL Specifies the number of seconds that the Global Traffic Manager uses path 2400
information for name resolution and load balancing.
Inactive Path TTL Specifies the number of seconds that a path remains in the cache after its 604800
last access. (seven days)
Inactive Local DNS Specifies the number of seconds that a local DNS remains in the cache 2419200
TTL after its last access. (28 days)
Table 14.1 TTL values and default settings
Each resource also has a timer value. A timer value defines the frequency
(measured in seconds) at which the Global Traffic Manager refreshes the
metrics information it collects. In most cases, the default values for the TTL
and timer parameters are adequate. However, if you make changes to any
TTL or timer value, keep in mind that an object’s TTL value must be greater
than its timer value.
Table 14.2 describes each timer value, as well as its default setting.
Hops data refresh Specifies the frequency (in seconds) at which the Global Traffic 60
Manager retrieves traceroute data (traceroutes between each data
center and each local DNS).
Paths refresh Specifies the frequency (in seconds) at which the Global Traffic 120
Manager refreshes path information (for example, round trip time or
ping packet completion rate).
Table 14.2 Time values and default settings

Chapter 14
Sync Time Tolerance Specifies the number of seconds that one system’s time setting is 10
allowed to be out of sync with another system’s time setting.
Note: If you are using NTP to synchronize the time of the Global
Traffic Manager with a time server, leave the time tolerance at the
default value of 10. In the event that NTP fails, the Global Traffic
Manager uses the time_tolerance variable to maintain
synchronization.
This setting is available in the General screen of the Global Traffic
Manager’s general properties section.
Timer Sync State Specifies the interval (in seconds) at which the Global Traffic Manager 30
checks to see if it should change states (from Principal to Receiver or
from Receiver to Principal).
Metrics Caching Specifies the interval (in seconds) at which the Global Traffic Manager 3600
archives the paths and metrics data.
Table 14.2 Time values and default settings
To configure global TTL and timer values

1. On the Main tab in the navigation pane, expand System and then
3. Add the TTL and timer values settings.
For help on configuring the TTL and timer values settings, see the
online help for this screen.
14 - 6
Collecting Metrics
Excluding LDNS servers from probes

When the Global Traffic Manager attempts to probe a local domain name
server (LDNS), it is actively attempting to acquire data from that LDNS.
Certain Internet Service Providers and other organizations might request
that you do not probe their LDNS servers, while other LDNS servers might
be known to act as proxies, which do not provide accurate metrics data. In
these situations, you can configure the Global Traffic Manager to exclude
LDNS servers from probes. When you exclude an LDNS, the Global Traffic
Manager does not probe that system; however, the Global Traffic Manager
is also unable to use the Quality of Service load balancing mode to load
balance name resolution request from that LDNS.
To exclude an LDNS from probes

3. In the Address Exclusions area, in the IP Subnet box, type the IP
address and subnet that contains the LDNS servers you want to
exclude.
4. Click the Add button to add the LDNS or network segment to the
address exclusion list.
Removing LDNS servers from the address exclusion list

You can remove an LDNS from the address exclusion list at any time.
Situations in which you want to remove the LDNS include the LDNS
becoming inactive, or the IP address of the LDNS changing to a different
network subnet.
To remove an LDNS from the address exclusion list

3. In the Address Exclusion area, select the LDNS that you would like
to remove and click the Remove button.

Chapter 14
14 - 8
15
Writing iRules
• Introducing iRules for the Global Traffic Manager
• Creating iRules
• Assigning iRules
• Controlling iRule evaluation
• Using statement commands
• Using wide IP commands
• Using utility commands
• Using protocol commands
• Removing iRules
Writing iRules
Introducing iRules for the Global Traffic Manager

As you work with the Global Traffic Manager, you might find that you want
to incorporate additional customizations beyond the available features
associated with load balancing, monitors, or other aspects of your traffic
management. For example, you might want to have the Global Traffic
Manager respond to a name resolution request with a specific CNAME
record, but only when the request is for a particular wide IP and originates
from Europe. In the Global Traffic Manager, these customizations are
defined through iRules. iRules are code snippets that are based on TCL 8.4.
These snippets allow you a great deal of flexibility in managing your global
network traffic.
If you are familiar with the BIG-IP Local Traffic Manager, you might
already be aware of and use iRules to manage your network traffic on a local
level. The iRules in the Global Traffic Manager share a similar syntax with
their Local Traffic Manager counterparts, but support a different set of
events and objects.
What is an iRule?
An iRule is a script that you write if you want individual connections to
target a pool other than the default pool defined for a virtual server. iRules
allow you to more directly specify the pools to which you want traffic to be
directed. Using iRules, you can send traffic not only to pools, but also to
individual pool members or hosts.
The iRules you create can be simple or sophisticated, depending on your
content-switching needs. Figure 15.1 shows an example of a simple iRule.
when DNS_REQUEST {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
}
Figure 15.1 Example of an iRule
This iRule is triggered when a DNS request has been detected, causing the
Global Traffic Manager to send the packet to the pool my_pool, if the IP
address of the local DNS making the request matches 10.10.10.10.
iRules can direct traffic not only to specific pools, but also to individual pool
members, including port numbers and URI paths, either to implement
persistence or to meet specific load balancing requirements.
The syntax that you use to write iRules is based on the Tool Command
Language (Tcl) programming standard. Thus, you can use many of the
standard Tcl commands, plus a set of extensions that the Global Traffic
Manager provides to help you further increase load balancing efficiency.

Chapter 15
For information about standard Tcl syntax, see

http://tmml.sourceforge.net/doc/tcl/index.html.
Basic iRule elements

iRules are made up of these basic elements:
• Event declarations
• Operators
• iRule commands
Event declarations
iRules are event-driven, which means that the Global Traffic Manager
triggers an iRule based on an event that you specify in the iRule. An event
declaration is the specification of an event within an iRule that causes the
Global Traffic Manager to trigger that iRule whenever that event occurs.
Examples of event declarations that can trigger an iRule are
DNS_REQUEST, which triggers an iRule whenever the system receives a
DNS request, and LB_SELECTED, which triggers an iRule when a request
is sent to a specific pool.
For more information on iRule events, see Specifying events, on page 15-7.
Operators
An iRule operator compares two operands in an expression. In addition to
using the Tcl standard operators, you can use the operators listed in Table
15.1.
Operator Syntax
contains
Relational matches
operators equals
starts_with
ends_with
matches_regex
not
Logical and
operators or
Table 15.1 iRule operators
For example, you can use the contains operator to compare a variable
operand to a constant. You do this by creating an if statement that represents
the following: "If the client’s IP address contains 192.168.5.5, send to pool
aol_pool." Figure 15.2, on page 15-3 shows an iRule that performs this
action.
15 - 2
Writing iRules
when DNS_REQUEST {
if { [IP::client_addr] contains "1.2.3.4" } {
pool aol_pool
} else {
pool all_pool
}
}
Figure 15.2 An iRule based on the contains operator
iRule commands
An iRule command within an iRule causes the Global Traffic Manager to
take some action, such as querying for data, manipulating data, or specifying
a traffic destination. The types of commands that you can include within
iRules are:
Statement commands
These commands cause actions such as selecting a traffic destination or
assigning a SNAT translation address. An example of a statement
command is pool <name>, which directs traffic to the named load
balancing pool. For more information, see Using statement commands,
on page 15-8.
Protocol commands
These commands search for header and content data. An example of a
protocol command is IP::remote_addr, which searches for and returns
the remote IP address of a connection. For more information on protocol
commands, see Using protocol commands, on page 15-14.
Utility commands
These commands are functions that are useful for parsing and
manipulating content. An example of a utility command is findstr(),
which searches a given piece of text for a specific string. For more
information on using utility commands, see Using utility commands, on
page 15-11.

Chapter 15
Specifying traffic destinations

As described in the previous section, iRule commands instruct the Global
Traffic Manager to take direct action in some way. The following sections
show examples of iRule commands.
For detailed information on iRule commands, see these sections:
• Using statement commands, on page 15-8
• Using wide IP commands, on page 15-10
• Using utility commands, on page 15-11
• Using protocol commands, on page 15-14
Selecting a load balancing pool

Once you have specified a query within your iRule, you can use the pool
command to select a load balancing pool to which you want the Global
Traffic Manager to send a request. Figure 15.3 shows an example of this
command.
when DNS_REQUEST {
if { [wideip name] ends_with ".org" } {
pool org_pool
} elseif { [wideip name] ends_with ".com" } {
pool com_pool
}
}
Figure 15.3 Example of the pool command within an iRule
Selecting a specific server

As an alternative to the pool command, you can also write an iRule that
directs traffic to a specific server. To do this, you use the host command.
Figure 15.4 shows an example of this command.
when DNS_REQUEST {
if { [wideip name] ends_with ".com" } {
host 10.1.2.200 80
}
}
Figure 15.4 Example of the host command within an iRule
15 - 4
Writing iRules
Creating iRules
You create an iRule using the Configuration utility.
To create an iRule
click iRules.
The iRules screen opens.
3. In the Name box, type a 1- to 31-character name.
4. In the Definition box, type the syntax for your iRule.
5. If you want to expand the length of the Definition box, check
Extend Text Area. Also, if you want the contents of the iRule to
wrap within the box, check Wrap Text.
For detailed syntax information on writing iRules, see the remainder of this
chapter.

Chapter 15
Assigning iRules
Within the Global Traffic Manager, you assign iRules to the wide IPs in
your network configuration.
To assign an iRule
2. Click the name of the wide IP to which you want to assign an iRule.
The main iRules screen for the wide IP opens.
The Manage iRules screen opens.
5. From the iRule list, select an appropriate iRule.
6. Click the Add button.
The new rule appears in the list of assigned iRules.
15 - 6
Writing iRules
Controlling iRule evaluation

In a basic system configuration where no iRule exists, the Global Traffic
Manager directs incoming traffic to the default pool assigned to the wide IP
that receives that traffic based on the assigned load balancing modes.
However, you might want the Global Traffic Manager to direct certain kinds
of connections to other destinations. The way to do this is to write an iRule
that directs traffic to that other destination, contingent on a certain type of
event occurring. Otherwise, traffic continues to go to the default pool
assigned to the wide IP.
iRules are therefore evaluated whenever an event occurs that you have
specified in the iRule. For example, if an iRule includes the event
declaration DNS_REQUEST, then the iRule is triggered whenever the
Global Traffic Manager receives a name resolution request. The Global
Traffic Manager then follows the directions in the remainder of the iRule to
determine the destination of the packet.
Specifying events
The iRules feature includes several types of event declarations that you can
make in an iRule. Specifying an event declaration determines when the
Global Traffic Manager evaluates the iRule. The following sections list and
describe these event types. Also described is the concept of iRule context
and the use of the when keyword.
Event types
The iRule command syntax includes several types of event declarations that
you can specify within an iRule. These event types are listed in table 15.2.
iRule Event Description
Global Events
DNS_REQUEST Triggered when a DNS request is received from a client.
LB_SELECTED Triggered when the Global Traffic Manager has selected a target node.
LB_FAILED Triggered when a connection to the server was unable to complete. This might
occur if the pool has no available members or a selected pool member is
otherwise not available.
Table 15.2 Event declarations for iRules

Chapter 15
Using the when keyword

You make an event declaration in an iRule by using the when keyword,
followed by the event name. For example:
when DNS_REQUEST {
iRule details...
}
Listing iRules on wide IPs

When you assign multiple iRules as resources for a wide IP, it is important
to consider the order in which you list them on the wide IP. This is because
the Global Traffic Manager processes duplicate iRule events in the order
that the applicable iRules are listed. An iRule event can therefore terminate
the triggering of events, thus preventing the Global Traffic Manager from
triggering subsequent events.
To organize the list of iRules

4. Click Manage.
5. Click the name of an assigned iRule and then use either the Up
button to move the iRule up one position, or the Down button to
move the iRule down one position.
Using statement commands

Some of the commands available for use within iRules are known as
statement commands. Statement commands enable the Global Traffic
Manager to perform a variety of different actions. For example, some of
these commands specify the pools or servers to which you want the Global
Traffic Manager to direct traffic.
15 - 8
Writing iRules
Table 15.3 lists and describes statement commands that you can use within
iRules.
Statement Command Description
discard Causes the current packet or connection (depending on the context of the
event) to be discarded. This statement must be conditionally associated with
an if statement.
drop Same as the discard command.
[use] host <string> Causes the server host, as identified by a string, to be used directly, thus
bypassing any load-balancing.
if { <expression> } { Asks a true or false question and, depending on the answer, takes some
<statement_command> action.
}
Note that the maximum number of if statements that you can nest in an iRule
elseif { <expression> } { is 100.
<statement_command>
}
log [<facility>.<level>] <message> Generates and logs the specified message to the Syslog facility.
[use] host <addr> [<port>] Causes the server host, as identified by IP address and, optionally, port
number, to be used directly, thus bypassing any load-balancing.
[use] pool <pool_name> [member Causes the Global Traffic Manager to load balance traffic to the named pool.
<addr> [<port>]] This statement must be conditionally associated with an if statement.
Optionally, you can specify a specific pool member to which you want to direct
the traffic.
reject Causes the connection to be rejected, returning a reset as appropriate for the
protocol.
return Terminates execution of the iRule event .
Table 15.3 iRule statement commands

Chapter 15
Using wide IP commands

The Global Traffic Manager supports several iRule commands that are
unique to its global traffic management capabilities. These commands can
specify a specific CNAME or wide IP name, or determine the geographic
origin of the request.
Table 15.4 lists and describes wide IP commands that you can use within
iRules.
Statement Command Description
cname <cname> Returns the <cname> referenced.
wideip name Returns the wide IP name requested.
ttl <value> Overrides the default time-to-live value. If this command is used for a CNAME,
the value overrides the default of 0. If this command is used for a pool, the
value overrides the time-to-live value for that pool.
whereis <ip> [[country] [continent]] Returns the geographic location of a specific IP address. If the keywords
[country] or [continent] are not specified, this command returns all location
data.
Table 15.4 iRule wide IP commands
15 - 10
Writing iRules
Using utility commands

The Global Traffic Manager includes a number of utility commands that you
can use within iRules. You can use these commands to parse and retrieve
content, verify data integrity, and retrieve information about active pools
and pool members.
Parsing and manipulating content

Table 15.5 lists and describes the commands that return a string that you
specify. The pages following the table provide detail and examples of the
commands.
Command Description
findstr Finds a string within another string and returns the string starting at the offset specified from the
match.
substr Finds a string within another string and returns the string starting at the offset specified from the
match.
findclass Finds the member of a data group that contains the result of the specified expression, and returns
that data group member or the portion following the separator, if a separator was provided.
host Searches for a specific host name within the supplied <string>.
Table 15.5 Utility commands that parse and manipulate content
findstr
The findstr command finds the string <search_string> within <string> and
returns a sub-string based on the <skip_count> and <terminator> from the
matched location.
Note the following;
• <terminator> may be either a character or length.
• If <skip_count> is not specified, it defaults to zero.
• If <terminator> is not specified, it defaults to the end of the string.
• This command (without <skip_count> or <terminator>) is equivalent
to the following Tcl command: "string range <string> [string first
<string> <search_string>] end".
The syntax of the findstr() command is as follows:

findstr <string> <search_string> [<skip_count> [<terminator>]

Chapter 15
Figure 15.5 shows an example of an iRule using the findstr command.
when DNS_REQUEST {
if { [findstr [IP::protocol]] equals "tcp" } {
pool tcp_servers
} else {
pool udp_servers
}
}
Figure 15.5 An iRule using the findstr command
substr
The substr command returns a sub-string <string> based on the values of
<skip_count> and <terminator>.
Note the following:
• The <skip_count> and <terminator> arguments are used in the same
way as they are for the findstr command.
• This command is equivalent to the Tcl string range command except
that the value of <terminator> may be either a character or a count.
The syntax of the substr command is:

substr <string> <skip_count> [<terminator>]
findclass
The findclass command searches a data group list for a member that starts
with <string> and returns the data-group member string. The member is not
required to be equal; instead, the member is only required to start with the
string and the command returns the entire member value.
The syntax of the findclass command is:
findclass <string> <data group> [(separator)]
Note that if a separator is specified, the data group member is split on the
separator, and the latter portion (that is, the portion following the separator)
is returned.
host
The host command searches for a specific host name within the supplied
<string>. This command also has a counterpart, host <ip> which searches
for an IP address instead of a name.
The syntax of the host command is:
host <string>
15 - 12
Writing iRules
Ensuring data integrity

Some of the commands available for use within iRules allow you to check
the integrity of data. Table 15.6 lists and describes these commands.
Utility Command Description
crc32 <string> Returns the crc32 checksum for the provided string, or if an error occurs, an
empty string. Used to ensure data integrity.
md5 <string> Returns the RSA Data Security, Inc. MD5 Message Digest Algorithm (md5)
message digest of the provided string, or if an error occurs, an empty string.
Used to ensure data integrity.
Table 15.6 Utility commands for ensuring data integrity
Retreiving resource information

Some of the commands available for use within iRules allow you to retrieve
data about servers, pools, and pool members. Table 15.7 lists and describes
these commands.
Utility Command Description
active_members <pool name> Returns the number of active members in the pool.
member_priority <pool name> Returns the priority for pool member ip:port.
member <ip> [<port>]
LB::server Returns the name of the server selected for a load balancing operation.
LB::status Returns the status of the selected resource.
Table 15.7 Utility commands for retrieving pool information

Chapter 15
Using protocol commands

The Global Traffic Manager includes a number of protocol commands that
you can use within iRules. You can use these commands to identify IP
addresses and ports of both the clients and servers for a given name
resolution transaction.
IP commands
The Global Traffic Manager supports the following IP commands.
Protocol Command Description
IP::remote_addr Returns the IP address of the client for a given name resolution request.
Equivalent to IP::client_addr.
IP::local_addr Returns the IP address of the server for a given name resolution request.
Equivalent to IP::server_addr.
IP::client_addr Returns the IP address of the client for a given name resolution request.
Equivalent to IP::remote_addr.
IP::server_addr Returns the IP address of the server for a given name resolution request.
Equivalent to IP::local_addr.
IP::protocol Returns the IP protocol value, such as TCP or UDP.
Table 15.8 IP commands for iRules
TCP commands
The Global Traffic Manager supports the following TCP commands.
TCP::client_port Returns the client’s TCP port/service number.
TCP::server_port Returns the server’s TCP port/service number.
Table 15.9 TCP commands for iRules
15 - 14
Writing iRules
UDP commands
The Global Traffic Manager supports the following UDP commands.
UDP::client_port Returns the client’s UDP port/service number.
UDP::server_port Returns the server’s UDP port/service number.
Table 15.10 UDP commands for iRules

Chapter 15
Removing iRules
Within the Global Traffic Manager, you can remove an iRule from a wide IP
at any time.
To remove an iRule
4. Click Manage.
5. Select the iRule that you would like to remove, and then click the
Remove button to remove it.
15 - 16
16
• Introducing ZoneRunner
• Working with zone files
• Working with resource records
• Working with views
• Managing the named.conf file

Introducing ZoneRunner
One of the modes in which you operate the Global Traffic Manager is the
node mode. In the node mode, the Global Traffic Manager is responsible not
only for load balancing name resolution requests and monitoring the health
of your physical and logical network; it is also responsible for maintaining
the DNS zone files that map name resolution requests to the appropriate
network resource.
In the Global Traffic Manager, you create, manage, and maintain DNS files
using the ZoneRunner™ utility. The ZoneRunner utility is a zone file
management utility that can manage both DNS zone files and your BIND
configuration. With the ZoneRunner utility, you can:
• Manage the DNS zones and zone files for your network, including
importing and transferring zone files
• Manage the resource records for those zones
• Manage views (a BIND 9 feature)
• Manage a local name server and its configuration file, named.conf
Working with DNS and BIND

The ZoneRunner utility is an advanced feature of the Global Traffic
Manager. We highly recommend that you become familiar with the various
aspects of BIND and DNS before you use this feature. For in-depth
information, we recommend the following resources:
• DNS and BIND, 4th edition, Paul Albitz and Cricket Liu
• The IETF DNS documents, RFC 1034 and RFC 1035
• The Internet Systems Consortium web site,
http://www.isc.org/index.pl?/sw/bind/
Understanding ZoneRunner tasks

When you use the ZoneRunner utility to manage your DNS zones and
resource records, you can accomplish several tasks, including:
• Configure a zone
• Configure the resource records that make up the zone
• Configure a view, for access control
• Configure options in the named.conf file
Note
In the Configuration utility, you must configure a zone before you configure
any other objects in the ZoneRunner utility.
The remainder of this chapter discusses these tasks in detail.

Chapter 16
Working with zone files

With the ZoneRunner utility, you can create, modify, and delete zone files.
Additionally, you can transfer zone files to another name server, or import
zone files from another name server. A zone file contains resource records
and directives that describe the characteristics and hosts of a zone, otherwise
known as a domain or sub-domain.
Types of zone files

There are five types of zone files. Each type has its own content
requirements and role in the DNS.
The types of zones are:
Master
Zone files for a master zone contain, at minimum, the start of authority
(SOA) and name server (NS) resource records for the zone. Master zones
are authoritative, that is, they respond to DNS queries for the domain or
sub-domain. A zone can have only one SOA record, and must have at
least one NS record.
Slave
Zone files for a slave zone are copies of the master zone files. At an
interval specified in the SOA record, slave zones query the master zone
to check for and obtain updated zone data. A slave zone responds
authoritatively for the zone as long as the zone data is valid.
Stub
Stub zones are similar to slave zones, except that stub zones contain only
the NS records for the zone. Note that stub zones are a specific feature of
the BIND implementation of DNS. We recommend that you use stub
zones only if you have a specific requirement for this functionality.
Forward
The zone file for a forwarding zone contains only information to forward
DNS queries to another name server on a per-zone (or per-domain) basis.
Hint
The zone file for a hint zone specifies an initial set of root name servers
for the zone. Whenever the local name server starts, it queries a root
name server in the hint zone file to obtain the most recent list of root
name servers.
Creating zone files

You can use the ZoneRunner utility to create any of the zone types
described in the previous section.
16 - 2
To create a zone
click ZoneRunner.
The Resource Records List screen opens.
2. On the menu bar, click Zone List.
The Zone List screen opens.
The New Zone screen opens.
4. From the View Name list, select a view with which to associate the
new zone.
The default setting is external.
5. In the Zone Name box, type a fully-qualified domain name for the
zone.
Note: Do not forget the trailing dot ( . ) at the end of the name.
6. From the Zone Type list, select the type of zone that you are
configuring.
The screen refreshes to display the configuration settings for the
zone type.
Note
Each zone type has unique characteristics. The following sections describe
how to create each zone type.
Creating a master zone

Master zones have many components. When you create a master zone, you
create a zone file, an SOA record, and an initial NS record. You can also
create a reverse zone and its corresponding reverse zone file.
Note
The following procedure assumes you have completed the steps as listed in
the previous section, Creating zone files, on page 16-2.
To create a master zone configuration

click ZoneRunner.
4. On the New Zone screen, select Master from the Zone Type list.
The screen refreshes to display the configuration options and
records creation options for a master zone.

Chapter 16
5. From the Records Creation Method list, select Manual. The

configuration options in the Records Creation section in the
following procedure change, depending on the record creation
method that you select in this step.
Note: The Records Creation Method list has two additional
options: Load From File and Transfer from Server. These options
are discussed in the section, Importing zone files, on page 16-8.
6. In the Zone File Name box, type the name you want to use for the
zone file.
7. In the Options box, you can type any additional statements that the
zone requires. Do not delete the allow-update statement as the
system needs this to maintain compatibility with the wide IP
information.
Important: Exercise caution when typing in the Options box. The
system writes any changes you make directly to the named.conf file.
For information on available options and syntax, refer to the BIND
documentation mentioned at the beginning of this chapter.
8. Check the Create Reverse Zone box to specify that the system
creates a reverse zone for this zone.
9. In the Reverse Zone Name box, type a name for the reverse zone,
and then select whether the reverse zone applies to IPv4 or IPv6
networks.
10. In the Reverse Zone File Name box, type the name you want to use
for the reverse zone file.
11. In the SOA Record section, supply the relevant configuration for
the Start of Authority (SOA) record associated with this zone.
12. In the NS Record section, supply the information for the first Name
Server associated with this zone.
See Creating NS resource records, on page 16-16 for more
information.
Creating a slave zone

Slave zones are essentially copies of master zones. Slave zones can respond
to DNS queries, which significantly reduces the possibility that a query goes
unanswered. Slave zones regularly poll master zones to get up-to-date zone
information.
Note
16 - 4
To create a slave zone

click ZoneRunner.
4. On the New Zone screen, select Slave from the Zone Type list.
The screen refreshes to display the configuration options for a slave
zone.
5. In the Reverse Zone Name box, type the of the reverse zone, and
then select the appropriate ARPA address, depending on whether
you are using IPv4 or IPv6.
6. In the Reverse Zone File Name box, type the name of the file for
the reverse zone.
zone file.
zone requires. Do not delete the allow-update statement as the
information.
Creating a stub zone

Stub zones contain only the NS records for a zone. Stub zones are a unique
feature of the BIND implementation of DNS. As such, we recommend that
you carefully evaluate using stub zones in your configuration. Refer to the
BIND documentation for additional information about stub zones.
Note
To create a stub zone

click ZoneRunner.

Chapter 16

zone.
the reverse zone.
zone file.
zone requires. Do not delete the allow-update statement, as the
information.
Creating a hint zone

Hint zones designate a subset of the root servers list. When the local name
server starts (or restarts), the name server queries the root servers in the hint
zone for the most current list of root servers.
Note
To create a hint zone

click ZoneRunner.
16 - 6
zone.
5. In the Reverse Zone Name box, type the name of the reverse zone,
and then select the appropriate ARPA address, depending on
whether you are using IPv4 or IPv6.
the reverse zone.
Creating a forward zone

Forward zones provide forwarding information for a zone or a domain.
When a query comes in that matches a forward zone, the ZoneRunner utility
sends the query to the server specified in the forward zone, rather than
returning the query to the requesting local DNS server.
Note
To create a forward zone

click ZoneRunner.
zone.
the reverse zone.

Chapter 16
zone requires. Do not delete the forwarders statement as the system
needs this to maintain compatibility with the wide IP information.
Importing zone files

Often, when you add the Global Traffic Manager to your network, you
already have a DNS server that manages your zone files. Typically, the
Global Traffic Manager can then become either a secondary server that
provides backup DNS information in case your primary DNS server goes
offline, or becomes the primary DNS server. In either situation, you can use
the ZoneRunner utility to import existing zone files into the Global Traffic
Manager instead of re-creating them manually.
Through the ZoneRunner utility, you can import zone files using one of two
methods:
• Loading zones from a file
• Transferring zones from a server
Note
You can import only master zones files.
Loading zones from a file

If you know where the zone files you want to import reside on your server,
you can load these files directly into the Global Traffic Manager through the
ZoneRunner utility. Once you load a zone file into the Global Traffic
Manager, the ZoneRunner utility displays information about the zone and
any of its resource records within the Configuration utility.
Note
You can load only master zones files.
To load a zone from a file

1. On the Main tab, expand Global Traffic and click ZoneRunner.
16 - 8
new zone.
zone.
6. From the Zone Type list, select Master.
7. From the Records Creation Method, select Load From File.
8. In the Upload Records File box, located in the Records Creation
section, type the path to the zone file.
Alternatively, you can click the Browse button to navigate to the
file.
Transferring zones from servers

Instead of loading zones from a file, you have the option of transferring
them from existing DNS server. This method is useful if the zone files you
need reside at a remote location. Once you transfer a zone file into the
Global Traffic Manager, the ZoneRunner utility displays information about
the zone and any of its resource records within the Configuration utility.
Before you can transfer zone files from another server, you must ensure that
the you have configured the source server to allow transfers to the
destination server. You typically accomplish this task using the
allow-transfer option. See your DNS and BIND documentation for more
information.
Note
You can transfer only master zones files.
To transfer a zone from a server

click ZoneRunner.
new zone.
zone.
6. From the Zone Type list, select Master.

Chapter 16
7. From the Records Creation Method, select Transfer from

Server.
8. In the Source Server box, located in the Records Creation section,
type the path to DNS server.
9. In the Source Zone box, type the name of the zone you want to
transfer to the Global Traffic Manager.
Modifying zones
Through the ZoneRunner utility, you can modify zones on an as-needed
basis. For example, you can increase or decrease the time-to-live (TTL)
value for the zone, or change the master server for the zone.
Note
You can also add resource records to an existing zone file. See Working
with resource records, on page 16-11.
To modify a zone
click ZoneRunner.
The main screen for the zone opens.
3. Click the name of the zone that you want to modify.
The properties screen for the zone opens.
4. Modify the settings for the zone as needed.
Deleting zones
With the ZoneRunner utility, you can delete zones that either have become
obsolete or are no longer relevant to the Global Traffic Manager due to a
network configuration change. For example, you might adjust your name
servers, after which the Global Traffic Manager is no longer responsible for
a specific zone.
To delete a zone
The main screen for the zone opens.
16 - 10
3. Click the name of the zone that you want to modify.

The properties screen for the zone opens.
4. Modify the settings for the zone as needed.
6. Click the Delete button again to delete the zone.
Working with resource records

Resource records are the files that contain the details about a zone. These
resource records, in a hierarchical structure, make up the domain name
system (DNS). Once you have created a zone, you can use the ZoneRunner
utility to view, create, modify, and delete the resource records for that zone.
Note
Although case is preserved in names and data fields when loaded into the
name server, comparisons and lookups in the name server database are not
case-sensitive.
Types of resource records

This section describes the common resource records that the ZoneRunner
utility supports. For information on additional resource record types, see
DNS and BIND, 4th edition, Albitz and Liu.
The types of resource records are:
SOA (Start of authority)
The start of authority resource record, SOA, starts every zone file and
indicates that a name server is the best source of information for a
particular zone. The SOA record indicates that a name server is
authoritative for a zone. There must be exactly one SOA record per zone.
Unlike other resource records, you create a SOA record only when you
create a new master zone file.
A (Address)
The Address record, or A record, lists the IP address for a given host
name. The name field is the host’s name, and the address is the network
interface address. There should be one A record for each IP address of
the machine.
AAAA (IPv6 Address)
The IPv6 Address record, or AAAA record, lists the 128-bit IPv6 address
for a given host name.

Chapter 16
CNAME (Canonical Name)

The Canonical Name resource record, CNAME, specifies an alias or
nickname for the official, or canonical, host name. This record must be
the only one associated with the alias name. It is usually easier to supply
one A record for a given address and use CNAME records to define alias
host names for that address.
DNAME (Delegation of Reverse Name)
The Delegation of Reverse Name resource record, DNAME, specifies the
reverse lookup of an IPv6 address. These records substitute the suffix of
one domain name with another. The DNAME record instructs the Global
Traffic Manager (or any DNS server) to build an alias that substitutes a
portion of the requested IP address with the data stored in the DNAME
record.
HINFO (Host Information)
The Host Information resource record, HINFO, contains information on
the hardware and operating system relevant to the Global Traffic
Manager (or other DNS).
MX (Mail Exchanger)
The Mail Exchange resource record, MX, defines the mail system(s) for
a given domain.
NS (Name Server)
The name server resource record, NS, defines the name servers for a
given domain, creating a delegation point and a subzone. The first name
field specifies the zone that is served by the name server that is specified
in the name servers name field. Every zone needs at least one name
server.
PTR (Pointer)
A name pointer resource record, PTR, associates a host name with a
given IP address. These records are used for reverse name lookups.
SRV (Service)
The Service resource record, SRV, is a pointer that allows an alias for a
given service to be redirected to another domain. For example, if the
fictional company SiteRequest had an FTP archive hosted on
archive.siterequest.com, the IT department could create an SRV record
that allows an alias, ftp.siterequest.com to be redirected to
archive.siterequest.com.
TXT (Text)
The Text resource record, TXT, allows you to supply any string of
information, such as the location of a server or any other relevant
information that you want available.
Creating resource records

You can use the ZoneRunner utility to create any of the resource record
types described in Types of zone files, on page 16-2.
16 - 12
To create a resource record

click ZoneRunner.
The New Resource Record screen opens.
new zone.
4. In the Zone Name box, select the zone with which this record is
associated.
5. In the Name box, type the name for the resource record.
6. In the TTL box, type the time-to-live value for the record.
7. From the Type list, select the type of resource record that you are
configuring.
The screen refreshes to display the configuration settings for the
resource record type.
Note
Each resource record type has unique characteristics. The following

sections describe how to create each resource record type, and build on the
steps listed in this procedure.
Creating A resource records

The Address record, or A record, lists the IP address for a given host name.
The following steps describe how to create an A record for a zone.
Note
Creating resource records, on page 16-12.
To create an A record
1. On the New Resource Record screen, select A from the Type list.
The screen refreshes to display the configuration options for an A
resource record.
2. In the IP Address box, type the IP address for the A record.
3. If you want to create a reverse record that corresponds to this record,
check Create Reverse Record.

Chapter 16
Creating AAAA resource records

The IPv6 Address record, or AAAA record, is a record used for 128-bit IPv6
addresses. The following steps describe how to create an AAAA record for a
zone.
Note
To create an AAAA record

1. On the New Resource Record screen, select AAAA from the Type
list.
The screen refreshes to display the configuration options for an
AAAA resource record.
2. In the IP Address box, type the IP address for the AAAA record.
3. If you want to create a reverse record that corresponds to this record,
check Create Reverse Record.
Creating CNAME resource records

The Canonical Name resource record, CNAME, specifies an alias or
nickname for the official, or canonical, host name. The following steps
describe how to create a CNAME record for a zone.
Note
To create a CNAME record

1. On the New Resource Record screen, select CNAME from the
Type list.
CNAME resource record.
2. In the CNAME box, type the appropriate alias for the resource
record.
16 - 14
Creating DNAME resource records

The Delegation of Reverse Name resource record, DNAME, specifies the
reverse lookup of an IPv6 address. The following steps describe how to
create a DNAME record for a zone.
Note
To create a DNAME record

1. On the New Resource Record screen, select DNAME from the
Type list.
DNAME resource record.
2. In the DNAME box, type the appropriate reverse name for the
resource record.
Creating HINFO resource records

The Host Information resource record, HINFO, contains information on the
hardware and operating system relevant to the Global Traffic Manager (or
other DNS). The following steps describe how to create an HINFO record
for a zone.
Note
To create an HINFO record

1. On the New Resource Record screen, select HINFO from the Type
list.
HINFO resource record.
2. In the Hardware box, type the appropriate hardware information
for the resource record.
3. In the OS box, type the appropriate operating system information
for the resource record.

Chapter 16
Creating MX resource records

The Mail Exchange resource record, MX, defines the mail system(s) for a
given domain. The following steps describe how to create an MX record for
a zone.
Note
To create an MX record
1. On the New Resource Record screen, select MX from the Type list.
The screen refreshes to display the configuration options for an MX
resource record.
2. In the Preference box, type the preference for the mail server.
Preference is a numeric value for the preference of this mail
exchange host relevant to all other mail exchange hosts for the
domain. Lower numbers indicate a higher preference, or priority.
3. In the Mail Server box, type the appropriate domain name for the
mail server.
Creating NS resource records

The name server resource record, NS, defines the name servers for a given
domain, creating a delegation point and a subzone. The following steps
describe how to create an NS record for a zone.
Note
To create an NS record
1. On the New Resource Record screen, select NS from the Type list.
The screen refreshes to display the configuration options for an NS
resource record.
2. In the Name Server box, type the appropriate domain name for the
resource record.
16 - 16
Creating PTR resource records

A name pointer resource record, PTR, associates a host name with a given
IP address. These records are used for reverse name lookups.
Note
To create a PTR record

1. On the New Resource Record screen, select PTR from the Type
list.
The screen refreshes to display the configuration options for a PTR
resource record.
2. In the Domain box, type the appropriate domain name for the
resource record.
Creating SRV resource records

The Service resource record, SRV, is a pointer that allows an alias for a
given service to be redirected to another domain. The following steps
describe how to create an SRV record for a zone.
Note
To create an SRV record

1. On the New Resource Record screen, select SRV from the Type
list.
The screen refreshes to display the configuration options for an SRV
resource record.
2. In the Priority box, type the appropriate priority level for this host.
The lower the number in this box, the higher the priority level.
3. In the Weight box, type the proportion of requests that should be
targeted at this server.
This value is used when two hosts have the same priority. The
higher the number in this box, the greater the weight.
4. In the Port box, type the port on which the service is running.
5. In the Target Server box, type the domain name of a host running
the service on the port specified in the Port box.

Chapter 16
Creating TXT resource records

The Text resource record, TXT, allows you to supply any string of
information, such as the location of a server or any other relevant
information that you want available. The following steps describe how to
create a TXT record for a zone.
Note
To create a TXT record

1. On the New Resource Record screen, select TXT from the Type
list.
The screen refreshes to display the configuration options for an TXT
resource record.
2. In the Text box, type the appropriate text for the resource record.
Modifying a resource record

If you decide you need to change the settings for a given resource record,
you can modify it at any time.
To modify a resource record

2. Click the name of the resource record that you want to modify.
The properties screen for the resource record opens.
3. Modify the resource record as needed.
Adding resource records to an existing zone file

In addition to creating a resource record through the Record List screen, you
can create one when you modify an existing zone file.
To add a resource record to an existing zone file

16 - 18
3. Click the name of the zone to which you want to add a resource
record.
The properties screen for that zone opens.
4. Click the Add Resource Record button, located at the bottom of
the screen.
The New Resource Record screen opens, with the View and Zone
Name options filled out to reflect the appropriate settings for the
zone file.
5. Create the new resource record as needed.
See Creating resource records, on page 16-12 for more information.
Working with views

One of the features available in BIND 9 is the addition of views to your
DNS configuration. A view allows you to modify the name server
configuration based on the community attempting to access it. For example,
if your DNS handles request from both inside and outside your company,
you could create two views: internal and external. Through views, you can
build name server configurations on the same server, and have those
configurations apply dynamically when the request originates from a
specified source.
In the Global Traffic Manager, a single view is created automatically within
the ZoneRunner utility: external. If you do not want to create views, all
zones that the Global Traffic Manager maintains are associated with this
default view.
Through the ZoneRunner utility, you can:
• Add views
• Modify views
• Delete views
Adding views
If you have a DNS that is accessed from multiple communities, you can
create a view for each community. Depending on the community, the name
server uses a different configuration for resolving name requests.
To add a view

Chapter 16
2. On the menu bar, click View List.

The View List screen opens.
The New View screen opens.
4. In the View Name box, type a name for the view.
5. In the View Order box, select where the view resides in the view
hierarchy for the name server.
6. In the Options box, specify the criteria that determines when the
DNS should use the zone files associated with this view.
Modifying views
As the needs of the communities attempting to access the Global Traffic
Manager as a DNS change, you might need to modify your views. Through
the ZoneRunner utility, you can modify a view at any time.
To modify a view
3. Click the name of the view you want to modify.
The properties screen for the view opens.
4. Modify the view settings as needed. Note that you cannot change
the name of the view.
5. Click Update to apply your changes.
Deleting views
If a view is no longer necessary for your name resolutions, you can delete it
from the ZoneRunner utility.
To delete a view
3. Click the name of the view you want to delete.
16 - 20

5. Click the Delete button again to delete the view.
Adding zones to views

Once you create a view, you can create zones that will belong to the view.
To add a zone to a view

3. Click the name of the view you want to delete.
4. Click the Add Zone button.
5. Create the new zone as needed.
See Creating zone files, on page 16-2 for more information on
creating zone files.
Managing the named.conf file

You define the primary operational characteristics of BIND using a single
file, named.conf. The functions defined in this file include views, access
control list definitions, and zones.
You can control most of the contents of the named.conf file through the
ZoneRunner utility, as this utility updates the named.conf file to implement
any modifications that you make. However, you can also use the
ZoneRunner utility to edit the named.conf file directly.
Important
This section assumes that you are fully familiar with the named.conf file
and the syntax of its contents. Modifying the named.conf file carries a high
level of risk, as a syntax error can prevent the entire BIND system from
performing as expected. For this reason, we recommend that you use the
user interface of the ZoneRunner utility whenever possible, and that you
exercise caution when editing the named.conf file.
To modify the named.conf file


Chapter 16
2. On the menu bar, click Named Configuration.

The named.conf configuration screen opens.
3. Edit the contents of the named.conf file as needed:
• You can increase the size of the box containing the named.conf
contents by checking Extend Text Area.
• You can have the contents of the named.conf file wrap to fit the
box by checking Wrap Text.
16 - 22
A
• Introducing the big3d agent
• Collecting path data and server performance

metrics
• Setting up communication between Global Traffic

Managers and other servers
Introducing the big3d agent

The big3d agent collects performance information on behalf of the Global
Traffic Manager. The big3d agent runs on all BIG-IP systems. In most
cases, you want to run a big3d agent on all of these systems in the network,
but you can turn off the big3d agent on any system at any time. If you turn
off the big3d agent on a server, the Global Traffic Manager can no longer
check the availability of the server or its virtual servers, and the statistics
screens display the status as unknown (blue ball). The big3d agent is a
critical component of the Global Traffic Manager; without it, the Global
Traffic Manager cannot access much of the information you need regarding
other BIG-IP systems on the network.
Note
We recommend that you have a big3d agent running on at least one system
in each data center in your network. This configuration ensures that the
Global Traffic Manager has timely access to the metrics associated with
network traffic
Configuration Guide for BIG-IP® Global Traffic Management A-1

Appendix A
Collecting path data and server performance metrics

A big3d agent collects the following types of performance information used
for load balancing. The big3d agent broadcasts this information to all
Global Traffic Managers in your network.
Network path round trip time
The big3d agent calculates the round trip time for the network path
between the agent’s data center and the client’s LDNS server that is
making the resolution request. The Global Traffic Manager uses round
trip time to determine the best virtual server to answer the request when a
pool uses a dynamic load balancing mode, such as Round Trip Time, or
Quality of Service.
Network path packet loss
The big3d agent calculates the packet completion percentage for the
network path between the agent’s data center and the client’s LDNS
server that is making the resolution request. The Global Traffic Manager
uses the packet completion rate to determine the best virtual server to
answer the request when a wide IP or pool uses either the Completion
Rate or the Quality of Service load balancing modes.
Router hops along the network path
The big3d agent calculates the number of intermediate system transitions
(router hops) between the agent’s data center and the client’s LDNS
server. The Global Traffic Manager uses hops to determine the best
virtual server to answer the request when a pool uses the Hops or the
Quality of Service load balancing modes.
Server performance
The big3d agent returns server metrics, such as the packet rate, for
BIG-IP systems or SNMP-enabled hosts. The Global Traffic Manager
uses packet rate to determine the best virtual server to answer the request
when a pool uses the Packet Rate, KBPS, Least Connections, or Quality
of Service load balancing modes.
Virtual server availability and performance
The big3d agent queries virtual servers to verify whether they are up and
available to receive connections, and uses only those virtual servers that
are up for load balancing. The big3d agent also determines the number
of current connections to virtual servers that are defined on BIG-IP
systems or SNMP-enabled hosts. The Global Traffic Manager uses the
number of current connections to determine the best virtual server when
a pool uses the Least Connections or VS Capacity load balancing mode.
Setting up data collection with the big3d agent

Setting up the big3d agents involves the following tasks:
Installing big3d agents on BIG-IP systems
Each new version of the Global Traffic Manager software includes the
latest version of the big3d agent. You need to distribute that copy of the
A-2
big3d agent to each BIG-IP system in the network. See the release notes
provided with the Global Traffic Manager software for information about
which versions of the BIG-IP software the current big3d agent supports.
For details on installing the big3d agent, see Installing the big3d agent,
following.
Setting up communications between big3d agents and other systems
Before the big3d agents can communicate with the Global Traffic
Managers in the network, you need to configure the appropriate ports and
tools to allow communication between the devices running the big3d
agent and Global Traffic Managers in the network. These planning issues
are discussed in Setting up communication between Global Traffic
Managers and other servers, on page A-5.
Installing the big3d agent

The big3d agent is installed by running the big3d_install script. With the
correct ports open, the Global Traffic Manager will also automatically
update older big3d agents on the network.
When you install the big3d agent, you must complete the following tasks:
• Install the Global Traffic Manager.
• Add the BIG-IP systems as servers to the Global Traffic Manager.
• Exchange the appropriate Web certificates between the Global Traffic
Manager and other systems.
• Open ports 22 and 4353 between the Global Traffic Manager and the
other BIG-IP systems.
The big3d agent installed with the Global Traffic Manager automatically
attempts to communicate with the other BIG-IP systems. If it determines
that it is communicating with an older big3d agent, it automatically replaces
that agent with the latest version.
Understanding the data collection and broadcasting sequence

The big3d agents collect and broadcast information on demand. The Global
Traffic Manager in a synchronization group issues a data collection request
to all big3d agents running in the network. In turn, the big3d agents collect
the requested data, and then broadcast that data to all Global Traffic
Managers running in the network.
Evaluating big3d agent configuration trade-offs

You must run a big3d agent on each BIG-IP system in your network if you
use dynamic load balancing modes (those that rely on path data). (For
information about dynamic load balancing, see Using dynamic load
balancing modes, on page 6-7.) You must have a big3d agent running on at
least one system in each data center to gather the necessary path metrics.

Appendix A
The load on the big3d agents depends on the timer settings that you assign
to the different types of data the big3d agents collect. The shorter the timers,
the more frequently the big3d agent needs to refresh the data. While short
timers guarantee that you always have valid data readily available for load
balancing, they also increase the frequency of data collection.
Another factor that can affect data collection is the number of client LDNS
servers that make name resolution requests. The more LDNS servers that
make resolution requests, the more path data that the big3d agents have to
collect. While round trip time for a given path may vary constantly due to
current network load, the number of hops along a network path between a
data center and a specific LDNS does not often change. Consequently, you
may want to set short timer settings for round trip time data so that it
refreshes more often, but set high timer settings for hops data because it
does not need to be refreshed often.
A-4
Setting up communication between Global Traffic

Managers and other servers
In order to copy big3d agents from a Global Traffic Manager to BIG-IP
systems, the Global Traffic Manager must be able to communicate with the
other systems.
Setting up iQuery communications for the big3d agent

The iQuery protocol uses one of two ports to communicate between the
big3d agents throughout the network and Global Traffic Managers. The
ports used by iQuery traffic change, depending on whether the traffic is
inbound from the big3d agent or outbound from the Global Traffic
Manager.
Table A.1 shows the protocols, and ports for both inbound and outbound
iQuery communications between Global Traffic Managers and big3d agents
distributed in your network.
From To Protocol From Port To Port
GTM system big3d agent TCP 4354 4353
GTM system big3d agent TCP >1023 4353
Table A.1 Communication protocols and ports between Global Traffic

Managers and big3d agents
Table A.2 shows the protocols and corresponding ports used for iQuery
communications between big3d agents and SNMP agents that run on host
servers.
From To Protocol From Port To Port Purpose
big3d agent host SNMP agent UDP >1023 161 Ephemeral ports used to make
SNMP queries for host statistics
host SNMP agent big3d agent UDP 161 >1023 Ephemeral ports used to receive
host statistics using SNMP
Table A.2 Communication protocols and ports between big3d agents and SNMP agents on hosts
If you run a big3d agent on a Global Traffic Manager system or a BIG-IP

system, and you set the SNMP monitor to 1 or higher, the big3d agent
automatically opens the appropriate UDP ports to allow for SNMP
communications. If you do not want to open the UDP ports for this purpose,
you need to set the SNMP factory count to 0.

Appendix A
Allowing iQuery communications to pass through firewalls

The payload information of an iQuery packet contains information that
potentially requires network address translation when there is a firewall in
the path between the big3d agent and the Global Traffic Manager. The
firewall translates only the packet headers, not the payloads.
The virtual server translation option resolves this issue. When you configure
address translation for virtual servers, the iQuery packet stores the original
IP address in the packet payload itself. When the packet passes through a
firewall, the firewall translates the IP address in the packet header normally,
but the IP address within the packet payload is preserved. The Global
Traffic Manager reads the IP address out of the packet payload, rather than
out of the packet header.
For example, firewall separates the path between a BIG-IP system running a
big3d agent, and the Global Traffic Manager. The packet addresses are
translated at the firewall. However, addresses within the iQuery payload are
not translated, and they arrive at the BIG-IP system in their original states.
Communications between Global Traffic Managers, big3d agents,

and local DNS servers
Table A.3 shows the protocols and ports that the big3d agent uses when
collecting path data for local DNS servers.
From To Protocol From Port To Port Purpose
big3d LDNS ICMP N/A N/A Probe using ICMP pings
big3d LDNS TCP >1023 53 Probe using TCP (Cisco routers: allow establish)
LDNS big3d TCP 53 >1023 Replies using TCP (Cisco routers: allow
establish)
big3d LDNS UDP 53 33434 Probe using UDP or traceroute utility
LDNS big3d ICMP N/A N/A Replies to ICMP, UDP pings, or traceroute
probes
big3d LDNS dns_rev >1023 53 Probe using DNS rev or DNS dot
dns_dot
LDNS big3d dns_rev 53 >1023 Replies to DNS rev or DNS dot probes
dns_dot
Table A.3 Communications between big3d agents and local DNS servers
A-6
B
Working with SNMP
• Introducing SNMP in a BIG-IP system environment
• Configuring SNMP on the Global Traffic Manager
• Configuring the Global Traffic Manager SNMP agent

using the Configuration utility
• Configuring SNMP settings to probe hosts
• Configuring the SNMP agent on host servers

Working with SNMP
Introducing SNMP in a BIG-IP system environment

The Global Traffic Manager ships with a customized simple network
management protocol (SNMP) agent and management information base
(MIB). This appendix describes the management and configuration tasks
with which you can configure the Global Traffic Manager SNMP agent.
The Global Traffic Manager SNMP agent and Global Traffic Manager MIB
allow you to monitor the Global Traffic Manager by configuring traps for
the SNMP agent or by polling the system with a standard network
management station. The Global Traffic Manager SNMP agent has the
following options to ensure secure management:
• Community names
• TCP wrappers
• View access control mechanism (VACM)
Using the Configuration utility, you can configure the Global Traffic
Manager SNMP agent to send traps to your network management system.
You can also set up custom traps by editing several configuration files.
Configuration Guide for BIG-IP® Global Traffic Management B-1

Appendix B
Configuring SNMP on the Global Traffic Manager

To use SNMP on the Global Traffic Manager, you must complete the
following tasks:
Download the Global Traffic Manager MIBs and load them into your
network management station
Modify or verifty the following configuration files:
• /etc/hosts.allow
• /etc/hosts.deny
• /etc/snmpd.conf
• /etc/3dns_snmptrap.conf
• /etc/syslog.conf
Configure options for the checktrap.pl script
Note
If you are configuring the Global Traffic Manager module on a BIG-IP

system, you configure any SNMP settings using the BIG-IP Configuration
utility. For information about working with SNMP on a BIG-IP system, refer
to the Configuration Guide for Local Traffic Management.
Downloading the MIBs

The Global Traffic Manager includes a proprietary Global Traffic Manager
SNMP MIB. This MIB is specifically designed for use with the Global
Traffic Manager. You can configure the SNMP settings in the Configuration
utility or on the command line.
SNMP management software requires that you use the MIB files associated
with the device. You can obtain the following three MIB files from the
/usr/local/share/snmp/mibs directory on the controller, or you can
download the files from the Additional Software Downloads section of the
Configuration utility home screen. The files you need are:
3dns.my
This is a vendor MIB that contains specific information for properties
associated with specific Global Traffic Manager functionality, such as
load balancing.
rfc1611.my
This is a DNS server MIB (RFC 1611) that provides standard
management information.
UCD-SNMP-MIB.txt
This is a MIB-II (RFC 1213) that contains specific management
information for the UC-Davis SNMP agent.
B-2
Working with SNMP
For information about the objects defined in 3dns.my, refer to the

descriptions in the object identifier (OID) section of the MIB file. For
information about the objects defined in rfc1611.my, refer to RFC 1611.
Understanding configuration file requirements

Before using the SNMP agent, you need to make changes to several
configuration files on the Global Traffic Manager. You can make these
changes either by using the Configuration utility or by modifying the files
from the command line. Once you change these configuration files, you
must restart the SNMP agent.
/etc/hosts.allow
The /etc/hosts.allow file specifies the hosts that are allowed to access the
SNMP agent. You can configure access to the SNMP agent with the
/etc/hosts.allow file in one of two ways:
• By typing in an IP address, or list of IP addresses that are allowed to
access the SNMP agent.
• By typing in a network address and mask to allow a range of addresses in
a subnet to access the SNMP agent
WARNING
The /etc/hosts.allow file must contain the following entry, which is in the file
by default: snmpd : 127.0.0.1. If you remove this entry, the Global Traffic
Manager cannot properly poll using SNMP.
Adding a list of specific IP addresses to the /etc/hosts.allow file

You can specify a list of addresses that you want to allow access to the
SNMP agent. Addresses in the list must be separated by blank space or by
commas. Use the following syntax:
daemon: <IP address> <IP address> <IP address>
In the following example, the SNMP agent accepts connections from the
specified IP addresses only:
snmpd: 128.95.46.5 128.95.46.6 128.95.46.7
Adding an address range to the /etc/hosts.allow file

For a range of addresses, the basic syntax is as follows, where daemon is
the name of the daemon, and NETWORKADDRESS/MASK specifies the
network that is allowed access:
daemon: NETWORKADDRESS/MASK
For example, the following syntax sets the snmpd daemon to allow
connections from the 128.95.46.0/255.255.255.0 address range:
snmpd: 128.95.46.0/255.255.255.0

Appendix B
The previous example allows the 256 possible hosts from the network
address 128.95.46.0 to access the SNMP daemon. You may also use the
keyword ALL to allow access for all hosts or all daemons.
Note
If you prefer, instead of modifying this file from the command line, you can
use the Configuration utility to specify the hosts that are allowed to access
the SNMP agent. See To set SNMP properties using the Configuration
utility, on page B-8.
/etc/hosts.deny
The /etc/hosts.deny file must be present to deny, by default, all UDP
connections to the SNMP agent. The contents of this file are as follows:
ALL : ALL
/etc/snmpd.conf
The /etc/snmpd.conf file controls most aspects of the SNMP agent. This file
is used to set up and configure certain traps, passwords, and general SNMP
variable names.
The following list contains a few of the necessary variables:
System Contact Name
The System Contact is a MIB-II simple string variable defined by almost
all SNMP systems. It usually contains a user name and an email address.
This is set by the syscontact key.
Machine Location (string)
The Machine Location is a MIB-II variable that is supported by almost
all systems. It is a simple string that defines the physical location of the
system. This is set by the syslocation key.
Community String
The community string clear text password is used for basic SNMP
security. This also maps to VACM groups, but for initial read-only
access, it is limited to only one group.
Trap Configuration
Trap configuration is controlled by these entries in the /etc/snmpd.conf
file:
• trapsink <host>
This sets the host to receive trap information. The <host> variable is
an IP address.
• trapport <port>
This sets the port on which traps are sent. There must be one trapport
line for each trapsink host.
• trapcommunity <community string>
This sets the community string (password) for sending traps. Once set,
it also sends a trap upon startup: coldStart(0).
B-4
Working with SNMP
• authtrapenable <integer>
Set this variable to 1 so that traps can be sent for authentication
warnings. Set the variable to 2 to disable it.
Note: To change the trap port, be sure the trapport line precedes the
trapsink line. If you use more than one trapsink line, there must be
one trapport line before each trapsink line. The same is true for
trapcommunity; if you use more than one trapcommunity line, there
must be one trapcommunity line before each trapsink line.
System IP Setting
You must set the system IP address using the sysip command; if this
setting is not present, the checktrap.pl script fails to send all Global
Traffic Manager-specific traps. Use the following syntax to set the
system IP address:
sysip <Global Traffic Manager IP address>
Note
If you prefer, instead of modifying this file from the command line, you can
use the Configuration utility to set these SNMP properties. See To set
SNMP properties using the Configuration utility, on page B-8.
/etc/3dns_snmptrap.conf
The configuration in the /etc/3dns_snmptrap.conf file determines which
messages generate traps and what those traps are. The file includes OIDS,
traps, and regular expression mappings. The configuration file specifies
whether to send a specific trap based on a regular expression. An excerpt of
the configuration file is shown in Figure B.1.
# Default traps.
.1.3.6.1.4.1.3375.1.2.2.2.0.1 (SNMP_TRAP: VS.*?state change green.*?red) VIRTUAL SERVER
GREEN TO RED
.1.3.6.1.4.1.3375.1.2.2.2.0.2 (SNMP_TRAP: VS.*?state change red.*?green) VIRTUAL SERVER

RED TO GREEN
.1.3.6.1.4.1.3375.1.2.2.2.0.3 (SNMP_TRAP: SERVER.*?state change green.*?red) SERVER

GREEN TO RED
.1.3.6.1.4.1.3375.1.2.2.2.0.4 (SNMP_TRAP: SERVER.*?state change red.*?green) SERVER RED

TO GREEN
.1.3.6.1.4.1.3375.1.2.2.2.0.5 (SNMP_TRAP: iQuery message from big3d) CRC FAILURE
Figure B.1 Excerpt from the /etc/3dns_snmptrap.conf file
Some of the OIDs have been permanently mapped to specific Global Traffic
Manager events. The OIDs that are permanently mapped for the Global
Traffic Manager include:
• Virtual server green to red
• Virtual server red to green

Appendix B
• Server green to red

• Server red to green
• CRC failure
• Pool green to red
• Pool red to green
• Global Traffic Manager active to standby
• Global Traffic Manager standby to active
To see events that are triggering an SNMP trap, look in the var/log/3dns
directory.
/etc/syslog.conf
To generate traps, you must configure syslog to send syslog lines to
checktrap.pl. If the syslog lines match a specified regular expression in the
3dns_snmptrap.conf file, the checktrap.pl script generates a valid SNMP
trap. The following line in the /etc/syslog.conf file causes the syslog utility
to send the specified log output to the checktrap.pl script. The
checktrap.pl script then compares the logged information to the
3dns_snmptrap.conf file to determine if a trap should be generated.
local2.warning | exec /sbin/checktrap.pl.
Note
If you uncomment this line, make sure you restart syslogd.
Configuring options for the checktrap.pl script

The checktrap.pl script reads a set of lines from standard input. The script
checks each line against a set of regular expressions. If a line matches a
regular expression, the script sends an SNMP trap.
The following options are available for the checktrap.pl script.
SNMP configuration file
This file contains the SNMP variables. The checktrap.pl script gets trap
configuration information from this file. The default is /etc/snmpd.conf.
snmpd_conf_file=<snmp configuration file>
SNMP trap configuration file

This file contains the regular expression to SNMP trap OID mappings. It
also contains a description string that is added to the trap message. The
default is /etc/3dns_snmptrap.conf.
trapd_conf_file=<snmp trap configuration file>
SNMP trap program

This program sends the SNMP trap. This program should be the
snmptrap program included with the Global Traffic Manager. The
default is /usr/local/bin/snmptrap.
B-6
Working with SNMP
trap_program=<snmp trap program>
Date removal
This option turns off automatic date removal. Normally, each input line
is expected to begin with a date. Typically, this date is removed before
the trap is sent. This option keeps the date information in the trap. If you
do not add this option, the date is removed from the trap by default.
no_date_strip
Usage
This option prints a usage string.
usage

Appendix B
Configuring the Global Traffic Manager SNMP agent

using the Configuration utility
You can use the Configuration utility to configure the following aspects of
the Global Traffic Manager SNMP agent:
Client access
You can define a specific network address or an address range from
which SNMP requests are accepted. The Configuration utility adds the
client access entries to the etc/hosts.allow file.
System information
You can define a system contact, a machine location, and a community
string. The Configuration utility adds the system information to the
/etc/snmpd.conf file.
Trap configuration
You can enter a trap sink and a trap community. The Configuration
utility adds the trap configuration information to the /etc/snmpd.conf
file.
Note
If you are configuring the Global Traffic Manager module on a BIG-IP

system, you configure the SNMP settings in the BIG-IP Configuration
utility.
To set SNMP properties using the Configuration utility

The Configuration utility provides sample SNMP settings for your
reference. To use the Global Traffic Manager SNMP MIB, you must replace
these sample settings with settings appropriate to your environment and
your specific SNMP management software.
1. In the navigation pane, click SNMP.
The SNMP Configuration screen opens.
2. Add the SNMP settings.
3. For help on configuring the SNMP settings, click Help on the
toolbar.
WARNING
The /etc/hosts.allow file must contain the following entry, which is in the file
by default: snmpd : 127.0.0.1. If you remove this entry, the Global Traffic
Manager cannot properly poll using SNMP. When you use the
Configuration utility to configure the systems’s SNMP properties, this
address is already listed in the Allow List box.
B-8
Working with SNMP
Configuring SNMP settings to probe hosts

After defining a host server or router, you need to configure its SNMP
settings if you want to use SNMP to probe that host or router. Remember
that you must first set up at least one SNMP prober factory on any BIG-IP
system that runs the big3d agent and is in the same data center as the host or
router.
The SNMP factory can collect some or all of the following information from
a host or router:
• Memory utilization
• CPU utilization
• Disk space utilization
• Kilobytes/second throughput
• Current connections
• Packet rate

Appendix B
The Global Traffic Manager gathers metrics for BIG-IP systems, third-party
load balancers andseveral host servers. Refer to Table B.1 for information
on the host server types and the specific metrics that can be collected for
each host type. To see the current performance of any of these server
metrics, review the Metrics statistics screen.
Metrics collected:
Server Type or Kilobytes/ Packets/ Current Nodes

Operating System Second Second CPU Memory Disk Connections Up
BIG-IP system X X X X
Alteon® Ace Director X X X
BSD, UC Davis X X X X X X
CacheFlow X X X X
Cisco® CSS series X X X X
Cisco LocalDirector X X X
Cisco LocalDirector X X X
Cisco SLB X X
Extreme X X X X
Foundry® ServerIron X X X X
Linux, UC Davis X X X X X
NetApp® appliance X X X X X X
Sun® Solaris X X X X
Windows® 2000 X X X X
Server
Windows NT® 4.0 X X X X X
Table B.1 Server types and the metrics collected by the Global Traffic Manager
Note
The Cisco LocalDirector metric shows new connections per second rather
than current connections.
B - 10
Working with SNMP
To configure host SNMP settings using the Configuration

utility
1. In the navigation pane, expand the Servers item, and click Host.
2. From the Host column, click a host server.
The Modify Host screen opens.
3. On the toolbar, click SNMP Configuration.
The Host SNMP Configuration screen opens.
4. Add the SNMP settings for the host. For help on configuring the
SNMP settings for a host, click Help on the toolbar.
Configuring the SNMP agent on host servers

For host probing to work properly, you need to verify that the SNMP agent
is properly configured on the host itself. We recommend that you refer to the
documentation provided with your host SNMP software for complete
configuration information.
Configuration Guide for BIG-IP® Global Traffic Management B - 11

Appendix B
B - 12
Glossary
Glossary
3-DNS Controller
See Global Traffic Manager.
A record
The A record is the ADDRESS resource record that a Global Traffic
Manager returns to a local DNS server in response to a name resolution
request. The A record contains a variety of information, including one or
more IP addresses that resolve to the requested domain name.
access control list (ACL)

An access control list is a list of local DNS server IP addresses that are
excluded from path probing or hops queries.
active unit
In a redundant system, an active unit is a system that currently load balances
name resolution requests. If the active unit in the redundant system fails, the
standby unit assumes control and begins to load balance requests.
alternate method
The alternate method specifies the load balancing mode that the Global
Traffic Manager uses to pick a virtual server if the preferred method fails.
See also fallback method, preferred method.
big3d agent
The big3d agent is a monitoring agent that collects metrics information
about server performance and network paths between a data center and a
specific local DNS server. The 3-DNS uses the information collected by the
big3d agent for dynamic load balancing.
BIND (Berkeley Internet Name Domain)

BIND is the most common implementation of the Domain Name System
(DNS). BIND provides a system for matching domain names to IP
addresses. For more information, refer to
http://www.isc.org/products/BIND.
CDN switching
CDN switching is the functionality of the Global Traffic Manager that
allows a user to redirect traffic to a third-party network, or transparently
switch traffic to a CDN. The two features of the Global Traffic Manager that
make CDN switching possible are geographic redirection and CNAME
pools.
Configuration Guide for BIG-IP® Global Traffic Management Glossary - 1

Glossary
CNAME record
A canonical name (CNAME) record acts as an alias to another domain
name. A canonical name and its alias can belong to different zones, so the
CNAME record must always be entered as a fully qualified domain name.
CNAME records are useful for setting up logical names for network
services so that they can be easily relocated to different physical hosts.
completion rate
The completion rate is the percentage of packets that a server successfully
returns during a given session.
Completion Rate mode

The Completion Rate mode is a dynamic load balancing mode that
distributes connections based on which network path drops the fewest
packets, or allows the fewest number of packets to time out.
Configuration utility
The Configuration utility is the browser-based application that you use to
configure the Global Traffic Manager.
content delivery network (CDN)

A content delivery network (CDN) is an architecture of Web-based network
components that helps dramatically reduce the wide-area network latency
between a client and the content they wish to access. A CDN includes some
or all of the following network components: wide-area traffic managers,
Internet service providers, content server clusters, caches, and origin content
providers.
data center
A data center is a physical location that houses one or more Global Traffic
Managers, BIG-IP systems, or host machines.
data center server

A data center server is any server recognized in the Global Traffic Manager
configuration. A data center server can be any of the following: a Global
Traffic Manager, a BIG-IP system or a host.
domain name
A domain name is a unique name that is associated with one or more IP
addresses. Domain names are used in URLs to identify particular Web
pages. For example, in the URL http://www.f5.com/index.html, the
domain name is f5.com.
dynamic load balancing modes

Dynamic load balancing modes base the distribution of name resolution
requests to virtual servers on live data, such as current server performance
and current connection load.
Glossary - 2
Glossary
dynamic site content

Dynamic site content is a type of site content that is automatically generated
each time a user accesses the site. Examples are current stock quotes or
weather satellite images.
Extended Content Verification (ECV)

On the Global Traffic Manager, ECV is a service monitor that checks the
availability of actual content, (such as a file or an image) on a server, rather
than just checking the availability of a port or service, such as HTTP on port
80.
external interface
An external interface is the network interface that can be accessed across a
wide-area network (WAN). See also internal interface.
fail-over
Fail-over is the process whereby a standby unit in a redundant system takes
over when a software failure or hardware failure is detected on the active
unit.
fail-over cable
The fail-over cable is the cable that directly connects the two system units in
a hardware-based redundant system.
fallback method
The fallback method is the third method in a load balancing hierarchy that
the Global Traffic Manager uses to load balance a resolution request. The
Global Traffic Manager uses the fallback method only when the load
balancing modes specified for the preferred and alternate methods fail.
Unlike the preferred method and the alternate method, the fallback method
uses neither server nor virtual server availability for load balancing
calculations. See also preferred method, alternate method.
FDDI (Fiber Distributed Data Interface)

FDDI is a multi-mode protocol for transmitting data on optical-fiber cables
at speeds up to 100 Mbps.
Global Availability mode

Global Availability is a static load balancing mode that bases connection
distribution on a particular server order, always sending a connection to the
first available server in the list. This mode differs from Round Robin mode
in that it searches for an available server always starting with the first server
in the list, while Round Robin mode searches for an available server starting
with the next server in the list (with respect to the server selected for the
previous connection request).

Glossary
Global Traffic Manager

The Global Traffic Manager provides wide-area traffic management and
high availability of IP applications/services running across multiple data
centers.
hops factory
A hops factory is a type of factory run by the big3d agent that collects hops
data about network paths.
host
A host is a network server that manages one or more virtual servers that the
Global Traffic Manager uses for load balancing.
ICMP (Internet Control Message Protocol)

ICMP is an Internet communications protocol used to determine information
about routes to destination addresses, such as virtual servers managed by
BIG-IP systems and Global Traffic Managers.
internal interface
An internal interface is a network interface that can be accessed from a
local-area network (LAN). See also external interface.
iQuery
The iQuery protocol is used to exchange information between Global
Traffic Managers and BIG-IP systems. The iQuery protocol is officially
registered with IANA for port 4353, and works on UDP and TCP
connections.
Kilobytes/Second mode
The Kilobytes/Second mode is a dynamic load balancing mode that
distributes connections based on which available server currently processes
the fewest kilobytes per second.
Least Connections mode

The Least Connections mode is a dynamic load balancing mode that bases
connection distribution on which server currently manages the fewest open
connections.
load balancing methods

Load balancing methods are the settings that specify the hierarchical order
in which the Global Traffic Manager uses three load balancing modes. The
preferred method specifies the first load balancing mode that the Global
Traffic Manager tries, the alternate method specifies the next load balancing
mode to try if the preferred method fails, and the fallback method specifies
the last load balancing mode to use if both the preferred and the alternate
methods fail.
Glossary - 4
Glossary
load balancing mode

A load balancing mode is the way in which the Global Traffic Manager
determines how to distribute connections across an array.
local DNS
A local DNS is a server that makes name resolution requests on behalf of a
client. With respect to the Global Traffic Manager, local DNS servers are
the source of name resolution requests. Local DNS is also referred to as
LDNS.
metrics information
Metrics information is the data that is typically collected about the paths
between BIG-IP systems and local DNS servers. Metrics information is also
collected about the performance and availability of virtual servers. Metrics
information is used for load balancing, and it can include statistics such as
round trip time, packet rate, and packet loss.
MindTerm SSH
MindTerm SSH is the third-party application on Global Traffic Managers
that uses SSH for secure remote communications. SSH encrypts all network
traffic (including passwords) to effectively eliminate eavesdropping,
connection hijacking, and other network-level attacks. SSH also provides
secure tunneling capabilities and a variety of authentication methods.
name resolution
Name resolution is the process by which a name server matches a domain
name request to an IP address, and sends the information to the client
requesting the resolution.
name server
A name server is a server that maintains a DNS database, and resolves
domain name requests to IP addresses using that database.
named
The named daemon manages domain name server software.
NameSurfer
NameSurfer is the third-party application on Global Traffic Managers that
automatically manages DNS zone files, synchronizing them with the
configuration on the system. NameSurfer automatically updates any
configuration changes that you make using the Configuration utility.
NameSurfer also provides a graphical user interface for DNS zone file
management.

Glossary
Network Time Protocol (NTP)

Network Time Protocol functions over the Internet to synchronize system
clocks to Universal Coordinated Time. NTP provides a mechanism to set
and maintain clock synchronization within milliseconds.
NS record
A name server (NS) record is used to define a set of authoritative name
servers for a DNS zone. A name server is considered authoritative for some
given zone when it has a complete set of data for the zone, allowing it to
answer queries about the zone on its own, without needing to consult
another name server.
packet rate
The packet rate is the number of data packets per second processed by a
server.
Packet Rate mode

The Packet Rate mode is a dynamic load balancing mode that distributes
connections based on which available server currently processes the fewest
packets per second.
path
A path is a logical network route between a data center server and a local
DNS server.
path probing
Path probing is the collection of metrics data, such as round trip time and
packet rate, for a given path between a requesting LDNS server and a data
center server.
persistence
On a Global Traffic Manager, persistence is a series of related requests
received from the same local DNS server for the same wide IP name. When
persistence is turned on, a Global Traffic Manager sends all requests from a
particular local DNS server for a specific wide IP to the same virtual server,
instead of load balancing the requests.
picks
Picks represent the number of times a particular virtual server is selected to
receive a load balanced connection.
pool
A pool is a group of virtual servers managed by a BIG-IP system, or a host.
The Global Traffic Manager load balances among pools (using the Pool LB
Mode), as well as among individual virtual servers.
Glossary - 6
Glossary
pool ratio
A pool ratio is a ratio weight applied to pools in a wide IP. If the Pool LB
mode is set to Ratio, the Global Traffic Manager uses each pool for load
balancing in proportion to the weight defined for the pool.
preferred method
The preferred method specifies the first load balancing mode that the Global
Traffic Manager uses to load balance a resolution request. See also alternate
method, fallback method.
probe protocol
The probe protocol is the specific protocol used to probe a given path and
collect metrics information for the path. The probe protocols available on
the Global Traffic Manager are: ICMP, DNS_REV, DNS_DOT, UDP, and
TCP. The probe protocols that are available change based on the data center
server type.
prober
A prober is a specific thread of the big3d agent that is used for path probing
of a given set of paths.
prober factory
A prober factory is a utility that collects metrics data, such as round trip time
and packet rate, for a given path between a requesting LDNS and a data
center server. Prober factories are managed by the big3d agent, which
reports the path probing metrics to the Global Traffic Manager. Prober
factories can run only on BIG-IP systems.
production rule
A production rule, on the Global Traffic Manager, can change system
behavior under specific operating conditions. For example, a production rule
can switch load balancing modes or can reroute network traffic to a specific
set of servers. Production rules are based on triggers such as time of day or
current network traffic load.
QOS equation
The QOS equation is the equation on which the Quality of Service load
balancing mode is based. The equation calculates a score for a given path
between a data center server and a local DNS server. The Quality of Service
mode distributes connections based on the best path score for an available
data center server. You can apply weights to the factors in the equation, such
as round trip time and completion rate.

Glossary
Quality of Service load balancing mode

The Quality of Service load balancing mode is a dynamic load balancing
mode that bases connection distribution on a configurable combination of
the packet rate, completion rate, round trip time, hops, virtual server
capacity, kilobytes per second, link capacity, and topology information.
ratio
A ratio is the parameter in a virtual server statement that assigns a weight to
the virtual server for load balancing purposes.
Ratio mode
The Ratio load balancing mode is a static load balancing mode that
distributes connections across an pool of virtual servers in proportion to the
ratio weight assigned to each individual virtual server.
redundant system
A redundant system is a pair of systems that are configured for fail-over. In
a redundant system, one system runs as the active unit and the other system
runs as the standby unit. If the active unit fails, the standby unit takes over
and manages resolution requests.
remote administrative IP address

A remote administrative IP address is an IP address from which a system
allows shell connections, such as SSH, RSH, or Telnet.
resolver
The resolver is the client part of the Domain Name System. The resolver
translates a program's request for host name information into a query to a
name server, and translates the response into an answer to the program's
request. See also name server.
resource record
A resource record is a record in a DNS database that stores data associated
with domain names. A resource record typically includes a domain name, a
TTL, a record type, and data specific to that record type. See also A record,
CNAME record, NS record.
reverse domains
A type of DNS resolution request that matches a given IP address to a
domain name. The more common type of DNS resolution request starts with
a given domain name and matches that to an IP address.
root name server

A root name server is a master DNS server that maintains a complete DNS
database. There are approximately 13 root name servers in the world that
manage the DNS database for the World Wide Web.
Glossary - 8
Glossary
Round Robin mode

Round Robin mode is a static load balancing mode that bases connection
distribution on a set server order. Round Robin mode sends a connection
request to the next available server in the order.
round trip time (RTT)

Round trip time is the calculation of the time (in microseconds) that a local
DNS server takes to respond to a ping issued by the big3d agent running on
a data center server. The 3-DNS takes RTT values into account when it uses
dynamic load balancing modes.
Round Trip Time mode

Round Trip Time is a dynamic load balancing mode that bases connection
distribution on which virtual server has the fastest measured round trip time
between the data center server and the local DNS server.
secondary DNS
The secondary DNS is a name server that retrieves DNS data from the name
server that is authoritative for the DNS zone.
Setup utility
The Setup utility is a utility that takes you through the initial system
configuration process. The Setup utility runs automatically when you turn
on a system for the first time.
site content
Site content is data (including text, images, audio, and video feeds) that is
accessible to clients who connect to a given site. See also dynamic site
content, static site content.
SNMP (Simple Network Management Protocol)

SNMP is the Internet standard protocol, defined in STD 15, RFC 1157, that
was developed to manage nodes on an IP network.
sod (switch over daemon)

The sod daemon controls the fail-over process in a redundant system.
SSH
SSH is a protocol for secure remote login and other secure network services
over a non-secure network.
standby unit
A standby unit is a system in a redundant system that is always prepared to
become the active unit if the active unit fails.

Glossary
static load balancing modes

Static load balancing modes base the distribution of name resolution
requests to virtual servers on a pre-defined list of criteria and server and
virtual server availability; they do not take current server performance or
current connection load into account.
static site content

Static site content is a type of site content that is stored in HTML pages, and
changes only when an administrator edits the HTML document itself.
subdomain
A subdomain is a sub-section of a higher level domain. For example, .com is
a high level domain, and F5.com is a subdomain within the .com domain.
sub-statement
A sub-statement is a logical section within a statement that defines a
particular element in the statement. A sub-statement begins with the
sub-statement name followed by an open brace ( { ) and ends with a closed
brace ( } ). Everything between those braces is part of the sub-statement.
Sub-statements typically define a group of related variables, such as the
calculation coefficients used in Quality of Service load balancing.
synchronization group
A synchronization group is a group of Global Traffic Managers that
synchronize system configurations and zone files (if applicable). All
synchronization group members receive broadcasts of metrics data from the
big3d agents throughout the network. All synchronization group members
also receive broadcasts of updated configuration settings from the Global
Traffic Manager that has the latest configuration changes.
time tolerance value

The time tolerance value is the number of seconds that one system’s clock is
allowed to differ in comparison to another system’s clock, without the two
clocks being considered out of sync.
Topology mode
The Topology mode is a static load balancing mode that bases the
distribution of name resolution requests on the weighted scores for topology
records. Topology records are used by the Topology load balancing mode to
redirect DNS queries to the closest virtual server, geographically, based on
location information derived from the DNS query message.
topology record
A topology record specifies a score for a local DNS server location endpoint
and a virtual server location endpoint.
Glossary - 10
Glossary
topology score
The topology score is the weight assigned to a topology record when the
Global Traffic Manager is filtering the topology records to find the best
virtual server match for a DNS query.
topology statement
A topology statement is a collection of topology records.
traceroute
Traceroute is the utility that the hops factory uses to calculate the total
number of network hops between a local DNS server and a specific data
center.
TTL (Time to Live)

The TTL is the number of seconds for which a specific DNS record or
metric is considered to be valid. When a TTL expires, the server usually
must refresh the information before using it again.
unavailable
The unavailable is a status used for data center servers and virtual servers.
When a data center server or virtual server is unavailable, the Global
Traffic Manager does not use it for load balancing.
unknown
The unknown status is used for data center servers and virtual servers.
When a data center server or virtual server is new to the Global Traffic
Manager and does not yet have metrics information, the Global Traffic
Manager marks its status as unknown. The Global Traffic Manager can use
unknown servers for load balancing, but if the load balancing mode is
dynamic, the Global Traffic Manager uses default metrics information for
the unknown server until it receives live metrics data.
up
The up status is used for data center servers and virtual servers. When a data
center server or virtual server is up, the data center server or virtual server is
available to respond to name resolution requests.
virtual server
A virtual server is a specific combination of a virtual IP address and virtual
port, and is associated with a content site that is managed by a BIG-IP
system or host server.
watchdog timer card

The watchdog timer card is a hardware device that monitors the Global
Traffic Manager for hardware failure.

Glossary
wide IP
A wide IP is a collection of one or more domain names that maps to one or
more groups of virtual servers managed either by BIG-IP systems, or by
host servers. The Global Traffic Manager load balances name resolution
requests across the virtual servers that are defined in the wide IP that is
associated with the requested domain name.
WKS (well-known services)

Well-known services are protocols on ports 0 through 1023 that are widely
used for certain types of data. Some examples of some well-known services
(and their corresponding ports) are: HTTP (port 80), HTTPS (port 443), and
FTP (port 20).
WKS record
A WKS record is a DNS resource record that describes the services usually
provided by a particular protocol on a specific port.
zone
In DNS terms, a zone is a subset of DNS records for one or more domains.
zone file
In DNS terms, a zone file is a database set of domains with one or many
domain names, designated mail servers, a list of other name servers that can
answer resolution requests, and a set of zone attributes, which are contained
in an SOA record.
Glossary - 12
Index
Index
defined 1-5
/etc/3dns_snmptrap.conf file B-5 installing A-3
/etc/hosts.allow file introducing A-1
adding ip addresses to B-3 setting up A-2
defined B-3 BIG-IP system
/etc/hosts.deny file B-4 product line overview 1-1
/etc/snmpd.conf file B-4 See Local Traffic Manager.
/etc/snmptrap.conf file B-5 bigip_add script 3-4
/etc/syslog.conf file B-6 billing
and links 5-23
bridge mode
introducing 4-1
3-DNS selecting listeners for 4-3
See Global Traffic Manager. broadcast sequence and big3d agent A-3
browsers, supported versions 1-10
A
A record C
creating 16-13 checktrap.pl script
defined 16-11 and generating SNMP traps B-6
AAAA record configuring B-6
creating 16-14 CNAME record
defined 16-11 creating 16-14
ACL threshold option 9-8 defined 16-12
address exclusion list 14-7 command syntax, conventions 1-12
alias addresses 10-34 communications
applications and big3d A-5
See distributed applications. and third-party systems 3-9
authentication 3-3 securing 3-3
auto-discovery SNMP 3-9
and links 12-3 completion rate mode 7-7
and virtual servers 12-3 configuration
enabling 12-2 and additional Global Traffic Managers 3-8
introducing 12-1 and essential tasks 2-1
setting the polling frequency 12-2 configuration guide, using 1-7
Configuration utility
about online help 1-13
B and supported browser versions 1-10
basic configuration and the Welcome screen 1-13
and data centers 2-5 introducing 1-10
and health monitors 2-10 connection rate mode 7-7
and listeners 2-2 connections, resuming 8-9
and NTP 2-3 CPU mode 7-7
and pools 2-8 custom monitors 10-5
and servers 2-6 importing from another custom monitor 10-6
and system synchronization 2-3 importing from pre-configured monitor 10-5
and wide IPs 2-9 importing from template 10-6
BIG IP health monitor 10-13
BIG IP link health monitor 10-14
big3d agent D
and broadcasting sequence A-3 data center statistics 13-8
and configuration trade-offs A-3 data centers
and data collection A-3 basic configuration of 2-5
and dynamic load balancing 7-7 configuring 5-2
and iQuery A-5 deleting 5-3
and metrics A-2 disabling 5-4
and RSH A-5 enabling 5-4
Configuration Guide for BIG-IP® Global Traffic Management Index - 1

Index
managing 5-2 firewalls and iQuery A-6

modifying 5-3 forward zone files
data collection creating 16-7
and big3d agent A-3 defined 16-2
dependencies FTP health monitors 10-16
creating for virtual servers 8-6
organizing for virtual servers 8-8
removing from virtual servers 8-7 G
setting 6-20 gateway ICMP health monitor 10-9
destination statement 9-3 global availability mode 7-5
distributed application statistics 13-4 Global Traffic Manager
distributed applications and external systems 3-1
adding wide IPs to 6-19 and network 3-1
and dependencies 6-20 and operation modes 4-1
and persistent connections 6-23 communicating with 3-2
defined 6-18 defining current 5-5
disabling traffic 6-22 resources 1-2
enabling traffic 6-22 gtm_add script 3-8
removing wide IPs from 6-19
DNAME record H
creating 16-15
hardware-based fail-over 1-6
defined 16-12
health monitor settings 10-1
DNS zone files
health monitor types 10-1
adding to views 16-21
health monitors
synchronizing 11-4
and alias addresses 10-34
domain names, maximum supported 1-5
and association types 10-37
drop packet mode 7-4
and extended content verification 10-10
dynamic load balancing
and external application verification 10-13
and big3d agents 7-7
and health monitor types 10-2
overview of 7-7
and links 5-22
dynamic load balancing modes 7-7
and reverse mode 10-34
dynamic ratio
and simple monitors 10-8
and Quality of Service mode 7-9
and transparent mode 10-34
introducing 7-12
assigning servers to 5-12
using with Quality of Service mode 7-12
associating resources to 10-37
basic configuration 2-10
E configuring 10-8
EAV monitors 10-2 creating 10-7
ECV monitors 10-2 creating custom health monitors 10-4
event declarations 15-7 defined 10-2
event execution, terminating 15-8 deleting 10-38
event-based traffic management 15-7 determining availability with 8-4
external health monitor 10-15 disabling 10-38
displaying 10-38
enabling 10-38
F introducing 10-1
fail-over managing 10-38
hardware-based 1-6 using BIG IP link monitor 10-14
network-based 1-6 using BIG IP monitor 10-13
fallback IP mode 7-4 using external 10-15
fallback load balancing using FTP 10-16
configuring 7-15 using gateway ICMP 10-9
introducing 7-15 using HTTP 10-11
features of Global Traffic Manager 1-2 using HTTPS 10-12
findclass() function 15-12 using ICMP 10-8
findstr() function 15-11 using IMAP 10-16
Index - 2
Index
using LDAP 10-17 and statement commands, 15-8

using MSSQL 10-18 and wide IPs 6-14
using NNTP 10-20 assigning 15-8
using Oracle 10-20 creating 15-5
using POP3 10-21 introducing 15-1
using pre-configured health monitors 10-4 organizing within wide IPs 6-16
using RADIUS 10-21 removing from wide IPs 6-16
using Real Server 10-22
using scripted 10-24
using SIP 10-25 K
using SMTP 10-26 kilobyte/second mode 7-8
using SNMP 10-26
using SNMP link 10-27 L
using SOAP 10-28
last resort pool 8-12
using TCP 10-10
LDAP health monitor 10-17
using TCP echo 10-9
least connections mode 7-8
using TCP half open 10-10
limit settings
using UDP 10-28
See limit thresholds.
using WAP 10-29
limit thresholds
using WMI 10-30
and pool members 5-15
help, online 1-13
and pools 5-14
HINFO record
and servers 5-13
creating 16-15
and virtual servers 5-16
defined 16-12
introducing 5-13
HINT zone files
Link Controller
creating 16-6
communicating with 3-2
defined 16-2
defined 5-8
hops mode 7-8
link statistics 13-10
host servers
links
configuring SNMP B-9, B-11
adding 5-21
defined 5-11
and monitors 5-22
using the generic host option 5-12
billing 5-23
HTTP health monitor 10-11
discovering 12-3
HTTPS health monitor 10-12
managing 5-21
removing 5-21
I weighting 5-23
ICMP health monitor 10-8 listeners
if statement syntax 15-9 and VLANs 4-6
if statement, nesting 15-9 basic configuration of 2-2
ignore traffic TTL option 7-17 deleting 4-5
IMAP health monitor 10-16 introducing 4-1
internet protocols 1-4 modifying 4-4
iQuery selecting 4-2
and firewalls A-6 setting up 4-4
defined A-5 load balancing
iRule command types 15-3 and dynamic modes 7-7
iRule elements 15-2 and pools 7-14
iRule evaluation, controlling 15-7 and static modes 7-4
iRule event declarations 15-2 and wide IPs 7-13
iRule event types 15-7 configuring 7-13
iRule functions, introducing 15-11 fallback method 7-15
iRule operators 15-2 ignore traffic TTL 7-17
iRule statement syntax 15-9, 15-10, 15-13, 15-14, 15-15 introducing 7-1
iRules using topology mode 9-5
adding to wide IPs 6-15 verify virtual server availability 7-17
load balancing modes

Index
using completion rate 7-7 MIBs B-2

using connection rate 7-7 Microsoft Internet Explorer 1-10
using CPU 7-7 monitor types 10-2
using drop packet 7-4 Monitors
using fallback IP 7-4 See health monitors.
using global availability 7-5 MSSQL health monitor 10-18
using hops 7-8 mx record
using kilobytes/second 7-8 creating 16-16
using least connections 7-8 defined 16-12
using none 7-5
using packet rate 7-8
using Quality of Service 7-9 N
using ratio 7-5 named.conf 16-21
using return to dns 7-6 Netscape Navigator 1-10
using round robin 7-6 network management tools 1-4
using round trip times 7-8 Network Time Protocol
using static persist 7-6 See NTP.
using topology 7-6 network-based fail-over 1-6
using VS capacity 7-9 NNTP health monitor 10-20
load balancing servers node mode
defined 5-9 defined 4-1
using the generic load balancing server option 5-10 selecting listeners for 4-2
local DNS none mode 7-5
assigning probes to 14-3 NS record
excluding from probes 14-7 creating 16-16
removing from probes 14-7 defined 16-12
local DNS statistics 13-14 NTP
Local Traffic Manager basic configuration of 2-3
and resources 1-4 synchronizing systems 11-1
communicating with 3-2
defined 5-7 O
log statements 15-9
online help 1-13
logical network components 6-1
operators 15-2
logical operators, listed 15-2
Oracle health monitor 10-20
longest match option 9-8
M P
packet rate mode 7-8
manual resume 8-9
path statistics 13-13
master zone files
persistence records 13-16
creating 16-3
persistent connections 6-23
defined 16-2
and persistent records 13-16
media options 1-5
draining 8-10
metrics
introducing 8-10
assigning to local DNS 14-3
physical network components 5-1
defined 14-2
pool members
introducing 14-1
and limit thresholds 5-15
using B-10
selecting with iRules 15-4
metrics collection
pool statistics 13-7
and big3d agent A-2
pools
and probes 14-7
adding to wide IPs 6-10
and TTL and timers 14-5
and limit thresholds 5-14
excluding local DNS from probes 14-7
and load balancing 7-14
removing local DNS from probes 14-7
and topology load balancing 9-6
sequence of A-3
and virtual servers 6-4
setting TTL and timer values 14-5
basic configuration 2-8
Index - 4
Index
defined 6-3 reverse mode 10-34

disabling 6-8 Round Robin mode 7-6
enabling 6-8 round trip times mode 7-8
organizing virtual servers 6-5 router mode
organizing within wide IPs 6-12 defined 4-1
removing from wide IPs 6-11 selecting listeners for 4-3
removing virtual servers 6-5 RSH A-5
selecting with iRules 15-4 rule operators, listed 15-2
weighting virtual servers 6-6 rule statement syntax 15-9, 15-10, 15-13, 15-14, 15-15
weighting within wide IPs 6-12 rules
POP3 health monitor 10-21 See iRules.
probing
and SNMP B-9
server types B-10 S
types of metrics B-10 scalability 1-5
PTR record scripted health monitor 10-24
creating 16-17 scripts
defined 16-12 bigip_add 3-4
checktrap.pl B-6
gtm_add 3-8
Q security features 1-4
QOS server statistics 13-11
See Quality of Service mode. servers
Quality of Service coefficients 7-10 and basic configuration 2-6
Quality of Service mode and BIG-IP systems defined 5-5
and default settings 7-9 and limit thresholds 5-13
customizing 7-9, 7-11 defining current Global Traffic Manager 5-5
introducing 7-9 defining host servers 5-11
understanding coefficients 7-10 defining Link Controllers 5-8
using dynamic ratio 7-9, 7-12 defining load balancing servers 5-9
quality of service mode 7-8 defining Local Traffic Managers 5-7
query commands, defined 15-3 introducing 5-5
servers, NTP 2-3, 11-1
servers, selecting with iRules 15-4
R service checks, troubleshooting 10-19
RADIUS health monitor 10-21 simple monitors 10-2
ratio mode 7-5 SIP health monitor 10-25
Real Server health monitor 10-22 slave zone files
redundant systems 1-6 creating 16-4
regions 9-7 defined 16-2
relational operators, listed 15-2 SMTP 1-4
request source statements 9-3 SMTP health monitors 10-26
resource availability 10-2 SNMP
resource records and BIG-IP systems B-1
adding to zone files 16-18 and client access B-4
and CNAME records 16-14 and Global Traffic Manager OIDs B-5
and HINFO records 16-15 and host servers B-11
and MX records 16-16 and MIB B-2
and NS records 16-12 and probing B-9
and PTR records 16-12 configuring B-2, B-8
and SOA records 16-11 downloading MIBs B-2
and SRV records 16-17 generating traps B-6
and TXT recrods 16-18 in the Configuration utility B-8
modifying 16-18 introducing B-1
types of records 16-11 probing hosts B-9
resources,discovering automatically 5-16 trap configuration B-4
return to DNS mode 7-6

Index
understanding configuration files B-3 and time 11-1

SNMP agent basic configuration of 2-3
allowing host access B-3 controlling 11-3
configuration file requirements B-3 creating groups 11-5
configuring B-3, B-4 deactivating 11-3
configuring hosts B-11 introducing 11-1
denying UPD connections B-4 options of 1-5
generating traps B-5 synchronization groups 11-5
in the Configuration utility B-8 syntax, for iRule statements 15-9, 15-10, 15-13, 15-14,
SNMP health monitor 10-26 15-15
SNMP link health monitor 10-27 syslog utility B-6
SNMP MIB 1-10 system resources
SNMP prober factory B-9 and dependencies 8-6
SNMP trap logs B-6 associating health monitors to 10-37
SOA record determining availability 8-3
defined 16-11 resuming connections to 8-9
SOAP health monitor 10-28 systems
SQL Enterprise Manager 10-19 availability of 8-3
SQL-based service checks, troubleshooting 10-19 discovering automatically 5-16
SQL-based services, and service checks 10-18
SRV record
creating 16-17 T
defined 16-12 Tcl syntax 15-1
SSL 1-4 TCP echo health monitor 10-9
statement commands TCP half open health monitor 10-10
defined 15-3 TCP health monitor 10-10
specifying 15-8 test accounts, creating 10-19
static load balancing modes 7-4 timer values
static persist mode 7-6 and metrics collection 14-5
statistics introducing 14-5
accessing 13-2 Tools Command Language syntax 15-1
and data centers 13-8 topologies
and distributed applications 13-4 and ACL threshold option 9-8
and links 13-10 and destination statements 9-3
and local DNS servers 13-14 and longest match option 9-8
and paths 13-13 and pools 9-6
and pools 13-7 and records 9-3
and servers 13-11 and regions 9-7
and status summary 13-3 and request source statements 9-3
and virtual servers 13-12 and wide IPs 9-5
and wide IPs 13-6 introducing 9-1
introducing 13-1 setting up 9-3
understanding 13-4 topology mode 7-6
status summary 13-3 topology records
strings, returning 15-11 introducing 9-3
stub zone files removing 9-4
creating 16-5 transparent mode 10-34
defined 16-2 TTL values
stylistic conventions 1-11 and metrics collection 14-5
substr() function 15-12 introducing 14-5
sync groups TXT record
See synchronization. creating 16-18
synchronization defined 16-12
activating 11-2 txt record
and DNS zone files 11-4 creating 16-18
and NTP 11-1
Index - 6
Index
U and topology load balancing 9-5

UDP health monitor 10-28 creating 6-9
UIE commands, defined 15-3 disabling 6-14
use pool statement syntax 15-9 enabling 6-14
utilities introducing 2-9
Configuration 1-10 maintaining 6-10
syslog B-6 organizing iRules 6-16
organizing pools 6-12
removing from distributed applications 6-19
V removing iRules from 6-16
verify virtual server availability option 7-17 removing pools from 6-11
views weighting pools 6-12
adding 16-19 wildcard characters
adding zones to 16-21 and wide IPs 6-10
and BIND 9 16-19 examples of 6-10
deleting 16-20 Wireless Application Protocol monitor
modifying 16-20 See WAP health monitor.
virtual server statistics 13-12 WMI health monitor 10-30
virtual servers
adding 3-7, 5-19
adding to pools 6-4 Z
and iRules 15-8 zone files
and limit thresholds 5-16 adding to views 16-21
creating dependencies 8-6 synchronizing 11-4
discovering 12-3 zones
editing 5-20 creating 16-2
introducing 5-19 types of 16-2
organizing dependencies 8-8
organizing within pools 6-5
removing 5-20
removing dependencies 8-7
removing from pools 6-5
weighting within pools 6-6
VLANs 4-6
VS capacity mode 7-9
W
WAP health monitor 10-29
Web certificates
acquiring 3-4, 3-5
exporting 3-5
importing 3-6
weighting
and links 5-23
Welcome screen 1-13
when keyword 15-8
wide IP statistics 13-6
wide IPs
adding iRules to 6-15
adding pools to 6-10
adding to distributed applications 6-19
and basic configuration 2-9
and iRules 6-14
and load balancing 7-13
and persistent connections 8-10

GTM Guide 922 PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

GTM Guide 922 PDF

Caricato da

Copyright:

Formati disponibili

Configuration Guide

for BIG-IP® Global Traffic Management

Export Regulation Notice

Canadian Regulatory Compliance

Configuration Guide for BIG-IP® Global Traffic Management i

Configuration Guide for BIG-IP® Global Traffic Management iii

Configuration Guide for BIG-IP® Global Traffic Management 1

Introducing listeners .......................................................................................................................4-1

Weighting pools within wide IPs ..................................................................................... 6-12

Configuration Guide for BIG-IP® Global Traffic Management 3

Setting up and removing topology records ...............................................................................9-3

Wide IP statistics ................................................................................................................ 13-6

Configuration Guide for BIG-IP® Global Traffic Management 5

Types of resource records ............................................................................................. 16-11

• Introducing the BIG-IP system

• Introducing the Global Traffic Manager

• Using the Configuration Guide

• Introducing the Configuration utility

• Stylistic conventions in this document

• Finding help and technical support resources

Introducing the BIG-IP system

 BIG-IP®Application Security Module

Configuration Guide for BIG-IP® Global Traffic Management 1-1

attacks including buffer overflow, SQL injection, cross-site scripting,

Introducing the Global Traffic Manager

Overview of Global Traffic Manager Resources

Configuration Guide for BIG-IP® Global Traffic Management 1-3

Local Traffic Manager resources

Internet protocol and network management support

 Secure iQuery communications

System synchronization options

Configuring data collection for server status and network path

Configuration Guide for BIG-IP® Global Traffic Management 1-5

Redundant system configurations

In a network-based fail-over configuration, the standby Global Traffic

Monitoring the Global Traffic Manager and the network

Using the Configuration Guide

Configuration Guide for BIG-IP® Global Traffic Management 1-7

Configuration Guide for BIG-IP® Global Traffic Management 1-9

Introducing the Configuration utility

Configuration utility components

Stylistic conventions in this document

Using the solution examples

Identifying new terms

Identifying references to products

Identifying references to objects, names, and commands

Identifying references to other documents

Configuration Guide for BIG-IP® Global Traffic Management 1 - 11

Identifying command syntax

Table 1.1 explains additional special conventions used in command line

Item in text Description

Table 1.1 Command line conventions used in this manual

Finding help and technical support resources

To access this site, you need to register at http://tech.f5.com.

Configuration Guide for BIG-IP® Global Traffic Management 1 - 13

• Reviewing the essential configuration tasks

• Setting system-level settings

• Setting up data centers

• Setting up wide IPs

• Assigning health monitors

Reviewing the essential configuration tasks

If your environment requires that the Global Traffic Manager operate in a

Configuration Guide for BIG-IP® Global Traffic Management 2-1

BIG-IP®Application Security Module

Secure iQuery communications