Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
version 9.2.2
MAN-0186-00
Service and Support Information
Product Version
This manual applies to product version 9.2.2 of the BIG-IP® Global Traffic Manager.
Publication Date
This manual was published on April 20, 2006.
Legal Notices
Copyright
Copyright 1998-2006, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicable
user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, iControl, GLOBAL-SITE, SEE-IT, EDGE-FX, FireGuard,
Internet Control Architecture, IP Application Switch, iRules, OneConnect, Packet Velocity, SYN Check,
Control Your World, ZoneRunner, uRoam, FirePass, TrafficShield, WANJet, and WebAccelerator are
registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other countries. All other
trademarks mentioned in this document are the property of their respective owners. F5 Networks'
trademarks may not be used in connection with any product or service except as permitted in writing by
F5.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's
authority to operate this equipment under part 15 of the FCC rules.
Acknowledgments
This product includes software developed by Gabriel Forté.
This product includes software developed by Bill Paul.
This product includes software developed by Jonathan Stone.
This product includes software developed by Manuel Bouyer.
This product includes software developed by Paul Richards.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by the Politecnico di Torino, and its contributors.
This product includes software developed by the Swedish Institute of Computer Science and its
contributors.
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications,
http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.
This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was
developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.
"Similar operating systems" includes mainly non-profit oriented systems for research and education,
including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License (© 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
This product includes the standard version of Perl software licensed under the Perl Artistic License (©
1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current
standard version of Perl at http://www.perl.com.
This product includes software developed by Jared Minch.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
ii
This product contains software based on oprofile, which is protected under the GNU Public License.
This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)
and licensed under the GNU General Public License.
This product contains software licensed from Dr. Brian Gladman under the GNU General Public License
(GPL).
This product includes software developed by the Apache Software Foundation <http://www.apache.org/>.
This product includes Hypersonic SQL.
This product contains software developed by the Regents of the University of California, Sun
Microsystems, Inc., Scriptics Corporation, and others.
This product includes software developed by the Internet Software Consortium.
This product includes software developed by Nominum, Inc. (http://www.nominum.com).
This product contains software developed by Broadcom Corporation, which is protected under the GNU
Public License.
1
Introducing the Global Traffic Manager
Introducing the BIG-IP system .....................................................................................................1-1
Introducing the Global Traffic Manager .....................................................................................1-2
Overview of Global Traffic Manager Resources ............................................................1-2
Internet protocol and network management support ..................................................1-4
Security features ....................................................................................................................1-4
Configuration scalability .......................................................................................................1-5
System synchronization options .........................................................................................1-5
Configuring data collection for server status and network path data .......................1-5
Redundant system configurations ......................................................................................1-6
Monitoring the Global Traffic Manager and the network ............................................1-6
Using the Configuration Guide ....................................................................................................1-7
Additional information ..........................................................................................................1-8
Introducing the Configuration utility ....................................................................................... 1-10
Configuration utility components ................................................................................... 1-10
Browser support ................................................................................................................. 1-10
Stylistic conventions in this document .................................................................................... 1-11
Using the solution examples ............................................................................................ 1-11
Identifying new terms ......................................................................................................... 1-11
Identifying references to products .................................................................................. 1-11
Identifying references to objects, names, and commands ......................................... 1-11
Identifying references to other documents .................................................................. 1-11
Identifying command syntax ............................................................................................. 1-12
Finding help and technical support resources ....................................................................... 1-13
2
Essential Configuration Tasks
Reviewing the essential configuration tasks ..............................................................................2-1
Setting system-level settings .........................................................................................................2-2
Defining listeners ...................................................................................................................2-2
Defining NTP servers ............................................................................................................2-3
Defining synchronization settings .......................................................................................2-3
Setting up data centers ..................................................................................................................2-5
Setting up servers ...........................................................................................................................2-6
Defining the current Global Traffic Manager ..................................................................2-6
Defining servers .....................................................................................................................2-7
Setting up pools ...............................................................................................................................2-8
Setting up wide IPs ..........................................................................................................................2-9
Assigning health monitors .......................................................................................................... 2-10
3
Communicating with External Systems
Introducing external system communication ...........................................................................3-1
Communicating with BIG-IP systems .........................................................................................3-2
Establishing communications between the Global Traffic Manager and other external
systems .....................................................................................................................................3-2
Communicating with third-party systems .................................................................................3-9
Adding third-party systems to the Global Traffic Manager ..........................................3-9
Adding virtual servers from third-party systems ......................................................... 3-10
4
Working with Listeners
5
Defining the Physical Network
Introducing physical network components ...............................................................................5-1
Managing data centers ....................................................................................................................5-2
Configuring data centers ......................................................................................................5-2
Modifying data centers ..........................................................................................................5-3
Deleting data centers ............................................................................................................5-3
Enabling and disabling data centers ....................................................................................5-4
Managing servers .............................................................................................................................5-5
Defining BIG-IP systems .......................................................................................................5-5
Defining load balancing servers ..........................................................................................5-9
Defining host servers ......................................................................................................... 5-11
Assigning monitors to servers ......................................................................................... 5-12
Setting limit thresholds ...................................................................................................... 5-13
Discovering resources automatically ............................................................................. 5-16
Managing virtual servers ............................................................................................................. 5-19
Adding virtual servers manually ....................................................................................... 5-19
Modifying virtual servers ................................................................................................... 5-20
Removing virtual servers ................................................................................................... 5-20
Managing links ............................................................................................................................... 5-21
Defining links ........................................................................................................................ 5-21
Adding and removing routers .......................................................................................... 5-21
Assigning monitors to links .............................................................................................. 5-22
Configuring link weighting and billing properties ........................................................ 5-23
6
Defining the Logical Network
Introducing logical network components ..................................................................................6-1
Understanding logical components ....................................................................................6-1
Setting up pools ...............................................................................................................................6-3
Defining pools .........................................................................................................................6-3
Adding virtual servers to pools ..........................................................................................6-4
Removing virtual servers from pools ................................................................................6-5
Organizing virtual servers within pools ............................................................................6-5
Weighting virtual servers within pools .............................................................................6-6
Disabling and enabling pools ...............................................................................................6-8
Setting up wide IPs ..........................................................................................................................6-9
Defining wide IPs ....................................................................................................................6-9
Adding pools to wide IPs .................................................................................................. 6-10
Removing pools from wide IPs ........................................................................................ 6-11
Organizing pools within wide IPs .................................................................................... 6-12
2
Table of Contents
7
Load Balancing with the Global Traffic Manager
Understanding load balancing on the Global Traffic Manager ..............................................7-1
Using static load balancing modes ...............................................................................................7-4
Drop Packet mode ................................................................................................................7-4
Fallback IP ................................................................................................................................7-4
Global Availability mode .......................................................................................................7-5
None mode .............................................................................................................................7-5
Ratio mode ..............................................................................................................................7-5
Return to DNS mode ...........................................................................................................7-6
Round Robin mode ...............................................................................................................7-6
Static Persist mode ................................................................................................................7-6
Topology mode ......................................................................................................................7-6
Using dynamic load balancing modes .........................................................................................7-7
Types of dynamic load balancing modes ...........................................................................7-7
Implementing the Quality of Service load balancing mode ..........................................7-9
Using the Dynamic Ratio option ..................................................................................... 7-12
Configuring load balancing ......................................................................................................... 7-13
Configuring load balancing methods for wide IPs ....................................................... 7-13
Configuring load balancing methods for pools ............................................................. 7-14
Using the fallback load balancing method ............................................................................... 7-15
Configuring the fallback load balancing method .......................................................... 7-15
Employing additional load balancing options ......................................................................... 7-17
8
Managing Connections
Introducing connection management .........................................................................................8-1
Determining resource health .......................................................................................................8-2
Determining resource availability ................................................................................................8-3
Establishing limit settings ......................................................................................................8-3
Using monitors to determine availability ..........................................................................8-4
Managing dependencies for virtual servers ......................................................................8-6
Resuming connections to resources ..........................................................................................8-9
Establishing persistent connections ......................................................................................... 8-10
Draining persistent requests ............................................................................................ 8-10
Setting the last resort pool ........................................................................................................ 8-12
9
Working with Topologies
Overview of topologies .................................................................................................................9-1
Understanding topologies ....................................................................................................9-1
Implementing topologies ......................................................................................................9-2
10
Configuring Monitors
Introducing monitors .................................................................................................................. 10-1
Summary of monitor types ............................................................................................... 10-2
Overview of monitor settings .......................................................................................... 10-4
Understanding pre-configured and custom monitors ................................................ 10-4
Creating a custom monitor ....................................................................................................... 10-7
Configuring monitor settings .................................................................................................... 10-8
Simple monitors .................................................................................................................. 10-8
Extended Content Verification (ECV) monitors ....................................................... 10-10
External Application Verification (EAV) monitors .................................................... 10-13
Special configuration considerations ..................................................................................... 10-34
Setting destinations ........................................................................................................... 10-34
Using transparent and reverse modes ......................................................................... 10-34
Associating monitors with resources .................................................................................... 10-37
Types of monitor associations ....................................................................................... 10-37
Managing monitors ..................................................................................................................... 10-38
Displaying monitor settings ............................................................................................ 10-38
Deleting monitors ............................................................................................................. 10-38
Enabling and disabling monitor instances .................................................................... 10-39
11
Synchronizing Global Traffic Managers
Introducing synchronization ...................................................................................................... 11-1
Defining NTP servers ......................................................................................................... 11-1
Activating synchronization ......................................................................................................... 11-2
Controlling file synchronization ................................................................................................ 11-3
Deactivating file synchronization ..................................................................................... 11-3
Synchronizing DNS zone files ................................................................................................... 11-4
Creating synchronization groups ............................................................................................. 11-5
12
Discovering Resources through Auto-Discovery
Introducing auto-discovery ........................................................................................................ 12-1
Enabling auto-discovery .............................................................................................................. 12-2
Setting the discovery frequency ................................................................................................ 12-2
Discovering virtual servers ........................................................................................................ 12-3
Discovering links .......................................................................................................................... 12-3
13
Viewing Statistics
Introducing statistics ................................................................................................................... 13-1
Accessing statistics ....................................................................................................................... 13-2
Viewing the Status Summary screen ........................................................................................ 13-3
Understanding the types of statistics ...................................................................................... 13-4
Distributed application statistics ..................................................................................... 13-4
4
Table of Contents
14
Collecting Metrics
Introducing metrics collection .................................................................................................. 14-1
Defining metrics ........................................................................................................................... 14-2
Assigning probes to local domain name servers ................................................................... 14-3
Configuring TTL and timer values ............................................................................................ 14-5
Excluding LDNS servers from probes .................................................................................... 14-7
Removing LDNS servers from the address exclusion list ......................................... 14-7
15
Writing iRules
Introducing iRules for the Global Traffic Manager ............................................................... 15-1
What is an iRule? ................................................................................................................ 15-1
Basic iRule elements ........................................................................................................... 15-2
Specifying traffic destinations ........................................................................................... 15-4
Creating iRules ............................................................................................................................. 15-5
Assigning iRules ............................................................................................................................ 15-6
Controlling iRule evaluation ...................................................................................................... 15-7
Specifying events ................................................................................................................. 15-7
Using statement commands ....................................................................................................... 15-8
Using wide IP commands ......................................................................................................... 15-10
Using utility commands ............................................................................................................. 15-11
Parsing and manipulating content .................................................................................. 15-11
Ensuring data integrity ..................................................................................................... 15-13
Retreiving resource information ................................................................................... 15-13
Using protocol commands ....................................................................................................... 15-14
IP commands ...................................................................................................................... 15-14
TCP commands ................................................................................................................. 15-14
UDP commands ................................................................................................................ 15-15
Removing iRules ......................................................................................................................... 15-16
16
Managing DNS Files with ZoneRunner
Introducing ZoneRunner ............................................................................................................ 16-1
Working with DNS and BIND ........................................................................................ 16-1
Understanding ZoneRunner tasks .................................................................................. 16-1
Working with zone files ............................................................................................................. 16-2
Types of zone files .............................................................................................................. 16-2
Creating zone files .............................................................................................................. 16-2
Importing zone files ............................................................................................................ 16-8
Modifying zones ................................................................................................................. 16-10
Deleting zones ................................................................................................................... 16-10
Working with resource records ............................................................................................ 16-11
A
Working with the big3d Agent
Introducing the big3d agent .........................................................................................................A-1
Collecting path data and server performance metrics ..........................................................A-2
Setting up data collection with the big3d agent .............................................................A-2
Understanding the data collection and broadcasting sequence .................................A-3
Setting up communication between Global Traffic Managers and other servers ...........A-5
Setting up iQuery communications for the big3d agent ..............................................A-5
Allowing iQuery communications to pass through firewalls .....................................A-6
Communications between Global Traffic Managers, big3d agents, and local DNS
servers .....................................................................................................................................A-6
B
Working with SNMP
Introducing SNMP in a BIG-IP system environment .............................................................. B-1
Configuring SNMP on the Global Traffic Manager ................................................................. B-2
Downloading the MIBs ........................................................................................................ B-2
Understanding configuration file requirements ............................................................. B-3
Configuring options for the checktrap.pl script ............................................................ B-6
Configuring the Global Traffic Manager SNMP agent using the Configuration utility ... B-8
Configuring SNMP settings to probe hosts ............................................................................. B-9
Configuring the SNMP agent on host servers ....................................................................... B-11
Glossary
Index
6
1
Introducing the Global Traffic Manager
1-2
Introducing the Global Traffic Manager
network. These collections are called virtual servers because they might
span more than one physical machine, or might be a subset of available
ports on a single machine.
Server
A server is a a physical device that manages one or more virtual servers.
An example of a server is the Local Traffic Manager; however, the
Global Traffic Manager can manage other server types as well, such as a
Windows 2000 Server.
Listener
To manage your network traffic, the Global Traffic Manager also
requires that you configure an additional resource: a listener. A listener
instructs the Global Traffic Manager to listen for network traffic destined
for a specific IP address. Listeners are critical for the Global Traffic
Manager; without them, the Global Traffic Manager does not know what
traffic it must manages and what traffic it can safely ignore.
Link
A link is a physical device that connects your network to the rest of the
Internet. Often, links are logically attached to a collection of servers for
managing access to your data sources.
Data center
A data center is a logical collection of both servers and links. Typically,
data centers represent devices that reside in a physical location.
Pool
A pool is a collection of multiple virtual servers. The Global Traffic
Manager uses pools to load balance incoming network traffic among
multiple virtual servers. Pools differentiate from servers in that a pool
can encompass virtual servers on multiple servers on the network. This
provides you with more significant load balancing granularity, because
you can load balance across multiple pools of virtual servers and then
have the appropriate server load balance across the virtual servers
themselves.
Wide IP
A wide IP is a collection of one or more pools. Through the use of wide
IPs, you can load balance network traffic between multiple pools.
Distributed application
A distributed application is a collection of wide IPs, data centers, and
links, and is the highest-level component that the Global Traffic Manager
supports. You can configure the availability of distributed applications to
be dependent on a specific data center, link, or server. For example, if
you configure a data center to have its availability depend on a link, and
that link goes down, the Global Traffic Manager considers the
application to be unavailable.
Through the configuration of wide IPs and pools, you can use the Global
Traffic Manager to load balance across a collection of data, while resources
such as distributed applications, data centers, and servers give you visibility
into the performance and availability of these sources.
Security features
The Global Traffic Manager offers a variety of security features that can
help prevent hostile attacks on your site or equipment.
Secure administrative connections
The Global Traffic Manager supports Secure Shell (SSH) administrative
connections for remote administration from the command line. The GTM
web server, which hosts the web-based Configuration utility, supports
SSL connections as well as user authentication.
1-4
Introducing the Global Traffic Manager
Configuration scalability
The Global Traffic Manager is a highly scalable and versatile solution. You
can configure the Global Traffic Manager to manage up to several hundred
domain names, including full support of domain name aliases. The Global
Traffic Manager supports a variety of media options, including Fast
Ethernet, and Gigabit Ethernet; the Global Traffic Manager also supports
multiple network interface cards that can provide redundant or alternate
paths to the network.
system transitions) along a given network path, and you can also set the
big3d agent to collect host server performance information using the SNMP
protocol. For further details on the big3d agent, refer to Appendix A,
Working with the big3d Agent.
Note
1-6
Introducing the Global Traffic Manager
Configuring Monitors
This chapter describes how to use monitors to track the components of
your network. Monitors are components of the Global Traffic Manager
that perform specific tests to see if a given component is available for
load balancing.
Synchronizing Global Traffic Managers
This chapter describes how to synchronize the configuration settings
between several Global Traffic Managers. Through synchronization, you
can configure one Global Traffic Manager and have that change copied
to any other Global Traffic Manager in that synchronization group.
Discovering Resources through Auto-Discovery
This chapter describes how to use the auto-discovery feature of the
Global Traffic Manager to automatically detect network components,
such as links or virtual servers, and add them to the configuration of the
Global Traffic Manager.
Viewing Statistics
This chapter describes how to use the Global Traffic Manager to view
statistics on the different physical and logical network components.
Collecting Metrics
This chapter describes how to use the Global Traffic Manager to gather
metrics on the different physical and logical network components.
Writing iRules
This chapter describes how to write iRules; scripts that allow you to fully
customize the load balancing capabilities of the Global Traffic Manager.
Managing DNS Files with ZoneRunner
This chapter describes how to use ZoneRunner, a BIG-IP utility, to
manage and maintain your DNS zone files.
In addition the preceding list of chapters, this guide contains the following
appendices:
Working with the big3d Agent
This appendix describes the big3d agent, a utility that is responsible for
much of the communication between different BIG-IP components.
Working with SNMP
This appendix describes how the Global Traffic Manager uses SNMP to
acquire information from non-BIG-IP systems.
Additional information
In addition to this guide, there are other sources of the documentation you
can use in order to work with the BIG-IP system. The information is
organized into the guides and documents described below. The following
printed documentation is included with the BIG-IP system.
1-8
Introducing the Global Traffic Manager
Configuration Worksheet
This worksheet provides you with a place to plan the basic configuration
for the BIG-IP system.
BIG-IP Quick Start Instructions
This pamphlet provides you with the basic configuration steps required
to get the BIG-IP system up and running in the network.
The following guides are available in PDF format from the Ask F5 web site,
http://tech.f5.com. These guides are also available from the first Web page
you see when you log in to the administrative web server on the BIG-IP
system.
Platform Guide
This guide includes information about the BIG-IP system. It also
contains important environmental warnings.
Installation, Licensing, and Upgrades for BIG-IP Systems
This guide provides detailed information about installing upgrades to the
BIG-IP system. It also provides information about licensing the BIG-IP
system software and connecting the system to a management workstation
or network.
It is important to note that the Global Traffic Manager often co-exists with
other BIG-IP system modules, such as a Local Traffic Manager or a Link
Controller. Consequently, you might see features in the Configuration utility
that are not described in this guide. See Finding help and technical support
resources, on page 1-13 for a list of other guides that will help you learn
about your BIG-IP solution.
Browser support
The Configuration utility, which provides web-based access to the GTM
configuration and features, supports the following browser versions:
• Netscape Navigator 4.7X
• Microsoft Internet Explorer, version 5.0,5.5, or 6.0
1 - 10
Introducing the Global Traffic Manager
\
Continue to the next line without typing a line break.
< >
You enter text for the enclosed item. For example, if the command
has <your name>, type in your name.
|
Separates parts of a command.
[ ]
Syntax inside the brackets is optional.
...
Indicates that you can type a series of items.
1 - 12
Introducing the Global Traffic Manager
Note
1 - 14
2
Essential Configuration Tasks
• Setting up servers
• Setting up pools
Note
Defining listeners
One of the most crucial aspects of integrating the Global Traffic Manager
into your network is providing it with a listener. A listener is a resource for
the Global Traffic Manager that identifies the network traffic for which the
Global Traffic Manager is responsible. Listeners accomplish this task by
listening for traffic on a specified IP address. Listening is a process in which
a component, such as a listener, passively checks incoming traffic and
initiates an action only if a packet matches a set of criteria. Each listener that
you define listens for DNS packets on port 53.
The Global Traffic Manager then handles only network traffic sent to that IP
address. The IP address that you supply for a listener typically is the IP
address you assigned to the Global Traffic Manager. If the Global Traffic
Manager must manage traffic across several VLANs, you can select each
VLAN through the VLAN Traffic list.
To configure a listener
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Listeners.
The main listener screen opens.
2. Click the Create button.
The New Listener screen opens.
3. In the Destination box, type the IP address on which the Global
Traffic Manager will listen for network traffic.
The Global Traffic Manager will handle only network traffic sent to
this IP address. In typical configurations, the IP address for a
listener is the IP address assigned to the Global Traffic Manager.
4. From the VLAN Traffic list, select a VLAN setting appropriate for
this listener.
For additional assistance with this setting, please see the online help.
5. Click the Finished button to save the new listener.
For more information on managing and maintaining listeners, see Chapter 4,
Working with Listeners.
2-2
Essential Configuration Tasks
Note
2-4
Essential Configuration Tasks
Note
You must configure at least one data center before you can add servers to
the global traffic configuration.
When you add servers to the global traffic configuration, you assign the
servers to the appropriate data centers.
Setting up servers
The Global Traffic Manager can manage many different server types. The
server types fall into three main categories: BIG-IP systems, load balancing
hosts, and non-load balancing hosts. The server categories each contain
multiple server types. Please see Managing servers, on page 5-5, for a list of
the available server types.
At the minimum, you must set up the following servers within the Global
Traffic Manager:
• The current Global Traffic Manager. You must set up the Global Traffic
Manager as a server within the configuration. This configuration allows
the system to gather information correctly, and ensures that its own
settings are shared with other Global Traffic Managers during
synchronization tasks.
• A server of any other type.
• One or more virtual servers, depending on whether the servers you added
load balance across multiple sources.
2-6
Essential Configuration Tasks
You can repeat this process for any additional Global Traffic Managers on
the network. This process is mandatory if you want to synchronize the
settings of multiple Global Traffic Managers.
Defining servers
After you have defined the current Global Traffic Manager as a server, you
can add any number of additional servers. Servers fall into two main
categories:
• Load balancing servers. These servers, like the Local Traffic Manager,
balance connection requests across multiple resources, or virtual servers.
• Non-load balancing servers. These servers are resources on your
network. Connection requests for these resources are not load balanced.
You can apply the same steps for creating both load balancing and non-load
balancing servers to the Global Traffic Manager.
To define a server
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Servers.
The main servers screen opens.
2. Click the Create button.
The New Server screen opens.
3. In the Name box, type an identifying name for the server.
4. From the Product list, select a server type.
If you cannot find a specific type in the list, select either Generic
Load Balancer or Generic Host, depending on whether the server
load balances connection requests.
5. From the Data Center list, select a data center where this server
resides.
6. Configure the other server settings.
Please see the online help for additional information on the various
settings available when defining a server.
7. Click the Create button to create the new server.
The server is added to your configuration.
Setting up pools
When you add multiple virtual servers into the Global Traffic Manager, you
can combine them into specific groups, called pools. The Global Traffic
Manager can then load balance across the virtual servers in each pool,
ensuring the best possible response for each connection request.
A pool must contain at least one pool member. Pool members are virtual
servers that represent either a load balancing server, such as a Local Traffic
Manager, or a stand-alone host.These resources can be either virtual servers
managed with a Local Traffic Manager or other system, or a stand-alone
host.
To set up a pool
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Pools.
The main pools screen opens.
2. Click the Create button.
The New Server screen opens.
3. In the Name box, type a name that identifies the pool.
4. In the Member List area, add the appropriate virtual servers.
5. Configure the rest of the pool settings as needed.
For additional help with these settings, please see the online help.
6. Click the Finished button to save the new pool.
For detailed information on managing and maintaining pools, see Setting up
pools, on page 6-3.
2-8
Essential Configuration Tasks
To set up a wide IP
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Wide IPs.
The main wide IP page opens.
2. Click the Create button.
The New Wide IP screen opens.
3. In the Name box, type a name that identifies the wide IP.
4. In the Member List area, add the appropriate pools.
5. Configure the rest of the wide IP settings as needed.
For additional help with these settings, please see the online help.
6. Click the Finished button to save the new wide IP.
For detailed information on managing and maintaining wide IPs, see Setting
up wide IPs, on page 6-9.
2 - 10
Essential Configuration Tasks
4. From the Virtual Server list, click the name of the virtual server.
The properties screen for that virtual server opens.
5. In the Health Monitors area, select the appropriate health monitors
from the Available list and use the Move buttons provided to move
them to the Selected list.
6. Click the Finished button to save the updated server.
2 - 12
3
Communicating with External Systems
Protocols iQuery
3-2
Communicating with External Systems
Securing communications
In order for the Global Traffic Manager to communicate with another
BIG-IP system, two criteria must be met:
• The Global Traffic Manager must be able to authenticate with the BIG-IP
system
• The BIG-IP system must be able to authenticate with the Global Traffic
Manager
To meet these two criteria, the Global Traffic Manager employs SSL
certificate authentication. This type of authentication involves a SSL
certificate, along with a corresponding key. When the Global Traffic
Manager needs to communicate with another BIG-IP system, that system
first informs the Global Traffic Manager that it must authenticate using a
specific SSL certificate.
In this type of authentication scenario, there are two roles: a client role and a
server role. Each role must complete the authentication process; it is not
enough, for example, for a client, such as the Global Traffic Manager, to
authenticate itself to a server, such as a Local Traffic Manager. That
external server must also authenticate its role with the client as well. This
configuration ensures that both systems can trust each other’s information. It
is important to note that this type of authentication occurs on a per-role
basis. If, in another exchange of information, the Global Traffic Manager
fills a server role, then it must be able to authenticate itself as a server. The
authentication offered when it filled the client role is no longer sufficient.
Note
Through the big3d_install script, you specify the IP addresses of any Local
Traffic Managers with which the Global Traffic Manager must
communicate. This script then accomplishes two tasks:
• It adds the SSL certificate to the client.crt file of the Local Traffic
Manager.
• It acquires the SSL certificate of the Local Traffic Manager, and adds
that it to the server.crt file for the Global Traffic Manager.
• It installs the big3d utility on the ssytem.
3-4
Communicating with External Systems
After the big3d_install script completes these tasks, the Global Traffic
Manager and the specified Local Traffic Managers can exchange
information. The Global Traffic Manager is authorized to fill the client role
in the exchange, while the Local Traffic Manager is authorized to fill the
server role.
Note
You must run the big3d_install script for the Global Traffic Manager to
communicate with other BIG-IP systems.
3-6
Communicating with External Systems
Note: You can only upload a certificate file if you are replacing the
existing file. You cannot upload a file if you want to append the
certificate to an existing file.
5. If you chose to replace the existing certificate file, select whether
you want to paste the certificate or upload it as a file.
• If you exported the certificate through copying it from the
external system, enable the Paste Text option.
A box appears in which you can paste the certificate.
• If you saved the certificate as a file, enable the Upload File
option. You can then either type the path to the file manually, or
use the Browse button to navigate to the file’s location.
The script logs into the specified Global Traffic Manager and acquires its
configuration files, including relevant SSL certificates. You can then add the
Global Traffic Manager to the appropriate synchronization group.
3-8
Communicating with External Systems
Protocols SNMP
3 - 10
4
Working with Listeners
• Introducing listeners
• Selecting listeners
• Setting up listeners
Introducing listeners
As traffic flows across your network, it is necessary to identify what traffic
is relevant to your Global Traffic Managers for load balancing and other
operations. A listener is a specialized resource that is assigned a specific IP
address. When traffic is sent to that IP address, the listener alerts the Global
Traffic Manager, allowing it to forward the traffic to the appropriate
resource.
The IP address that you assign to a listener depends on the following
criteria:
• The configuration of the Global Traffic Managers and Local Traffic
Managers in the data center
• The number of VLANs (if any) on which the Global Traffic Manager is
load balancing data
Listeners have another important role beyond just identifying the network
packets that are relevant to the Global Traffic Manager: listeners also
determine the operation mode in which the Global Traffic Manager
operates. An operation mode defines the specific role or function the Global
Traffic Manager servers on the network. These modes are:
Node
The node mode is the traditional installation of the Global Traffic
Manager. In this mode, the Global Traffic Manager replaces a DNS
server in a network and uses the DNS server’s IP address. All DNS
traffic is directed at the Global Traffic Manager because it is registered
with InterNIC as authoritative for the domain. In node mode, you usually
run BIND on the system to manage DNS zone files. Also, you may use
the ZoneRunner module included with the Global Traffic Manager to
manage your zone files.
Bridge
In bridge mode, the Global Traffic Manager acts as an IP bridging device
by forwarding packets between two LAN segments (usually on the same
IP subnet). The system usually has one IP address, and is installed
between the router or switch, and the authoritative DNS server. The
Global Traffic Manager does not replace the authoritative DNS server.
The Global Traffic Manager filters all DNS packets that match wide IPs,
and forwards the remaining packets to the authoritative DNS server for
resolution. Note that this may be the preferred method of using the
Global Traffic Manager because you do not have to replace the
authoritative DNS server, and you can perform out-of-band testing
before you deploy Global Traffic Manager software upgrades.
Router
In router mode, the Global Traffic Manager acts as a router by
forwarding packets between two different IP subnets. You can put the
Global Traffic Manager anywhere in the network topology so that
packets destined for the authoritative DNS server have to pass through it.
Router mode requires at least two IP addresses and two VLANs. This
mode is probably most useful for Internet service providers (ISPs) that
want to redirect traffic to local content servers. For example, if you use
the Global Traffic Manager in router mode, an ISP can redirect requests
for ads.siterequest.net to a local ad server.
Selecting listeners
A listener is a specialized resource that forwards data sent to a specific IP
address to the Global Traffic Manager. Selecting the correct listener is
important; if the listener is configured to the wrong IP address, the Global
Traffic Manager will not be aware of the data for which it is responsible.
The IP address you assign to a listener generally depends on what BIG-IP
systems are in the data center. How you select a listener depends on the
operation mode you want the Global Traffic Manager to use. You can select
either node, bridge, or router mode, as described in Introducing listeners, on
page 4-1.
4-2
Working with Listeners
See Setting up listeners, on page 4-4 for more information on the steps
needed to set up a listener.
Setting up listeners
The Global Traffic Manager handles only network traffic sent to the IP
address specified for any listeners that you create. The IP address that you
supply for a listener typically is the IP address you assigned to the Global
Traffic Manager.
In most situations, a Global Traffic Manager is responsible for traffic that
traverses multiple VLANs. Consequently, you can configure a listener to
monitor as many or as few VLANs as necessary. See VLANs and listeners,
on page 4-6 for more information.
Common tasks you will perform while working with listeners include:
Configuring listeners
Modifying listeners
Deleting listeners
To set up a listener
1. On the Main tab in the navigation pane, expand Global Traffic and
then click Listeners.
The main listeners screen opens.
2. Click the Create button.
The new listener screen opens.
3. In the Destination box, type the IP address on which the Global
Traffic Manager will listen for network traffic.
4. From the VLAN Traffic list, select a VLAN setting appropriate for
this listener. For additional assistance with this setting, please see
the online help.
5. Click the Finished button to save the new listener.
Modifying listeners
After you create a listener, you can access its settings, changing them as
needed. Common instances in which you need to modify a listener include
adding an additional VLAN, or modifying the IP address of the listener.
To modify a listener
1. On the Main tab in the navigation pane, expand Global Traffic and
then click Listeners.
The main listeners screen opens.
2. Click the name of the listener.
The properties screen for that listener appears.
4-4
Working with Listeners
Deleting listeners
In the event that a listener is no longer needed within the Global Traffic
Manager, you can delete it.
To delete a listener
1. On the Main tab in the navigation pane, expand Global Traffic and
then click Listeners.
The main listeners screen opens.
2. Check the Select check box that corresponds to the listener entry.
3. Click the Delete button.
A confirmation screen appears.
4. Click the Delete button to delete the listener.
For more information about BIG-IP systems and VLANs, see the
Configuration Guide for Local Traffic Management.
4-6
Working with Listeners
4-8
5
Defining the Physical Network
• Managing servers
• Managing links
Defining the Physical Network
A data center defines the group of Global Traffic Managers, Local Traffic
Managers, and host systems that reside in a single physical location. Within
the Global Traffic Manager, a data center contains at least one server and
one link. Every resource, whether physical or logical, is associated in some
way with a data center.
A server defines a specific system on the network. A system can be a single
Global Traffic Manager, Local Traffic Manager, or host system. Within the
Global Traffic Manager, a server, with the exception of Global Traffic
Managers and Link Controllers, must also contain at least one virtual server.
A virtual server, in the context of the Global Traffic Manager, is a
combination of IP address and port number that points to a specific resource
on the network.
A link defines a physical connection to the Internet. Links are associated
with one or more routers on the network. The Global Traffic Manager tracks
the performance of links, which in turn can dictate the overall availability of
a given pool, data center, wide IP, or distributed application.
This chapter describes how to define the physical components that make up
your network, including setting up data centers, servers, and links.
5-2
Defining the Physical Network
• State. The state of the data center. Available options are Enabled or
Disabled.
2. Check the Select check box that corresponds to the data center that
you want to delete.
3. Click the Delete button.
A confirmation screen opens.
4. Click the Delete button to delete the data center.
You can enable or disable a data center manually, allowing you to remove a
data center temporarily from the Global Traffic Manager’s load balancing
operations; for example, during a maintenance period. When the
maintenance period has ended, you can enable the data center, allowing the
Global Traffic Manager to consider the resources of that data center when
load balancing connection requests.
5-4
Defining the Physical Network
Managing servers
A server defines a specific system on the network. In the Global Traffic
Manager, servers are not only physical entities that you can change and
modify as needed; they also house the virtual servers that are the ultimate
destinations of name resolution requests. In essence, servers are the core of
the physical components that you manage with the Global Traffic Manager.
The Global Traffic Manager supports three types of servers:
BIG-IP systems
A BIG-IP system can be a Global Traffic Manager (including the current
Global Traffic Manager), a Local Traffic Manager, or a Link Controller.
Third-party load balancing systems
A third-party load balancing system is any system, other than a BIG-IP
system, that supports and manages virtual servers on the network. See
Defining load balancing servers, on page 5-9 for information on how to
define these servers and a list of supported load balancing servers.
Third-party host servers
A third-party host system is any server resource on the network that does
not support virtual servers. See Defining host servers, on page 5-11 for
information on how to define these servers and a list of supported host
servers.
At a minimum, you must set up the following servers on your Global Traffic
Manager:
• Your current Global Traffic Manager
• A managed server (either a load balancing server or a host)
This section describes how to set up each server type in your network. The
setup procedures here assume that the servers are up and running in the
network, and that they already have virtual servers defined (if the server
manages virtual servers).
which is the Global Traffic Manager that you are currently configuring. The
second type of Global Traffic Managers is subsequent Global Traffic
Managers, which include backup systems on the current network segment,
or systems that reside at another data center. The information you provide
on these systems allows the agents and other utilities, such as the big3d
agent, to gather and analyze path and metrics information on network traffic.
In addition, adding Global Traffic Managers as part of defining the physical
network is necessary when you want to synchronize the settings across
multiple systems.
Important
If you have multiple Global Traffic Managers on your network, we
recommend that you define the current Global Traffic Manager first,
followed by any additional systems.
5-6
Defining the Physical Network
Regardless of whether the Local Traffic Manager shares the same hardware
as the Global Traffic Manager, you should ensure that you have the
following information available before you define the system:
• The self IP addresses and translations of the Local Traffic Manager’s
interfaces
• The IP address and service name or port number of each virtual server
managed by the Local Traffic Manager, only if you do not want to use
auto-configuration to discover the Local Traffic Manager’s virtual
servers
Important
If your installation of the Global Traffic Manager resides on the same
system as a Local Traffic Manager, you define only one BIG-IP server. This
server entry represents both the Global Traffic Manager and Local Traffic
Manager modules.
5-8
Defining the Physical Network
Note
If your network uses a load balancing server not found on this list, you can
use the Generic Load Balancer option. See Using the generic load balancer
option, on page 5-10.
5 - 10
Defining the Physical Network
Note
If your network uses a host server not found on this list, you can use the
Generic Load Balancer option. See Using the generic host server option, on
page 5-12.
5 - 12
Defining the Physical Network
If the server is not part of the BIG-IP product family, such as a generic host
server, the available thresholds are:
• CPU
• Memory
• Bits
• Packets
• Current Connections
Note
You can also set limits thresholds on virtual server resources. If a server
meets or exceeds its limits settings, both the server and the virtual servers it
manages are marked as unavailable for load balancing. You can quickly
review the availability of any of your servers or virtual servers in the
Statistics screens.
5 - 14
Defining the Physical Network
4. For Limit Settings, select Enabled from the list that corresponds to
the threshold you want to use.
A new setting appears.
5. Type the appropriate value for each threshold.
6. Click the Update button to save your changes.
Note
You can also set limits thresholds on pool members. If a pool meets or
exceeds its limits settings, both the pool and the pool members it manages
are marked as unavailable for load balancing. You can quickly review the
availability of any of your pools or pool members in the Statistics screens.
5 - 16
Defining the Physical Network
Disabled
When the Discovery setting is set to Disabled, the Global Traffic
Manager does not collect any configuration information from the
relevant system in the network. Instead, you must make all changes to the
configuration manually. This is the default setting.
Enabled
When the Discovery setting is set to ON, the Global Traffic Manager
polls the relevant system every 30 seconds to update the configuration
information for those systems. Any changes, additions, or deletions are
then made to the controller's configuration.
Enabled/No Delete
When the Discovery setting is set to Enabled/No Delete, the Global
Traffic Manager polls the relevant system in the network every 30
seconds to update the configuration information for those systems. Any
changes or additions are then made to the controller's configuration. Any
deletions in the configuration are ignored. This setting is helpful if you
want to take systems in and out of service without modifying the Global
Traffic Manager configuration.
One-time Discovery
When the Discovery setting is set to One-time Discovery, the Global
Traffic Manager polls the relevant system once to update the
configuration information for that system. After this initial discovery, the
Global Traffic Manager does not poll the system for changes that might
have occurred. This feature is useful when you are first installing the
Global Traffic Manager on the network and you have a lot of resources
to add in, but do not want to have the discovery feature on continually.
Depending on the server you are configuring, you have two discovery
options available:
• On BIG-IP Systems, specifically Local Traffic Managers, you can enable
discovery for virtual servers and links.
• On load balancing servers, you can enable discovery for virtual servers
only.
To discover links
You can enable discovery for links only on BIG-IP systems.
1. On the Main tab of the navigation pane, expand Global Traffic and
click Servers.
The main screen for servers opens.
2. Click the name of the server for which you want to discover links.
The properties screen for that server opens.
3. On the menu bar, click Virtual Servers.
The virtual servers screen opens.
4. From the Link Discovery option, select the appropriate setting.
5. Click the Update button to save your changes.
5 - 18
Defining the Physical Network
5 - 20
Defining the Physical Network
Managing links
A link defines a physical connection to the Internet that is associated with
one or more routers on the network. When you configure the links that you
want to load balance in the Global Traffic Manager. you add a link entry
into the Global Traffic Manager and associating one or more routers with
that entry. In addition, you can also configure monitors to check certain
metrics associated with the link, and modify how the Global Traffic
Manager selects a link for network traffic
You can interact with links in the Global Traffic Manager in a variety of
ways. You can:
• Define a link
• Add routers to a link
• Assign monitors to a link
• Configure link weighting and billing properties
Defining links
Before you can load balance inbound and outbound traffic, you must
configure the basic link properties. The following procedure describes how
to configure the basic properties of a link.
To configure a link
1. On the Main tab of the navigation pane, expand Global Traffic and
click Links.
The main screen for links opens.
2. In the Name box, type a name that identifies the link.
3. For Router Address List, add the router address of the link.
To add the router address, type the address in the Address box, and
then click Add. You can add more than one address to any given
link, depending on how that server interacts with the rest of your
network.
4. From the Data Center list, select the appropriate data center.
A link must be associated with a data center.
5. Configure the other link options as needed.
For detailed information on these options, See the online help.
6. Click the Create button to create the link.
5 - 22
Defining the Physical Network
Important
You can use either the price weighting option or the ratio weighting option
to load balance your link traffic for all of your links. You cannot use both
options. Regardless of which weighting option you use, you must use the
same weighting option for all links.
5 - 24
6
Defining the Logical Network
• Setting up pools
Note
If one of these virtual servers was managed by a load balancing server, the
IP address and port number would likely point to a proxy on which the load
balancing server listened for connection requests. In that case, the load
balancing server would manage the connection to the appropriate resource.
6-2
Defining the Logical Network
Setting up pools
A pool represents one or more virtual servers that share a common role on
the network. A virtual server, in the context of the Global Traffic Manager,
is a combination of IP address and port number that points to a specific
resource on the network.
The Global Traffic Manager considers any virtual servers that you add to a
pool to be pool members. A pool member is a virtual server that has specific
attributes that pertain to the virtual server only in the context of that pool.
Through this differentiation, you can customize settings, such as thresholds,
dependencies, and health monitors, for a given virtual server on a per-pool
basis.
As an example of the difference between pool members and virtual servers,
consider the fictional company SiteRequest. In the London data center, the
IT team has a virtual server that acts as a proxy for a Local Traffic Manager.
This virtual server provides the main resources for name resolution requests
for the company’s main Web page that originate from Europe. This same
virtual server provides backup resources for name resolution requests that
originate from the United States. Because these are two distinctly different
roles, the virtual server is a pool member in two different pools. This
configuration allows the IT team to customize the virtual server for each
pool to which it belongs, without modifying the actual virtual server itself.
As described in Chapter 5, Defining the Physical Network, you can add
virtual servers to the Global Traffic Manager only by first defining a server
that represents a physical component of your network. Once you add these
virtual servers, however, you can divide them into as many or as few pools
as needed.
You interact with pools in a variety of ways. You can:
• Define pools
• Add virtual servers to pools
• Remove virtual servers from pools
• Organize virtual servers within pools
• Weight virtual servers within pools
• Disable or enable pools
Defining pools
The first step in working with pools is defining them. The basic definition of
a pool is a name and at least one virtual server. You can expand on this
definition by assigning specific load balancing methods, a fallback IP
address (in the event that the load balancing methods fail to return a valid
virtual server), and one or more health monitors, which use various methods
to determine if the virtual servers within the pool are available.
To define a pool
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Pools.
The main pools screen opens.
2. Click the Create button.
3. In the Name box, type a name for the pool.
4. In the Members area, for Member List, add the virtual servers that
belong to this pool.
Note that a virtual server can belong to more than one pool.
5. Configure the remaining pool settings.
For additional assistance with these settings, please see the online
help.
6. Click the Finished button to save the new pool.
Repeat this process for each pool that you want to create.
6-4
Defining the Logical Network
6. Click the Finished button to update the pool with the new virtual
server.
Global Traffic Manager to select the first virtual server in the pool until it
reaches capacity or goes offline, at which point it selects the next virtual
server until the first pool becomes available again.
See Chapter 7, Load Balancing with the Global Traffic Manager for more
information on load balancing methods that the Global Traffic Manager
supports.
If you use one of these load balancing methods, you may want to arrange the
order in which virtual servers are listed in a pool at any time. When you
organize your virtual servers in conjunction with these load balancing
methods, you can ensure that your most robust virtual server always
receives resolution requests, while the other virtual servers act as backups in
case the primary virtual server becomes unavailable.
6-6
Defining the Logical Network
Notice that the total of all the weights in this pool is 100. Each time the
Global Traffic Manager selects this pool, it load balances across all three
virtual servers. Over time, the load balancing statistics for this pool will
appear as follows:
• Virtual server 1: selected 50 percent of the time
• Virtual server 2: selected 25 percent of the time
• Virtual server 3: selected 25 percent of the time
This pattern exists because the weight value, 50, is 50 percent of the total
weight for all virtual servers (100), while the weight value, 25, is 25 percent
of the total.
For information on the Ratio mode and other load balancing methods, see
Chapter 7, Load Balancing with the Global Traffic Manager.
6. In the Ratio box, type a numerical value that represents the weight
of the virtual server as compared to other virtual servers within the
same pool. The higher the value in this setting, the greater the
frequency at which the Global Traffic Manager selects the virtual
server.
7. Click the Add button to add the virtual server, with ratio value, to
the pool.
8. Click the Finished button to save your changes.
To disable a pool
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Pools.
The main pools screen opens.
2. Check the Select box for the pool that you want to enable.
3. Click the Disable button.
After a few seconds, the pool becomes disabled. You can verify that
the pool is disabled by looking at its status icon, located in the
Status column in the table of pools. The status of a disabled pool is a
black square.
To enable a pool
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Pools.
The main pools screen opens.
2. Check the Select check box for the pool that you want to enable.
3. Click the Enable button.
After a few seconds, the pool becomes enabled. The status icon of
the pool, located in the Status column in the table of pools, will
change to reflect the current availability of the pool. For example, a
pool that is enabled and verified as available by the Global Traffic
Manager will have a status icon of a green circle.
6-8
Defining the Logical Network
To define a wide IP
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Wide IPs.
The wide IP screen opens.
2. Click the Create button.
The New Wide IP screen opens.
3. In the Name box, type the fully-qualified domain name for the wide
IP.
4. In the Pools section, use the Pool List option to add the pools that
belong to this wide IP.
Note that a pool can belong to more than one wide IP.
5. Configure the remaining wide IP settings.
For additional assistance with these settings, please see the online
help.
6. Click the Finish button to save the new wide IP.
Repeat this process for each wide IP that you want to create.
The asterisk ( * )
• You can use the asterisk to replace multiple consecutive characters,
with the exception of dots ( . ).
• You can use more than one asterisk in a wide IP name or alias.
• You can use both the question mark and the asterisk in the same wide
IP name or alias.
The following examples are all valid uses of the wildcard characters for the
wide IP name, www.mydomain.net.
• ???.mydomain.net
• www.??domain.net
• www.my*.net
• www.??*.net
• www.my*.*
• ???.my*.*
• *.*.net
• www.*.???
Note
6 - 10
Defining the Logical Network
Repeat this process for each pool that you want to add to the wide IP.
Repeat this process for each pool that you want to remove from the wide IP.
6 - 12
Defining the Logical Network
Notice that the total of all the weights in this wide IP is 100. Each time the
Global Traffic Manager selects this wide IP, it load balances across all three
pools. Over time, the load balancing statistics for this wide IP will appear as
follows:
• Pool 1: selected 50 percent of the time
• Pool 2: selected 25 percent of the time
• Pool 3: selected 25 percent of the time
This pattern exists because the weight value, 50, is 50 percent of the total
weight for all pools, while the weight value, 25, is 25 percent of the total.
For information on the Ratio mode and other load balancing methods, see
Chapter 7, Load Balancing with the Global Traffic Manager.
To disable a wide IP
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Wide IPs.
The Wide IPs screen opens.
2. Check the Select box for the wide IP that you want to disable.
3. Click the Disable button.
After a few seconds, the wide IP becomes disabled. You can verify
that the wide IP is disabled by looking at its status icon, located in
the Status column in the table of wide IPs. The status of a disabled
wide IP is a black square.
To enable a pool
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Wide IPs.
The wide IP screen opens.
2. Check the Select check box for the wide IP that you want to enable.
3. Click the Enable button.
After a few seconds, the wide IP becomes enabled. The status icon
of the pool, located in the Status column in the table of wide IP, will
change to reflect the current availability of the wide IP. For
example, a wide IP that is enabled and verified as available by the
Global Traffic Manager will have a status icon of a green circle.
Incorporating iRules
Wide IPs also support iRules for further managing and directing network
traffic. An iRule is a set of one or more Tcl-based expressions that direct
network traffic beyond load balancing operations.
6 - 14
Defining the Logical Network
For example, the iRule in the following figure redirects a connection request
to a wide IP using HTTP to one using HTTP over SSL (HTTPS):
rule redirect_iRule
{
when HTTP_REQUEST
{
HTTP::redirect https://[HTTP:host][HTTP:uri]
}
}
For information on creating iRules, please see Chapter 15, Writing iRules.
Repeat this process for each iRule that you want to remove from the wide
IP.
6 - 16
Defining the Logical Network
Repeat this process until the iRules are listed in the necessary order.
You can work with distributed applications in a variety of ways. You can:
• Define distributed applications
• Add wide IPs to distributed applications
• Remove wide IPs from distributed applications
• Set dependencies
• Enable and disable distributed application traffic
• Enable persistent connections
6 - 18
Defining the Logical Network
4. Use the Member List settings to add the wide IPs that belong to this
distributed application.
Note that a wide IP can belong to only one distributed application.
For more information on wide IPs, see Setting up wide IPs, on page
6-9.
5. Configure the remaining distributed application settings.
For additional assistance with these settings, please see the online
help.
6. Click the Finish button to create the distributed application.
Repeat this process for each distributed application that you want to create.
Note
might be removed because it has been replaced with a newer one. Removing
a wide IP does not delete it from the Global Traffic Manager; it remains
available to the Global Traffic Manager when load balancing connection
requests.
Repeat this process for each wide IP that you want to add to the distributed
application.
6 - 20
Defining the Logical Network
Note
Note
6 - 22
Defining the Logical Network
6 - 24
7
Load Balancing with the Global Traffic
Manager
For each pool that you manage, the Global Traffic Manager supports three
types of load balancing methods: preferred, alternate, and fallback. The
preferred load balancing method is the load balancing mode that the system
will attempt to use first. If the preferred method fails to provide a valid
resource, the system uses the alternate load balancing method. Should the
alternate load balancing method also fail to provide a valid resource, the
system uses the fallback method.
One of the key differences between the alternate methods and the other two
load balancing methods is that only static load balancing modes are
available from the alternate load balancing list. This limitation exists
because dynamic load balancing modes, by definition, rely on metrics
collected from different resources. If the preferred load balancing mode does
not return a valid resource, it is highly likely that the Global Traffic
Manager was unable to acquire the proper metrics to perform the load
balancing operation. By limiting the alternate load balancing options to
static methods only, the Global Traffic Manager can better ensure that,
should the preferred method prove unsuccessful, the alternate method will
return a valid result.
Note
You can select static and dynamic load balancing modes for the fallback
load balancing method.
Table 7.1 shows a complete list of the supported load balancing modes, and
indicates where you can use each mode in the Global Traffic Manager
configuration. The following sections in this chapter describe how each load
balancing mode works.
Use for wide IP Use for preferred Use for alternate Use for fallback
Load Balancing mode load balancing method method method
Completion Rate X X
Global Availability X X X X
Hops X X
Kilobytes/Second X X
Least Connections X X
None X X
Packet Rate X X X
Quality of Service X X
Ratio X X X X
Return to DNS X X X
Round Robin X X X X
Static Persist X X X
Topology X X X X
CPU X X
Fallback IP X X X
7-2
Load Balancing with the Global Traffic Manager
Use for wide IP Use for preferred Use for alternate Use for fallback
Load Balancing mode load balancing method method method
Drop Packet X X X
Connection Rate X X X
VS Capacity X X X
The None and Return to DNS load balancing modes are special modes that
you can use to skip load balancing under certain conditions. The other static
load balancing modes perform true load balancing as described in the
following sections.
Note
We recommend that you use the Drop Packet load balancing mode only for
the fallback method. The Global Traffic Manager uses the fallback method
when the preferred and alternate load balancing modes do not provide at
least one virtual server to return as an answer to a query.
Fallback IP
When you specify the Fallback IP mode, the Global Traffic Manager returns
the IP address that you specify as the fallback IP as an answer to the query.
Note that the IP address that you specify is not monitored for availability
before being returned as an answer. When you use the Fallback IP mode,
you can specify a disaster recovery site to return when no load balancing
mode returns an available virtual server. We recommend that you use the
Fallback IP load balancing mode only for the fallback method. The Global
7-4
Load Balancing with the Global Traffic Manager
Traffic Manager uses the fallback method when the preferred and alternate
load balancing modes do not provide at least one virtual server to return as
an answer to a query.
None mode
The None load balancing mode is a special mode you can use if you want to
skip the current load balancing method, or skip to the next pool in a multiple
pool configuration. For example, if you set an alternate method to None in a
pool, the Global Traffic Manager skips the alternate method and
immediately tries the load balancing mode specified as the fallback method.
If the fallback method is set to None, and you have multiple pools
configured, the Global Traffic Manager uses the next available pool.
You could also use the mode to limit each pool to a single load balancing
mode. For example, you would set the preferred method in each pool to the
desired load balancing mode, and then you would set both the alternate and
fallback methods to None in each pool. If the preferred method fails, the
None mode in both the alternate and fallback methods forces the Global
Traffic Manager to go to the next pool for a load balancing answer.
Ratio mode
The Ratio load balancing mode distributes connections among a pool of
virtual servers as a weighted round robin. Weighted round robin refers to a
load balancing pattern in which the Global Traffic Manager rotates
connection requests among several resources based on a priority level, or
weight, assigned to each resource. For example, you can configure the Ratio
mode to send twice as many connections to a fast, new server, and only half
as many connections to an older, slower server.
The Ratio load balancing mode requires that you define a ratio weight for
each virtual server in a pool, or for each pool if you are load balancing
requests among multiple pools. The default ratio weight for a server or a
pool is set to 1.
Topology mode
The Topology load balancing mode allows you to direct or restrict traffic
flow by adding topology records to a topology statement in the
configuration file. When you use the Topology load balancing mode, you
can develop proximity-based load balancing. For example, a client request
in a particular geographic region can be directed to a data center or server
within that same region. The Global Traffic Manager determines the
proximity of servers by comparing location information derived from the
DNS message to the topology records.
This load balancing mode requires you to do some advanced configuration
planning, such as gathering the information you need to define the topology
records. The Global Traffic Manager contains an IP classifier that accurately
maps local DNS servers, so when you create topology records, you can refer
to continents and countries, instead of IP subnets.
See Chapter 9, Working with Topologies, for detailed information about
working with this and other topology features.
7-6
Load Balancing with the Global Traffic Manager
CPU mode
The CPU load balancing mode selects the virtual server that currently has
the most CPU processing time available to handle name resolution requests.
Hops mode
The Hops load balancing mode is based on the traceroute utility, and tracks
the number of intermediate system transitions (router hops) between a client
LDNS and each data center. Hops mode selects a virtual server in the data
center that has the fewest router hops from the Local DNS.
Kilobyte/Second mode
The Kilobytes/Second load balancing mode selects a virtual server that is
currently processing the fewest number of kilobytes per second.
Note
You can use the Kilobytes/Second mode only with servers for which the
Global Traffic Manager can collect the kilobytes per second metric.
See Chapter 14, Collecting Metrics, for details on the metrics the Global
Traffic Manager collects.
7-8
Load Balancing with the Global Traffic Manager
• Packet rate
• Topology
• Link Capacity
• VS Capacity
• Kilobytes/Second
VS Capacity mode
The VS Capacity load balancing mode creates a list of the virtual servers,
weighted by capacity, then picks one of the virtual servers from the list. The
virtual servers with the greatest capacity are picked most often, but over
time all virtual servers are returned. If more than one virtual server has the
same capacity, then the Global Traffic Manager load balances using the
Round Robin mode among those virtual servers.
Example Higher or
Coefficient How measured Default value upper limit lower?
If you change the default QOS coefficients, keep the following issues in
mind.
Scale
The raw metrics for each coefficient are not on the same scale. For
example, completion rate is measured in percentages, while the packet
rate is measured in packets per second.
Normalization
The Global Traffic Manager normalizes the raw metrics to values in the
range of 0 to10. As the QOS value is calculated, a high measurement for
completion rate is good, because a high percentage of completed
connections are being made, but a high value for packet rate is not
desirable because the packet rate load balancing mode attempts to find a
virtual server that is not overly taxed at the moment.
• Emphasis
You can adjust coefficients to emphasize one normalized metric over
another. For example, consider the following QOS configuration:
7 - 10
Load Balancing with the Global Traffic Manager
In this configuration, if the completion rates for two virtual servers are
close, the virtual server with the best packet rate is chosen. If both the
completion rates and the packet rates are close, the round trip time (RTT)
breaks the tie. In this example, the metrics for Topology, Hops, Link
Capacity, VS Capacity, and Kilobytes/Second modes are not used in
determining how to distribute connections.
Note
You cannot set a value for both the Round Trip Time and Hops settings
simultaneously. In situations where the Global Traffic Manager has a value
for both settings, the Round Trip Time value is incorporated, while the value
for the Hops setting is reset to 0.
Note
7 - 12
Load Balancing with the Global Traffic Manager
7 - 14
Load Balancing with the Global Traffic Manager
Note
If you do not want the Global Traffic Manager to return an address that is
potentially unavailable, We recommend that you set the Fallback load
balancing method to None.
The Global Traffic Manager contains several options that help you control
how the system will respond when using a fallback load balancing setting.
These options allow you to:
• Configure the fallback load balancing method
• Configure the fallback IP load balancing mode
In addition, you can also configure how the Global Traffic Manager treats
the address exclusion list when using the fallback load balancing method.
The address exclusion list consists of Local Domain Name System (LDNS)
servers that the Global Traffic Manager does not probe for metrics data.
Load balancing modes that use this data include the Round Trip Time,
Completion Rate, and other dynamic modes. With the fallback load
balancing mode, you can determine if the system respects this list or ignores
it.
Note
For additional information on the address exclusion list, see Chapter 14,
Collecting Metrics.
7 - 16
Load Balancing with the Global Traffic Manager
The Ignore Traffic TTL option instructs the Global Traffic Manager to use
path information gathered during metrics collection even if the time-to-live
value for that information has expired. This option is often used when you
want the Global Traffic Manager to continue using a dynamic load
balancing mode even if some metrics data is temporarily unavailable, and
you would prefer the Global Traffic Manager to use old metric data than
employ an alternate load balancing method. This option is disabled by
default.
The Verify Virtual Server Availability option instructs the Global Traffic
Manager to verify that a virtual server is available before returning it as a
response to a name solution request. If this option is disabled, the system
responds to a name resolution request with the virtual server’s IP address
regardless as to whether the server is up or down. This option is rarely
deactivated outside of a test or staging environment, and is enabled by
default.
7 - 18
8
Managing Connections
As the preceding list illustrates, the health of a resource does not necessarily
impact the availability of that resource. For example, a virtual server that
has a red status code could still be selected by the Global Traffic Manager.
8-2
Managing Connections
The following sections describe each of these methods and how you can
configure them within the Global Traffic Manager.
4. For each limit setting you want to configure, select Enabled from
the corresponding list.
The screen refreshes to show a box in which you can type a value
for the limit setting.
5. Type the value for each limit setting in the corresponding box.
6. Click the Update button to save your changes.
8-4
Managing Connections
8-6
Managing Connections
8-8
Managing Connections
8 - 10
Managing Connections
Note
The Drain Persistent Requests option applies only when you manually
disable the pool. It does not apply when the pool becomes offline for any
other reason.
8 - 12
9
Working with Topologies
• Overview of topologies
Overview of topologies
As the name implies, the Global Traffic Manager handles name resolution
requests at an international level. Consequently, one of the methods you can
employ to load balance requests is through the use of topologies. A topology
is a set of characteristics that identify the origin of a given name resolution
request. In the Global Traffic Manager, topologies fall into several
categories, including:
• Continent
• Country
• IP Subnet
• ISP
Understanding topologies
A fictional company, SiteRequest, allows its customers to download
applications from its web site. SiteRequest has three data centers: New
York, Paris, and Tokyo. To ensure that customers can download their
purchased application as quickly as possible, the IT department has decided
to create topologies with which to load balance name resolution requests.
The New York data center is chosen as the designated data center for any
name resolution requests originating in the western hemisphere. To ensure
that these requests go only to the New York data center, the IT department
first creates a custom region, called Western Hemisphere, that contains the
continents North America and South America. With this custom region
created, the next step is to create a topology record for the Global Traffic
Manager. A topology record is a statement that tells the Global Traffic
Manager how to handle name resolution requests based on topologies. In
this case, the IT department creates the record as follows:
• Request Source: Region is Western Hemisphere
• Destination Source: Data Center is New York
• Weight: 10
Implementing topologies
When you want to load balance connection requests using one or more
topologies, you must complete two tasks:
• Configure the given wide IP or pool to use topology as a load balancing
method.
• Access the Topology screen to create your topology statements.
See Setting up and removing topology records, on page 9-3 for more
information.
9-2
Working with Topologies
You can select one of two operators for both a request source and a
destination statement. The is operator indicates that the name resolution
request matches the statement. The is not operator indicates that the name
resolution request does not match the statement.
The last element of a topology record, called the topology score or weight,
allows the Global Traffic Manager to evaluate the best resolution option for
a DNS request. In the event that a name resolution request matches more
than one topology record, the Global Traffic Manager uses the record with
the highest weight attribute to determine which statement it uses to load
balance the request.
Note
9-4
Working with Topologies
9-6
Working with Topologies
Once you select a region member type, you then fill in the details about that
region member and add it to the region member list. The region member
options change based on the region member type that you select. When you
have finished adding region members to your new region, the new region
becomes an option in the Create Topology screen.
To create a region
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Topology.
The main topology screen opens.
2. On the menu bar, click Regions.
The main region screen opens.
3. Click the Create button.
The Create Region screen opens.
4. In the Name box, type a name for the new region.
5. Using the Member List settings, define the appropriate region
members.
6. Click the Create button to create the new region.
The ACL Threshold creates an exclusion list based on the topology record
score of a given name resolution request. If the topology record score is
lower than that the value entered into this option, the name resolution
request does not have access to the listed virtual servers. This option is set to
0 by default, which disables it.
The Longest Match option instructs the Global Traffic Manager to use the
topology statement that most completely matches the source IP address of
the name resolution request. For example, two topology statements exist:
one that matches a source IP address of 10.0.0.0 and one that matches
10.15.0.0. A name resolution request arrives with a source IP address of
10.15.65.8. With the Longest Match setting enabled, the Global Traffic
Manager will use the topology statement with 10.15.0.0 because it has the
longest, and therefore most complete, match. If this option was disabled, the
Global Traffic Manager could use either topology statement, depending on
factors such as the weight of the statement or the order in which the
statements are listed. This option is enabled by default.
9-8
10
Configuring Monitors
• Introducing monitors
• Managing monitors
Configuring Monitors
Introducing monitors
An important feature of the Global Traffic Manager is load-balancing tools
called monitors. Monitors verify connections on pools and virtual servers. A
monitor can be either a health monitor or a performance monitor. Monitors
are designed to check the status of a pool, or virtual server on an ongoing
basis, at a set interval. If a pool or virtual server being checked does not
respond within a specified timeout period, or the status of a pool or virtual
server indicates that performance is degraded, then the Global Traffic
Manager can redirect the traffic to another resource.
Some monitors are included as part of the Global Traffic Manager, while
other monitors are user-created. Monitors that the Global Traffic Manager
provides are called pre-configured monitors. User-created monitors are
called custom monitors. For more information on pre-configured and
custom monitors, see Understanding pre-configured and custom monitors,
on page 10-4.
Before configuring and using monitors, it is helpful to understand some
basic concepts regarding monitor types, monitor settings, and monitor
implementation.
Monitor types
Every monitor, whether pre-configured or custom, belongs to a certain
category, or monitor type. Each monitor type checks the status of a
particular protocol, service, or application. For example, an HTTP type
of monitor allows you to monitor the availability of the HTTP service on
a pool, pool member, or virtual server. An ICMP type of monitor simply
determines whether the status of a resource is up or down. For more
information on monitor types, see Summary of monitor types, on page
10-2, and Configuring monitor settings, on page 10-8.
Monitor settings
Every monitor consists of settings with values. The settings and their
values differ depending on the type of monitor. In some cases, the Global
Traffic Manager assigns default values. For example, the following are
the default values for the ICMP-type monitor:
• Interval: 30 seconds
• Timeout: 120 seconds
• Transparent: No
These settings specify that an ICMP type of monitor is configured to
check the status of an IP address every 30 seconds, and to time out every
120 seconds. For more information on monitor settings, see Overview of
monitor settings, on page 10-4, and Configuring monitor settings, on
page 10-8.
Monitor implementation
The task of implementing a monitor varies depending on whether you are
using a pre-configured monitor or creating a custom monitor. If you want
to implement a pre-configured monitor, you need only associate the
monitor with a pool or virtual server. If you want to implement a custom
monitor, you must first create the custom monitor, and then associate it
with a pool or virtual server. For more information on implementing a
monitor, see Understanding pre-configured and custom monitors, on
page 10-4, Creating a custom monitor, on page 10-7, and Configuring
monitor settings, on page 10-8.
Simple ICMP Checks the status of a resource, using Internet Control Message
Protocol (ICMP).
Simple TCP Echo Checks the status of a resource, using Transmission Control
Protocol (TCP).
ECV HTTPS Verifies the Hypertext Transfer Protocol Secure (HTTPS) service by
attempting to receive specific content from a web page protected by
Secure Socket Layer (SSL) security.
EAV BIG IP Link Acquires data captured through monitors managed by a BIG-IP
Link Controller.
10 - 2
Configuring Monitors
EAV External Allows users to monitor services using their own programs.
EAV FTP Verifies the File Transfer Protocol (FTP) service by attempting to
download a specific file to the /var/tmp directory on the system.
Once downloaded successfully, the file is not saved.
EAV LDAP Verifies the Lightweight Directory Access Protocol (LDAP) service
by attempting to authenticate the specified user.
EAV MSSQL ®
Verifies Microsoft Windows SQL-based services.
EAV NNTP Verifies the Usenet News protocol (NNTP) service by attempting to
retrieve a newsgroup identification string from the server.
EAV Oracle ®
Verifies services based on Oracle by attempting to perform an
Oracle login to a service.
EAV POP3 Verifies the Post Office Protocol (pop3) service by attempting to
connect to a pool, pool member, or virtual server, log on as the
specified user, and log off.
EAV RADIUS Verifies the Remote Access Dial-in User Service (RADIUS) service
by attempting to authenticate the specified user.
EAV Real Server Checks the performance of a pool, pool member, or virtual server
that is running the RealServer data collection agent, and then
dynamically load balances traffic accordingly.
EAV SIP Checks the status of Session Initiation Protocol (SIP) Call-ID
services on a device. The SIP protocol enables real-time
messaging, voice, data, and video.
EAV SMTP Checks the status of a pool, pool member, or virtual server by
issuing standard Simple Mail Transport Protocol (SMTP)
commands.
EAV SNMP DCA Checks the current CPU, memory, and disk usage of a pool, pool
member, or virtual server that is running an SNMP data collection
agent, and then dynamically load balances traffic accordingly.
EAV SOAP Tests a Web service based on the Simple Object Access Protocol
(SOAP).
EAV UDP Verifies the User Datagram Protocol (UDP) service by attempting to
send UDP packets to a pool, pool member, or virtual server and
receiving a reply.
EAV WMI Checks the performance of a pool, pool member, or virtual server
that is running the Windows Management Infrastructure (WMI) data
collection agent and then dynamically load balances traffic
accordingly.
10 - 4
Configuring Monitors
• snmp
• tcp
• tcp_echo
10 - 6
Configuring Monitors
Note
Before creating a custom monitor, you must decide on a monitor type. For
information on monitor types, see Configuring monitor settings, on page
10-8.
Simple monitors
Simple monitors are those that check the status of a resource. The simple
monitor types are:
• ICMP
• Gateway ICMP
• TCP Echo
• TCP Half Open
The GTM system provides a set of pre-configured simple monitors: icmp,
gateway_icmp, tcp_echo, and tcp_half_open. You can either use these
pre-configured monitors as is, or create custom monitors of these types.
The following sections describe each type of simple monitor and show the
pre-configured monitor for each type. Note that each pre-configured monitor
consists of settings and their values.
ICMP
Using an ICMP type of monitor, you can use Internet Control Message
Protocol (ICMP) to make a simple resource check. The check is successful
if the monitor receives a response to an ICMP_ECHO datagram. The
following list shows the settings and their values for the pre-configured
monitor icmp:
• Name: ICMP
• Type: ICMP
10 - 8
Configuring Monitors
• Interval: 30 seconds
• Timeout: 120 seconds
• Transparent: No
• Alias Address: * All Addresses
The Transparent mode is an option for ICMP-type monitors. When you set
this mode to Yes, the monitor pings the resource with which the monitor is
associated. For more information about Transparent mode, refer to Using
transparent and reverse modes, on page 10-34.
Gateway ICMP
A Gateway ICMP type of monitor has a special purpose. You use this
monitor for a pool that implements gateway failsafe for high availability.
A Gateway ICMP monitor functions the same way as an ICMP monitor,
except that you can apply a Gateway ICMP monitor to a pool. (Remember
that you can apply an ICMP monitor to a resource only and not to a pool
member.) The following list shows the settings and their values for the
pre-configured gateway_icmp monitor.
• Name: Gateway ICMP
• Type: Gateway ICMP
• Interval: 30 seconds
• Timeout: 120 seconds
• Transparent: No
• Alias Address: * All Addresses
• Alias Service Port: * All Ports
TCP Echo
With a TCP Echo type of monitor, you can verify Transmission Control
Protocol (TCP) connections. The check is successful if the Global Traffic
Manager receives a response to a TCP Echo message. The TCP Echo type
also supports Transparent mode. In this mode, the resource with which the
monitor is associated is pinged through to the destination resource. (For
more information about Transparent mode, see Using transparent and
reverse modes, on page 10-34.)
To use a TCP Echo monitor type, you must ensure that TCP Echo is enabled
on the resources being monitored. The following list shows the settings for
the pre-configured monitor tcp_echo:
• Name: TCP Echo
• Type: TCP Echo
• Interval 30 seconds
• Timeout 120 seconds
• Alias Address: * All Addresses
You can either use the pre-configured ECV monitors as is, or create custom
monitors from these monitor types.
The following sections describe each type of ECV monitor and show the
pre-configured monitor for each type. Note that each pre-configured monitor
consists of settings and their values. The boldfaced type within each
pre-configured monitor serves to distinguish the settings from their
corresponding values.
TCP
A TCP type of monitor attempts to receive specific content sent over TCP.
The check is successful when the content matches the Receive String value.
A TCP type of monitor takes a Send String value and a Receive String
value. If the Send String value is blank and a connection can be made, the
service is considered up. A blank Receive String value matches any
response. Both Transparent and Reverse modes are options. For more
information about Transparent and Reverse modes, see Using transparent
and reverse modes, on page 10-34.
10 - 10
Configuring Monitors
The following list shows the settings for the pre-configured monitor tcp:
• Name: tcp
• Type: TCP
• Interval: 30 seconds
• Timeout: 120 seconds
• Send String: "" (empty)
• Receive String: "" (empty)
• Reverse: No
• Transparent: No
• Alias Address: * All Addresses
• Alias Service Port: * All Ports
HTTP
You can use an HTTP type of monitor to check the status of Hypertext
Transfer Protocol (HTTP) traffic. Like a TCP monitor, an HTTP monitor
attempts to receive specific content from a web page, and unlike a TCP
monitor, may send a user name and password. The check is successful when
the content matches the Receive String value. An HTTP monitor uses a
send string, a receive string, a user name, a password, and optional Reverse
and Transparent modes. (If there is no password security, you must use
blank strings [""] for the Username and Password settings.)
For more information on transparent and reverse modes, see Using
transparent and reverse modes, on page 10-34.
The following list shows the settings of the pre-configured monitor http:
• Name: http
• Type: HTTP
• Interval: 30 seconds
• Timeout: 120 seconds
• Send String: Get /
• Receive String: "" (empty)
• User Name: "" (empty)
• Password: "" (empty)
• Reverse: No
• Transparent: No
• Alias Address: * All Addresses
• Alias Service Port: * All Ports
HTTPS
You use an HTTPS type of monitor to check the status of Hypertext
Transfer Protocol Secure (HTTPS) traffic. An HTTPS type of monitor
attempts to receive specific content from a web page protected by SSL
security. The check is successful when the content matches the Receive
String value.
HTTPS-type monitors use a send string, a receive string, a user name, a
password, and an optional Reverse setting. (If there is no password security,
you must use blank strings [""] for the Username and Password settings.)
For more information on the Reverse setting, see Using transparent and
reverse modes, on page 10-34.
HTTP-type monitors also include the settings Cipher List, Compatibility,
and Client Certificate. If you do not specify a cipher list, the monitor uses
the default cipher list DEFAULT:+SHA:+3DES:+kEDH. When you set
the Compatibility setting to Enabled, this sets the SSL options to ALL.
You use the Client Certificate setting to specify a certificate file that the
monitor then presents to the server.
The following list shows the settings of the pre-configured monitor https:
• Name: https
• Type: HTTPS
• Interval: 30 seconds
• Timeout: 120 seconds
• Send String: Get /
• Receive String: "" (empty)
• Cipher List: "" (empty)
• User Name: "" (empty)
• Password: "" (empty)
• Compatibility: Enabled
• Client Certificate: "" (empty)
• Reverse: No
• Alias Address: * All Addresses
• Alias Service Port: * All Ports
The Reverse setting is an option for monitors that import settings from the
https monitor. In most monitor settings, the Global Traffic Manager
considers the resource available when the monitor successfully probes it.
However, in some cases you may want the resource to be considered
unavailable after a successful monitor test. You accomplish this
configuration with the Reverse setting. For more information on Reverse
mode, see Using transparent and reverse modes, on page 10-34.
10 - 12
Configuring Monitors
BIG IP
If you employ the Global Traffic Manager in a network that contains a Local
Traffic Manager, you must assign a BIG IP monitor to the Local Traffic
Manager. In fact, this monitor is automatically assigned to the Local Traffic
Manager if you do not do so manually.
The BIG IP monitor gathers metrics and statics information that the Local
Traffic Manager acquires through the monitoring of its own resources. In
general, it is sufficient to assign only the BIG IP monitor to a Local Traffic
Manager. In situations where you want to verify the availability of a specific
resource managed by the Local Traffic Manager, we recommend that you
first assign the appropriate monitor to the resource through the Local Traffic
Manager, and then assign a BIG IP monitor to the Local Traffic Manager
through the Global Traffic Manager. This configuration provides the most
efficient means of tracking resources managed by a BIG-IP system.
The following list shows the settings and default values of a BIG IP-type
monitor:
• Name: my_bigip
• Type: BIG IP
• Interval: 30 seconds
• Timeout: 90 seconds
• Probe Interval: 1 second
• Probe Timeout: 1 second
• Probe Attempts: 1
• Minimum Required Successful Attempts: 1
• Alias Address: * All Addresses
• Alias Service Port: * All Ports
Note
If the Global Traffic Manager and the Local Traffic Manager are on the
same machine, you must still assign a BIG IP monitor to the server that you
added to your configuration that represents the Global Traffic
Manager/Local Traffic Manager system. See Chapter 5, Defining the
Physical Network for more information.
BIG IP Link
If you employ the Global Traffic Manager in a network that contains a Link
Controller, you must assign a BIG IP Link monitor to the Link Controller. In
fact, this monitor is automatically assigned to the Link Controller if you do
not do so manually.
The BIG IP Link monitor gathers metrics and statics information that the
Link Controller acquires through the monitoring of its own resources.
The following list shows the settings and default values of a BIG IP
Link-type monitor:
• Name: my_bigip_link
• Type: BIG IP Link
• Interval: 10 seconds
• Timeout: 30 seconds
10 - 14
Configuring Monitors
Note
If the Global Traffic Manager and the Link Controller are on the same
machine, you must still assign a BIG IP Link monitor to the server that you
added to your configuration that represents the Global Traffic
Manager/Link Controller system. See Chapter 5, Defining the Physical
Network for more information.
External
Using an External type of monitor, you can create your own monitor type.
To do this, you create a custom External-type monitor and within it, specify
a user-supplied monitor to run.
The External Program setting specifies the name of your user-supplied
monitor program. By default, an External-type monitor searches the
directory /user/bin/monitors for that monitor name. If the user-supplied
monitor resides elsewhere, you must enter a fully qualified path name.
The Arguments setting allows you to specify any command-line arguments
that are required.
The following list shows the settings and default values of an External-type
monitor:
• Name: my_external
• Type: External
• Interval: 30 seconds
• Timeout: 120 seconds
• External Program: "" (empty)
• Arguments: "" (empty)
• Variables: "" (empty)
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
FTP
Using an FTP type of monitor, you can monitor File Transfer Protocol
(FTP) traffic. A monitor of this type attempts to download a specified file to
the /var/tmp directory, and if the file is retrieved, the check is successful.
Note
Once the file has been successfully downloaded, the GTM system does not
save it.
An FTP monitor specifies a user name, a password, and a full path to the file
to be downloaded.
The following list shows the settings and default values of an FTP-type
monitor:
• Name: my_ftp
• Type: FTP
• Interval: 10 seconds
• Timeout: 31 seconds
• User Name: "" (empty)
• Password: "" (empty)
• Path/Filename: "" (empty)
• Mode: Passive
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
IMAP
With an IMAP type of monitor, you can check the status of Internet
Message Access Protocol (IMAP) traffic. An IMAP monitor is essentially a
POP3 type of monitor with the addition of the Folder setting. The check is
successful if the monitor is able to log into a server and open the specified
mail folder.
An IMAP monitor requires that you specify a user name and password. The
following list shows the settings and default values of an IMAP-type
monitor:
• Name: my_imap
• Type: IMAP
• Interval: 10 seconds
• Timeout: 31 seconds
• User Name: "" (empty)
• Password: "" (empty)
• Folder: INBOX
10 - 16
Configuring Monitors
Note
LDAP
An LDAP type of monitor checks the status of Lightweight Directory
Access Protocol (LDAP) servers. The LDAP protocol implements standard
X.500 for email directory consolidation. A check is successful if entries are
returned for the base and filter specified. An LDAP monitor requires a user
name, a password, and base and filter strings. The following list shows the
settings and default values of an LDAP-type monitor:
• Name: my_ldap
• Type: LDAP
• Interval: 10 seconds
• Timeout: 31 seconds
• User Name: "" (empty)
• Password: "" (empty)
• Base: "" (empty)
• Filter: "" (empty)
• Security: None
• Mandatory Attributes: No
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
MSSQL
You use an MSSQL type of monitor to perform service checks on Microsoft
SQL Server-based services such as Microsoft SQL Server versions 6.5 and
7.0.
The Global Traffic Manager requires installation of a JDBC driver before
performing the actual login. For more information, see the Configuration
Guide for Local Traffic Management.
If you receive a message that the connection was refused, verify that the IP
address and port number or service are correct. If you are still having login
trouble, see Troubleshooting MSSQL logins, on page 10-19.
The remainder of this section on MSSQL monitors describes prerequisite
tasks, the default monitor settings, and troubleshooting tips.
10 - 18
Configuring Monitors
The Send String setting is optional and specifies a SQL query statement
that the Global Traffic manager should send to the server. Examples are
SELECT * FROM sales and SELECT FirstName, LastName From
Employees. If you configure the Send String setting, you can also configure
the following settings:
Receive String
The Receive String setting is an optional parameter that specifies the
value expected to be returned for the row and column specified with the
Receive Row and Receive Column settings. An example of a Receive
String value is ALAN SMITH. You can only configure this setting
when you configure the Send String setting.
Receive Row
The Receive Row setting is optional, and is useful only if the Receive
String setting is specified. This setting specifies the row in the returned
table that contains the Receive String value. You can only configure this
setting when you configure the Send String setting.
Receive Column
The Receive Column setting is optional and is useful only if the Receive
String setting is specified. This setting specifies the column in the
returned table that contains the Receive String value. You can only
configure this setting when you configure the Send String setting.
You can register servers by entering the machine name, user name, and
password. If these names are correct, the server becomes registered and
you are then able to click an icon for the server. When you expand the
subtree for the server, there is an icon for login accounts.
Beneath this subtree, you can find the SQL logins. Here, you can change
passwords or add new logins by right-clicking the Logins icon. Click this
icon to access the Add login option. After you open this option, type the
user name and password for the new login, as well as which databases
the login is allowed to access. You must grant the test account access to
the database you specify in the EAV configuration.
NNTP
You use an NNTP type of monitor to check the status of Usenet News
traffic. The check is successful if the monitor retrieves a newsgroup
identification line from the server. An NNTP monitor requires a newsgroup
name (for example, alt.cars.mercedes) and, if necessary, a user name and
password.
The following list shows the settings and default values of an NNTP-type
monitor:
• Name: my_nntp
• Type: NNTP
• Interval: 30 seconds
• Timeout: 120 seconds
• User Name: "" (empty)
• Password: "" (empty)
• Newsgroup: "" (empty)
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
Oracle
With an Oracle type of monitor, you can check the status of an Oracle
database server. The check is successful if the monitor is able to connect to
the server, log in as the indicated user, and log out.
The following list shows the settings and default values of an Oracle-type
monitor:
• Name: my_oracle
• Type: Oracle
• Interval: 30 seconds
• Timeout: 91 seconds
• Send String: "" (empty)
• Receive String: "" (empty)
• User Name: "" (empty)
• Password: "" (empty)
• Database: "" (empty)
• Receive Row: "" (empty)
• Receive Column: "" (empty)
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
10 - 20
Configuring Monitors
The Send String setting specifies a SQL statement that the GTM system
should send to the Oracle server. An example is SELECT * FROM sales.
The Receive String setting is an optional parameter that specifies the value
expected to be returned for a specific row and column of the table that the
Send String setting retrieved. An example of a Receive String value is
SMITH.
In an Oracle type of monitor, the Database setting specifies the name of the
data source on the Oracle server. Examples are sales and hr.
The Receive Row setting is optional, and is useful only if the Receive
String setting is specified. This setting specifies the row in the returned
table that contains the Receive String value.
The Receive Column setting is optional and is useful only if the Receive
String setting is specified. This setting specifies the column in the returned
table that contains the Receive String value.
POP3
A POP3 type of monitor checks the status of Post Office Protocol (POP)
traffic. The check is successful if the monitor is able to connect to the server,
log in as the indicated user, and log out. A POP3 monitor requires a user
name and password.
The following list shows the settings and default values of a POP3-type
monitor:
• Name: my_pop3
• Type: POP3
• Interval: 30 seconds
• Timeout: 120 seconds
• User Name: "" (empty)
• Password: "" (empty)
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
RADIUS
Using a RADIUS type of monitor, you can check the status of Remote
Access Dial-in User Service (RADIUS) servers. The check is successful if
the server authenticates the requesting user. A RADIUS monitor requires a
user name, a password, and a shared secret string for the code number.
Note
The following list shows the settings and default values of a RADIUS-type
monitor:
• Name: my_radius
• Type: RADIUS
• Interval:10 seconds
• Timeout: 31 seconds
• User Name: "" (empty)
• Password: "" (empty)
• Secret: "" (empty)
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
Real Server
A Real Server type of monitor checks the performance of a pool or virtual
server that is running the RealSystem Server data collection agent. The
monitor then dynamically load balances traffic accordingly. Performance
monitors are generally used with dynamic ratio load balancing. For more
information on performance monitors and dynamic ratio load balancing, see
Chapter 7, Load Balancing with the Global Traffic Manager.
Note
10 - 22
Configuring Monitors
Note
When creating a custom Real Server monitor, you cannot modify the values
of the Method, Command, and Agent settings.
Table 10.2 shows the complete set of server-specific metrics and metric
setting default values that apply to the GetServerStats command.
CPUPercentUsage 1.0 80
The metric coefficient is a factor determining how heavily the metric’s value
counts in the overall ratio weight calculation. The metric threshold is the
highest value allowed for the metric if the metric is to have any weight at all.
To understand how to use these values, it is necessary to understand how the
overall ratio weight is calculated. The overall ratio weight is the sum of
relative weights calculated for each metric. The relative weights, in turn, are
based on three factors:
• The value for the metric returned by the monitor
• The coefficient value
• The threshold value
You can see that the higher the coefficient, the greater the relative weight
calculated for the metric. Similarly, the higher the threshold, the greater the
relative weight calculated for any metric value that is less than the threshold.
(When the value reaches the threshold, the weight goes to zero.)
Note that the default coefficient and default threshold values shown in Table
10.2 are metric defaults, not monitor defaults. The monitor defaults take
precedence over the metric defaults, just as user-specified values in the
custom real_server monitor take precedence over the monitor defaults. For
example, the monitor shown specifies a coefficient value of 1.5 for
ServerBandwidth and no value for the other metrics. This means that the
monitor uses the monitor default of 1.5 for the ServerBandwidth
coefficient and the metric default of 1 for the coefficients of all other
metrics. However, if a custom monitor my_real_server were configured
specifying 2.0 as the ServerBandwidth coefficient, this user-specified
value would override the monitor default.
Metric coefficient and threshold are the only non-monitor defaults. If a
metric not in the monitor is to be added to the custom monitor, it must be
added to the list of metrics for the Metrics setting. The syntax for specifying
non-default coefficient or threshold values is:
<metric>:<coefficient |<*>:<threshold>
Scripted
You use the Scripted type of monitor to generate a simple script that reads a
file that you create. The file contains send and expect strings to specify lines
that you want to send or that you expect to receive. For example, Figure
10.1 shows a sample file that you could create, which specifies a simple
SMTP sequence. Note that the lines of the file are always read in the
sequence specified.
expect 220
send “HELLO bigip1.siterequest.com\r\n”
expect “250”
send “quit\r\n
Using a Scripted monitor, you can then generate a script that acts on the
above file. When the Scripted monitor script reads this file, the script
examines each line, and if the line has no quotation marks, the line is sent or
expected as is. If the line is surrounded by quotation marks, the script strips
off the quotation marks, and examines the line for escape characters, treating
them accordingly.
The following list shows the settings and default values of a Scripted-type
monitor:
• Name: scripted
• Type: Scripted
• Interval: 10 seconds
10 - 24
Configuring Monitors
• Timeout: 31 seconds
• File name: "" (empty)
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
Note
When you create a file containing send and expect strings, store the file in
the directory /config/eav.
SIP
You use a SIP type of monitor to check the status of SIP Call-ID services.
This monitor type uses UDP to issue a request to a server device. The
request is designed to identify the options that the server device supports. If
the proper request is returned, the device is considered to be up and
responding to commands.
The following list shows the settings and default values of a SIP-type
monitor:
• Name: my_sip
• Type: SIP
• Interval: 30 seconds
• Timeout: 120 seconds
• Mode: UDP
• Additional Accepted Status Codes: None
• Status Code List: "" (empty)
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
Possible values for the Mode setting are TCP and UDP.
Possible values for the Additional Accepted Status Codes setting are Any,
None, and Status Code List. The Status Code List setting specifies one or
more status codes, in addition to status code 200, that are acceptable in order
to indicate an up status. Multiple status codes should be separated by
spaces. Specifying an asterisk (*) indicates that all status codes are
acceptable.
SMTP
An SMTP type of monitor checks the status of Simple Mail Transport
Protocol (SMTP) servers. This monitor type is an extremely basic monitor
that checks only that the server is up and responding to commands. The
check is successful if the mail server responds to the standard SMTP HELO
and QUIT commands. An SMTP-type monitor requires a domain name.
The following list shows the settings and default values of an SMTP-type
monitor:
• Name: my_smtp
• Type: SIP
• Interval: 30 seconds
• Timeout: 120 seconds
• Domain: "" (empty)
• Alias Addresses: * All Addresses
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
SNMP
With an SNMP type of monitor, you can check the performance of a server
running an SNMP agent such as UC Davis, for the purpose of load
balancing traffic to that server. This monitor conducts an SNMP query for a
specific number of times, counting the number of times the query is
successful. If the number of successful queries matches the number that you
set when configuring the monitor, the Global Traffic Manager considers the
resource available.
Performance monitors are generally used with dynamic ratio load balancing.
For more information on performance monitors and dynamic ratio load
balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.
Note
10 - 26
Configuring Monitors
SNMP Link
You use an SNMP Link type of monitor to check the performance of links
that are running an SNMP agent.
The GTM system provides a pre-configured SNMP monitor named
snmp_link. The following list shows the settings and values of the
snmp_link pre-configured monitor:
• Name: snmp_link
• Type: SNMP Link
• Interval: 10 seconds
• Timeout: 30 seconds
• Probe Interval: 1 second
• Probe Timeout; 1 second
• Probe Attempts: 1
• Minimum Required Successful Attempts: 1
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
Performance monitors are generally used with dynamic ratio load balancing.
For more information on performance monitors and dynamic ratio load
balancing, see Chapter 7, Load Balancing with the Global Traffic Manager.
Note
SOAP
A SOAP monitor tests a Web service based on the Simple Object Access
protocol (SOAP). More specifically, the monitor submits a request to a
SOAP-based Web service, and optionally, verifies a return value or fault.
The following list shows the settings and default values of a SOAP-type
monitor:
• Name: my_soap
• Type: SOAP
• Interval: 30 seconds
• Timeout: 120 seconds
• User Name: "" (empty)
• Password: "" (empty)
• Protocol: HTTP
• URL Path: "" (empty)
• Namespace: "" (empty)
• Method: "" (empty)
• Parameter Name: "" (empty)
• Parameter Type: bool
• Parameter Value: "" (empty)
• Return Type: bool
• Expect Fault: No
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
Possible values for the Protocol setting are HTTP and HTTPS.
Possible values for the Parameter Type setting are: bool, int, long, and
string.
Possible values for the Return Type setting are: bool, int, short, long,
float, double, and string.
Possible values for the Expect Fault setting are No and Yes.
UDP
You use a UDP type of monitor when the system is sending User Datagram
Protocol (UDP) packets. Designed to check the status of a UDP service, a
UDP-type monitor sends one or more UDP packets to a target pool, pool
member, or virtual server.
The following list shows the settings and default values of a UDP-type
monitor.
• Name: my_udp
• Type: UDP
10 - 28
Configuring Monitors
• Interval: 30 seconds
• Timeout: 120 seconds
• Send String: default send string
• Send Packets: 2
• Timeout Packets: 2
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
As shown in this list, the value in seconds of the Timeout Packets setting
should be lower than the value of the Interval setting.
When using a UDP-type monitor to monitor a pool or virtual server, you
must also enable another monitor type, such as ICMP, to monitor the pool
or virtual server. Until both a UDP-type monitor and another type of
monitor to report the status of the UDP service as up, the UDP service
receives no traffic. See Table 10.3 for details.
If a UDP monitor reports And another monitor Then the UDP service
status as reports status as is
up up up
up down down
down up down
WAP
You use a WAP monitor to monitor Wireless Application Protocol (WAP)
servers. The common usage for the WAP monitor is to specify the Send
String and Receive String settings only. The WAP monitor functions by
requesting a URL (the Send String setting) and finding the string in the
Receive String setting somewhere in the data returned by the URL
response. The following list shows the settings and default values of a
WAP-type monitor:
• Name: my_wap
• Type: WAP
• Interval: 10 seconds
• Timeout: 31 seconds
• Send String: "" (empty)
• Receive String: "" (empty)
• Secret: "" (empty)
The Secret setting is the RADIUS secret, a string known to both the client
and the RADIUS server, and is used in computing the MD5 hash.
The Accounting Node setting specifies the RADIUS resource. If this a null
string and RADIUS accounting has been requested (accounting port is
non-zero), then the WAP server resource is assumed to also be the RADIUS
resource.
If set to non-zero, the Accounting Port setting requests RADIUS
accounting and uses the specified port.
The Server ID setting specifies the RADIUS NAS-ID of the requesting
server (that is, the BIG-IP system). It is a string used as an alias for the
FQDN. See the section on testing WAP_monitor just below.
The Call ID setting is an identifier similar to a telephone number, that is, a
string of numeric characters. For testing purposes, this value is usually a
string of eleven characters.
The Session ID setting is a RADIUS session ID, used to identify this
session. This is an arbitrary numeric character string, often something like
01234567.
The Framed Address setting is a RADIUS framed IP address. The setting
has no special use and is usually specified simply as 1.1.1.1.
RADIUS accounting is optional. To implement RADIUS accounting, you
must set the accounting port to a non-zero value. If you set the Accounting
Port setting to a non-zero value, then the monitor assumes that RADIUS
accounting is needed, and an accounting request is sent to the specified
accounting node and port to start accounting. This is done before the URL is
requested. After the successful retrieval of the URL with the correct data, an
accounting request is sent to stop accounting.
WMI
A WMI type of monitor checks the performance of a pool or virtual server
that is running the Windows Management Infrastructure (WMI) data
collection agent and then dynamically load balances traffic accordingly.
10 - 30
Configuring Monitors
Note
The following list shows the settings and default values of a WMI-type
monitor:
• Name: my_wmi
• Type: WMI
• Interval: 30 seconds
• Timeout: 120 seconds
• User Name: "" (empty)
• Password: "" (empty)
• Method: POST
• URL: /scripts/F5lsapi.dll
• Command: GetCPUInfo, GetDiskInfo, GetOSInfo
• Metrics: LoadPercentage, DiskUsage, PhsyicalMemoryUsage
• Agent: Mozilla/4.0 (compatible: MSIE 5.0; Windows NT)
• Post: RespFormat=HTML
• Alias Addresses: * All Addresses
• Alias Service Port: * All Ports
• Debug: No
Note that when creating a custom WMI monitor, the only default values that
you are required to change are the null values for user name and password.
Also note that you cannot change the value of the Method setting.
Table 10.4 shows the complete set of commands and metrics that you can
specify with the Command and Metrics settings. Also shown are the
default metric values.
Default Default
Command Metric Coefficient Threshold
Default Default
Command Metric Coefficient Threshold
10 - 32
Configuring Monitors
Default Default
Command Metric Coefficient Threshold
Setting destinations
By default, the value for the Alias Address setting for most monitors is set
to the wildcard * Addresses, and the Alias Service Port setting is set to the
wildcard * Ports (exceptions to this rule are the WMI and Real Server
monitors). This value causes the monitor instance created for a pool or
virtual server to take that resource’s address or address and port as its
destination. You can, however, replace either or both wildcard symbols with
an explicit destination value, by creating a custom monitor. An explicit
value for the Alias Address and/or Alias Service Port setting is used to
force the instance destination to a specific address and/or port which may
not be that of the pool or virtual server.
The ECV monitors http, https, and tcp have the settings Send String and
Receive String for the send string and receive expression, respectively.
The most common Send String value is GET /, which retrieves a default
HTML page for a web site. To retrieve a specific page from a web site, you
can enter a Send String value that is a fully qualified path name:
"GET /www/support/customer_info_form.html"
The Receive String expression is the text string the monitor looks for in the
returned resource. The most common Receive String expressions contain a
text string that is included in a particular HTML page on your site. The text
string can be regular text, HTML tags, or image names.
The sample Receive expression below searches for a standard HTML tag:
"<HEAD>"
You can also use the default null Receive String value [""]. In this case,
any content retrieved is considered a match. If both the Send String and
Receive String are left empty, only a simple connection check is performed.
For HTTP monitors, you can use the special settings get or hurl in place of
Send String and Receive String statements, respectively.
10 - 34
Configuring Monitors
Transparent setting
Sometimes it is necessary to ping the aliased destination through a
transparent pool or virtual server. When you create a custom monitor and
set the Transparent setting to Yes, the Global Traffic Manager forces
the monitor to ping through the pool or virtual server with which it is
associated (usually a firewall) to the pool or virtual server. (In other
words, if there are two firewalls in a load balancing pool, the destination
pool or virtual server is always pinged through the pool or virtual server
specified and not through the pool or virtual server selected by the load
balancing method.) In this way, the transparent pool or virtual server is
tested: if there is no response, the transparent pool or virtual server is
marked as down.
Common examples are checking a router, or checking a mail or FTP
server through a firewall. For example, you might want to check the
router address 10.10.10.53:80 through a transparent firewall
10.10.10.101:80. To do this, you create a monitor called http_trans in
which you specify 10.10.10.53:80 as the monitor destination address,
and set the Transparent setting to Yes. Then you associate the monitor
http_trans with the transparent firewall (10.10.10.101:80).
This causes the monitor to check the address 10.10.10 53:80 through
10.10.10.101:80. (In other words, the Global Traffic Manager routes the
check of 10.10.10.53:80 through 10.10.10.101:80.) If the correct
response is not received from 10.10.10.53:80, then 10.10.10.101:80 is
marked down. For more information on associating monitors with virtual
servers, see Associating monitors with resources, on page 10-37.
Reverse setting
In most monitor settings, the Global Traffic Manager considers the
resource available when the monitor successfully probes it. However, in
some cases you may want the resource to be considered unavailable after
a successful monitor test. You accomplish this configuration with the
Reverse setting. With the Reverse setting set to Yes, the monitor marks
the pool or virtual server down when the test is successful. For example,
if the content on your web site home page is dynamic and changes
frequently, you may want to set up a reverse ECV service check that
looks for the string: Error. A match for this string means that the web
server was down.
Figure 10.5 shows the monitors that contain the Transparent setting, the
Reverse setting, or both.
Reverse
ICMP Transparent
10 - 36
Configuring Monitors
Managing monitors
The procedures for adding and removing monitors is specific to the
resource. See Chapter 5, Defining the Physical Network, and Chapter 6,
Defining the Logical Network for information on adding and removing
monitors from a resource.
In addition to adding and removing monitors from network resources, you
can interact with monitors in the following ways:
• Displaying monitor settings
• Deleting monitors
• Enabling and disabling monitor instances
To display a monitor
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Monitors.
The main monitors screen opens.
2. Click a monitor name.
The properties screen of the monitor opens.
Deleting monitors
In the event that your configuration of the Global Traffic Manager no longer
requires a specific monitor, you can delete the monitor. You cannot delete a
monitor that has one or more instances assigned to resources on your
network. See Chapter 5, Defining the Physical Network, and Chapter 6,
Defining the Logical Network for information on adding and removing
monitors from a resource.
To delete a monitor
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Monitors.
The main monitors screen opens.
2. Check the Select box for the monitor that you want to delete.
3. Click the Delete button.
A confirmation message opens.
4. Click the Delete button to delete the monitor.
10 - 38
Configuring Monitors
10 - 40
11
Synchronizing Global Traffic Managers
• Introducing synchronization
• Activating synchronization
Introducing synchronization
The primary goal of the Global Traffic Manager is to ensure that name
resolution requests are sent to the best available resource on the network.
Consequently, it is typical for multiple Global Traffic Managers to reside in
several locations within a network. For example, a standard installation
might include a Global Traffic Manager at each data center within an
organization.
When a Local Domain Name Server (LDNS) submits a name resolution
request, you cannot control to which Global Traffic Manager the request is
sent. As a result, you will often want multiple Global Traffic Managers to
share the same configuration values, and maintain those configurations over
time. This process is called synchronization.
In network configurations that contain more than one Global Traffic
Manager, synchronization means that each Global Traffic Manager
regularly compares the timestamps of its configuration files with each other.
If, at any time, a system discovers that its configuration files are too old, it
will automatically transfer the newest configuration files to itself. With
synchronization, you can change settings on one system and have that
change distributed to all other systems.
You can separate the Global Traffic Managers on your network into separate
groups, called synchronization groups. A synchronization group is a
collection of multiple Global Traffic Managers that share and synchronize
configuration settings. These groups are identified by a synchronization
group name, and only systems that share this name will share configuration
settings. These synchronization groups allow you to customize the
synchronization behavior. For example, the Global Traffic Managers
residing in data centers in Europe might belong to one synchronization
group, while the systems in North America belong to another group.
The following sections provide additional information on synchronization
and the Global Traffic Manager, and specifically covers the following
topics:
• Activating synchronization
• Controlling file synchronization
• Synchronizing DNS zone files
• Creating synchronization groups
Activating synchronization
Activating synchronization for the Global Traffic Manager has an
immediate affect on its configurations, provided that another Global Traffic
Manager is already available on the network. We recommend that you
activate synchronization after you have finished configuring one of the
systems.
To activate synchronization
1. On the Main tab of the navigation pane, expand System and then
click General Properties.
The general properties screen opens.
2. From the Global Traffic menu, choose General.
The general global properties screen opens.
3. Check the Synchronization check box.
4. Click the Update button to save your changes.
11 - 2
Synchronizing Global Traffic Managers
11 - 4
Synchronizing Global Traffic Managers
Note
When you change the synchronization group name for a group, you must
manually change it for each system within the synchronization group, as this
value does not synchronize. In addition, synchronization will stop for any
systems with names that do not match.
11 - 6
12
Discovering Resources through
Auto-Discovery
• Introducing auto-discovery
• Enabling auto-discovery
• Discovering links
Discovering Resources through Auto-Discovery
Introducing auto-discovery
A large network might consist of hundreds of virtual servers. Keeping track
of these virtual servers can be a time-consuming process itself. The Global
Traffic Manager includes a means of simplifying the addition of new virtual
servers into a network: auto-discovery. Auto-discovery is a process through
which the Global Traffic Manager identifies a resource automatically so you
can manage it.
The Global Traffic Manager can discover two types of resources: virtual
servers and links. Each resource is discovered on a per-server basis, so you
can employ auto-discovery only on the servers you specify.
The auto-discovery feature of the Global Traffic Manager has four modes
that control how the system identifies resources. These modes are:
• Disabled. In this mode, the Global Traffic Manager does not attempt to
discover any resources.
• Enabled. In this mode, the Global Traffic Manager regularly checks the
server to discover any new resources. If a previously-discovered resource
cannot be found, the Global Traffic Manager deletes it from the system.
• Enabled (No Delete). In this mode, the Global Traffic Manager
constantly checks the server to discover any new resources. Unlike the
Enabled mode, the Enabled (No Delete) mode does not delete
resources, even if the system cannot currently verify their presence.
• One Time Discovery. In this mode, the Global Traffic Manager checks
once for any new resources. This mode is useful during the initial
configuration and setup of the Global Traffic Manager.
You interact with the auto-discovery feature in a variety of ways. You can:
• Enable auto-discovery
• Set the discovery frequency
• Discover virtual servers
• Discover links
Enabling auto-discovery
Before you can use the Global Traffic Manager to discover virtual servers or
links, you must enable auto-discovery on the system itself. If you do not
enable auto-discovery, the Global Traffic Manager does not discover new
resources, even you enable discovery on the server level. Auto-discovery is
enabled by default for the Global Traffic Manager.
To enable auto-discovery
1. On the Main tab of the navigation pane, expand System and then
click General Properties.
The general properties screen opens.
2. From the Global Traffic menu, choose General.
The general global properties screen opens.
3. Check the Auto-Discovery check box.
4. Click the Update button to save your changes.
12 - 2
Discovering Resources through Auto-Discovery
Discovering links
One of the resources you can discover with the Global Traffic Manager is
links. A link is a connection between your internal network and the Internet.
Enabling the link discovery feature instructs the system to identify any
Internet links associated with the server. Auto-discovery of virtual servers is
disabled by default when you create a new server.
12 - 4
13
Viewing Statistics
• Introducing statistics
• Accessing statistics
Introducing statistics
One of the most important aspects to managing a network is timely access to
accurate information on network performance. This information can verify
that the Global Traffic Manager is handling your name resolution requests
as efficiently as possible, as well as provide data on the overall performance
of a specific resource, such as a data center or distributed application.
The Global Traffic Manager gathers statistical data on multiple aspects of
your network. You access these statistics through the statistics screen. The
types of statistics you can select from this screen include:
• A summary of network components, as defined in the Global Traffic
Manager
• Distributed applications
• Wide IPs
• Pools
• Data centers
• Links
• Servers
• Virtual servers
• iRules
• Paths
• Local DNS
Accessing statistics
You can access Global Traffic Manager statistics in two ways:
• Through the Statistics option on the Main tab of the navigation pane
• Through the Statistics menu from various main screens for different
components
Both methods bring you to the same screen within the Global Traffic
Manager. When you access statistics through a menu on the main screen for
a given network component, the Statistics screen is pre-configured for the
given network element, although you can switch to a different set of
statistics at any time.
13 - 2
Viewing Statistics
4. From the Auto Refresh list, select the frequency at which the
Global Traffic Manager refreshes data on the screen.
If you select Disabled from this list, the system does not refresh the
screen; instead, you can click the Refresh button to update the
screen with the latest statistical data.
Each value within the Total, Available, Unavailable, Offline, and Unknown
columns is a link. When you click the link, you access the main screen for
that resource, with the list of resources filtered to show only those resources
with the corresponding status. For example, if the Available column for data
centers has a value of 5, clicking the 5 brings up a filtered main screen for
data centers that shows only the five data centers that are available.
13 - 4
Viewing Statistics
Wide IP statistics
The Global Traffic Manager captures several statistics related to the
performance of a wide IP. These statistics primarily focus on how many
resolution requests have been sent for the wide IP, and how the Global
Traffic Manager has load balanced these requests. You can access the wide
IP statistics by selecting Wide IPs from the Statistics Type list in the
Statistics screen. For information on accessing the Statistics screen, see
Accessing statistics, on page 13-2.
As an example of wide IP statistics, consider the fictional company
SiteRequest. The IT department at SiteRequest has a wide IP,
www.siterequest.com, which uses the Global Availability load balancing
mode. This mode sends all name resolution requests for this wide IP to a
specific pool until that pool is unavailable. Because the wide IP,
www.siterequest.com, is critical to SiteRequest’s operations, the IT
department wants to track traffic to the wide IP and ensure that the primary
pool is not at risk of getting overloaded. The wide IP statistics provide the
IT department the information they need to see how many requests are being
sent for the wide IP, allowing them to plan additional resource allocations
more effectively.
The wide IP statistics screen consists of a Wide IP Statistics table. This table
contains the following information:
Status
The Status column indicates the current status of the wide IP. The
available status types are: Available, Unavailable, Offline, and
Unknown. Each status type is represented by a symbol; for example, the
available status type is represented by a green circle.
Wide IP
The Wide IP column displays the name of a wide IP for which the Global
Traffic Manager is responsible. Each name appears as a link. When you
click the link, the properties screen for the wide IP opens.
Pools
The Pools column provides a link that opens a pool details screen for the
wide IP. This screen displays load balancing statistics for each pool
within the wide IP. You can return to the main wide IP statistics screen
by clicking the Back button in the Display Options area of the screen.
Requests
The Requests column displays the cumulative number of DNS requests
sent to the wide IP.
13 - 6
Viewing Statistics
Requests Persisted
The Requests Persisted column displays the cumulative number of
requests that persisted. Persisted requests use the same pool during a
connection session.
Load Balancing
The Load Balancing column provides information on how the Global
Traffic Manager load balanced connection requests to this resource. This
column consists of four subcolumns:
Pool statistics
The Pool statistics available through the Global Traffic Manager focus on
how the Global Traffic Manager has load balanced name resolution
requests. You can access the pool statistics by selecting Pools from the
Statistics Type list in the Statistics screen. For information on accessing the
Statistics screen, see Accessing statistics, on page 13-2.
As an example of pool statistics, consider the fictional company
SiteRequest. The IT department at SiteRequest has a wide IP,
www.siterequest.com, which contains pools that use the dynamic load
balancing mode, Quality of Service. This mode acquires statistical data on
response times between the Global Traffic Manager and a Local DNS server
sending a name resolution request. There has been some concern of late as
to how well this new load balancing mode is working and if the Global
Traffic Manager is able to gather the statistical information it needs to load
balance with this mode, or if it has to resort to an alternate or fallback
method. By using the pool statistics screen, the IT department can track how
many name resolution requests are load balanced using the preferred Quality
of Service method, and how many are load balanced using another method.
The pool statistics screen consists of a Pool Statistics table. This table
contains the following information:
Status
The Status column indicates the current status of the pool. The available
status types are: Available, Unavailable, Offline, and Unknown. Each
status type is represented by a symbol; for example, the available status
type is represented by a green circle.
Pool
The Pool column displays the name of a wide IP for which the Global
Traffic Manager is responsible. Each name appears as a link. When you
click the link, the properties screen for the pool opens.
Members
The Members column provides a link that opens a virtual server details
screen for the pool. This screen displays connection statistics for each
virtual server within the pool, including the number of times the virtual
server was selected for a name resolution request and the amount of
traffic flowing from and to the virtual server. You can return to the main
wide IP statistics screen by clicking the Back button in the Display
Options area of the screen.
Load Balancing
The Load Balancing column provides information on how the Global
Traffic Manager load balanced connection requests to this resource. This
column consists of four subcolumns:
13 - 8
Viewing Statistics
new marketing campaign started in the United States and the IT department
is concerned it might overload the data center. By using the data center
statistics, the IT department can track the overall amount of traffic that the
New York data center is handling, allowing them to make adjustments to
their load balancing methods in a timely manner.
The data center statistics screen consists of a Data Center Statistics table.
This table contains the following information:
Status
The Status column indicates the current status of the data center. The
available status types are: Available, Unavailable, Offline, and
Unknown. Each status type is represented by a symbol; for example, the
available status type is represented by a green circle.
Data Center
The Data Center column displays the name of a data center. Each name
appears as a link. When you click the link, the properties screen for the
data center opens.
Servers
The Servers column provides a link that opens a server details screen for
the data center. This screen displays connection statistics for each server
at a data center, including the number of times the server was selected for
a name resolution request and the amount of traffic flowing from and to
the server. You can return to the main data center statistics screen by
clicking the Back button in the Display Options area of the screen.
Connections
The Connections column displays the cumulative number of requests that
the Global Traffic Manager resolved using a resource from the
corresponding data center.
Throughput (bits/sec)
The Throughput (bits/sec) column contains two subcolumns:
• The In column displays the cumulative number of bits per second sent
to the data center.
• The Out column displays the cumulative number of bits per second
sent from the data center.
Throughput (packets/sec)
The Throughput (packets/sec) column contains two subcolumns:
• The In column displays the cumulative number of packets per second
sent to the data center.
• The Out column displays the cumulative number of packets per
second sent from the data center.
Link statistics
Link statistics focus on how much traffic is flowing in and out through a
specific link to the Internet. This information can help you prevent a link
from getting over-used, saving your organization from higher bandwidth
costs. You can access the link statistics by selecting Links from the
Statistics Type list in the Statistics screen. For information on accessing the
Statistics screen, see Accessing statistics, on page 13-2.
As an example of how the statistics for data centers can help you manage
your network resources, consider the fictional company SiteRequest.
SiteRequest has two links with two different Internet Service Providers
(ISPs). The primary ISP is paid in advance for a specific amount of
bandwidth usage. This allows SiteRequest to save money, but if the
bandwidth exceeds the prepaid amount, the costs increase considerably. As
a result, the IT department uses a second ISP, which has a slower connection
but considerably lower costs. By using the links statistics, the IT department
can ensure that links to the Internet are used as efficiently as possible.
The link statistics screen consists of a Link Statistics table. This table
contains the following information:
Status
The Status column indicates the current status of the link. The available
status types are: Available, Unavailable, Offline, and Unknown. Each
status type is represented by a symbol; for example, the available status
type is represented by a green circle.
Link
The Link column displays the name of a link for which the Global
Traffic Manager is responsible. Each name appears as a link. When you
click the link, the properties screen for the link opens.
Throughput (bits/sec)
The Throughput (bits/sec) column contains four subcolumns:
• The In column displays the cumulative number of bits per second sent
to the data center.
• The Out column displays the cumulative number of bits per second
sent from the data center.
• The Total column displays the cumulative number of both incoming
and outgoing bits per second for the link.
• The Over Prepaid displays the amount of traffic, in bits per second,
that has exceeded the prepaid traffic allotment for the link.
In addition to viewing the link data as a table, you can also view it in a graph
format. To use this format, click the Graph button. A graph screen opens,
which shows the amount of traffic used over time. You can change the
amount of time shown in the graph by selecting a value from the Graph
Interval list, located in the Display Options area of the screen.
13 - 10
Viewing Statistics
Server statistics
With Server statistics, you can analyze the amount of traffic flowing to and
from each server. This information can tell you if your resources are
distributed appropriately for your network. You can access the server
statistics by selecting Servers from the Statistics Type list in the Statistics
screen. For information on accessing the Statistics screen, see Accessing
statistics, on page 13-2.
As an example of how the statistics for servers can help you manage your
network resources, consider the fictional company SiteRequest. The IT
department at SiteRequest is considering whether it needs a few more
servers to better manage name resolution requests; however, there is some
debate as to whether the servers should be consolidated at the New York
data center (which the New York team would prefer) or spread out over all
of the data centers. It is also possible that an under-utilized server at one
data center might be moved to another data center. By using the server
statistics, the IT department can look at how much traffic is handled by each
server, giving them the information they need to decide where these new
servers, if any, should go.
The server statistics screen consists of a Server Statistics table. This table
contains the following information:
Status
The Status column indicates the current status of the server. The
available status types are: Available, Unavailable, Offline, and
Unknown. Each status type is represented by a symbol; for example, the
available status type is represented by a green circle.
Server
The Server column displays the name of a server for which the Global
Traffic Manager is responsible. Each name appears as a link. When you
click the link, the properties screen for the server opens.
Virtual Servers
The Virtual Servers column provides a link that opens a virtual server
details screen for the server. This screen displays connection statistics for
each virtual server at a data center, including the number of times the
virtual server was selected for a name resolution request and the amount
of traffic flowing from and to the server. You can return to the main data
center statistics screen by clicking the Back button in the Display
Options area of the screen.
Picks
The Picks column displays the cumulative number of times the Global
Traffic Manager picked a server to handle a name resolution request.
Connections
The Connections column displays the cumulative number of requests that
the Global Traffic Manager resolved using a resource from the
corresponding data center.
Throughput (bits/sec)
The Throughput (bits/sec) column contains two subcolumns:
• The In column displays the cumulative number of bits per second sent
to the server.
• The Out column displays the cumulative number of bits per second
sent from the server.
Throughput (packets/sec)
The Throughput (packets/sec) column contains two subcolumns:
• The In column displays the cumulative number of packets per second
sent to the server.
• The Out column displays the cumulative number of packets per
second sent from the server.
13 - 12
Viewing Statistics
a name resolution request and the amount of traffic flowing from and to
the server. You can return to the main data center statistics screen by
clicking the Back button in the Display Options area of the screen.
Picks
The Picks column displays the cumulative number of times the Global
Traffic Manager picked a server to handle a name resolution request.
Connections
The Connections column displays the cumulative number of requests that
the Global Traffic Manager resolved using a resource from the
corresponding data center.
Throughput (bits/sec)
The Throughput (bits/sec) column contains two subcolumns:
• The In column displays the cumulative number of bits per second sent
to the server.
• The Out column displays the cumulative number of bits per second
sent from the server.
Throughput (packets/sec)
The Throughput (packets/sec) column contains two subcolumns:
• The In column displays the cumulative number of packets per second
sent to the server.
• The Out column displays the cumulative number of packets per
second sent from the server.
Paths statistics
The paths statistics captured by the Global Traffic Manager provide
information on how quickly traffic moves between a Local DNS and a
resource for which the Global Traffic Manager is responsible. Information
presented in the paths statistics screen includes details on round trip times
(RTT), hops, and completion rates.You can access the paths statistics by
selecting Paths from the Statistics Type list in the Statistics screen. For
information on accessing the Statistics screen, see Accessing statistics, on
page 13-2.
Paths statistics are primarily used when you employ a dynamic load
balancing mode for a given wide IP or pool. You can use the information in
the Paths statistics to get an overall sense of how responsive your wide IPs
are in relation to the Local DNSes that have been sending name resolution
requests to a wide IP.
The paths statistics screen consists of a paths statistics table. This table
contains the following information:
Local DNS Address
The Local DNS Address column displays the IP address of each Local
DNS that has sent a name resolution request for a wide IP for which the
Global Traffic Manager is responsible.
Link
The Link column displays the ISP link that the Global Traffic Manager
used to send and receive data from the Local DNS.
Round Trip Time (RTT)
The Round Trip Time (RTT) column contains two subcolumns:
• The Current subcolumn displays the current round trip time between
the Local DNS and the Global Traffic Manager.
• The Average subcolumn displays the average round trip time between
the Local DNS and the Global Traffic Manager.
Hops
The Hops column contains two subcolumns:
• The Current subcolumn displays the current number of hops between
the Local DNS and the Global Traffic Manager.
• The Average subcolumn displays the average number of hops
between the Local DNS and the Global Traffic Manager.
Completion Rate
The Completion Rate column contains two subcolumns:
• The Current subcolumn displays the current completion rate of
transactions between the Local DNS and the Global Traffic Manager.
• The Average subcolumn displays the average completion rate of
transactions between the Local DNS and the Global Traffic Manager.
13 - 14
Viewing Statistics
The local DNS statistics screen consists of a local DNS statistics table. This
table contains the following information:
IP Address
The IP Address column displays the IP address of each Local DNS that
has sent a name resolution request for a wide IP for which the Global
Traffic Manager is responsible.
Requests
The Requests column displays the number of times this Local DNS has
made a name resolution request that the Global Traffic Manager handled.
Last Accessed
The Last Accessed column displays the last time the Local DNS
attempted a connection to the Global Traffic Manager.
Location
The Location column contains four subcolumns:
• The Continent subcolumn displays the continent on which the Local
DNS resides.
• The Country subcolumn displays the country in which the Local DNS
is located.
• The State subcolumn displays the state in which the Local DNS is
located.
• The City subcolumn displays the city in which the Local DNS is
located.
13 - 16
14
Collecting Metrics
• Defining metrics
Defining metrics
When you decide to use the Global Traffic Manager to collect metrics on the
LDNS servers that attempt to access your network resources, you can define
the following characteristics:
• The types of metrics collected (either hops, paths, both, or disabled)
• The time-to-live (TTL) values for each metric
• The frequency at which the system updates the data
• The size of a packet sent (relevant for hop metrics only)
• The length of time that can pass before the system times out the
collection attempt
• The number of packets sent for each collection attempt
While each of these settings is important, the ones that perhaps require the
most planning beforehand are the TTL values. In general, the lower the TTL
value, the more often the Global Traffic Manager probes an LDNS. This
improves the accuracy of the data, but increases bandwidth usage.
Conversely, increasing the TTL value for a metric lowers the bandwidth
your network uses, but increases the chance that the Global Traffic Manager
is basing its load balancing operations off of stale data
An additional consideration is the number of LDNS servers that the Global
Traffic Manager queries. The more LDNS servers that the system queries,
the more bandwidth is required to ensure those queries are successful. As
you can see, setting the TTL values for metrics collection can require
incremental fine-tuning. We recommend that you periodically check the
TTL values that you set, and verify that they are appropriate for your
network.
To define metrics
1. On the Main tab of the navigation pane, expand System and then
click General Properties.
The General properties screen opens.
2. From the Global Traffic menu, choose Metrics Collection.
The metrics collection screen opens.
3. In the Configuration area, assign values to the different
metrics-related settings.
For detailed information on these settings, please see the online
help.
4. Click the Update button.
14 - 2
Collecting Metrics
With these probes, it does not matter if the Global Traffic Manager receives
a valid response, such as the name of the LDNS, as queried by the
DNS_REV probe, or a request refused statement. The relevant information
is the metrics generated between the probe request and the response. For
example, the Global Traffic Manager uses the DNS_REV probe to query
two LDNS servers. The first LDNS responds to the probe with its name, as
per the request. The second LDNS, however, responds with a request
refused statement, because it is configured to not allow such requests. In
both cases, the probe was successful, because the Global Traffic Manager
was able to acquire data on how long it took for both LDNS servers to
respond to the probe.
You can configure the Global Traffic Manager to use a select number of
probes, or you can assign all five. The more probes that the Global Traffic
Manager uses, the more bandwidth is required.
To assign a probe
1. On the Main tab of the navigation pane, expand System and then
click General Properties.
The General screen opens.
2. From the Global Traffic menu, choose Metrics Collection.
The metrics collection screen opens.
3. In the Local DNS (LDNS) area, use the options provided in the
Metrics Collection Protocol option to assign the relevant probes.
4. In the Metrics Caching box, define the number of seconds for
which the Global Traffic Manager will keep the collected metrics
data.
This value determines how often the system will probe a given
LDNS. The default value is 3600 seconds, or one hour.
5. In the Inactive Local DNS TTL box, define the number of seconds
for which an LDNS can be inactive before the Global Traffic
Manager considers it inactive.
The Global Traffic Manager stops probing LDNS servers that are
considered inactive. The default value is 2419200, or 28 days.
6. Click the Update button to save your changes.
14 - 4
Collecting Metrics
Hops TTL Specifies the number of seconds that the Global Traffic Manager considers 604800
traceroute data to be valid. (seven days)
Paths TTL Specifies the number of seconds that the Global Traffic Manager uses path 2400
information for name resolution and load balancing.
Inactive Path TTL Specifies the number of seconds that a path remains in the cache after its 604800
last access. (seven days)
Inactive Local DNS Specifies the number of seconds that a local DNS remains in the cache 2419200
TTL after its last access. (28 days)
Each resource also has a timer value. A timer value defines the frequency
(measured in seconds) at which the Global Traffic Manager refreshes the
metrics information it collects. In most cases, the default values for the TTL
and timer parameters are adequate. However, if you make changes to any
TTL or timer value, keep in mind that an object’s TTL value must be greater
than its timer value.
Table 14.2 describes each timer value, as well as its default setting.
Hops data refresh Specifies the frequency (in seconds) at which the Global Traffic 60
Manager retrieves traceroute data (traceroutes between each data
center and each local DNS).
Paths refresh Specifies the frequency (in seconds) at which the Global Traffic 120
Manager refreshes path information (for example, round trip time or
ping packet completion rate).
Sync Time Tolerance Specifies the number of seconds that one system’s time setting is 10
allowed to be out of sync with another system’s time setting.
Note: If you are using NTP to synchronize the time of the Global
Traffic Manager with a time server, leave the time tolerance at the
default value of 10. In the event that NTP fails, the Global Traffic
Manager uses the time_tolerance variable to maintain
synchronization.
This setting is available in the General screen of the Global Traffic
Manager’s general properties section.
Timer Sync State Specifies the interval (in seconds) at which the Global Traffic Manager 30
checks to see if it should change states (from Principal to Receiver or
from Receiver to Principal).
This setting is available in the General screen of the Global Traffic
Manager’s general properties section.
Metrics Caching Specifies the interval (in seconds) at which the Global Traffic Manager 3600
archives the paths and metrics data.
This setting is available in the General screen of the Global Traffic
Manager’s general properties section.
14 - 6
Collecting Metrics
14 - 8
15
Writing iRules
• Creating iRules
• Assigning iRules
• Removing iRules
Writing iRules
What is an iRule?
An iRule is a script that you write if you want individual connections to
target a pool other than the default pool defined for a virtual server. iRules
allow you to more directly specify the pools to which you want traffic to be
directed. Using iRules, you can send traffic not only to pools, but also to
individual pool members or hosts.
The iRules you create can be simple or sophisticated, depending on your
content-switching needs. Figure 15.1 shows an example of a simple iRule.
when DNS_REQUEST {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
}
This iRule is triggered when a DNS request has been detected, causing the
Global Traffic Manager to send the packet to the pool my_pool, if the IP
address of the local DNS making the request matches 10.10.10.10.
iRules can direct traffic not only to specific pools, but also to individual pool
members, including port numbers and URI paths, either to implement
persistence or to meet specific load balancing requirements.
The syntax that you use to write iRules is based on the Tool Command
Language (Tcl) programming standard. Thus, you can use many of the
standard Tcl commands, plus a set of extensions that the Global Traffic
Manager provides to help you further increase load balancing efficiency.
Event declarations
iRules are event-driven, which means that the Global Traffic Manager
triggers an iRule based on an event that you specify in the iRule. An event
declaration is the specification of an event within an iRule that causes the
Global Traffic Manager to trigger that iRule whenever that event occurs.
Examples of event declarations that can trigger an iRule are
DNS_REQUEST, which triggers an iRule whenever the system receives a
DNS request, and LB_SELECTED, which triggers an iRule when a request
is sent to a specific pool.
For more information on iRule events, see Specifying events, on page 15-7.
Operators
An iRule operator compares two operands in an expression. In addition to
using the Tcl standard operators, you can use the operators listed in Table
15.1.
Operator Syntax
contains
Relational matches
operators equals
starts_with
ends_with
matches_regex
not
Logical and
operators or
For example, you can use the contains operator to compare a variable
operand to a constant. You do this by creating an if statement that represents
the following: "If the client’s IP address contains 192.168.5.5, send to pool
aol_pool." Figure 15.2, on page 15-3 shows an iRule that performs this
action.
15 - 2
Writing iRules
when DNS_REQUEST {
if { [IP::client_addr] contains "1.2.3.4" } {
pool aol_pool
} else {
pool all_pool
}
}
iRule commands
An iRule command within an iRule causes the Global Traffic Manager to
take some action, such as querying for data, manipulating data, or specifying
a traffic destination. The types of commands that you can include within
iRules are:
Statement commands
These commands cause actions such as selecting a traffic destination or
assigning a SNAT translation address. An example of a statement
command is pool <name>, which directs traffic to the named load
balancing pool. For more information, see Using statement commands,
on page 15-8.
Protocol commands
These commands search for header and content data. An example of a
protocol command is IP::remote_addr, which searches for and returns
the remote IP address of a connection. For more information on protocol
commands, see Using protocol commands, on page 15-14.
Utility commands
These commands are functions that are useful for parsing and
manipulating content. An example of a utility command is findstr(),
which searches a given piece of text for a specific string. For more
information on using utility commands, see Using utility commands, on
page 15-11.
when DNS_REQUEST {
if { [wideip name] ends_with ".org" } {
pool org_pool
} elseif { [wideip name] ends_with ".com" } {
pool com_pool
}
}
when DNS_REQUEST {
if { [wideip name] ends_with ".com" } {
host 10.1.2.200 80
}
}
15 - 4
Writing iRules
Creating iRules
You create an iRule using the Configuration utility.
To create an iRule
1. On the Main tab of the navigation pane, expand Global Traffic and
click iRules.
The iRules screen opens.
2. Click the Create button.
3. In the Name box, type a 1- to 31-character name.
4. In the Definition box, type the syntax for your iRule.
5. If you want to expand the length of the Definition box, check
Extend Text Area. Also, if you want the contents of the iRule to
wrap within the box, check Wrap Text.
6. Click the Finished button to save your changes.
For detailed syntax information on writing iRules, see the remainder of this
chapter.
Assigning iRules
Within the Global Traffic Manager, you assign iRules to the wide IPs in
your network configuration.
To assign an iRule
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Wide IPs.
The main screen for wide IPs opens.
2. Click the name of the wide IP to which you want to assign an iRule.
The properties screen for the wide IP opens.
3. On the menu bar, click iRules.
The main iRules screen for the wide IP opens.
4. Click the Manage button.
The Manage iRules screen opens.
5. From the iRule list, select an appropriate iRule.
6. Click the Add button.
The new rule appears in the list of assigned iRules.
7. Click the Finished button to save your changes.
15 - 6
Writing iRules
Specifying events
The iRules feature includes several types of event declarations that you can
make in an iRule. Specifying an event declaration determines when the
Global Traffic Manager evaluates the iRule. The following sections list and
describe these event types. Also described is the concept of iRule context
and the use of the when keyword.
Event types
The iRule command syntax includes several types of event declarations that
you can specify within an iRule. These event types are listed in table 15.2.
Global Events
DNS_REQUEST Triggered when a DNS request is received from a client.
LB_SELECTED Triggered when the Global Traffic Manager has selected a target node.
LB_FAILED Triggered when a connection to the server was unable to complete. This might
occur if the pool has no available members or a selected pool member is
otherwise not available.
15 - 8
Writing iRules
Table 15.3 lists and describes statement commands that you can use within
iRules.
discard Causes the current packet or connection (depending on the context of the
event) to be discarded. This statement must be conditionally associated with
an if statement.
[use] host <string> Causes the server host, as identified by a string, to be used directly, thus
bypassing any load-balancing.
if { <expression> } { Asks a true or false question and, depending on the answer, takes some
<statement_command> action.
}
Note that the maximum number of if statements that you can nest in an iRule
elseif { <expression> } { is 100.
<statement_command>
}
log [<facility>.<level>] <message> Generates and logs the specified message to the Syslog facility.
[use] host <addr> [<port>] Causes the server host, as identified by IP address and, optionally, port
number, to be used directly, thus bypassing any load-balancing.
[use] pool <pool_name> [member Causes the Global Traffic Manager to load balance traffic to the named pool.
<addr> [<port>]] This statement must be conditionally associated with an if statement.
Optionally, you can specify a specific pool member to which you want to direct
the traffic.
reject Causes the connection to be rejected, returning a reset as appropriate for the
protocol.
ttl <value> Overrides the default time-to-live value. If this command is used for a CNAME,
the value overrides the default of 0. If this command is used for a pool, the
value overrides the time-to-live value for that pool.
whereis <ip> [[country] [continent]] Returns the geographic location of a specific IP address. If the keywords
[country] or [continent] are not specified, this command returns all location
data.
15 - 10
Writing iRules
Command Description
findstr Finds a string within another string and returns the string starting at the offset specified from the
match.
substr Finds a string within another string and returns the string starting at the offset specified from the
match.
findclass Finds the member of a data group that contains the result of the specified expression, and returns
that data group member or the portion following the separator, if a separator was provided.
host Searches for a specific host name within the supplied <string>.
findstr
The findstr command finds the string <search_string> within <string> and
returns a sub-string based on the <skip_count> and <terminator> from the
matched location.
Note the following;
• <terminator> may be either a character or length.
• If <skip_count> is not specified, it defaults to zero.
• If <terminator> is not specified, it defaults to the end of the string.
• This command (without <skip_count> or <terminator>) is equivalent
to the following Tcl command: "string range <string> [string first
<string> <search_string>] end".
when DNS_REQUEST {
if { [findstr [IP::protocol]] equals "tcp" } {
pool tcp_servers
} else {
pool udp_servers
}
}
substr
The substr command returns a sub-string <string> based on the values of
<skip_count> and <terminator>.
Note the following:
• The <skip_count> and <terminator> arguments are used in the same
way as they are for the findstr command.
• This command is equivalent to the Tcl string range command except
that the value of <terminator> may be either a character or a count.
findclass
The findclass command searches a data group list for a member that starts
with <string> and returns the data-group member string. The member is not
required to be equal; instead, the member is only required to start with the
string and the command returns the entire member value.
The syntax of the findclass command is:
findclass <string> <data group> [(separator)]
Note that if a separator is specified, the data group member is split on the
separator, and the latter portion (that is, the portion following the separator)
is returned.
host
The host command searches for a specific host name within the supplied
<string>. This command also has a counterpart, host <ip> which searches
for an IP address instead of a name.
The syntax of the host command is:
host <string>
15 - 12
Writing iRules
crc32 <string> Returns the crc32 checksum for the provided string, or if an error occurs, an
empty string. Used to ensure data integrity.
md5 <string> Returns the RSA Data Security, Inc. MD5 Message Digest Algorithm (md5)
message digest of the provided string, or if an error occurs, an empty string.
Used to ensure data integrity.
active_members <pool name> Returns the number of active members in the pool.
member_priority <pool name> Returns the priority for pool member ip:port.
member <ip> [<port>]
LB::server Returns the name of the server selected for a load balancing operation.
IP commands
The Global Traffic Manager supports the following IP commands.
IP::remote_addr Returns the IP address of the client for a given name resolution request.
Equivalent to IP::client_addr.
IP::local_addr Returns the IP address of the server for a given name resolution request.
Equivalent to IP::server_addr.
IP::client_addr Returns the IP address of the client for a given name resolution request.
Equivalent to IP::remote_addr.
IP::server_addr Returns the IP address of the server for a given name resolution request.
Equivalent to IP::local_addr.
TCP commands
The Global Traffic Manager supports the following TCP commands.
15 - 14
Writing iRules
UDP commands
The Global Traffic Manager supports the following UDP commands.
Removing iRules
Within the Global Traffic Manager, you can remove an iRule from a wide IP
at any time.
To remove an iRule
1. On the Main tab of the navigation pane, expand Global Traffic and
then click Wide IPs.
The main screen for wide IPs opens.
2. Click the name of the wide IP to which you want to assign an iRule.
The properties screen for the wide IP opens.
3. On the menu bar, click iRules.
The main iRules screen for the wide IP opens.
4. Click Manage.
The Manage iRules screen opens.
5. Select the iRule that you would like to remove, and then click the
Remove button to remove it.
6. Click the Finished button to save your changes.
15 - 16
16
Managing DNS Files with ZoneRunner
• Introducing ZoneRunner
Introducing ZoneRunner
One of the modes in which you operate the Global Traffic Manager is the
node mode. In the node mode, the Global Traffic Manager is responsible not
only for load balancing name resolution requests and monitoring the health
of your physical and logical network; it is also responsible for maintaining
the DNS zone files that map name resolution requests to the appropriate
network resource.
In the Global Traffic Manager, you create, manage, and maintain DNS files
using the ZoneRunner™ utility. The ZoneRunner utility is a zone file
management utility that can manage both DNS zone files and your BIND
configuration. With the ZoneRunner utility, you can:
• Manage the DNS zones and zone files for your network, including
importing and transferring zone files
• Manage the resource records for those zones
• Manage views (a BIND 9 feature)
• Manage a local name server and its configuration file, named.conf
Note
In the Configuration utility, you must configure a zone before you configure
any other objects in the ZoneRunner utility.
16 - 2
Managing DNS Files with ZoneRunner
To create a zone
1. On the Main tab of the navigation pane, expand Global Traffic and
click ZoneRunner.
The Resource Records List screen opens.
2. On the menu bar, click Zone List.
The Zone List screen opens.
3. Click the Create button.
The New Zone screen opens.
4. From the View Name list, select a view with which to associate the
new zone.
The default setting is external.
5. In the Zone Name box, type a fully-qualified domain name for the
zone.
Note: Do not forget the trailing dot ( . ) at the end of the name.
6. From the Zone Type list, select the type of zone that you are
configuring.
The screen refreshes to display the configuration settings for the
zone type.
Note
Each zone type has unique characteristics. The following sections describe
how to create each zone type.
Note
The following procedure assumes you have completed the steps as listed in
the previous section, Creating zone files, on page 16-2.
Note
The following procedure assumes you have completed the steps as listed in
the previous section, Creating zone files, on page 16-2.
16 - 4
Managing DNS Files with ZoneRunner
Note
The following procedure assumes you have completed the steps as listed in
the previous section, Creating zone files, on page 16-2.
Note
The following procedure assumes you have completed the steps as listed in
the previous section, Creating zone files, on page 16-2.
16 - 6
Managing DNS Files with ZoneRunner
4. On the New Zone screen, select Slave from the Zone Type list.
The screen refreshes to display the configuration options for a slave
zone.
5. In the Reverse Zone Name box, type the name of the reverse zone,
and then select the appropriate ARPA address, depending on
whether you are using IPv4 or IPv6.
6. In the Reverse Zone File Name box, type the name of the file for
the reverse zone.
7. Click the Finished button to save your changes.
Note
The following procedure assumes you have completed the steps as listed in
the previous section, Creating zone files, on page 16-2.
7. In the Options box, you can type any additional statements that the
zone requires. Do not delete the forwarders statement as the system
needs this to maintain compatibility with the wide IP information.
Important: Exercise caution when typing in the Options box. The
system writes any changes you make directly to the named.conf file.
For information on available options and syntax, refer to the BIND
documentation mentioned at the beginning of this chapter.
8. Click the Finished button to save your changes.
Note
Note
16 - 8
Managing DNS Files with ZoneRunner
4. From the View Name list, select a view with which to associate the
new zone.
The default setting is external.
5. In the Zone Name box, type a fully-qualified domain name for the
zone.
6. From the Zone Type list, select Master.
7. From the Records Creation Method, select Load From File.
8. In the Upload Records File box, located in the Records Creation
section, type the path to the zone file.
Alternatively, you can click the Browse button to navigate to the
file.
9. Click the Finished button to save your changes.
Note
Modifying zones
Through the ZoneRunner utility, you can modify zones on an as-needed
basis. For example, you can increase or decrease the time-to-live (TTL)
value for the zone, or change the master server for the zone.
Note
You can also add resource records to an existing zone file. See Working
with resource records, on page 16-11.
To modify a zone
1. On the Main tab of the navigation pane, expand Global Traffic and
click ZoneRunner.
The Resource Records List screen opens.
2. On the menu bar, click Zone List.
The main screen for the zone opens.
3. Click the name of the zone that you want to modify.
The properties screen for the zone opens.
4. Modify the settings for the zone as needed.
5. Click the Update button to save your changes.
Deleting zones
With the ZoneRunner utility, you can delete zones that either have become
obsolete or are no longer relevant to the Global Traffic Manager due to a
network configuration change. For example, you might adjust your name
servers, after which the Global Traffic Manager is no longer responsible for
a specific zone.
To delete a zone
1. On the Main tab, expand Global Traffic and click ZoneRunner.
The Resource Records List screen opens.
2. On the menu bar, click Zone List.
The main screen for the zone opens.
16 - 10
Managing DNS Files with ZoneRunner
Note
Although case is preserved in names and data fields when loaded into the
name server, comparisons and lookups in the name server database are not
case-sensitive.
16 - 12
Managing DNS Files with ZoneRunner
Note
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
To create an A record
1. On the New Resource Record screen, select A from the Type list.
The screen refreshes to display the configuration options for an A
resource record.
2. In the IP Address box, type the IP address for the A record.
3. If you want to create a reverse record that corresponds to this record,
check Create Reverse Record.
4. Click the Finished button to save your changes.
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
16 - 14
Managing DNS Files with ZoneRunner
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
To create an MX record
1. On the New Resource Record screen, select MX from the Type list.
The screen refreshes to display the configuration options for an MX
resource record.
2. In the Preference box, type the preference for the mail server.
Preference is a numeric value for the preference of this mail
exchange host relevant to all other mail exchange hosts for the
domain. Lower numbers indicate a higher preference, or priority.
3. In the Mail Server box, type the appropriate domain name for the
mail server.
4. Click the Finished button to save your changes.
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
To create an NS record
1. On the New Resource Record screen, select NS from the Type list.
The screen refreshes to display the configuration options for an NS
resource record.
2. In the Name Server box, type the appropriate domain name for the
resource record.
3. Click the Finished button to save your changes.
16 - 16
Managing DNS Files with ZoneRunner
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
Note
The following procedure assumes you have completed the steps as listed in
Creating resource records, on page 16-12.
16 - 18
Managing DNS Files with ZoneRunner
3. Click the name of the zone to which you want to add a resource
record.
The properties screen for that zone opens.
4. Click the Add Resource Record button, located at the bottom of
the screen.
The New Resource Record screen opens, with the View and Zone
Name options filled out to reflect the appropriate settings for the
zone file.
5. Create the new resource record as needed.
See Creating resource records, on page 16-12 for more information.
6. Click the Finished button to save your changes.
Adding views
If you have a DNS that is accessed from multiple communities, you can
create a view for each community. Depending on the community, the name
server uses a different configuration for resolving name requests.
To add a view
1. On the Main tab, expand Global Traffic and click ZoneRunner.
The Resource Records List screen opens.
Modifying views
As the needs of the communities attempting to access the Global Traffic
Manager as a DNS change, you might need to modify your views. Through
the ZoneRunner utility, you can modify a view at any time.
To modify a view
1. On the Main tab, expand Global Traffic and click ZoneRunner.
The Resource Records List screen opens.
2. On the menu bar, click View List.
The View List screen opens.
3. Click the name of the view you want to modify.
The properties screen for the view opens.
4. Modify the view settings as needed. Note that you cannot change
the name of the view.
5. Click Update to apply your changes.
Deleting views
If a view is no longer necessary for your name resolutions, you can delete it
from the ZoneRunner utility.
To delete a view
1. On the Main tab, expand Global Traffic and click ZoneRunner.
The Resource Records List screen opens.
2. On the menu bar, click View List.
The View List screen opens.
3. Click the name of the view you want to delete.
The properties screen for the view opens.
16 - 20
Managing DNS Files with ZoneRunner
Important
This section assumes that you are fully familiar with the named.conf file
and the syntax of its contents. Modifying the named.conf file carries a high
level of risk, as a syntax error can prevent the entire BIND system from
performing as expected. For this reason, we recommend that you use the
user interface of the ZoneRunner utility whenever possible, and that you
exercise caution when editing the named.conf file.
16 - 22
A
Working with the big3d Agent
Note
We recommend that you have a big3d agent running on at least one system
in each data center in your network. This configuration ensures that the
Global Traffic Manager has timely access to the metrics associated with
network traffic
A-2
Working with the big3d Agent
big3d agent to each BIG-IP system in the network. See the release notes
provided with the Global Traffic Manager software for information about
which versions of the BIG-IP software the current big3d agent supports.
For details on installing the big3d agent, see Installing the big3d agent,
following.
Setting up communications between big3d agents and other systems
Before the big3d agents can communicate with the Global Traffic
Managers in the network, you need to configure the appropriate ports and
tools to allow communication between the devices running the big3d
agent and Global Traffic Managers in the network. These planning issues
are discussed in Setting up communication between Global Traffic
Managers and other servers, on page A-5.
The big3d agent installed with the Global Traffic Manager automatically
attempts to communicate with the other BIG-IP systems. If it determines
that it is communicating with an older big3d agent, it automatically replaces
that agent with the latest version.
The load on the big3d agents depends on the timer settings that you assign
to the different types of data the big3d agents collect. The shorter the timers,
the more frequently the big3d agent needs to refresh the data. While short
timers guarantee that you always have valid data readily available for load
balancing, they also increase the frequency of data collection.
Another factor that can affect data collection is the number of client LDNS
servers that make name resolution requests. The more LDNS servers that
make resolution requests, the more path data that the big3d agents have to
collect. While round trip time for a given path may vary constantly due to
current network load, the number of hops along a network path between a
data center and a specific LDNS does not often change. Consequently, you
may want to set short timer settings for round trip time data so that it
refreshes more often, but set high timer settings for hops data because it
does not need to be refreshed often.
A-4
Working with the big3d Agent
Table A.2 shows the protocols and corresponding ports used for iQuery
communications between big3d agents and SNMP agents that run on host
servers.
big3d agent host SNMP agent UDP >1023 161 Ephemeral ports used to make
SNMP queries for host statistics
host SNMP agent big3d agent UDP 161 >1023 Ephemeral ports used to receive
host statistics using SNMP
Table A.2 Communication protocols and ports between big3d agents and SNMP agents on hosts
big3d LDNS TCP >1023 53 Probe using TCP (Cisco routers: allow establish)
LDNS big3d TCP 53 >1023 Replies using TCP (Cisco routers: allow
establish)
LDNS big3d ICMP N/A N/A Replies to ICMP, UDP pings, or traceroute
probes
big3d LDNS dns_rev >1023 53 Probe using DNS rev or DNS dot
dns_dot
LDNS big3d dns_rev 53 >1023 Replies to DNS rev or DNS dot probes
dns_dot
Table A.3 Communications between big3d agents and local DNS servers
A-6
B
Working with SNMP
Using the Configuration utility, you can configure the Global Traffic
Manager SNMP agent to send traps to your network management system.
You can also set up custom traps by editing several configuration files.
Note
B-2
Working with SNMP
/etc/hosts.allow
The /etc/hosts.allow file specifies the hosts that are allowed to access the
SNMP agent. You can configure access to the SNMP agent with the
/etc/hosts.allow file in one of two ways:
• By typing in an IP address, or list of IP addresses that are allowed to
access the SNMP agent.
• By typing in a network address and mask to allow a range of addresses in
a subnet to access the SNMP agent
WARNING
The /etc/hosts.allow file must contain the following entry, which is in the file
by default: snmpd : 127.0.0.1. If you remove this entry, the Global Traffic
Manager cannot properly poll using SNMP.
In the following example, the SNMP agent accepts connections from the
specified IP addresses only:
snmpd: 128.95.46.5 128.95.46.6 128.95.46.7
For example, the following syntax sets the snmpd daemon to allow
connections from the 128.95.46.0/255.255.255.0 address range:
snmpd: 128.95.46.0/255.255.255.0
The previous example allows the 256 possible hosts from the network
address 128.95.46.0 to access the SNMP daemon. You may also use the
keyword ALL to allow access for all hosts or all daemons.
Note
If you prefer, instead of modifying this file from the command line, you can
use the Configuration utility to specify the hosts that are allowed to access
the SNMP agent. See To set SNMP properties using the Configuration
utility, on page B-8.
/etc/hosts.deny
The /etc/hosts.deny file must be present to deny, by default, all UDP
connections to the SNMP agent. The contents of this file are as follows:
ALL : ALL
/etc/snmpd.conf
The /etc/snmpd.conf file controls most aspects of the SNMP agent. This file
is used to set up and configure certain traps, passwords, and general SNMP
variable names.
The following list contains a few of the necessary variables:
System Contact Name
The System Contact is a MIB-II simple string variable defined by almost
all SNMP systems. It usually contains a user name and an email address.
This is set by the syscontact key.
Machine Location (string)
The Machine Location is a MIB-II variable that is supported by almost
all systems. It is a simple string that defines the physical location of the
system. This is set by the syslocation key.
Community String
The community string clear text password is used for basic SNMP
security. This also maps to VACM groups, but for initial read-only
access, it is limited to only one group.
Trap Configuration
Trap configuration is controlled by these entries in the /etc/snmpd.conf
file:
• trapsink <host>
This sets the host to receive trap information. The <host> variable is
an IP address.
• trapport <port>
This sets the port on which traps are sent. There must be one trapport
line for each trapsink host.
• trapcommunity <community string>
This sets the community string (password) for sending traps. Once set,
it also sends a trap upon startup: coldStart(0).
B-4
Working with SNMP
• authtrapenable <integer>
Set this variable to 1 so that traps can be sent for authentication
warnings. Set the variable to 2 to disable it.
Note: To change the trap port, be sure the trapport line precedes the
trapsink line. If you use more than one trapsink line, there must be
one trapport line before each trapsink line. The same is true for
trapcommunity; if you use more than one trapcommunity line, there
must be one trapcommunity line before each trapsink line.
System IP Setting
You must set the system IP address using the sysip command; if this
setting is not present, the checktrap.pl script fails to send all Global
Traffic Manager-specific traps. Use the following syntax to set the
system IP address:
sysip <Global Traffic Manager IP address>
Note
If you prefer, instead of modifying this file from the command line, you can
use the Configuration utility to set these SNMP properties. See To set
SNMP properties using the Configuration utility, on page B-8.
/etc/3dns_snmptrap.conf
The configuration in the /etc/3dns_snmptrap.conf file determines which
messages generate traps and what those traps are. The file includes OIDS,
traps, and regular expression mappings. The configuration file specifies
whether to send a specific trap based on a regular expression. An excerpt of
the configuration file is shown in Figure B.1.
# Default traps.
.1.3.6.1.4.1.3375.1.2.2.2.0.1 (SNMP_TRAP: VS.*?state change green.*?red) VIRTUAL SERVER
GREEN TO RED
Some of the OIDs have been permanently mapped to specific Global Traffic
Manager events. The OIDs that are permanently mapped for the Global
Traffic Manager include:
• Virtual server green to red
• Virtual server red to green
To see events that are triggering an SNMP trap, look in the var/log/3dns
directory.
/etc/syslog.conf
To generate traps, you must configure syslog to send syslog lines to
checktrap.pl. If the syslog lines match a specified regular expression in the
3dns_snmptrap.conf file, the checktrap.pl script generates a valid SNMP
trap. The following line in the /etc/syslog.conf file causes the syslog utility
to send the specified log output to the checktrap.pl script. The
checktrap.pl script then compares the logged information to the
3dns_snmptrap.conf file to determine if a trap should be generated.
local2.warning | exec /sbin/checktrap.pl.
Note
B-6
Working with SNMP
Date removal
This option turns off automatic date removal. Normally, each input line
is expected to begin with a date. Typically, this date is removed before
the trap is sent. This option keeps the date information in the trap. If you
do not add this option, the date is removed from the trap by default.
no_date_strip
Usage
This option prints a usage string.
usage
Note
WARNING
The /etc/hosts.allow file must contain the following entry, which is in the file
by default: snmpd : 127.0.0.1. If you remove this entry, the Global Traffic
Manager cannot properly poll using SNMP. When you use the
Configuration utility to configure the systems’s SNMP properties, this
address is already listed in the Allow List box.
B-8
Working with SNMP
The Global Traffic Manager gathers metrics for BIG-IP systems, third-party
load balancers andseveral host servers. Refer to Table B.1 for information
on the host server types and the specific metrics that can be collected for
each host type. To see the current performance of any of these server
metrics, review the Metrics statistics screen.
Metrics collected:
BIG-IP system X X X X
BSD, UC Davis X X X X X X
CacheFlow X X X X
Cisco LocalDirector X X X
Cisco LocalDirector X X X
Cisco SLB X X
Extreme X X X X
Foundry® ServerIron X X X X
Linux, UC Davis X X X X X
NetApp® appliance X X X X X X
Sun® Solaris X X X X
Windows® 2000 X X X X
Server
Table B.1 Server types and the metrics collected by the Global Traffic Manager
Note
The Cisco LocalDirector metric shows new connections per second rather
than current connections.
B - 10
Working with SNMP
B - 12
Glossary
Glossary
3-DNS Controller
See Global Traffic Manager.
A record
The A record is the ADDRESS resource record that a Global Traffic
Manager returns to a local DNS server in response to a name resolution
request. The A record contains a variety of information, including one or
more IP addresses that resolve to the requested domain name.
active unit
In a redundant system, an active unit is a system that currently load balances
name resolution requests. If the active unit in the redundant system fails, the
standby unit assumes control and begins to load balance requests.
alternate method
The alternate method specifies the load balancing mode that the Global
Traffic Manager uses to pick a virtual server if the preferred method fails.
See also fallback method, preferred method.
big3d agent
The big3d agent is a monitoring agent that collects metrics information
about server performance and network paths between a data center and a
specific local DNS server. The 3-DNS uses the information collected by the
big3d agent for dynamic load balancing.
CDN switching
CDN switching is the functionality of the Global Traffic Manager that
allows a user to redirect traffic to a third-party network, or transparently
switch traffic to a CDN. The two features of the Global Traffic Manager that
make CDN switching possible are geographic redirection and CNAME
pools.
CNAME record
A canonical name (CNAME) record acts as an alias to another domain
name. A canonical name and its alias can belong to different zones, so the
CNAME record must always be entered as a fully qualified domain name.
CNAME records are useful for setting up logical names for network
services so that they can be easily relocated to different physical hosts.
completion rate
The completion rate is the percentage of packets that a server successfully
returns during a given session.
Configuration utility
The Configuration utility is the browser-based application that you use to
configure the Global Traffic Manager.
data center
A data center is a physical location that houses one or more Global Traffic
Managers, BIG-IP systems, or host machines.
domain name
A domain name is a unique name that is associated with one or more IP
addresses. Domain names are used in URLs to identify particular Web
pages. For example, in the URL http://www.f5.com/index.html, the
domain name is f5.com.
Glossary - 2
Glossary
external interface
An external interface is the network interface that can be accessed across a
wide-area network (WAN). See also internal interface.
fail-over
Fail-over is the process whereby a standby unit in a redundant system takes
over when a software failure or hardware failure is detected on the active
unit.
fail-over cable
The fail-over cable is the cable that directly connects the two system units in
a hardware-based redundant system.
fallback method
The fallback method is the third method in a load balancing hierarchy that
the Global Traffic Manager uses to load balance a resolution request. The
Global Traffic Manager uses the fallback method only when the load
balancing modes specified for the preferred and alternate methods fail.
Unlike the preferred method and the alternate method, the fallback method
uses neither server nor virtual server availability for load balancing
calculations. See also preferred method, alternate method.
hops factory
A hops factory is a type of factory run by the big3d agent that collects hops
data about network paths.
host
A host is a network server that manages one or more virtual servers that the
Global Traffic Manager uses for load balancing.
internal interface
An internal interface is a network interface that can be accessed from a
local-area network (LAN). See also external interface.
iQuery
The iQuery protocol is used to exchange information between Global
Traffic Managers and BIG-IP systems. The iQuery protocol is officially
registered with IANA for port 4353, and works on UDP and TCP
connections.
Kilobytes/Second mode
The Kilobytes/Second mode is a dynamic load balancing mode that
distributes connections based on which available server currently processes
the fewest kilobytes per second.
Glossary - 4
Glossary
local DNS
A local DNS is a server that makes name resolution requests on behalf of a
client. With respect to the Global Traffic Manager, local DNS servers are
the source of name resolution requests. Local DNS is also referred to as
LDNS.
metrics information
Metrics information is the data that is typically collected about the paths
between BIG-IP systems and local DNS servers. Metrics information is also
collected about the performance and availability of virtual servers. Metrics
information is used for load balancing, and it can include statistics such as
round trip time, packet rate, and packet loss.
MindTerm SSH
MindTerm SSH is the third-party application on Global Traffic Managers
that uses SSH for secure remote communications. SSH encrypts all network
traffic (including passwords) to effectively eliminate eavesdropping,
connection hijacking, and other network-level attacks. SSH also provides
secure tunneling capabilities and a variety of authentication methods.
name resolution
Name resolution is the process by which a name server matches a domain
name request to an IP address, and sends the information to the client
requesting the resolution.
name server
A name server is a server that maintains a DNS database, and resolves
domain name requests to IP addresses using that database.
named
The named daemon manages domain name server software.
NameSurfer
NameSurfer is the third-party application on Global Traffic Managers that
automatically manages DNS zone files, synchronizing them with the
configuration on the system. NameSurfer automatically updates any
configuration changes that you make using the Configuration utility.
NameSurfer also provides a graphical user interface for DNS zone file
management.
NS record
A name server (NS) record is used to define a set of authoritative name
servers for a DNS zone. A name server is considered authoritative for some
given zone when it has a complete set of data for the zone, allowing it to
answer queries about the zone on its own, without needing to consult
another name server.
packet rate
The packet rate is the number of data packets per second processed by a
server.
path
A path is a logical network route between a data center server and a local
DNS server.
path probing
Path probing is the collection of metrics data, such as round trip time and
packet rate, for a given path between a requesting LDNS server and a data
center server.
persistence
On a Global Traffic Manager, persistence is a series of related requests
received from the same local DNS server for the same wide IP name. When
persistence is turned on, a Global Traffic Manager sends all requests from a
particular local DNS server for a specific wide IP to the same virtual server,
instead of load balancing the requests.
picks
Picks represent the number of times a particular virtual server is selected to
receive a load balanced connection.
pool
A pool is a group of virtual servers managed by a BIG-IP system, or a host.
The Global Traffic Manager load balances among pools (using the Pool LB
Mode), as well as among individual virtual servers.
Glossary - 6
Glossary
pool ratio
A pool ratio is a ratio weight applied to pools in a wide IP. If the Pool LB
mode is set to Ratio, the Global Traffic Manager uses each pool for load
balancing in proportion to the weight defined for the pool.
preferred method
The preferred method specifies the first load balancing mode that the Global
Traffic Manager uses to load balance a resolution request. See also alternate
method, fallback method.
probe protocol
The probe protocol is the specific protocol used to probe a given path and
collect metrics information for the path. The probe protocols available on
the Global Traffic Manager are: ICMP, DNS_REV, DNS_DOT, UDP, and
TCP. The probe protocols that are available change based on the data center
server type.
prober
A prober is a specific thread of the big3d agent that is used for path probing
of a given set of paths.
prober factory
A prober factory is a utility that collects metrics data, such as round trip time
and packet rate, for a given path between a requesting LDNS and a data
center server. Prober factories are managed by the big3d agent, which
reports the path probing metrics to the Global Traffic Manager. Prober
factories can run only on BIG-IP systems.
production rule
A production rule, on the Global Traffic Manager, can change system
behavior under specific operating conditions. For example, a production rule
can switch load balancing modes or can reroute network traffic to a specific
set of servers. Production rules are based on triggers such as time of day or
current network traffic load.
QOS equation
The QOS equation is the equation on which the Quality of Service load
balancing mode is based. The equation calculates a score for a given path
between a data center server and a local DNS server. The Quality of Service
mode distributes connections based on the best path score for an available
data center server. You can apply weights to the factors in the equation, such
as round trip time and completion rate.
ratio
A ratio is the parameter in a virtual server statement that assigns a weight to
the virtual server for load balancing purposes.
Ratio mode
The Ratio load balancing mode is a static load balancing mode that
distributes connections across an pool of virtual servers in proportion to the
ratio weight assigned to each individual virtual server.
redundant system
A redundant system is a pair of systems that are configured for fail-over. In
a redundant system, one system runs as the active unit and the other system
runs as the standby unit. If the active unit fails, the standby unit takes over
and manages resolution requests.
resolver
The resolver is the client part of the Domain Name System. The resolver
translates a program's request for host name information into a query to a
name server, and translates the response into an answer to the program's
request. See also name server.
resource record
A resource record is a record in a DNS database that stores data associated
with domain names. A resource record typically includes a domain name, a
TTL, a record type, and data specific to that record type. See also A record,
CNAME record, NS record.
reverse domains
A type of DNS resolution request that matches a given IP address to a
domain name. The more common type of DNS resolution request starts with
a given domain name and matches that to an IP address.
Glossary - 8
Glossary
secondary DNS
The secondary DNS is a name server that retrieves DNS data from the name
server that is authoritative for the DNS zone.
Setup utility
The Setup utility is a utility that takes you through the initial system
configuration process. The Setup utility runs automatically when you turn
on a system for the first time.
site content
Site content is data (including text, images, audio, and video feeds) that is
accessible to clients who connect to a given site. See also dynamic site
content, static site content.
SSH
SSH is a protocol for secure remote login and other secure network services
over a non-secure network.
standby unit
A standby unit is a system in a redundant system that is always prepared to
become the active unit if the active unit fails.
subdomain
A subdomain is a sub-section of a higher level domain. For example, .com is
a high level domain, and F5.com is a subdomain within the .com domain.
sub-statement
A sub-statement is a logical section within a statement that defines a
particular element in the statement. A sub-statement begins with the
sub-statement name followed by an open brace ( { ) and ends with a closed
brace ( } ). Everything between those braces is part of the sub-statement.
Sub-statements typically define a group of related variables, such as the
calculation coefficients used in Quality of Service load balancing.
synchronization group
A synchronization group is a group of Global Traffic Managers that
synchronize system configurations and zone files (if applicable). All
synchronization group members receive broadcasts of metrics data from the
big3d agents throughout the network. All synchronization group members
also receive broadcasts of updated configuration settings from the Global
Traffic Manager that has the latest configuration changes.
Topology mode
The Topology mode is a static load balancing mode that bases the
distribution of name resolution requests on the weighted scores for topology
records. Topology records are used by the Topology load balancing mode to
redirect DNS queries to the closest virtual server, geographically, based on
location information derived from the DNS query message.
topology record
A topology record specifies a score for a local DNS server location endpoint
and a virtual server location endpoint.
Glossary - 10
Glossary
topology score
The topology score is the weight assigned to a topology record when the
Global Traffic Manager is filtering the topology records to find the best
virtual server match for a DNS query.
topology statement
A topology statement is a collection of topology records.
traceroute
Traceroute is the utility that the hops factory uses to calculate the total
number of network hops between a local DNS server and a specific data
center.
unavailable
The unavailable is a status used for data center servers and virtual servers.
When a data center server or virtual server is unavailable, the Global
Traffic Manager does not use it for load balancing.
unknown
The unknown status is used for data center servers and virtual servers.
When a data center server or virtual server is new to the Global Traffic
Manager and does not yet have metrics information, the Global Traffic
Manager marks its status as unknown. The Global Traffic Manager can use
unknown servers for load balancing, but if the load balancing mode is
dynamic, the Global Traffic Manager uses default metrics information for
the unknown server until it receives live metrics data.
up
The up status is used for data center servers and virtual servers. When a data
center server or virtual server is up, the data center server or virtual server is
available to respond to name resolution requests.
virtual server
A virtual server is a specific combination of a virtual IP address and virtual
port, and is associated with a content site that is managed by a BIG-IP
system or host server.
wide IP
A wide IP is a collection of one or more domain names that maps to one or
more groups of virtual servers managed either by BIG-IP systems, or by
host servers. The Global Traffic Manager load balances name resolution
requests across the virtual servers that are defined in the wide IP that is
associated with the requested domain name.
WKS record
A WKS record is a DNS resource record that describes the services usually
provided by a particular protocol on a specific port.
zone
In DNS terms, a zone is a subset of DNS records for one or more domains.
zone file
In DNS terms, a zone file is a database set of domains with one or many
domain names, designated mail servers, a list of other name servers that can
answer resolution requests, and a set of zone attributes, which are contained
in an SOA record.
Glossary - 12
Index
Index
defined 1-5
/etc/3dns_snmptrap.conf file B-5 installing A-3
/etc/hosts.allow file introducing A-1
adding ip addresses to B-3 setting up A-2
defined B-3 BIG-IP system
/etc/hosts.deny file B-4 product line overview 1-1
/etc/snmpd.conf file B-4 See Local Traffic Manager.
/etc/snmptrap.conf file B-5 bigip_add script 3-4
/etc/syslog.conf file B-6 billing
and links 5-23
bridge mode
introducing 4-1
3-DNS selecting listeners for 4-3
See Global Traffic Manager. broadcast sequence and big3d agent A-3
browsers, supported versions 1-10
A
A record C
creating 16-13 checktrap.pl script
defined 16-11 and generating SNMP traps B-6
AAAA record configuring B-6
creating 16-14 CNAME record
defined 16-11 creating 16-14
ACL threshold option 9-8 defined 16-12
address exclusion list 14-7 command syntax, conventions 1-12
alias addresses 10-34 communications
applications and big3d A-5
See distributed applications. and third-party systems 3-9
authentication 3-3 securing 3-3
auto-discovery SNMP 3-9
and links 12-3 completion rate mode 7-7
and virtual servers 12-3 configuration
enabling 12-2 and additional Global Traffic Managers 3-8
introducing 12-1 and essential tasks 2-1
setting the polling frequency 12-2 configuration guide, using 1-7
Configuration utility
about online help 1-13
B and supported browser versions 1-10
basic configuration and the Welcome screen 1-13
and data centers 2-5 introducing 1-10
and health monitors 2-10 connection rate mode 7-7
and listeners 2-2 connections, resuming 8-9
and NTP 2-3 CPU mode 7-7
and pools 2-8 custom monitors 10-5
and servers 2-6 importing from another custom monitor 10-6
and system synchronization 2-3 importing from pre-configured monitor 10-5
and wide IPs 2-9 importing from template 10-6
BIG IP health monitor 10-13
BIG IP link health monitor 10-14
big3d agent D
and broadcasting sequence A-3 data center statistics 13-8
and configuration trade-offs A-3 data centers
and data collection A-3 basic configuration of 2-5
and dynamic load balancing 7-7 configuring 5-2
and iQuery A-5 deleting 5-3
and metrics A-2 disabling 5-4
and RSH A-5 enabling 5-4
Index - 2
Index
M P
packet rate mode 7-8
manual resume 8-9
path statistics 13-13
master zone files
persistence records 13-16
creating 16-3
persistent connections 6-23
defined 16-2
and persistent records 13-16
media options 1-5
draining 8-10
metrics
introducing 8-10
assigning to local DNS 14-3
physical network components 5-1
defined 14-2
pool members
introducing 14-1
and limit thresholds 5-15
using B-10
selecting with iRules 15-4
metrics collection
pool statistics 13-7
and big3d agent A-2
pools
and probes 14-7
adding to wide IPs 6-10
and TTL and timers 14-5
and limit thresholds 5-14
excluding local DNS from probes 14-7
and load balancing 7-14
removing local DNS from probes 14-7
and topology load balancing 9-6
sequence of A-3
and virtual servers 6-4
setting TTL and timer values 14-5
basic configuration 2-8
Index - 4
Index
Index - 6
Index
W
WAP health monitor 10-29
Web certificates
acquiring 3-4, 3-5
exporting 3-5
importing 3-6
weighting
and links 5-23
Welcome screen 1-13
when keyword 15-8
wide IP statistics 13-6
wide IPs
adding iRules to 6-15
adding pools to 6-10
adding to distributed applications 6-19
and basic configuration 2-9
and iRules 6-14
and load balancing 7-13
and persistent connections 8-10