BIG-IP Link Controller™: Implementations - techdocs.f5.com · Introducing Implementations for the...

BIG-IP® Link Controller™:Implementations

version 11.0

MAN-0318-01

Product VersionThis manual applies to product version 11.0 of the BIG-IP® Link Controller™.

Publication DateThis manual was published on August 11, 2011.

Legal Notices

CopyrightCopyright 2010, F5 Networks, Inc. All rights reserved.

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5assumes no responsibility for the use of this information, nor any infringement of patents or other rights ofthird parties which may result from its use. No license is granted by implication or otherwise under anypatent, copyright, or other intellectual property right of F5 except as specifically described by applicableuser licenses. F5 reserves the right to change specifications at any time without notice.

Trademarks3DNS, Access Policy Manager, Acopia, Acopia Networks, Advanced Client Authentication, AdvancedRouting, APM, Application Security Manager, ARX, AskF5, ASM, BIG-IP, Cloud Extender,CloudFucious, CMP, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express, DSC, DSI, EdgeClient, Edge Gateway, Edge Portal, EM, Enterprise Manager, F5, F5 [DESIGN], F5 Management Pack, F5Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass, Global Traffic Manager, GTM, IBR,Intelligent Browser Referencing, Intelligent Compression, IPv6 Gateway, iApps, iControl, iHealth,iQuery, iRules, iRules OnDemand, iSessions, IT agility. Your way., L7 Rate Shaping, LC, Link Controller,Local Traffic Manager, LTM, Message Security Module, MSM, Netcelera, OneConnect, Packet Velocity,

Protocol Security Module, PSM, Real Traffic Policy Builder, ScaleN, SSL Acceleration, StrongBox,SuperVIP, SYN Check, TCP Express, TDR, TMOS, Traffic Management Operating System,TrafficShield, Transparent Data Reduction, VIPRION, vCMP, WA, WAN Optimization Manager,WANJet, WebAccelerator, WOM, and ZoneRunner, are trademarks or service marks of F5 Networks, Inc.,in the U.S. and other countries, and may not be used without F5's express written consent.

PatentsThis product may be protected by U.S. Patent 7,945,678. This list is believed to be current as of August 11,2011.

Export Regulation NoticeThis product may include cryptographic software. Under the Export Administration Act, the United Statesgovernment may consider it a criminal offense to export this product from the United States.

RF Interference WarningThis is a Class A product. In a domestic environment this product may cause radio interference, in whichcase the user may be required to take adequate measures.

FCC ComplianceThis equipment has been tested and found to comply with the limits for a Class A digital device pursuantto Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmfulinterference when the equipment is operated in a commercial environment. This unit generates, uses, andcan radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,may cause harmful interference to radio communications. Operation of this equipment in a residential areais likely to cause harmful interference, in which case the user, at his own expense, will be required to takewhatever measures may be required to correct the interference.

BIG-IP® Link ControllerTM: Implementations i

Any modifications to this device, unless expressly approved by the manufacturer, can void the user'sauthority to operate this equipment under part 15 of the FCC rules.

Canadian Regulatory ComplianceThis Class A digital apparatus complies with Canadian ICES-003.

Standards ComplianceThis product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable toInformation Technology products at the time of manufacture.

AcknowledgmentsThis product includes software developed by Gabriel Forté.

This product includes software developed by Bill Paul.

This product includes software developed by Jonathan Stone.

This product includes software developed by Manuel Bouyer.

This product includes software developed by Paul Richards.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by the Politecnico di Torino, and its contributors.

This product includes software developed by the Swedish Institute of Computer Science and itscontributors.

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the LawrenceBerkeley Laboratory.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications,http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.

This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by the University of Vermont and State Agricultural College andGarrett A. Wollman.

In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software wasdeveloped by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems."Similar operating systems" includes mainly non-profit oriented systems for research and education,including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).

This product includes software developed by the Apache Group for use in the Apache HTTP server project(http://www.apache.org/).

This product includes software licensed from Richard H. Porter under the GNU Library General PublicLicense (© 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.

ii

This product includes the standard version of Perl software licensed under the Perl Artistic License (©1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most currentstandard version of Perl at http://www.perl.com.

This product includes software developed by Jared Minch.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit(http://www.openssl.org/).

This product includes cryptographic software written by Eric Young ([email protected]).

This product contains software based on oprofile, which is protected under the GNU Public License.

This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)and licensed under the GNU General Public License.

This product contains software licensed from Dr. Brian Gladman under the GNU General Public License(GPL).

This product includes software developed by the Apache Software Foundation <http://www.apache.org/>.

This product includes Hypersonic SQL.

This product contains software developed by the Regents of the University of California, SunMicrosystems, Inc., Scriptics Corporation, and others.

This product includes software developed by the Internet Software Consortium.

This product includes software developed by Nominum, Inc. (http://www.nominum.com).

This product contains software developed by Broadcom Corporation, which is protected under the GNUPublic License.

This product contains software developed by MaxMind LLC, and is protected under the GNU LesserGeneral Public License, as published by the Free Software Foundation.

This product includes the GeoPoint Database developed by Quova, Inc. and its contributors.

This product includes software developed by Balazs Scheidler <[email protected]>, which is protectedunder the GNU Public License.

This product includes software developed by NLnet Labs and its contributors.

This product includes software written by Steffen Beyer and licensed under the Perl Artistic License andthe GPL.

This product includes software written by Makamaka Hannyaharamitu © 2007-2008.

BIG-IP® Link ControllerTM: Implementations iii

Table of Contents

Table of Contents

1Introducing Implementations for the Link Controller

Introducing the Link Controller ................................................................................................. 1-1Getting started ...................................................................................................................... 1-1

Introducing implementations ....................................................................................................... 1-2

2Configuring a Basic Link Controller Implementation

Introducing a basic Link Controller configuration .................................................................. 2-1Setting the management IP address and default route for the system .............................. 2-2Performing initial system setup ................................................................................................... 2-3Provisioning the Link Controller ................................................................................................ 2-6Configuring the host name and user accounts ........................................................................ 2-6Creating VLANs ............................................................................................................................. 2-7Creating the default gateway pool ............................................................................................. 2-9Defining the physical connections to the Internet ............................................................... 2-10Creating listeners ......................................................................................................................... 2-12Creating a load balancing pool .................................................................................................. 2-13Creating virtual servers .............................................................................................................. 2-14Creating a wide IP ........................................................................................................................ 2-15

3Controlling Load Balancing Costs

Introducing cost-based load balancing ....................................................................................... 3-1Configuring cost-based load balancing ...................................................................................... 3-3

Configuring the links ............................................................................................................ 3-4Creating the default gateway pool for cost-based load balancing ............................. 3-5Implementing the default gateway pool for cost-based load balancing .................... 3-5Configuring the virtual servers .......................................................................................... 3-6Adding a wide IP for inbound load balancing .................................................................. 3-7

4Implementing Bandwidth Load Balancing

Introducing bandwidth load balancing ....................................................................................... 4-1Configuring bandwidth load balancing ....................................................................................... 4-2

Configuring the links ............................................................................................................ 4-3Creating the default gateway pool for bandwidth load balancing .............................. 4-4Implementing the default gateway pool for bandwidth load balancing ..................... 4-5Defining the virtual servers for an additional Internet connection ........................... 4-5Adding a wide IP for bandwidth load balancing ............................................................. 4-7

5Setting Up a Link Controller Redundant System Configuration

About Link Controller redundant system configurations .................................................... 5-1Setting up a Link Controller redundant system configuration ............................................ 5-3

Creating VLANs for Link Controller redundant systems ........................................... 5-4Assigning self IP addresses .................................................................................................. 5-5Defining an NTP server ....................................................................................................... 5-6Defining the default gateway pool and route ................................................................. 5-6Defining a listener ................................................................................................................. 5-7Enabling global traffic synchronization ............................................................................. 5-8

BIG-IP® Link ControllerTM: Implementations vii

Table of Contents

Adding links ............................................................................................................................ 5-8Running the gtm_add script ................................................................................................ 5-9

6Configuring IP Anycast (Route Health Injection)

About IP Anycast ............................................................................................................................ 6-1Enabling the ZebOS dynamic routing protocol ....................................................................... 6-2Creating a custom DNS profile .................................................................................................. 6-3Configuring a listener for route advertisement ...................................................................... 6-4Verifying advertisement of the route to a listener ................................................................. 6-5

7Diagnosing Network Connection Issues

About iQuery status and statistics ............................................................................................. 7-1Viewing information about iQuery connections ..................................................................... 7-2

Understanding iQuery statistics ........................................................................................ 7-3

Glossary

Index

viii

1

Introducing Implementations for the LinkController

• Introducing the Link Controller

• Introducing implementations

Introducing Implementations for the Link Controller

Introducing the Link ControllerThe BIG-IP® Link Controller™ is a dedicated IP application switch thatmanages traffic to and from a site across multiple links, regardless ofconnection type or provider. The Link Controller provides granular trafficcontrol for Internet gateways, allowing you to define how traffic isdistributed across links in a way that meets your business priorities. TheLink Controller also transparently monitors the availability and health oflinks to optimally direct traffic across the best available link.

The Link Controller includes the following features:

• Dynamic load balancing, based on the following link attributes:

• Total available bandwidth of the link

• The costs of purchased incremental bandwidth segments

• Inbound link capacity and resource limits

• Outbound link capacity and resource limits

• Router monitoring, to ensure high availability and continuous uptime

Getting startedThe Link Controller runs on the Traffic Management Operating System®,commonly referred to as TMOS®. Before you begin configuring animplementation, F5 Networks recommends that you familiarize yourselfwith these additional resources:

◆ BIG-IP® Traffic Management Operating System: ConceptsThis guide contains information about the network and system-relatedcomponents of the BIG-IP system, such as routes, VLANs, and useraccounts.

◆ Configuration Guide for BIG-IP® Link Controller™This guide contains any information you need for configuring specificfeatures of the BIG-IP system to manage links.

◆ Traffic Management Shell (tmsh) Reference GuideThis guide contains information about using the Traffic ManagementShell (tmsh) commands to manage the BIG-IP systems.

F5 Networks recommends that you then run the Setup utility to configurebasic network elements such as self IP addresses, interfaces, and VLANs.After running the Setup utility, you can use this guide to configure specificimplementations.

BIG-IP® Link ControllerTM: Implementations 1 - 1

Chapter 1

Introducing implementationsThis guide is designed to help you accomplish specific configuration tasksassociated with the Link Controller™. Each chapter focuses on a specificimplementation, providing an overview of the situation and a detailedexample of how to configure the system to accomplish the objectivesoutlined in the implementation. The tasks outlined in each chapter aredesigned so that you can quickly apply them to your own network.

1 - 2

2

Configuring a Basic Link ControllerImplementation

• Introducing a basic Link Controller configuration

• Setting the management IP address and defaultroute for the system

• Performing initial system setup

• Provisioning the Link Controller

• Configuring the host name and user accounts

• Creating VLANs

• Creating the default gateway pool

• Defining the physical connections to the Internet

• Creating listeners

• Creating a load balancing pool

• Creating virtual servers

• Creating a wide IP

Configuring a Basic Link Controller Implementation

Introducing a basic Link Controller configurationThe BIG-IP® Link Controller™ provides a variety of methods for managingthe traffic flowing in and out of a network. This basic implementationguides you through configuring the Link Controller to help manage DNStraffic into and out of your network.

For this implementation, consider the fictional company SiteRequest. Thiscompany has two internet connections using two different ISPs. SiteRequesthas purchased a Link Controller system to manage the inbound andoutbound internet traffic to and from their network.

The tasks you need to accomplish to configure the Link Controller system tomanage traffic are:

• Set the management interface IP address and default route.

• Perform initial set up, including licensing the system and running theSetup utility to perform the initial load balancing configuration.

• Provision the system.

• Configure the host name and user accounts for the system.

• Create VLANS that encompass the components that process traffic.

• Create a default gateway pool.

• Define the physical connections to the Internet.

• Create listeners to detect traffic coming from the ISPs.

• Create a pool to load balance the traffic.

• Create virtual servers across which the system load balances traffic.

• Create a wide IP that encompasses the virtual servers.


Chapter 2

Setting the management IP address and default routefor the system

You can use either the liquid crystal display (LCD) panel on the device, oraccess the system command line to set the management interface IP addressand route for the system.

Note

You can use only an IPv4 address for the device management interface IPaddress.

To set the management interface IP address and defaultroute using the LCD panel

1. Press the X button on the LCD panel.The LCD goes into Menu mode, and the arrow buttons becomefunctional.

2. Use the arrow buttons to select the System menu, and theManagement option.

3. Type the management interface IP address.For this example, use the preferred management interface IP address192.168.1.245.

4. Select the Mgmt Mask option.

5. Type the netmask for the management interface IP address.For this example, use the default netmask 255.255.255.0.

6. Select the Mgmt Gateway option.

7. Type the default route for the management interface of this device.

This route is necessary if you plan to manage the unit from adifferent subnetwork.

8. Select the Commit option to save your changes.

To set the management interface IP address and defaultroute from the command line

1. Log on to the command-line interface for the Link Controller asroot using the default password, default.

2. At the prompt, enter: config customization/

3. Follow the F5 Management Port Setup utility prompts to set themanagement interface IP address, subnet and default route.

2 - 2


Performing initial system setupNow that you have set the management interface IP address and defaultroute, you can license the system, and then access the Configuration utilityand run the Setup utility.

To license the BIG-IP system

1. Connect a serial terminal to the console port.

2. Log on to the command-line interface for the Link Controller asroot using the default password, default.

3. To create a dossier, at the prompt type the following commandsequence, replacing <regkey> with your registration key:

get_dossier -b "<regkey>"

You can find your registration key printed on a paper certificate thatis included in the box with the BIG-IP system.

4. Highlight and copy the dossier that displays.

Copy only the section that begins on the line after the command youtyped in step 3, and ends just before the next command prompt.

5. Open a web browser and connect to the following URL:

http://activate.f5.com

6. Follow the instructions to submit your dossier.The web site returns your product license.

7. Highlight and copy the entire product license.

8. From the BIG-IP system command line, to use a vi text editor toopen the file /config/bigip.license, type the following commandsequence:

vi /config/bigip.license

9. To enable the vi insert mode, press the i key.

10. Paste the license file that you copied in Step 7 into the bigip.licensefile.

11. To exit vi insert mode, press the Esc key.

12. To save the bigip.license file and exit vi, enter the followingcommand sequence:

wq

13. To restart the BIG-IP system services, enter this commandsequence:

bigstart restart

The BIG-IP system is now licensed. Note that the system promptchanges from INOPERATIVE to Active.


Chapter 2

Important

Even if you typically use the command line to configure a system, you mustrun the Setup utility from the browser-based Configuration utility before youbegin.

To access the Configuration utility

1. Open a web browser on a workstation connected to the managementinterface IP address.

2. In the browser’s address bar, type the URL:

https://<management interface IP address>

3. At the logon prompt, type admin for the user name, and admin forthe password.The Configuration utility opens displaying the Welcome screen.

Tip

As you proceed through the Setup utility, click the Help tab on thenavigation pane for information about the settings on each screen.

To run the Setup utility

1. On the Welcome screen, click Run the Setup Utility.

2. Accept the license for the system.

3. Because you have already entered the management interface IPaddress, netmask and default route using the LCD, accept the valuesfor these options.

4. Type the host name of the system as a fully qualified domain name(FQDN).

This field allows only letters, numbers, and the characters dash ( - )and period ( . ).

5. Specify the IP address that you want to associate with the hostname; either:

• Select Use Management Port IP Address to associate the hostname with the IP address of the management interface.This is the default setting.

• Select Custom Host IP Address and type a different IP address.

6. Select a time zone.The system uses the time zone for the date and time of eventsrecorded in logs.

If you change the time zone, F5 Networks recommends that youreboot the system to ensure that all of the services are in sync. If youdo not reboot, it does not affect traffic or management functionality,

2 - 4


but there is a possibility that some timestamps might be logged ordisplayed incorrectly, depending on which service has beenrestarted and which has not.

7. In the Password box, type the password for the root account.

The root account provides only console access to this system.

8. In the Confirm box, retype the password that you typed in thePassword box.

9. In the Password box, type the password for the account, admin.

The admin account provides only browser access to the system.

10. In the Confirm box, retype the password that you typed in thePassword box.

11. Select Enabled from the SSH access list.

12. Specify either the IP address or address range for other systems thatcan use SSH to communicate with the system:

• Select *All Addresses, to grant unrestricted SSH access to all IPaddresses.

• Select Specify Range, and then type an address range in the box,to restrict SSH access to a block of IP addresses.

For example, to restrict access to only systems on the 192.168.0.0network, type 192.168.*.*.

Now that you have set up the system, you can set the setup.run db key toprevent the Link Controller from starting the Setup utility each time a useraccesses the Configuration utility.

To prevent the Setup utility from starting

1. Log on to the command line of the system using the root account.

2. Type tmsh to access the Traffic Management Shell.

3. Run the command sequence:

modify / sys db setup.run value false

4. Type quit to exit tmsh.


Chapter 2

Provisioning the Link ControllerThe next task you perform is to provision the system. Provisioning andlicensing work together to make sure that software modules are accessibleand appropriately provided with system CPU, memory, and disk space.

WARNING

You must provision the Link Controller before you configure it; otherwise,when you provision the module, you lose the configuration.

To provision the Link Controller

1. Log on to the Configuration utility.

2. On the Main tab of the navigation pane, click System, and thenclick Resource Provisioning.

3. Select Nominal for the Link Controller (LC) setting in theResource Provisioning (Licensed Modules) area.The system allocates CPU, memory, and disk space to the LinkController.

The modules listed in the Resource Provisioning (UnlicensedModules) area should not be provisioned. That is, the value in thosefields must be set to None (Disabled).

4. Click Update.

Configuring the host name and user accountsNow that you have provisioned the system, the next task is to configure ahost name and set up the user accounts for the Link Controller system.

To configure the host name and user accounts

1. On the Main tab of the navigation pane, expand System, and thenclick Platform.

2. In the Host Name box, type the host name for the system.For this example, type www.siterequest.com.

This must be a fully qualified domain name.

3. For the Root Account, type a new password, and then confirm thepassword. (This account provides access to only the command lineinterface.)

4. For the Admin Account, type a new password, and then confirmthe password. (This account provides access to only theConfiguration utility.)

5. Click Update to save your changes.

2 - 6


Creating VLANsThe next task in this implementation is to set up three VLANs thatencompass the IP addresses associated with the Link Controller and theother network components that help manage DNS traffic. For this example,create three VLANs using the information in Table 2.1.

To create the internal VLAN

1. On the Main tab of the navigation pane, expand Network and thenclick VLANs.

2. Click Create.

3. In the Name box, type the name of the first VLAN.For this example, type internal.

4. For the Interfaces setting, use the Move buttons to assign theinterface 1.1 to the Untagged list.

5. Click Finished.

To create the isp1 VLAN


2. Click Create.

3. In the Name box, type the name of the first VLAN.For this example, type isp1.


5. Click Finished.

VLANName

Assign UntaggedInterface VLAN used for

internal 1.1 communication between the LinkController and the rest of the internalnetwork

isp1 1.2 communication between the LinkController and ISP1

isp2 1.3 communication between the LinkController and ISP2

Table 2.1 Attributes of VLANs


Chapter 2

To create the isp2 VLAN


2. Click Create.

3. In the Name box, type the name of the first VLAN.For this example, type isp2.


5. Click Finished.

2 - 8


Creating the default gateway poolAfter you configure the links, the next task is to create the default gatewaypool that load balances the outbound traffic across the links.

To create a default gateway pool

1. On the Main tab of the navigation pane, expand Local Traffic andthen click Pools.

2. Click Create.

3. In the Name box, type the name of the pool.For this example, type default_gateway_pool.

4. For the New Members setting, add the IP addresses associated witheach link:

• For the link to ISP1, type the IP address of the link and clickAdd.For this example, type 192.168.5.5.

• For the link to ISP2, type the IP address of the link and clickAdd.For this example, type 192.168.10.5.

5. Click Finished.

After you create a default gateway pool, you must instruct the LinkController to use the pool as the default gateway connection between theinternal network and the Internet.

To configure the default route to the Internet

1. On the Main tab of the navigation pane, expand Network and thenclick Routes.

2. Click Add.

3. In the Name box, type default.

4. From the Type list, select either Default IPv4 Gateway or DefaultIPv6 Gateway.

5. From the Resource list, select Use Pool.

6. From the Pool list, select default_gateway_pool.

7. Click Finished.


Chapter 2

Defining the physical connections to the InternetAfter you create the VLANs, the next task is to define the physicalconnections to the Internet. To do this, you create links using the IPaddresses of one or more routers on the network that provide a path to theInternet. For this example, create the links using the information in Table2.2.

To configure the isp1 link

1. On the Main tab of the navigation pane, expand Link Controller,and then click Links.

2. Click Create.

3. In the Name box, type a name for the link that represents one of theISPs.For this example, type ISP1.

4. In the Router Address box, type the IP address of the routerassociated with the ISP.For this example, type 192.168.5.5.

5. In the Uplink Address box, type the IP address of the ISP.For this example, type 192.168.5.6.

6. In the Service Provider box, type the name of the ISP.For this example, type ISP1.

7. For the Health Monitors setting, use the Move button to add thebigip_link and gateway_icmp monitors to the Enabled list.

The bigip_link monitor uses iQuery to provide the status of the link.The gateway_icmp monitor provides the status of the gateway.

8. Click Create.

To configure the isp2 link


2. Click Create.

3. In the Name box, type a name for the link that represents one of theISPs.For this example, type ISP2.

Link Router Address Uplink Address ISP

isp1 192.168.5.5 192.168.5.6 ISP1

isp2 192.168.10.5 192.168.10.6 ISP2

Table 2.2 Attributes of links to ISPs

2 - 10


4. In the Router Address box, type the IP address of the routerassociated with the ISP.For this example, type 192.168.10.5.

5. In the Uplink Address box, type the IP address of the ISP.For this example, type 192.168.10.6.

6. In the Service Provider box, type the name of the ISP.For this example, type ISP2.

7. For the Health Monitors setting, use the Move button to add thebigip_link and gateway_icmp monitors to the Enabled list.

The bigip_link monitor uses iQuery to provide the status of the link.The gateway_icmp monitor provides the status of the gateway.

8. Click Create.


Chapter 2

Creating listenersThe next task in this implementation is to configure two listeners that detectDNS traffic bound for SiteRequest from each of the ISPs.

To create the listener for ISP1

1. On the Main tab of the navigation pane, expand Link Controllerand click Listeners.

2. Click Create.

3. In the Destination box, type the self IP address on which the LinkController listens for traffic from ISP 1.For this example, type 10.10.10.1.

4. Click Finished.

To create the listener for ISP2

1. On the Main tab of the navigation pane, expand Link Controllerand click Listeners.

2. Click Create.

3. In the Destination box, type the self IP address on which the LinkController listens for traffic from ISP 1.For this example, type 10.20.10.1.

4. Click Finished.

2 - 12


Creating a load balancing poolThe next task in this implementation is to configure a load balancing pool toprocess the inbound traffic from the Internet through the ISPs toSiteRequest. The Link Controller system sends client requests to any of theservers that are members of that pool.

To create a load balancing pool


2. Click Create.

3. In the Name box, type a name for the pool.For this example, type www-pool.

The name of a pool must be no more than 63 characters in length.

4. For the Health Monitors setting, use the Move button to moveselected monitors to the Active list.For this example, move the http monitor to the Active list.

5. Click Finished.


Chapter 2

Creating virtual serversAfter you create the load balancing pool, the next task is to configure virtualservers, one for each link, to load balance inbound connections across theservers on the network. You also configure one wildcard virtual server toload balance outbound connections across the routers.

To create a virtual server for ISP1

1. On the Main tab of the navigation pane, expand Local Traffic andthen click Virtual Servers.

2. Click Create.

3. In the Name box type a name for the virtual server.For this example, type vs for ISP1.

4. For the Destination setting, select Host, and type the self IP addressin the Address box.For this example, type 10.10.10.80.

5. In the Service Port box, type 80.

6. Click Finished.

To create a virtual server for ISP2


2. Click Create.

3. In the Name box type a name for the virtual server.For this example, type vs for ISP2.

4. For the Destination setting, select Host, and type the self IP addressin the Address box.For this example, type 10.20.20.80.


6. Click Finished.

Name self IP address Destination Port

vs for ISP1 10.10.10.80 Host 80

vs for ISP2 10.20.20.80 Host 80

wildcard vs for outbound traffic 0.0.0.0 Network 0

Table 2.3 Attributes of virtual servers

2 - 14


To create a wildcard virtual server


2. Click Create.

3. In the Name box, type a name for the virtual server.For this example, type forward_outbound.

4. For the Destination setting, select Network, and type a self IPaddress in the Address box, and a netmask in the Mask box.For this example, in both the Address and Mask boxes, type0.0.0.0.


Port 0 defines a wildcard virtual server that handles all types ofservices. If you specify a port number, you create a port-specificwildcard virtual server. In that case, the wildcard virtual serverhandles traffic only for the specified port.

6. In the Resources area, from the Default Pool list, selectdefault_gateway_pool.

7. Click Finished.

Creating a wide IPTo complete the link load balancing configuration, you must configure awide IP that encompasses the virtual servers.

To create a wide IP

1. On the Main tab of the navigation pane, expand Link Controllerand then click Inbound Wide IPs.

2. Click Create.

3. In the Name box, type the URL of the wide IP.For this example, type www.siterequest.com.

4. For the Members List setting, add the virtual servers that youcreated in the previous task. For this example, from the VirtualServer list, select:

• 10.10.10.80, and then click Add.

• 10.20.20.80, and then click Add.

5. Click Finished.

You now have a Link Controller configured to manage the DNS traffic intoand out of the SiteRequest network.


Chapter 2

2 - 16

3

Controlling Load Balancing Costs

• Introducing cost-based load balancing

• Configuring cost-based load balancing


Introducing cost-based load balancingYou can configure the BIG-IP® Link Controller™ to use cost-based loadbalancing to manage the traffic flowing in and out of a network. Incost-based load balancing, you prioritize link usage based on the cost of thebandwidth for that connection to the Internet. The Link Controller sendstraffic to the link that is currently operating at the lowest cost. As the usagecost for each link changes, the Link Controller dynamically shifts traffic tothe best link.

When configuring a Link Controller to use cost-based load balancing, thereare three critical settings:

◆ WeightingThe Weighting option for each link determines how the Link Controllerprioritizes the links in its configuration. By default, this option is set toRatio. For cost-based load balancing, however, you must set this optionto Price (Dynamic Ratio).

◆ Prepaid SegmentMost Internet Service Providers (ISPs) offer bandwidth plans that includea prepaid amount of bandwidth. In the Prepaid Segment option, youassign the appropriate bandwidth and cost values that are prepaid for thelink.

◆ Incremental SegmentsThe Incremental Segment option allows you to define the cost persegment values that apply to this link. You can assign as manyincremental segments as needed.

Note

When implementing cost-based load balancing, it is important that yourconfiguration applies to all of the links that the Link Controller manages.For example, F5 Networks does not recommend applying cost-based loadbalancing to one set of links and ratio load balancing to another set.


Chapter 3

Figure 3.1 depicts the cost-based load balancing process. In this process thefollowing sequence occurs:

1. A client sends a DNS request to a Local DNS server.

2. The LDNS server sends an iterative request that leads to the LinkController.

3. The Link Controller determines the best link based on current costestimates and bandwidth usage, and sends the appropriate responseback to the LDNS server.

4. The LDNS server forwards the response to the client.

5. The client then communicates with the appropriate virtual serverthrough the corresponding link that the Link Controller specified.

Figure 3.1 Cost-based load balancing

3 - 2


Configuring cost-based load balancingTo illustrate how cost-based load balancing works, consider the fictionalcompany SiteRequest. This company has two links for managing itsinbound and outbound traffic:

• Link Alpha, which is the primary link for the network. This link uses anISP to which a flat fee of $45 is paid for up to 4Mbps of total (bothinbound and outbound) traffic. If the limit of 4Mbps is exceeded,SiteRequest incurs a $2/Mbps charge.

• Link Beta, which is a secondary link for the network. This link uses anISP with which SiteRequest does not have a prepaid amount ofbandwidth. Instead, SiteRequest is billed based on a pay-as-you-go basis.The rate charged for using this link is set at $1/Mbps.

As these rates illustrate, the most cost-efficient configuration forSiteRequest’s links is to have Link Alpha handle traffic until it reaches4Mbps, then send any traffic over 4Mbps to Link Beta. When the trafficdecreases, the Link Controller must switch back to using only Link Alphaagain.

Table 3.1 provides additional information about each link.

The tasks required to configure cost-based load-balancing include:

• Configure the links

• Create a default gateway pool

• Implement the default gateway pool

• Configure the virtual servers

• Add a wide IP

LinkRouterAddress

UplinkAddress ISP

Link Alpha 192.168.5.5 192.168.5.6 Global ISP

Link Beta 192.168.10.5 192.168.10.6 Regional ISP

Table 3.1 Additional link attributes


Chapter 3

Configuring the linksThe first task to implement a Link Controller configuration that usescost-based load balancing to manage outbound traffic is to add andconfigure the links on the Link Controller.

To add the first link


2. Click Create.

3. In the Name box, type the name of the link.For this example, type Link Alpha.

4. In the Router Address box, type the IP address of the router in theAddress box.For this example, type 192.168.5.5.

5. In the Uplink Address box, type the IP address that correspondswith the external Internet connection.For this example, type 192.168.5.6.

6. In the Service Provider box, type the name of the ISP provider.For this example, select Global ISP.

7. From the Configuration list, select Advanced.

8. From the Weighting list, select Price (Dynamic Ratio).

9. In the Prepaid Segment box, type the amount of bandwidth that isprepaid for the link.For this example, type 4000.

10. For the Incremental Segments setting, add the incrementalsegment price.For this example type the following entry:Up to 1000 bps at 2 $/Mbps

11. Click Create.

Repeat this procedure to add the second link to the configuration. In thisexample, when you add the second link, accept the default Weighting valueof Ratio, set the Prepaid Segment option to 0 and add the following entryin the Incremental Segment option: Up to 1000 bps at 1 $/Mbps

3 - 4


Creating the default gateway pool for cost-based load balancingAfter you add and configure the relevant links, the next task is to create thedefault gateway pool that load balances the traffic across the links.

To create a default gateway pool for cost-based loadbalancing


2. Click Create.


4. In the Resources area, for the New Members setting, add the IPaddresses associated with each link.In this example add the following addresses:

• For Link Alpha, add 192.168.5.5

• For Link Beta, add 192.168.10.5

5. Click Finished.

Implementing the default gateway pool for cost-based loadbalancing


To implement the default gateway pool for cost-based loadbalancing


2. Click Add.


4. From the Type list, select Default IPv4 Gateway or Default IPv6Gateway



7. Click Finished.


Chapter 3

Configuring the virtual serversAfter creating the default gateway pool, configure the virtual servers, onefor each link that load balances inbound connections across the servers. Youalso configure one wildcard virtual server to load balance outboundconnections across the routers.

For this implementation, define the virtual servers shown in Table 3.2, andthen define a wildcard virtual server.

To add a virtual server for cost-based load balancing


2. Click Create.

3. In the Name box, type the name of the virtual server.For this example, type VS for Link Alpha.

4. For the Destination setting, select Host, and then in the Addressbox, type the IP address you want to assign to the virtual server.


6. Click Finished.

Repeat this procedure for the virtual server for Link Beta listed in Table 3.2.

To define a wildcard virtual server for cost-based loadbalancing


2. Click Create.

3. In the Name box, type the name of the virtual server.For this example, type outbound.

4. For the Destination setting, select Host, and then in the Addressbox, type 0.0.0.0


6. Click Finished.

Name Self IP Address Represents

VS for Link Alpha 10.10.5.5:80 single host on the network

VS for Link Beta 10.10.5.6:80 single host on the network

Table 3.2 Sample link attributes

3 - 6


Adding a wide IP for inbound load balancingThe last task in this implementation is to configure a wide IP to which theLink Controller load balances incoming DNS requests.

To add a wide IP


2. Click Create.

3. In the Name box, type the name of the wide IPFor this example, type www.siterequest.com.

4. For the Load Balancing Method setting, make selections from thethree lists. For this example:

• Select Ratio from the Preferred list.

• Select Round Robin from the Alternate list.

• Select Round Robin from the Fallback list.

5. For the Member List setting, add the virtual servers that youcreated previously.For this example, add the following virtual servers:

• 10.10.5.5:80

• 10.10.5.6:80

6. Click Create.

You now have a Link Controller configured to manage DNS traffic forwww.siterequest.com. As data flows in and out of the network, the LinkController monitors the total amount of bandwidth for each link. Whiletraffic remains below 4Mbps, the Link Controller uses Link Alpha. If trafficexceeds that amount, the Link Controller sends the overflow traffic to LinkBeta. If a link goes offline for any reason, the Link Controller uses theAlternate and Fallback load balancing modes to route traffic through anavailable link.


Chapter 3

3 - 8

4

Implementing Bandwidth Load Balancing

• Introducing bandwidth load balancing

• Configuring bandwidth load balancing


Introducing bandwidth load balancingYou can configure the BIG-IP® Link Controller™ to use bandwidth loadbalancing to manage the traffic flowing in and out of a network. Inbandwidth load balancing, the Link Controller uses a specific link until atraffic threshold has been met. After that threshold is met, the LinkController shifts traffic to another link. When the traffic falls below thethreshold, the Link Controller shifts traffic back to the first link.

You can configure three different types of bandwidth settings for each link:

• Inbound, which refers to the amount of traffic flowing into the network

• Outbound, which refers to the amount of traffic flowing out of thenetwork

• Total, which refers to the cumulative amount of traffic flowing in andout of the network

Note

When implementing bandwidth load balancing, it is important that yourconfiguration applies to all of the links that the Link Controller manages.For example, F5 Networks does not recommend applying cost-based loadbalancing to one set of links and ratio load balancing to another set.


Chapter 4

Configuring bandwidth load balancingTo illustrate how bandwidth load balancing works, consider the fictionalcompany SiteRequest. This company has two links for managing itsinbound and outbound traffic:

• Link Alpha, which is the primary link for the network. This link uses anISP to which a flat fee of $45 is paid for up to 50 Mbps of total (bothinbound and outbound) traffic. If the limit is exceeded, SiteRequestincurs a $0.50/Mbps charge.

• Link Beta, which is a secondary link for the network. This link uses anISP with which SiteRequest does not have a prepaid amount ofbandwidth. Instead, SiteRequest is billed based on a pay-as-you-go basis.The rate charged for using this link is set at $0.45/Mbps.

As these rates illustrate, the most cost-efficient configuration forSiteRequest’s links is to have Link Alpha handle traffic until it reaches 50Mbps, then send any traffic over 50 Mbps to Link Beta. When the trafficdecreases, the Link Controller must switch back to using only Link Alphaagain.

The tasks you need to accomplish for bandwidth load balancing include:

• Configure the links

• Create a default gateway pool

• Implement the default gateway pool

• Configure the virtual servers

• Add a wide IP

4 - 2


Configuring the linksThe first task in configuring a Link Controller configuration that usesbandwidth load balancing to manage outbound traffic is to add andconfigure the links in the Link Controller.

For this procedure use the information about each link in Table 4.1.

To add Link Alpha


2. Click Create.

3. In the Name box, type a name for the link.

4. In the Router Address box, type the IP address of the router.For this example, type 192.168.5.5.


6. In the Service Provider box, type the name of the ISP provider.For this example, select Global ISP.


8. For the Traffic Limits setting, set the total bandwidth thresholds forthe link.For this example, select Up To from the Total list, and then type4000.

9. Click Create.

LinkRouterAddress

UplinkAddress ISP

Link Alpha 192.168.5.5 192.168.5.6 Global ISP

Link Beta 192.168.10.5 192.168.10.6 Regional ISP

Table 4.1 Additional link attributes


Chapter 4

To add Link Beta


2. Click Create.

3. In the Name box, type a name for the link.

4. In the Router Address box, type the IP address of the router.For this example, type 192.168.10.5.


6. In the Service Provider box, type the name of the ISP provider.For this example, select Regional ISP.


8. In the Traffic Limits area, set the total bandwidth thresholds for thelink.For this example, select Up To from the Total list, and then type3000.

9. Click Create.

Creating the default gateway pool for bandwidth load balancingAfter you have added and configured the links, the next task is to create thedefault gateway pool that load balances the traffic across the links.

To create a default gateway pool for bandwidth loadbalancing


2. Click Create.


4. For the New Members setting, add the IP addresses associated witheach link.For this example add the following IP addresses:

• For Link Alpha, add 192.168.5.5

• For Link Beta, add 192.168.10.5

5. Click Finished.

4 - 4


Implementing the default gateway pool for bandwidth loadbalancing


To implement the default gateway pool for bandwidth loadbalancing


2. Click Add.


4. From the Type list, select Default IPv4 Gateway or Default IPv4Gateway.



7. Click Finished.

Defining the virtual servers for an additional Internet connectionAfter you create the default gateway pool, you configure the virtual serversfor each link that load balances inbound connections across the servers. Youalso configure one wildcard virtual server to load balance outboundconnections across the routers.

In this example, create the following virtual servers:

• VS for Link Alpha, which has an IP address of 10.10.5.5:80 andrepresents a single host on the network.

• VS for Link Beta, which has an IP address of 10.10.10.6:80 and alsorepresents a single host on the network.

To add a virtual server for bandwidth load balancing


2. Click Create.

3. In the Name box, for this case, type VS for Link Alpha.

4. For the Destination setting, select Host, and then in the Addressbox, type the IP address you want to assign to the virtual server.


6. Click Finished.

Repeat the preceding procedure for the additional virtual server.


Chapter 4

To define a wildcard virtual server for bandwidth loadbalancing


2. Click Create.

3. In the Name box, type the name of the virtual server.In this case, type outbound.

4. For the Destination setting, in the Address box, type 0.0.0.0.


6. Click Finished.

4 - 6


Adding a wide IP for bandwidth load balancingTo complete this implementation, configure a wide IP to which the LinkController load balances incoming DNS requests. The wide IP is made up ofonly virtual servers that the Link Controller manages.

To add a wide IP


2. Click Create.

3. In the Name box, type the URL of the wide IP.For this example, type www.siterequest.com.

4. For the Load Balancing Method setting, make selections from thethree lists. For this example:

• Select Kilobytes/Second from the Preferred list.

• Select Round Robin from the Alternate list.

• Select Round Robin from the Fallback list.

5. For the Member List setting, add the virtual servers that youcreated previously.For this example, add the following virtual servers from the VirtualServer list:

• 10.10.5.5:80

• 10.10.10.6:80

6. Click Finished.

You now have a Link Controller configured to manage DNS traffic for wideIP www.siterequest.com. As data flows in and out of the network, the LinkController monitors the total amount of bandwidth for each link. Whiletraffic remains below 4Mbps, the Link Controller uses Link Alpha. If trafficexceeds that amount, the Link Controller sends the overflow traffic to LinkBeta. If a link goes offline for any reason, the Link Controller uses theAlternate and Fallback load balancing modes to route traffic through anavailable link.


Chapter 4

4 - 8

5

Setting Up a Link Controller RedundantSystem Configuration

• About Link Controller redundant systemconfigurations

• Setting up a Link Controller redundant systemconfiguration

Setting Up a Link Controller Redundant System Configuration

About Link Controller redundant systemconfigurations

One standard implementation of BIG-IP® Link Controller™ systems is aredundant system configuration, which is a set of two Link Controllersystems: one operating as the active unit, the other operating as the standbyunit. If the active unit goes offline, the standby unit immediately assumesresponsibility for managing traffic. The new active unit remains active untilanother event occurs that would cause the unit to go offline.

This implementation uses an example based on the fictional company,SiteRequest. The following tables detail the network characteristics atSiteRequest.

Table 5.1 outlines the basic configurations for the Link Controller systems.

Table 5.2 describes the links that SiteRequest uses.

Name Characteristics

lc1.siterequest.com Self IP address 10.1.1.20 on link1 VLAN

Self IP address 10.1.2.20 on link2 VLAN

Self IP address 172.168.1.20 on internal VLAN

Floating IP address 10.1.1.50 on link1 VLAN


Floating IP address 172.168.1.50 on internal VLAN

Management IP address 192.168.1.1

lc2.siterequest.com Self IP address 10.1.1.21 on link1 VLAN

Self IP address 10.1.2.21 on link2 VLAN

Self IP address 172.168.1.20 on internal VLAN



Floating IP address 172.168.1.50 on internal VLAN

Management IP address 192.168.1.2

Table 5.1 Sample Link Controller characteristics


link1 IP address: 10.1.1.5

link2 IP address: 10.1.2.5

Table 5.2 Sample Link characteristics


Chapter 5

Table 5.3 describes the VLANs you will set up for SiteRequest.

Table 5.4 describes several other network characteristics that play animportant role in a redundant system configuration for SiteRequest.


VLAN 1 Assigned interfaces: 1.1 (untagged)

Role: Communication between network and the firstlink

VLAN 2 Assigned interfaces: 1.2 (untagged)

Role: Communication between network and the secondlink

VLAN internal Assigned interfaces: 1.3 (untagged)

Role: Communication between Link Controllers andrest of internal network.

Default Gateway IP address: 10.1.1.100

NTP server IP address: 192.168.5.15

Table 5.3 Sample VLAN characteristics

Component Characteristics

NTP server IP address: 192.168.5.15

Default Gateway Pool Name: gw_pool

IP addresses: 10.1.1.5 and 10.1.2.5

Table 5.4 Other system settings for the example

5 - 2


Setting up a Link Controller redundant systemconfiguration

Perform the following tasks to configure a BIG-IP® Link Controllerredundant system configuration. Before you begin, ensure that the Setuputility was run on both devices. During the Setup process, the followingconfiguration occurs:

◆ VLAN internal and the associated floating and non-floating IP addressesare created for communication between the two Link Controller systemsand the rest of the internal network

◆ VLAN external and the associated floating and non-floating IP addressesare created

◆ VLAN HA and the associated non-floating self IP address, whichconfigures the devices in an active/standby redundant systemconfiguration, are created

The tasks you must now complete to configure the Link Controllerredundant system are:

• Create VLANs for communication between the network and the links

• Assign additional self IP addresses

• Define an NTP server

• Define the default gateway pool and assign it to the default route

• Define a listener for incoming DNS traffic

• Enable global traffic synchronization

• Add links

• Conduct the initial configuration synchronization between systemsthrough the gtm_add utility


Chapter 5

Creating VLANs for Link Controller redundant systemsThe next task in this implementation is to set up two additional VLANs. Forthis example, create two VLANs:

• link1For traffic between the Link Controllers and the Link1 router.

• link2For traffic between the Link Controllers and the Link2 router

Important

Apply the following procedures to both the active and standby LinkControllers.

To create the first VLAN


2. Click Create.

3. In the Name box, type the name of the first VLAN.For this example, type link1.


5. Click Finished.

To create the second VLAN


2. Click Create.

3. In the Name box, type the name of the second VLAN.For this example, type link2.


5. Click Finished.

5 - 4


Assigning self IP addressesWith a VLAN in place, assign additional self IP addresses to each LinkController to identify the Link Controller on a per VLAN basis.

Note

Apply the following procedures to both the active and standby systems.

To assign self IP addresses to the first VLAN

1. On the Main tab of the navigation pane, expand Network and thenclick Self IPs.

2. Click Create.

3. In the Name box, type VLAN1.

4. In the IP address box, type the self IP address for the system thatapplies to the VLAN.For this example, type one of the following:

• If you are configuring lc1.siterequest.com, type 10.1.1.20


5. In the Netmask box, type the subnet mask that applies to this IPaddress.For this example, type 255.255.255.0.

6. From the VLAN list, select the appropriate VLAN.In this example, select link1.

7. From the Traffic Group list, select traffic-group-1 (floating).

8. Click Finished.

To assign self IP addresses to the second VLAN

1. On the Main tab of the navigation pane, expand Network and thenclick Self IPs.

2. Click Create.

3. In the Name box, type VLAN2.

4. In the IP address box, type the self IP address for the system thatapplies to the VLAN.For this example, type one of the following:



5. In the Netmask box, type the subnet mask that applies to this IPaddress.For this example, type 255.255.255.0.


Chapter 5

6. From the VLAN list, select the appropriate VLAN.In this example, select link2.

7. From the Traffic Group list, select traffic-group-1 (floating).

8. Click Finished.

Defining an NTP serverThe next task of this implementation requires defining an NTP server thatboth Link Controllers use during synchronization options. This task isimportant because it determines a common time value for both systems.During file synchronizations, the systems use this time value to see if anynewer configuration files exist.

Important

Apply the following procedure to both the active and standby systems.

To define an NTP server

1. On the Main tab of the navigation pane, expand System and thenclick Configuration.

2. From the Device menu, choose NTP.

3. In the Address box, type the IP address of the NTP server you wantto use.For this example, type 192.168.5.15.

4. Click Add.

5. Click Update.

Defining the default gateway pool and routeThe next task is to define the default gateway pool for network traffic. (Inthis example, the default gateway pool contains the IP addresses thatcorrespond to the link1 and link2 links.) Once you create this pool, you canassign it to the default route within the Link Controllers.

Important

Apply the following procedures to both the active and standby systems.

To create a default gateway pool


2. Click Create.

3. In the Name box, type the name of the default gateway pool.For this example, type gw_pool.

5 - 6


4. For the Health Monitors setting, use the Move buttons to addgateway_icmp to the Active list.

5. From the Load Balancing Method list, select Dynamic Ratio(node).

6. For the New Members setting, add the IP address of each link.For this example type the following:

• IP address 10.1.1.5, selecting All Services from the Service Portlist. This IP address represents the link1 link.

• IP Address 10.1.2.5, selecting All Services from the ServicePort list. This IP address represents the link2 link.

7. Click Add.

8. Click Finished.

To define the default route


2. In the Name column, click default.

3. From the Resource list, select Use Pool and then select the name ofthe default gateway pool.In this example, select gw_pool from the list.

4. Click Update.

Defining a listenerThe Link Controller employs a listener to identify the traffic for which it isresponsible.

Important

For this task, configure only the active system. The settings you establish onthis system are transferred to the standby system during a synchronizationthat you initiate later in this process.

To configure the listener

1. On the Main tab in the navigation pane, expand Link Controllerand then click Listeners.

2. Click Create.

3. In the Destination box, type the IP address on which the systemlistens for network traffic.For this example type 10.1.1.50.

4. From the VLAN Traffic list, select All VLANs.


Chapter 5

5. For Route Advertisement, select the Enabled check box.

6. Click Finished.

Enabling global traffic synchronizationFor the next task, you enable the global traffic synchronization options andassign an appropriate name for the synchronization group.

Important

For this task, configure only the active system. The settings you establish onthis system are transferred to the standby system when you run the gtm_addscript.

To enable synchronization

1. On the Main tab of the navigation pane, expand System and thenclick Configuration.

2. From the Global Traffic menu, choose General.

3. Check the Synchronization check box.

4. Check the Synchronize DNS Zone Files check box.

5. In the Synchronization Group Name box, type the name of thesynchronization group.For this example, type Link Controller Group A.

6. Click Update.

Adding linksThe next task is to add the links that represent the two Internet connections.Each Link Controller configuration must contain at least two links for thesystem to load balance network traffic.

Important

For this task, configure only the active system. The settings you establish onthis system are transferred to the standby system when you run the gtm_addscript.

To add a link


2. Click Create.

3. In the Name box, type the name of the link.For this example, type link1.

5 - 8


4. In the Router Address box, type the IP address of the link.In this example, type 10.1.1.5.

5. For the Health Monitors setting, use the Move buttons to add thebigip_link monitor to the Enabled list.

6. Click Finished.

Repeat the procedure to define the second link. In this example, the secondlink on the Link Controller, uses the name link2 and the router address10.1.2.5.

Running the gtm_add scriptLastly, you need to have the two units share the same configuration. For thisimplementation, that means you need to have the standby Link Controlleracquire the configurations established on the active Link Controller. Youmust do this before you attempt to synchronize these systems; otherwise,you run the risk of having the new Link Controller, which is unconfigured,replace the configuration of older systems. To acquire the configurationfiles, you run the gtm_add script.

Before you run the gtm_add script, make sure that TCP port 4353 isavailable on both units.

Important

Run the gtm_add script from the unconfigured Link Controller.

To run the gtm_add script

1. Log on to the standby system.In this example, log on to lc2.siterequest.com.

2. At the command prompt, type gtm_add.

3. Press the y key to start the gtm_add script.

4. Type the IP address of the active system.For this example, type 172.168.1.20.

5. Press Enter.

The gtm_add process begins, acquiring configuration data from the activeLink Controller (in this example lc1.sitequrest.com). Once the processcompletes, you have successfully created a redundant system configurationconsisting of two Link Controllers.


Chapter 5

5 - 10

6

Configuring IP Anycast (Route HealthInjection)

• About IP Anycast

• Enabling the ZebOS dynamic routing protocol

• Creating a custom DNS profile

• Verifying advertisement of the route to a listener

Configuring IP Anycast (Route Health Injection)

About IP AnycastYou can configure IP Anycast for DNS services on BIG-IP® LinkController™ to help mitigate denial-of-service attacks (DDoS), improve thescalability of your network, and assist with link management. Thisconfiguration adds routes to and removes routes from the routing table basedon availability. Advertising routes to virtual addresses based on the status ofattached listeners is known as Route Health Injection (RHI).

The tasks you need to accomplish to configure the Link Controller systemfor IP Anycast are:

• Enable the ZebOS® dynamic routing protocol.

• Create a custom DNS profile.

• Configure a listener for route advertisement.

• Verify advertisement of the route to a listener.


Chapter 6

Enabling the ZebOS dynamic routing protocolBefore you enable ZebOS dynamic routing on BIG-IP Link Controller, dothe following:

• Ensure that the system license includes the Routing Bundle add-on.

• Ensure that ZebOS is configured correctly. If you need help, refer to thefollowing resources on AskF5™:

• BIG-IP® Traffic Management Operating System: Concepts

• Configuration Guide for the VIPRION® Systems

• ZebOS® Advanced Routing Suite Configuration Guide

To enable the ZebOS dynamic routing protocol

1. Log on to the command line interface of BIG-IP Link Controller.

2. At the command prompt, type zebos enable <protocol_type> andpress Enter.The system returns an enabled response.

3. To verify that the ZebOS dynamic routing protocol is enabled, at thecommand prompt type zebos check and press Enter.The system returns a list of all enabled protocols.

6 - 2


Creating a custom DNS profileThe next task in configuring IP Anycast is to specify how you want BIG-IPLink Controller to handle non-wide IP queries. To do this, create a customDNS profile based on your network configuration.

To create a custom DNS profile

1. On the Main tab of the navigation pane, expand Local Traffic, andthen click Profiles.

2. From the Services menu, choose DNS.The DNS profile list screen opens.

3. Click Create.The New DNS Profile screen opens.

4. In the Name field, type a name for the profile.Names must begin with a letter, and can contain only letters,numbers, and the underscore (_) character.

5. Verify that the Parent Profile setting specifies the default, dns.

6. Select the Custom check box.The fields in the section become available for configuring.

7. In the Global Traffic Management list, accept the default valueEnabled.

8. From the Unhandled Query Actions list, select an action for thesystem to take when a query is not for a wide IP. The options are:

• AllowForward the connection request to another DNS server, unless theUse BIND Server on BIG-IP option is enabled. In that case,forward the connection request to the local BIND server. (Allowis the default value.)

• DropDo not reply.

• RejectReturn the query with the REFUSED return code.

• HintReturn the query with a list of root name servers.

• No ErrorReturn the query with the NOERROR return code.

9. Click Finished.


Chapter 6

Configuring a listener for route advertisementThe next task in this implementation is to configure a listener for routeadvertisement.

To configure a listener

1. On the Main tab of the navigation pane, expand Link Controller,and then click Listeners.

2. Click Create.

3. In the Destination box, type the IP address on which BIG-IP LinkController listens for network traffic.

The destination cannot be a self IP address on the system, because alistener with the same IP address as a self IP address cannot beadvertised.

4. From the VLAN Traffic list, select one of these options:

• All VLANsTo have this listener handle traffic on all VLANs within thenetwork segment.

• Enabled onTo have this listener handle traffic on only the VLANs that youmove from the Available list to the Selected list.

5. From the Protocol list, select either UDP or TCP.

6. From the DNS Profile list, select one of the following options:

• dnsThis is the default DNS profile.

• Enabled onIf you have created a custom DNS profile to handle non-wide IPqueries in a way that works for your network configuration, selectit.

7. For Route Advertisement, select the Enabled check box.

8. Click Finished.

BIG-IP Link Controller can now advertise the virtual address of the listenerto routers on the network.

6 - 4


Verifying advertisement of the route to a listenerThe last task in this implementation is to verify advertisement of the route toa listener.

To verify that BIG-IP Link Controller is advertising thevirtual address of a listener

1. Log on to the command line interface of BIG-IP Link Controller.

2. At the command prompt, type zebos cmd sh ip route | grep<listener IP address> and press Enter.An advertised route displays with a code of K and a 32 bit kernel,for example: K 127.0.0.1/32.


Chapter 6

6 - 6

7

Diagnosing Network Connection Issues

• About iQuery status and statistics

• Viewing information about iQuery connections


About iQuery status and statisticsTo help diagnose network connection issues, you can view the status of andstatistics about the iQuery® connections between BIG-IP® Link Controller™and other BIG-IP systems on your network. iQuery connection informationdisplays for IP addresses that are configured on BIG-IP server objects.


Chapter 7

Viewing information about iQuery connectionsYou can view iQuery status and statistics for BIG-IP Link Controllerconfigurations that contain at least one BIG-IP system server object with aself IP address.

To view iQuery status and statistics

1. On the Main tab of the navigation pane, expand Overview, and thenclick Statistics.

2. On the menu bar, click Link Traffic.

3. From the Statistics Type list, select iQuery.The screen displays information about the iQuery connectionsbetween this system and other BIG-IP systems in your network.

4. To display current information, click Reset. The following statisticsare reset to zero:

• iQuery Reconnects

• Bytes In

• Bytes Out

• Backlogs

• Bytes Dropped

7 - 2


Understanding iQuery statisticsTable Desciptions of iQuery statisticsDesciptions of iQuerystatisticsDesciptions of iQuery statisticsDesciptions of iQuery statistics5.1contains descriptions of the statistics that are available for iQueryconnections.

iQuery Statistics Description

IP Address Displays the IP address of each server that has aniQuery connection with this BIG-IP Link Controller.

iQuery State Displays the state of the iQuery connection betweenthe specified server and the BIG-IP Link Controller.Possible states are:

Not Connected

Connecting

Connected

Backlogged (indicates messages are queued andwaiting to be sent)

iQuery Reconnects Displays the number of times the BIG-IP Link Controllerre-established an iQuery connection with the specifiedserver.

Bytes In Displays the amount of data in bytes received by theBIG-IP Link Controller over the iQuery connection fromthe specified server.

Bytes Out Displays the amount of data in bytes sent from theBIG-IP Link Controller over the iQuery connection tothe specified server.

Backlogs Displays the number of times the iQuery connectionbetween the BIG-IP Link Controller and the specifiedserver was blocked, because iQuery had to send outmore messages than the connection could handle.

Bytes Dropped Displays the amount of data in bytes that the iQueryconnection dropped.

Last Sync Displays the date and time of the last configurationsynchronization.

SSL CertificateExpiration

Displays the date the SSL certificate expires.

Table 7.1 Desciptions of iQuery statistics


Chapter 7

7 - 4

Glossary

Glossary

active unit

In a redundant system configuration, the active unit is the system thatcurrently load balances connections. If the active unit fails, the standby unitassumes control and begins to load balance connections. See also redundantsystem configuration.

bandwidth load balancing

In bandwidth load balancing, the Link Controller™ uses a specific link untila traffic threshold has been met. After that threshold is met, the LinkController shifts traffic to another link. When the traffic falls below thethreshold, the Link Controller shifts traffic back to the first link.

Configuration utility

The Configuration utility is the browser-based application that you use toconfigure the BIG-IP® system.

cost-based load balancing

In cost-based load balancing, the system prioritizes link usage based on thecost of the bandwidth for that connection to the Internet. The LinkController sends traffic to the link that is currently operating at the lowestcost. As the usage cost for each link changes, the Link Controllerdynamically shifts traffic to the best link.

default wildcard virtual server

A default wildcard virtual server has an IP address and port number of0.0.0.0:0. or *:* or "any":"any". This virtual server accepts all traffic thatdoes not match any other virtual server defined in the configuration. Seealso wildcard virtual server.

domain name

A domain name is a unique name that is associated with one or more IPaddresses. Domain names are used in URLs to identify particular Webpages. For example, in the URL http://www.siterequest.com/index.html,the domain name is siterequest.com.

floating IP address

A floating self IP address is an additional self IP address for a VLAN thatserves as a shared address by both units of a BIG-IP redundant systemconfiguration.

health monitor

A health monitor checks a node to see if it is up and functioning for a givenservice. If the node fails the check, it is marked down. Different monitorsexist for checking different services.

BIG-IP® Link ControllerTM: Implementations Glossary - 1

Glossary

interface

The physical port on a BIG-IP system is called an interface.

internal VLAN

The internal VLAN is a default VLAN on the BIG-IP system. In a basicconfiguration, this VLAN has the administration ports open. In a normalconfiguration, this is a network interface that handles connections frominternal servers.

iQuery

The iQuery® protocol is used to exchange information between GlobalTraffic Manager™ systems and BIG-IP systems. The iQuery protocol isofficially registered with IANA for port 4353, and works on UDP and TCPconnections.

link load balancing

Link load balancing is defined as managing traffic across multiple Internetor wide-area network (WAN) gateways.

listener

A listener is a specialized resource that is assigned a specific IP address anduses port 53, the DNS query port. When traffic is sent to that IP address, thelistener alerts the Global Traffic Manager, allowing it to handle the trafficlocally or forward the traffic to the appropriate resource.

load balancing method

A load balancing method determines how the system distributes connectionsacross a load balancing pool.

load balancing pool

See pool.

local DNS

A local DNS is a server that makes name resolution requests on behalf of aclient. With respect to the Global Traffic Manager, local DNS servers arethe source of name resolution requests. Local DNS is also referred to asLDNS.

member

Member is a reference to a node when it is included in a particular loadbalancing pool. Pools typically include multiple member nodes.

monitor

The Link Controller™ uses monitors to determine whether nodes are up ordown. There are several different types of monitors and they use variousmethods to determine the status of a server or service.

Glossary - 2

Glossary

nameserver

A nameserver is a server that maintains a DNS database, and resolvesdomain name requests to IP addresses using that database.

name resolution

Name resolution is the process by which a nameserver matches a domainname request to an IP address, and sends the information to the clientrequesting the resolution.

Network Time Protocol (NTP)

Network Time Protocol functions over the Internet to synchronize systemclocks to Universal Coordinated Time. NTP provides a mechanism to setand maintain clock synchronization within milliseconds.

pool

A pool is composed of a group of network devices (called members). TheLink Controller™ load balances requests to the nodes within a pool basedon the load balancing method and persistence method you choose when youcreate the pool or edit its properties.

pool member

A pool member is a server that is a member of a load balancing pool.

port

A port can be represented by a number that is associated with a specificservice supported by a host. Refer to the Services and Port Index for a list ofport numbers and corresponding services.

ratio

A ratio is a parameter that assigns a weight to a virtual server for loadbalancing purposes.

redundant system configuration

Redundant system configuration refers to a pair of units that are configuredfor fail-over. In a redundant system configuration, there are two units, onerunning as the active unit and one running as the standby unit. If the activeunit fails, the standby unit takes over and manages connection requests.

Route Health Injection

Route Health Injection refers to advertising routes to virtual addresses basedon the status of attached listeners.

self IP address

Self IP addresses are the IP addresses owned by the BIG-IP system that youuse to access the internal and external VLANs.


Glossary

service

Service refers to services such as TCP, UDP, HTTP, and FTP.

Setup utility

The Setup utility walks you through the initial system configuration process.You can run the Setup utility from the Configuration utility start screen.

standby unit

A standby unit in a redundant system configuration is a unit that is alwaysprepared to become the active unit if the active unit fails.

synchronization group

A synchronization group is a group of Global Traffic Manager systems thatsynchronize system configurations and zone files (if applicable). Allsynchronization group members receive broadcasts of metrics data from thebig3d agents throughout the network. All synchronization group membersalso receive broadcasts of updated configuration settings from the GlobalTraffic Manager that has the latest configuration changes.

virtual server

Virtual servers are a specific combination of virtual address and virtual port,associated with a content site that is managed by an Link Controller™ orother type of host server.

VLAN

VLAN stands for virtual local area network. A VLAN is a logical groupingof network devices. You can use a VLAN to logically group devices that areon different network segments.

wide IP

A wide IP is a collection of one or more fully-qualified domain names thatmaps to one or more pools of virtual servers that host the content of thedomains, and that are managed either by BIG-IP systems, or by host servers.The Global Traffic Manager load balances name resolution requests acrossthe virtual servers that are defined in the wide IP that is associated with therequested domain name.

wildcard virtual server

A wildcard virtual server is a virtual server that uses an IP address of0.0.0.0, * or "any". A wildcard virtual server accepts connection requestsfor destinations outside of the local network. Wildcard virtual servers areincluded only in Transparent Node Mode configurations. See also defaultwildcard virtual server.

zone

In DNS terms, a zone is a subset of DNS records for one or more domains.

Glossary - 4

Glossary

zone file

In DNS terms, a zone file is a database set of domains with one or manydomain names, designated mail servers, a list of other nameservers that cananswer resolution requests, and a set of zone attributes, which are containedin an SOA record.


Glossary

Glossary - 6

Index

Aactive unit 5-1advertisement of route to listener 6-5

Bbandwidth load balancing

adding wide IPs 4-7and inbound traffic 4-1and outbound traffic 4-1and total traffic 4-1and virtual servers 4-5configuring 4-2

basic configuration for Link Controller 2-1

CConfiguration utility, accessing 2-4configuring a listener for route advertisement 6-4connection issues, diagnosing network 7-1cost-based load balancing

adding wide IPs 3-7and incremental segments 3-1and prepaid segments 3-1and weighting 3-1configuring 3-3defined 3-1example 3-2for links 3-4

custom DNS profile, creating 6-3

Ddefault gateway pool

and bandwidth load balancing 4-4, 4-5and cost-based load balancing 3-5creating 2-9See also gateway pool.

default gateway route 5-6default route

configuring for the default gateway 2-9setting using the LCD panel 2-2setting using tmsh 2-2

denial-of-service attacks, mitigating 6-1DNS profile, creating custom for IP Anycast 6-3DNS traffic

and DNS profile 6-3detecting with listeners 2-12managing 2-1

dynamic routing protocol, See ZebOS.

Eenabling ZebOS 6-2

Ggateway pool

and bandwidth-based load balancing 4-4and cost-based load balancing 3-5defining 5-6See also default gateway pool.

gateway route 5-6

Hhost name, configuring for Link Controller system 2-6

Iinbound load balancing, and wide IPs 3-7inbound traffic option 4-1incremental segments 3-1, 3-4initial system setup 2-3Internet, and physical connections 2-10IP addresses

See also self IP addresses.See also wide IPs.

IP Anycastabout 6-1and task list for configuring 6-1

iQuery connectionsabout status and statistics 7-1viewing status and statistics 7-2

iQuery statisticsabout 7-2described 7-3

LLCD panel

about menus 2-2about X button 2-2using to set default route 2-2using to set management interface IP address 2-2

license for Link Controller 2-3Link Controller

and cost-based load balancing 3-1and licensing 2-3and redundant system configurations 5-1, 6-2, 7-2introducing 2-1provisioning 2-6

linksand bandwidth load balancing 4-3and cost-based load balancing 3-4and virtual servers 3-5and wildcard virtual servers 3-6configuring 3-4, 4-3creating primary 3-3, 4-2creating secondary 3-3, 4-2defining configuration properties 5-8

listenersand redundant system configurations 5-7

BIG-IP® Link ControllerTM: Implementations Index - 1

Index

configuring for route advertisement 6-4creating 2-12verifying for route advertisement 6-5

load balancingadding wide IPs 3-7See also bandwidth load balancing.See also cost-based load balancing.using cost-based parameters 3-1

load balancing pool, creating 2-13

Mmanagement interface IP address

setting using the LCD panel 2-2setting using tmsh 2-2

menus on LCD panel 2-2modules, provisioning software 2-6

Nnetwork connections, diagnosing issues 7-1NTP server 5-6

Ooutbound traffic option 4-1

Ppool

See also gateway pool.pool, creating load balancing 2-13prepaid segments 3-1primary links 3-3provisioning operation

for software 2-6warning 2-6

Rredundant system configurations

adding links 5-8and Link Controllers 5-1, 6-2, 7-2and VLANs 2-7configuring for Link Controllers 6-3

route advertisementconfiguring for listeners 6-4verifying for listener 6-5

route health injection 6-1Routing Bundle add-on 6-2routing table, modifying 6-1

Sscalability, improving 6-1secondary links 3-3segments

and incremental 3-1

and prepaid 3-1self IP addresses, and redundant system configurations5-5, 6-5Setup utility

preventing from starting 2-5running 2-4

standby unit 5-1statistics

viewing for iQuery connections 7-2status and statistics

for iQuery connections 7-1viewing 7-2

synchronizationand redundant system configurations 5-8configuring operation 5-8

system license 6-2system setup, performing initial 2-3

Ttask list for configuring IP Anycast 6-1tmsh

and reference guide 1-1setting default route 2-2using for management interface IP address 2-2

total traffic option 4-1traffic

and assigning thresholds 4-1and inbound option 4-1and outbound option 4-1assigning thresholds 4-1

Uuser accounts, configuring 2-6utility

accessing Configuration 2-4preventing Setup start 2-5running Setup 2-4

Vverifying advertisement of route to listener 6-5virtual servers

adding 3-6, 4-5and links 3-6configuring 3-6creating 2-14creating wildcard 2-15defining 4-5using wildcard 3-6

VLANscreating 2-7creating for redundant system configurations 2-7,

5-4, 6-4

Index - 2

Index

Wwarning, provisioning the Link Controller 2-6weighting option 3-1wide IPs

adding 3-7, 4-7and inbound load balancing 3-7creating 2-15

wildcard virtual serverand links 3-6creating 2-15

XX button on LCD panel 2-2

ZZebOS dynamic routing, enabling 6-2zones, synchronizing 5-8

BIG-IP® Link ControllerTM: Implementations Index - 3

BIG-IP Link Controller™: Implementations - techdocs.f5.com · Introducing Implementations for the...

Documents

Transcript of BIG-IP Link Controller™: Implementations - techdocs.f5.com · Introducing Implementations for the...