0% found this document useful (0 votes)

162 views106 pages

BIG-IP Global Traffic Manager Implementations

Uploaded by

sumit rustagi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

162 views106 pages

BIG-IP Global Traffic Manager Implementations

Uploaded by

sumit rustagi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 106

BIG-IP® Global Traffic Manager™:

Implementations

Version 11.4
Table of Contents

Table of Contents
Legal Notices.....................................................................................................7
Acknowledgments.............................................................................................9

Chapter 1: Integrating BIG-IP GTM Into a Network with BIG-IP LTM Systems...................13
Overview: Integrating GTM with other BIG-IP systems on a network..............................14
About iQuery and communications between BIG-IP systems...............................14
Task summary..................................................................................................................14
Defining a data center...........................................................................................14
Defining BIG-IP GTM systems..............................................................................15
Defining BIG-IP LTM systems...............................................................................16
Running the big3d_install script............................................................................17
Implementation result.......................................................................................................18

Chapter 2: Integrating BIG-IP LTM Into a Network with BIG-IP GTM Systems...................19
Overview: Integrating BIG-IP LTM with BIG-IP GTM systems.........................................20
Defining a data center...........................................................................................20
Defining BIG-IP GTM systems..............................................................................20
Defining BIG-IP LTM systems...............................................................................22
Running the bigip_add script.................................................................................23
Implementation result.......................................................................................................23

Chapter 3: Adding a new BIG-IP GTM to a GTM Synchronization Group...........................25

Overview: Adding a BIG-IP GTM system to a GTM synchronization group.....................26
Enabling synchronization on the existing GTM.....................................................26
Creating a data center on the existing GTM..........................................................27
Defining a server on the existing GTM..................................................................27
Running the gtm_add script..................................................................................28
Implementation result.......................................................................................................29

Chapter 4: Delegating DNS Traffic to BIG-IP GTM.................................................................31

Overview: Delegating DNS traffic to wide IPs on BIG-IP GTM........................................32
About listeners.......................................................................................................32
Task summary..................................................................................................................32
Creating a delegated zone on a local DNS server................................................33
Creating a listener to handle traffic for wide IPs....................................................33
Implementation result.......................................................................................................33

Chapter 5: Redirecting DNS Requests Using a CNAME Record.........................................35

Overview: Redirecting DNS requests using a CNAME record ........................................36

3
Table of Contents

About CNAME records..........................................................................................36

Task summary..................................................................................................................36
Creating a pool using a CNAME...........................................................................36
Creating a wide IP with a CNAME pool ................................................................37
Viewing statistics for wide IP CNAME resolutions.................................................37
Implementation result.......................................................................................................37

Chapter 6: Replacing a DNS Server with BIG-IP GTM..........................................................39

Overview: Replacing a DNS server with BIG-IP GTM......................................................40
About listeners.......................................................................................................40
Task summary..................................................................................................................40
Configuring a back-end DNS server to allow zone file transfers...........................41
Acquiring zone files from the legacy DNS server..................................................41
Creating a self IP address using the IP address of the legacy DNS server..........41
Designating GTM as the primary server for the zone............................................42
Creating listeners to alert GTM to DNS traffic destined for the system.................42
Creating a wide IP ................................................................................................43
Implementation result.......................................................................................................43

Chapter 7: Placing BIG-IP GTM in Front of a DNS Server....................................................45

Overview: Configuring GTM to screen traffic to an existing DNS server..........................46
About listeners.......................................................................................................46
About wildcard listeners........................................................................................46
Task summary..................................................................................................................47
Placing GTM on your network to forward traffic....................................................47
Creating a listener to forward traffic to a DNS server ...........................................47
Creating a wide IP ................................................................................................47
Implementation result.......................................................................................................48

Chapter 8: Placing BIG-IP GTM in front of a Pool of DNS Servers......................................49

Overview: Screening and forwarding non-wide IP traffic to a pool of DNS servers..........50
About listeners.......................................................................................................50
Task summary..................................................................................................................50
Creating a pool of local DNS servers....................................................................51
Creating a listener that alerts GTM to DNS queries for a pool of DNS servers....51
Implementation result.......................................................................................................51

Chapter 9: Configuring GTM on a Network with One Route Domain..................................53

Overview: How do I deploy BIG-IP GTM on a network with one route domain?..............54
Creating VLANs for a route domain on BIG-IP LTM..............................................55
Creating a route domain on the BIG-IP system.....................................................55
Creating a self IP address for a route domain on BIG-IP LTM..............................56
Defining a server for a route domain on BIG-IP GTM...........................................56

4
Table of Contents

Implementation result.......................................................................................................57

Chapter 10: Configuring GTM on a Network with Multiple Route Domains.......................59

Overview: How do I deploy BIG-IP GTM on a network with multiple route domains?......60
Creating VLANs for a route domain on BIG-IP LTM..............................................62
Creating a route domain on BIG-IP LTM...............................................................62
Creating a self IP address for a route domain on BIG-IP LTM..............................63
Disabling auto-discovery at the global-level on BIG-IP GTM................................63
Defining a server for a route domain on BIG-IP GTM...........................................63
Implementation result.......................................................................................................64

Chapter 11: Setting Up a BIG-IP GTM Redundant System Configuration..........................65

Overview: Configuring a BIG-IP GTM redundant system.................................................66
Defining an NTP server.........................................................................................66
Creating listeners to identify DNS traffic................................................................66
Defining a data center...........................................................................................67
Defining a server to represent each BIG-IP system .............................................67
Enabling global traffic configuration synchronization............................................68
Running the gtm_add script .................................................................................68

Chapter 12: Authenticating with SSL Certificates Signed by a Third Party........................71

Overview: Authenticating with SSL certificates signed by a third party............................72
About SSL authentication levels............................................................................72
Configuring Level 1 SSL authentication...........................................................................72
Importing the device certificate.............................................................................72
Importing the root certificate for the gtmd agent...................................................73
Importing the root certificate for the big3d agent...................................................73
Verifying the certificate exchange..........................................................................73
Implementation Results....................................................................................................74
Configuring certificate chain SSL authentication.............................................................74
Creating a certificate chain file .............................................................................74
Importing the device certificate from the last CA server in the chain....................74
Importing a certificate chain file for the gtmd agent..............................................75
Importing a certificate chain for the big3d agent...................................................75
Verifying the certificate chain exchange................................................................75
Implementation result.......................................................................................................76

Chapter 13: Configuring a TTL in a DNS NoError Response...............................................77

Overview: Configuring a TTL in an IPv6 DNS NoError Response...................................78
About SOA records and negative caching............................................................78
Task summary..................................................................................................................78
Creating a pool......................................................................................................78
Creating a wide IP that provides for negative caching .........................................79

5
Table of Contents

Implementation result.......................................................................................................79

Chapter 14: Configuring Device-Specific Probing and Statistics Collection.....................81

Overview: Configuring device-specific probing and statistics collection...........................82
About Prober pools................................................................................................82
About Prober pool status.......................................................................................83
About Prober pool statistics...................................................................................83
Task summary..................................................................................................................84
Creating a Prober pool..........................................................................................84
Assigning a Prober pool to a data center..............................................................84
Assigning a Prober pool to a server......................................................................85
Viewing Prober pool statistics and status..............................................................85
Determining which Prober pool member marked a resource down......................86
Implementation result.......................................................................................................86

Chapter 15: Configuring How and When GTM Saves Configuration Changes..................87
Overview: Configuring how and when GTM saves configuration changes......................88
Changing the automatic configuration save timeout..............................................88
Enabling manual saves of configuration changes.................................................88
Configuring how and when GTM saves configuration changes using tmsh..........89

Chapter 16: Configuring Logging of Global Server Load Balancing Decisions................91

About logging global server load-balancing decisions.....................................................92
Configuring logs for global server load-balancing decisions ................................92

Chapter 17: Monitoring Third-Party Servers with SNMP......................................................93

Overview: SNMP monitoring of third-party servers..........................................................94
Creating an SNMP monitor...................................................................................94
Defining a third-party host server that is running SNMP.......................................94
Implementation result.......................................................................................................95

Chapter 18: Troubleshooting a BIG-IP System with a Rate-Limited License.....................97

About GTM and DNS rate-limited license statistics.........................................................98
Viewing rate-limited license statistics....................................................................98

Chapter 19: How to Diagnose Network Connection Issues.................................................99

Diagnosing network connection issues..........................................................................100
Viewing iQuery statistics ....................................................................................100
iQuery statistics descriptions...............................................................................100

6
Legal Notices

Publication Date
This document was published on May 15, 2013.

Publication Number
MAN-0388-03

Copyright
Copyright © 2012-2013, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes
no responsibility for the use of this information, nor any infringement of patents or other rights of third
parties which may result from its use. No license is granted by implication or otherwise under any patent,
copyright, or other intellectual property right of F5 except as specifically described by applicable user
licenses. F5 reserves the right to change specifications at any time without notice.

Trademarks
Access Policy Manager, Advanced Client Authentication, Advanced Routing, APM, Application Security
Manager, ARX, AskF5, ASM, BIG-IP, BIG-IQ, Cloud Extender, CloudFucious, Cloud Manager, Clustered
Multiprocessing, CMP, COHESION, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express,
DSC, DSI, Edge Client, Edge Gateway, Edge Portal, ELEVATE, EM, Enterprise Manager, ENGAGE, F5,
F5 [DESIGN], F5 Management Pack, F5 Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass,
Global Traffic Manager, GTM, GUARDIAN, IBR, Intelligent Browser Referencing, Intelligent Compression,
IPv6 Gateway, iApps, iControl, iHealth, iQuery, iRules, iRules OnDemand, iSession, L7 Rate Shaping,
LC, Link Controller, Local Traffic Manager, LTM, Message Security Manager, MSM, OneConnect,
OpenBloX, OpenBloX [DESIGN], Packet Velocity, Policy Enforcement Manager, PEM, Protocol Security
Manager, PSM, Real Traffic Policy Builder, Rosetta Diameter Gateway, ScaleN, Signaling Delivery
Controller, SDC, SSL Acceleration, StrongBox, SuperVIP, SYN Check, TCP Express, TDR, TMOS, Traffic
Management Operating System, Traffix Diameter Load Balancer, Traffix Systems, Traffix Systems
(DESIGN), Transparent Data Reduction, UNITY, VAULT, VIPRION, vCMP, virtual Clustered
Multiprocessing, WA, WAN Optimization Manager, WebAccelerator, WOM, and ZoneRunner, are
trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used
without F5's express written consent.
All other product and company names herein may be trademarks of their respective owners.

Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United States
government may consider it a criminal offense to export this product from the United States.

RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.

FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
Legal Notices

interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority
to operate this equipment under part 15 of the FCC rules.

Canadian Regulatory Compliance

This Class A digital apparatus complies with Canadian ICES-003.

Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to
Information Technology products at the time of manufacture.

8
Acknowledgments

This product includes software developed by Bill Paul.

This product includes software developed by Jonathan Stone.
This product includes software developed by Manuel Bouyer.
This product includes software developed by Paul Richards.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by the Politecnico di Torino, and its contributors.
This product includes software developed by the Swedish Institute of Computer Science and its contributors.
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.
This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
This product includes software developed by Balazs Scheidler ([email protected]), which is protected under
the GNU Public License.
This product includes software developed by Niels Mueller ([email protected]), which is protected under
the GNU Public License.
Acknowledgments

In the following statement, This software refers to the Mitsumi CD-ROM driver: This software was developed
by Holger Veit and Brian Moore for use with 386BSD and similar operating systems. Similar operating
systems includes mainly non-profit oriented systems for research and education, including but not restricted
to NetBSD, FreeBSD, Mach (by CMU).
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License (© 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
This product includes the standard version of Perl software licensed under the Perl Artistic License (© 1997,
1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard
version of Perl at http://www.perl.com.
This product includes software developed by Jared Minch.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/).
This product includes cryptographic software written by Eric Young ([email protected]).
This product contains software based on oprofile, which is protected under the GNU Public License.
This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)
and licensed under the GNU General Public License.
This product contains software licensed from Dr. Brian Gladman under the GNU General Public License
(GPL).
This product includes software developed by the Apache Software Foundation (http://www.apache.org/).
This product includes Hypersonic SQL.
This product contains software developed by the Regents of the University of California, Sun Microsystems,
Inc., Scriptics Corporation, and others.
This product includes software developed by the Internet Software Consortium.
This product includes software developed by Nominum, Inc. (http://www.nominum.com).
This product contains software developed by Broadcom Corporation, which is protected under the GNU
Public License.
This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser General
Public License, as published by the Free Software Foundation.
This product includes Intel QuickAssist kernel module, library, and headers software licensed under the
GNU General Public License (GPL).
This product includes software licensed from Gerald Combs ([email protected]) under the GNU General
Public License as published by the Free Software Foundation; either version 2 of the License, or any later
version. Copyright ©1998 Gerald Combs.
This product includes software developed by Thomas Williams and Colin Kelley. Copyright ©1986 - 1993,
1998, 2004, 2007
Permission to use, copy, and distribute this software and its documentation for any purpose with or without
fee is hereby granted, provided that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting documentation. Permission to modify the
software is granted, but not the right to distribute the complete modified source code. Modifications are to
be distributed as patches to the released version. Permission to distribute binaries produced by compiling
modified sources is granted, provided you
1. distribute the corresponding source modifications from the released version in the form of a patch file
along with the binaries,

10
BIG-IP® Global Traffic Manager™: Implementations

2. add special version identification to distinguish your version in addition to the base release version
number,
3. provide your name and address as the primary contact for the support of your modified version, and
4. retain our contact information in regard to use of the base software.

Permission to distribute the released version of the source code along with corresponding source modifications
in the form of a patch file is granted with same provisions 2 through 4 for binary distributions. This software
is provided "as is" without express or implied warranty to the extent permitted by applicable law.
This product contains software developed by Google, Inc. Copyright ©2011 Google, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions
of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

11
Chapter

1
Integrating BIG-IP GTM Into a Network with BIG-IP LTM
Systems

• Overview: Integrating GTM with other BIG-IP

systems on a network
• Task summary
• Implementation result
Integrating BIG-IP GTM Into a Network with BIG-IP LTM Systems

Overview: Integrating GTM with other BIG-IP systems on a network

You can add BIG-IP® systems to a network in which BIG-IP® Local Traffic Manager™ systems and BIG-IP
systems are already present. This expands your load balancing and traffic management capabilities beyond
the local area network. For this implementation to be successful, you must authorize communications
between the systems.

Note: The GTM systems in a GTM synchronization group, and theLTM and systems that are configured
to communicate with the systems in the GTM synchronization group must have TCP port 4353 open through
the firewall between the systems. The BIG-IP systems connect and communicate through this port.

About iQuery and communications between BIG-IP systems

The gtmd agent on BIG-IP® uses the iQuery® protocol to communicate with the local big3d agent, and the
big3d agents installed on other BIG-IP systems. The gtmd agent monitors both the availability of the
BIG-IP systems, and the integrity of the network paths between the systems that host a domain and the local
DNS servers that attempt to connect to that domain.

Figure 1: Communications between big3d and gtmd agents using iQuery

Task summary
To authorize communications between BIG-IP® systems, perform the following tasks on the BIG-IP GTM™
system that you are adding to the network.
Defining a data center
Defining BIG-IP GTM systems
Defining BIG-IP LTM systems
Running the big3d_install script

Defining a data center

On BIG-IP GTM, create a data center to contain the servers that reside on a subnet of your network.
1. On the Main tab, click Global Traffic > Data Centers.
The Data Center List screen opens.

14
BIG-IP® Global Traffic Manager™: Implementations

2. Click Create.
The New Data Center screen opens.
3. In the Name field, type a name to identify the data center.

Important: The data center name is limited to 63 characters.

4. In the Location field, type the geographic location of the data center.
5. In the Contact field, type the name of either the administrator or the department that manages the data
center.
6. From the State list, select Enabled.
7. Click Finished.

You can now create server objects and assign them to this data center.
Repeat this procedure to create additional data centers.

Defining BIG-IP GTM systems

Ensure that at least one data center exists in the configuration before you start creating a server.
On BIG-IP® GTM™, create a server object to represent the GTM system itself.
1. On the Main tab, click Global Traffic > Servers.
The Server List screen opens.
2. Click Create.
The New Server screen opens.
3. In the Name field, type a name for the server.

Important: Server names are limited to 63 characters.

4. From the Product list, select BIG-IP System (Single).

The server type determines the metrics that the system can collect from the server.
5. In the Address List area, add the IP addresses of the server.
You can add more than one IP address, depending on how the server interacts with the rest of your
network.

Important: You must use a self IP address for a BIG-IP system; you cannot use the management IP
address.

15
Integrating BIG-IP GTM Into a Network with BIG-IP LTM Systems

Option Description
Enabled The system uses the discovery feature to automatically add virtual servers. Use
this option for a BIG-IP GTM/LTM combo system when you want BIG-IP GTM
to discover BIG-IP LTM virtual servers.
Enabled (No The system uses the discovery feature to automatically add virtual servers and
Delete) does not delete any virtual servers that already exist. Use this option for a BIG-IP
GTM/LTM combo system when you want BIG-IP GTM to discover BIG-IP LTM
virtual servers.

9. From the Link Discovery list, select how you want links to be added to the system.
Option Description
Disabled The system does not use the discovery feature to automatically add links. This
is the default value. Use this option for a standalone BIG-IP GTM or for a BIG-IP
GTM/LTM combo system when you plan to manually add links to the system.
Enabled The system uses the discovery feature to automatically add links. Use this option
for a BIG-IP GTM/LTM combo system when you want BIG-IP GTM to discover
links.
Enabled (No The system uses the discovery feature to automatically add links and does not
Delete) delete any links that already exist. Use this option for a BIG-IP GTM/LTM
combo system when you want BIG-IP GTM to discover links.

10. Click Create.

The Server List screen opens displaying the new server in the list.

Defining BIG-IP LTM systems

On BIG-IP® GTM™, define servers that represent the BIG-IP LTM® systems in your network.
1. On the Main tab, click Global Traffic > Servers.
The Server List screen opens.
2. Click Create.
The New Server screen opens.
3. In the Name field, type a name for the server.

Important: Server names are limited to 63 characters.

4. From the Product list, select either BIG-IP System (Single) or BIG-IP System (Redundant).
The server type determines the metrics that the system can collect from the server.
5. In the Address List area, add the IP addresses of the server.
You can add more than one IP address, depending on how the server interacts with the rest of your
network.

Important: You must use a self IP address for a BIG-IP system; you cannot use the management IP
address.

16
BIG-IP® Global Traffic Manager™: Implementations

8. From the Virtual Server Discovery list, select how you want virtual servers to be added to the system.
Option Description
Disabled The system does not use the discovery feature to automatically add virtual servers.
This is the default value. Use this option for a standalone BIG-IP GTM or for a
BIG-IP GTM/LTM combo system when you plan to manually add virtual servers
to the system, or if your network utilizes multiple route domains.
Enabled The system uses the discovery feature to automatically add virtual servers. Use
this option for a BIG-IP GTM/LTM combo system when you want BIG-IP GTM
to discover BIG-IP LTM virtual servers.
Enabled (No The system uses the discovery feature to automatically add virtual servers and
Delete) does not delete any virtual servers that already exist. Use this option for a BIG-IP
GTM/LTM combo system when you want BIG-IP GTM to discover BIG-IP LTM
virtual servers.

10. Click Create.

The Server List screen opens displaying the new server in the list.

Running the big3d_install script

Determine the self IP addresses of the BIG-IP® systems that you want to upgrade with the latest big3d
agent.
Ensure that port 22 is open.
Run the big3d_install script on the BIG-IP GTM system you are adding to your network to upgrade
the big3d agents on the other BIG-IP systems on your network and instruct these systems to authenticate
with the other BIG-IP systems through the exchange of SSL certificates. For additional information about
running the script, see SOL8195 on AskF5.com (www.askf5.com).

Note: You must perform this task from the command-line interface.

Important: All target BIG-IP systems must be running the same or an older version of BIG-IP software.

1. Log in as root to the BIG-IP GTM system you are adding to your network .
2. Run this command to access tmsh.
tmsh

17
Integrating BIG-IP GTM Into a Network with BIG-IP LTM Systems

3. Run this command to run the big3d_install script:

run gtm big3d_install <IP_addresses_of_target BIG-IP_systems>
The script instructs the BIG-IP GTM system to connect to each specified BIG-IP.
4. If prompted, enter the root password for each system.

The SSL certificates are exchanged, authorizing communications between the systems. The big3d agent
on each system is upgraded to the same version as is installed on the BIG-IP GTM system from which you
ran the script.

Implementation result
You now have an implementation in which the BIG-IP® systems can communicate with each other. BIG-IP
GTM™ can now use the other BIG-IP systems when load balancing DNS requests, and can acquire statistics
and status information for the virtual servers these systems manage.

18
Chapter

2
Integrating BIG-IP LTM Into a Network with BIG-IP GTM
Systems

• Overview: Integrating BIG-IP LTM with

BIG-IP GTM systems
• Implementation result
Integrating BIG-IP LTM Into a Network with BIG-IP GTM Systems

Overview: Integrating BIG-IP LTM with BIG-IP GTM systems

You can add BIG-IP® systems to a network in which BIG-IP® Global Traffic Manager™ systems are already
present. This expands your load balancing and traffic management capabilities to include the local area
network. For this implementation to be successful, you must authorize communications between the LTM
and GTM systems. When the LTM and GTM systems use the same version of the big3d agent, you run
the bigip_add utility to authorize communications between the systems.

Note: The BIG-IP GTM and BIG-IP LTM systems must have TCP port 4353 open through the firewall
between the systems. The BIG-IP systems connect and communicate through this port.

Task summary
To authorize communications between BIG-IP® GTM™ and BIG-IP LTM™ systems, perform the following
tasks on GTM.
Defining a data center
Defining BIG-IP GTM systems
Defining BIG-IP LTM systems
Running the bigip_add script

Defining a data center

On BIG-IP GTM, create a data center to contain the servers that reside on a subnet of your network.
1. On the Main tab, click Global Traffic > Data Centers.
The Data Center List screen opens.
2. Click Create.
The New Data Center screen opens.
3. In the Name field, type a name to identify the data center.

Important: The data center name is limited to 63 characters.

You can now create server objects and assign them to this data center.
Repeat this procedure to create additional data centers.

Defining BIG-IP GTM systems

Ensure that at least one data center exists in the configuration before you start creating a server.
On BIG-IP® GTM™, create a server object to represent the GTM system itself.

20
BIG-IP® Global Traffic Manager™: Implementations

1. On the Main tab, click Global Traffic > Servers.

The Server List screen opens.
2. Click Create.
The New Server screen opens.
3. In the Name field, type a name for the server.

Important: Server names are limited to 63 characters.

4. From the Product list, select BIG-IP System (Single).

Important: You must use a self IP address for a BIG-IP system; you cannot use the management IP
address.

6. From the Data Center list, select the data center where the server resides.
7. In the Health Monitors area, assign the bigip monitor to the server by moving it from the Available list
to the Selected list.
8. From the Virtual Server Discovery list, select how you want virtual servers to be added to the system.
Option Description
Disabled The system does not use the discovery feature to automatically add virtual servers.
This is the default value. Use this option for a standalone BIG-IP GTM or for a
BIG-IP GTM/LTM combo system when you plan to manually add virtual servers
to the system, or if your network utilizes multiple route domains.
Enabled The system uses the discovery feature to automatically add virtual servers. Use
this option for a BIG-IP GTM/LTM combo system when you want BIG-IP GTM
to discover BIG-IP LTM virtual servers.
Enabled (No The system uses the discovery feature to automatically add virtual servers and
Delete) does not delete any virtual servers that already exist. Use this option for a BIG-IP
GTM/LTM combo system when you want BIG-IP GTM to discover BIG-IP LTM
virtual servers.

10. Click Create.

The Server List screen opens displaying the new server in the list.

21
Integrating BIG-IP LTM Into a Network with BIG-IP GTM Systems

Defining BIG-IP LTM systems

Important: Server names are limited to 63 characters.

Important: You must use a self IP address for a BIG-IP system; you cannot use the management IP
address.

22
BIG-IP® Global Traffic Manager™: Implementations

Option Description
Enabled (No The system uses the discovery feature to automatically add links and does not
Delete) delete any links that already exist. Use this option for a BIG-IP GTM/LTM
combo system when you want BIG-IP GTM to discover links.

10. Click Create.

The Server List screen opens displaying the new server in the list.

Running the bigip_add script

Determine the self IP addresses of the BIG-IP LTM® systems that you want to communicate with BIG-IP
GTM™.
Run the bigip_add script on the GTM system you are installing on a network that includes other BIG-IP
systems of the same version. This script exchanges SSL certificates so that each system is authorized to
communicate with the other.

Note: You must perform this task from the command-line interface.

1. Log in as root to the BIG-IP GTM system you are installing on your network.
2. Run this command to access tmsh.
tmsh

3. Run this command to run the bigip_add utility:

run gtm bigip_add <IP_addresses_of_BIG-IP_LTM_systems>
The utility exchanges SSL certificates so that each system is authorized to communicate with the other.

The specified BIG-IP® systems can now communicate with BIG-IP GTM.

Implementation result
You now have an implementation in which the BIG-IP® systems can communicate with each other. BIG-IP
GTM™ can now use the other BIG-IP systems when load balancing DNS name resolution requests, and can
acquire statistics and status information for the virtual servers the other BIG-IP systems manage.

23
Chapter

3
Adding a new BIG-IP GTM to a GTM Synchronization Group

• Overview: Adding a BIG-IP GTM system to

a GTM synchronization group
• Implementation result
Adding a new BIG-IP GTM to a GTM Synchronization Group

Overview: Adding a BIG-IP GTM system to a GTM synchronization group

You can configure BIG-IP® Global Traffic Manager™ (GTM)™ systems in collections called GTM
synchronization groups. All BIG-IP GTM systems in the same GTM synchronization group have the same
rank, exchange heartbeat messages, and share probing responsibility.

Figure 2: BIG-IP GTM systems in a GTM synchronization group

When you add a BIG-IP® (GTM)™ system to a network that contains older BIG-IP GTM systems, the
devices can exchange heartbeat messages, even though the BIG-IP software versions are different. However,
to add a GTM to a configuration synchronization group, you must run the gtm_add script.

Task Summary
When adding a BIG-IP® GTM™ to a network that already contains BIG-IP GTM systems in a synchronization
group, perform the following tasks.
Enabling synchronization on the existing GTM
Creating a data center on the existing GTM
Defining a server on the existing GTM
Running the gtm_add script

Enabling synchronization on the existing GTM

Ensure that the BIG-IP GTM references your NTP servers.
Decide to which GTM synchronization group you want to add the BIG-IP GTM. Ensure that at least one
previously-configured BIG-IP GTM belongs to that GTM synchronization group.
To ensure that the BIG-IP GTM that is already installed on your network can share configuration changes
with other BIG-IP GTM systems that you add to the GTM synchronization group, enable synchronization
on the system.
1. On the Main tab, click System > Configuration > Global Traffic > General.
The General configuration screen opens.
2. Select the Synchronization check box.
3. In the Synchronization Time Tolerance field, type the maximum number of seconds allowed between
the time settings on this system and the other systems in the synchronization group.
The lower the value, the more often this system makes a log entry indicating that there is a difference.

26
BIG-IP® Global Traffic Manager™: Implementations

Tip: If you are using NTP, leave this setting at the default value of 10. In the event that NTP fails, the
system uses the time_tolerance variable to maintain synchronization.

4. In the Synchronization Group Name field, type the name of the synchronization group to which you
want this system to belong.
5. Click Update.

When a change is made on one BIG-IP GTM in the GTM synchronization group, that change is automatically
synchronized to the other systems in the group.

Creating a data center on the existing GTM

Create a data center on the existing BIG-IP® GTM™ system to represent the location where the new BIG-IP
GTM system resides.
1. On the Main tab, click Global Traffic > Data Centers.
The Data Center List screen opens.
2. Click Create.
The New Data Center screen opens.
3. In the Name field, type a name to identify the data center.

Important: The data center name is limited to 63 characters.

Defining a server on the existing GTM

Ensure that a data center where the new BIG-IP® GTM™ system resides exists in the configuration of the
existing BIG-IP GTM system.
Define a new server, on the existing BIG-IP GTM, to represent the new BIG-IP GTM system.
1. On the Main tab, click Global Traffic > Servers.
The Server List screen opens.
2. Click Create.
The New Server screen opens.
3. In the Name field, type a name for the server.

Important: Server names are limited to 63 characters.

4. From the Product list, select BIG-IP System (Single).

The server type determines the metrics that the system can collect from the server.
5. In the Address List area, add the IP address of the server.

27
Adding a new BIG-IP GTM to a GTM Synchronization Group

Important: You must use a self IP address for a BIG-IP® system; you cannot use the management IP
address.

6. From the Data Center list, select the data center where the server resides.
7. From the Virtual Server Discovery list, select how you want virtual servers to be added to the system.
Option Description
Disabled The system does not use the discovery feature to automatically add virtual servers.
This is the default value. Use this option for a standalone BIG-IP GTM or for a
BIG-IP GTM/LTM combo system when you plan to manually add virtual servers
to the system, or if your network utilizes multiple route domains.
Enabled The system uses the discovery feature to automatically add virtual servers. Use
this option for a BIG-IP GTM/LTM combo system when you want BIG-IP GTM
to discover BIG-IP LTM virtual servers.
Enabled (No The system uses the discovery feature to automatically add virtual servers and
Delete) does not delete any virtual servers that already exist. Use this option for a BIG-IP
GTM/LTM combo system when you want BIG-IP GTM to discover BIG-IP LTM
virtual servers.

8. Click Create.
The Server List screen opens displaying the new server in the list.

The status of the newly defined BIG-IP GTM system is Unknown , because you have not yet run the gtm_add
script.

Running the gtm_add script

Determine the self IP address of a BIG-IP® GTM™ in the GTM synchronization group to which you want
to add another BIG-IP GTM.
Run the gtm_add script on the BIG-IP GTM system you are adding to your network to acquire the
configuration settings from a BIG-IP GTM system that is already installed on your network.

Note: You must perform this task from the command-line interface.

1. Log in as root to the BIG-IP GTM system you are adding to your network.
2. Run this command to access tmsh.
tmsh

3. Run this command to run the gtm_add script

run gtm gtm_add
a) Press the y key to start the gtm_add script.
b) Type the IP address of the BIG-IP GTM in the synchronization group to which you are adding this
BIG-IP GTM
c) Press Enter.
d) If prompted, type the root password.
e) Press Enter.

The BIG-IP GTM system you are installing on your network acquires the configuration of the BIG-IP GTM
system already installed on your network.

28
BIG-IP® Global Traffic Manager™: Implementations

Implementation result
The new BIG-IP® GTM™ that you added to the network is a part of a GTM synchronization group. Changes
you make to any system in the GTM synchronization group are automatically propagated to all other systems
in the group.

29
Chapter

4
Delegating DNS Traffic to BIG-IP GTM

• Overview: Delegating DNS traffic to wide IPs

on BIG-IP GTM
• Task summary
• Implementation result
Delegating DNS Traffic to BIG-IP GTM

Overview: Delegating DNS traffic to wide IPs on BIG-IP GTM

BIG-IP® Global Traffic Manager™ (GTM™) resolves DNS queries that match a wide IP name. BIG-IP GTM
can work in conjunction with an existing DNS server on your network. In this situation, you configure the
DNS server to delegate wide IP-related requests to BIG-IP GTM for name resolution.

Figure 3: Traffic flow when DNS server delegates traffic to BIG-IP GTM

This implementation focuses on the fictional company SiteRequest that recently purchased BIG-IP GTM
to help resolve queries for two web-based applications: store.siterequest.com and
checkout.siterequest.com. These applications are delegated zones of www.siterequest.com.
Currently, a DNS server manages www.siterequest.com.
SiteRequest administrators have already configured BIG-IP GTM with two wide IPs,
www.store.siterequest.com and www.checkout.siterequest.com. These wide IPs correspond
to the two web applications.

About listeners
A listener is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address
you assign to the listener. When a DNS name resolution request is sent to the IP address of the listener,
BIG-IP GTM either handles the request locally or forwards the request to the appropriate resource.

Task summary
Perform these tasks to delegate DNS traffic to wide IPs on BIG-IP GTM.
Creating a delegated zone on a local DNS server
Creating a listener to handle traffic for wide IPs

32
BIG-IP® Global Traffic Manager™: Implementations

Creating a delegated zone on a local DNS server

Determine which DNS servers will delegate wide IP-related requests to BIG-IP® GTM™.
If you are using BIND servers and you are unfamiliar with how to modify the files on these servers, consider
reviewing the fifth edition of DNS and BIND, available from O’Reilly Media.
In order for BIG-IP GTM to manage the web applications of store.siterequest.com and
checkout.siterequest.com, you must create a delegated zone on the DNS server that manages
www.siterequest.com. Perform the following steps on the selected DNS server.

1. Create an address record (A record) that defines the domain name and IP address of each BIG-IP GTM
in your network.
2. Create a nameserver record (NS record) that defines the delegated zone for which BIG-IP GTM is
responsible.
3. Create canonical name records (CNAME records) to forward requests for store.siterequest.com
and checkout.siterequest.com to the wide IPs store.siterequest.com and
checkout.siterequest.com, respectively.

Creating a listener to handle traffic for wide IPs

Determine the self IP address of BIG-IP GTM.
Create a listener on BIG-IP® GTM™ that identifies the wide IP traffic for which BIG-IP® GTM™ is
responsible.
1. On the Main tab, click Global Traffic > Listeners.
The Listeners List screen opens.
2. Click Create.
The new Listeners screen opens.
3. In the Destination field, type the IP address on which BIG-IP GTM listens for network traffic.
The destination is a self IP address on BIG-IP GTM.
4. From the VLAN Traffic list, select All VLANs.
5. From the Protocol list, select either UDP or TCP.
6. Click Finished.

Implementation result
You now have an implementation of BIG-IP® GTM™ in which the DNS server manages DNS traffic unless
the query is for store.sitrequest.com or checkout.siterequest.com. When the DNS server
receives these queries, it delegates them to BIG-IP GTM, which then load balances the queries to the
appropriate wide IPs.

33
Chapter

5
Redirecting DNS Requests Using a CNAME Record

• Overview: Redirecting DNS requests using

a CNAME record
• Task summary
• Implementation result
Redirecting DNS Requests Using a CNAME Record

Overview: Redirecting DNS requests using a CNAME record

When you want to redirect DNS name resolution requests for a web site to a different web site, create a
wide IP that represents the original web site, and add a pool configured with a CNAME to the wide IP to
redirect the requests to the new destination.

The executives at siterequest.com recently purchased a competitor. Site Request's administrator wants
to redirect DNS requests for competitor.com to a rebranded web site named
competitor.siterequest.com.

About CNAME records

A CNAME record specifies that a domain name is an alias of another domain. When you create a pool with
a canonical name, BIG-IP® Global Traffic Manager™(GTM™) responds to DNS name resolution requests
for the CNAME with the real fully qualified domain name (FQDN).

Task summary
Perform these tasks to redirect a DNS request using a wide IP, which includes a pool that is configured with
a CNAME.
Creating a pool using a CNAME
Creating a wide IP with a CNAME pool
Viewing statistics for wide IP CNAME resolutions

Creating a pool using a CNAME

Create a pool to which the system can load balance DNS requests using a CNAME record, rather than pool
members. For example, you can name the pool competitor_redirect and use a CNAME of
competitor.siterequest.com.

1. On the Main tab, click Global Traffic > Pools.

The Pools list screen opens.
2. Click Create.
3. Type a name for the pool.
Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.

Important: The pool name is limited to 63 characters.

4. From the Configuration list, select Advanced.

5. In the CNAME field, type the canonical name of the zone to which you want BIG-IP® GTM™ to send
DNS queries.

36
BIG-IP® Global Traffic Manager™: Implementations

Tip: When you provide a canonical name, you do not add members to the pool, because the CNAME
record always takes precedence over pool members. Additionally, a pool with a CNAME is not monitored
for availability.

6. Click Finished.

Creating a wide IP with a CNAME pool

Ensure that a pool configured with a CNAME exists in the BIG-IP® configuration.
Create a wide IP that includes a pool configured with a CNAME to redirect DNS name resolution requests
for a web site, to a different web site.
1. On the Main tab, click Global Traffic > Wide IPs.
The Wide IP List screen opens.
2. Click Create.
The New Wide IP screen opens.
3. In the Name field, type a name for the wide IP.

Tip: You can use two different wildcard characters in the wide IP name: asterisk (*) to represent several
characters and question mark (?) to represent a single character. This reduces the number of aliases
you have to add to the configuration.

4. From the Pool list, select the CNAME pool, and then click Add.
5. Click Finished.

Viewing statistics for wide IP CNAME resolutions

Ensure that a wide IP that includes a pool configured with a CNAME exists in the BIG-IP® configuration.
You can view the number of DNS name resolution requests that GTM™ resolved using a CNAME record.
1. On the Main tab, click Statistics > Module Statistics > Global Traffic.
The Global Traffic statistics screen opens.
2. From the Statistics Type list, select Wide IPs.
Information displays about the cumulative number of DNS name resolution requests processed by the
wide IP, and the number of requests load balanced using specific methods.

Implementation result
You now have an implementation in which BIG-IP® GTM™ resolves a DNS name resolution request for a
wide IP to a CNAME. The LDNS must further resolve the CNAME to an IP address.

37
Chapter

6
Replacing a DNS Server with BIG-IP GTM

• Overview: Replacing a DNS server with

BIG-IP GTM
• Task summary
• Implementation result
Replacing a DNS Server with BIG-IP GTM

Overview: Replacing a DNS server with BIG-IP GTM

BIG-IP® Global Traffic Manager™ (GTM™) load balances incoming wide IP traffic to your network resources.
BIG-IP GTM can also replace a local DNS server as the authoritative nameserver for wide IPs, zones, and
all other DNS-related traffic. You can configure BIG-IP GTM to replace the DNS server that currently
manages www.siterequest.com. BIG-IP GTM becomes the authoritative nameserver for
www.siterequest.com and load balances traffic across the web-based applications
store.siterequest.com and checkout.siterequest.com.

Figure 4: Traffic flow when BIG-IP GTM replaces DNS server

Task summary
Perform these tasks to replace a DNS server with BIG-IP GTM.
Configuring a back-end DNS server to allow zone file transfers
Acquiring zone files from the legacy DNS server
Creating a self IP address using the IP address of the legacy DNS server
Designating GTM as the primary server for the zone
Creating listeners to alert GTM to DNS traffic destined for the system
Creating a wide IP

40
BIG-IP® Global Traffic Manager™: Implementations

Configuring a back-end DNS server to allow zone file transfers

If you are unfamiliar with how to modify DNS server files, review the fifth edition of DNS and BIND,
available from O’Reilly Media.
To configure a back-end DNS server to allow zone file transfers to the BIG-IP® system, add to the DNS
server an allow-transfer statement that specifies a self IP address on the BIG-IP system.

You can modify the following allow-transfer statement to use a self IP address on the BIG-IP system:

allow-transfer { localhost; <self IP address of BIG-IP system>; };

Acquiring zone files from the legacy DNS server

Ensure that you have configured the legacy DNS server with an allow-transfer statement that authorizes
zone transfers to BIG-IP® GTM™.
For BIG-IP GTM to acquire zone files from the legacy DNS server, create a new zone.
1. On the Main tab, click Global Traffic > ZoneRunner > Zone List.
The Zone List screen opens.
2. Click Create.
The New Zone screen opens.
3. From the View Name list, select the view that you want this zone to be a member of.
The default view is external.
4. In the Zone Name field, type a name for the zone file in this format, including the trailing dot:
db.[viewname].[zonename].
For example, db.external.siterequest.com.
5. From the Zone Type list, select Master.
6. From the Records Creation Method list, select Transfer from Server.
7. In the Source Server field, type the IP address of the DNS server (the server from which you want
BIG-IP GTM to acquire zone files).
8. Click Finished.

Creating a self IP address using the IP address of the legacy DNS server
To avoid a conflict on your network, unplug BIG-IP® GTM™ from the network.
When you want BIG-IP GTM to handle DNS traffic previously handled by a DNS server, create a self IP
address on BIG-IP GTM using the IP address of the legacy DNS server.
1. On the Main tab, click Network > Self IPs.
The Self IPs screen opens.
2. Click Create.
The New Self IP screen opens.
3. In the Name field, type a unique name for the self IP.
4. In the IP Address field, type the IP address of the legacy DNS server.

41
Replacing a DNS Server with BIG-IP GTM

The system accepts IPv4 and IPv6 addresses.

5. In the Netmask field, type the network mask for the specified IP address.
6. Click Finished.
The screen refreshes, and displays the new self IP address in the list.

Designating GTM as the primary server for the zone

Ensure that you have created a self IP address on BIG-IP® GTM™ using the IP address of the legacy DNS
server.
Add this self IP address to the BIG-IP GTM server object. Then modify the DNS server based on your
network configuration.
1. Log on to BIG-IP GTM.
2. On the Main tab, click Global Traffic > Servers.
The Server List screen opens.
3. Click the name of the BIG-IP GTM system that you want to modify.
The server settings and values display.
4. In the Address List area, add the new self IP address.
5. Click Update.
6. Do one of the following based on your network configuration:
• Modify the IP address of the legacy DNS server so that it becomes a secondary DNS server to BIG-IP
GTM. Ensure that the IP address of the DNS server does not conflict with the self IP address that
you added to the BIG-IP GTM server object.

Note: If you are using BIND servers, and you are unfamiliar with how to change a DNS server from
a primary to a secondary, refer to the fifth edition of DNS and BIND, available from O’Reilly Media.

• Remove the legacy DNS server from your network.

BIG-IP GTM is now the primary authoritative name server for the zone. The servers for the zone do not
need to be updated, because the IP address of the legacy DNS server was assigned to BIG-IP GTM.

Creating listeners to alert GTM to DNS traffic destined for the system
To alert the BIG-IP® GTM™ system to DNS traffic (previously handled by the DNS server), create two
listeners: one that uses the UDP protocol, and one that uses the TCP protocol.

Note: DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might
receive the error: connection refused or TCP RSTs.

1. On the Main tab, click Global Traffic > Listeners.

The Listeners List screen opens.
2. Click Create.
The new Listeners screen opens.
3. In the Destination field, type the IP address previously used by the legacy DNS server.
4. From the VLAN Traffic list, select All VLANs.
5. From the Protocol list, select UDP.

42
BIG-IP® Global Traffic Manager™: Implementations

6. Click Finished.

Create another listener with the same IP address, but select TCP from the Protocol list.

Creating a wide IP
Ensure that at least one load balancing pool exists in the configuration before you start creating a wide IP.
Create a wide IP to map a FQDN to one or more pools of virtual servers that host the content of the domain.
1. On the Main tab, click Global Traffic > Wide IPs.
The Wide IP List screen opens.
2. Click Create.
The New Wide IP screen opens.
3. In the Name field, type a name for the wide IP.

4. From the Pool list, select the pools that this wide IP uses for load balancing.
The system evaluates the pools based on the wide IP load balancing method configured.
a) From the Pool list, select a pool.
A pool can belong to more than one wide IP.
b) Click Add.

5. Click Finished.

Implementation result
BIG-IP® GTM™ replaces the legacy DNS server as the primary authoritative nameserver for the zone.
BIG-IP GTM handles all incoming DNS traffic, whether destined for a wide IP or handled by the BIND
instance on the system.

43
Chapter

7
Placing BIG-IP GTM in Front of a DNS Server

• Overview: Configuring GTM to screen traffic

to an existing DNS server
• Task summary
• Implementation result
Placing BIG-IP GTM in Front of a DNS Server

Overview: Configuring GTM to screen traffic to an existing DNS server

You can use BIG-IP® Global Traffic Manager™ (GTM™) as a traffic screener in front of an existing DNS
server. With this setup, all DNS traffic flows through BIG-IP GTM. Listeners that you configure on BIG-IP
GTM verify incoming DNS queries. If the query is for a wide IP, BIG-IP GTM resolves the request. If the
query is for a destination that does not match a wide IP or for an IP address that is not configured on BIG-IP
GTM, the system forwards the query to the specified DNS server for resolution. When forwarding a query,
BIG-IP GTM transforms the source address to a self IP address on BIG-IP GTM.

Figure 5: Traffic flow when BIG-IP GTM screens traffic to a DNS server

About wildcard listeners

A wildcard listener is a special listener that is assigned an IP address of 0.0.0.0 and the DNS query port
(port 53). When you want BIG-IP GTM to respond to DNS name resolution requests coming into your
network, regardless of the destination IP address of the given request, you use a wildcard listener.

46
BIG-IP® Global Traffic Manager™: Implementations

Task summary
Perform these tasks to send traffic through BIG-IP® GTM™.
Placing GTM on your network to forward traffic
Creating a listener to forward traffic to a DNS server
Creating a wide IP

Placing GTM on your network to forward traffic

Determine to which DNS server you want BIG-IP® GTM™ to forward traffic.
Place GTM on your network between LDNS servers and clients making DNS name resolution requests.
1. Physically connect GTM to your Internet connection.
2. Connect the LDNS to an Ethernet port on GTM (optional).
3. Connect the LDNS to a switch.

Creating a listener to forward traffic to a DNS server

Determine to which DNS server you want this listener to forward traffic.
Create a listener that alerts the BIG-IP system to traffic destined for a DNS server.
1. On the Main tab, click Global Traffic > Listeners.
The Listeners List screen opens.
2. Click Create.
The new Listeners screen opens.
3. In the Destination field, type the IP address on which BIG-IP GTM listens for network traffic.
The destination is the IP address of a DNS server to which you want the listener to route traffic.

Important: The destination must not match a self IP address on BIG-IP GTM.

4. From the VLAN Traffic list, select All VLANs.

5. Click Finished.

47
Placing BIG-IP GTM in Front of a DNS Server

5. Click Finished.

Implementation result
You now have an implementation in which BIG-IP® GTM™ receives all DNS queries. If the query is for a
wide IP, BIG-IP GTM load balances the request to the appropriate resource. If the query is for an IP address
of a DNS server, BIG-IP GTM either routes or forwards the query to the DNS server for resolution.

48
Chapter

8
Placing BIG-IP GTM in front of a Pool of DNS Servers

• Overview: Screening and forwarding

non-wide IP traffic to a pool of DNS servers
• Task summary
• Implementation result
Placing BIG-IP GTM in front of a Pool of DNS Servers

Overview: Screening and forwarding non-wide IP traffic to a pool of DNS

servers
BIG-IP® Global Traffic Manager™ (GTM™) can function as a traffic screener in front of a pool of DNS
servers. In this situation, BIG-IP GTM checks incoming DNS queries and if the query is for a wide IP,
resolves the query. Otherwise, BIG-IP GTM forwards the DNS query to one of the servers in a pool of DNS
servers, and that server handles the query.

Figure 6: Traffic flow when BIG-IP GTM screens traffic to a pool of DNS servers

Task summary
Perform these tasks to screen non-wide IP traffic and forward the traffic to a pool of DNS servers.
Creating a pool of local DNS servers
Creating a listener that alerts GTM to DNS queries for a pool of DNS servers

50
BIG-IP® Global Traffic Manager™: Implementations

Creating a pool of local DNS servers

Ensure that at least one custom DNS monitor exists on the BIG-IP® system. Gather the IP addresses of the
DNS servers that you want to include in a pool to which the BIG-IP® system load balances DNS traffic.
Create a pool of local DNS servers when you want to load balance DNS requests to back end DNS servers.
1. On the Main tab, click Local Traffic > Pools.
The Pool List screen opens.
2. Click Create.
The New Pool screen opens.
3. In the Name field, type a unique name for the pool.
4. For the Health Monitors setting, from the Available list, select the custom DNS monitor you created,
and click << to move the monitor to the Active list.
5. Using the New Members setting, add each resource that you want to include in the pool:
a) Type an IP address in the Address field.
b) Type a port number in the Service Port field, or select a service name from the list.
c) To specify a priority group, type a priority number in the Priority Group Activation field.
d) Click Add.

6. Click Finished.

Creating a listener that alerts GTM to DNS queries for a pool of DNS servers
Configure a listener that alerts BIG-IP® GTM™ to DNS queries destined for DNS servers that are members
of a pool.
1. Log on to the command-line interface of BIG-IP GTM.
2. Type tmsh, to access the Traffic Management Shell.
3. Run this command sequence to create a listener: create /gtm listener <name of listener>
address <IP address on which you want the listener to alert GTM to DNS traffic>
ip-protocol udp pool <name of pool> translate-address enabled
The system creates a listener with the specified name and IP address that alerts BIG-IP GTM to queries
destined for the members of the specified pool.
4. Run this command sequence to save the listener: save /sys config
5. Run this command sequence to display the listener: list /gtm listener
The system displays the new listener configuration.

Implementation result
You now have an implementation in which BIG-IP® GTM™ receives DNS queries, handles wide IP requests,
and forwards all other DNS queries to members of the pool of DNS servers.

51
Chapter

9
Configuring GTM on a Network with One Route Domain

• Overview: How do I deploy BIG-IP GTM on

a network with one route domain?
• Implementation result
Configuring GTM on a Network with One Route Domain

Overview: How do I deploy BIG-IP GTM on a network with one route domain?
You can deploy BIG-IP® Global Traffic Manager™ (GTM™) on a network where BIG-IP Local Traffic
Manager™ (LTM®) is configured with one route domain and no overlapping IP addresses.

Caution: For BIG-IP systems that include both LTM and GTM, you can configure route domains on internal
interfaces only. F5 Networks does not support the configuration of route domains on a standalone BIG-IP
GTM.

Figure 7: BIG-IP GTM deployed on a network in front of a BIG-IP LTM configured with a route domain

Task summary
Perform these tasks to configure a route domain, and then to configure BIG-IP GTM to be able to monitor
the BIG-IP LTM systems.
Creating VLANs for a route domain on BIG-IP LTM
Creating a route domain on the BIG-IP system
Creating a self IP address for a route domain on BIG-IP LTM
Defining a server for a route domain on BIG-IP GTM

54
BIG-IP® Global Traffic Manager™: Implementations

Creating VLANs for a route domain on BIG-IP LTM

You need to create two VLANs on BIG-IP® Local Traffic Manager™(LTM®) through which traffic can pass
to a route domain.
1. On the Main tab, click Network > VLANs.
The VLAN List screen opens.
2. Click Create.
The New VLAN screen opens.
3. In the Name field, type external.
4. In the Tag field, type a numeric tag, from 1 - 4094 , for the VLAN, or leave the field blank if you want
the BIG-IP system to automatically assign a VLAN tag.
The VLAN tag identifies the traffic from hosts in the associated VLAN.
5. For the Interfaces setting, from the Available list, click an interface number or trunk name and add the
selected interface or trunk to the Untagged list. Repeat this step as necessary.
6. Select the Source Check check box if you want the system to verify that the return route to an initial
packet is the same VLAN from which the packet originated.
7. Click Finished.
The screen refreshes, and displays the new VLAN in the list.

Repeat this procedure, but in Step 3, name the VLAN internal.

Creating a route domain on the BIG-IP system

Before you create a route domain:
• Ensure that an external and an internal VLAN exist on the BIG-IP® system.
• If you intend to assign a static bandwidth controller policy to the route domain, you must first create the
policy. You can do this using the BIG-IP Configuration utility.
• Verify that you have set the current partition on the system to the partition in which you want the route
domain to reside.
You can create a route domain on BIG-IP system to segment (isolate) traffic on your network. Route domains
are useful for multi-tenant configurations.
1. On the Main tab, click Network > Route Domains.
The Route Domain List screen opens.
2. Click Create.
The New Route Domain screen opens.
3. In the Name field, type a name for the route domain.
This name must be unique within the administrative partition in which the route domain resides.
4. In the ID field, type an ID number for the route domain.
This ID must be unique on the BIG-IP system; that is, no other route domain on the system can have
this ID.
5. In the Description field, type a description of the route domain.
For example: This route domain applies to traffic for application MyApp.
6. For the Strict Isolation setting, select the Enabled check box to restrict traffic in this route domain
from crossing into another route domain.
7. For the Parent Name setting, retain the default value.

55
Configuring GTM on a Network with One Route Domain

8. For the VLANs setting, from the Available list, select a VLAN name and move it to the Members list.
Select the VLAN that processes the application traffic relevant to this route domain.
Configuring this setting ensures that the BIG-IP system immediately associates any self IP addresses
pertaining to the selected VLANs with this route domain.
9. For the Dynamic Routing Protocols setting, from the Available list, select one or more protocol names
and move them to the Enabled list.
You can enable any number of listed protocols for this route domain. This setting is optional.
10. From the Bandwidth Controller list, select a static bandwidth control policy to enforce a throughput
limit on traffic for this route domain.
11. From the Partition Default Route Domain list, select either Another route domain (0) is the Partition
Default Route Domain or Make this route domain the Partition Default Route Domain.
This setting does not appear if the current administrative partition is partition Common.
When you configure this setting, either route domain 0 or this route domain becomes the default route
domain for the current administrative partition.
12. Click Finished.
The system displays a list of route domains on the BIG-IP system.

You now have another route domain on the BIG-IP system.

Creating a self IP address for a route domain on BIG-IP LTM

Ensure that external and internal VLANs exist on BIG-IP® LTM®, before you begin creating a self IP address
for a route domain.
Create a self IP address on BIG-IP LTM that resides in the address space of the route domain.
1. On the Main tab, click Network > Self IPs.
The Self IPs screen opens.
2. Click Create.
The New Self IP screen opens.
3. In the Name field, type a unique name for the self IP.
4. In the IP Address field, type an IP address.
This IP address must represent a self IP address in a route domain. Use the format x.x.x.x%n, where
n is the route domain ID, for example, 10.1.1.1%1.
The system accepts IPv4 and IPv6 addresses.
5. In the Netmask field, type the network mask for the specified IP address.
6. From the VLAN/Tunnel list, select external.
7. From the Port Lockdown list, select Allow Default.
8. Click Finished.
The screen refreshes, and displays the new self IP address in the list.

Repeat this procedure, but in Step 5, select VLAN internal.

Defining a server for a route domain on BIG-IP GTM

Ensure that at least one data center exists in the configuration.
On a BIG-IP GTM system, define a server that represents the route domain.

56
BIG-IP® Global Traffic Manager™: Implementations

1. On the Main tab, click Global Traffic > Servers.

The Server List screen opens.
2. Click Create.
The New Server screen opens.
3. In the Name field, type a name for the server.

Important: Server names are limited to 63 characters.

4. From the Product list, select either BIG-IP System (Single) or BIG-IP System (Redundant).
The server type determines the metrics that the system can collect from the server.
5. In the Address List area, add the self IP address that you assigned to the VLAN that you assigned to the
route domain.

Important: Do not include the route domain ID in this IP address. Use the format x.x.x.x, for example,
10.10.10.1.

9. Click Create.
The Server List screen opens displaying the new server in the list.

Implementation result
You now have an implementation in which BIG-IP® GTM™ can monitor virtual servers on BIG-IP LTM®
systems configured with one route domain.

57
Chapter

10
Configuring GTM on a Network with Multiple Route Domains

• Overview: How do I deploy BIG-IP GTM on

a network with multiple route domains?
• Implementation result
Configuring GTM on a Network with Multiple Route Domains

Overview: How do I deploy BIG-IP GTM on a network with multiple route

domains?
You can deploy BIG-IP® Global Traffic Manager™ (GTM) on a network where BIG-IP Local Traffic
Manager™ (LTM®) systems are configured with multiple route domains and overlapping IP addresses.

Important: On a network with route domains, you must ensure that virtual server discovery (autoconf) is
disabled, because virtual server discovery does not discover translation IP addresses.

The following figure shows BIG-IP GTM deployed in a network with multiple BIG-IP Local Traffic
Manager™ (LTM®) systems configured with the default route domain (zero), and two additional route
domains. BIG-IP GTM can monitor the Application1 and Application2 servers that have overlapping IP
addresses and reside in different route domains. The firewalls perform the required address translation
between the BIG-IP GTM and BIG-IP LTM addresses; you must configure the firewalls to segment traffic
and avoid improperly routing packets between route domain 1 and route domain 2.

60
BIG-IP® Global Traffic Manager™: Implementations

Figure 8: BIG-IP GTM deployed on a network with multiple route domains

Before BIG-IP® GTM™ can gather status and statistics for the virtual servers hosted on BIG-IP LTM®
systems on your network that are configured with route domains, you must configure the following on each
BIG-IP LTM that handles traffic for route domains:
• VLANs through which traffic for your route domains passes
• Route domains that represent each network segment
• Self IP addresses that represent the address spaces of the route domains
Additionally, on BIG-IP GTM you must:
• Configure, for each route domain, a server object with virtual server discovery disabled
• Disable virtual server discovery globally

Task summary
Perform the following tasks to configure BIG-IP GTM to monitor BIG-IP LTM systems with route domains.
Creating VLANs for a route domain on BIG-IP LTM

61
Configuring GTM on a Network with Multiple Route Domains

Creating a route domain on BIG-IP LTM

Creating a self IP address for a route domain on BIG-IP LTM
Disabling auto-discovery at the global-level on BIG-IP GTM
Defining a server for a route domain on BIG-IP GTM

Creating VLANs for a route domain on BIG-IP LTM

Create two VLANs on BIG-IP LTM through which traffic can pass to a route domain.
1. On the Main tab, click Network > VLANs.
The VLAN List screen opens.
2. Click Create.
The New VLAN screen opens.
3. In the Name field, type external.
4. In the Tag field, type a numeric tag, from 1 - 4094 , for the VLAN, or leave the field blank if you want
the BIG-IP system to automatically assign a VLAN tag.
The VLAN tag identifies the traffic from hosts in the associated VLAN.
5. For the Interfaces setting, from the Available list, click an interface number or trunk name and add the
selected interface or trunk to the Untagged list. Repeat this step as necessary.
6. Select the Source Check check box if you want the system to verify that the return route to an initial
packet is the same VLAN from which the packet originated.
7. Click Finished.
The screen refreshes, and displays the new VLAN in the list.

Repeat this procedure, but in Step 3, name the second VLAN internal.

Creating a route domain on BIG-IP LTM

Ensure that VLANs exist on BIG-IP LTM, before you create a route domain.
You can create a route domain on a BIG-IP system to segment (isolate) network traffic on your network.
1. On the Main tab, click Network > Route Domains.
The Route Domain List screen opens.
2. Click Create.
The New Route Domain screen opens.
3. In the ID field, type an ID number for the route domain.
This ID must be unique on the BIG-IP system; that is, no other route domain on the system can have
this ID.
4. In the Description field, type a description of the route domain.
For example: This route domain applies to traffic for application MyApp.
5. For the Strict Isolation setting, select the Enabled check box to restrict traffic in this route domain
from crossing into another route domain.
6. For the Parent Name setting, retain the default value.
7. For the VLANs setting, move the external and internal VLANs from the Available list, to the Members
list.
Configuring this setting ensures that the BIG-IP system immediately associates any self IP addresses
pertaining to the selected VLANs with this route domain.

62
BIG-IP® Global Traffic Manager™: Implementations

8. Click Finished.
The system displays a list of route domains on the BIG-IP system.

Create additional route domains based on your network configuration.

Creating a self IP address for a route domain on BIG-IP LTM

Ensure that VLANs exist on BIG-IP®LTM®, before you begin creating a self IP address for a route domain.
Create a self IP address on the BIG-IP system that resides in the address space of the route domain.
1. On the Main tab, click Network > Self IPs.
The Self IPs screen opens.
2. Click Create.
The New Self IP screen opens.
3. In the Name field, type a unique name for the self IP.
4. In the IP Address field, type an IP address.
This IP address must represent a self IP address in a route domain. Use the format x.x.x.x%n, where
n is the route domain ID, for example, 10.1.1.1%1.
The system accepts IPv4 and IPv6 addresses.
5. In the Netmask field, type the network mask for the specified IP address.
6. From the VLAN/Tunnel list, select the VLAN that you assigned to the route domain that contains this
self IP address.
7. From the Port Lockdown list, select Allow Default.
8. Click Finished.
The screen refreshes, and displays the new self IP address in the list.

Create additional self IP addresses based on your network configuration.

Disabling auto-discovery at the global-level on BIG-IP GTM

On BIG-IP GTM, disable auto-discovery at the global-level.
1. On the Main tab, click System > Configuration > Global Traffic > General.
The general Configuration screen opens.
2. Clear the Auto-Discovery check box.
3. Click Update.

Defining a server for a route domain on BIG-IP GTM

Ensure that at least one data center exists in the configuration.
On BIG-IP GTM, define a server that represents the route domain.
1. On the Main tab, click Global Traffic > Servers.
The Server List screen opens.
2. Click Create.
The New Server screen opens.

63
Configuring GTM on a Network with Multiple Route Domains

3. In the Name field, type a name for the server.

Important: Server names are limited to 63 characters.

4. From the Product list, select either BIG-IP System (Single) or BIG-IP System (Redundant).
The server type determines the metrics that the system can collect from the server.
5. In the Address List area, add the self IP address that you assigned to the VLAN that you assigned to the
route domain.

Important: Do not include the route domain ID in this IP address. Use the format x.x.x.x, for example,
10.10.10.1.

6. From the Data Center list, select the data center where the server resides.
7. From the Prober Pool list, select one of the following.
Option Description
Inherit from Data Center By default, a server inherits the Prober pool assigned to the data
center in which the server resides.
Prober pool name Select the Prober pool that contains the BIG-IP systems that you
want to perform monitor probes of this server.

Note: The selected Prober pool must reside in the same route domain as the servers you want the pool
members to probe.

8. In the Health Monitors area, assign the bigip monitor to the server by moving it from the Available list
to the Selected list.
9. From the Virtual Server Discovery list, select Disabled.
10. Click Create.
The New Server screen opens.

Implementation result
You now have an implementation in which BIG-IP GTM monitors BIG-IP LTM virtual servers on the
various route domains in your network.

64
Chapter

11
Setting Up a BIG-IP GTM Redundant System Configuration

• Overview: Configuring a BIG-IP GTM

redundant system
Setting Up a BIG-IP GTM Redundant System Configuration

Overview: Configuring a BIG-IP GTM redundant system

You can configure BIG-IP® Global Traffic Manager™ (GTM) in a redundant system configuration, which
is a set of two BIG-IP GTM systems: one operating as the active unit, the other operating as the standby
unit. If the active unit goes offline, the standby unit immediately assumes responsibility for managing DNS
traffic. The new active unit remains active until another event occurs that would cause the unit to go offline,
or you manually reset the status of each unit.

Task Summary
Perform the following tasks to configure a BIG-IP GTM redundant system configuration.
Before you begin, ensure that the Setup utility was run on both devices. During the Setup process, you create
VLANs internal and external and the associated floating and non-floating IP addresses, and VLAN HA and
the associated non-floating self IP address. You also configure the devices to be in an active-standby
redundant system configuration.
Defining an NTP server
Creating listeners to identify DNS traffic
Defining a data center
Defining a server to represent each BIG-IP system
Enabling global traffic configuration synchronization
Running the gtm_add script

Defining an NTP server

Define a Network Time Protocol (NTP) server that both BIG-IP GTM systems use during configuration
synchronization.

Important: Perform the following procedure on both the active and standby systems.

1. On the Main tab, click System > Configuration > Device > NTP.
The NTP Device configuration screen opens.
2. In the Time Server Lookup List area, in the Address field, type the IP address of the NTP that you want
to add. Then, click Add.

Note: If you did not disable DHCP before the first boot of the BIG-IP system, and if the DHCP server
provides the information about your NTP server, then this field is automatically populated.

3. Click Update.

During configuration synchronization, the systems use this time value to determine if any newer configuration
files exist.

Creating listeners to identify DNS traffic

Create two listeners to identify DNS traffic for which BIG-IP GTM is responsible. Create one listener that
uses the UDP protocol and one that uses the TCP protocol. If you have multiple BIG-IP GTM systems in
a device group, perform this procedure on only one system.

66
BIG-IP® Global Traffic Manager™: Implementations

Note: DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might
receive the error: connection refused or TCP RSTs.

1. On the Main tab, click Global Traffic > Listeners.

The Listeners List screen opens.
2. Click Create.
The new Listeners screen opens.
3. In the Destination field, type the IP address on which BIG-IP GTM listens for network traffic.
The destination is a self IP address on BIG-IP GTM.
4. Click Finished.

Create another listener with the same IP address, but select TCP from the Protocol list.

Defining a data center

Important: The data center name is limited to 63 characters.

You can now create server objects and assign them to this data center.
Repeat this procedure to create additional data centers.

Defining a server to represent each BIG-IP system

Ensure that the data centers where the BIG-IP GTM systems reside exist in the configuration.
Using this procedure, create two servers on the active BIG-IP system, one that represents the active system
and one that represents the standby system.

Important: Perform this procedure on only the active system.

1. On the Main tab, click Global Traffic > Servers.

The Server List screen opens.
2. Click Create.
The New Server screen opens.
3. In the Name field, type a name for the server.

67
Setting Up a BIG-IP GTM Redundant System Configuration

Important: Server names are limited to 63 characters.

4. From the Product list, select BIG-IP System (Redundant).

The server type determines the metrics that the system can collect from the server.
5. In the Address List area, add the IP address of the server.

Important: You must use a self IP address for a BIG-IP® system; you cannot use the management IP
address.

6. In the Address List area, add the IP addresses of the back up system using the Peer Address List setting.
a) Type an external (public) IP address in the Address field, and then click Add.
b) Type an internal (private) IP address in the Translation field, and then click Add.

You can add more than one IP address, depending on how the server interacts with the rest of your
network.
7. From the Data Center list, select the data center where the server resides.
8. From the Virtual Server Discovery list, select Disabled.
9. Click Create.
The Server List screen opens displaying the new server in the list.

Enabling global traffic configuration synchronization

Enable global traffic configuration synchronization options and assign a name to the GTM synchronization
group.
1. On the Main tab, click System > Configuration > Global Traffic > General.
The General configuration screen opens.
2. Select the Synchronization check box.
3. In the Synchronization Time Tolerance field, type the maximum age difference in seconds, between
the sets of configuration files on the systems in a GTM configuration synchronization group.
4. Select the Synchronize DNS Zone Files check box.
5. In the Synchronization Group Name field, type the name of the synchronization group.
6. Click Update.

Running the gtm_add script

You must run the gtm_add script from the standby system.

Note: You must perform this task from the command-line interface.

1. On the new BIG-IP GTM, log in to the command-line interface.

2. Type gtm_add, and press Enter.
3. Press the y key to start the gtm_add script.
4. Type the IP address of the existing BIG-IP GTM, and press Enter.

68
BIG-IP® Global Traffic Manager™: Implementations

The gtm_add script acquires configuration data from the active system; Once this process completes, you
have successfully created a redundant system consisting of two BIG-IP GTM systems.

69
Chapter

12
Authenticating with SSL Certificates Signed by a Third Party

• Overview: Authenticating with SSL

certificates signed by a third party
• Configuring Level 1 SSL authentication
• Implementation Results
• Configuring certificate chain SSL
authentication
• Implementation result
Authenticating with SSL Certificates Signed by a Third Party

Overview: Authenticating with SSL certificates signed by a third party

BIG-IP® systems use Secure Sockets Layer (SSL) authentication to verify the authenticity of the credentials
of systems with which data exchange is necessary.
BIG-IP software includes a self-signed SSL certificate. If your network includes one or more certificate
authority (CA) servers, you can also install SSL certificates that are signed by a third party. The BIG-IP
systems exchange SSL certificates, and use a CA server to verify the authenticity of the certificates.
The big3d agent on all BIG-IP systems and the gtmd agent on BIG-IP Global Traffic Manager™ (GTM™)
systems use the certificates to authenticate communication between the systems.

About SSL authentication levels

SSL supports ten levels of authentication (also known as certificate depth):
• Level 0 certificates (self-signed certificates) are verified by the system to which they belong.
• Level 1 certificates are authenticated by a CA server that is separate from the system.
• Levels 2 - 9 certificates are authenticated by additional CA servers that verify the authenticity of other
servers. These multiple levels of authentication (referred to as certificate chains) allow for a tiered
verification system that ensures that only authorized communications occur between servers.

Configuring Level 1 SSL authentication

You can configure BIG-IP® systems for Level 1 SSL authentication. Before you begin, ensure that the
systems you are configuring include the following:
• A signed certificate/key pair.
• The root certificate from the CA server.

Task Summary
Importing the device certificate
Importing the root certificate for the gtmd agent
Importing the root certificate for the big3d agent
Verifying the certificate exchange

Importing the device certificate

To configure the BIG-IP® system for Level 1 SSL authentication, import the device certificate signed by
the CA server.

Note: Perform this procedure on all BIG-IP® systems that you want to handle Level 1 SSL authentication.

1. On the Main tab, click System > Device Certificates.

The Device Certificate screen opens.
2. Click Import.

72
BIG-IP® Global Traffic Manager™: Implementations

3. From the Import Type list, select Certificate and Key.

4. For the Certificate Source setting, select Upload File and browse to select the certificate signed by the
CA server.
5. For the Key Source setting, select Upload File and browse to select the device key file.
6. Click Import.

Importing the root certificate for the gtmd agent

Before you start this procedure, ensure that you have the root certificate from your CA server available.
To set up the system to use a third-party certificate signed by a CA server, replace the existing certificate
file for the gtmd agent with the root certificate of your CA server.

Note: Perform this procedure on only one BIG-IP® GTM™ system in the GTM synchronization group. The
system automatically synchronizes the setting with the other systems in the group.

1. On the Main tab, click Global Traffic > Servers > Trusted Server Certificates.
The Trusted Server Certificates screen opens.
2. Click Import.
3. From the Import Method list, select Replace.
4. For the Certificate Source setting, select Upload File and browse to select the root certificate file.
5. Click Import.

Importing the root certificate for the big3d agent

Before you start this procedure, ensure that the root certificate from your CA server is available.

Note: Perform this procedure on all BIG-IP® systems that you want to configure for Level 1 SSL
authentication.

1. On the Main tab, click System > Device Certificates > Trusted Device Certificates.
The Trusted Device Certificates screen opens.
2. Click Import.
3. From the Import Method list, select Replace.
4. For the Certificate Source setting, select Upload File and browse to select the certificate signed by the
CA server.
5. Click Import.

Verifying the certificate exchange

You can verify that you installed the certificate correctly, by running the following commands on all BIG-IP®
systems that you configured for Level 1 SSL authentication.

iqdump <IP address of BIG-IP you are testing>

iqdump <IP address of BIG-IP peer system, if testing a redundant system
configuration>

73
Authenticating with SSL Certificates Signed by a Third Party

If the certificate was installed correctly, these commands display a continuous stream of information.

Implementation Results
The BIG-IP® systems are now configured for Level 1 SSL authentication.

Configuring certificate chain SSL authentication

You can configure BIG-IP® systems for certificate chain SSL authentication.

Task Summary
Creating a certificate chain file
Importing the device certificate from the last CA server in the chain
Importing a certificate chain file for the gtmd agent
Importing a certificate chain for the big3d agent
Verifying the certificate chain exchange

Creating a certificate chain file

Before you start this procedure, ensure that you have the certificate files from your CA servers available.
Create a certificate chain file that you can use to replace the existing certificate file.
1. Using a text editor, create an empty file for the certificate chain.
2. Still using a text editor, copy an individual certificate from its own certificate file and paste the certificate
into the file you created in step 1.
3. Repeat step 2 for each certificate that you want to include in the certificate chain.

You now have a certificate chain file.

Importing the device certificate from the last CA server in the chain
Import the device certificate signed by the last CA in the certificate chain.

Note: Perform this procedure on all BIG-IP systems that you want to configure for certificate chain SSL
authentication.

1. On the Main tab, click System > Device Certificates.

The Device Certificate screen opens.
2. Click Import.
3. From the Import Type list, select Certificate and Key.
4. For the Certificate Source setting, select Upload File and browse to select the certificate signed by the
CA server.
5. For the Key Source setting, select Upload File and browse to select the device key file.

74
BIG-IP® Global Traffic Manager™: Implementations

6. Click Import.

Importing a certificate chain file for the gtmd agent

Before you start this procedure, ensure that you have the certificate chain file available.
Replace the existing certificate file on the system with a certificate chain file.

Note: Perform this procedure on only one BIG-IP® GTM™ in a GTM synchronization group. The system
automatically synchronizes the setting with the other systems in the group.

Importing a certificate chain for the big3d agent

Before you start this procedure, ensure that the certificate chain file is available.

Note: Perform this procedure on all BIG-IP® systems that you want to configure for certificate chain SSL
authentication.

Verifying the certificate chain exchange

You can verify that you installed the certificate chain correctly, by running the following commands on all
the systems you configure for certificate chain SSL authentication.

iqdump <IP address of BIG-IP you are testing>

iqdump <IP address of BIG-IP peer system, if testing a redundant system
configuration>

If the certificate chain was installed correctly, these commands display a continuous stream of information.

75
Authenticating with SSL Certificates Signed by a Third Party

Implementation result
The BIG-IP® systems are now configured for certificate chain SSL authentication. For information about
troubleshooting BIG-IP device certificates, see SOL8187 on AskF5.com (www.askf5.com).

76
Chapter

13
Configuring a TTL in a DNS NoError Response

• Overview: Configuring a TTL in an IPv6 DNS

NoError Response
• Task summary
• Implementation result
Configuring a TTL in a DNS NoError Response

Overview: Configuring a TTL in an IPv6 DNS NoError Response

You can configure BIG-IP® GTM™ to return IPv6 DNS NoError responses that include a TTL. This allows
local DNS servers to cache the negative response. Negative caching reduces both the response time for
negative DNS responses and the number of messages that must be sent between resolvers and local DNS
servers.

About SOA records and negative caching

A start of authority SOA record contains a TTL that allows a local DNS server to cache a DNS NoError
response to an IPv6 query.

Task summary
You can configure GTM™ to provide a negative caching TTL for a domain name by performing these
specific tasks.
Creating a pool
Creating a wide IP that provides for negative caching

Creating a pool
Ensure that at least one virtual server exists in the configuration before you start to create a load balancing
pool.
Create a pool to which the system can load balance global traffic.
1. On the Main tab, click Global Traffic > Pools.
The Pools list screen opens.
2. Click Create.
3. Type a name for the pool.
Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.

Important: The pool name is limited to 63 characters.

4. For the Health Monitors setting, in the Available list, select a monitor type, and click << to move the
monitor to the Active list.

Tip: Hold the Shift or Ctrl key to select more than one monitor at a time.

5. For the Member List setting, add virtual servers as members of this load balancing pool.
The system evaluates the virtual servers (pool members) in the order in which they are listed. A virtual
server can belong to more than one pool.
a) Select a virtual server from the Virtual Server list.
b) Click Add.

78
BIG-IP® Global Traffic Manager™: Implementations

6. Click Finished.

Creating a wide IP that provides for negative caching

Ensure that at least one global load balancing pool exists in the configuration before you create a wide IP.
Create a wide IP configured in a manner where GTM™ returns an SOA record, containing a TTL with an
IPv6 DNS NoError response. This allows the local DNS servers to cache the negative response, and thus
provide faster responses to DNS queries.
1. On the Main tab, click Global Traffic > Wide IPs.
The Wide IP List screen opens.
2. Click Create.
The New Wide IP screen opens.
3. From the General Properties list, select Advanced.
This selection allows you to modify additional default settings.
4. In the Name field, type a name for the wide IP.

5. From the IPv6 NoError Response list, select Enabled.

With this option enabled, the system responds faster to IPv6 requests for which it does not have AAAA
records configured.
6. In the IPv6 NoError TTL field, type the number of seconds that the local DNS servers consider the
IPv6 NoError response to be valid. When you set this value, you must enable the IPv6 NoError Response
setting as well.
7. From the Pool list, select the pools that this wide IP uses for load balancing.
The system evaluates the pools based on the wide IP load balancing method configured.
a) From the Pool list, select a pool.
A pool can belong to more than one wide IP.
b) Click Add.

8. Click Finished.

Implementation result
You now have an implementation in which GTM™ returns a TTL in an IPv6 DNS NoError response for a
web site represented by a wide IP in the GTM configuration.

79
Chapter

14
Configuring Device-Specific Probing and Statistics
Collection

• Overview: Configuring device-specific

probing and statistics collection
• Task summary
• Implementation result
Configuring Device-Specific Probing and Statistics Collection

Overview: Configuring device-specific probing and statistics collection

BIG-IP® Global Traffic Manager™ (GTM) performs intelligent probing of your network resources to
determine whether the resources are up or down. In some circumstances, for example, if your network
contains firewalls, you might want to set up device-specific probing to specify which BIG-IP® systems
probe specific servers for health and performance data.

About Prober pools

A Prober pool is an ordered collection of one or more BIG-IP® systems. BIG-IP Global Traffic Manager™
(GTM™) can be a member of more than one Prober pool, and a Prober pool can be assigned to an individual
server or a data center. When you assign a Prober pool to a data center, by default, the servers in that data
center inherit that Prober pool.
The members of a Prober pool perform monitor probes of servers to gather data about the health and
performance of the resources on the servers. BIG-IP GTM makes load balancing decisions based on the
gathered data. If all of the members of a Prober pool are marked down, or if a server has no Prober pool
assigned, BIG-IP GTM reverts to a default intelligent probing algorithm to gather data about the resources
on the server.
This figure illustrates how Prober pools work. BIG-IP GTM contains two BIG-IP Local Traffic Manager™
(LTM™) systems that are assigned Prober pools and one BIG-IP LTM system that is not assigned a Prober
pool:

Figure 9: BIG-IP systems with prober pools

Prober Pool 1 is assigned to a generic host server

BIG-IP LTM3 is the only member of Prober Pool 1, and performs all HTTPS monitor probes of the
server.

Prober Pool 2 is assigned to generic load balancers

BIG-IP LTM1 and BIG-IP LTM2 are members of Prober Pool 2. These two systems perform HTTP
monitor probes of generic load balancers based on the load balancing method assigned to Prober Pool
2.

The generic load balancers on the left side of the graphic are not assigned a Prober pool
BIG-IP GTM can solicit any BIG-IP system to perform FTP monitor probes of these load balancers,
including systems that are Prober pool members.

82
BIG-IP® Global Traffic Manager™: Implementations

About Prober pool status

The status of a Prober pool also indicates the status of the members of the pool. If at least one member of
a Prober pool has green status (Available), the Prober pool has green status.
The status of a Prober pool member indicates whether the BIG-IP GTM system, on which you are viewing
status, can establish an iQuery connection with the member.

Note: If a Prober pool member has red status (Offline), no iQuery connection exists between the member
and the BIG-IP GTM system on which you are viewing status. Therefore, that BIG-IP GTM system cannot
request that member to perform probes, and the Prober pool will not select the member for load balancing.

About Prober pool statistics

You can view the number of successful and failed probe requests that the BIG-IP® GTM™ system (on which
you are viewing statistics) made to the Prober pools. These statistics reflect only the number of Probe
requests and their success or failure. These statistics do not reflect the actual probes that the pool members
made to servers on your network.
Prober pool statistics are not aggregated among the BIG-IP GTM systems in a synchronization group. The
statistics on one BIG-IP GTM include only the requests made from that BIG-IP GTM system.
In this figure, the Prober pool statistics that display on BIG-IP GTM1 are the probe requests made only by
that system.

Figure 10: Prober pool statistics displayed per system

83
Configuring Device-Specific Probing and Statistics Collection

Task summary
Perform these tasks to configure device-specific probing and statistics collection.
Creating a Prober pool
Assigning a Prober pool to a data center
Assigning a Prober pool to a server
Viewing Prober pool statistics and status
Determining which Prober pool member marked a resource down

Creating a Prober pool

Obtain a list of the BIG-IP® systems in your network and ensure that a server object is configured on the
BIG-IP GTM™for each system.
Create a Prober pool that contains the BIG-IP systems that you want to perform monitor probes of a specific
server or the servers in a data center.
1. On the Main tab, click Global Traffic > Prober Pools.
The Prober Pool List screen opens.
2. Click Create.
The New Prober Pool screen opens.
3. In the Name field, type a name for the Prober pool.

Important: Prober pool names are limited to 63 characters.

4. Select a method from the Load Balancing Method list.

Option Description
Round Robin BIG-IP GTM load balances monitor probes among the members of a
Prober pool in a circular and sequential pattern.
Global Availability BIG-IP GTM selects the first available Prober pool member to perform
a monitor probe.

5. Assign members to the pool by moving servers from the Available list to the Selected list.
6. To reorder the members in the Selected list, choose a server and use the Up and Down buttons to move
the server to a different location in the list.
The order of the servers in the list is important in relation to the load balancing method you selected.
7. Click Finished.

Assign the Prober pool to a data center or a server.

Assigning a Prober pool to a data center

Ensure that a Prober pool is available on the system.
To make a specific collection of BIG-IP® systems available to probe the servers in a data center, assign a
Prober pool to the data center.

84
BIG-IP® Global Traffic Manager™: Implementations

1. On the Main tab, click Global Traffic > Data Centers.

The Data Center List screen opens.
2. Click a data center name in the list.
The data center settings and values display.
3. From the Prober Pool list, select the Prober pool that contains the BIG-IP® systems that you want to
perform monitor probes of the servers in this data center.
By default, all of the servers in the data center inherit this Prober pool.
4. Click Update.

Assigning a Prober pool to a server

Ensure that a Prober pool is available on the system.
To specify which BIG-IP® systems perform monitor probes of a server, assign a Prober pool to the server.
1. On the Main tab, click Global Traffic > Servers.
The Server List screen opens.
2. In the Server List, click a server name.
The server settings and values display.
3. From the Prober Pool list, select one of the following.
Option Description
Inherit from Data Center By default, a server inherits the Prober pool assigned to the data
center in which the server resides.
Prober pool name Select the Prober pool that contains the BIG-IP systems that you
want to perform monitor probes of this server.

4. Click Update.

Viewing Prober pool statistics and status

You can view status and statistics for Prober pools and the members of the pools.
1. On the Main tab, click Global Traffic > Prober Pools.
The Prober Pool List screen opens.
2. On the menu bar, click Statistics.
The Global Traffic Statistics screen opens.
3. Click the Refresh button.
The statistics are updated.
4. To view additional information about the status of a Prober pool, place your cursor over the icon in the
Status column.
5. To view additional information about the status of a Prober pool member, click View in the Members
column, and then place your cursor over the icon in the Status column of a specific member.

85
Configuring Device-Specific Probing and Statistics Collection

Determining which Prober pool member marked a resource down

When a resource is marked down, you can open the BIG-IP GTM log to view the SNMP trap and determine
which member of a Prober pool marked the resource down.
1. On the Main tab, click System > Logs.
The System logs screen opens.
2. On the menu bar, click Local Traffic.
The Local Traffic logs screen opens.
3. You can either scroll through the log or search for a log entry about a specific event.

Implementation result
You now have an implementation in which a specific BIG-IP® system probes the resources on a specific
server, or the servers in a specific data center.

86
Chapter

15
Configuring How and When GTM Saves Configuration
Changes

• Overview: Configuring how and when GTM

saves configuration changes
Configuring How and When GTM Saves Configuration Changes

Overview: Configuring how and when GTM saves configuration changes

By default, BIG-IP® Global Traffic Manager™ (GTM™) automatically saves GTM configuration changes
15 seconds after the change is made in either the Configuration utility or tmsh. You can change how long
GTM waits before it saves GTM configuration changes. In addition, you can disable automatic saves of
GTM configuration changes, but then you must run a command in tmsh to save those changes. All changes
to the GTM configuration are stored in the bigip_gtm.conf file.

Task summary
Perform one of these tasks to configure how and when the BIG-IP system saves GTM configuration changes.
Changing the automatic configuration save timeout
Enabling manual saves of configuration changes
Configuring how and when GTM saves configuration changes using tmsh

Changing the automatic configuration save timeout

Ensure that GTM™ is provisioned on the device.
You can change how long the BIG-IP system waits to save the GTM configuration following a GTM
configuration change. For example, if you are making many changes to the GTM configuration at one time,
you might want to extend the Configuration Save Timeout to allow you to complete more changes before
the GTM configuration is saved.
1. On the Main tab, click System > Configuration > Global Traffic > General.
The General configuration screen opens.
2. For the Automatic Configuration Save setting, select the Enabled check box.
3. In the Automatic Configuration Save Timeout field, type the number of seconds that follow a GTM
configuration change before the GTM configuration is automatically saved.
The values shown in the table are worth noting:
Value in seconds Description
0 BIG-IP GTM immediately saves changes to the configuration.
86400 Maximum number of seconds following a GTM configuration change before
the BIG-IP system saves the GTM configuration.
15 Default number of seconds following a GTM configuration change before the
BIG-IP system saves the GTM configuration.

Warning: Setting the value of Automatic Configuration Save Timeout to less than 10 seconds can
impact system performance.

The BIG-IP system waits the specified number of seconds before saving GTM configuration changes to
the stored configuration.

Enabling manual saves of configuration changes

Ensure that GTM™ is provisioned on the device.

88
BIG-IP® Global Traffic Manager™: Implementations

You can disable automatic saves of GTM configuration changes when you want to have strict control over
when GTM configuration changes are saved to the stored configuration. CPU usage can be affected simply
by saving small changes to a large configuration.
1. On the Main tab, click System > Configuration > Global Traffic > General.
The General configuration screen opens.
2. For the Automatic Configuration Save setting, clear the Enabled check box to disable automatic saves
of GTM configuration changes.

Important: If you disable automatic saves of GTM configuration changes, to save those changes you
must run this command from the command line: tmsh save sys config gtm-only partitions
all

3. Click Update.

Configuring how and when GTM saves configuration changes using tmsh
Ensure that GTM™ is provisioned on the device, and that your user role provides access to tmsh.
By default, the BIG-IP® system automatically saves GTM configuration changes made in the Configuration
utility and tmsh. You can change how long the system waits to save GTM configuration changes. You can
also configure the system for manual saves that require you to run a tmsh command to save GTM
configuration changes.
1. Log in to the command-line interface of the BIG-IP system.
2. Run a variation of this command, based on how and when you want the BIG-IP system to save GTM
configuration changes:
tmsh modify gtm global-settings general automatic-configuration-save-timeout
<interval in seconds>
Note the value for each save-timeout interval:
Interval in seconds Value description
0 BIG-IP GTM immediately saves changes to the configuration.
-1 BIG-IP GTM never saves changes to the configuration (manual save required).
86400 Maximum number of seconds following a GTM configuration change before
the system saves the change.
15 Default number of seconds following a GTM configuration change before the
system saves the change.

Warning: Setting automatic-configuration-save-timeout to less than 10 seconds can impact system

performance.

BIG-IP GTM waits the number of seconds you specify before saving GTM configuration changes. If you
specified -1, then you must save the configuration manually using this command: tmsh save sys config
gtm-only partitions all

89
Chapter

16
Configuring Logging of Global Server Load Balancing
Decisions

• About logging global server load-balancing

decisions
Configuring Logging of Global Server Load Balancing Decisions

About logging global server load-balancing decisions

When BIG-IP® GTM™ receives a DNS name resolution request for a wide IP, in order to send a response,
the system makes a load-balancing decision. The decision is based on the load-balancing method configured
on the wide IP, the number of pools associated with the wide IP, and the applicable number of members in
each pool.
You can send information about how GTM made the load-balancing decision to the high-speed remote logs;
reviewing the logs can help determine how to fine-tune your network.

Configuring logs for global server load-balancing decisions

Ensure that at least one wide IP exists in the BIG-IP® GTM™ configuration, and that high-speed remote
logging is configured on the device.
When you want to view the global server load-balancing decisions made by BIG-IP GTM in the high-speed
remote logs, configure the verbosity of the information that displays in the logs.
1. On the Main tab, click Global Traffic > Wide IPs.
The Wide IP List screen opens.
2. Click the name of the wide IP you want to modify.
3. For the Load-Balancing Decision Log setting, select the check boxes of the options that you want to
include in the high-speed remote logs.
Check-box option Log information
Pool Selection The pool selected to answer a DNS request, and why the pool was
selected.
Pool Traversal The pools in the wide IP considered during the load-balancing
decision, and why the pool was selected.
Pool Member Selection The pool member selected to answer a DNS request, and why the
member was selected.
Pool Member Traversal The members of the pool considered during the load-balancing
decision, and why the member was selected.

Example log for a wide IP configured for Ratio load balancing when Load-Balancing Decision Log is
set to only Pool Selection: 2013-03-14 15:40:05 bigip1.com to 10.10.10.9#34824:
[wip.test.net A] [ratio selected pool (pool_b) with the first highest ratio
counter (1)]
Example log for a wide IP configured for Ratio load balancing when Load-Balancing Decision Log is
set to both Pool Selection and Pool Traversal: 2013-03-14 16:18:41 bigip1.com from
10.10.10.9#35902 [wip.test.net A] [ratio selected pool (pool_a) - ratio counter
(0) is higher] [ratio skipped pool (pool_b) - ratio counter (0) is not higher]
[ratio reset IPv4 ratio counter to original ratios - the best had zero ratio
count] [ratio selected pool (pool_a) - ratio counter (1) is not higher] [ratio
selected pool (pool_b) - ratio counter (1) is not higher] [ratio selected
pool (pool_a) with the first highest ratio counter (1)]

92
Chapter

17
Monitoring Third-Party Servers with SNMP

• Overview: SNMP monitoring of third-party

servers
• Implementation result
Monitoring Third-Party Servers with SNMP

Overview: SNMP monitoring of third-party servers

You can configure the BIG-IP® to acquire information about the health of a third-party server using SNMP.
The server must be running an SNMP agent.

Task summary
To configure BIG-IP® GTM™ to acquire information about the health of a third-party server using SNMP,
perform the following tasks.
Creating an SNMP monitor
Defining a third-party host server that is running SNMP

Creating an SNMP monitor

Create an SNMP monitor that BIG-IP® can use to monitor a third-party server running SNMP.
1. Click Create.
The New Monitor screen opens.
2. Type a name for the monitor.

Important: Monitor names are limited to 63 characters.

3. From the Type list, select one of the following:

Option Description
SNMP DCA Use this monitor to specify new values for CPU, memory, and disk
metrics.
SNMP DCA Base Use this monitor to specify values for metrics other than CPU,
memory, and disk usage.

4. Click Finished.

Defining a third-party host server that is running SNMP

Ensure that the third-party host server is running SNMP. During this procedure, you assign a virtual server
to the server; therefore, determine the IP address that you want to assign to the virtual server.
On the BIG-IP GTM, define a third-party host server that is the ultimate destination of DNS name resolution
requests.
1. On the Main tab, click Global Traffic > Servers.
The Server List screen opens.
2. Click Create.
The New Server screen opens.
3. In the Name field, type a name for the server.

Important: Server names are limited to 63 characters.

94
BIG-IP® Global Traffic Manager™: Implementations

4. From the Product list, select a third-party host server or select Generic Host.
The server type determines the metrics that the system can collect from the server.
5. In the Address List area, add the IP addresses of the server.
a) Type an external (public) IP address in the Address field, and then click Add.
b) If you use NAT, type an internal (private) IP address in the Translation field, and then click Add.

You can add more than one IP address, depending on how the server interacts with the rest of your
network.
6. From the Data Center list, select the data center where the server resides.
7. From the Prober Pool list, select one of the following.
Option Description
Inherit from Data Center By default, a server inherits the Prober pool assigned to the data
center in which the server resides.
Prober pool name Select the Prober pool that contains the BIG-IP systems that you
want to perform monitor probes of this server.

8. In the Health Monitors area, assign an SNMP monitor to the server by moving it from the Available
list to the Selected list.
9. From the Virtual Server Discovery list, select Disabled.
10. In the Virtual Server List area, create a virtual server to represent (in a pool) the host server that you are
creating.
a) In the Name field, type a name for the virtual server.
b) In the Address field, type the IP address of the host server.
c) From the Service Port list, select SNMP.
d) Click Add.

11. Click Create.

The Server List screen opens displaying the new server in the list.

Implementation result
BIG-IP® GTM™ can now use the SNMP monitor to verify the availability of and to collect statistics about
the generic host.

95
Chapter

18
Troubleshooting a BIG-IP System with a Rate-Limited
License

• About GTM and DNS rate-limited license

statistics
Troubleshooting a BIG-IP System with a Rate-Limited License

About GTM and DNS rate-limited license statistics

If you have a BIG-IP® GTM™ or DNS Services rate-limited license, BIG-IP displays statistics about the
rate limits including Effective Rate Limit (RPS), Object Count, and Rate Rejects. Rate limit statistics
are displayed separately for Global Traffic Management and DNS.

Viewing rate-limited license statistics

Ensure that the BIG-IP® system has a rate-limited license.
View statistics about GTM™ and DNS Services licensed service rates to help you determine when to upgrade
your license.
1. On the Main tab, click Statistics > Module Statistics > Local Traffic.
The Local Traffic statistics screen opens.
2. From the Statistics Type list, select Profiles Summary.
3. In the Global Profile Statistics area and the Details column of the DNS profile, click View.
4. In the DNS area, view the Effective Rate Limit (RPS), Object Count, and Rate Rejects statistics.

Statistic type Description

Effective Rate Limit The number of DNS name resolution requests per second the BIG-IP system
(RPS) handles based on the rate-limited license installed on the system.
Object Count The sum of these objects configured on the BIG-IP system: DNS
Express™zones, DNS cache resolvers, and DNSSEC zones.
Rate Rejects The number of DNS requests that the BIG-IP system has rejected based on
the rate limit of the license installed on the system.

5. In the Global Traffic Management area, view the Effective Rate Limit (RPS), Object Count, and Rate
Rejects statistics.

Statistic type Description

Effective Rate Limit The number of DNS name resolution requests per second the BIG-IP GTM
(RPS) system handles based on the rate-limited license installed on the system.
Object Count The sum of these objects configured on the BIG-IP GTM system: data
centers, wide IPs, wide IP aliases, servers, GTM pools, GTM pool members,
virtual servers, GTM iRules®, and topology records.
Rate Rejects The number of DNS requests that the BIG-IP GTM system has rejected
based on the rate limit of the license installed on the system.

Tip: The GTM license includes the DNS Services license. Global traffic
management requests (requests for wide IPs) are a subset of DNS requests.
Therefore, when the number of requests that GTM receives for a wide IP
exceeds the DNS Services rate limit, the Rate Rejects count for DNS
increments, rather than the Rate Rejects count for Global Traffic
Management incrementing.

98
Chapter

19
How to Diagnose Network Connection Issues

• Diagnosing network connection issues

How to Diagnose Network Connection Issues

Diagnosing network connection issues

To help you diagnose network connection issues, you can view the status of and statistics about the iQuery®
connections between BIG-IP® and other BIG-IP systems on your network. iQuery connection information
displays for IP addresses that are configured on BIG-IP server objects.

Viewing iQuery statistics

Ensure that the BIG-IP® GTM™ configuration contains at least one BIG-IP server object with a self IP
address.
To view information about the connections between BIG-IP GTM and other BIG-IP systems, view iQuery®
statistics.
1. From the Statistics Type list, select iQuery.
Information about the iQuery connections between this system and other BIG-IP systems in your network
displays.
2. When you want to estimate iQuery traffic throughput, click Reset.
The following statistics are reset to zero:
• iQuery Reconnects
• Bytes In
• Bytes Out
• Backlogs
• Bytes Dropped

To view information about the iQuery® connections between a different and the BIG-IP systems in your
network, log in to that BIG-IP GTM and repeat this procedure.

iQuery statistics descriptions

The information in the table describes the iQuery statistics.

iQuery Statistics Description

IP Address Displays the IP addresses of the servers that have an
iQuery connection with this .
Server Displays the name of the server with the specified
IP address.
Data Center Displays the data center to which the specified server
belongs.
iQuery State Displays the state of the iQuery connection between
the specified server and the . Possible states are:
• Not Connected
• Connecting
• Connected
• Backlogged (indicates messages are queued and
waiting to be sent)

100
BIG-IP® Global Traffic Manager™: Implementations

iQuery Statistics Description

iQuery Reconnects Displays the number of times the re-established an
iQuery connection with the specified server.
Bytes In Displays the amount of data in bytes received by the
over the iQuery connection from the specified server.
Bytes Out Displays the amount of data in bytes sent from the
over the iQuery connection to the specified server.
Backlogs Displays the number of times the iQuery connection
between the and the specified server was blocked,
because iQuery had to send out more messages than
the connection could handle.
Bytes Dropped Displays the amount of data in bytes that the iQuery
connection dropped.
SSL Certificate Expiration Displays the date the SSL certificate expires.
Configuration Time Displays the date and time that the configuration was
last modified. The timestamps should be the same
for all devices in a GTM synchronization group.

101
Index

Index
A CNAME resolutions
viewing statistics about 37
allow-transfer statement, modifying for zone file transfers 41 configuration changes
authentication and configuring manual save 88
and SSL certificate chains 76 configuration files, acquiring 28
and SSL certificates 72 configuration saves
authoritative name server, designating GTM 42 and changing the save timeout 88
authorizing BIG-IP communications 14 configuration synchronization
auto-discovery, disabling at the global-level 63 enabling for GTM 68
automatic configuration save connection refused error
changing the save interval 89 and listeners 42
disabling 88 and TCP protocol 42
disabling using tmsh 89 connections
automatic configuration save timeout viewing iQuery statistics 100
changing 88 viewing status 100
automatic save
about 88
configuring the save timeout 88
D
auto-save data centers
configuring the save timeout 88 assigning Prober pools 84
creating 27
B defining 14, 20, 67
delegated zones
big3d_install script, running 17 and listeners 33
big3d agent creating on local DNS servers 33
and iQuery 14 deterministic probing, implementing 82
and SSL certificates 72 device certificates
importing certificate chains 75 and CA servers 72
importing root certificate 73 importing 72, 74
upgrading 17 disabling automatic configuration save 88
bigip_add utility disabling automatic save 89
and integrating LTM with GTM 20 DNS requests for GTM, load balancing 18
running 23 DNS server pools, and listeners 51
BIG-IP communications 14 DNS servers
BIG-IP LTM and creating pools 51
and route domains 54 and GTM 46
and server definition 16, 22 and pools 50
BIG-IP systems, and iQuery connections 100 and wide IPs 32
Bridge mode, and global traffic management 47 configuring to allow zone file transfers 41
delegating wide IP requests 32
identifying legacy 41
C modifying 42
canonical names replacing with GTM 40
and pools 36 DNS Services
canonical names, and creating pools 36 about rate-limited license statistics 98
CA servers, and device certificates 74 DNS statistics
certificate chains viewing per wide IP 37
and SSL authentication 74 DNS traffic
creating 74 and GTM 46
verifying exchange 75 and statistics per wide IP 37
certificate exchange, verifying 73 and wide IPs 46
certificates creating listeners to forward 47
importing device 72 creating listeners to identify 42
certificates, importing device 74 forwarding 46
CNAME record identifying 33
and redirecting DNS requests 36 routing 46
CNAME records
about 36

103
Index

E L
effective rate limit (RPS) LDNS, creating delegated zones 33
about rate-limited license statistics 98 legacy DNS servers
enabling automatic save 89 and zone files 41
enabling manual save 88 identifying by self IP addresses on BIG-IP GTM 41
Level 1, about SSL authentication 72
listeners
F about wildcard 46
file transfers, See zone file transfers. and pools of DNS servers 51
forwarding traffic to DNS servers 46 and refused connection error 42
and TCP protocol 42
and UDP protocol 42
G creating to forward DNS traffic 47
creating to handle wide IP traffic locally 33
global server load balancing
creating to identify DNS traffic 42, 66
and decision logs 92
listeners, defined 32, 40, 46, 50
global traffic management
load balancing DNS requests for GTM 18
and wildcard listeners 46
load balancing process
load balancing to a pool of DNS servers 50
about Prober pool status 83
global traffic management, and Bridge mode 47
about traffic management capabilities 14
GTM
and non-wide IP traffic 50
about rate-limited license statistics 98
and Prober pools 82
and bigip_add utility 23
load balancing traffic to a pool of DNS servers 50
integrating with LTM 20
local DNS servers, and replacing with GTM 40
gtm_add script
logging
and server status 27
enabling load-balancing decision logs for a wide IP 92
running 28
logical network components
using 68
and creating wide IPs 43, 47
gtmd agent
logs, and Prober pool data 86
and importing root certificates 73
LTM
and SSL certificates 72
and bigip_add utility 23
importing certificate chains 75
and route domains 54, 60
gtmd agent, and iQuery 14
and server definition 16, 22
GTM synchronization groups
integrating with GTM 20
about 26
adding new GTM 26
illustrated 26 M
manual save
H configuring using tmsh 89
enabling 88
high-speed remote logs
and load-balancing decisions 92
hosts, defining 94 N
negative DNS responses, and GTM 78
I network, deploying GTM for single route domain 54
network connection issues, diagnosing 100
integrating with existing DNS servers 32
network placement of GTM forwarding traffic 47
integration of GTM with older systems 14
network traffic, and listeners 32, 40, 46, 50
integration of LTM and GTM systems 20
NTP servers, defining 66
intelligent probing, about 82
iQuery
and big3d agent 14 O
and gtmd agent 14
and statistics 100 object count
viewing statistics about connections 100 about rate-limited license statistics 98
viewing status of connections 100
iQuery connections P
and statistics 100
and status 100 placement of GTM on network to forward traffic 47
pools
and CNAME records 36

104
Index

pools (continued) servers

and DNS servers 50–51 assigning Prober pools 85
creating 78 defining BIG-IP LTM systems 16, 22
creating with canonical name 36 defining for BIG-IP GTM 15, 20
primary servers, defining for zones 42 defining for route domains 56, 63
Prober pools defining GTM redundant system configurations 67
about 82 defining new BIG-IP GTM 27
about statistics 83 defining third-party host servers 94
about status 83 single route domain, deploying GTM on network 54
and data centers 84 SNMP monitoring
and deterministic probing 82 and third-party host servers 94
and logs 86 creating monitors 94
and servers 85 SOA records
and statistics 85 about 78
creating 84 and wide IPs 78
SSL authentication
about 72
R and certificate chains 76
rate-limited DNS Services license defined 72
and viewing statistics 98 SSL certificates
rate-limited GTM license about Level 1 SSL authentication 72
and viewing statistics 98 about self-signed 72
rate rejects and big3d agent 73, 75
about rate-limited license statistics 98 and CA servers 72
redirect using CNAME record and certificate chain authentication 74
about 36 and gtmd agent 73, 75
redundant system configurations and verifying chain exchange 75
and GTM 66 creating chains 74
defining servers 67 signed by third party 72
refused connection error 42 verifying exchange 73
replacing local DNS servers 40 statistics
rollover, See emergency rollover. 66 about iQuery 100
root certificates, importing 73 viewing for DNS traffic per wide IP 37
root servers, and zones 42 viewing for Prober pools 85
route domains viewing per wide IP 37
and GTM 54 statistics, and Prober pools 83
and LTM 54, 60 status, and Prober pools 83
and self IP addresses 56, 63 synchronization
and server definition 56, 63 enabling 26
and VLANs 55, 62 enabling for GTM 68
creating 55, 62 synchronization groups
deploying GTM on network with multiple route domains about 26
60 adding new GTM 26
routing traffic to DNS servers 46 illustrated 26

S T
saving configuration changes TCP protocol
about 88 and connection refused error 42
and changing the save interval using tmsh 89 and listeners 42
and changing the save timeout 88 third-party servers, and SNMP monitoring 94
and configuring manual save 88 traffic forwarding, placement of GTM 47
scripts
running big3d_install script 17 U
running gtm_add script 27
self IP addresses UDP protocol, and listeners 42
and route domains 63
creating for route domains 56
creating on GTM for legacy DNS servers 41
V
self-signed SSL certificates, about 72 virtual servers
server pools, and listeners 51 disabling auto-discovery at the global-level 63

105
Index

VLANs wide IPs (continued)

creating for a route domain on BIG-IP LTM 62 creating 43, 47
creating for route domains 55 enabling load-balancing decision logging 92
wildcard listeners, defined 46
W
Z
wide IPs
and DNS servers 32, 46 zone files, acquiring from legacy DNS servers 41
and DNS traffic 33 zone file transfers, and configuring DNS servers 41
and load-balancing decision logs 92 zones
and pools configured with a CNAME 36 and GTM as primary server 42
and SOA records 78 and root servers 42

106

LTM Implementations 12 1 0
No ratings yet
LTM Implementations 12 1 0
228 pages
F5 Configuring BIG-IP GTM v11 Student Guide
No ratings yet
F5 Configuring BIG-IP GTM v11 Student Guide
328 pages
Installing An Operating System
100% (1)
Installing An Operating System
83 pages
F5 GTM Listener and Sync Group Configuration
100% (1)
F5 GTM Listener and Sync Group Configuration
15 pages
BIG-IP DNS Implementations
No ratings yet
BIG-IP DNS Implementations
122 pages
Ipcc Lab Guide V11
100% (1)
Ipcc Lab Guide V11
42 pages
F5 BIGIP Basic Training
67% (3)
F5 BIGIP Basic Training
7 pages
F5 Big-Ip Dns (Or GTM) : Rakesh
100% (1)
F5 Big-Ip Dns (Or GTM) : Rakesh
26 pages
Better Practices For Guest Networks On Cisco Catalyst Wireless - BRKEWN-2284
No ratings yet
Better Practices For Guest Networks On Cisco Catalyst Wireless - BRKEWN-2284
106 pages
Big Ip DNS Datasheet.
100% (1)
Big Ip DNS Datasheet.
19 pages
Configuring BIG IP ASM ApplicationSecurityManager1
No ratings yet
Configuring BIG IP ASM ApplicationSecurityManager1
7 pages
BIG-IP LTM v10.2 Essentials - Student Guide
100% (1)
BIG-IP LTM v10.2 Essentials - Student Guide
252 pages
301a Demo
No ratings yet
301a Demo
8 pages
Notes 1
No ratings yet
Notes 1
1 page
CVP Call Flow
100% (1)
CVP Call Flow
2 pages
Cisco Sd-Wan Vmanage Cluster Creation and Troubleshooting
No ratings yet
Cisco Sd-Wan Vmanage Cluster Creation and Troubleshooting
27 pages
GTM Advanced Topics - v5
No ratings yet
GTM Advanced Topics - v5
11 pages
Bigip F5 LTM Training Loadbalance: Syllabus Blueprint
No ratings yet
Bigip F5 LTM Training Loadbalance: Syllabus Blueprint
1 page
F5.301a Reviewed2 PDF
No ratings yet
F5.301a Reviewed2 PDF
29 pages
Configuration Guidefor BIG-IP Global Traffic Manager
No ratings yet
Configuration Guidefor BIG-IP Global Traffic Manager
350 pages
BIG-IP Global Traffic Manager Concepts
No ratings yet
BIG-IP Global Traffic Manager Concepts
68 pages
F5 ASM Training
No ratings yet
F5 ASM Training
3 pages
55 Python Projects
No ratings yet
55 Python Projects
8 pages
Agentic AI Red Teaming Guide JUN 2025
No ratings yet
Agentic AI Red Teaming Guide JUN 2025
62 pages
Section 1 - Troubleshoot Basic Virtual Server Connectivity Issues PDF
No ratings yet
Section 1 - Troubleshoot Basic Virtual Server Connectivity Issues PDF
31 pages
F5 LTM Lab Setup in Vmware Workstation:: Vmnet0 Vmnet8 Vmnet1
No ratings yet
F5 LTM Lab Setup in Vmware Workstation:: Vmnet0 Vmnet8 Vmnet1
3 pages
F5 GTM Course Content
No ratings yet
F5 GTM Course Content
4 pages
f5 LTM
No ratings yet
f5 LTM
16 pages
F5 GTM Specialist Certification Resource Guide: Purpose of This Document
No ratings yet
F5 GTM Specialist Certification Resource Guide: Purpose of This Document
15 pages
AskF5 - Manual Chapter - About Virtual Servers PDF
No ratings yet
AskF5 - Manual Chapter - About Virtual Servers PDF
10 pages
f5 Networks Configuring Big Ip LTM Local Traffic Manager v13
No ratings yet
f5 Networks Configuring Big Ip LTM Local Traffic Manager v13
4 pages
F5 Certification Prep Planning To Succeed
100% (1)
F5 Certification Prep Planning To Succeed
29 pages
F5 Os Upgrade Procedure
No ratings yet
F5 Os Upgrade Procedure
9 pages
F5 LTM
No ratings yet
F5 LTM
18 pages
Aci Troubleshooting Book PDF
No ratings yet
Aci Troubleshooting Book PDF
230 pages
F5-101 - 29 May 2020
No ratings yet
F5-101 - 29 May 2020
157 pages
BIG-IP TMOS Implementations
No ratings yet
BIG-IP TMOS Implementations
276 pages
F5 201 Notes
No ratings yet
F5 201 Notes
13 pages
Works - Certforall.201.dumps.2022 Nov 06.by - Harlan.86q.vce
No ratings yet
Works - Certforall.201.dumps.2022 Nov 06.by - Harlan.86q.vce
22 pages
Works Examcollection 201 Dumps 2022-Feb-13 by Dominic 86q Vce
No ratings yet
Works Examcollection 201 Dumps 2022-Feb-13 by Dominic 86q Vce
20 pages
Jabber Login Flow
No ratings yet
Jabber Login Flow
132 pages
Basic 9 Computer 2nd Term E-Notes
No ratings yet
Basic 9 Computer 2nd Term E-Notes
18 pages
Configuration - Administration BIG-IP LTM - LAB GUIDE (DriveIT Techlab)
No ratings yet
Configuration - Administration BIG-IP LTM - LAB GUIDE (DriveIT Techlab)
77 pages
VVB 11.6 Messge Flow With Comprehensive Call Flow PDF
No ratings yet
VVB 11.6 Messge Flow With Comprehensive Call Flow PDF
22 pages
Error Code F5
0% (1)
Error Code F5
2 pages
BIG IP Reference
No ratings yet
BIG IP Reference
504 pages
f5 LTM DNS Operations Guide
No ratings yet
f5 LTM DNS Operations Guide
129 pages
Cisco Identity Services Engine ISE Mentored Implementation Pilot
No ratings yet
Cisco Identity Services Engine ISE Mentored Implementation Pilot
6 pages
F5 Lab Topics
No ratings yet
F5 Lab Topics
2 pages
UCCE Trace Settings and Log Collection
No ratings yet
UCCE Trace Settings and Log Collection
10 pages
ISE Auth-Feature Flows - v1
No ratings yet
ISE Auth-Feature Flows - v1
36 pages
NIOS 8.6.x Documentation
No ratings yet
NIOS 8.6.x Documentation
2,330 pages
10.1.4.8 Lab - Configure ASA 5505 Basic Settings and Firewall Using ASDM
No ratings yet
10.1.4.8 Lab - Configure ASA 5505 Basic Settings and Firewall Using ASDM
40 pages
Big-Ip Virtual Edition and Vmware Esxi: Setup
No ratings yet
Big-Ip Virtual Edition and Vmware Esxi: Setup
26 pages
Getting Started BIG IP Part1 Setup Lab Guide
No ratings yet
Getting Started BIG IP Part1 Setup Lab Guide
17 pages
10 Troubleshooting F5 LTM
No ratings yet
10 Troubleshooting F5 LTM
15 pages
BIG-IP Command Line Interface Guide
No ratings yet
BIG-IP Command Line Interface Guide
514 pages
F5 CLI VIP Creation
No ratings yet
F5 CLI VIP Creation
3 pages
Initial VCMP Configuration Tasks: Manual Chapter
No ratings yet
Initial VCMP Configuration Tasks: Manual Chapter
7 pages
Unban Script
No ratings yet
Unban Script
34 pages
Configuration Guide For BIG-IP Access Policy Manager
No ratings yet
Configuration Guide For BIG-IP Access Policy Manager
428 pages
Cisco Identity Services Engine (ISE) OG PDF
No ratings yet
Cisco Identity Services Engine (ISE) OG PDF
23 pages
BIG-IP Advanced Routing Troubleshooting Guide
No ratings yet
BIG-IP Advanced Routing Troubleshooting Guide
96 pages
BIG-IP Global Traffic Manager Concepts
No ratings yet
BIG-IP Global Traffic Manager Concepts
62 pages
Microsoft Excel Beginner To Advanced Course Curriculum
No ratings yet
Microsoft Excel Beginner To Advanced Course Curriculum
4 pages
BGP Notes
No ratings yet
BGP Notes
29 pages
Gartner Reprint ADC
No ratings yet
Gartner Reprint ADC
31 pages
6-68165-01 - User Essentials - DXi6902 - RevA
No ratings yet
6-68165-01 - User Essentials - DXi6902 - RevA
2 pages
Understanding DTMF Negotiation and Troubleshooting On SIP Trunks
No ratings yet
Understanding DTMF Negotiation and Troubleshooting On SIP Trunks
21 pages
Enable and Collect Trace Logs in Cisco Unified SIP Proxy (CUSP)
No ratings yet
Enable and Collect Trace Logs in Cisco Unified SIP Proxy (CUSP)
7 pages
Tle 10 Computer Operation q3 m1 Week 1 2.passed No Ak
No ratings yet
Tle 10 Computer Operation q3 m1 Week 1 2.passed No Ak
15 pages
BIG-IP Link Controller Implementations
No ratings yet
BIG-IP Link Controller Implementations
80 pages
Lenteur SSL Palo Alto
No ratings yet
Lenteur SSL Palo Alto
17 pages
CT Recording Solutions R6 - User Manual v6.6
No ratings yet
CT Recording Solutions R6 - User Manual v6.6
123 pages
Oracle Fusion Middleware 12c (12.2.1.0.0) Certification Matrix
No ratings yet
Oracle Fusion Middleware 12c (12.2.1.0.0) Certification Matrix
32 pages
Free $125 Adzooma Microsoft Ads Coupon
No ratings yet
Free $125 Adzooma Microsoft Ads Coupon
5 pages
Logical Database Design
No ratings yet
Logical Database Design
39 pages
DNS Zones Explained
No ratings yet
DNS Zones Explained
4 pages
Review Tab
No ratings yet
Review Tab
5 pages
Use The Dumpcfg Administration Tool To Track ICM Configuration Changes
No ratings yet
Use The Dumpcfg Administration Tool To Track ICM Configuration Changes
4 pages
Vyatta VPNRef R6.1 v02
No ratings yet
Vyatta VPNRef R6.1 v02
321 pages
SAP IDES Deployment Planing
No ratings yet
SAP IDES Deployment Planing
6 pages
H2OUVE Ñ 1 0 ZH-CN en
No ratings yet
H2OUVE Ñ 1 0 ZH-CN en
2 pages
Evo Em02
No ratings yet
Evo Em02
22 pages
2 - AMCAT Auto-Proctored Instructions.....
No ratings yet
2 - AMCAT Auto-Proctored Instructions.....
2 pages
Unified CCE Mobile and Remote Access Configuration
No ratings yet
Unified CCE Mobile and Remote Access Configuration
4 pages
Progdvb and Progtv - Progdvb - Products
No ratings yet
Progdvb and Progtv - Progdvb - Products
2 pages
CUSP Call Processing
No ratings yet
CUSP Call Processing
9 pages
Microsoft 365: Skip To Main Content
No ratings yet
Microsoft 365: Skip To Main Content
9 pages
Recommended Trace Levels For CVP
No ratings yet
Recommended Trace Levels For CVP
4 pages
Ans: The Four Things That Are Need To Be Kept in Mind Are A. Framing B. Line-Coding C. Switch Type D. Clock Source
No ratings yet
Ans: The Four Things That Are Need To Be Kept in Mind Are A. Framing B. Line-Coding C. Switch Type D. Clock Source
7 pages
Ba 243
No ratings yet
Ba 243
74 pages
Number Translation Using Voice Translation Profiles
No ratings yet
Number Translation Using Voice Translation Profiles
25 pages
3 DX World Picture Manual
No ratings yet
3 DX World Picture Manual
9 pages
How To Debug DTMF Relay.
No ratings yet
How To Debug DTMF Relay.
3 pages
Exercises
No ratings yet
Exercises
2 pages
CVP Reporting Summary Tables Are Not Populated CSCue65248
No ratings yet
CVP Reporting Summary Tables Are Not Populated CSCue65248
2 pages
Troubleshoot Media Forking From Cisco IP Phone To Media Sense
No ratings yet
Troubleshoot Media Forking From Cisco IP Phone To Media Sense
17 pages
Dot2 3D Manual v1.9 20200420 en
No ratings yet
Dot2 3D Manual v1.9 20200420 en
77 pages
Use CTITest To Troubleshoot IPCC Agent Login Problems
No ratings yet
Use CTITest To Troubleshoot IPCC Agent Login Problems
4 pages
Dxdiag/mine
No ratings yet
Dxdiag/mine
40 pages
Dynamic Payload Type Interworking For DTMF and Codec Packets For SIP-to-SIP Calls
No ratings yet
Dynamic Payload Type Interworking For DTMF and Codec Packets For SIP-to-SIP Calls
10 pages
Finesse AgentInfo Gadget Deployment With MediaSense
No ratings yet
Finesse AgentInfo Gadget Deployment With MediaSense
9 pages
Cisco Unified SIP Proxy Call Processing
No ratings yet
Cisco Unified SIP Proxy Call Processing
9 pages
How To Configure Failover For Cisco Unified SIP Proxy
No ratings yet
How To Configure Failover For Cisco Unified SIP Proxy
5 pages
Understand Load Balancing Algorithm in CVP SIP Server Group
No ratings yet
Understand Load Balancing Algorithm in CVP SIP Server Group
3 pages
Problems With (Test SFTP) On MediaSense Archiving Configuration Page
No ratings yet
Problems With (Test SFTP) On MediaSense Archiving Configuration Page
10 pages
The Armsim# User Guide: 1. Overview
No ratings yet
The Armsim# User Guide: 1. Overview
47 pages
CUBE Voice Call Rate Configuration Example
No ratings yet
CUBE Voice Call Rate Configuration Example
3 pages
TN Imx Yocto-2.0-Jethro qt5 Source 20161209
No ratings yet
TN Imx Yocto-2.0-Jethro qt5 Source 20161209
14 pages
Voice XML Server Out of Memory Error Message
No ratings yet
Voice XML Server Out of Memory Error Message
2 pages
PFXP65FD0N70AD3N00
No ratings yet
PFXP65FD0N70AD3N00
1 page
SFDC 001
No ratings yet
SFDC 001
5 pages
Lab 7.2.4 Selecting The Root Bridge: Objective
No ratings yet
Lab 7.2.4 Selecting The Root Bridge: Objective
6 pages
E-Learning Website Requirements
No ratings yet
E-Learning Website Requirements
1 page
Implementing NetScaler VPX™ - Second Edition
From Everand
Implementing NetScaler VPX™ - Second Edition
Sandbu Marius
No ratings yet
VMware Horizon View Essentials
From Everand
VMware Horizon View Essentials
Peter von Oven
No ratings yet