iQuery statistics descriptions
165BIG-IP® Global Traffic Manager™: Implementations
Index
A
address mapping, about IPv6 to IPv488
allow-transfer statement, modifying for zone file transfers25, 100
Analytics
and viewing DNS statistics159 and viewing DNS statistics in tmsh160
creating profile for DNS AVR statistics collection159 Anycast, See IP Anycast.132–133
Application Visibility and Reporting (AVR) and DNS statistics collection159 and viewing DNS statistics159 authentication
and SSL certificate chains80 and SSL certificates76
authoritative name server, designating GTM26 authorizing BIG-IP communications38, 44 auto-discovery, disabling at the global-level73 automatic save interval for GTM, configuring82 AVR, and viewing DNS statistics159
B
big3d_install script, running41 big3d agent
and iQuery38
and monitor timeout values56 and SSL certificates76 importing certificate chains79 importing root certificate77 upgrading41
bigip_add utility
and integrating LTM with GTM44 running47
BIG-IP communications38, 44 BIG-IP LTM
and route domains64 and server definition40, 46
BIG-IP systems, and iQuery connections164 BIND server
and default DNS profiles103 and GTM103
Bridge mode, and global traffic management21
C
cache clearing110, 118, 125
cache poisoning, and configuring SNMP alerts128 cache size, managing117, 124
caching, and DNS profiles107, 115, 122 canonical names, and creating pools136 canonical pool names136
CA servers, and device certificates78 certificate chains
and SSL authentication78 creating78
verifying exchange79
certificate exchange, verifying77 certificates
importing device76 certificates, importing device78 clusters, configuring56
CNAME, and redirecting DNS queries136
configuration changes in GTM, and configuring automatic save interval82
configuration files, acquiring53 configuration synchronization
enabling for GTM60
configuration synchronization, about50 connection refused error
and listeners26 and TCP protocol26 connections
viewing iQuery statistics164 viewing status164
custom DNS profiles
and disabling DNS logging149 and enabling DNS Express102
and enabling high-speed DNS logging149 and logging DNS querieis and responses148 and logging DNS queries and responses147 and logging DNS responses148
creating132
custom DNS profiles, and caching DNS responses107 custom monitors, creating DNS108
D
data centers
assigning Prober pools154 creating51
defining38, 44, 59
DDoS attacks, about mitigating100 default DNS profiles, and listeners103 delegated zones
and listeners35
creating on local DNS servers35 destinations
for logging147
for remote high-speed logging146 deterministic probing, implementing152 device certificates
and CA servers76 importing76, 78 DLV anchors
and adding to validating resolvers122 obtaining for validating resolvers121 DNS64, configuring88
DNS AVR statistics and listeners159 overview82, 158 DNS cache
about configuring for specific needs128 about resolver114
about transparent106
167 Index
DNS cache (continued)
about validating resolver120
and adding DLV anchors to validating resolvers122 and adding trust anchors to validating resolvers121 and creating validating resolvers121
and obtaining trust and DLV anchors for validating resolvers121
clearing110, 118, 125
configuring to alert for cache poisoning128 configuring to answer queries for local zones128 configuring to generate SNMP alerts128 configuring to use specific root nameservers128 creating resolver115
creating transparent107 managing cache size117, 124 managing transparent cache size110 viewing109, 116, 123
viewing statistics109, 111, 116, 118, 123–125 viewing statistics using tmsh109, 116, 124 DNS cache profiles
customizing to cache DNS responses107, 115, 122 DNS cache profiles, assigning to listeners108, 116, 123 DNS Express
about100 enabling102 DNS Express profiles
assigning to listener103 DNS Express TSIG key, creating100 DNS Express zones
and statistics103 creating101
DNS global statistics, overview82, 158 DNS high-speed logging, overview144 DNS Logging
disabling149 enabling149 DNS Logging profile
assigning to listener149
DNS logging profiles, customizing147–148 DNS monitor, creating108
DNS profiles
and disabling DNS logging149
and enabling high-speed DNS logging149 and global statistics161
and IPv6 to IPv4 mapping89
and listeners configured for route advertisement132 assigning to listener159
assigning to listeners108, 116, 123 assigning to virtual servers89 creating132
customizing to cache DNS responses107, 115, 122 customizing to handle IPV6 to IPv4 address mapping88 enabling DNS Express102
handling non-wide IP queries132 DNS requests for GTM, load balancing42 DNSSEC
about manual rollover of keys92 and DNS infrastructure illustrated92 configuring compliance92
DNSSEC keys
about manual rollover92
creating for emergency rollover94–95
DNSSEC keys (continued) creating for key signing94 creating for zone signing95 DNSSEC keys, about92 DNSSEC records, viewing97 DNSSEC zones
and signature validation97 assigning keys96
creating96
DNS server pools, and listeners31 DNS servers
and creating pools31, 108 and GTM20
and pools30 and wide IPs34
configuring to allow zone file transfers25, 100 delegating wide IP requests34
identifying legacy25 modifying26
replacing with GTM24
DNS services, about IP Anycast132 DNS statistics
collecting AVR statistics159 viewing analytics in tmsh160 viewing global161
viewing in AVR159
viewing per virtual server161 DNS traffic
and GTM20
and statistics per virtual server161 and wide IPs20
creating listeners to forward21 creating listeners to identify26 forwarding20
identifying35 routing20
E
emergency rollover
and DNSSEC key-signing keys94 and DNSSEC zone-signing keys95
F
file transfers, See zone file transfers.25, 100 forwarding traffic to DNS servers20
G
global traffic management and wildcard listeners20
load balancing to a pool of DNS servers30 global traffic management, and Bridge mode21 GTM
and bigip_add utility47 integrating with LTM44 gtm_add script
and server status52 running53
using61
168 Index
gtmd agent
and importing root certificates77 and SSL certificates76
importing certificate chains79 gtmd agent, and iQuery38
H
high-speed logging and DNS144 and server pools146 hosts, defining140
I
important considerations, adding GTM to network50 integrating with existing DNS servers34
integration of GTM with older systems38 integration of LTM and GTM systems44 intelligent probing, about152
IP Anycast about132 and listeners133 IPv4-only servers
and mapping to IPv6-only clients88 passing traffic from IPv6-only clients89 IPv6-only clients
about mapping to IPv4-only servers88 passing traffic to IPv4-only DNS servers89 IPv6 to IPv4 mapping
and DNS profiles88–89 configuring virtual servers89 iQuery
and big3d agent38 and gtmd agent38 and statistics164
viewing statistics about connections164 viewing status of connections164 iQuery connections and statistics164 and status164 iRules, accessing56
K
key-signing keysabout manual rollover92 creating94
L
LDNS, creating delegated zones35 legacy DNS servers
and zone files25
identifying by self IP addresses on BIG-IP GTM25 Level 1, about SSL authentication76
listeners
about wildcard20
advertising virtual addresses134 and pools of DNS servers31 and refused connection error26
listeners (continued)
and route advertisement134 and TCP protocol26 and UDP protocol26 and ZebOS132
assigning a DNS Express profile103
assigning custom DNS profile for DNS caching108, 116, 123
assigning DNS Logging profile149 assigning DNS profile159
configuring for route advertisement133 creating to forward DNS traffic21
creating to handle wide IP traffic locally35 creating to identify DNS traffic26, 59, 93 dynamic routing protocol132
listeners, defined20, 24, 30, 34
load balancing DNS requests for GTM42 load balancing process
about Prober pool status153
about traffic management capabilities38 and non-wide IP traffic30
and Prober pools152
load balancing traffic to a pool of DNS servers30 local BIND servers, and DNS profiles132 local DNS servers, and replacing with GTM24
local zones, and configuring cache to answer queries128 logging
and destinations146–147 and pools146
and publishers147
DNS queries and responses147–148 DNS responses148
logical network components, and creating wide IPs21, 27 logs, and Prober pool data156
LTM
and bigip_add utility47 and route domains64, 70 and server definition40, 46 integrating with GTM44
M
manual rollover, and DNSSEC keys92 message cache
managing size117, 124
managing size for transparent cache110 mitigation of DDoS attacks100
monitor timeout, and virtual server status56
N
nameserver cache, managing size117, 124 negative DNS responses, and GTM84
network, deploying GTM for single route domain64 network connection issues, diagnosing164 network placement of GTM forwarding traffic21 network traffic, and listeners20, 24, 30, 34 non-wide IP queries, and custom DNS profiles132 NTP servers, defining51, 58
169 Index
P
placement of GTM on network to forward traffic21 pools
and canonical names136 and CNAME136
and DNS servers30–31, 108 creating84
creating with canonical name136 for high-speed logging146 primary servers, defining for zones26 Prober pools
about152
about statistics153 about status153 and data centers154
and deterministic probing152 and logs156
and servers155 and statistics155
and upgrading to version 11.x18 creating154
profiles
and disabling DNS logging149 creating custom DNS107, 115, 122 creating custom DNS logging147
creating custom DNS query and response logging148 creating custom DNS response logging148
creating DNS88
creating for DNS AVR statistics collection159 creating for DNS Express102
creating for DNS logging149 publishers, and logging147
R
redirect using CNAME pool, overview136 redundant system configurations
and GTM58 defining servers60 refused connection error26 remote servers
and destinations for log messages146–147 and publishers for log messages147 for high-speed logging146
replacing local DNS servers24 resolver cache
about114 creating115 resource record cache
managing size117, 124
managing size for transparent cache110 rollover, See emergency rollover.58
root certificates, importing77
root nameservers, and DNS cache128 root servers, and zones26
route advertisement, and listeners133–134 route domains
and GTM64 and LTM64, 70
and self IP addresses66, 73 and server definition67, 73
route domains (continued) and VLANs65, 72 creating65, 72
deploying GTM on network with multiple route domains 70
route health injection about132
routing traffic to DNS servers20
S
saving changes, and GTM82 scripts
running big3d_install script41 running gtm_add script52 self IP addresses
and route domains73 creating for route domains66
creating on GTM for legacy DNS servers25 self-signed SSL certificates, about76
server pools, and listeners31 servers
and destinations for log messages146–147 and publishers for log messages147 assigning Prober pools155
defining BIG-IP LTM systems40, 46 defining for BIG-IP GTM39, 45 defining for route domains67, 73
defining GTM redundant system configurations60 defining new BIG-IP GTM52
defining third-party host servers140 for high-speed logging146
signature validation, of DNSSEC zones97
single route domain, deploying GTM on network64 SNMP alerts
and cache poisoning128
configuring cache to generate117, 124 SNMP monitoring
and third-party host servers140 creating monitors140
SOA records about84 and wide IPs84 SSL authentication
about76
and certificate chains80 defined76
SSL certificates
about Level 1 SSL authentication76 about self-signed76
and big3d agent77, 79 and CA servers76
and certificate chain authentication78 and gtmd agent77, 79
and verifying chain exchange79 creating chains78
signed by third party76 verifying exchange77 statistics
about iQuery164 viewing DNS global161 viewing for cache109, 116, 123
170 Index
statistics (continued)
viewing for DNS cache109, 116, 124 viewing for DNS Express zones103 viewing for DNS traffic per virtual server161 viewing for Prober pools155
viewing per virtual server161 statistics, and Prober pools153 status, and Prober pools153 synchronization about50 enabling51 enabling for GTM60 synchronization groups about50 adding new GTM50 illustrated50
system upgrades, and Prober pools18
T
TCP protocol
and connection refused error26 and listeners26
third-party servers, and SNMP monitoring140 tmsh, and viewing cache statistics109, 116, 124 traffic forwarding, placement of GTM21
transparent cache about106 creating107 managing size110 trust anchors
adding to validating resolvers121 obtaining for validating resolvers121 TSIG key, creating for DNS Express100
U
UDP protocol, and listeners26
Unsolicited Replies Threshold setting, modifying117, 124 upgrades, and Prober pools18
V
validating resolver caches about120
and adding DLV anchors122
validating resolver caches (continued) and adding trust anchors121
and obtaining trust and DLV anchors121 creating121
VIPRION systems, and GTM56 virtual addresses, advertising134 virtual servers
and IPv6 to IPv4 mapping89 assigning DNS profiles89 configuring status dependency56
disabling auto-discovery at the global-level73
passing traffic between IPv6-only clients and IPv4-only DNS servers89
virtual server status, setting for clusters56 VLANs
creating for a route domain on BIG-IP LTM72 creating for route domains65
W
wide IPs
and DNS servers20, 34 and DNS traffic35 and SOA records84 creating21, 27
wildcard listeners, defined20
Z
ZebOS dynamic routing protocol and listeners133
enabling132
verifying route advertisement134
zone files, acquiring from legacy DNS servers25 zone file transfers, and configuring DNS servers25, 100 ZoneRunner
and viewing DNSSEC records97 zones
and GTM as primary server26 and root servers26
zones creating DNSSEC 96 See also DNSSEC zones. zone-signing keys
about manual rollover92 creating95
zones protecting from DDoS attacks creating for DNS Express101
171 Index
172 Index