You are on page 1of 80

BIG-IP Link Controller: Implementations

version 10.2
MAN-0318-00

Product Version
This manual applies to product version 10.2 of the BIG-IP Link Controller.

Publication Date
This manual was published on March 19, 2010.

Legal Notices
Copyright
Copyright 2010, F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice.

Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Access Policy Manager, APM, Acopia, Acopia Networks, Application Accelerator, Ask F5, Application Security Manager, ASM, ARX, Data Guard, Edge Client, Edge Gateway, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM, iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, iRules, Link Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera, OneConnect, Packet Velocity, Protocol Security Module, PSM, Secure Access Manager, SAM, SSL Accelerator, SYN Check, Traffic Management Operating System, TMOS, TrafficShield, Transparent Data Reduction, uRoam, VIPRION, WANJet, WAN Optimization Module, WOM, WebAccelerator, WA, and ZoneRunner are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent. All other product and company names herein may be trademarks of their respective owners.

Patents
This product protected by U.S. Patents 6,374,300; 6,473,802; 6,970,933; 7,047,301. Other patents pending.

Export Regulation Notice


This product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States.

RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.

FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference. Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules.

BIG-IP Link ControllerTM: Implementations

Canadian Regulatory Compliance


This Class A digital apparatus complies with Canadian ICES-003.

Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture.

Acknowledgments
This product includes software developed by Gabriel Fort. This product includes software developed by Bill Paul. This product includes software developed by Jonathan Stone. This product includes software developed by Manuel Bouyer. This product includes software developed by Paul Richards. This product includes software developed by the NetBSD Foundation, Inc. and its contributors. This product includes software developed by the Politecnico di Torino, and its contributors. This product includes software developed by the Swedish Institute of Computer Science and its contributors. This product includes software developed by the University of California, Berkeley and its contributors. This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory. This product includes software developed by Christopher G. Demetriou for the NetBSD Project. This product includes software developed by Adam Glass. This product includes software developed by Christian E. Hopps. This product includes software developed by Dean Huxley. This product includes software developed by John Kohl. This product includes software developed by Paul Kranenburg. This product includes software developed by Terrence R. Lambert. This product includes software developed by Philip A. Nelson. This product includes software developed by Herb Peyerl. This product includes software developed by Jochen Pohl for the NetBSD Project. This product includes software developed by Chris Provenzano. This product includes software developed by Theo de Raadt. This product includes software developed by David Muir Sharnoff. This product includes software developed by SigmaSoft, Th. Lockert. This product includes software developed for the NetBSD Project by Jason R. Thorpe. This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com. This product includes software developed for the NetBSD Project by Frank Van der Linden. This product includes software developed for the NetBSD Project by John M. Vinopal. This product includes software developed by Christos Zoulas. This product includes software developed by the University of Vermont and State Agricultural College and Garrett A. Wollman. In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems. "Similar operating systems" includes mainly non-profit oriented systems for research and education, including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU). This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/). This product includes software licensed from Richard H. Porter under the GNU Library General Public License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html. This product includes the standard version of Perl software licensed under the Perl Artistic License ( 1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at http://www.perl.com.

ii

This product includes software developed by Jared Minch. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product contains software based on oprofile, which is protected under the GNU Public License. This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html) and licensed under the GNU General Public License. This product contains software licensed from Dr. Brian Gladman under the GNU General Public License (GPL). This product includes software developed by the Apache Software Foundation <http://www.apache.org/>. This product includes Hypersonic SQL. This product contains software developed by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation, and others. This product includes software developed by the Internet Software Consortium. This product includes software developed by Nominum, Inc. (http://www.nominum.com). This product contains software developed by Broadcom Corporation, which is protected under the GNU Public License. This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser General Public License, as published by the Free Software Foundation. This product includes the GeoPoint Database developed by Quova, Inc. and its contributors. This product includes software developed by Balazs Scheidler <bazsi@balabit.hu>, which is protected under the GNU Public License. This product includes software developed by NLnet Labs and its contributors. This product includes software written by Steffen Beyer and licensed under the Perl Artistic License and the GPL. This product includes software written by Makamaka Hannyaharamitu 2007-2008.

BIG-IP Link ControllerTM: Implementations

iii

iv

Table of Contents

Table of Contents

1
Introducing Implementations for the Link Controller
Introducing the Link Controller ..................................................................................................1-1 Getting started .......................................................................................................................1-1 Introducing implementations ........................................................................................................1-2

2
Configuring a Basic Link Controller Implementation
Introducing a basic Link Controller configuration ..................................................................2-1 Setting the management IP address and default route for the system ...............................2-2 Performing initial system setup ....................................................................................................2-3 Provisioning the Link Controller .................................................................................................2-6 Configuring the host name and user accounts .........................................................................2-6 Creating VLANs ..............................................................................................................................2-7 Creating the default gateway pool ..............................................................................................2-9 Defining the physical connections to the Internet ............................................................... 2-10 Creating listeners ......................................................................................................................... 2-12 Creating a load balancing pool .................................................................................................. 2-13 Creating virtual servers .............................................................................................................. 2-14 Creating a wide IP ........................................................................................................................ 2-15

3
Controlling Load Balancing Costs
Introducing cost-based load balancing .......................................................................................3-1 Configuring cost-based load balancing .......................................................................................3-3 Configuring the links .............................................................................................................3-4 Creating the default gateway pool for cost-based load balancing ..............................3-5 Implementing the default gateway pool for cost-based load balancing .....................3-5 Configuring the virtual servers ...........................................................................................3-6 Adding a wide IP for inbound load balancing ..................................................................3-7

4
Implementing Bandwidth Load Balancing
Introducing bandwidth load balancing ........................................................................................4-1 Configuring bandwidth load balancing ........................................................................................4-2 Configuring the links .............................................................................................................4-3 Creating the default gateway pool for bandwidth load balancing ...............................4-4 Implementing the default gateway pool for bandwidth load balancing ......................4-5 Defining the virtual servers for an additional Internet connection ............................4-5 Adding a wide IP for bandwidth load balancing ..............................................................4-7

5
Setting Up a Link Controller Redundant System Configuration
About Link Controller redundant system configurations .....................................................5-1 Setting up a Link Controller redundant system configuration .............................................5-3 Configuring the redundant system settings .....................................................................5-4 Creating VLANs for Link Controller redundant systems ............................................5-4 Assigning self IP addresses ...................................................................................................5-6 Creating floating IP addresses .............................................................................................5-7 Configuring the high availability options ...........................................................................5-9 Defining an NTP server ..................................................................................................... 5-10 Defining the default gateway route ................................................................................. 5-10 BIG-IP Link ControllerTM: Implementations 1

Table of Contents

Defining a listener ............................................................................................................... 5-11 Running a configuration synchronization operation ................................................... 5-12 Enabling synchronization ................................................................................................... 5-12 Adding links .......................................................................................................................... 5-13 Running the gtm_add script .............................................................................................. 5-14

Glossary Index

1
Introducing Implementations for the Link Controller

Introducing the Link Controller Introducing implementations

Introducing Implementations for the Link Controller

Introducing the Link Controller


The BIG-IP Link Controller is a dedicated IP application switch that manages traffic to and from a site across multiple links, regardless of connection type or provider. The Link Controller provides granular traffic control for Internet gateways, allowing you to define how traffic is distributed across links in a way that meets your business priorities. The Link Controller also transparently monitors the availability and health of links to optimally direct traffic across the best available link. The Link Controller includes the following features: Dynamic load balancing, based on the following link attributes: Total available bandwidth of the link The costs of purchased incremental bandwidth segments Inbound link capacity and resource limits Outbound link capacity and resource limits Router monitoring, to ensure high availability and continuous uptime

Getting started
The Link Controller runs on the Traffic Management Operating System, commonly referred to as TMOS. Before you begin configuring an implementation, F5 Networks recommends that you familiarize yourself with these additional resource:

BIG-IP Systems: Getting Started Guide This guide provides detailed information about licensing and provisioning the BIG-IP system, as well as installing upgrades. The guide also provides a brief introduction to the features of BIG-IP system and the tools for configuring the system. TMOS Management Guide for BIG-IP Systems This guide contains any information you need to configure and maintain the network and system-related components of the BIG-IP system, such as routes, VLANs, and user accounts. Configuration Guide for BIG-IP Link Controller This guide contains any information you need for configuring specific features of the BIG-IP system to manage links. Traffic Management Shell (tmsh) Reference Guide This guide contains information about using the Traffic Management Shell (tmsh) commands to manage the BIG-IP systems.

F5 Networks recommends that you then run the Setup utility to configure basic network elements such as self IP addresses, interfaces, and VLANs. After running the Setup utility, you can use this guide to configure specific implementations. For information on running the Setup utility, see the BIG-IP Systems: Getting Started Guide.

BIG-IP Link ControllerTM: Implementations

1-1

Chapter 1

Introducing implementations
This guide is designed to help you accomplish specific configuration tasks associated with the Link Controller. Each chapter focuses on a specific implementation, providing an overview of the situation and a detailed example of how to configure the system to accomplish the objectives outlined in the implementation. The tasks outlined in each chapter are designed so that you can quickly apply them to your own network.

1-2

2
Configuring a Basic Link Controller Implementation

Introducing a basic Link Controller configuration Setting the management IP address and default route for the system Performing initial system setup Provisioning the Link Controller Configuring the host name and user accounts Creating VLANs Creating the default gateway pool Defining the physical connections to the Internet Creating listeners Creating a load balancing pool Creating virtual servers Creating a wide IP

Configuring a Basic Link Controller Implementation

Introducing a basic Link Controller configuration


The BIG-IP Link Controller provides a variety of methods for managing the traffic flowing in and out of a network. This basic implementation guides you through configuring the Link Controller to help manage DNS traffic into and out of your network. For this implementation, consider the fictional company SiteRequest. This company has two internet connections using two different ISPs. SiteRequest has purchased a Link Controller system to manage the inbound and outbound internet traffic to and from their network. The tasks you need to accomplish to configure the Link Controller system to manage traffic are: Set the management interface IP address and default route Perform initial set up, including licensing the system and running the Setup utility to perform the initial load balancing configuration Provision the system Configure the host name and user accounts for the system Create VLANS that encompass the components that process traffic Create a default gateway pool Define the physical connections to the Internet Create listeners to detect traffic coming from the ISPs Create a pool to load balance the traffic Create virtual servers across which the system load balances traffic Create a wide IP that encompasses the virtual servers

BIG-IP Link ControllerTM: Implementations

2-1

Chapter 2

Setting the management IP address and default route for the system
You can use either the liquid crystal display (LCD) panel on the device, or access the system command line to set the management interface IP address and route for the system.
Note

You can use only an IPv4 address for the device management interface IP address.

To set the management interface IP address and default route using the LCD panel
1. Press the X button on the LCD panel. The LCD goes into Menu mode, and the arrow buttons become functional. 2. Use the arrow buttons to select the System menu, and the Management option. 3. Type the management interface IP address. For this example, use the preferred management interface IP address 192.168.1.245. 4. Select the Mgmt Mask option. 5. Type the netmask for the management interface IP address. For this example, use the default netmask 255.255.255.0. 6. Select the Mgmt Gateway option. 7. Type the default route for the management interface of this device. This route is necessary if you plan to manage the unit from a different subnetwork. 8. Select the Commit option to save your changes.

To set the management interface IP address and default route from the command line
1. Log on to the command-line interface for the Link Controller as root using the default password, default. 2. At the prompt, enter: config customization/ 3. Follow the F5 Management Port Setup utility prompts to set the management interface IP address, subnet and default route.

2-2

Configuring a Basic Link Controller Implementation

Performing initial system setup


Now that you have set the management interface IP address and default route, you can license the system, and then access the Configuration utility and run the Setup utility.

To license the BIG-IP system


1. Connect a serial terminal to the console port. 2. Log on to the command-line interface for the Link Controller as root using the default password, default. 3. To create a dossier, at the prompt type the following command sequence, replacing <regkey> with your registration key:
get_dossier -b "<regkey>"

You can find your registration key printed on a paper certificate that is included in the box with the BIG-IP system. 4. Highlight and copy the dossier that displays. Copy only the section that begins on the line after the command you typed in step 3, and ends just before the next command prompt. 5. Open a web browser and connect to the following URL: http://activate.f5.com 6. Follow the instructions to submit your dossier. The web site returns your product license. 7. Highlight and copy the entire product license. 8. From the BIG-IP system command line, to use a vi text editor to open the file /config/bigip.license, type the following command sequence:
vi /config/bigip.license

9. To enable the vi insert mode, press the i key. 10. Paste the license file that you copied in Step 7 into the bigip.license file. 11. To exit vi insert mode, press the Esc key. 12. To save the bigip.license file and exit vi, enter the following command sequence:
wq

13. To restart the BIG-IP system services, enter this command sequence:
bigstart restart

The BIG-IP system is now licensed. Note that the system prompt changes from INOPERATIVE to Active.

BIG-IP Link ControllerTM: Implementations

2-3

Chapter 2

Important

Even if you typically use the command line to configure a system, you must run the Setup utility from the browser-based Configuration utility before you begin.

To access the Configuration utility


1. Open a web browser on a workstation connected to the management interface IP address. 2. In the browsers address bar, type the URL:
https://<management interface IP address>

3. At the logon prompt, type admin for the user name, and admin for the password. The Configuration utility opens displaying the Welcome screen.

Tip

As you proceed through the Setup utility, click the Help tab on the navigation pane for information about the settings on each screen.

To run the Setup utility


1. On the Welcome screen, click Run the Setup Utility. 2. Accept the license for the system. 3. Because you have already entered the management interface IP address, netmask and default route using the LCD, accept the values for these options. 4. Type the host name of the system as a fully qualified domain name (FQDN). This field allows only letters, numbers, and the characters dash ( - ) and period ( . ). 5. Specify the IP address that you want to associate with the host name; either: Select Use Management Port IP Address to associate the host name with the IP address of the management interface. This is the default setting. Select Custom Host IP Address and type a different IP address. 6. Select a time zone. The system uses the time zone for the date and time of events recorded in logs. If you change the time zone, F5 Networks recommends that you reboot the system to ensure that all of the services are in sync. If you do not reboot, it does not affect traffic or management functionality,

2-4

Configuring a Basic Link Controller Implementation

but there is a possibility that some timestamps might be logged or displayed incorrectly, depending on which service has been restarted and which has not. 7. In the Password box, type the password for the root account. The root account provides only console access to this system. 8. In the Confirm box, retype the password that you typed in the Password box. 9. In the Password box, type the password for the account, admin. The admin account provides only browser access to the system. 10. In the Confirm box, retype the password that you typed in the Password box. 11. Select Enabled from the SSH access list. 12. Specify either the IP address or address range for other systems that can use SSH to communicate with the system: Select *All Addresses, to grant unrestricted SSH access to all IP addresses. Select Specify Range, and then type an address range in the box, to restrict SSH access to a block of IP addresses. For example, to restrict access to only systems on the 192.168.0.0 network, type 192.168.*.*.

Now that you have set up the system, you can set the setup.run db key to prevent the Link Controller from starting the Setup utility each time a user accesses the Configuration utility.

To prevent the Setup utility from starting


1. Log on to the command line of the system using the root account. 2. Type tmsh to access the Traffic Management Shell. 3. Run the command sequence:
modify / sys db setup.run value false

4. Type quit to exit tmsh.

BIG-IP Link ControllerTM: Implementations

2-5

Chapter 2

Provisioning the Link Controller


The next task you perform is to provision the system. Provisioning and licensing work together to make sure that software modules are accessible and appropriately provided with system CPU, memory, and disk space.
WARNING

You must provision the Link Controller before you configure it; otherwise, when you provision the module, you lose the configuration.

To provision the Link Controller


1. Log on to the Configuration utility. 2. On the Main tab of the navigation pane, click System, and then click Resource Provisioning. 3. Select Nominal for the Link Controller setting in the Resource Provisioning (Licensed Modules) area. The system allocates CPU, memory, and disk space to the Link Controller. The modules listed in the Resource Provisioning (Unlicensed Modules) area should not be provisioned. That is, the value in those fields must be set to None (Disabled). 4. Click Update.

Configuring the host name and user accounts


Now that you have provisioned the system, the next task is to configure a host name and set up the user accounts for the Link Controller system.

To configure the host name and user accounts


1. On the Main tab of the navigation pane, expand System, and then click Platform. 2. In the Host Name box, type the host name for the system. For this example, type www.siterequest.com. This must be a fully qualified domain name. 3. For the Root Account, type a new password, and then confirm the password. (This account provides access to only the command line interface.) 4. For the Admin Account, type a new password, and then confirm the password. (This account provides access to only the Configuration utility.) 5. Click Update to save your changes.

2-6

Configuring a Basic Link Controller Implementation

Creating VLANs
The next task in this implementation is to set up three VLANs that encompass the IP addresses associated with the Link Controller and the other network components that help manage DNS traffic. For this example, create three VLANs using the information in Table 2.1.
VLAN Name internal Assign Untagged Interface 1.1

VLAN used for communication between the Link Controller and the rest of the internal network communication between the Link Controller and ISP1 communication between the Link Controller and ISP2

isp1

1.2

isp2

1.3

Table 2.1 Attributes of VLANs

To create the internal VLAN


1. On the Main tab of the navigation pane, expand Network and then click VLANs. 2. Click Create. 3. In the Name box, type the name of the first VLAN. For this example, type internal. 4. For the Interfaces setting, use the Move buttons to assign the interface 1.1 to the Untagged list. 5. Click Finished.

To create the isp1 VLAN


1. On the Main tab of the navigation pane, expand Network and then click VLANs. 2. Click Create. 3. In the Name box, type the name of the first VLAN. For this example, type isp1. 4. For the Interfaces setting, use the Move buttons to assign the interface 1.2 to the Untagged list. 5. Click Finished.

BIG-IP Link ControllerTM: Implementations

2-7

Chapter 2

To create the isp2 VLAN


1. On the Main tab of the navigation pane, expand Network and then click VLANs. 2. Click Create. 3. In the Name box, type the name of the first VLAN. For this example, type isp2. 4. For the Interfaces setting, use the Move buttons to assign the interface 1.3 to the Untagged list. 5. Click Finished.

2-8

Configuring a Basic Link Controller Implementation

Creating the default gateway pool


After you configure the links, the next task is to create the default gateway pool that load balances the outbound traffic across the links.

To create a default gateway pool


1. On the Main tab of the navigation pane, expand Local Traffic and then click Pools. 2. Click Create. 3. In the Name box, type the name of the pool. For this example, type default_gateway_pool. 4. For the New Members setting, add the IP addresses associated with each link: For the link to ISP1, type the IP address of the link and click Add. For this example, type 192.168.5.5. For the link to ISP2, type the IP address of the link and click Add. For this example, type 192.168.10.5. 5. Click Finished.

After you create a default gateway pool, you must instruct the Link Controller to use the pool as the default gateway connection between the internal network and the Internet.

To configure the default route to the Internet


1. On the Main tab of the navigation pane, expand Network and then click Routes. 2. Click Add. 3. From the Type list, select Default Gateway. 4. From the Resource list, select Use Pool. 5. From the Pool list, select default_gateway_pool. 6. Click Finished.

BIG-IP Link ControllerTM: Implementations

2-9

Chapter 2

Defining the physical connections to the Internet


After you create the VLANs, the next task is to define the physical connections to the Internet. To do this, you create links using the IP addresses of one or more routers on the network that provide a path to the Internet. For this example, create the links using the information in Table 2.2.
Link isp1 isp2 Router Address 192.168.5.5 192.168.10.5 Uplink Address 192.168.5.6 192.168.10.6 ISP ISP1 ISP2

Table 2.2 Attributes of links to ISPs

To configure the isp1 link


1. On the Main tab of the navigation pane, expand Link Controller, and then click Links. 2. Click Create. 3. In the Name box, type a name for the link that represents one of the ISPs. For this example, type ISP1. 4. In the Router Address box, type the IP address of the router associated with the ISP. For this example, type 192.168.5.5. 5. In the Uplink Address box, type the IP address of the ISP. For this example, type 192.168.5.6. 6. In the Service Provider box, type the name of the ISP. For this example, type ISP1. 7. For the Health Monitors setting, use the Move buttons to add the bigip_link and gateway_icmp monitors to the Enabled list. The bigip_link monitor uses iQuery to provide the status of the link. The gateway_icmp monitor provides the status of the gateway. 8. Click Create.

To configure the isp2 link


1. On the Main tab of the navigation pane, expand Link Controller, and then click Links. 2. Click Create. 3. In the Name box, type a name for the link that represents one of the ISPs. For this example, type ISP2.
2 - 10

Configuring a Basic Link Controller Implementation

4. In the Router Address box, type the IP address of the router associated with the ISP. For this example, type 192.168.10.5. 5. In the Uplink Address box, type the IP address of the ISP. For this example, type 192.168.10.6. 6. In the Service Provider box, type the name of the ISP. For this example, type ISP2. 7. For the Health Monitors setting, use the Move buttons to add the bigip_link and gateway_icmp monitors to the Enabled list. The bigip_link monitor uses iQuery to provide the status of the link. The gateway_icmp monitor provides the status of the gateway. 8. Click Create.

BIG-IP Link ControllerTM: Implementations

2 - 11

Chapter 2

Creating listeners
The next task in this implementation is to configure two listeners, one that detects DNS traffic bound for SiteRequest from each of the ISPs.

To create the listener for ISP1


1. On the Main tab of the navigation pane, expand Link Controller and click Listeners. 2. Click Create. 3. In the Destination box, type the self IP address on which the Link Controller listens for traffic from ISP 1. For this example, type 10.10.10.1. 4. Click Finished.

To create the listener for ISP2


1. On the Main tab of the navigation pane, expand Link Controller and click Listeners. 2. Click Create. 3. In the Destination box, type the self IP address on which the Link Controller listens for traffic from ISP 1. For this example, type 10.20.10.1. 4. Click Finished.

2 - 12

Configuring a Basic Link Controller Implementation

Creating a load balancing pool


The next task in this implementation is to configure a load balancing pool to process the inbound traffic from the Internet through the ISPs to SiteRequest. The Link Controller system sends client requests to any of the servers that are members of that pool.

To create a load balancing pool


1. On the Main tab of the navigation pane, expand Local Traffic and then click Pools. 2. Click Create. 3. From the Configuration list, select Advanced. 4. In the Name box, type a name for the pool. For this example, type www-pool. The name of a pool must be no more than 63 characters in length. 5. For the Health Monitors setting, use the Move buttons to move selected monitors to the Active list. For this example, move the http monitor to the Available list. 6. Click Finished.

BIG-IP Link ControllerTM: Implementations

2 - 13

Chapter 2

Creating virtual servers


After you create the load balancing pool, the next task is to configure virtual servers, one for each link, to load balance inbound connections across the servers on the network. You also configure one wildcard virtual server to load balance outbound connections across the routers.
Name vs for ISP1 vs for ISP2 wildcard vs for outbound traffic self IP address 10.10.10.80 10.20.20.80 0.0.0.0 Destination Host Host Network Port 80 80 0

Table 2.3 Attributes of virtual servers

To create a virtual server for ISP1


1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. 2. Click Create. 3. In the Name box type a name for the virtual server. For this example, type vs for ISP1. 4. For the Destination setting, select Host, and type the self IP address in the Address box. For this example, type 10.10.10.80. 5. In the Service Port box, type 80. 6. Click Finished.

To create a virtual server for ISP2


1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. 2. Click Create. 3. In the Name box type a name for the virtual server. For this example, type vs for ISP2. 4. For the Destination setting, select Host, and type the self IP address in the Address box. For this example, type 10.20.20.80. 5. In the Service Port box, type 80. 6. Click Finished.

2 - 14

Configuring a Basic Link Controller Implementation

To create a wildcard virtual server


1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. 2. Click Create. 3. In the Name box, type a name for the virtual server. For this example, type forward_outbound. 4. For the Destination setting, select Network, and type a self IP address in the Address box, and a netmask in the Mask box. For this example, in both the Address and Mask boxes, type 0.0.0.0. 5. In the Service Port box, type 0. Port 0 defines a wildcard virtual server that handles all types of services. If you specify a port number, you create a port-specific wildcard virtual server. In that case, the wildcard virtual server handles traffic only for the specified port. 6. In the Resources area, from the Default Pool list, select default_gateway_pool. 7. Click Finished.

Creating a wide IP
To complete the link load balancing configuration, you must configure a wide IP that encompasses the virtual servers.

To create a wide IP
1. On the Main tab of the navigation pane, expand Link Controller and then click Inbound Wide IPs. 2. Click Create. 3. In the Name box, type the URL of the wide IP. For this example, type www.siterequest.com. 4. For the Members List setting, add the virtual servers that you created in the previous task. For this example, from the Virtual Server list, select: 10.10.10.80, and then click Add. 10.20.20.80, and then click Add. 5. Click Finished.

You now have a Link Controller configured to manage the DNS traffic into and out of the SiteRequest network.

BIG-IP Link ControllerTM: Implementations

2 - 15

Chapter 2

2 - 16

3
Controlling Load Balancing Costs

Introducing cost-based load balancing Configuring cost-based load balancing

Controlling Load Balancing Costs

Introducing cost-based load balancing


You can configure the BIG-IP Link Controller to use cost-based load balancing to manage the traffic flowing in and out of a network. In cost-based load balancing, you prioritize link usage based on the cost of the bandwidth for that connection to the Internet. The Link Controller sends traffic to the link that is currently operating at the lowest cost. As the usage cost for each link changes, the Link Controller dynamically shifts traffic to the best link. When configuring a Link Controller to use cost-based load balancing, there are three critical settings:

Weighting The Weighting option for each link determines how the Link Controller prioritizes the links in its configuration. By default, this option is set to Ratio. For cost-based load balancing, however, you must set this option to Price (Dynamic Ratio). Prepaid Segment Most Internet Service Providers (ISPs) offer bandwidth plans that include a prepaid amount of bandwidth. In the Prepaid Segment option, you assign the appropriate bandwidth and cost values that are prepaid for the link. Incremental Segments The Incremental Segment option allows you to define the cost per segment values that apply to this link. You can assign as many incremental segments as needed.
Note

When implementing cost-based load balancing, it is important that your configuration applies to all of the links that the Link Controller manages. For example, F5 Networks does not recommend applying cost-based load balancing to one set of links and ratio load balancing to another set.

BIG-IP Link ControllerTM: Implementations

3-1

Chapter 3

Figure 3.1 depicts the cost-base load balancing process. In this process the following sequence occurs: 1. A client sends a DNS request to a Local DNS server. 2. The LDNS server sends an iterative request that leads to the Link Controller. 3. The Link Controller determines the best link based on current cost estimates and bandwidth usage, and sends the appropriate response back to the LDNS server. 4. The LDNS server forwards the response to the client. 5. The client then communicates with the appropriate virtual server through the corresponding link that the Link Controller specified.

Figure 3.1 Cost-based load balancing

3-2

Controlling Load Balancing Costs

Configuring cost-based load balancing


To illustrate how cost-based load balancing works, consider the fictional company SiteRequest. This company has two links for managing its inbound and outbound traffic: Link Alpha, which is the primary link for the network. This link uses an ISP to which a flat fee of $45 is paid for up to 4Mbps of total (both inbound and outbound) traffic. If the limit of 4Mbps is exceeded, SiteRequest incurs a $2/Mbps charge. Link Beta, which is a secondary link for the network. This link uses an ISP with which SiteRequest does not have a prepaid amount of bandwidth. Instead, SiteRequest is billed based on a pay-as-you-go basis. The rate charged for using this link is set at $1/Mbps. As these rates illustrate, the most cost-efficient configuration for SiteRequests links is to have Link Alpha handle traffic until it reaches 4Mbps, then send any traffic over 4Mbps to Link Beta. When the traffic decreases, the Link Controller must switch back to using only Link Alpha again. Table 3.1 provides additional information about each link.
Router Address 192.168.5.5 192.168.10.5 Uplink Address 192.168.5.6 192.168.10.6

Link Link Alpha Link Beta

ISP Global ISP Regional ISP

Table 3.1 Additional link attributes

The tasks required to configure cost-based load-balancing include: Configure the links Create a default gateway pool Implement the default gateway pool Configure the virtual servers Add a wide IP

BIG-IP Link ControllerTM: Implementations

3-3

Chapter 3

Configuring the links


The first task to implement a Link Controller configuration that uses cost-based load balancing to manage outbound traffic is to add and configure the links on the Link Controller.

To add the first link


1. On the Main tab of the navigation pane, expand Link Controller, and then click Links. 2. Click Create. 3. In the Name box, type the name of the link. For this example, type Link Alpha. 4. In the Router Address box, type the IP address of the router in the Address box. For this example, type 192.168.5.5. 5. In the Uplink Address box, type the IP address that corresponds with the external Internet connection. For this example, type 192.168.5.6. 6. In the Service Provider box, type the name of the ISP provider. For this example, select Global ISP. 7. From the Configuration list, select Advanced. 8. From the Weighting list, select Price (Dynamic Ratio). 9. In the Prepaid Segment box, type the amount of bandwidth that is prepaid for the link. For this example, type 4000. 10. For the Incremental Segments setting, add the incremental segment price. For this example type the following entry:
Up to 1000 bps at 2 $/Mbps

11. Click Create.

Repeat this procedure to add the second link to the configuration. In this example, when you add the second link, accept the default Weighting value of Ratio, set the Prepaid Segment option to 0 and add the following entry in the Incremental Segment option: Up to 1000 bps at 1 $/Mbps

3-4

Controlling Load Balancing Costs

Creating the default gateway pool for cost-based load balancing


After you add and configure the relevant links, the next task is to create the default gateway pool that load balances the traffic across the links.

To create a default gateway pool for cost-based load balancing


1. On the Main tab of the navigation pane, expand Local Traffic and then click Pools. 2. Click Create. 3. In the Name box, type the name of the pool. For this example, type default_gateway_pool. 4. In the Resources area, for the New Members setting, add the IP addresses associated with each link. In this example type the following: For Link Alpha, add 192.168.5.5 For Link Beta, add 192.168.10.5 5. Click Finished.

Implementing the default gateway pool for cost-based load balancing


After you create a default gateway pool, you must instruct the Link Controller to use the pool as the default gateway connection between the internal network and the Internet.

To implement the default gateway pool for cost-based load balancing


1. On the Main tab of the navigation pane, expand Network and then click Routes. 2. Click Add. 3. From the Type list, select Default Gateway. 4. From the Resource list, select Use Pool. 5. From the Pool list, select default_gateway_pool. 6. Click Finished.

BIG-IP Link ControllerTM: Implementations

3-5

Chapter 3

Configuring the virtual servers


After creating the default gateway pool, configure the virtual servers, one for each link that load balances inbound connections across the servers. You also configure one wildcard virtual server to load balance outbound connections across the routers. For this implementation, define the virtual servers shown in Table 3.2, and then define a wildcard virtual server.
Name VS for Link Alpha VS for Link Beta Self IP Address 10.10.5.5:80 10.10.5.6:80 Represents single host on the network single host on the network

Table 3.2 Sample link attributes

To add a virtual server for cost-based load balancing


1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. 2. Click Create. 3. In the Name box, type the name of the virtual server. For this example, type VS for Link Alpha. 4. For the Destination setting, select Host. 5. In the Service Port box, type 80. 6. Click Finished. Repeat this procedure for the virtual server for Link Beta listed in Table 3.2.

To define a wildcard virtual server for cost-based load balancing


1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. 2. Click Create. 3. In the Name box, type the name of the virtual server. For this example, type outbound. 4. For the Destination setting, in the Address box, type 0.0.0.0 5. In the Service Port box, type 0. 6. Click Finished.

3-6

Controlling Load Balancing Costs

Adding a wide IP for inbound load balancing


The last task in this implementation is to configure a wide IP to which the Link Controller load balances incoming DNS requests.

To add a wide IP
1. On the Main tab of the navigation pane, expand Link Controller and then click Inbound Wide IPs. 2. Click Create. 3. In the Name box, type the name of the wide IP For this example, type www.siterequest.com. 4. For the Load Balancing Method setting, make selections from the three lists. For this example: Select Ratio from the Preferred list. Select Round Robin from the Alternate list. Select Return to DNS from the Fallback list. 5. In the Member List setting, add the virtual servers that you created previously. For this example, select the following from the Virtual Server list, and then click Add: 10.10.5.5:80 10.10.5.6:80 6. Click Finished.

You now have a Link Controller configured to manage DNS traffic for www.siterequest.com. As data flows in and out of the network, the Link Controller monitors the total amount of bandwidth for each link. While traffic remains below 4Mbps, the Link Controller uses Link Alpha. If traffic exceeds that amount, the Link Controller sends the overflow traffic to Link Beta. If a link goes offline for any reason, the Link Controller uses the Alternate and Fallback load balancing modes to route traffic through an available link.

BIG-IP Link ControllerTM: Implementations

3-7

Chapter 3

3-8

4
Implementing Bandwidth Load Balancing

Introducing bandwidth load balancing Configuring bandwidth load balancing

Implementing Bandwidth Load Balancing

Introducing bandwidth load balancing


You can configure the BIG-IP Link Controller to use bandwidth load balancing to manage the traffic flowing in and out of a network. In bandwidth load balancing, the Link Controller uses a specific link until a traffic threshold has been met. After that threshold is met, the Link Controller shifts traffic to another link. When the traffic falls below the threshold, the Link Controller shifts traffic back to the first link. You can configure three different types of bandwidth settings for each link: Inbound, which refers to the amount of traffic flowing into the network Outbound, which refers to the amount of traffic flowing out of the network Total, which refers to the cumulative amount of traffic flowing in and out of the network
Note

When implementing bandwidth load balancing, it is important that your configuration applies to all of the links that the Link Controller manages. For example, F5 Networks does not recommend applying cost-based load balancing to one set of links and ratio load balancing to another set.

BIG-IP Link ControllerTM: Implementations

4-1

Chapter 4

Configuring bandwidth load balancing


To illustrate how bandwidth load balancing works, consider the fictional company SiteRequest. This company has two links for managing its inbound and outbound traffic: Link Alpha, which is the primary link for the network. This link uses an ISP to which a flat fee of $45 is paid for up to 50 Mbps of total (both inbound and outbound) traffic. If the limit is exceeded, SiteRequest incurs a $0.50/Mbps charge. Link Beta, which is a secondary link for the network. This link uses an ISP with which SiteRequest does not have a prepaid amount of bandwidth. Instead, SiteRequest is billed based on a pay-as-you-go basis. The rate charged for using this link is set at $0.45/Mbps. As these rates illustrate, the most cost-efficient configuration for SiteRequests links is to have Link Alpha handle traffic until it reaches 50 Mbps, then send any traffic over 50 Mbps to Link Beta. When the traffic decreases, the Link Controller must switch back to using only Link Alpha again. The tasks you need to accomplish for bandwidth load balancing include: Configure the links Create a default gateway pool Implement the default gateway pool Configure the virtual servers Add a wide IP

4-2

Implementing Bandwidth Load Balancing

Configuring the links


The first task in configuring a Link Controller configuration that uses bandwidth load balancing to manage outbound traffic is to add and configure the links in the Link Controller. For this procedure use the information about each link in Table 4.1.
Router Address 192.168.5.5 192.168.10.5 Uplink Address 192.168.5.6 192.168.10.6

Link Link Alpha Link Beta

ISP Global ISP Regional ISP

Table 4.1 Additional link attributes

To add Link Alpha


1. On the Main tab of the navigation pane, expand Link Controller, and then click Links. 2. Click Create. 3. In the Name box, type a name for the link. 4. In the Router Address box, type the IP address of the router. For this example, type 192.168.5.5. 5. In the Uplink Address box, type the IP address that corresponds with the external Internet connection. For this example, type 192.168.5.6. 6. In the Service Provider box, type the name of the ISP provider. For this example, select Global ISP. 7. From the Configuration list, select Advanced. 8. For the Traffic Limits setting, set the total bandwidth thresholds for the link. For this example, select Up To from the Total list, and then type 4000. 9. Click Create.

BIG-IP Link ControllerTM: Implementations

4-3

Chapter 4

To add Link Beta


1. On the Main tab of the navigation pane, expand Link Controller, and then click Links. 2. Click Create. 3. In the Name box, type a name for the link. 4. In the Router Address box, type the IP address of the router. For this example, type 192.168.10.5. 5. In the Uplink Address box, type the IP address that corresponds with the external Internet connection. For this example, type 192.168.10.6. 6. In the Service Provider box, type the name of the ISP provider. For this example, select Regional ISP. 7. From the Configuration list, select Advanced. 8. In the Traffic Limits area, set the total bandwidth thresholds for the link. For this example, select Up To from the Total list, and then type 3000. 9. Click Create.

Creating the default gateway pool for bandwidth load balancing


After you have added and configured the links, the next task is to create the default gateway pool that load balances the traffic across the links.

To create a default gateway pool for bandwidth load balancing


1. On the Main tab of the navigation pane, expand Local Traffic and then click Pools. 2. Click Create. 3. In the Name box, type the name of the pool. For this example, type default_gateway_pool. 4. For the New Members setting, add the IP addresses associated with each link. For this example type the following IP addresses and then click Add: For Link Alpha, add 192.168.5.5 For Link Beta, add 192.168.10.5 5. Click Finished.

4-4

Implementing Bandwidth Load Balancing

Implementing the default gateway pool for bandwidth load balancing


After you create a default gateway pool, you must instruct the Link Controller to use the pool as the default gateway connection between the internal network and the Internet.

To implement the default gateway pool for bandwidth load balancing


1. On the Main tab of the navigation pane, expand Network and then click Routes. 2. Click Add. 3. From the Type list, select Default Gateway. 4. From the Resource list, select Use Pool. 5. From the Pool list, select default_gateway_pool. 6. Click Finished.

Defining the virtual servers for an additional Internet connection


After you create the default gateway pool, you configure the virtual servers for each link that load balances inbound connections across the servers. You also configure one wildcard virtual server to load balance outbound connections across the routers. In this example, create the following virtual servers: VS for Link Alpha, which has an IP address of 10.10.5.5:80 and represents a single host on the network. VS for Link Beta, which has an IP address of 10.10.10.6:80 and also represents a single host on the network.

To add a virtual server for bandwidth load balancing


1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. 2. Click Create. 3. In the Name box, for this case, type VS for Link Alpha. 4. For the Destination setting, select Host. 5. In the Service Port box, type 80. 6. Click Finished. Repeat the preceding procedure for the additional virtual server.

BIG-IP Link ControllerTM: Implementations

4-5

Chapter 4

To define a wildcard virtual server for bandwidth load balancing


1. On the Main tab of the navigation pane, expand Local Traffic and then click Virtual Servers. 2. Click Create. 3. In the Name box, type the name of the virtual server. In this case, type outbound. 4. For the Destination setting, in the Address box, type 0.0.0.0. 5. In the Service Port box, type 0. 6. Click Finished.

4-6

Implementing Bandwidth Load Balancing

Adding a wide IP for bandwidth load balancing


To complete this implementation, configure a wide IP to which the Link Controller load balances incoming DNS requests. The wide IP is made up of only virtual servers that the Link Controller manages.

To add a wide IP
1. On the Main tab of the navigation pane, expand Link Controller and then click Inbound Wide IPs. 2. Click Create. 3. In the Name box, type the URL of the wide IP. For this example, type www.siterequest.com. 4. For the Load Balancing Method setting, make selections from the three lists. For this example: Select Kilobytes/Second from the Preferred list. Select Round Robin from the Alternate list. Select Return to DNS from the Fallback list. 5. For the Member List setting, add the virtual servers that you created previously. For this example, select the following from the Virtual Server list, and then click Add: 10.10.5.5:80 10.10.10.6:80 6. Click Finished.

You now have a Link Controller configured to manage DNS traffic for wide IP www.siterequest.com. As data flows in and out of the network, the Link Controller monitors the total amount of bandwidth for each link. While traffic remains below 4Mbps, the Link Controller uses Link Alpha. If traffic exceeds that amount, the Link Controller sends the overflow traffic to Link Beta. If a link goes offline for any reason, the Link Controller uses the Alternate and Fallback load balancing modes to route traffic through an available link.

BIG-IP Link ControllerTM: Implementations

4-7

Chapter 4

4-8

5
Setting Up a Link Controller Redundant System Configuration

About Link Controller redundant system configurations Setting up a Link Controller redundant system configuration

Setting Up a Link Controller Redundant System Configuration

About Link Controller redundant system configurations


One standard implementation of BIG-IP Link Controller systems is a redundant system configuration, which is a set of two Link Controllers: one operating as the active unit, the other operating as the standby unit. If the active unit goes offline, the standby unit immediately assumes responsibility for managing traffic. The new active unit remains active until another event occurs that would cause the unit to go offline, or you manually reset the status of each unit. This implementation uses and example based on the fictional company, SiteRequest. The following tables detail the network characteristics at SiteRequest. Table 5.1 outlines the basic characteristics of each Link Controller at SiteRequest.
Name lc1.siterequest.com Characteristics Self IP address 10.1.1.20 on link1 VLAN Self IP address 10.1.2.20 on link2 VLAN Self IP address 172.168.1.20 on internal VLAN Floating IP address 10.1.1.50 on link1 VLAN Floating IP address 10.1.2.50 on link2 VLAN Floating IP address 172.168.1.50 on internal VLAN Management IP address 192.168.1.1 lc2.siterequest.com Self IP address 10.1.1.21 on link1 VLAN Self IP address 10.1.2.21 on link2 VLAN Self IP address 172.168.1.20 on internal VLAN Floating IP address 10.1.1.50 on link1 VLAN Floating IP address 10.1.2.50 on link2 VLAN Floating IP address 172.168.1.50 on internal VLAN Management IP address 192.168.1.2

Table 5.1 Sample Link Controller characteristics

Table 5.2 describes the links that SiteRequest uses.


Name link1 link2 Characteristics IP address: 10.1.1.5 IP address: 10.1.2.5

Table 5.2 Sample Link characteristics

BIG-IP Link ControllerTM: Implementations

5-1

Chapter 5

Table 5.3 describes the VLANs you will set up for SiteRequest.
Name VLAN 1 Characteristics Assigned interfaces: 1.1 (untagged) Role: Communication between network and the first link VLAN 2 Assigned interfaces: 1.2 (untagged) Role: Communication between network and the second link VLAN 3 Assigned interfaces: 1.3 (untagged) Role: Communication between Link Controllers and rest of internal network. Default Gateway NTP server IP address: 10.1.1.100 IP address: 192.168.5.15

Table 5.3 Sample VLAN characteristics

Table 5.4 describes several other network characteristics that play an important role in a redundant system configuration for SiteRequest.
Component NTP server Default Gateway Pool Characteristics IP address: 192.168.5.15 Name: gw_pool IP addresses: 10.1.1.5 and 10.1.2.5

Table 5.4 Other system settings for the example

5-2

Setting Up a Link Controller Redundant System Configuration

Setting up a Link Controller redundant system configuration


SiteRequest wants to create a Link Controller redundant system configuration. They have installed two Link Controller systems on the network, and can access each system from the management port. The tasks you must complete to configure the Link Controller redundant system are: Configure the redundant system settings of each Link Controller Create VLANs Assign self IP addresses to both systems Create floating IP addresses that are shared by the systems. Configure the high availability options Define the NTP server Define the default gateway route Define a listener for incoming DNS traffic Run the configuration synchronization operation Enable synchronization Add links Conduct the initial configuration synchronization between systems through the gtm_add utility

BIG-IP Link ControllerTM: Implementations

5-3

Chapter 5

Configuring the redundant system settings


The first task in creating a redundant system configuration with two Link Controllers is to define each Link Controller as part of a redundant system.

To configure redundant system settings for the active Link Controller


1. On the Main tab of the navigation pane, expand System and then click Platform. 2. From the High Availability list, select Redundant Pair. 3. From the Unit ID list, select 1. 4. Click Update.

To configure redundant system settings for the standby Link Controller


1. On the Main tab of the navigation pane, expand System and then click Platform. 2. From the High Availability list, select Redundant Pair. 3. From the Unit ID list, select 2. 4. Click Update.

Creating VLANs for Link Controller redundant systems


The next task in this implementation is to set up several VLANs. These VLANs encompass the IP addresses associated with the Link Controllers and the other network components that help manage DNS traffic. For this example, create three VLANs: link1 For traffic between the Link Controllers and the Link1 router. link2 For traffic between the Link Controllers and the Link2 router internal For communication between the two Link Controllers and the rest of the internal network
Important

Apply the following procedures to both the active and standby Link Controllers.

5-4

Setting Up a Link Controller Redundant System Configuration

To create the first VLAN


1. On the Main tab of the navigation pane, expand Network and then click VLANs. 2. Click Create. 3. In the Name box, type the name of the first VLAN. For this example, type link1. 4. For the Interfaces setting, use the Move buttons to assign the interface 1.1 to the Untagged list. 5. Click Finished.

To create the second VLAN


1. On the Main tab of the navigation pane, expand Network and then click VLANs. 2. Click Create. 3. In the Name box, type the name of the second VLAN. For this example, type link2. 4. For the Interfaces setting, use the Move buttons to assign the interface 1.2 to the Untagged list. 5. Click Finished.

To create the internal VLAN


1. On the Main tab of the navigation pane, expand Network and then click VLANs. 2. Click Create. 3. In the Name box, type the name of the internal VLAN. For this example, type internal. 4. For the Interfaces setting, use the Move buttons to assign the interface 1.3 to the Untagged list. 5. Click Finished.

BIG-IP Link ControllerTM: Implementations

5-5

Chapter 5

Assigning self IP addresses


With a VLAN in place, assign self IP addresses to each Link Controller. These self IP addresses identify the Link Controller on a per VLAN basis.
Note

Apply the following procedures to both the active and standby systems.

To assign self IP addresses to the first VLAN


1. On the Main tab of the navigation pane, expand Network and then click Self IPs. 2. Click Create. 3. In the IP address box, type the self IP address for the system that applies to the VLAN. For this example, type one of the following: If you are configuring lc1.siterequest.com, type 10.1.1.20 If you are configuring lc2.siterequest.com, type 10.1.1.21 4. In the Netmask box, type the subnet mask that applies to this IP address. For this example, type 255.255.255.0. 5. From the VLAN list, select the appropriate VLAN. In this example, select link1. 6. Click Finished.

To assign self IP addresses to the second VLAN


1. On the Main tab of the navigation pane, expand Network and then click Self IPs. 2. Click Create. 3. In the IP address box, type the self IP address for the system that applies to the VLAN. For this example, type one of the following: If you are configuring lc1.siterequest.com, type 10.1.2.20 If you are configuring lc2.siterequest.com, type 10.1.2.21 4. In the Netmask box, type the subnet mask that applies to this IP address. For this example, type 255.255.255.0. 5. From the VLAN list, select the appropriate VLAN. In this example, select link2. 6. Click Finished.

5-6

Setting Up a Link Controller Redundant System Configuration

To assign self IP addresses to the internal VLAN


1. On the Main tab of the navigation pane, expand Network and then click Self IPs. 2. Click Create. 3. In the IP address box, type the self IP address for the system that applies to the VLAN. For this example, type one of the following: If you are configuring lc1.siterequest.com, type 172.168.1.20 If you are configuring lc2.siterequest.com, type 172.168.1.21 4. In the Netmask box, type the subnet mask that applies to this IP address. For this example, type 255.255.255.0. 5. From the VLAN list, select the appropriate VLAN. In this example, select internal. 6. Click Finished.

Creating floating IP addresses


In a redundant system configuration, both Link Controllers share common IP addresses called floating IP addresses. To the rest of the network, this floating IP address represents the active Link Controller. If the primary unit goes offline, the secondary unit takes over traffic destined for the floating IP address. This setup ensures that network traffic flows smoothly in the event a failover occurs. Typically, each unit in a redundant system configuration shares a floating IP address for each VLAN on which the redundant system operates. In this implementation, you need to create three floating IP addresses. These IP addresses represent the two Link Controllers on the link1, link2, and internal VLANs.
Important

For this task, configure only the active system. The settings you configure on this system are transferred to the standby system during a synchronization that you initiate later in this implementation.

To create a floating IP address for the first VLAN


1. On the Main tab of the navigation pane, expand Network and then click Self IPs. 2. Click Create. 3. In the IP address box, type the floating IP address that is shared between both units. In this example, type 10.1.1.50.

BIG-IP Link ControllerTM: Implementations

5-7

Chapter 5

4. In the Netmask box, type the subnet mask that applies to the floating IP address. For this example, type 255.255.255.0. 5. Check the Floating IP box. 6. Click Finished.

To create a floating IP address for the second VLAN


1. On the Main tab of the navigation pane, expand Network and then click Self IPs. 2. Click Create. 3. In the IP address box, type the floating IP address that is shared between both units. In this example, type 10.1.2.50. 4. In the Netmask box, type the subnet mask that applies to the floating IP address. For this example, type 255.255.255.0. 5. Check the Floating IP box. 6. Click Finished.

To create a floating IP address for the internal VLAN


1. On the Main tab of the navigation pane, expand Network and then click Self IPs. 2. Click Create. 3. In the IP address box, type the floating IP address that is shared between both units. For this example, type 172.168.1.50. 4. In the Netmask box, type the subnet mask that applies to the floating IP address. In this example, type 255.255.255.0. 5. Check the Floating IP box. 6. Click Finished.

5-8

Setting Up a Link Controller Redundant System Configuration

Configuring the high availability options


The options associated with creating a redundant system configuration include the IP addresses of each system, the type of redundant system, and other options.
Important

Apply the following procedure to both the active and standby systems.

To configure high availability options


1. On the Main tab of the navigation pane, expand System and then click High Availability. 2. On the menu bar, click Network Failover. 3. Click the Network Failover box. 4. In the Peer Management Address box, delete the colons (::) and type the management IP address of the peer unit. For this example, type 192.168.1.1. 5. For the Unicast setting, add an entry: a) In the Configuration Identifier box, type a unique name for the unicast entry. For this example, type Link Controller. b) In the Local Address box, type the self IP address associated with the failover VLAN you created on the unit you are configuring. For this example, type 172.168.1.20. c) In the Remote Address box, type the self IP address associated with the failover VLAN you created on the peer unit. In this example, type 172.168.1.21. d) Click Add.
Important

In this example, for the lc2.siterequest.com system, use 192.168.1.2 for the Peer Management Address, and reverse the values of the Local Address and Remote Address settings. Optionally, define a set of secondary failover IP addresses. In this example, the secondary failover addresses can be the self IP addresses the Link Controllers use to communicate with link1 or link2.

BIG-IP Link ControllerTM: Implementations

5-9

Chapter 5

Defining an NTP server


The next task of this implementation requires defining an NTP server that both Link Controllers use during synchronization options. This task is important because it determines a common time value for both systems. During file synchronizations, the systems use this time value to see if any newer configuration files exist.
Important

Apply the following procedure to both the active and standby systems.

To define an NTP server


1. On the Main tab of the navigation pane, expand System and then click Configuration. 2. From the Device menu, choose NTP. 3. In the Address box, type the IP address of the NTP server you want to use. For this example, type 192.168.5.15. 4. Click Add. 5. Click Update.

Defining the default gateway route


The next task is to define the default gateway for network traffic. (In this example, the default gateway is a pool containing the IP addresses that correspond to the link1 and link2 links.) Once you create this pool, you can create a default route within the Link Controllers.
Important

Apply the following procedures to both the active and standby systems.

To create a default gateway pool


1. On the Main tab of the navigation pane, expand Local Traffic and then click Pools. 2. Click Create. 3. In the Name box, type the name of the default gateway pool. For this example, type gw_pool. 4. For the Health Monitors setting, use the Move buttons to add gateway_icmp to the Active list. 5. From the Load Balancing Method list, select Dynamic Ratio (node).

5 - 10

Setting Up a Link Controller Redundant System Configuration

6. For the New Members setting, add the IP address of each link. For this example type the following: IP address 10.1.1.5, selecting All Services from the Service Port list. This IP address represents the link1 link. IP Address 10.1.2.5, selecting All Services from the Service Port list. This IP address represents the link2 link. 7. Click Add. 8. Click Finished.

To define the default route


1. On the Main tab of the navigation pane, expand Network and then click Routes. 2. Click Add. 3. From the Type list, select Default Gateway. 4. From the Resource list, select Use Pool and then select the name of the default gateway pool. In this example, select gw_pool from the list. 5. Click Finished.

Defining a listener
The Link Controller employs a listener to identify the traffic for which it is responsible. In this example, create a listener that corresponds to the floating IP address shared between the two systems.
Important

For this task, configure only the active system. The settings you establish on this system are transferred to the standby system during a synchronization that you initiate later in this process.

To configure the listener


1. On the Main tab in the navigation pane, expand Link Controller and then click Listeners. 2. Click Create. 3. In the Destination box, type the IP address on which the system listens for network traffic. For this example type 10.1.1.50. 4. From the VLAN Traffic list, select All VLANs. 5. Click Finished.

BIG-IP Link ControllerTM: Implementations

5 - 11

Chapter 5

Running a configuration synchronization operation


For a redundant system configuration, you must employ an additional synchronization option to share the self IP address, default route, and other information you configured on both the active and standby systems.
Important

For this task, ensure that you are working with the active Link Controller system.

To run a config sync operation


1. On the Main tab of the navigation pane, expand System and then click High Availability. 2. On the menu bar, click ConfigSync. 3. Click Synchronize TO Peer. The system synchronize settings to the standby Link Controller; in this example, lc2.siterequest.com. 4. Click OK.

Enabling synchronization
For the next task, you enable the synchronization options and assign an appropriate name for the synchronization group.
Important

For this task, configure only the active system. The settings you establish on this system are transferred to the standby system during a synchronization that you initiate later in this process.

To enable synchronization
1. On the Main tab of the navigation pane, expand System and then click Configuration. 2. From the Global Traffic menu, choose General. 3. Check the Synchronization check box. 4. Check the Synchronize DNS Zone Files check box. 5. In the Synchronization Group Name box, type the name of the synchronization group. For this example, type Link Controller Group A. 6. Click Update.

5 - 12

Setting Up a Link Controller Redundant System Configuration

Adding links
The next task is to add the links that represent the two Internet connections. Each Link Controller configuration must contain at least two links for the system to load balance network traffic.
Important

For this task, configure only the active system. The settings you establish on this system are transferred to the standby system during a synchronization that you initiate later in this process.

To add a link
1. On the Main tab of the navigation pane, expand Link Controller, and then click Links. 2. Click Create. 3. In the Name box, type the name of the link. For this example, type link1. 4. In the Router Address box, type the IP address of the link. In this example, type 10.1.1.5. 5. For the Health Monitors setting, use the Move buttons to add the bigip_link monitor to the Enabled list. 6. Click Finished.

Repeat the procedure to define the second link. In this example, the second link on the Link Controller, uses the name link2 and the router address 10.1.2.5.

BIG-IP Link ControllerTM: Implementations

5 - 13

Chapter 5

Running the gtm_add script


Lastly, you need to have the two units share the same configuration. For this implementation, that means you need to have the standby Link Controller acquire the configurations established on the active Link Controller. You must do this before you attempt to synchronize these systems; otherwise, you run the risk of having the new Link Controller, which is unconfigured, replace the configuration of older systems. To acquire the configuration files, you run the gtm_add script.
Important

Run the gtm_add script from the unconfigured Link Controller.

To run the gtm_add script


1. Log on to the standby system. In this example, log on to lc2.siterequest.com. 2. At the command prompt, type gtm_add. 3. Press the y key to start the gtm_add script. 4. Type the IP address of the active system. For this example, type 172.168.1.20. 5. Press Enter.

The gtm_add process begins, acquiring configuration data from the active Link Controller (in this example lc1.sitequrest.com). Once the process completes, you have successfully created a redundant system configuration consisting of two Link Controllers.

5 - 14

Glossary

Glossary

active unit In a redundant system configuration, the active unit is the system that currently load balances connections. If the active unit fails, the standby unit assumes control and begins to load balance connections. See also redundant system configuration. bandwidth load balancing In bandwidth load balancing, the Link Controller uses a specific link until a traffic threshold has been met. After that threshold is met, the Link Controller shifts traffic to another link. When the traffic falls below the threshold, the Link Controller shifts traffic back to the first link. Configuration utility The Configuration utility is the browser-based application that you use to configure the BIG-IP system. cost-based load balancing In cost-based load balancing, the system prioritizes link usage based on the cost of the bandwidth for that connection to the Internet. The Link Controller sends traffic to the link that is currently operating at the lowest cost. As the usage cost for each link changes, the Link Controller dynamically shifts traffic to the best link. default wildcard virtual server A default wildcard virtual server has an IP address and port number of 0.0.0.0:0. or *:* or "any":"any". This virtual server accepts all traffic that does not match any other virtual server defined in the configuration. See also wildcard virtual server. domain name A domain name is a unique name that is associated with one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.siterequest.com/index.html, the domain name is siterequest.com. floating IP address A floating self IP address is an additional self IP address for a VLAN that serves as a shared address by both units of a BIG-IP redundant system configuration. health monitor A health monitor checks a node to see if it is up and functioning for a given service. If the node fails the check, it is marked down. Different monitors exist for checking different services. See also health check, EAV, ECV, external monitor.

BIG-IP Link ControllerTM: Implementations

Glossary - 1

Glossary

interface The physical port on a BIG-IP system is called an interface. internal VLAN The internal VLAN is a default VLAN on the BIG-IP system. In a basic configuration, this VLAN has the administration ports open. In a normal configuration, this is a network interface that handles connections from internal servers. iQuery The iQuery protocol is used to exchange information between Global Traffic Manager systems and BIG-IP systems. The iQuery protocol is officially registered with IANA for port 4353, and works on UDP and TCP connections. link load balancing Link load balancing is defined as managing traffic across multiple Internet or wide-area network (WAN) gateways. listener A listener is a specialized resource that is assigned a specific IP address and uses port 53, the DNS query port. When traffic is sent to that IP address, the listener alerts the Global Traffic Manager, allowing it to handle the traffic locally or forward the traffic to the appropriate resource. load balancing method A particular method of determining how to distribute connections across a load balancing pool. load balancing pool See pool. local DNS A local DNS is a server that makes name resolution requests on behalf of a client. With respect to the Global Traffic Manager, local DNS servers are the source of name resolution requests. Local DNS is also referred to as LDNS. member Member is a reference to a node when it is included in a particular load balancing pool. Pools typically include multiple member nodes. monitor The Link Controller uses monitors to determine whether nodes are up or down. There are several different types of monitors and they use various methods to determine the status of a server or service.
Glossary - 2

Glossary

nameserver A nameserver is a server that maintains a DNS database, and resolves domain name requests to IP addresses using that database. name resolution Name resolution is the process by which a nameserver matches a domain name request to an IP address, and sends the information to the client requesting the resolution. Network Time Protocol (NTP) Network Time Protocol functions over the Internet to synchronize system clocks to Universal Coordinated Time. NTP provides a mechanism to set and maintain clock synchronization within milliseconds. pool A pool is composed of a group of network devices (called members). The Link Controller load balances requests to the nodes within a pool based on the load balancing method and persistence method you choose when you create the pool or edit its properties. pool member A pool member is a server that is a member of a load balancing pool. port A port can be represented by a number that is associated with a specific service supported by a host. Refer to the Services and Port Index for a list of port numbers and corresponding services. ratio A ratio is a parameter that assigns a weight to a virtual server for load balancing purposes. redundant system configuration Redundant system configuration refers to a pair of units that are configured for fail-over. In a redundant system, there are two units, one running as the active unit and one running as the standby unit. If the active unit fails, the standby unit takes over and manages connection requests. self IP address Self IP addresses are the IP addresses owned by the BIG-IP system that you use to access the internal and external VLANs. service Service refers to services such as TCP, UDP, HTTP, and FTP.

BIG-IP Link ControllerTM: Implementations

Glossary - 3

Glossary

Setup utility The Setup utility walks you through the initial system configuration process. You can run the Setup utility from the Configuration utility start screen. standby unit A standby unit in a redundant system configuration is a unit that is always prepared to become the active unit if the active unit fails. synchronization group A synchronization group is a group of Global Traffic Manager systems that synchronize system configurations and zone files (if applicable). All synchronization group members receive broadcasts of metrics data from the big3d agents throughout the network. All synchronization group members also receive broadcasts of updated configuration settings from the Global Traffic Manager that has the latest configuration changes. virtual server Virtual servers are a specific combination of virtual address and virtual port, associated with a content site that is managed by an Link Controller or other type of host server. VLAN VLAN stands for virtual local area network. A VLAN is a logical grouping of network devices. You can use a VLAN to logically group devices that are on different network segments. wide IP A wide IP is a collection of one or more fully-qualified domain names that maps to one or more pools of virtual servers that host the content of the domains, and that are managed either by BIG-IP systems, or by host servers. The Global Traffic Manager load balances name resolution requests across the virtual servers that are defined in the wide IP that is associated with the requested domain name. wildcard virtual server A wildcard virtual server is a virtual server that uses an IP address of 0.0.0.0, * or "any". A wildcard virtual server accepts connection requests for destinations outside of the local network. Wildcard virtual servers are included only in Transparent Node Mode configurations. See also default wildcard virtual server. zone In DNS terms, a zone is a subset of DNS records for one or more domains.

Glossary - 4

Glossary

zone file In DNS terms, a zone file is a database set of domains with one or many domain names, designated mail servers, a list of other nameservers that can answer resolution requests, and a set of zone attributes, which are contained in an SOA record.

BIG-IP Link ControllerTM: Implementations

Glossary - 5

Glossary

Glossary - 6

Index

Index

A
active unit 5-1

I
inbound traffic option 4-1 incremental segments 3-1, 3-4 initial system setup 2-3 Internet, and physical connections 2-10 Introducing the Link Controller 2-1 IP address assigning for redundant systems 5-9 See also floating IP addresses. See also self IP addresses. See also wide IP.

B
bandwidth load balancing adding wide IPs 4-7 and inbound traffic 4-1 and outbound traffic 4-1 and total traffic 4-1 and virtual servers 4-5 configuring 4-2 basic Link Controller configuration about 2-1

L
LCD panel about menus 2-2 about X button 2-2 using to set default route 2-2 using to set management interface IP address 2-2 licensing the Link Controller 2-3 Link Controller and cost-based load balancing 3-1 and redundant systems 5-1 introducing 2-1 provisioning 2-6 Link Controller and licensing 2-3 links and bandwidth load balancing 4-3 and cost-based load balancing 3-4 and virtual servers 3-5 and wildcard virtual servers 3-6 configuring 3-4, 4-3 creating primary 3-3, 4-2 creating secondary 3-3, 4-2 defining configuration properties 5-13 listeners and redundant systems 5-11 creating 2-12 load balancing adding wide IPs 3-7 using cost-based parameters 3-1 load balancing pool, creating 2-13

C
configuration synchronization operation 5-3 Configuration utility, accessing 2-4 cost-based load balancing adding wide IPs 3-7 and incremental segments 3-1 and prepaid segments 3-1 and weighting 3-1 configuring 3-3 defined 3-1 example 3-2

D
default gateway pool and bandwidth load balancing 4-4, 4-5 and cost-based load balancing 3-5 creating 2-9 See also gateway pool. default gateway route 5-10 default route configuring for the default gateway 2-9 setting using the LCD panel 2-2 setting using tmsh 2-2

F
failover IP addresses 5-9 floating IP addresses 5-7

M
management interface IP address setting using the LCD panel 2-2 setting using tmsh 2-2 menus on LCD panel 2-2

G
gateway pool and bandwidth-based load balancing 4-4 and cost-based load balancing 3-5 defining 5-10 See also default gateway pool. gateway route 5-10

N
NTP server 5-10

H
host name, configuring for Link Controller system 2-6 BIG-IP Link ControllerTM: Implementations

O
outbound traffic option 4-1

Index - 3

Index

P
pool, creating load balancing 2-13 prepaid segments 3-1 primary links 3-3 provisioning software modules 2-6

W
weighting 3-1 wide IP adding 3-7, 4-7 and inbound load balancing 3-7 creating 2-15 wildcard virtual server, creating 2-15

R
redundant systems adding links 5-13 and Link Controllers 5-1 configuring for Link Controllers 5-4 synchronizing 5-12

X
X button on LCD panel 2-2

Z
zones, synchronizing 5-12

S
secondary links 3-3 self IP addresses, and Link Controller redundant systems 5-6 settings, for redundant systems 5-4 Setup utility preventing from starting 2-5 running 2-4 standby unit 5-1 synchronization, and redundant systems 5-12 system settings, redundant 5-4 system setup, performing initial 2-3

T
total traffic option 4-1 traffic, assigning thresholds 4-1

U
user accounts, configuring for Link Controller system 2-6

V
virtual servers adding 3-6, 4-5 configuring 3-6 creating 2-14 creating wildcard 2-15 defining 4-5 using wildcard 3-6 VLANs and floating IP addresses 5-7 creating 2-7 creating for redundant systems 2-7, 5-4

Index - 4