Jump to content

iQuery issues troubleshooting


guru

116 views

gtm_communication_iQuery_ProberPools.png

REQUIREMENTS:

For the BIG-IP DNS synchronization group members to properly synchronize their configuration settings, verify that the following requirements are in place:

  • BIG-IP DNS synchronization group members must be running the same software version

    A BIG-IP DNS device should be running the same software version as other members in the synchronization group. BIG-IP DNS devices that are running different software versions will not be able to communicate and properly synchronize BIG-IP DNS configuration and zone files. For information about displaying the software version, refer to K8759: Displaying the BIG-IP software version.

  • Synchronization parameters must be properly defined for all members

    Synchronization must be enabled and each device must have the same synchronization group name. You can define the synchronization parameters by navigating to:

    BIG-IP DNS 11.5.0 and later:

    DNS > Settings > GSLB > General

    BIG-IP GTM 10.0.0 through 11.4.1:

    System > Configuration > Device > GTM > General

  • NTP must be configured on each device

    Before you can synchronize BIG-IP DNS systems, you must define the network time protocol (NTP) servers for all synchronization group members. Configuring NTP servers ensures that each BIG-IP DNS synchronization group member is referencing the same time when verifying the configuration data that needs to be synchronized. You can configure NTP by navigating to System > Configuration > Device > NTP.

  • Port Lockdown must be set properly for the relevant self IP addresses

    Port lockdown is a security feature that specifies the protocols and services from which a self IP address can accept traffic.

    F5 recommends using the Allow Custom option for self IP addresses that are used for synchronization and other critical redundant pair intercommunications. You can configure port lockdown by navigating to Network > Self IPs.

    Note: Management-IP address are not compatible with iQuery; you should not use them as server IP addresses in the DNS server list.

    Configure the service ports shown in the following table for BIG-IP DNS operation on the specific self IP.

    Allowed Protocol Service Service Definition
    TCP 4353 iQuery
    TCP 22 SSH
    TCP 53 DNS
    UDP 53 DNS
    UDP 1026 Network Failover

    For further information on Port Lockdown behavior, please refer to K17333 listed in the Supplemental Information section below.

  • TCP port 4353 must be allowed between BIG-IP GTM systems

    BIG-IP DNS synchronization group members use TCP port 4353 to communicate. You must verify that port 4353 is allowed between BIG-IP DNS systems.

  • Compatible big3d versions must be installed on synchronization group members

    The big3d process runs on BIG-IP systems and collects performance information on behalf of the BIG-IP DNS system. For metrics collection to work properly, synchronization group members must run the same version of the big3d process. For more information about verifying big3d version information, refer to K13703: Overview of big3d version management.

  • A valid device certificate must be installed on all members

    The device certificate is used by the F5 system to identify itself to a requesting F5 client system. The default device certificate, /config/httpd/conf/ssl.crt/server.crt, must be installed on each sync group member. You can verify the certificate validity by navigating to System> Device Certificates.

 

EXPLANATION of DNS SYNC

A BIG-IP DNS synchronization group is a collection of multiple BIG-IP DNS systems that share and synchronize configuration settings. You must meet several minimum requirements for BIG-IP DNS synchronization group members to communicate and synchronize properly.

Starting in 11.x, the BIG-IP DNS system uses a commit_id structure, which is linked to an MCP transaction, as a timestamp when updating the configuration for a given sync group. The BIG-IP DNS sync group communication flow works as follows:

  • The Configuration utility or the TMOS Shell (tmsh) communicates configuration changes to the mcpd process.
  • The mcpd process forwards the new configuration in its entirety to the local gtmd process.
  • The gtmd process updates the commit_id value and writes the new configuration to the /config/bigip_gtm.conf file.
  • The local big3d process begins advertising the updated commit_id value using heartbeat messages transmitted to all remote gtmd processes.
  • When a remote gtmd process notices that the peer BIG-IP DNS system has a newer commit_id value, the remote gtmd invokes the iqsyncer utility to pull the newer configuration.
  • The iqsyncer utility connects to the big3d process of the BIG-IP DNS system with the newer commit_id and requests the changes between the newer commit_id and its current commit_id.
  • The big3d process connects to its mcpd process and if the differences between commit_ids exist in the incremental config sync cache, then just these incremental changes are passed back. If not, the full configuration are passed in one or more messages.
  • The big3d process then transmits those messages back to the requesting iqsyncer utility, and iqsyncer passes the new configuration directly to its own mcpd process, which loads it into memory.
  • After the mcpd process receives the new configuration, it passes the configuration to its own gtmd process, which updates its timestamp with the commit_id of the source BIG-IP DNS system, and writes the configuration to the /config/bigip_gtm.conf file.

0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Announcements



×
×
  • Create New...

Important Information

Privacy Policy