Manuals / Brands / Computer Equipment / Network Router / Dell / Computer Equipment / Network Router

Dell 3-DNS Configuring the 3-DNS mode, Configuring user authentication

1 165

Download 165 pages, 1.89 Mb

Using the Setup Utility

3-DNS® Administrator Guide 3 - 11

Configuring the 3-DNS mode

The 3-DNS Controller can run in three different modes: node, bridge, and

router.

◆Node mode

The node mode is the traditional installation of the 3-DNS Controller.

The 3-DNS Controller replaces a DNS server in a network and uses the

DNS server’s IP address. All DNS traffic is directed at the 3-DNS

Controller because it is registered with InterNIC as authoritative for the

domain. In node mode, you usually run BIND on the system to manage

DNS zone files. In node mode, you may also use the NameSurfer

application available to manage your zone files.

◆Bridge mode

In bridge mode, the 3-DNS Controller acts as an IP bridging device by

forwarding packets between two LAN segments (usually on the same IP

subnet). The system usually has one IP address, and is installed between

the router or switch, and the authoritative DNS server. The 3-DNS

Controller does not replace the authoritative DNS server.

The 3-DNS Controller filters all DNS packets that match wide IPs, and

forwards the remaining packets to the authoritative DNS server for

resolution. Note that this may be the preferred method of using the

3-DNS Controller because you do not have to replace the authoritative

DNS server, and you can perform out-of-band testing before you deploy

3-DNS software upgrades.

◆Router mode

In router mode, the 3-DNS Controller acts as a router by forwarding

packets between two different IP subnets. You can put the 3-DNS

Controller anywhere in the network topology so that packets destined for

the authoritative DNS server have to pass through it. Router mode

requires at least two IP addresses and two VLANs. Router mode is

probably most useful for Internet service providers (ISPs) that want to

redirect traffic to local content servers. For example, by using the 3-DNS

Controller in router mode, an ISP can redirect requests for

ads.siterequest.net to a local ad server.

Configuring user authentication

When you run the Setup utility, you can configure authentication for 3-DNS

user accounts either through an external LDAP or RADIUS server, or

locally on the 3-DNS Controller. The following sections describe these two

authentication options.

Note

The root and admin accounts are always authenticated locally.

Contents

Main Page 3-DNS Administrator Guide i Product Version Legal Notices Copyright Trademarks Export Regulation Notice Standards Compliance Acknowledgments 3-DNS Administrator Guide iii Page Page Page Introduction Planning the 3-DNS Configuration Using the Setup Utility Post-Setup Tasks Essential Configuration Tasks Configuring a Globally-Distributed Network Configuring a Content Delivery Network Page Page Page IMPORTANT HARDWARE INFORMATION Getting started Choosing a configuration tool Setup utility Configuration utility NameSurfer application 3-DNS Maintenance menu Using the Administrator Kit Identifying new terms Identifying references to products Identifying references to objects, names, and commands Identifying references to other documents Identifying command syntax What is the 3-DNS Controller? Internet protocol and network management support Security features Configuration scalability System synchronization options Configuring data collection for server status and network path data Redundant system configurations Monitoring the 3-DNS Controller and the network Comparing a 3-DNS Controller to a BIG-IP system Whats new in version 4.5 Automatic discovery Easy system account and password creation Enhanced synchronization Expanded statistics Multi-homing and firewall support Security enhancements Finding help and technical support resources Page Page Page Page Page Using a 3-DNS Controller as a standard DNS server Load balancing connections across the network Working with 3-DNS Controllers and other products Page Planning issues for the network setup Configuring the base network Defining data centers and servers Planning a sync group Understanding how a sync group works Understanding how the time tolerance variable affects a sync group Setting up communications on a 3-DNS Controller Setting up communication between crypto and non-crypto systems Setting up data collection with the big3d agent Choosing the 3-DNS mode Running a 3-DNS Controller in node mode Using the 3-DNS synchronization features Importing BIND files to NameSurfer during an initial installation Running a 3-DNS Controller in bridge mode or router mode Page Page Page Creating the initial software configuration with the Setup utility Connecting to the 3-DNS Controller for the first time Running the utility from the console or serial terminal Running the Setup utility remotely Setting up an IP alias for the default IP address before you start the unit Page Starting the utility from the command line To start the Setup utility from the console To start the Setup utility from the command line from a remote administrative workstation Using the Setup utility for the first time Keyboard type Root password Host name Redundant system settings Unit IDs Choosing a fail-over IP address Fail-over type Setting the interface media type Configuring VLANs and IP addresses Assigning interfaces to VLANs Associating the primary IP address and VLAN with the host name Configuring a default gateway pool Configuring remote web server access Configuring remote administrative access Setting support access Setting the time zone Configuring NTP support Configuring the 3-DNS mode Configuring user authentication Using the local LDAP database only Configuring the unit to use an external LDAP or RADIUS server Configuring external LDAP authentication Configuring external RADIUS authentication Configuring NameSurfer for zone file management To open the NameSurfer application Running the Setup utility after creating the initial software configuration Options available only through the Setup utility menu Initialize the iControl portal Configuring RSH Configuring Telnet Configuring FTP Page Page Page Page Introduction Configuring the interfaces Understanding the interface naming convention Displaying status for interfaces Setting the media type Setting the duplex mode Working with VLANs Default VLAN configuration Creating, renaming, and deleting VLANs To create a VLAN using the Configuration utility To rename or delete a VLAN using the Configuration utility To create, rename, or delete a VLAN from the command line Configuring packet access to VLANs Port-based access to VLANs Tag-based access to VLANs Configuration procedures To create a VLAN that supports tag-based access using the To configure tag-based access on an existing VLAN using the To create a VLAN that supports tag-based access from the Setting up security for VLANs To enable or disable port lockdown using the Configuration To enable or disable port lockdown from the command line Setting fail-safe timeouts for VLANs To set the fail-over timeout and arm the fail-safe using the To set the fail-over timeout and arm the fail-safe from the Setting the MAC masquerade address Configuring a self IP address To add a self IP address to a VLAN using the Configuration To add a self IP address to a VLAN from the command line Page Page Page Reviewing the configuration tasks Setting up a basic configuration Setting up a data center To configure a data center using the Configuration utility Setting up servers Defining 3-DNS Controllers To define a 3-DNS Controller using the Configuration utility Page To add virtual servers using the Configuration utility Defining a BIG-IP system with the 3-DNS module To add a BIG-IP system with the 3-DNS Controller module using the Configuration utility Defining a router To define a router using the Configuration utility Defining EDGE-FX systems To define an EDGE-FX system using the Configuration utility To add virtual servers using the Configuration utility Defining host servers To define a host using the Configuration utility To add more virtual servers using the Configuration utility Configuring host SNMP settings Viewing host performance metrics Reviewing SNMP configuration issues Working with sync groups Configuring sync groups To define a sync group using the Configuration utility Setting the time tolerance value To check the value for the time tolerance setting using the To check the value for the time tolerance setting in the configuration file Overview of auto-configuration To modify the auto-configuration setting for a BIG-IP system using the Configuration utility To modify the auto-configuration setting for a host using the To modify the auto-configuration setting for a 3-DNS Controller using the Configuration utility Configuring global variables To configure global parameters using the Configuration utility Page Page Page Understanding a globally-distributed network Using Topology load balancing Setting up a globally-distributed network configuration Adding data centers to the globally-distributed network To add data centers using the Configuration utility Adding 3-DNS Controllers to the globally-distributed network To add 3-DNS Controllers using the Configuration utility Adding BIG-IP systems to the globally-distributed network To add BIG-IP systems using the Configuration utility Adding wide IPs to the globally-distributed network configuration To add a wide IP and pool using the Configuration utility Configuring topology records for the globally-distributed network To configure topology records using the Configuration utility Additional configuration settings and tools Setting limits thresholds To set limits thresholds for BIG-IP systems Page Page Page Introducing the content delivery network Using the 3-DNS Controller in a CDN Reviewing a sample CDN configuration Page Deciding to use a CDN provider Setting up a CDN provider configuration Adding data centers To add data centers using the Configuration utility Adding 3-DNS Controllers To add 3-DNS Controllers using the Configuration utility Adding load balancing servers Adding wide IPs and pools To add a wide IP and pool using the Configuration utility To add a CDN provider pool to the wide IP Adding a topology statement To set up topology records using the Configuration utility Ensuring resource availability Monitoring the configuration Page Page Overview of Quality of Service Understanding QOS coefficients Customizing the QOS equation To modify global QOS coefficients using the Configuration utility To modify QOS coefficients for a specific wide IP using the To assign global QOS coefficients from the command line To assign QOS coefficients for a specific wide IP from the Using the Dynamic Ratio option To turn on the Dynamic Ratio option using the Configuration To turn on the Dynamic Ratio option from the command line Working with Quality of Service 3-DNS Administrator Guide 8 - 7 6. Commit the changes to the configuration by typing: Figure 8.4 Enabling dynamic ratio in a pool configuration Page Page Page Overview of the Global Availability load balancing mode Page Configuring the Global Availability mode To configure the Global Availability load balancing mode among pools from the command line To configure the Global Availability load balancing mode within a pool from the command line A Global Availability configuration example Page Page Page Working with multiple 3-DNS Controllers Preparing to add a second 3-DNS Controller to your network Installing the hardware and running the Setup utility Making the existing 3-DNS Controller aware of the additional controller Running the 3dns_add script To run the 3dns_add script Verifying the configuration To verify that each 3-DNS Controller has the necessary agents and daemons running To verify that the servers you configured are up To verify that the virtual servers you configured are up To verify that the wide IPs are load balancing properly Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page A B C D E F G H I L M N O P S T U V W Z