DNS RESOLUTION STEPS !!

 Click Below Image to Enlarge ..

STEP BY STEP : HOW A WEBSITE OPENS?

=====================
1. Open Website in Browser like Chrome, Mozilla etc.
=====================
2. Next step is we want IP address details, which is mapped with the Website
=====================
3. Browser Cache is checked, details will be present if website is visited recently on this browser
=====================
4. Computer Cache is checked, details will be present if website is visited recently on this computer
=====================
5. Recursive DNS is checked, Recursive DNS is simply the Default DNS fed to our computers by the ISP. Details will be present if some other customer connected to this ISP have accessed the same website using same Default DNS.
=====================
6. Request goes to Root DNS. Root DNS do not maintain the mapping details.
=====================
7. Root DNS simply checks the extension details like “.com”
===================== 
8. Then Root DNS sends Request to Name Server, which is responsible for “.com” TLD 
=====================
9. Then .com Name Server tells where to find Authoritative Name Server
=====================
10. On Authoritative Name Server, A record will be present 
=====================
11. A record contains Website to IP mapping details
=====================
12. This details will now be saved in cache for next time quicker DNS resolution
=====================

F5 : DNS WORKING : FIVE STEPS !!

=======================
Step 1 : DNS Listener 
=======================
Client request received to DNS listener on port 53
=======================
Step 2 : Wide IP Checked
=======================
DNS checks if received URL matches with Wide IP list available
=======================
Step 3 : Pool Selection 
=======================
Once Wide IP matches, then eligible Pool is selected
=======================
Step 4 : Virtual Server Selection 
=======================
Once Pool is selected, then eligible Virtual server is selected
=======================
Step 5 : IP Address Details
=======================
IP Address of eligible Virtual Sever is passed onto client as a DNS resolution
=======================
SUMMARY
=======================
Client Request >> DNS Listener >> Wide IP checked >> Pool Selected >> Virtual Server Selected >> Virtual Server IP returned as DNS Resolution
=======================

F5 pool troubleshooting

If few servers in .. F5 SERVER POOL are not working, then Connections will be dropped simply or Speed will be slow ?

anwers:

a.Connections will be droped if all servers related to application are behind that pool

b.Connection will be dropped if the pool is down as the VIP will be marked in a down state, make sure the health monitor port of pool on the physical server is opened !

c. connections should not be dropped and delay then depends on the volume of traffic hitting the VIP and LB menthod as well.we check  use of least connections and see.

d.Connection will not drop if you have applied monitor because it will mark them as unavailable and will not give the traffic to those server.You will can face some delay that will depend on the remaining server capability

e.If all servers are not down, then client traffic should redirects to available pool member so we should get performance issue if available server load is too high

F5 CONFIGURATION ..

What are the standard steps?
Select Correct Sequence from Below,
1. Create Node
2. Create Pool
3. Create Virtual Server
4. Create Profile
5. Create iRule
6. Create Monitor

answers:

a.Monitor -> Node -> Pool -> profile ->iRule -> VS

b.In CLI, It is mandatory to do the prerequisite prior to VIRTUAL SERVER CREATION

c. In GUI also it is recommended, but won't give any error if mix up the sequence of steps

d.1. Health monitors for nodes and pool members
2. SNAT pools
3. Any necessary profiles
4. Any necessary iRules
5. Nodes that will be used in the pool members
6. Pool and pool members

F5 USEFUL / COMMON TERMS !!!!

- POOL
- POOL MEMBER
- NODE
- SERVICES
- CLUSTER
- VIRTUAL SERVER 
- Self IP 
- Auto Map
- Auto NAT
- SNAT 
- I-Rule
- Double NAT
- Persistence
- Source Persistence
- Destination Persistence
- Node Based Load Balancing 
- Service Based Load Balancing

Pools scenario 2

Suppose we have configured Server Pool with 3 members ..
1) How can we check the volume of traffic handled by each member in Server Pool ?
2) How can we check like from How long particular pool members is up and working fine?



Answers:



1.You can go to the pool and look at the vol of the traffic in the statistics tab

2. Go to the logs section and in the local traffic section search with that particular pool name.. It will show you for how long it has been up

Pools scenarios

1.Can we apply Health Check Monitor on Server Pool? What are the steps?

2.Can we apply multiple Health Check Monitor on same Server Pool?

3.Can we apply Health Check Monitor on Individual pool member? What are the steps?

1. Yes you can apply health monitor on the at the pool level this can be done in tab pool > your pool name > health monitor 
You can drag the desired health monitor you wish to apply.

2. Yes you can apply on node level as well this will be done on node > your node > healthmonitor.

3. Yes you can use multiple health checks on the same pool.

pool > your pool name > health monitor

Drag multiple health monitor from available option to your health monitor tab it will work.

iRule

What is irule?

An iRule  is feature on the big ip platform for the ability of big ip to manipulate server side and client side traffic all the way through application layer. iRule is script that can be made for the big ip platform to give ability to manage anytime ip traffic. iRule has potential to directly control the traffic as it passes through the platform by parsing the client or server headers or the payload of that data in making decision based on the content inside of it.

iRule example could be pool/node selection, or URL/port redirects.

For example :

User wants to go to www.F5network.com/F5 it can go to www. F5 network.com/F51234. Another common usable of irule is redirecting http to https. IRULE composed of two main items:

• Event declaration
• TCL codes

Event is to define the state the connection currently in. When the connection event matches, the irule will be triggered.

Once the irule is triggered,  the TCL code inside  the irule will be executed on that request.
For example in this irule:

I am going to explain part per part of this irule is supposed to mean:

“when HTTP_REQUEST” is the event declaration. It shows the condition of the connection that must be met. When it is met it will trigger this irule.

Above picture shows that once the iRULE is triggered it will run the tcl code.

So how to read this iRULE:

It is triggered the irule which will run tcl code with the condition of:

Then do this following:

We will redirect traffic into https.

Maybe you will have many questions about irule including what the uri is.

I am going to explain to you in the next blog