Sunday, 4 August 2019

F5 Networks BIGIP Components

What are F5 Networks BIG-IP components? What is the purpose of using them?
BIG-IP DNS Listener
Listener is a special virtual server that provides DNS services in connection point number 53 and IP address which is assigned to the listener. When a DNS query is sent to the listener, BIG-IP DNS puts request into the process as a local and sends it into the suitable resource.

BIG-IP DNS responses to the DNS queries on the basis of listener. Number of generated listeners depend on network configuration and targets that certain queries are sent to it. For instance, a BIG-IP DNS can be a primary authorized server for one environment and sends other DNS queries to the different DNS server. BIG-IP DNS manages and answers DNS queries for Wide IP’s that always configured on system.

Data Centers
All resources in a network are associated with a data center. BIG-IP DNS combines metric data and aggregated ways from connections, virtual servers and servers that are located at data center. BIG-IP DNS uses these dataswith based on a variety of factors for load balancing and steering client requests to the resource that demonstrates the best performance. BIG-IP DNS can send all requests to the data center when other data center is closed. This can be a good result for disaster recovery centers.

As an alternative way, BIG-IP DNS can send a request to the data center where response time is the fastest. On the other hand, BIG-IP DNS can request the data center that is nearest to the customer resource address. It can send a customer in Adana to a host machine in Adana instead of Istanbul, which greatly reduces traffic time. 

Virtual Servers
         Virtual server is a connection point number that includes a certain IP address and a port number which points to a resource on the network. This IP address and port number demonstrate the source itself on host computer servers. Virtual servers and load balancing systems are usually proxies that allow load balancing server to manage requests that come from many resources.
Links
         Link is a BIG-IP DNS or BIG-IP Link Contoller configuration object that represents a physical device that connects to the Internet. BIG-IP DNS observes performance of connections. Performance results affect usability of distributed applications, Wide IP’s, pools and data centers.

     When you create one or more links, BIG-IP system uses the logic at the below for correlating virtual servers with connection objects:
  • BIG-IP DNS and BIG-IP Link Controller correlates virtual server and connection with matching the subnet addresses of the virtual server, connections and Self IP address. Most of time, virtual server is correlated with the connection that has same subnet with Self-IP address.
  • In some conditions, BIG-IP DNS and BIG-IP Link Controller don’t correlate virtual server and connection because of subnet addresses don’t adapt. When this happens, system correlates virtual server with the supposed link that assigned to data center.
  • If virtual server correlates with a link that does not provide network connection to this virtual server, BIG-IP DNS and BIG-IP Link Controller can accidently convert virtual server IP address into Wide IP query in DNS response; connection is assigned as offline or close.
DNS Express
          DNS Express provides BIG-IP system to see a function as a replicated authoritative name server and rapidly answers the DNS queries. In addition to this, DNS Express doesn’t have same vulnerabilities with BIND application. Because it doesn’t use BIND DNS software.
          DNS Express supports standard DNS NOTIFY protocole that comes from primary authority name servers and it uses AXFR / IXFR mechanism for transferring region datas.
          DNS Express doesn’t support log changing. Instead of this, logs are changed at primary name server and DNS Express is informed about changes.
DNS Cache
          Transparent DNS Cache can be configured to use external DNS resolvers for solving the queries at BIG-IP system. After that, it can be configured to take responses into the cache which comes from more than one external resolvers.
          Resolver DNS Cache can be configured on BIG-IP system to solve DNS queries and taking responses into cache. System sends response from cache when it gets query for an answer that is located at cache. Resolver cache includes messages, resource logs and name servers which is asked to solve system’s DNS queries. 

Validating Resolver DNS cache can be configured to query common DNS servers repeatedly, correcting DNS server’s identity that sends responses and getting responses into cache. System turns the DNSSEC compatible reaction from cache when it receives a query that stayed at the cache before. Validating resolver DNS cache includes messages, log resources and name servers that system asks for resolving DNS cache, DNS queries and DNSSEC keys.
DNSSEC
             DNSSEC is an extension that provides integrity of data which are rounded from region name searchings by adding a chain of trust to the DNS hierarchy. DNSSEC provides origin genuineness, data integrity and secure denial of existence.
              Especially origin genuineness provides correction of analyzing datas that comes from accurate authority resource. Data Integrity verifies responses that are not changed during the arrival. The basis of DNSSEC is public key cryptography. One chain of trust is generated with public-private keys on all layers of DNS architecture. 



No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...