Beruflich Dokumente
Kultur Dokumente
Topic
A BIG-IP DNS (formerly BIG-IP GTM) synchronization group is a collection of multiple BIG-IP
DNS systems that synchronize BIG-IP DNS configuration settings and metrics information. You
must meet several minimum requirements for BIG-IP DNS synchronization group members to
communicate and synchronize properly.
Description
For the BIG-IP DNS synchronization group members to properly synchronize their configuration
settings, verify that the following requirements are in place:
BIG-IP DNS synchronization group members must be running the same software
version
A BIG-IP DNS device should be running the same software version as other members in
the synchronization group. BIG-IP DNS devices that are running different software
versions will not be able to communicate and properly synchronize BIG-IP DNS
configuration and zone files. For information about displaying the software version, refer
to K8759: Displaying the BIG-IP software version.
Synchronization must be enabled and each device must have the same synchronization
group name. You can define the synchronization parameters by navigating to:
BIG-IP DNS 11.5.0 and later:
Before you can synchronize BIG-IP DNS systems, you must define the network time
protocol (NTP) servers for all synchronization group members. Configuring NTP servers
ensures that each BIG-IP DNS synchronization group member is referencing the same
time when verifying the configuration data that needs to be synchronized. You can
configure NTP by navigating to System > Configuration > Device > NTP.
Port Lockdown must be set properly for the relevant self IP addresses
Port lockdown is a security feature that specifies the protocols and services from which a
self IP address can accept traffic. F5 recommends using the Allow Default option for self
IP addresses that are used for synchronization and other critical redundant pair
intercommunications. You can configure port lockdown by navigating to Network > Self
IPs.
BIG-IP DNS synchronization group members use TCP port 4353 to communicate. You
must verify that port 4353 is allowed between BIG-IP DNS systems.
The big3d process runs on BIG-IP systems and collects performance information on
behalf of the BIG-IP DNS system. For metrics collection to work properly,
synchronization group members must run the same version of the big3d process. For
more information about verifying big3d version information, refer to K13703: Overview
of big3d version management.
The device certificate is used by the F5 system to identify itself to a requesting F5 client
system. The default device certificate, /config/httpd/conf/ssl.crt/server.crt, must be
installed on each sync group member. You can verify the certificate validity by navigating
to System > Device Certificates.
Manual Chapter: Setting Up a Global Traffic Manager Redundant System
Configuration