3DNS同步机制

Sync group operations

Sync group operations have the five following components:

• Auto-configuration
• Configuration synchronization
• Metrics and object status
• LDNS records
• Failover pairs

Auto-configuration

If the autoconf process is enabled, 3-DNS polls the BIG-IP system for virtual server changes. However, to save processing bandwidth and reduce conflicts, only the principal 3-DNS Controller does this polling when a sync group is configured. Therefore, when autoconf discovers a virtual server change, the resulting change to the principal 3-DNS Controller's wideip.conf file causes the config sync function to start.

Configuration synchronization

3-DNS Controllers send out digests of their configuration files to all other configured 3-DNS Controllers using big3d over iQuery every 60 seconds. These digests include a timestamp. If a 3-DNS Controller's configuration has been changed, the later timestamp prompts 3-DNS to install the more recent configuration during the next update, causing all other 3-DNS Controllers in the sync group to request updates.

3dnsd requests a copy of the wideip.conf file by way of /usr/local/bin/syncer, in addition to other configuration files, such as topology records and production rules. These are obtained through Secure Copy (scp).

If the named.conf timestamp has changed and sync_named_conf variable is enabled, 3dnsd requests copies of the named.conf and NameSurfer configuration files, by way of the /usr/local/bin/rsync command. If zone information in the named.conf file has changed, 3-DNS requests the changes from the primary member of the synchronization group, by executing the /usr/local/bin/sync_zones command. Having received these updates, the 3-DNS Controller runs the ndc reload process to restart BIND, and runs the ns_restart process to restart NameSurfer.

Note: This functionality allows for zone files with multiple masters, which means that BIND's implementation of master/slave synchronization need not be used.

Each 3-DNS Controller now sends its own periodic digests updated with the new timestamp.

A 3-DNS configuration is considered to change, thereby causing a timestamp change, when any of the following actions occur:

• Updates are performed in Configuration utility
• 3dpipe enable/disable commands are run
• Changes are made to the configuration through iControl
• The 3ndc reload command is run
• The config sync process is performed with a peer 3-DNS instance (BIG-IP pair with 3-DNS option)

Note: It is recommended that all changes are performed on the principal 3-DNS Controller.

Metrics and object status

In 3-DNS version 4.5, the big3d daemon also collects metrics and status information for configuration objects. The principal 3-DNS Controller selects one big3d agent per datacenter to collect metrics on paths, hops, or LDNS statistics. The selected big3d agent monitors all other 3-DNS Controllers, including the principal 3-DNS controller, in its sync group and broadcasts collected metrics to all the 3-DNS Controllers directly.

LDNS records

LDNS records contain both metric and persistence information. LDNS records are synchronized at the pool TTL interval, rather than the synchronization interval. 3-DNS Controllers exchange LDNS request sequence numbers and the timestamps of their ldns.gz files. This is accomplished at a time interval determined by pool TTL. If the LDNS request sequence numbers and timestamp information do not match, a copy of the ldns.gz file will be requested using iQuery.

Failover pairs

The 3-DNS instance on a standby BIG-IP system with the 3-DNS option remains operational. Even though a sync group may only show the principal 3-DNS as being active, the synchronization process applies between the primary and secondary units.

Additional troubleshooting suggestions

Following is a list of additional troubleshooting suggestions:

• Since the 3-DNS synchronization process uses scp, which requires the use of port 22, verify that port 22 is open within firewalls between the 3-DNS systems.
• Verify that the SSH keys are properly shared between all the 3-DNS systems in the sync group by selecting the Configure SSH communication with remote devices option from the 3dnsmaint menu on the command line.
• If you edit your zone files manually, run the touch /etc/named.conf command when you are finished. This command modifies the timestamp in the named.conf file, which synchronizes the changes. If you use NameSurfer to edit zone files, this step is not required.
• If it appears that zone files are not being synchronized properly, it could mean that the wideip.conf file contains an entry to disable named synchronization. To correct this issue, perform the following procedure:
  1. Edit the /config/3dns/etc/wideip.conf file using a text editor, and locate the following line:

     sync_named_conf no

  2. If this line exists, remove it and save the file.
      
  3. Apply the change by typing the following command:

     3ndc reload

相关文章

• 密码保护：F5OS tenant部署后的容器情况、网络接口情况
• 密码保护：F5OS tenant镜像实例化后信息
• 密码保护：F5OS docker-compose.yml
• 密码保护：F5OS 底层容器、网络及k8s状态
• AI Gateway PII test page - internal only