Page tree

Contents

A topology rule maps a client IP address to a DNS Traffic Control pool or server. To use Topology as the load balancing method for a pool or an LBDN, you must define a topology ruleset containing at least one rule. The rulesets are configured globally. When the DNS Traffic Control returns a response, it evaluates the list of rules in the topology ruleset in order and uses the first match with an available destination. The method fails if there are no matches.

You can define the following topology rules in a ruleset:

  • Extensible Attribute rule
  • Subnet rule
  • Geography rule

In the DTC Topology ruleset for Subnet rule, Geographical rule, and Extensible Attribute topology rules there are options to choose the NOERR/NODATA response or the NXDOMAIN response. It will also allow you to set the Destination as SERVER or POOL for the subnet from IPAM object. The destination for a topology ruleset is either a server or a pool. An LBDN can use only topology rulesets with a pool as the destination. A pool can use only topology rulesets with a server as the destination.

You can also use CSV import to import rules into NIOS.

Limitations of Configuring Topology Rules and Rulesets

  • Based on the destination type of the DTC Topology ruleset settings, you can set the NOERR/NODATA or the NXDOMAIN response for a new DTC Topology rule. However, you cannot choose the destination DTC Pool or the DTC Server.
  • If the Destination Type is set as SERVER, then the topology rule set for DTC pool cannot have only NOERR and NXDOMAIN rules. This is because the NAMED does not process the queries in the IDNS if the incoming requests are matched to LBDN with no topology balance method. Also, the pools under this LBDN do not have active or existing servers. Hence a NOERR response is always received. To prevent this behavior, the grid must have at least one active server as the Rule Destination under any DTC pool in the LBDN to allow IDS processing for the current LBDN and Pool. The rule set must have at least one rule with the REGULAR Return Type.

  • The topology ruleset must have a specific order for the following rules:

    1. REGULAR rules

    2. NOERR rules

    3. NXDOMAIN rules

The ruleset cannot have rules with a REGULAR return type after the NOERR or NXDOMAIN rules are set in order. You will receive a warning message when you try to save the topology ruleset in any other order. However, the GRID automatically sorts the rules in the correct order, once you accept the warning message,.

Note

During the WAPI call, if the rules are not in the correct order, they are automatically sorted as WAPI does not give any warnings.

Defining Topology Rulesets

A topology ruleset can contain multiple rules. The rules in a topology ruleset must use the same destination type. Multiple LBDNs or pools can reuse a topology ruleset.

Each server that you use as a destination in the topology must exist in every pool that is using the topology. When you select Topology as a load balancing method for a pool, you can select one of these rulesets for the topology rules. The ruleset can be a combination of extensible attribute, subnet, and/or geography rules.

Note the following about extensible attribute, subnet, and geography source matches:

  • A rule with an extensible attribute source matches if a client query comes from the network that has the specified set of extensible attributes. In other words, extensible attributes you specify when you create a rule.
  • A rule with a subnet source matches if the subnet contains the client IP address.
  • A rule with a geography source label matches if the client IP address and geography source label match corresponding information in the MaxMind location database.

Note the following information about rules and rulesets:

  • When you upload a new MaxMind location database or restore a backup, the appliance does not automatically remove rules that contain invalid labels. Instead, it marks the rules with labels that do not exist in the database as invalid. The appliance ignores these rules during the querying process, and you cannot save the configuration if it is modified, but you can use the existing configuration.
  • The appliance checks specific combinations of labels when the rules use multiple conditions. For example, if you have a rule with the source types Country = Canada and City = Vancouver and you change the Country source type to Russia, the City source type is cleared and the selector resets to contain only known cities in Russia. This is applicable for both geography and extensible attribute rules.

The following is an example of valid source types:

Continent

Country

Subdivision

City

Any

Canada

Any

Vancouver

Any

Any

Any

Vancouver

North America

Any

Any

Vancouver

North America

USA

Washington

Vancouver

  • When rules have multiple source conditions, the client must match all conditions for the rule to execute.
  • A ruleset may have multiple subnet rules and the subnets may overlap. Similarly, a ruleset may have multiple geography rules and the matches may overlap. Similarly, a ruleset may have multiple extensible attribute rules and the matches may overlap. During the querying process, the rules in a topology ruleset are evaluated in order. For example, if you configure subnet rules where #1 is 10.10.0.0/16 and #2 is 10.0.0.0/8, both are considered valid in the appliance.

To define a ruleset, complete the following:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, and then click Manage Topology Rulesets in the Toolbar.
  2. In the Topology Manager window, click the Add icon.
  3. In the Ruleset wizard that appears, complete the following:
    • Name: Enter a name for the ruleset.
    • Destination Type: Select a destination type, Pool, or Server. Rulesets with the Pool destination type can only be used by LBDNs. Rulesets with the Server destination type can only be used by pools. You cannot change the destination type if the ruleset contains any rules.
    • Comment: Enter additional information about the ruleset.
    • Rules: You can define multiple extensible attribute rules, subnet rules, and geography rules in the ruleset. Click the arrow next to the Add icon and select either Extensible Attribute Rule, Subnet Rule, or Geography Rule.
      • When you select Extensible Attribute Rule, the Grid Manager displays the following:
        • Source Type: Define up to four extensible attributes to use as the source type for the EA topology ruleset. To define extensible attribute source types for the topology rules, see Configuring Grid DNS Traffic Control Properties.

          Note that "Any" matches any value. There must be at least one source type with a specific value (the value is not "Any").

          When a source type uses "does not equal" as the operator, it must be the lowest level source type (most specific). For example, with Continent/Country/Subdivision/City, City is the most specific source type.
        • Destination/Response:
          •  DTC Pool/Server: Click Select to select a destination. The appliance displays the DTC Pool Selector dialog box when you have selected the Pool destination type, and displays DTC Server Selector dialog box when you have selected the Server destination type. Click a specific pool or server to select it. Note that if there is only one pool or server, no dialog box is displayed when selecting the destination.
          • NOERROR/NODATA (Response): Select this option to provide a NOERROR/NODATA response for DTC queries.
          • NXDOMAIN (Response): Select this option to provide an NXDOMAIN response for DTC queries.

Click Add to add the source. The appliance displays the following information in the Rules table:

        • Source: The values of extensible attributes that you specified.
        • Destination: The destination that you selected.
        • Valid Source: After you save the ruleset, the value is set to Yes if the extensible attributes exist in the EA database.

          Note

          The source must be valid when creating a ruleset. It can become invalid when a new topology database no longer contains the source.

        • Order: Displays the order of the rule in the ruleset.
        • Return Type: The response type that is selected.
      • When you select Subnet Rule, the Grid Manager displays the following:
        • Source Subnet: Select a value from the drop-down list. You can either select equals or does not equal, and specify a subnet IP address or click Select and choose a network from the Network Selector dialog box.

          Note that "Any" matches any value. There must be at least one source subnet with a specific value (the value is not "Any").

          When a source subnet uses "does not equal" as the operator, it must be the lowest level source subnet (most specific).
        • Destination/Response:
          • DTC Pool/Server: Click Select to select a destination. The appliance displays the DTC Pool Selector dialog box when you have selected the Pool destination type and displays the DTC Server Selector dialog box when you have selected the Server destination type. Click a specific pool or server to select it. Note that if there is only one pool or server created, no dialog box is displayed when selecting the destination.
          • NOERROR/NODATA (Response): Select this option to provide a NOERROR/NODATA response for DTC queries.
          • NXDOMAIN (Response): Select this option to provide an NXDOMAIN response for DTC queries.

Click Add to add the source. The appliance displays the following information in the Rules table:

        • Source: The subnet address that you specified.
        • Destination: The destination that you selected.
        • Valid Source: For a subnet rule, the rule is always marked as valid after you save the ruleset.
        • Order: Displays the order of the rule in the ruleset.
        • Return Type: The response type that is selected.
      • When you select Geography Rule, Grid Manager displays the following:
        • Source Type: Select a source type.
        • Continent: Select a continent from the drop-down list. You can also enter the first few characters of the continent to match an item in the database.
        • Country: Select a country from the drop-down list. You can also enter the first few characters of the country to match an item in the database.
        • Subdivision: Select a subdivision from the drop-down list. You can also enter the first few characters of the subdivision to match an item in the database.
        • City: Select a city from the drop-down list. You can also enter the first few characters of the city to match an item in the database. The drop-down list has paging controls to page through the available values.
        • Destination/Response:
          • DTC Pool/Server: Click Select to select a destination. The appliance displays the DTC Pool Selector dialog box when you have selected the Pool destination type and the displays DTC Server Selector dialog box when you have selected the Server destination type. Click a specific pool or server to select it. Note that if there is only one pool or server created, no dialog box is displayed when selecting the destination.
          • NOERROR/NODATA (Response): Select this option to provide a NOERROR/NODATA response for DTC queries.
          • NXDOMAIN (Response): Select this option to provide an NXDOMAIN response for DTC queries.

Click Add to add the source. The appliance displays the following information in the Rules table:

        • Source: The subnet address that you specified.
        • Destination: The destination that you selected.
        • Valid Source: After you save the ruleset, the value is set to Yes if the labels exist in the MaxMind location database.
        • Order: Displays the order of the rule in the ruleset.
        • Return Type: The response type that is selected.
      • Default destination if none of the above rules match (optional): Click Select to select the default destination if none of the above rules match. The appliance displays the DTC Pool Selector dialog box when you have selected the Pool destination type and displays the DTC Server Selector dialog box when you have selected the Server destination type. Click a specific pool or server to select it. You can click Clear to remove the selected pool or server. Note that you can select a default destination even if there are no rules defined in the Rules table.

4. If necessary, modify the order of rules in the table. You can do so by editing the value in the Order column or by using the arrows on the left-hand side of the table.

       5. Click Next.

       6. Define the extensible attributes. For information, see Using Extensible Attributes.

       7. Click Next to schedule a change. In the Schedule Change panel, click Now to immediately execute this task. Or click Later to schedule this task, and then specify a date, time, and time zone.

       8. Click Save & Close.

Note

After making changes to the extensible attributes, you may need to rebuild the topology EA database. For more information, see Rebuilding EA Database.

Viewing Topology Rulesets

To view topology rulesets, navigate to the Data Management tab -> DNS tab -> Traffic Control tab, and then click Manage Topology Rulesets in the Toolbar. The Topology Manager lists the configured rulesets, their destination types, sites, and comments.

You can perform the following:

  • Add new rulesets. To add a new ruleset, click the Add icon. For more information, see Defining Topology Rulesets.
  • To edit a ruleset, click the check box next to the ruleset name, and then click the Edit icon. You can modify the following in the Ruleset editor:
    • In the General Basic tab, you can perform the following:
      • Add new rules to the ruleset. Click the arrow next to the Add icon and select either Extensible Attribute Rule, Subnet Rule, or Geography Rule. For more information, see Defining Topology Rulesets.
      • Modify rules in the ruleset. To edit an existing rule, select the check box of the required rule in the Rules table, and then click the Edit icon. When you are finished editing, click Save above the Rules table. For more information, see Defining Topology Rulesets.
      • Delete existing rules from the ruleset. Select the check box of the required rule in the Rules table, and then click the Delete icon.

        Note

        You can modify the destination type only if there are no rules in the ruleset.

    • In the Extensible Attributes tab, you can add new or edit existing extensible attributes. For information, see Using Extensible Attributes.
  • Delete a ruleset or schedule the deletion for a later time.
    • To delete a ruleset, select the check box next to its name and click the arrow next to the Delete icon. To delete the object immediately, select Delete.
    • To schedule the deletion, click Schedule Delete. For more information, see Scheduling Deletions.
  • Export topology rulesets. To export the entire list of rulesets in a format that can be imported, click the Export icon and choose Export data in Infoblox CSV Import format. To export all data that is currently visible in the Topology Manager, click the Export icon and choose Export visible data.
  • Print the data that is currently visible in the Topology Manager. Click the Print icon to print.

Importing a Topology Database

The DNS Traffic Control license includes a MaxMind location database that is deployed when you enable the DNS Traffic Control. Note that only a single MaxMind location database can be present on the Grid at a time. The MaxMind location database contains various geographic locations that can be used when you define a geography rule. NIOS supports both paid GeoIP2 and free GeoLite2 MaxMind location databases. The GeoLite2 MaxMind Country database is shipped with the NIOS appliance. The MaxMind location database is static over the lifetime of the querying process until you import a new database and restart services.

When you import a new MaxMind location database, the appliance replaces the existing database. You can import MaxMind location databases that are in MMDB or CSV format. To view the current version of the database, click Current Version.

You can import a ready-to-use MaxMind location database or create your own ZIP file containing multiple CSV files. To import a MaxMind location database or to view the current version of the database, complete the following:

  1. From the Data Management tab, select the DNS tab, and then select the Traffic Control tab.
  2. Click the arrow next to the Topology Database, and then select Import GeoIP Database from the drop-down list.
  3. In the Import Topology Database wizard, complete the following:
    • File: Click Select and navigate to the MaxMind location database.
    • Upload: Click Upload to import the MaxMind location database.
  4. In the Toolbar, click the arrow next to Topology Database, and select Current Version from the drop-down list to view the details of the imported MaxMind location databases. In the Geography section, the Grid Manager displays the database type, build date, build version, and the date and time when the database was deployed to the Grid Master.

    Note

    The latest database version may not be deployed on all DTC members. To view the current deployed versions, select Data Management -> DNS -> Members.

To create a custom database in a ZIP file, complete the following:

  1. Create a directory with CSV files and name them using the following pattern:

{Product}-{Content}-{Blocks-or-Locations}-{version-or-localization}.csv.

Only the three CSV files matching these patterns are suitable for the import:

{Product}-{Content}-Blocks-IPv4.csv

{Product}-{Content}-Blocks-IPv6.csv

{Product}-{Content}-Locations-en.csv

For example:

GeoLite2-City-Blocks-IPv4.csv

GeoLite2-City-Blocks-IPv6.csv

GeoLite2-City-Locations-ru.csv

or

GeoIP2-Country-Blocks-IPv4.csv

GeoIP2-Country-Blocks-IPv6.csv

GeoIP2-Country-Locations-en.csv

where

“GeoLite2” and “GeoIP2” correspond to {Product}

“City” and “Country” correspond to {Content}

“IPv4” and “IPv6” correspond to {version}

“ru” and “en” correspond to {localization}

Note

The Locations file and at least one of the Blocks files must exist or the import fails. Also, all of these files must have identical {Product}-{Content} pairs or the import fails. You can use a ready-to-use MaxMind location database as an example.

      2. You can add multiple CSV files for different localizations to your ZIP file. Use the following naming pattern:

{Product}-{Content}-Locations-{localization}.csv.

For example:

GeoLite2-City-Locations-ru.csv

GeoIP2-City-Locations-de.csv

GeoIP2-Country-Locations-en.csv

3. Add the directory with the CSV files to a ZIP file. The name of the ZIP file you upload and the name of the directory in the ZIP file are not significant. The ZIP file should contain only one directory and no subdirectories. Any files in the ZIP file with an extension different from .csv are ignored.

4. Import the ZIP file to Grid Manager as described above.

Note

The Country database does not support 'subdivision' labels and importing it invalidates all existing rules that use 'subdivision' labels.

Rebuilding EA Database

Unlike the GeoIP database, the EA database is not imported externally but configured within the system. After making changes to extensible attributes, Grid Manager offers you to rebuild the DNS Traffic Control Topology Database. You can use the banner that appears at the top of the screen and then click Rebuild to rebuild the database immediately. Or, you can click Ignore to rebuild the database later in the Traffic Control tab. Clicking Ignore applies to all changes that require a rebuild of the EA database. The EA database rebuild is ignored for the duration of the user session.

To rebuild the EA database, complete the following:

  1. From the Data Management tab, select the DNS tab, and then select the Traffic Control tab.
  2. In the Toolbar, click the arrow next to the Topology Database and select Rebuild EA Database -> Rebuild or Schedule Rebuild.
  3. In the Rebuild EA Database dialog box, select Yes to rebuild the database or No to discard the rebuild. To schedule the rebuild task, in the Rebuild EA Database Schedule dialog box, specify a date, time, and time zone.

To view the current version of the EA database, click Topology Database -> Current Version in the Toolbar. Grid Manager displays the database build date and its last rebuild status in the Extensible Attributes section.

Note

The latest database version may not be deployed on all DTC members. To view the current deployed versions, select Data Management -> DNS -> Members.




This page has no comments.