Network Computingwww.networkcomputing.com

F5 Networks 3/DNS
3/DNS from F5 Networks is an add-on distributed load-balancing solution that works with the company's Big/IP HA and Big/IP HA+ load-balancers.

In our tests, 3/DNS with its 3dnsmaint utility was slightly more efficient than RadWare's ConfigWare for configuration synchronization across the entire site. Although we spent much time at the command-line interface (CLI), we had almost no problem negotiating the standard BIND 8 configuration files. In the absence of a management WUI (Web user interface), F5 has moved to simplify the installation and maintenance of a large, distributed Web site. Convenient configuration-synchronization options and management features helped us quickly set up and maintain all three sites simultaneously.

With the optional SeeIT SNMP management software for Big/IP and 3/DNS, F5's distributed load-balancing solution is very mature and impressive. However, 3/DNS is a separate product and, at more than $27,000, may stretch your budget. And its size--4U--may claim more space than desired in the network operations center.

3/DNS, as its name suggests, is primarily a DNS-based solution. As with its Big/IP brethren, 3/DNS setup is a snap, with very intuitive and easy-to-read scripts accessible via a serial console or keyboard and monitor. After configuring the network and a quick reboot, we needed an SSH client to access the 3/DNS remotely. By default, SSH is the only option for remote access to the 3/DNS box. If you really wanted to, however, you could enable telnet. Once we logged in, we set up the encryption key for 3/DNS's proprietary iQuery protocol, which is used to communicate with Big/IP controllers and collect site information that is used to load-balance traffic among multiple sites.

3/DNS is also capable of encrypting iQuery traffic between the 3/DNS and each Big/IP controller for additional security. With our 3/DNS solution setup we took some extra time configuring the Big/IP's that comprise our sites. The 3/DNS box is completely separate from Big/IP, so it took longer to get the F5 solution up and running with distributed load-balancing and local load-balancing than with either the RadWare or Alteon WebSystems solutions. 3/DNS also supports normal hosts instead of Big/IP. When a host is used to service network traffic, the 3/DNS performs server-availability checks, such as pings and HTTP, just as a Big/IP unit would for its back-end servers.

Managing each 3/DNS unit was a breeze. Unfortunately, despite the wealth of statistical information found within the WUI, it does not provide any remote-management capabilities. To add a new, globally load-balanced host name, we had to use SSH to access the box and manually edit the db.global.nwc.com file and the 3/DNS configuration file, wideip.conf. The 3dnsmaint utility provided a single point of management for all site parameters and a quick way into the wideip.conf file. Even so, we were glad to hear that F5 has begun work on a WUI management interface to improve remote management. F5 also plans to develop a Web interface to the BIND configuration files using Name Surfer's Name Surfer interface.

3/DNS also distributes load across a global Web site by monitoring each server's QoS (Quality of Service) metrics. 3/DNS probes the servers and measures packet rate, Web-request completion rate, round-trip time and network topology information. Network administrators can configure each component's weight when operating in QoS mode and reply to DNS queries with the best server as calculated. Round-trip time is the shortest timed ICMP (Internet Control Message Protocol) packet from a Big/IP to the requester's local DNS. Unlike RadWare's network-proximity calculations, 3/DNS calculates proximity values only when a DNS query is made. Potential pitfalls await DNS servers that reside on a network other than the client's own, which may result in less than ideal performance from your site.

Compared with RadWare's setup, 3/DNS's configuration is just as flexible and easy to accomplish with the interfaces provided.

3/DNS, F5 Networks, (888) 88BIG-IP, (206) 505-0850; fax (206) 505-0801. www.f5.com