DNS iQuery

Question 1

What is big3d?

Answer 1

The big3d data collection agent runs on BIG-IP and Enterprise Manager systems and uses the iQuery protocol to collect performance information from remote F5 devices.

Question 2

What are 6 things that iQuery is used for?

Answer 2

1) Determining the health of objects in BIG-IP DNS configuration.
2) Exchanging information about BIG-IP DNS synchronization group state.
3) Providing a transport for synchronizing BIG-IP DNS configuration throughout the synchronization group.
4) Communicating LDNS path probing metrics.
5) Exchanging wide IP persistence information.
6) Gathering BIG-IP system configuration when using auto-discovery.

Question 3

What is iQuery?

Answer 3

iQuery is an XML protocol that BIG-IP systems use to communicate with each other. BIG-IP DNS uses iQuery for various tasks.
It uses TCP port 4353 to communicate with other BigIP devices.

Question 4

True or false: when adding a new BipIP DNS device to a group, you run the gtm_add script on the new device.

Answer 4

True

Question 5

What does the gtm_add command/script do?

Answer 5

Adds a BigIP DNS device to a synchronization group.
Installs remote GTM config locally. Only run this command on the new BigIP DNS device as it’s inheriting the config from the existing BigIP device. Running this from an existing BigIP device will wipe out it’s config.

Question 6

What does the bigip_add command/script do?

Answer 6

Enables iQuery communication between the BigIP DNS sync group and LTM.
1) It appends the local BigIP DNS’ SSL certificate to the remote BigIP (DNS or LTM) list of authorized certs.
2) The script then appends the remote BIG-IP system’s iQuery SSL certificate to the BIG-IP DNS system’s local list of authenticated iQuery SSL certificates.
Location of the the certs on the local device is:
/config/big3d/client.crt
Trusted server certs are located in:
/config/gtm/server.crt

Question 7

True or false: the bigip_add command/script is used to establish a synchronization group.

Answer 7

False. The gtm_add command does this.

Question 8

True or false: You can configure HA for BigIP DNS.

Answer 8

False, there’s no concept of HA in BigIP DNS.

Question 9

What is the default synchronization group name?

Answer 9

Default

Question 10

What are the three items that need to be configured before BigIP DNS is setup?

Answer 10

1) iQuery communications
- bigip_add
- gtm_add
- big3d_install
2) Datacenter
3) Server objects

Question 11

What is used to troubleshooting iQuery connectivity?

Answer 11

iqdump

Question 12

What port does iQuery use to communicate with other BigIP DNS devices?

Answer 12

TCP 4353

Question 13

What needs to be setup in order for iQuery to start communications over TCP 4353?

Answer 13

TCP SSH port 22

Question 14

Add tshoot example

Question 15

In what directory is the Trusted Client Certificates located on the LTM?

Answer 15

/config/big3d/client.crt

Question 16

In what directory is the Trusted Server Certificates located?

Answer 16

/config/gtm/server.crt

Question 17

If you’re renewing an LTM device certificate and need to upload the certificate to the BigIP DNS, in what directory would the certificate be in on the remote Big DNS device?

Answer 17

/config/gtm/server.crt

Question 18

If you’re renewing a BigIP DNS device certificate and need to upload the certificate to a remote BigIP DNS, in what directory would the certificate be in on the remote Big DNS device?

Answer 18

/config/gtm/server.crt

Question 19

A local BigIP DNS device runs the big3d_install command using iQuery TCP port 4353. But communcations fail. Does the local device attempt communication using a different port?

Answer 19

If iquery fails, it will automatically attempt to use scp over TCP SSH port 22 . It will also use the script use_ssh if specified in the command to push the big3d code to remote devices.

Question 20

What does the big3d_install script/command do?

Answer 20

1) Installs the latest big3d daemon on the remote system. If the remote system has the latest code, the install stops.
2) Copies the trusted device cert from the local device to the remote device.
3) Copies the trusted server cert from the local device to the remote device.

Question 21

Both the big3d_install and bigip_add scripts handle the trusted device certs and server certs. How do they differ in how they work with both certs?

Answer 21

1) The big3d_install script copies the device trusted cert locally to the remote devices in /config/big3d/client.crt.
It also copies the server certs from the remote devices to the local device in /config/gtm/server.crt.
2) The bigip_add script appends the local trusted device cert to the remote devices.
It also appends the remote devices’ server certs to the local device in /config/gtm/server.crt.

Question 22

What is the syntax to run the bigip_add command?

Answer 22

Logged in as root:
1) bigip_add <BigIP>
2) bigip_add<username@existing_DNS_or LTM_ip>
Logged in as non-root:
1) bigip_add -a <BigIP>
2) bigip_add -a <username@existing_DNS or LTM_ip></BigIP></BigIP>

Question 23

What is the syntax to run the gtm_add command?

Answer 23

Logged in as root:
1) gtm_add <BigIP>
2) gtm_add<username@existing_DNS_or LTM_ip>
Logged in as non-root:
1) gtm_add -a <BigIP>
2) gtm_add -a <username@existing_DNS or LTM_ip></BigIP></BigIP>