The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This module describes how to configure a Director Response Protocol (DRP) Agent and how to configure support for the boomerang metric on a DRP Server Agent.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Configuring a DRP Server Agent" section.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
•Restrictions for Configuring a DRP Server Agent
•Information About Configuring a DRP Server Agent
•How to Configure a DRP Server Agent
•Configuration Examples for Configuring a DRP Server Agent
•Feature Information for Configuring a DRP Server Agent
•When DistributedDirector is upgraded to include the boomerang function, DRP Server Agents must be made aware that boomerang is present.
To configure a DRP Server Agent or to configure one with Boomerang support, you should understand the following concepts:
•Benefits of a DRP Server Agent
DRP is a simple User Datagram Protocol (UDP)-based application developed by Cisco Systems. DRP enables the Cisco DistributedDirector product to query routers (DRP Server Agents) in the field for Border Gateway Protocol (BGP) and Interior Gateway Protocol (IGP) routing table metrics between distributed servers and clients. DistributedDirector, separate standalone software, uses DRP to transparently redirect end-user service requests to the topologically closest responsive server. DRP enables DistributedDirector to provide dynamic, scalable, and "network intelligent" Internet traffic load distribution among multiple geographically dispersed servers.
A DRP Server Agent is a border router or peer to a border router that supports the geographically distributed servers for which DistributedDirector service is desired. DistributedDirector makes decisions based on BGP and IGP information, meaning that all DRP Server Agents must have full access to BGP and IGP routing tables.
A racing message occurs when DistributedDirector receives a Domain Name System (DNS) query from a DNS client for a hostname that has the boomerang metric configured. DistributedDirector issues a DNS racing message to the different DRP Server Agents. In the message, DistributedDirector instructs each DRP Server Agent to respond directly to the client with the answer. The instruction, which is determined by the DistributedDirector configuration, also specifies whether the response should be sent at a specific time or after a certain delay.
Boomerang is a DRP metric for DistributedDirector. When the boomerang metric is active, DistributedDirector instructs the DRP to send DNS responses directly to the querying client. The DNS response contains addresses of sites associated with a specific DRP Server Agent. All involved DRP Server Agents send their DNS responses at the same time. The packet of the DRP that is nearest to the client in terms of delay arrives first. The client may take the first answer and ignore subsequent ones, which is a standard behavior of all local DNS server implementations. Full boomerang support can be configured on a DRP Server Agent. The boomerang client is the DRP Server Agent.
The boomerang metric enables a boomerang client on the DRP Server Agent to communicate with boomerang-supported servers. The metric promotes interoperability among different content routers within Cisco. The boomerang client on the DRP Server Agent can communicate with any boomerang server, not only servers implemented on DistributedDirector.
When a boomerang DRP Server Agent receives a DNS racing message from boomerang servers, the DRP extracts the domain name specified in the DNS message. A DRP Server Agent with Boomerang support can be configured on this specified domain.
DRP Server Agents provide the following benefits:
•Use of DistributedDirector service is facilitated.
•A means to select a site with the fastest response time is provided with Boomerang support.
•Congestion and link failures are dynamically recognized and avoided with Boomerang support.
Perform these tasks to configure and maintain a DRP Server Agent.
•Enabling the DRP Server Agent
•Limiting the Source of DRP Queries
•Configuring Authentication of DRP Queries and Responses
•Monitoring and Maintaining a DRP Server Agent
•Adding a New Domain or Configuring an Existing Domain
•Configuring a Domain Name Alias
•Configuring the Server Address of a Domain
•Configuring an IP Time-to-Live Value
•Verifying Boomerang Information on a DRP Server Agent
Perform this task to enable a DRP Server Agent (it is disabled by default).
1. enable
2. configure terminal
3. ip drp server
4. exit
As a security measure, you can limit the source of valid DRP queries. When a standard IP access list is applied to an interface, the DRP Server Agent will respond only to DRP queries originating from an IP address in that list. If no access list is configured, the DRP Server Agent answers all queries.
When both an access group and a key chain (described in the next section) have been configured, both security mechanisms must allow access before a request is processed.
Perform this task to limit the source of valid DRP queries.
1. enable
2. configure terminal
3. ip drp access-group access-list-number
4. exit
Perform this task to define a key chain, identify the keys that belong to the key chain, and optionally specify the time period during which each key is valid.
Another available security measure is to configure the DRP Server Agent to authenticate DRP queries and responses.
When configuring key chains and keys, use the following guidelines:
•The name of the key chain configured for DRP authentication must match the name of the key chain configured.
•The key configured in the primary agent in the remote router must match the key configured in the DRP Server Agent for responses to be processed.
•You can configure multiple keys with lifetimes and the software will rotate through them.
•If authentication is enabled and multiple keys on the key chain are active based on the send-lifetime values, the software uses only the first key it encounters for authentication.
•Use the show key chain command to display key chain information.
•To configure lifetimes for DRP authentication, you must configure time services for your router.
1. enable
2. configure terminal
3. ip drp authentication key-chain name-of-chain
4. key chain name-of-chain
5. key key-id
6. key-string text
7. accept-lifetime start-time {infinite | end-time | duration seconds}
8. send-lifetime start-time {infinite | end-time | duration seconds}
9. exit
Perform this task to monitor and maintain a DRP Server Agent.
1. enable
2. clear ip drp
3. show ip drp
4. exit
Perform this task to add a new domain to the DistributedDirector client or to configure an existing domain. This task is performed on the DRP Server Agent.
1. enable
2. configure terminal
3. ip drp domain domain-name
4. exit
Perform this task to configure an alias name for a specified domain.
1. enable
2. configure terminal
3. ip drp domain domain-name
4. alias alias-name
5. exit
Perform this task to configure the server address for a specified boomerang domain.
1. enable
2. configure terminal
3. ip drp domain domain-name
4. server server-ip-address
5. exit
Perform this task to configure the IP time-to-live (TTL) value for packets sent from a boomerang client to a DNS client, in number of hops.
1. enable
2. configure terminal
3. ip drp domain domain-name
4. ttl ip hops
5. exit
Perform this task to configure the number of seconds that a DNS client will cache an answer received from a boomerang client.
1. enable
2. configure terminal
3. ip drp domain domain-name
4. ttl dns seconds
5. exit
Perform this task to verify that boomerang support was successfully configured on a DRP Server Agent.
Router# show ip drp boomerang
DNS packets with unknown domain 0
Domain www.boom1.com
Content server 172.16.101.101 up
Origin server 0.0.0.0
DNS A record requests 0
Dropped (server down) 0
Dropped (no origin server) 0
Security failures 0
Alias www.boom2.com
DNS A record requests 0
Step 1 Enter the show ip drp command to display additional information such as the number of requests received from DistributedDirector, the total number of boomerang requests, and the number of boomerang responses made by a DRP Server Agent.
Router# show ip drp
Director Responder Protocol Agent is enabled
3 director requests:
0 successful route table lookups
0 successful measured lookups
0 no route in table
0 nortt
0 DRP packet failures returned
3 successful echos
6 Boomerang requests
0 Boomerang-raced DNS responses
Authentication is enabled, using "DD" key-chain
rttprobe source port is :53
rttprobe destination port is:53
If the ip drp domain domain-name command is configured on the DRP Server Agent, but a corresponding server address is not specified for this domain name, the content-server field defaults to 0.0.0.0. The show ip drp boomerang command displays this information. In this case, the DRP Server Agent would be removed from the boomerang configuration. To include it again, enter boomerang configuration mode and specify a server address.
Router> enable
Router# configure terminal
Router(config)# ip drp domain www.boom1.com
Router(config-boomerang)# server 172.16.101.101
•Enabling a DRP Server Agent and Limiting Query Sources: Example
•Adding a New Domain or Configuring an Existing Domain: Example
•Configuring a Domain Name Alias: Example
•Configuring the Server Address of a Domain: Example
•Configuring an IP TTL Value: Example
•Configuring a DNS TTL Value: Example
The following example shows how to enable the DRP Server Agent, limit the sources of DRP queries to those listed in access list 1, and configure authentication for DRP queries and responses. The access list permits queries from only the host at address 192.168.5.5.
ip drp server
access-list 1 permit 192.168.5.5
ip drp access-group 1
ip drp authentication key-chain mktg
key chain mktg
key 1
key-string internal
In the following example, a domain named www.boom1.com is added on a boomerang client:
ip drp domain www.boom1.com
show running-configuration
.
.
ip drp domain www.boom1.com
In the following example, the domain name alias configured for www.boom1.com is www.boom2.com:
ip drp domain www.boom1.com
alias www.boom2.com
show running-configuration
.
.
ip drp domain www.boom1.com
alias www.boom2.com
In the following example, the server address is configured for www.boom1.com. The server address for www.boom1.com is 172.16.101.101.
ip drp domain www.boom1.com
server 172.16.101.101
show running-configuration
.
.
ip drp domain www.boom1.com
content-server 172.16.101.101
In the following example, the number of hops that occur between the boomerang client and the DNS client before the boomerang response packet fails is 2:
ip drp domain www.boom1.com
ttl ip 2
show running-configuration
.
.
ip drp domain www.boom1.com
ip-ttl 2
In the following example, the number of seconds for which the DNS client can cache a boomerang reply from a boomerang client is 10:
ip drp domain www.boom1.com
ttl dns 10
show running-configuration
.
.
ip drp domain www.boom1.com
dns-ttl 10
The following sections provide references related to the Configuring a DRP Server Agent module.
|
|
---|---|
DRP Server Agent related commands |
Cisco IOS Network Management Command Reference, Release 12.4 |
Configuring DistributedDirector |
The "DistributedDirector Configuration" chapter of the Cisco IOS Network Management Configuration Guide, Release 12.4 Cisco DistributedDirector 4700-M Installation and Configuration Guide |
DistributedDirector Boomerang Support |
The "DistributedDirector Boomerang Support" chapter of the Cisco IOS Network Management Configuration Guide, Release 12.4 |
Network Time Protocol and setting time services |
The "Performing Basic System Management" chapter of the Cisco IOS Network Management Configuration Guide, Release 12.4 |
Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 11.2(4)F or Cisco IOS Release 12.2(8)T or a later release appear in the table.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
|
|
|
---|---|---|
DRP Agent—Boomerang Support |
12.2(8)T |
Boomerang is a DRP metric for DistributedDirector. When the boomerang metric is active, DistributedDirector instructs the DRP to send DNS responses directly to the querying client. The DNS response contains the addresses of sites associated with a specific DRP Server Agent. The following sections provide information about this feature: •Benefits of a DRP Server Agent •How to Configure a DRP Server Agent •Adding a New Domain or Configuring an Existing Domain •Configuring a Domain Name Alias •Configuring the Server Address of a Domain •Configuring an IP Time-to-Live Value |
DRP Server Agent |
11.2(4)F |
A DRP Server Agent is a border router or peer to a border router that supports the geographically distributed servers for which DistributedDirector service is desired. The following sections provide information about this feature: •Enabling the DRP Server Agent •Limiting the Source of DRP Queries •Configuring Authentication of DRP Queries and Responses |