Configuring a DRP Server Agent
First Published: July 6, 1999
Last Updated: October 11, 2006
This module describes how to configure a Director Response Protocol (DRP) Agent and how to configure support for the boomerang metric on a DRP Server Agent.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Configuring a DRP Server Agent" section.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Restrictions for Configuring a DRP Server Agent
•Information About Configuring a DRP Server Agent
•How to Configure a DRP Server Agent
•Configuration Examples for Configuring a DRP Server Agent
•Additional References
•Feature Information for Configuring a DRP Server Agent
Restrictions for Configuring a DRP Server Agent
•When DistributedDirector is upgraded to include the boomerang function, DRP Server Agents must be made aware that boomerang is present.
Information About Configuring a DRP Server Agent
To configure a DRP Server Agent or to configure one with Boomerang support, you should understand the following concepts:
•Director Response Protocol
•DRP Server Agent
•Racing Message
•Boomerang Metric
•Benefits of a DRP Server Agent
Director Response Protocol
DRP is a simple User Datagram Protocol (UDP)-based application developed by Cisco Systems. DRP enables the Cisco DistributedDirector product to query routers (DRP Server Agents) in the field for Border Gateway Protocol (BGP) and Interior Gateway Protocol (IGP) routing table metrics between distributed servers and clients. DistributedDirector, separate standalone software, uses DRP to transparently redirect end-user service requests to the topologically closest responsive server. DRP enables DistributedDirector to provide dynamic, scalable, and "network intelligent" Internet traffic load distribution among multiple geographically dispersed servers.
DRP Server Agent
A DRP Server Agent is a border router or peer to a border router that supports the geographically distributed servers for which DistributedDirector service is desired. DistributedDirector makes decisions based on BGP and IGP information, meaning that all DRP Server Agents must have full access to BGP and IGP routing tables.
Racing Message
A racing message occurs when DistributedDirector receives a Domain Name System (DNS) query from a DNS client for a hostname that has the boomerang metric configured. DistributedDirector issues a DNS racing message to the different DRP Server Agents. In the message, DistributedDirector instructs each DRP Server Agent to respond directly to the client with the answer. The instruction, which is determined by the DistributedDirector configuration, also specifies whether the response should be sent at a specific time or after a certain delay.
Boomerang Metric
Boomerang is a DRP metric for DistributedDirector. When the boomerang metric is active, DistributedDirector instructs the DRP to send DNS responses directly to the querying client. The DNS response contains addresses of sites associated with a specific DRP Server Agent. All involved DRP Server Agents send their DNS responses at the same time. The packet of the DRP that is nearest to the client in terms of delay arrives first. The client may take the first answer and ignore subsequent ones, which is a standard behavior of all local DNS server implementations. Full boomerang support can be configured on a DRP Server Agent. The boomerang client is the DRP Server Agent.
The boomerang metric enables a boomerang client on the DRP Server Agent to communicate with boomerang-supported servers. The metric promotes interoperability among different content routers within Cisco. The boomerang client on the DRP Server Agent can communicate with any boomerang server, not only servers implemented on DistributedDirector.
When a boomerang DRP Server Agent receives a DNS racing message from boomerang servers, the DRP extracts the domain name specified in the DNS message. A DRP Server Agent with Boomerang support can be configured on this specified domain.
Benefits of a DRP Server Agent
DRP Server Agents provide the following benefits:
•Use of DistributedDirector service is facilitated.
•A means to select a site with the fastest response time is provided with Boomerang support.
•Congestion and link failures are dynamically recognized and avoided with Boomerang support.
How to Configure a DRP Server Agent
Perform these tasks to configure and maintain a DRP Server Agent.
•Enabling the DRP Server Agent
•Limiting the Source of DRP Queries
•Configuring Authentication of DRP Queries and Responses
•Monitoring and Maintaining a DRP Server Agent
•Adding a New Domain or Configuring an Existing Domain
•Configuring a Domain Name Alias
•Configuring the Server Address of a Domain
•Configuring an IP Time-to-Live Value
•Configuring a DNS TTL Value
•Verifying Boomerang Information on a DRP Server Agent
Enabling the DRP Server Agent
Perform this task to enable a DRP Server Agent (it is disabled by default).
SUMMARY STEPS
1. enable
2. configure terminal
3. ip drp server
4. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip drp server
Router(config)# ip drp server |
Enables a DRP Server Agent. |
Step 4 |
exit
Router(config)# exit |
Returns the CLI to privileged EXEC mode. |
Limiting the Source of DRP Queries
As a security measure, you can limit the source of valid DRP queries. When a standard IP access list is applied to an interface, the DRP Server Agent will respond only to DRP queries originating from an IP address in that list. If no access list is configured, the DRP Server Agent answers all queries.
When both an access group and a key chain (described in the next section) have been configured, both security mechanisms must allow access before a request is processed.
Perform this task to limit the source of valid DRP queries.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip drp access-group access-list-number
4. exit
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip drp access-group access-list-number
Router(config)# ip drp access-group 1 |
Controls the sources of valid DRP queries by applying a standard IP access list. In this instance, the access list is number 1. |
Step 4 |
exit
Router(config)# exit |
Returns the command-line interface (CLI) to privileged EXEC mode. |
DETAILED STEPS
Configuring Authentication of DRP Queries and Responses
Perform this task to define a key chain, identify the keys that belong to the key chain, and optionally specify the time period during which each key is valid.
Authentication Keys and Key Chains
Another available security measure is to configure the DRP Server Agent to authenticate DRP queries and responses.
When configuring key chains and keys, use the following guidelines:
•The name of the key chain configured for DRP authentication must match the name of the key chain configured.
•The key configured in the primary agent in the remote router must match the key configured in the DRP Server Agent for responses to be processed.
•You can configure multiple keys with lifetimes and the software will rotate through them.
•If authentication is enabled and multiple keys on the key chain are active based on the send-lifetime values, the software uses only the first key it encounters for authentication.
•Use the show key chain command to display key chain information.
Restrictions
•To configure lifetimes for DRP authentication, you must configure time services for your router.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip drp authentication key-chain name-of-chain
4. key chain name-of-chain
5. key key-id
6. key-string text
7. accept-lifetime start-time {infinite | end-time | duration seconds}
8. send-lifetime start-time {infinite | end-time | duration seconds}
9. exit
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip drp authentication key-chain name-of-chain
Router(config)# ip drp authentication key-chain mktg |
Identifies the key chain to be used for authenticating all DRP requests and responses. |
Step 4 |
key chain name-of-chain
Router(config)# key chain mktg |
Identifies the key chain named in Step 3 and places the CLI in key chain configuration mode. |
Step 5 |
key key-id
Router(config-keychain)# key 1 |
Identifies the key number 1. |
Step 6 |
key-string text
Router(config-keychain-key)# key-string internal |
Identifies the key string as internal. |
Step 7 |
accept-lifetime start-time {infinite | end-time | duration seconds}
Router(config-keychain-key)# accept-lifetime 15:00:00 Oct 12 2006 600 |
(Optional) Specifies the time period during which the key can be received. In this instance, the time period is 600 seconds. |
Step 8 |
send-lifetime start-time {infinite | end-time | duration seconds}
Router(config-keychain-key)# send-lifetime 14:30:00 Oct 12 2006 300 |
(Optional) Specifies the time period during which the key can be sent. In this instance, the time period is 300 seconds. |
Step 9 |
exit
Router(config)# exit |
Returns the CLI to privileged EXEC mode. |
DETAILED STEPS
Monitoring and Maintaining a DRP Server Agent
Perform this task to monitor and maintain a DRP Server Agent.
SUMMARY STEPS
1. enable
2. clear ip drp
3. show ip drp
4. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
clear ip drp
Router# clear ip drp |
Clears statistics being collected for DRP requests and responses. |
Step 3 |
show ip drp
Router# show ip drp |
Displays information about the DRP Server Agent. |
Step 4 |
exit
Router# exit |
Returns the CLI to user EXEC mode. |
Adding a New Domain or Configuring an Existing Domain
Perform this task to add a new domain to the DistributedDirector client or to configure an existing domain. This task is performed on the DRP Server Agent.
1. enable
2. configure terminal
3. ip drp domain domain-name
4. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip drp domain domain-name
Router(config)# ip drp domain www.boom1.com |
Specifies a domain to be added or configured and puts the CLI in boomerang configuration mode. The domain in this example is named www.boom1.com. |
Step 4 |
exit
Router(config-boomerang)# exit |
Returns the CLI to privileged EXEC mode. |
Configuring a Domain Name Alias
Perform this task to configure an alias name for a specified domain.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip drp domain domain-name
4. alias alias-name
5. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip drp domain domain-name
Router(config)# ip drp domain
www.boom1.com
|
Specifies a domain to be added or configured and puts the CLI in boomerang configuration mode. |
Step 4 |
alias alias-name
Router(config-boomerang)# alias
www.boom2.com
|
Configures an alias name for a specified domain. The alias name in this example is www.boom2.com. |
Step 5 |
exit
Router(config-boomerang)# exit |
Returns the CLI to privileged EXEC mode. |
Configuring the Server Address of a Domain
Perform this task to configure the server address for a specified boomerang domain.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip drp domain domain-name
4. server server-ip-address
5. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip drp domain domain-name
Router(config)# ip drp domain www.boom1.com |
Specifies a domain to be added or configured and puts the CLI in boomerang configuration mode. |
Step 4 |
server server-ip-address
Router(config-boomerang)# server
172.16.101.101
|
Configures an IP address for a specified domain. |
Step 5 |
exit
Router(config-boomerang)# exit |
Returns the CLI to privileged EXEC mode. |
Configuring an IP Time-to-Live Value
Perform this task to configure the IP time-to-live (TTL) value for packets sent from a boomerang client to a DNS client, in number of hops.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip drp domain domain-name
4. ttl ip hops
5. exit
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip drp domain domain-name
Router(config)# ip drp domain www.boom1.com |
Specifies a domain to be added or configured and puts the CLI in boomerang configuration mode. |
Step 4 |
ttl ip hops
Router(config-boomerang)# ttl ip 2
|
Configures the maximum number of hops between the boomerang client and the DNS client, after which the boomerang response packet fails. The number of hops in this example is 2. |
Step 5 |
exit
Router(config-boomerang)# exit |
Returns the CLI to privileged EXEC mode. |
DETAILED STEPS
Configuring a DNS TTL Value
Perform this task to configure the number of seconds that a DNS client will cache an answer received from a boomerang client.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip drp domain domain-name
4. ttl dns seconds
5. exit
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip drp domain domain-name
Router(config)# ip drp domain www.boom1.com |
Specifies a domain to be added or configured and puts the CLI in boomerang configuration mode. |
Step 4 |
ttl dns seconds
Router(config-boomerang)# ttl dns 10
|
Configures the number of seconds for which the DNS client can cache a boomerang reply from a boomerang client. The number of seconds in this example is 10. |
Step 5 |
exit
Router(config-boomerang)# exit |
Returns the CLI to privileged EXEC mode. |
DETAILED STEPS
Verifying Boomerang Information on a DRP Server Agent
Perform this task to verify that boomerang support was successfully configured on a DRP Server Agent.
Router# show ip drp boomerang
DNS packets with unknown domain 0
Content server 172.16.101.101 up
Dropped (no origin server) 0
Step 1 Enter the show ip drp command to display additional information such as the number of requests received from DistributedDirector, the total number of boomerang requests, and the number of boomerang responses made by a DRP Server Agent.
Director Responder Protocol Agent is enabled
0 successful route table lookups
0 successful measured lookups
0 DRP packet failures returned
0 Boomerang-raced DNS responses
Authentication is enabled, using "DD" key-chain
rttprobe source port is :53
rttprobe destination port is:53
Troubleshooting Tips
If the ip drp domain domain-name command is configured on the DRP Server Agent, but a corresponding server address is not specified for this domain name, the content-server field defaults to 0.0.0.0. The show ip drp boomerang command displays this information. In this case, the DRP Server Agent would be removed from the boomerang configuration. To include it again, enter boomerang configuration mode and specify a server address.
Router# configure terminal
Router(config)# ip drp domain www.boom1.com
Router(config-boomerang)# server 172.16.101.101
Configuration Examples for Configuring a DRP Server Agent
•Enabling a DRP Server Agent and Limiting Query Sources: Example
•Adding a New Domain or Configuring an Existing Domain: Example
•Configuring a Domain Name Alias: Example
•Configuring the Server Address of a Domain: Example
•Configuring an IP TTL Value: Example
•Configuring a DNS TTL Value: Example
Enabling a DRP Server Agent and Limiting Query Sources: Example
The following example shows how to enable the DRP Server Agent, limit the sources of DRP queries to those listed in access list 1, and configure authentication for DRP queries and responses. The access list permits queries from only the host at address 192.168.5.5.
access-list 1 permit 192.168.5.5
ip drp authentication key-chain mktg
Adding a New Domain or Configuring an Existing Domain: Example
In the following example, a domain named www.boom1.com is added on a boomerang client:
ip drp domain www.boom1.com
show running-configuration
ip drp domain www.boom1.com
Configuring a Domain Name Alias: Example
In the following example, the domain name alias configured for www.boom1.com is www.boom2.com:
ip drp domain www.boom1.com
show running-configuration
ip drp domain www.boom1.com
Configuring the Server Address of a Domain: Example
In the following example, the server address is configured for www.boom1.com. The server address for www.boom1.com is 172.16.101.101.
ip drp domain www.boom1.com
show running-configuration
ip drp domain www.boom1.com
content-server 172.16.101.101
Configuring an IP TTL Value: Example
In the following example, the number of hops that occur between the boomerang client and the DNS client before the boomerang response packet fails is 2:
ip drp domain www.boom1.com
show running-configuration
ip drp domain www.boom1.com
Configuring a DNS TTL Value: Example
In the following example, the number of seconds for which the DNS client can cache a boomerang reply from a boomerang client is 10:
ip drp domain www.boom1.com
show running-configuration
ip drp domain www.boom1.com
dns-ttl 10
Additional References
The following sections provide references related to the Configuring a DRP Server Agent module.
Related Documents
Technical Assistance
|
|
The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and technical documentation. Registered Cisco.com users can log in from this page to access even more content. |
http://www.cisco.com/techsupport |
Feature Information for Configuring a DRP Server Agent
Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 11.2(4)F or Cisco IOS Release 12.2(8)T or a later release appear in the table.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.