A topology rule maps a client IP address to a DNS Traffic Control (DTC) pool or server. To use Topology as the load balancing method for a pool or an LBDN, you must define a topology ruleset containing at least one rule. The rulesets are configured globally. When the DNS Traffic Control returns a response, it evaluates the list of rules in the topology ruleset in order and uses the first match with an available destination. The method fails if there are no matches.

You can define the following topology rules in a ruleset:

• Extensible Attribute rule
• Subnet rule
• Geography rule

In the DTC Topology ruleset for Subnet rule, Geographical rule, and Extensible Attribute topology (EA) rules there are options to choose the NOERR/NODATA response or the NXDOMAIN response. It will also allow you to set the Destination as SERVER or POOL for the subnet from the IPAM object. The destination for a topology ruleset is either a server or a pool. An LBDN can use only topology rulesets with a pool as the destination. A pool can use only topology rulesets with a server as the destination. You can also use CSV import to import rules into NIOS.

To use DTC topology with extensible attribute rules, you must select the extensible attributes that support DTC balancing in the Grid DNS Properties editor. You can select up to four extensible attributes and the order in which you select them is required for filling the extensible attributes topology rule. For example, if a ruleset is to have three extensible attributes in the order A, B, and C, while creating the extensible attributes topology rule, you must select the value of A first, then B, and finally the value of C in the Grid DNS Properties editor. For more information, see Configuring Grid DNS Traffic Control Properties.

The extensible attributes topology rules work based on the IPAM configuration. The rules are supported only on IPv4 and IPv6 networks, and are not supported on network containers and hosts. For a correct DTC load balancing based on IPAM networks, you must assign extensible attributes that are selected for DTC and have valid values for IPv4/IPv6 Networks. You can also configure extensible attributes to be inherited from parent IPv4/IPv6 network containers. For more information, see Managing Extensible Attributes.

DTC topology rulesets with extensible attribute rules use a separate database instance — DTC EA database that should be up to date to ensure correct navigation for the incoming DTC queries. Each time you make changes to extensible attributes in the IPAM object, or manage a set of extensible attributes for DTC in Grid Manager, a notification prompting you to rebuild the DTC EA database is displayed. If you choose to ignore the prompt, then all changes to DTC balancing behavior that require a database rebuild will not take effect. For more information about rebuilding the EA database, see 26776255.

Limitations of Configuring Topology Rules and Rulesets

• Based on the destination type of the DTC Topology ruleset settings, you can set the NOERR/NODATA or the NXDOMAIN response for a new DTC Topology rule. However, you cannot choose the destination DTC Pool or the DTC Server.

• If the Destination Type is set as SERVER, then the topology rule set for DTC pool cannot have only NOERR and NXDOMAIN rules. This is because the NAMED does not process the queries in the IDNS if the incoming requests are matched to LBDN with no topology balance method. Also, the pools under this LBDN do not have active or existing servers. Hence a NOERR response is always received. To prevent this behavior, the grid must have at least one active server as the Rule Destination under any DTC pool in the LBDN to allow IDS processing for the current LBDN and Pool. The rule set must have at least one rule with the REGULAR Return Type.

• The Disable for DHCP checkbox must be not be selected to enable networks and to build the topology database. For more information about the checkbox, see Configuring IPv4 Networks.

• The topology ruleset must have a specific order for the following rules:

  1. REGULAR rules

  2. NOERR rules

  3. NXDOMAIN rules

The ruleset cannot have rules with a REGULAR return type after the NOERR or NXDOMAIN rules are set in order. You will receive a warning message when you try to save the topology ruleset in any other order. However, the GRID automatically sorts the rules in the correct order, once you accept the warning message.

Defining Topology Rulesets

A topology ruleset can contain multiple rules. The rules in a topology ruleset must use the same destination type. Multiple LBDNs or pools can reuse a topology ruleset.

Each server that you use as a destination in the topology must exist in every pool that is using the topology. When you select Topology as a load balancing method for a pool, you can select one of these rulesets for the topology rules. The ruleset can be a combination of extensible attribute, subnet, and/or geography rules.

Note the following about extensible attribute, subnet, and geography source matches:

• A rule with an extensible attribute source matches if a client query comes from the network that has the specified set of extensible attributes. In other words, extensible attributes you specify when you create a rule.
• A rule with a subnet source matches if the subnet contains the client IP address.
• A rule with a geography source label matches if the client IP address and geography source label match corresponding information in the MaxMind location database.

Note the following information about rules and rulesets:

• When you upload a new MaxMind location database or restore a backup, the appliance does not automatically remove rules that contain invalid labels. Instead, it marks the rules with labels that do not exist in the database as invalid. The appliance ignores these rules during the querying process, and you cannot save the configuration if it is modified, but you can use the existing configuration.
• The appliance checks specific combinations of labels when the rules use multiple conditions. For example, if you have a rule with the source types Country = Canada and City = Vancouver and you change the Country source type to Russia, the City source type is cleared and the selector resets to contain only known cities in Russia. This is applicable for both geography and extensible attribute rules.

The following is an example of valid source types:

• When rules have multiple source conditions, the client must match all conditions for the rule to execute.
• A ruleset may have multiple subnet rules and the subnets may overlap. Similarly, a ruleset may have multiple geography rules and the matches may overlap. Similarly, a ruleset may have multiple extensible attribute rules and the matches may overlap. During the querying process, the rules in a topology ruleset are evaluated in order. For example, if you configure subnet rules where #1 is 10.10.0.0/16 and #2 is 10.0.0.0/8, both are considered valid in the appliance.

To define a ruleset, complete the following:

1. From the Data Management tab, select the DNS tab -> Traffic Control tab, and then click Manage Topology Rulesets in the Toolbar.
2. In the Topology Manager window, click the Add icon.
3. In the Ruleset wizard that appears, complete the following:
   • Name: Enter a name for the ruleset.
   • Destination Type: Select a destination type, Pool, or Server. Rulesets with the Pool destination type can only be used by LBDNs. Rulesets with the Server destination type can only be used by pools. You cannot change the destination type if the ruleset contains any rules.
   • Comment: Enter additional information about the ruleset.
   • Rules: You can define multiple extensible attribute rules, subnet rules, and geography rules in the ruleset. Click the arrow next to the Add icon and select either Extensible Attribute Rule, Subnet Rule, or Geography Rule.
     • When you select Extensible Attribute Rule, the Grid Manager displays the following:
       • Source Type: Define up to four extensible attributes to use as the source type for the EA topology ruleset. The values for the IPAM object EAs are provided from the DNS Traffic Control EAs selected in the Grid DNS Properties editor. To define extensible attribute source types for the topology rules, see Configuring Grid DNS Traffic Control Properties. 
         
         Note that "Any" matches any value. There must be at least one source type with a specific value (the value is not "Any"). 
         
         When a source type uses "does not equal" as the operator, it must be the lowest level source type (most specific). For example, with Continent/Country/Subdivision/City, City is the most specific source type.
         
         
       • Destination/Response:
         •  DTC Pool/Server: Click Select to select a destination. The appliance displays the DTC Pool Selector dialog box when you have selected the Pool destination type, and displays DTC Server Selector dialog box when you have selected the Server destination type. Click a specific pool or server to select it. Note that if there is only one pool or server, no dialog box is displayed when selecting the destination.
         • NOERROR/NODATA (Response): Select this option to provide a NOERROR/NODATA response for DTC queries.
         • NXDOMAIN (Response): Select this option to provide an NXDOMAIN response for DTC queries.
           

Click Add to add the source. The appliance displays the following information in the Rules table:

• • • • Source: The values of extensible attributes that you specified.
      • Destination: The destination that you selected.

      • Valid Source: After you save the ruleset, the value is set to Yes if the extensible attributes exist in the EA database.

        Note

        The source must be valid when creating a ruleset. It can become invalid when a new topology database no longer contains the source.

• • • • Order: Displays the order of the rule in the ruleset.
      • Return Type: The response type that is selected.
    • When you select Subnet Rule, the Grid Manager displays the following:
      • Source Subnet: Select a value from the drop-down list. You can either select equals or does not equal, and specify a subnet IP address or click Select and choose a network from the Network Selector dialog box.
        
        Note that "Any" matches any value. There must be at least one source subnet with a specific value (the value is not "Any").
        
        When a source subnet uses "does not equal" as the operator, it must be the lowest level source subnet (most specific).
      • Destination/Response:
        • DTC Pool/Server: Click Select to select a destination. The appliance displays the DTC Pool Selector dialog box when you have selected the Pool destination type and displays the DTC Server Selector dialog box when you have selected the Server destination type. Click a specific pool or server to select it. Note that if there is only one pool or server created, no dialog box is displayed when selecting the destination.
        • NOERROR/NODATA (Response): Select this option to provide a NOERROR/NODATA response for DTC queries.
        • NXDOMAIN (Response): Select this option to provide an NXDOMAIN response for DTC queries.

Click Add to add the source. The appliance displays the following information in the Rules table:

• • • • Source: The subnet address that you specified.
      • Destination: The destination that you selected.
      • Valid Source: For a subnet rule, the rule is always marked as valid after you save the ruleset.
      • Order: Displays the order of the rule in the ruleset.
      • Return Type: The response type that is selected.

• • • When you select Geography Rule, Grid Manager displays the following:
      • Source Type: Select a source type.
      • Continent: Select a continent from the drop-down list. You can also enter the first few characters of the continent to match an item in the database.
      • Country: Select a country from the drop-down list. You can also enter the first few characters of the country to match an item in the database.
      • Subdivision: Select a subdivision from the drop-down list. You can also enter the first few characters of the subdivision to match an item in the database.
      • City: Select a city from the drop-down list. You can also enter the first few characters of the city to match an item in the database. The drop-down list has paging controls to page through the available values.
      • Destination/Response:
        • DTC Pool/Server: Click Select to select a destination. The appliance displays the DTC Pool Selector dialog box when you have selected the Pool destination type and the displays DTC Server Selector dialog box when you have selected the Server destination type. Click a specific pool or server to select it. Note that if there is only one pool or server created, no dialog box is displayed when selecting the destination.
        • NOERROR/NODATA (Response): Select this option to provide a NOERROR/NODATA response for DTC queries.
        • NXDOMAIN (Response): Select this option to provide an NXDOMAIN response for DTC queries.

Click Add to add the source. The appliance displays the following information in the Rules table:

• • • • Source: The subnet address that you specified.
      • Destination: The destination that you selected.
      • Valid Source: After you save the ruleset, the value is set to Yes if the labels exist in the MaxMind location database.
      • Order: Displays the order of the rule in the ruleset.
      • Return Type: The response type that is selected.
    • Default destination if none of the above rules match (optional): Click Select to select the default destination if none of the above rules match. The appliance displays the DTC Pool Selector dialog box when you have selected the Pool destination type and displays the DTC Server Selector dialog box when you have selected the Server destination type. Click a specific pool or server to select it. You can click Clear to remove the selected pool or server. Note that you can select a default destination even if there are no rules defined in the Rules table.

4. If necessary, modify the order of rules in the table. You can do so by editing the value in the Order column or by using the arrows on the left-hand side of the table.

       5. Click Next.

       6. Define the extensible attributes. For information, see Using Extensible Attributes.

       7. Click Next to schedule a change. In the Schedule Change panel, click Now to immediately execute this task. Or click Later to schedule this task, and then specify a date, time, and time zone.

       8. Click Save & Close.

Viewing Topology Rulesets

To view topology rulesets, navigate to the Data Management tab -> DNS tab -> Traffic Control tab, and then click Manage Topology Rulesets in the Toolbar. The Topology Manager lists the configured rulesets, their destination types, sites, and comments.

You can perform the following:

• Add new rulesets. To add a new ruleset, click the Add icon. For more information, see 26776255.
• To edit a ruleset, click the checkbox next to the ruleset name, and then click the Edit icon. You can modify the following in the Ruleset editor:
  • In the General Basic tab, you can perform the following:
    • Add new rules to the ruleset. Click the arrow next to the Add icon and select either Extensible Attribute Rule, Subnet Rule, or Geography Rule. For more information, see 26776255.
    • Modify rules in the ruleset. To edit an existing rule, select the checkbox of the required rule in the Rules table, and then click the Edit icon. When you are finished editing, click Save above the Rules table. For more information, see 26776255.

    • Delete existing rules from the ruleset. Select the checkbox of the required rule in the Rules table, and then click the Delete icon.

      Note

      You can modify the destination type only if there are no rules in the ruleset.

• • In the Extensible Attributes tab, you can add new or edit existing extensible attributes. For information, see Using Extensible Attributes.
• Delete a ruleset or schedule the deletion for a later time.
  • To delete a ruleset, select the checkbox next to its name and click the arrow next to the Delete icon. To delete the object immediately, select Delete.
  • To schedule the deletion, click Schedule Delete. For more information, see Scheduling Deletions.
• Export topology rulesets. To export the entire list of rulesets in a format that can be imported, click the Export icon and choose Export data in Infoblox CSV Import format. To export all data that is currently visible in the Topology Manager, click the Export icon and choose Export visible data.
• Print the data that is currently visible in the Topology Manager. Click the Print icon to print.

Importing a Topology Database

The DNS Traffic Control license includes a MaxMind location database that is deployed when you enable the DNS Traffic Control. Note that only a single MaxMind location database can be present on the Grid at a time. The MaxMind location database contains various geographic locations that can be used when you define a geography rule. NIOS supports both paid GeoIP2 and free GeoLite2 MaxMind location databases. The GeoLite2 MaxMind Country database is shipped with the NIOS appliance. The MaxMind location database is static over the lifetime of the querying process until you import a new database and restart services.

When you import a new MaxMind location database, the appliance replaces the existing database. You can import MaxMind location databases that are in MMDB or CSV format. To view the current version of the database, click Current Version.

You can import a ready-to-use MaxMind location database or create your own ZIP file containing multiple CSV files. To import a MaxMind location database or to view the current version of the database, complete the following:

1. From the Data Management tab, select the DNS tab, and then select the Traffic Control tab.
2. Click the arrow next to the Topology Database, and then select Import GeoIP Database from the drop-down list.
3. In the Import Topology Database wizard, complete the following:
   • File: Click Select and navigate to the MaxMind location database.
   • Upload: Click Upload to import the MaxMind location database.

4. In the Toolbar, click the arrow next to Topology Database, and select Current Version from the drop-down list to view the details of the imported MaxMind location databases. In the Geography section, the Grid Manager displays the database type, build date, build version, and the date and time when the database was deployed to the Grid Master.

   Note

   The latest database version may not be deployed on all DTC members. To view the current deployed versions, select Data Management -> DNS -> Members.

To create a custom database in a ZIP file, complete the following:

1. Create a directory with CSV files and name them using the following pattern:

{Product}-{Content}-{Blocks-or-Locations}-{version-or-localization}.csv.

Only the three CSV files matching these patterns are suitable for the import:

{Product}-{Content}-Blocks-IPv4.csv

{Product}-{Content}-Blocks-IPv6.csv

{Product}-{Content}-Locations-en.csv

For example:

GeoLite2-City-Blocks-IPv4.csv

GeoLite2-City-Blocks-IPv6.csv

GeoLite2-City-Locations-ru.csv

or

GeoIP2-Country-Blocks-IPv4.csv

GeoIP2-Country-Blocks-IPv6.csv

GeoIP2-Country-Locations-en.csv

where

“GeoLite2” and “GeoIP2” correspond to {Product}

“City” and “Country” correspond to {Content}

“IPv4” and “IPv6” correspond to {version}

“ru” and “en” correspond to {localization}

      2. You can add multiple CSV files for different localizations to your ZIP file. Use the following naming pattern:

{Product}-{Content}-Locations-{localization}.csv.

For example:

GeoLite2-City-Locations-ru.csv

GeoIP2-City-Locations-de.csv

GeoIP2-Country-Locations-en.csv

3. Add the directory with the CSV files to a ZIP file. The name of the ZIP file you upload and the name of the directory in the ZIP file are not significant. The ZIP file should contain only one directory and no subdirectories. Any files in the ZIP file with an extension different from .csv are ignored.

4. Import the ZIP file to Grid Manager as described above.

Rebuilding EA Database

Unlike the GeoIP database, the EA database is not imported externally but configured within the system. After making changes to extensible attributes, Grid Manager offers you to rebuild the DNS Traffic Control Topology Database. You can use the banner that appears at the top of the screen and then click Rebuild to rebuild the database immediately. Or, you can click Ignore to rebuild the database later in the Traffic Control tab. Clicking Ignore applies to all changes that require a rebuild of the EA database. The EA database rebuild is ignored for the duration of the user session.

To rebuild the EA database, complete the following:

1. From the Data Management tab, select the DNS tab, and then select the Traffic Control tab.
2. In the Toolbar, click the arrow next to the Topology Database and select Rebuild EA Database -> Rebuild or Schedule Rebuild.
3. In the Rebuild EA Database dialog box, select Yes to rebuild the database or No to discard the rebuild. To schedule the rebuild task, in the Rebuild EA Database Schedule dialog box, specify a date, time, and time zone.

To view the current version of the EA database, click Topology Database -> Current Version in the Toolbar. Grid Manager displays the database build date and its last rebuild status in the Extensible Attributes section.