Breadcrumbs

Configuring Extensible Attribute-Based Topology Ruleset (2569)


This lab requires a NIOS 9.0 Lab Environment

This lab guide has been developed using the new NIOS 9.0 Lab Environment. Please ensure that you deploy a NIOS 9.0 lab environment to complete these lab tasks. If you use a different lab environment, this is untested, and the lab likely will not work.

Scenario

Your organization is implementing DNS Traffic Control (DTC) to direct user traffic based on organizational metadata. Instead of relying on source IP alone, DNS queries should be answered using Extensible Attributes (EA) such as region, country, and building.

In general, traffic from LATAM and NAM should be directed to Pool A, while APJ and EMEA should be directed to Pool B. However, specific exceptions apply—for example, queries from the Netherlands, United Kingdom, and the Berlin branch should be directed to Pool A.

In this lab, you will configure DTC to map these attributes to the appropriate server pools, enabling more granular, policy-based traffic distribution.

Estimate Completion Time

  • 30 minutes

Credentials

Description

Username

Password

URL or IP

Grid Manager UI

admin

infoblox

https://10.100.0.100/

Requirements

  • Administrative access to the Grid

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

image-20231130-134540.png

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Launch Lab
Launch Lab

Choose the lab number from the list and click OK.

image-20231122-140156.png

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

image-20231122-140739.png

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Screenshot 2024-05-06 at 3.16.57 PM.png


Tasks

Task 1: Add Extensible Attributes for Traffic Control

Add the Extensible Attributes Region, Country, and Building as source types at the Grid level for Traffic Control.

Task 2: Configure an Extensible Attribute-Based Topology Ruleset

Create a topology ruleset named EA Rule with the following mappings based on specific Extensible Attribute values.

Table 2569-1

Region

Country

Building

DTC Pool/Server

LATAM

ANY

ANY

Pool A

NAM

ANY

ANY

Pool A

ANY

Netherlands

ANY

Pool A

ANY

United Kingdom

ANY

Pool A

ANY

ANY

Berlin Branch

Pool A

APJ

ANY

ANY

Pool B

EMEA

ANY

ANY

Pool B

Note: The order of rules is critical, as the first matching rule determines the response. Rules can be reordered as needed to achieve the desired behavior.

Task 3: Set Up the Load-Balanced Domain Name (LBDN)

Configure a Load-Balanced Domain Name (LBDN) for the pattern kyle.dtctechblue.net that uses the EA Rule topology ruleset created in Task 2.

Task 4: Test the Extensible Attribute-Based Topology Ruleset

Use the Test LBDN tool to verify that the LBDN for kyle.dtctechblue.net is functioning as expected.

For each test, use the following common details:

  • Query Name: kyle.dtc.techblue.net

  • Member: ibns1.techblue.net

  • Record Type: A

Use the Query Source address from Table 2569-2 below. For each IP address, initiate the test and observe whether the traffic is directed to the expected pool destination.

Table 2569-2

Query Source

Comment

172.31.195.5

Argentina

172.31.65.6

NAM

172.31.48.8

Netherlands

172.31.49.9

UK

172.31.7.10

Berlin Branch

172.31.137.6

South Korea

172.31.21.4

Poland


Solutions

Task 1 Solution: Add Extensible Attributes for Traffic Control

To enable the necessary Extensible Attributes at the Grid level, follow these steps:

  1. Navigate to Data Management → DNS.

  2. From the toolbar panel on the right, click Grid DNS Properties.

  3. In the Grid DNS Properties dialog window, select Traffic Control from the left panel.

  4. Add the following three (3) extensible attributes:

    • Region

    • Country

    • Building

      Screenshot_2024-11-12_14-16-12-20241112-145400.png

  5. Click Save & Close

  6. Click the Rebuild button in the yellow banner at the top of the Grid Manager UI to rebuild the Extensible Attribute database.

    Screenshot_2024-11-12_14-17-21-20241112-145555.png

Task 2 Solution: Configure an Extensible Attribute-Based Topology Ruleset

Proceed with these steps to set up the EA-based topology ruleset:

  1. Navigate to Data Management → DNS → Traffic Control.

  2. From the toolbar panel on the right, click Manage Topology Ruleset

  3. Click Add (+) to create a new ruleset.

  4. In the Ruleset Wizard, Enter the following details:

    • Name: EA Rule

    • Destination Type: Pool

    • Comment: EA-based ruleset

  5. In the Rules section,

    1. click the Add (+) dropdown menu and select Extensible Attribute Rule.

    2. In the Add Extensible Attribute Rule window Set Region equals LATAM

    3. Set Country as Any

    4. Set Building as Any

    5. For Destination/Response, select DTC Pool/Server and choose Pool A.

    6. Click Add to save this rule.

  6. Repeat these steps to add additional EA rules as specified in Table 2569-1.

  7. After adding all the rules, set the Default destination if none of the above rules match option to Pool A.

    Screenshot_2024-11-12_14-28-09-20241112-145714.png

  8. Click Save & Close to save the ruleset configuration.

  9. Click Close on the Topology Manager window.

Task 3 Solution: Set Up the Load-Balanced Domain Name (LBDN)

To set up an LBDN using the EA Rule topology ruleset, follow these steps:

  1. Navigate to Data Management → DNS → Traffic Control.

  2. Click the Add dropdown menu and select LBDN to open the DTC LBDN Wizard.

  3. In Step 1 of the wizard, enter the following details:

    • Display Name: EA Test

    • Patterns: Click + to add a new pattern, then enter kyle.dtc.techblue.net.

    • Load Balancing Method: Topology Ruleset

    • Topology Ruleset: EA Rule (created in the previous task)

      Screenshot_2024-11-12_14-30-04-20241112-145815.png

  4. Click Next to proceed.

  5. In Step 2, verify that the following record types are selected:

    • A

    • CNAME

    • AAAA

  6. Click Add (+) and select the Associated Zone dtc.techblue.net, then click Next.

  7. In Step 3, click Add (+) to add Pool A and Pool B.

  8. Click Save & Close to complete the LBDN setup.

  9. When prompted, select Restart Services to apply the changes.


Task 4 Solution: Test the Extensible Attribute-Based Topology Ruleset

To test the EA-based topology ruleset applied to the LBDN, follow these steps:

  1. Navigate to Data Management → DNS → Traffic Control.

  2. Select the LBDN EA Test.

  3. From the Toolbar, click Test LBDN to open the Test DTC LBDN (Web) tool.

  4. Enter the following test details:

    • Query Name: kyle.dtc.techblue.net

    • Member: ibns1.techblue.net

    • Record Type: A

  5. For each Query Source, choose from Table 2569-2, enter the IP address and click Start to initiate the test. Observe the result and verify that it matches the expected response from the concerned pool. This is simulating clients connecting from different parts of the world and what answers they will receive.

    Screenshot_2024-11-12_14-33-31-20241112-145937.png

  6. Review the results for each query. Confirm that traffic is directed to the correct pool based on the topology rules configured in Task 2.

Table 2569-3

Query Source

Expected Pool Destination

172.31.195.5

Pool A (10.100.0.210 or 10.100.0.220)

172.31.65.6

Pool A (10.100.0.210 or 10.100.0.220)

172.31.48.8

Pool A (10.100.0.210 or 10.100.0.220)

172.31.49.9

Pool A (10.100.0.210 or 10.100.0.220)

172.31.7.10

Pool A (10.100.0.210 or 10.100.0.220)

172.31.137.6

Pool B (10.200.0.210 or 10.200.0.220)

172.31.21.4

Pool A (10.100.0.210 or 10.100.0.220)