Forum Discussion
NimbostratusDesign Stage
I'm currently starting to develop a solution that will allow two data centres to provide one web service to multiple clients using the Big-IP GTM to provide improved redundancy.
The design has become a little complicated by the fact that I must provide one leased line into each data centre, as well as redundant internet connections to each site, that connects the data centres directly to one client for improved connectivity speeds.
The client's traffic for DNS requests and the web service will be routed down the leased line and will return back up the leased line. The Gig-IP GTM must provide requests from all other clients over the redundant internet connection and this one client via the leased line.
Is this achievable with just the Big-IP GTM?
Can I monitor the leased lines and if they fail and the connection drops ensure all traffic for the one client is directed to the site with the working leased line?
I'm only after a rough idea so I can target my research.
Thanks,
Dc.
- Chris_Miller
Altostratus
I assume the clients coming in via the leased line have a specific IP space? If so, you can very easily leverage iRules for that.
http://devcentral.f5.com/wiki/default.aspx/iRules/DNS_REQUEST.html
Also, you could create pools for the redundant ISP connections and the Leased Line and depending on the number of "active members" ensure traffic uses the proper links. 
djfcc_23029Hi Chris,
Thanks for the reply, and sorry for the slow reply. Since my reply I've been reading the pdfs for the GTM I've started readying the "Big-IP Global Traffic Manager and Big-IP Link controller: Implementations" to get an idea how I want to setup the F5s but this is not going to well, currently trying to work out if I have an F5 at each site is it required that they are setup as a redundant pair?
The client will have a unique address range, the range is still to be decided but it might need to be nat'd if the address ranges clash.
Thanks,
Dc.- Chris_MillerPosted By djfcc on 01/14/2011 04:14 AM
Hi Chris,
Thanks for the reply, and sorry for the slow reply. Since my reply I've been reading the pdfs for the GTM I've started readying the "Big-IP Global Traffic Manager and Big-IP Link controller: Implementations" to get an idea how I want to setup the F5s but this is not going to well, currently trying to work out if I have an F5 at each site is it required that they are setup as a redundant pair?
The client will have a unique address range, the range is still to be decided but it might need to be nat'd if the address ranges clash.
Thanks,
Dc.
Definitely something you might want to work with a local F5 SE on. My understanding is that GTM is commonly deployed without redundant pairs since it leverages DNS which will retry namesevers on its own.Are you fronting the Webservers with LTM or some sort of other load balancer? As you brought up LinkController, is that something you're also looking at?
No biggie on the NATs, as long as those are at least unique. :-P
- djfcc_23029The solution has been designed with cost being a major limitation so I only have two F5 Big-IP GTM and I don't have the scope for buying any additional equipment such as the LTM or the LinkContoller. From what I've read so far having the LinkController would help to monitor the lease line?
The web servers use Windows clustering (urgh I know, not my implementation).
I'm glad you mentioned the DNS nameservers because this is exactly how I assumed the devices should work but then read about the network based failover and wondered if that implied that the GTM had to be setup as a redundant pair.
Do you need to use both of the default VLANs? I was thinking of dumping the GTM in the DMZ, pointing the web servers default gateway at the GTM and in bound traffic to be routed to the GTM.
Cheers,
Dc. - JRahm
Admin
GTM is for answering DNS queries, so I'm not entirely sure why the web server gateway would need to point to the GTM. You only need one vlan defined, but if you find benefit in having more, you can add them. Some people do this for using the bind daemon on the GTM for doing internal/external dns views. - JRahmAlso, if you're expecting the GTM to route data requests (not dns requests) to your servers, you have the wrong box. You need LTM for that.
- djfcc_23029Hi Jason,
Thanks for your reply.
Yes your quite right, I was thinking about the completely wrong thing. I got a little confused TGIF!
Dc.
- Chris_MillerThat's why I was curious whether you were talking Link Controller. Link Controller takes some parts from GTM and some parts from LTM. It's more for Link Resiliency than DC resiliency though but if you don't necessarily need the Data Centers to talk to each other, it might be perfect.
Any thoughts on that Jason? - djfcc_23029There will be a third line to allow the data centres to talk to each other through a PoP connection over a VPN. I had assumed that the GTM would need to talk to each other through synchronization groups if at either site one of the lease lines fail to customer x, or if the internet on that site fails for all other customers so they would know when to stop responding to DNS queries with the failed site?
Dc. - JRahmif all you need to do is distribute traffic, you can still achieve this with GTM if your IP allocation is (or can be) tied to each of the lines. Assuming client line has 10.10.10/24 addresses, you could use a GTM iRule to respond to (another assumption ... client has unique ldns servers) client separately:
when DNS_REQUEST { if { [IP::addr [IP::client_addr]]/24 eq "10.10.10.0"] } { set to client specific public IP access pool { client_line_servers } } else { pool leased_line_servers }
Been awhile since I've done anything with GTM iRules, so this may/may not work, but hopefully gives you some ideas on how to proceed.
