Forum Discussion

Cirrostratus

Sep 21, 2021

DNS/iQuery Question - Design Consideration

Hello devs! All the manuals and K articles I came across regarding iQuery/DNS only states that you must have a full-mesh between all the DNS/LTMs for the iQuery to properly work. I get that. ...

application delivery

BIG-IP DNS

JRahm
Sep 30, 2021
UPDATE to my incorrect original response:

big3d listens on port 4353 on all self IPs and the management IP, and from an internal doc that was pointed out to me by a fellow F5er:

"The gtmd on each GTM will attempt to establish an iQuery connection with all the servers listed in the /config/bigip_gtm.conf file that are of type BIG-IP. Furthermore, it will do this on all of the self IP addresses that are listed for each server. Those IP addresses will be the ones that the user has assigned."

That said, it's my preference to use single IPs, and that's seconded by my peer as well. If you don't manage all aspects well, you might end up with a situation where a route fails and so service is impaired, but monitors through private paths because of additional connectivity might make it appear to be just fine. As long as you manage that, you're fine, but more IPs, more paths == more complexity.

tdtlee

Nimbostratus

Mar 16, 2023

i have a question in regards to iquery mesh. For the LTM mesh with the GTM. For our deployments, we have a decicated interface for iQuery connectivity to the GTM via a routed network. My question is, should the iQuery interface/connection be on an out-of-band management network? or should it go thorugh a VLAN on the Data switch. our out-of band connections are usually quite reliable and we're concern about having a false negative if we have the iquery interface on a out-of-band management switch. We're thinking if there's an odd issue with the data switch, but the LTM health monitors are still ok, but the layer 7 is acting flaky, the GTM will continue directing traffic to the VIPs on the LTM, resulting in what I call a false negative. If the iQuery path went though the data switch and there's aprobelm with the data switch, we should see issues with not only the LTM health monitors but also with the iQuery mesh.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

DNS/iQuery Question - Design Consideration

Recent Discussions

NAT for specific IPs

Upgrading BIGIP 2000S to R2600

TS Declarations for DNS

how to view list os client support via cli

automatic learning logs/report ?

Related Content

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Considerations

Lightboard Lessons: F5 BIG-IP DNS (GTM) iQuery Protocol Overview

Implementing SSL Orchestrator - High Level Considerations

Implementing SSL Orchestrator - Certificate Considerations

Practical considerations for using Azure internal load balancer and BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS