Forum Discussion
DNS/iQuery Question - Design Consideration
- Sep 30, 2021
UPDATE to my incorrect original response:
big3d listens on port 4353 on all self IPs and the management IP, and from an internal doc that was pointed out to me by a fellow F5er:
"The gtmd on each GTM will attempt to establish an iQuery connection with all the servers listed in the /config/bigip_gtm.conf file that are of type BIG-IP. Furthermore, it will do this on all of the self IP addresses that are listed for each server. Those IP addresses will be the ones that the user has assigned."
That said, it's my preference to use single IPs, and that's seconded by my peer as well. If you don't manage all aspects well, you might end up with a situation where a route fails and so service is impaired, but monitors through private paths because of additional connectivity might make it appear to be just fine. As long as you manage that, you're fine, but more IPs, more paths == more complexity.
i have a question in regards to iquery mesh. For the LTM mesh with the GTM. For our deployments, we have a decicated interface for iQuery connectivity to the GTM via a routed network. My question is, should the iQuery interface/connection be on an out-of-band management network? or should it go thorugh a VLAN on the Data switch. our out-of band connections are usually quite reliable and we're concern about having a false negative if we have the iquery interface on a out-of-band management switch. We're thinking if there's an odd issue with the data switch, but the LTM health monitors are still ok, but the layer 7 is acting flaky, the GTM will continue directing traffic to the VIPs on the LTM, resulting in what I call a false negative. If the iQuery path went though the data switch and there's aprobelm with the data switch, we should see issues with not only the LTM health monitors but also with the iQuery mesh.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com