For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mui_64918's avatar
Mui_64918
Icon for Cirrus rankCirrus
Feb 20, 2014

Dynamic Pool Members with DNS resolution

Has anyone tried to route traffic to a pool member using DNS name instead of IP address? Either resolve the name then check the IP/Node if its active and then send traffic. If we were to talk to other business when they have their own GSLB then just adding the URL to route traffic after L7 actions will work. Any thoughts?

 

application delivery
devops
iRules
LTM

6 Replies

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Feb 20, 2014

    The LTM will attempt to resolve the FQDN to an IP address, and then create the pool member with that IP address. If the IP address can change, then you won't get the desired failover like you intend because it won't do the lookup every time a connection comes in. It'll only be resolved once upon creation of the pool member.

     

  • Mui_64918's avatar
    Mui_64918
    Icon for Cirrus rankCirrus
    Feb 20, 2014

    Can we use it in irule where we have the irule trigger a DNS lookup and check if the IP is enabled active in the pool and then pass traffic. Also if it resolves to new IP we can add that to the pool using irule?

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Feb 20, 2014

    I don't know if there's a way to do this. I would hope that if your business partner has a GSLB, they could provide you a VIP to point to rather than just one server IP address. That way, there would be fault tolerance on their end.

     

  • JPV_131616's avatar
    JPV_131616
    Icon for Cirrus rankCirrus
    Feb 21, 2014

    can you elaborate?

     

    you can always check hostname in HTTP header via ltm and route as required.

     

    thx

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 23, 2014

    as JPV mentioned, you can use RESOLV::lookup and node command.

    e.g.

     config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        myrule
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 14
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
    when HTTP_REQUEST {
  set host [HTTP::host]
  set dest [lindex [RESOLV::lookup @8.8.8.8 -a [HTTP::host]] 0]
  if { $dest ne "" } {
    node $dest
  } else {
    HTTP::respond 503
  }
}
when HTTP_RESPONSE {
  log local0. "client [IP::client_addr]:[TCP::client_port] server [IP::remote_addr]:[TCP::release] host $host"
}
}

 /var/log/ltm

[root@ve11a:Active:In Sync] config  tail -f /var/log/ltm
Feb 23 00:37:05 ve11a info tmm[4068]: Rule /Common/myrule : client 172.28.24.1:39112 server 206.190.36.45:0 host www.yahoo.com
Feb 23 00:37:13 ve11a info tmm1[4068]: Rule /Common/myrule : client 172.28.24.1:39113 server 74.125.200.99:0 host www.google.com
Feb 23 00:37:20 ve11a info tmm[4068]: Rule /Common/myrule : client 172.28.24.1:39114 server 64.4.11.42:0 host www.microsoft.com
  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Sep 03, 2014

    Hi - this works now I believe in 11.6;

     

    Populate pools This release includes the ability to configure a BIG-IP system with nodes and pool members that are identified with fully-qualified domain names (FQDNs). When configuring pool members with FQDN, addresses dynamically follow DNS changes. Fully dynamic DNS-managed pools may even be created.