Forum Discussion

Roger_Murdock's avatar
Roger_Murdock
Icon for Nimbostratus rankNimbostratus
Jun 14, 2021

F5-LTM active directory and http/s

Looking to utilize LTM to handle traffic within a domain that wasn't configured following best practices. Currently, the active directory domain and the primary website share the same domain name. Cl...
active directory
ad
application delivery
LTM
  • AlexBCT's avatar
    AlexBCT
    Jun 15, 2021

    Hi Roger,

     

    That sounds like an interesting problem you've got there ;) Let me give it is a stab, but please shout if I've completely misunderstood your question.

     

    For the moment, I'm assuming you get the AD traffic over ports 389/636 or similar? (i.e. AD specific ports?) And anyone who resolves the DNS name "ourdomainname.com" always ends up with the same IP, irrespective of the service they are interested in?

     

    If so, you can set up multiple virtual servers on the same IP address, but with different port numbers.

    • VS1: 1.1.1.1:389 - pool: AD-pool
    • VS1: 1.1.1.1:636 - pool: AD-pool (alternatively, create a port list to reduce the number of virtual servers required)
    • VS1: 1.1.1.1:80 - pool: Web-Servers
    • VS1: 1.1.1.1:443 - pool: Web-Servers (probably with SSL offload)

     

    As long as you don't have any with the same IP and same port, these virtual servers will work nicely together.

     

    Hope this helps.

AlexBCT's avatar
AlexBCT
Icon for Cumulonimbus rankCumulonimbus
Jun 15, 2021

Hi Roger,

 

That sounds like an interesting problem you've got there ;) Let me give it is a stab, but please shout if I've completely misunderstood your question.

 

For the moment, I'm assuming you get the AD traffic over ports 389/636 or similar? (i.e. AD specific ports?) And anyone who resolves the DNS name "ourdomainname.com" always ends up with the same IP, irrespective of the service they are interested in?

 

If so, you can set up multiple virtual servers on the same IP address, but with different port numbers.

  • VS1: 1.1.1.1:389 - pool: AD-pool
  • VS1: 1.1.1.1:636 - pool: AD-pool (alternatively, create a port list to reduce the number of virtual servers required)
  • VS1: 1.1.1.1:80 - pool: Web-Servers
  • VS1: 1.1.1.1:443 - pool: Web-Servers (probably with SSL offload)

 

As long as you don't have any with the same IP and same port, these virtual servers will work nicely together.

 

Hope this helps.