Glocal persistency with cookie

This isn't the right forum, but since the thread has already been started...

 

 

GTM uses iQuery to communicate with other GTM devices, but iQuery is also used by GTM to get vip status (availability/traffic stats/etc) from LTM. GTM can use active monitors for non-F5 load balancers or hosts.

 

 

I just completed 4 months of GTM testing, so if you'd like to contact me offline please feel free. Since the documentation is a little sketchy on how to get all the pieces to work together, here is the process I use to build the foundation of a GTM environment:

 

 

 

Add all GTM/LTM systems (not the mgmt IP) in the GTM GUI

 

Global Traffic->Data Centers->Servers

 

 

Define sync group (change from the default) in the GTM GUI

 

System->General Properties->Global->General

 

 

Generate Certificates on all GTM/LTM

 

 

gencert -n $hostname.domain 1024

 

 

openssl req -new -key /config/ssl/ssl.key/$hostname.domain.key -x509 -out /config/ssl/ssl.crt/$hostname.domain.crt -days $days_til_desired_expiration

 

You are about to be asked to enter information that will be incorporated

 

into your certificate request.

 

What you are about to enter is what is called a Distinguished Name or a DN.

 

There are quite a few fields but you can leave some blank

 

For some fields there will be a default value,

 

If you enter '.', the field will be left blank.

 

-----

 

Country Name (2 letter code) [AU]:$COUNTRY

 

State or Province Name (full name) [Some-State]:$STATE

 

Locality Name (eg, city) []:$CITY

 

Organization Name (eg, company) [Internet Widgits Pty Ltd]:$ORG

 

Organizational Unit Name (eg, section) []:$UNIT

 

Common Name (eg, YOUR name) []:$hostname.domain

 

Email Address []:

 

 

cp /config/ssl/ssl.key/$hostname.domain.key /config/httpd/conf/ssl.key/server.key

 

cp: overwrite `/config/httpd/conf/ssl.key/server.key'? y

 

 

cp /config/ssl/ssl.crt/$hostname.domain.crt /config/httpd/conf/ssl.crt/server.crt

 

cp: overwrite `/config/httpd/conf/ssl.crt/server.crt'? y

 

 

cp /config/ssl/ssl.crt/$hostname.domain.crt /config/big3d/client.crt

 

cp: overwrite `/config/big3d/client.crt'? y

 

 

cp /config/ssl/ssl.crt/$hostname.domain.crt /config/gtm/server.crt

 

cp: overwrite `/config/gtm/server.crt'? y

 

 

EXCHANGE CERTIFICATES

 

Do not use the management IP.

 

 

bigip_add $hostname.domain from each GTM to each LTM/GTM in the design

 

big3d_install $hostname.domain from initial GTM to each LTM in the design

 

gtm_add $hostname.domain from each additional GTM to the initial GTM

 

 

VERIFY COMMUNICATION

 

 

Run iqdump from each GTM to all other GTM units and all LTM units to make sure iQuery communication is successful. Do not use the management IP.

 

 

iqdump $hostname.domain

 

 

Global communication is complete at this point. Now all further configuration can be confined to 1 GTM in the sync group (except system specific configuration of course)