For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eric_27158's avatar
Eric_27158
Icon for Nimbostratus rankNimbostratus
Nov 24, 2010

GTM and DNS caching for UDP connections

Hey all, thanks for reading....     I've run into a situation where an outage to a GTM pool node causes problems with client-side DNS caching. For example, I have two nodes in a GTM pool and th...
config
design
Eric_27158's avatar
Eric_27158
Icon for Nimbostratus rankNimbostratus
Nov 29, 2010
Thanks for the tip... but I think our use of the GTM is different enough that we cannot do this. More specifically, we are using the GTM to basically be an LTM that does DNS-based load-balancing. We don't really use the "global" portion of the load-balancer, just the DNS stuff. We do this for one reason only - our LTM was designed to always do SNAT, which in the case of syslog, is a problem since the original SrcIP is lost. RADIUS is an even bigger problem because a SrcIP + RADIUS key is required for authentication of the NAS. Either protocol, the same problem exists. So, we've put the GTM in place of the LTM for cases like these when we want to retain the original SrcIP of the session. So.... with that requirement, is there some kind of best practice for DNS TTLs or some non-SNAT workaround to avoid the issue all-together? Thanks again for your help, it's much appreciated