Forum Discussion

Doug_McNeill_24's avatar
Doug_McNeill_24
Icon for Nimbostratus rankNimbostratus
Jan 07, 2009

GTM: Creating a Wide IP that returns different answers to internal clients

I'm trying to set up a number of Wide IPs for an application that has a few trying requrements:

 

1) Internal users must access the application servers directly (They're each housed at remote facilities, and WAN bandwidth is a concern, given the graphics- and video-heavy nature of the application)

 

2) External users must access the application through a virtual server hosted at one of our two data centers

 

3) The external virtual servers must be able to fail over to backup virtual servers in the event of a network outage at the primary data center.

 

 

Further compounding this issue is that I have to set up a lot of these - so I'm looking for an elegant solution - something I can reuse without having to write new iRules/topology rules for each WideIP.

 

 

My initial thought here was to define each of my internal addresses as a server within a fake data center and set up topology rules that favor the fake data center over the real ones. I then set the pool's preferred LB method to topology, with Global Availability as the alternate. The downsides of this method are that I have to define servers (or virtual servers) for each application server (Which gets pretty ugly, given how many of these I have to set up, it's overkill in this case, and under the right set of conditions my internal addresses could potentially be served to external requesters.

 

 

My second thought was to set up an iRule that forces internal clients to "Return to DNS" (this zone being hosted via ZoneRunner/BIND on my GTMs), and then simply set up an A record for each internal app server. I like this idea - it's simple, doesn't require a great deal of extra work, and the rule is completely reusable. Further, I could make use of this type of rule to set up Internal-only WideIPs...just force external queries to Return to DNS, and leave the record out of my external view.

 

...the problem is that I can't figure out how to force a GTM pool to return to DNS from an iRule.

 

 

Has anyone out there done something similar? Do you have any suggestions for handling this sort of problem, or ideas for how to make my iRule idea work?
application delivery
dev
devops
iRules
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jan 15, 2009
    you could create two pools and define your internal addresses in one and your external addresses in the other, then use a GTM rule based on source address: 

     
 when DNS_REQUEST { 
   if { [IP::addr [IP::client_addr]/24 equals "10.10.10.0"] } { 
     pool internal_pool 
   } else { pool external_pool } 
 }

    If you have bind configured under GTMd, then a simple forward statement should work as well (assume the wip has a pool defined) 

     
 when DNS_REQUEST { 
   if { [IP::addr [IP::client_addr]/24 equals "10.10.10.0"] } { 
     forward 
   } 
 }

    It's been a while since I've written a GTM rule, so you might need to tune this, but it should help along the way.
  • wolfpack_98881's avatar
    wolfpack_98881
    Icon for Nimbostratus rankNimbostratus
    Jan 16, 2009
    The problem that you may have with your second solution (Return 2 DNS) is that internal users will have no true GTM load-balancing - meaning that no healthcheck or load info will be used and you could potentially have an issue later.

     

     

    You could CNAME internal users to 1 WideIP and external users to another - and then use topology and LB as you wish for each WideIP. You could potentially create a small number of internal topo records using logical datacenters, as you mentioned, and then reuse them.