GTM Design | LTM+ ASM+GTM on same VM

Question

Dears,I am planning to publish the same service through two sites by LTM and ASM. Each site has two F5 VMs (LTM and ASM).&nbsp;The customer is required to make the two sites active-active, we recommend using GTM.&nbsp;My questions:1- Do we need GTM at each site or we can use one GTM and one of the two sites? and what is the best practice?2- Are we can add LTM+ASM+GTM at the same VM or do we need to separate GTM?&nbsp;3- How can I publish GTM? I need the full design.4- If I need to publish GTM through two ISPs, Is i need two public IPs or one IP enough?&nbsp;&nbsp;

amine_kadimi · Accepted Answer

Hi,
My answers based on a few similar projects:
1- You can have one GTM, but it won't provide true NS redundancy. Best practice I've seen is to have at least two NS geographically separated, each NS pointing to a GTM cluster (2VMs per site to provide in-site F5 redundancy). Other advanced architecture have more NS but same number of F5s by adding secondary ISP link to the mentioned GTMs
2- In theory you can have the three modules in the same VM (I recommend 16GB of RAM) but in practice it's better to have GTM in a separated VM and separated subnet.
3- There's two parts: where to position GTM? and how to handle DNS requests? For the first I usually prefer to have DNS as close as possible to the WAN edge router. For the second, you usually delegate a subdomain, or if managing all your domain by GTM you can point the entire domain to your GTM listeners
4- Two IPs, one for each ISP

sebastiansierra · Answer

Hi Ireda,
According to your questions:
1- Yes 1 GTM by site, "DNS is the current module name", this uses a big3d agent to communicate all events between sites, and it helps to monitor the service and answer the DNS query with the correct public IP for the available site, and additional you could use some mechanism to balance traffic based on location and other mechanisms.
2- Yes, you can provision GTM in the same machine for LTM+ASM, but you have to keep in mind the resources for the VM, probably you have to expand a couple of cores and 4 GB RAM.
https://my.f5.com/manage/s/article/K13114858
3- You have to delegate the domain to a subdomain published by the F5 GTM, and you have to create and define some configuration elements in the DNS module as Datacenter, listener, WideIP, pool, Monitor, Links, and others.&nbsp;
https://my.f5.com/manage/s/article/K277
4- for active balancing, you need a public IP in each site, when you delegate the domain, you have to create a wideIP pointing to both virtual servers in each site "DNS Pool", and based in the availability or any other rule the GTM answer with the public IP in the site A or B.

amr_ali · Answer

Adding to what Sebastiansierra wrote, you will need to add the two LTM ( LTM Site 1 and LTM Site 2) on the GTM as a Big-IP server, and this method makes the GTM take The status for all Virtual Servers from the LTM, and this you will need to create a virtual server on the GTM and add these Virtual servers to&nbsp; pool and thin&nbsp; attach this pool to wideIP with your preferred record,&nbsp;
you can have just one GTM on one site, and if you plan to get two GTMs one for each site you will need to make synch group between them&nbsp;
&nbsp;
&nbsp;

amr_ali · Answer

Hello Ireda,
please check this two link :
https://techdocs.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-6-0/4.html
https://f5-dns-automation-demo-12-1-x.readthedocs.io/en/latest/lab2/sync-group.html
&nbsp;
and you will just need reachability between two GTM,
&nbsp;

ireda · Answer

Thanks Amr for quick support.please check attached, it is fine or we need to assign public IP to GTM for reachability with the GTM in other side.&nbsp;Let us prepare a steps:1- Make GTM as authortive dns&nbsp;&nbsp;2- I will publish GTM and ASM applications with the same public IP?&nbsp; -GTM VIP ----Public IP : 53 ------will be nat by FW VIP to GTM self IP.&nbsp; - ASM APP VIP----Public IP : 443----------will be nat by FW VIP to LTM/ASM self IP.&nbsp;3- Check reachability between two public IPs and apply sync group&nbsp;

ireda · Answer

Thanks, Amr&nbsp;how can I make a synch group between two GTMs in diffrent sites? provide me with a guide.&nbsp;

Forum Discussion

GTM Design | LTM+ ASM+GTM on same VM

8 Replies

Recent Discussions

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

APM parse HTTP Connector json to message box, iRule etc.

Cannot turn off strict updates

Nature's Leaf CBD Gummies Is Right For You See Here

Custom https health monitor

Related Content

DNS/iQuery Question - Design Consideration

GTM design question: GTM/LTM LTM/ASM multisite deployment iquery requirements

APM vs LTM

List LTM virtual server availability states

F5 LTM TCP traffic can't be meet this require