GTM Design | LTM+ ASM+GTM on same VM

Dears,

I am planning to publish the same service through two sites by LTM and ASM. Each site has two F5 VMs (LTM and ASM).

The customer is required to make the two sites active-active, we recommend using GTM.

My questions:

1- Do we need GTM at each site or we can use one GTM and one of the two sites? and what is the best practice?

2- Are we can add LTM+ASM+GTM at the same VM or do we need to separate GTM?

3- How can I publish GTM? I need the full design.

4- If I need to publish GTM through two ISPs, Is i need two public IPs or one IP enough?

security

Amine_Kadimi
Feb 21, 2024
Hi,

My answers based on a few similar projects:

1- You can have one GTM, but it won't provide true NS redundancy. Best practice I've seen is to have at least two NS geographically separated, each NS pointing to a GTM cluster (2VMs per site to provide in-site F5 redundancy). Other advanced architecture have more NS but same number of F5s by adding secondary ISP link to the mentioned GTMs

2- In theory you can have the three modules in the same VM (I recommend 16GB of RAM) but in practice it's better to have GTM in a separated VM and separated subnet.

3- There's two parts: where to position GTM? and how to handle DNS requests? For the first I usually prefer to have DNS as close as possible to the WAN edge router. For the second, you usually delegate a subdomain, or if managing all your domain by GTM you can point the entire domain to your GTM listeners

4- Two IPs, one for each ISP

Sebastiansierra
MVP
Feb 19, 2024
Hi Ireda,

According to your questions:

1- Yes 1 GTM by site, "DNS is the current module name", this uses a big3d agent to communicate all events between sites, and it helps to monitor the service and answer the DNS query with the correct public IP for the available site, and additional you could use some mechanism to balance traffic based on location and other mechanisms.

2- Yes, you can provision GTM in the same machine for LTM+ASM, but you have to keep in mind the resources for the VM, probably you have to expand a couple of cores and 4 GB RAM.

https://my.f5.com/manage/s/article/K13114858

3- You have to delegate the domain to a subdomain published by the F5 GTM, and you have to create and define some configuration elements in the DNS module as Datacenter, listener, WideIP, pool, Monitor, Links, and others.

https://my.f5.com/manage/s/article/K277

4- for active balancing, you need a public IP in each site, when you delegate the domain, you have to create a wideIP pointing to both virtual servers in each site "DNS Pool", and based in the availability or any other rule the GTM answer with the public IP in the site A or B.
Amine_Kadimi
MVP
Feb 21, 2024
Hi,

My answers based on a few similar projects:

1- You can have one GTM, but it won't provide true NS redundancy. Best practice I've seen is to have at least two NS geographically separated, each NS pointing to a GTM cluster (2VMs per site to provide in-site F5 redundancy). Other advanced architecture have more NS but same number of F5s by adding secondary ISP link to the mentioned GTMs

2- In theory you can have the three modules in the same VM (I recommend 16GB of RAM) but in practice it's better to have GTM in a separated VM and separated subnet.

3- There's two parts: where to position GTM? and how to handle DNS requests? For the first I usually prefer to have DNS as close as possible to the WAN edge router. For the second, you usually delegate a subdomain, or if managing all your domain by GTM you can point the entire domain to your GTM listeners

4- Two IPs, one for each ISP
Amr_Ali
MVP
Feb 20, 2024
Adding to what Sebastiansierra wrote, you will need to add the two LTM ( LTM Site 1 and LTM Site 2) on the GTM as a Big-IP server, and this method makes the GTM take The status for all Virtual Servers from the LTM, and this you will need to create a virtual server on the GTM and add these Virtual servers to pool and thin attach this pool to wideIP with your preferred record,

you can have just one GTM on one site, and if you plan to get two GTMs one for each site you will need to make synch group between them
- Ireda
  Cirrostratus
  Feb 21, 2024
  Thanks, Amr
  how can I make a synch group between two GTMs in diffrent sites? provide me with a guide.
  - Amr_Ali
    MVP
    Feb 21, 2024
    Hello Ireda,
    
    please check this two link :
    
    https://techdocs.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-6-0/4.html
    
    https://f5-dns-automation-demo-12-1-x.readthedocs.io/en/latest/lab2/sync-group.html
    
    and you will just need reachability between two GTM,
Ireda
Cirrostratus
May 15, 2024
Thanks All