Forum Discussion

Ireda's avatar
Ireda
Icon for Cirrostratus rankCirrostratus
Feb 19, 2024

GTM Design | LTM+ ASM+GTM on same VM

Dears, I am planning to publish the same service through two sites by LTM and ASM. Each site has two F5 VMs (LTM and ASM).   The customer is required to make the two sites active-active, we recomm...
security
  • Amine_Kadimi's avatar
    Amine_Kadimi
    Feb 21, 2024

    Hi,

    My answers based on a few similar projects:

    1- You can have one GTM, but it won't provide true NS redundancy. Best practice I've seen is to have at least two NS geographically separated, each NS pointing to a GTM cluster (2VMs per site to provide in-site F5 redundancy). Other advanced architecture have more NS but same number of F5s by adding secondary ISP link to the mentioned GTMs

    2- In theory you can have the three modules in the same VM (I recommend 16GB of RAM) but in practice it's better to have GTM in a separated VM and separated subnet.

    3- There's two parts: where to position GTM? and how to handle DNS requests? For the first I usually prefer to have DNS as close as possible to the WAN edge router. For the second, you usually delegate a subdomain, or if managing all your domain by GTM you can point the entire domain to your GTM listeners

    4- Two IPs, one for each ISP

Sebastiansierra's avatar
Sebastiansierra
Icon for MVP rankMVP
Feb 19, 2024

Hi Ireda,

According to your questions:

1- Yes 1 GTM by site, "DNS is the current module name", this uses a big3d agent to communicate all events between sites, and it helps to monitor the service and answer the DNS query with the correct public IP for the available site, and additional you could use some mechanism to balance traffic based on location and other mechanisms.

2- Yes, you can provision GTM in the same machine for LTM+ASM, but you have to keep in mind the resources for the VM, probably you have to expand a couple of cores and 4 GB RAM.

https://my.f5.com/manage/s/article/K13114858

3- You have to delegate the domain to a subdomain published by the F5 GTM, and you have to create and define some configuration elements in the DNS module as Datacenter, listener, WideIP, pool, Monitor, Links, and others. 

https://my.f5.com/manage/s/article/K277

4- for active balancing, you need a public IP in each site, when you delegate the domain, you have to create a wideIP pointing to both virtual servers in each site "DNS Pool", and based in the availability or any other rule the GTM answer with the public IP in the site A or B.