Forum Discussion
GTM Design For External DNS Queries
- Oct 09, 2017
Hello,
what about the A record ip address of the Ns gtm1 is it the ip address of the listener configured on the GTM or is it the self ip address of the GTM?
Also i have another question when doing the same delegation from the external DNS (Internet side) the delegation configuration will be as you stated the following:-
ns1.gtm.example.com A X.X.X.X wip.example.com NS ns1.gtm.example.com
Here the X.X.X.X Ip address will be the piblic ip address of the GTM to be natted on the firewall or what?regardless if its the listener or the self ip of the GTM.
Hope you can help me
Thank you..
Hello,
what about the A record ip address of the Ns gtm1 is it the ip address of the listener configured on the GTM or is it the self ip address of the GTM?
Also i have another question when doing the same delegation from the external DNS (Internet side) the delegation configuration will be as you stated the following:-
ns1.gtm.example.com A X.X.X.X wip.example.com NS ns1.gtm.example.com
Here the X.X.X.X Ip address will be the piblic ip address of the GTM to be natted on the firewall or what?regardless if its the listener or the self ip of the GTM.
Hope you can help me
Thank you..
- Kevin_K_51432Oct 09, 2017Historic F5 Account
Greetings,
"Here the X.X.X.X Ip address will be the piblic ip address of the GTM to be natted on the firewall or what?"
Hope this is helpful!
- F5_324021Oct 09, 2017Cirrus
Hello Kevin,
Thats great,
So once the DNS request reaches the GTM and pick the VS that should hold the traffic request is the GTM going to reply with the public ip of the VS?if yes, and how it will know the public address if its configured as a private address on the LTM?
Thanks again.
- Kevin_K_51432Oct 09, 2017Historic F5 Account
Greetings,
I hope terrible ascii topology is helpful:
Internet Firewall <------+ | 11.22.33.44 | | LTM | 192.168.10.44 | GTM
Using the topology, the server object for LTM would be created as follows:
gtm server testing { addresses { 11.22.33.44 { device-name /Common/testing translation 192.168.10.44 } }
GTM will connect through the firewall to the LTM. It will use the firewall IP (address) for DNS queries, while understanding that the real IP address (translation) is 192.168.10.44.
The added benefit here is that GTM is going to probe the same path as customer will, so if there's a firewall issue, GTM will detect and act accordingly (depending on configuration).
Virtual servers would follow the same IP address scheme. One Important, you can't auto-discover unfortunately. From K14707:
Important: The BIG-IP DNS system does not auto discover virtual severs on the BIG-IP LTM devices that reside behind a firewall NAT. You must manually add the BIG-IP LTM virtual servers to the BIG-IP DNS configuration.
my_vip_one { destination 11.22.33.45:http enabled monitor none translation-address 192.168.10.45 translation-port any }
This article will give all of the necessary background to understand more if you are curious:
https://support.f5.com/csp/article/K14707
Thanks!
Kevin
- F5_324021Oct 10, 2017Cirrus
Hello kevin,
From my understanding, for the External DNS the Firewall will be the GTM and for the GTM the Firewall will be the External DNS, and the communication will be as any other NAT, the public IP will be map to the internal one, so every reply sent by the GTM will be translated by the Firewall and vice-versa.
But my question is that how the GTM will know the Public IP address of the VS hosted under LTM and configured as a private IP address?
Thank you..
- F5_324021Oct 10, 2017Cirrus
Hello Kevin,
So after reading the article you have included in your post i have found that the Public and Private IP addresses should be added to the GTM once adding a virtual server to it as the following:-
Address 65.61.115.223: will the VS Public IP address
Translation 10.0.0.111 will be the VS Private IP address.
Please correct if am wrong.
Thanks
- F5_324021Oct 12, 2017Cirrus
Hello Kevin,
Just want to know the GTM behavior once its behind a firewall and configured with private IPs with the LTM,
how it will respond with the Public ip address of the VS to the external DNS.
should i create an iRule for that?
Thank you..
- Kevin_K_51432Oct 12, 2017Historic F5 Account
Greetings,
Address 65.61.115.223: will the VS Public IP address <-(Wide-IP responds with this IP address to client query)
Translation 10.0.0.111 will be the VS Private IP address <-(GTM probes this IP for availability status)
Hope this is helpful!
- F5_324021Oct 12, 2017Cirrus
Hello Kevin,
My scenario here is different as i have the following network design:-
Internet---
So the GTM self IP is Natted on the Firewall so once the GTM receive a DNS request from the external DNS it should reply with the IP address of the virtual server, however this VS is configured as a Private IP address.
How will the GTM will know the Public IP address of the virtual server to respond with it to the external DNS.
Thanks.
- Kevin_K_51432Oct 12, 2017Historic F5 Account
Greetings,
If this configuration isn't possible:Internet | Firewall | | | |<------>GTM | |<------>LTM
You may have to leverage the Topology feature in a similar manner to:
K14421: Achieving split DNS behavior through BIG-IP DNS wide IPs
https://support.f5.com/csp/article/K14421
Certainly an iRule could do this, but I'm not well versed in that area unfortunately.
Hope this is somewhat helpful,
Kevin - F5_324021Oct 12, 2017Cirrus
Hello Kevin,
Thank you for your reply,
I read the article you have mentioned however they are talking about a different issue.
My scenario here is GTM is hosting the application with private IP addresses.
And i need the GTM to hold the external DNS queries,
Which means once an internet client requests to to visit , the external DNS delegating this domain to our GTM, which the delegation is pointing to the public IP address configured on the firewall and mapped to the private self ip address of the GTM.
so once the DNS request reaches the GTM it should pick a VS to handle the job for the client requesting the page.
My question here is about the DNS response of the GTM to the external DNS , How the GTM will know the Public IP address of this virtual server to tell the external DNS that this is the IP address so the client can use to view page.
Hope you can help me in that :)
Thanks again
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com