Forum Discussion
CirrusGTM Design For External DNS Queries
CirrusHello,
what about the A record ip address of the Ns gtm1 is it the ip address of the listener configured on the GTM or is it the self ip address of the GTM?
Also i have another question when doing the same delegation from the external DNS (Internet side) the delegation configuration will be as you stated the following:-
ns1.gtm.example.com A X.X.X.X wip.example.com NS ns1.gtm.example.com
Here the X.X.X.X Ip address will be the piblic ip address of the GTM to be natted on the firewall or what?regardless if its the listener or the self ip of the GTM.
Hope you can help me
Thank you..
Greetings,
I hope terrible ascii topology is helpful:
Internet
Firewall <------+
| 11.22.33.44
| |
LTM |
192.168.10.44 |
GTM
Using the topology, the server object for LTM would be created as follows:
gtm server testing {
addresses {
11.22.33.44 {
device-name /Common/testing
translation 192.168.10.44
}
}
GTM will connect through the firewall to the LTM. It will use the firewall IP (address) for DNS queries, while understanding that the real IP address (translation) is 192.168.10.44.
The added benefit here is that GTM is going to probe the same path as customer will, so if there's a firewall issue, GTM will detect and act accordingly (depending on configuration).
Virtual servers would follow the same IP address scheme. One Important, you can't auto-discover unfortunately. From K14707:
Important: The BIG-IP DNS system does not auto discover virtual severs on the BIG-IP LTM devices that reside behind a firewall NAT. You must manually add the BIG-IP LTM virtual servers to the BIG-IP DNS configuration.
my_vip_one {
destination 11.22.33.45:http
enabled
monitor none
translation-address 192.168.10.45
translation-port any
}
This article will give all of the necessary background to understand more if you are curious:
https://support.f5.com/csp/article/K14707
Thanks!
Kevin
