GTM Design Question

Question

Hi,&nbsp;&nbsp;I'd like some feedback on my GTM design if possible, as I'm not sure this is the best way to handle it.  Some background:&nbsp;&nbsp;&nbsp;2 datacenters, 1 pair of LTM's in each, 1 GTM in each.&nbsp;&nbsp;&nbsp;The goal is to make "DC1" the active datacenter, and "DC2" the secondary datacenter used only in the event that resources at "DC1" are unavailable... an active/standby scenario if you will.&nbsp;&nbsp;&nbsp;The application needs to be accessed via GTM both internally (via an internal IP) and externally (via an external IP that is NAT'd to the internal IP).  Therefore, GTM needs to hand out an external IP to external clients, and an internal IP to internal clients.&nbsp;&nbsp;&nbsp;I have defined pools and VIPs on each local LTM pair at each datacenter.  No problem. The tricky part is making GTM hand out public or private IP's.  Not sure I handled this the easiest way.  So far, I have:&nbsp;&nbsp;&nbsp;* In addition to the private IP virtual servers that were automatically discovered from the LTM's (WWW_INT), I created a new VS on each GTM device - "WWW_EXT."  For this VS, I used the public IP, and put its NAT'd private IP as the "Translation" IP on the VS.  This causes the GTM to monitor the resource via it's internal/translated IP.&nbsp;&nbsp;&nbsp;* I then created two pools - "WWW_INT_POOL," and "WWW_EXT_POOL."  For WWW_INT_POOL, I added both DC1 and DC2's internal VIP's to this pool.  I then used Global Availability to always prefer one DC over another - again no problem.  Clients are handed out the proper internal IP based on availability.&nbsp;&nbsp;&nbsp;For "WWW_EXT_POOL," I added the new public IP VS's that were defined on the GTM, and again used global availability to prefer DC1 over DC2.&nbsp;&nbsp;&nbsp;* Finally, I created a Wide IP for the application which contains uses both the WWW_INT_POOL and WWW_EXT_POOL.  I use Topology at this point to direct users coming from 172.26.0.0/12 (thus internal users) to WWW_INT_POOL and users coming from other hosts (public ones) to WWW_EXT_POOL.&nbsp;&nbsp;&nbsp;It seems to work - but is it the easiest/most efficient way to handle this?  I know there must be others who are having to use GTM for both internal and external NAT'd clients.  &nbsp;&nbsp;&nbsp;I apologize for the long post, but any advice that you can give would be greatly appreciated.&nbsp;
&nbsp;Thanks!&nbsp;

chris_campbell1 · Answer

That is exactly how I would do it.

josh_41258 · Answer

Thanks for the feedback.

tomasz_93254 · Answer

I believe when both pools go down, GTM will fallback to zonezunner and will return all the A records with the mixture of ppublic and private IP addresses, This will confuse end hosts. Anybody knows how to solve this problem? Has somebody written iRule that will always reply with public addresses to external clients, and with private IP addresses to internal clients?

sly_85819 · Answer

I solved the problem of not falling back to zonerunner is to have a NULL POOL at the bottom of all wide-ip's. Basically NULL POOL is a dummy pool with no members and action to drop the traffic.

cholito_15468 · Answer

Check information views for the zone runner. 
&nbsp;  
&nbsp; you can have a view for internal users  
&nbsp; and one for external users

Forum Discussion

GTM Design Question

5 Replies

Recent Discussions

Sugar Defender:Order from sugar.defender.com

Fitspresso: The Perfect Morning Coffee to Jumpstart Your Weight Loss

Tetra Bliss CBD Gummies Reviews and Where to buy

Blue Steel Gummies:Order from blue.Steel.gummies.com

Kerassentials: Order now from - kerassentials.colibrip.com

Related Content

DNS/iQuery Question - Design Consideration

F5 GTM link list question

Mitigating OWASP Web Application Risk: Insecure Design using F5 XC platform

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

Decision box design using js