For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

2funky_105078's avatar
2funky_105078
Icon for Cirrus rankCirrus
Apr 16, 2014

GTM iRule to set different TTL for each RR

Hi,

 

In our GTMs, I have the requirement to set manually the TTL timeout for a wide-IP,let's call it www.example.com (it is within our enterprise not in the internet), based on RTT and static methods:

 

  1. First run the RTT method (and set TTL 60sec on the DNS answer)
  2. If not working or not already evaluated, use the first DC as DNS answer static (with TTL 30sec)
  3. And finally if the first DC is dead, try with randomly the other 2 DCs (with TTL 20sec)

I realized that this cannot be done but with a GTM iRule, using something like this:

 

https://devcentral.f5.com/wiki/iRules.DNS__ttl.ashx

 

As i never wrote GTM iRuls, would you be able to give me some starting hint how to write this?

 

GIulio.

 

application delivery
BIG-IP DNS
big-ip gtm
design
devops
dns
iRules

4 Replies

  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Apr 16, 2014

    it sounds like the logic is to be implemented by GTM itself (pools and load balancing methods on the wideip and pool), not the iRule. Then the iRule would inspect the decided answer and modify its TTL based on which DC the answer is for... you probably could not tell from an iRule what LB method was used, but you could just set the default TTL to 60 seconds.

     

  • 2funky_105078's avatar
    2funky_105078
    Icon for Cirrus rankCirrus
    Apr 17, 2014

    Hi, ok thanks for the answer.

    But what is the iRule function to be used for specifying the results coming from the RTT.

    Can somebody help me to write something like that?

    when DNS_response {

    if {the result from RTT method is there}

      ttl = 60
  else
  {
  answer with DC_first
  ttl == 30
  }
  if (all DCs not available)
  {
  return DC_random
  ttl = 20
  }

    }

  • 2funky_105078's avatar
    2funky_105078
    Icon for Cirrus rankCirrus
    Apr 17, 2014

    This is the example i found in the wiki. But it doesnt cover the situation of DNS::answer == "use the RTT method" function.

        when DNS_RESPONSE {
    set rrs [DNS::answer]
    foreach rr $rrs {
        DNS::ttl $rr 60
    }
}
    • Mohamed_Lrhazi's avatar
      Mohamed_Lrhazi
      Icon for Altocumulus rankAltocumulus
      Apr 17, 2014
      You need to inspect the DNS answer records, and make decisions about the TTL to set, based on the IP addresses in those DNS answers, right? In the sample iRule you post, you see how you can access the list of RRs in the answer, and how to loop tru them, right? you get one RR in a variable named $rr, then you can dissect that record like so: [DNS::name $rr] [DNS::ttl $rr] [DNS::class $rr] [DNS::type $rr] [DNS::rdata $rr] I guess the record type needs to be "A", then the rdata would be a list of IP addresses? I would right the iRule to just log all those fields and learn how to parse it out from there....