Forum Discussion

nyumx_68500's avatar
nyumx_68500
Icon for Nimbostratus rankNimbostratus
Aug 18, 2010

GTM Load Balancing of pool of external DNS servers won't work

Hello,

 

 

I'm configuring my Global Traffic Manager to deal with a situation like this.

 

 

test.com is the top domain name.

 

www.test.com is address of the web server which is wide-ip, which should be load balanced with GTM.

 

besides that, there are so many standalone, single servers those I don't have to load balance.

 

Because it is no good to load balance single server.

 

such as a.www.test.com, b.www.test.com, c.www.test.com and so on.

 

 

I configured my GTM referring to the guide "Global Traffic Manager Implementations".

 

I used the scenario named "Load Balancing Non-Wide IP Traffic to a Pool of DNS Servers".

 

 

 

 

This is my explanatly environment.

 

A client is 192.168.0.11

 

B GTM is 172.16.0.11

 

C Authoritative DNS is 10.0.0.11

 

 

In this environment, I'm facing strange behavior like this.

 

In client A, do "$dig @172.16.0.11 a.www.test.com"

 

a.www.test.com is not the Wide IP and it should be forwarded.

 

 

A client sends a request to B GTM. (source and destination address in packet header is 192.168.0.11->172.16.0.11)

 

B GTM sends a request to C Authoritative DNS (packet header is 192.168.0.11->10.0.0.11)

 

* GTM sends the spoofed packet here.

 

C Authoritative DNS sends a answer to A client. (packet header is 10.0.0.11->192.168.0.11)

 

 

Finally client A got error like this,

 

;;reply from unexpected source: 10.0.0.1153, expected 172.16.0.1153

 

 

Is this the designed behavior of GTM ?

 

 

(tmos) list /gtm listener

 

gtm listener DNS_listener {

 

address 172.16.0.11

 

ip-protocol udp

 

pool DNS_pool

 

}

 

(tmos) list /ltm pool

 

ltm pool DNS_pool {

 

members {

 

10.0.0.11:domain {}

 

}

 

}

 

 

config
design
  • Haarith_Devaraj's avatar
    Haarith_Devaraj
    Icon for Nimbostratus rankNimbostratus
    Aug 19, 2010
    Shouldnt make a difference, but i am curios if you have the option for GTMD to set recursion.

     

    Should be under General properties -> Global traffic --> General.

     

     

    If you are testing with the unit, give that a shot.

     

     

     

  • nyumx_68500's avatar
    nyumx_68500
    Icon for Nimbostratus rankNimbostratus
    Aug 20, 2010
    Haarith,

    Thank you for your replying,

    But I resolved this problem finally.

    I found I had to add "snat automap" settings in ltm virtual "DNS_listener".

    With this settings, I can resolve desired results.

    Packet flow was like this.

    (without snat automap)

    [client]->[GTM]->[external DNS server]->[client]

    - response packet was dropped in FW&LB between [external DNS server] and [client]

    OR

    -[client] dropped response packet.

    (with snat automap)

    [client]->[GTM]->[external DNS server]->[GTM]->[client] 

    
(tmos) list /ltm virtual DNS_listener
ltm virtual DNS_listener {
    destination 172.16.0.11:domain
    ip-protocol udp
    mask 255.255.255.255
    pool DNS_pool
    profiles {
        dns { }
        udp_gtm_dns { }
    }
    snat automap
    translate-port disabled
}
  • pjcampbell_7243's avatar
    pjcampbell_7243
    Icon for Cirrus rankCirrus
    Feb 02, 2012
    I am having similar problems, but my VIP and pool members are both local. This is on an LTM. Any ideas? I'm using snat auto map and udp_gtm_dns. I don't have a "DNS" profile. Do I need to make one? What else am I forgetting?

     

     

    virtual primary-dns {

     

    snat automap

     

    pool primary-dns

     

    destination xyz:domain

     

    ip protocol udp

     

    profiles udp_gtm_dns

     

    }