For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_HO_7253's avatar
John_HO_7253
Icon for Nimbostratus rankNimbostratus
Aug 18, 2015

GTM to return NAT IPs without LTM

Hello all, 1st time on F5 Community.

 

We have a GTM pair on the Internet. We want to do HA/DR between two Data Center, manually.

 

WIP: webservice.domain.com

 

DC1-NAT-IP and DC2-NAT-IP

 

We want GTM to always return DC1-NAT-IP for the WIP webservice.domain.com

 

If DC1 is dead, we will manually want to update GTM to return DC2-NAT-IP, by disable DC1

 

My reading of the manual said we need LTM to do the healthcheck. In this case, these are NAT IPs, hence we can't do any kind of checking.

 

Someone on my team is thinking: ""One option is to assign an empty pool to the wide-IP. Then you can fill in the fallback IP section. Since there are no pool members, the load balancing method would fallback to the fallback IP." But that mean when we want to change the IP, we have to update the Fallback IP.

 

Is it possible to setup

 

WIP with IP in DC1 and IP in DC2?

 

Tks

 

John

 

BIG-IP DNS
design

1 Reply

  • James_Thomson's avatar
    James_Thomson
    Icon for Employee rankEmployee
    Aug 20, 2015

    Welcome! When you say DC1-NAT-IP , what is this IP on? Is it a NAT IP on a firewall? You then mention that you can't do any checking because it is a NAT IP. Why can't you check a NAT IP? Won't the check of the NAT IP just pass through to the backend server that you care to monitor?

     

    One thing to note is that GTM will only hand out an IP address of an object that is has marked as Green (available), or a static IP like you were talking about having for Fallback IP.

     

    You could create a pool using the global availability load balancing method. The problem is that you'd need to create some sort of monitor that would ALWAYS be up until you manually disabled it.

     

    pool-blah - DC1-NAT - DC2-NAT

     

    I did something like that one time where I created a monitor that pinged the upstream router, figuring if that's down, I'm dead in the water anyway.

     

    The upstream router was very reliable, so all I had to do was create that monitor, assign it to the pool-blahand then I just had to disable DC1-NAT whenever I wanted to shift traffic.

     

    Honestly, using the dummy pool with fallback IP would accomplish the same thing with less complexity probably.