Forum Discussion

Jason_40733's avatar
Jason_40733
Icon for Cirrocumulus rankCirrocumulus
Apr 08, 2011

GTM Topology Architecture with DNS resolvers

We are implementing GTM and have some general topology rules setup for routing our traffic. Something we have come across, is a potential need for us to route different groups of DNS clients that are using the same DNS resolver to different IPs for the same Wide-IP. Of course the DNS resolver doesn't pass the originating client's IP address, so we only see the IP of the resolver.

Has anyone found an iRule or way to help design around this issue? Our current solutions are to point the smaller group directly at the GTM for DNS, or to assign different resolvers to different routing needs.

 

 

 

 

 

Any help or thinking outside the box is greatly appreciated.

 

 

 

Thanks

 

 

 

J

 

 

 

6 Replies

  • Sounds like you want to do some topology based ADCing..

     

     

    From a high level, you can specify the resolution based on the LDNS...

     

     

    This should get you going..

     

     

    Overview of BIG-IP GTM Topology records

     

     

    http://support.f5.com/kb/en-us/solutions/public/10000/400/sol10434.html?sr=13793338
  • That is a good document. It's something we've gone over. Our needs are a bit more in depth than that goes into. It appears that given the behavior of DNS, to accomplish what we wish to do we'll need to point anything that needs a more specific rule directly to the GTM. Which will eliminate part of our deployment simplicity gains by implementing GTM, but its not a huge difference.

     

     

    So.... for a general topology set

     

    subnet1 -> LDNS1 -> GTM

     

    subnet2 -> LDNS1 -> GTM

     

    subnet3 -> LDNS2 -> GTM

     

     

    Will become this when more specific topology records are needed. It's either that or add more LDNS servers.

     

    subnet1 -> LDNS1 -> GTM

     

    subnet2 -> GTM

     

    subnet3 -> LDNS2 -> GTM

     

     

    With subnet2 being the subnet/IP address with specific topology needs.

     

     

  • Ahhh I'm sorry about that, I missed you're coming from the same LDNS.. Pointing directly at the GTM will work for subnet 2, like you mentioned, but it's not where you want to end up redundancy wise..

     

     

    Not sure what a good option is here.. As you mentioned, you're stuck with the LDNS source.. As of today.. I don't believe the original source is passed along.. but I do remember reading some people from google were trying to push it.. Anybody know where that is at?

     

     

    http://tools.ietf.org/id/draft-vandergaast-edns-client-ip-01.html

     

     

     

    I'm not sure what your flow is after the GTM...? Are they all in different data centers? or same? You could always do something at the LTMs by IP..and redirect from there.. but not a good long term solution either..

     

     

     

     

     

     

  • Our flow after GTM is a cross of generic servers and LTM VIPs. We're going to go with the more generic topology and anyone with specific routing requests would need to be pointed at the GTMs.
  • I am not sure if this thread is still live but I am also in the same situation. We have our main DNS server as Infoblox and sub-zone delegation pointing to GTM. The tcpdump shows queries coming from DNS server and not the client polling for record. Anycast DNS is also making it a bit difficult. Any more ideas?
    • chris01_159200's avatar
      chris01_159200
      Icon for Nimbostratus rankNimbostratus
      Sly, we are trying to implement topology based load balancing as well for clients referred to the GTMs from Infoblox. Were you ever able to overcome the fact that the requesting client address is not associated with the topology decisions due to the LDNS source being Infoblox instead of the client's actual DNS server? Thanks! -Chris