Forum Discussion
NimbostratusI need some help regarding a GTm Topology setup. Its a long ongoing issue without any resolution. We have a wideip in our environment for VPN users an
We have a wideip in our environment for VPN users and its Topology based. But the configuration is slightly different. The users DNS server subnet is not defined in region.user file because the wideip era0.fidelity.com uses geoip based DNS events (meaning it houses an internal database of internet addresses f5 got from an arin.net provider or the like) not subnet based like an intranet based GTM would.
Now the issue is we see users in India region, is hitting Merimac VPN servers whereas as per topology they should hit only India servers. Also The capacity limit on India VPN server is fine and can take traffic .
Below is the setup:
gtm wideip era0.fisc.fidelity.com { ipv6-no-error-response enabled persistence enabled pool-lb-mode topology pools { era0.fidelity.com-Ind { order 4 } era0.fidelity.com-all { } era0.fidelity.com-dcc { order 2 } era0.fidelity.com-mko { order 1 } era0.fidelity.com-rtp { order 3 } } ttl-persistence 60 }
Topology records:
Topology Records: 0.0.0.0/0era0.fidelity.com-all250 RemoteAccess-NorthernEuropeera0.fidelity.com-mko500 RemoteAccess-SouthAmericaera0.fidelity.com-mko500 RemoteAccess-SouthernEuropeera0.fidelity.com-mko500 RemoteAccess-Australiaera0.fidelity.com-mko500 RemoteAccess-NorthCentral-USera0.fidelity.com-mko500 RemoteAccess-NorthEast-USera0.fidelity.com-mko500 RemoteAccess-SouthernAsiaera0.fidelity.com-dcc500 RemoteAccess-Africaera0.fidelity.com-dcc500 RemoteAccess-Alaska-Hawaiiera0.fidelity.com-dcc500 RemoteAccess-SouthWest-USera0.fidelity.com-dcc500 RemoteAccess-SouthCentral-USera0.fidelity.com-dcc500 RemoteAccess-SouthernNorthAmerica-NonUSera0.fidelity.com-rtp500 RemoteAccess-NorthernNorthAmerica-NonUSera0.fidelity.com-rtp500 RemoteAccess-NorthernAsiaera0.fidelity.com-rtp500 RemoteAccess-NorthWest-USera0.fidelity.com-rtp500 RemoteAccess-SouthEast-USera0.fidelity.com-rtp500 ERA-Indiaera0.fidelity.com-Ind500
2 Replies
PeteWhiteEmployee
How about updating the Geo IP database as per http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11176.html?sr=40360698?
Then you can use geoip_lookup to check the settings are correct.
dipta_03_149731Thanks for replying Pete. We do have the geoip installed on the GTM and i did a lookup:
gtm-fwus301:Active] ~ geoip_lookup -f /shared/GeoIP/F5GeoIPOrg.dat 106.208.105.215 opening database in /shared/GeoIP/F5GeoIPOrg.dat size of geoip database = 187862997, version = GEO-148 20130207 Build 1 Copyright (c) F5 Networks Inc All Rights Reserved geoip_seek = 04bb0d1f geoip record ip = 106.208.105.215 name = bcl north d - 184 okhla industrial estate phase - 1 delhi
So the ISP shows here as India based which means user firct connected to India but then got kicked to a different datacenter which like i mentioned , to Merimac.
