internal GTM integrate with external LTM

You may go thru the following article:

 

K13690: Troubleshooting BIG-IP DNS synchronization and iQuery connections (11.x - 13.x)

 

https://support.f5.com/csp/article/K13690

 

To explain the issue in more detail I included some more pics and graphs. This is the lab architecture both F5 Big IP VMs are located in the same network segment.

 

 

The external LTM has connectivity to both internet connections. The internal LTM / GTM combo needs to resolve DNS requests and know the link status of both Links and virtual servers. So I was thinking to integrate the internal GTM with the external LTM using Iquery.

 

 

The server link is active configured on the internal GTM using the external Self IP 192.168.1.120 and Iquery traffic is flowing between both F5 devices.

 

 

So that seems to work properly, but the thing is that the internal GTM is unable to determine the status of links and virtual servers nor discover them automatically. If I configure one manually its becomes unavailable.

 

 

But the virtual server is indeed available on the external LTM.

 

Analyzing the Iquery traffic using Iqdump I do see active traffic.

 

 

 

Someone any idea what to do to solve this issue?

 

Greetings,

A few things to consider:

  1) You can't define two links using the same subnet:
      K13761: BIG-IP DNS and Link Controller require a unique VLAN and IP subnet for each configured link (11.x - 13.x)
      https://support.f5.com/csp/article/K13761
  2) You did define the GTM server object? =)
  3) Do you need links? If you're not using dynamic bandwidth calculations, I believe thes3e aren't necessary.

Hope this provides some help,

Kevin

Hi Kevin,

 

-Both WAN links will be on different segments with virtual servers linked to them, currently in lab not available, at least I should receive information and be able to monitor the status of the virtual servers.

 

GTM server object is defined and enabled

 

Yes I do need links because I want to realize inbound load balancing end when one link goes down all the associated virtual servers has to go down, therefore I need to know the Link status.

 

Okay, that's good to know. So, yet another thing to consider:

 

1) If the virtual servers are not situated on the other side of the links, shouldn't customers still be able to access them using the other wan link? I would hope so.

 

 

2) If the virtual servers are on the other side of the link, then BIG-IP LTM's monitors will detect them being unavailable and convey the status to GTM/DNS which will remove them from Wide-IP.

 

Hope this is helpful!

 

Kevin

 

In this lab environment I dont have WAN links, but the idea is indeed to have two WAN links connected and publish the Wide IP using two public IP addresses. I understand the logic and have implemented it several times. The only thing is that I ran into this technical issue using an internal DNS integrated with an external LTM that currently is not able to verify the status of the virtual servers configured and active on the external LTM device. The server link is green as you can see above but it does not discover any of the virtual servers of the external LTM nor the status of the virtual servers.

 

Maybe perhaps this is just a small issue using VMware I really dont understand, but I understand correctly this setup should work accordingly.

 

If you must use links, have you defined the default_gateway_pool on the system and applied the bigip_link and gateway_icmp monitors to the link?

 

I'd give this a full review to be sure everything's configured correctly:

 

https://support.f5.com/kb/en-us/products/lc_9_x/manuals/product/lc-implementations-12-1-0.pdf

 

If you have basic tcp connectivity between the devices, there should be no VMWare issues.

 

Lastly, you aren't doing any type of address translation?

 

Kevin

 

Oh, and i forgot the specific sections:

 

Creating a default gateway pool

 

Creating a default route to the Internet

 

Creating links to define the physical connections to the Internet

 

Kevin

 

In this setup it is a bit different because we are using to different F5 devices (Internal DNS and External LTM)

 

Is it possible to have this, refer to the design above:

 

Big IP LTM external, that means no Link Controller only LTM with default pool gateway in a separate VLAN

 

Big IP DNS internal, Link discovered via server link from the external LTM device, is that possible or not supported?

 

I know yes and have experienced this behavior that when implementing a DNS+LTM combo when having defined the GTM links with bigip_link monitor and not defined in the LTM gateway pool the links wont come up. So it seems that both of them needs to work together, so I am questioning if it is even possible to seperate LTM and GTM on different F5 devices and having the LTM externally on other words the F5 DNS will not have direct connectivity to the gateways, it can only fetch the link status via the external F5 LTM device.

 

Hope it makes more sense now. I know its a little weird architecture but at this moment I dont have other options to implement this.

 

Thanks