internal GTM integrate with external LTM

Regarding this:

"Big IP DNS internal, Link discovered via server link from the external LTM device, is that possible or not supported?"

I've not seen this setup, so unfamiliar with how this will work. I'm 90% sure, the DNS system should have the links and monitors (and gateway pool) defined locally.

Is this your current topology:

+--+             +--+  
|GW|             |GW|
+--+             +--+
192.x            10.x

+----+  +----+  +----+
|Pool|--|LTM |--|Pool|
+----+  +----+  +----+
 192.x           10.x
 
       +-------+
       |LTM/DNS|
       +-------+
    

We know Wide-IPs are made of many pools. If one link goes down, say 192.x, you'd like to have all of the pool members downed (removed from Wide-IP) on that subnet, correct?

Exactly!

For me also never seen it before thats why I post it here to verify because it is not working in my lab.

"the DNS system should have the links and monitors (and gateway pool) defined locally."

Does this require that the internal DNS needs direct access to all WAN links correct? It will not be able to retrieve the link status from an external LTM device?

This will make the implementation impossible I guess because the internal DNS will eventually be implemented on another segment and will use a different default route pool.

I think the issue here is BIG-IP DNS like to probe the path of the client to ensure IP addresses handed out are really available. In this instance, BIG-IP DNS is unable to do that probing.

Tried to set this up but ran into some issue. I'll keep looking into this. Currently looking at:

K6785: Configuring an uplink address for BIG-IP GTM and Link Controller link definitions https://support.f5.com/csp/article/K6785

K10965: The BIG-IP GTM bigip_link and snmp_link monitor operation https://support.f5.com/csp/article/K10965

Sorry I wasn't more helpful on this.

Thank Kevin, Yes I guess at this moment not supported setup, best thing I guess is to have DNS externally or Link Controller license.

I think I already have the solution internally I will work with different vlans (links) and transparent monitors to be able to detect the link status. That way it is not required to use Iquery between the two Big IP devices but only internally inside the LTM/DNS combo.

So solution is define vlan per WAN connection internally and use transparent monitors.

So simply mapping internal vlan to external WAN router

F5 internal VLAN1--> WAN1 transparent monitor F5 internal VLAN2--> WAN2 transparent monitor etc

Downside when adding a WAN router it will be needed to add another VLAN.

Kevin, OK this is really weird it is working now. In the server link I configured both Self IPs (Big IP LTM/DNS) local and external one (Big IP LTM). The local Big IP LTM/DNS has NO virtual servers configured.

When I do that it will retrieve all virtual servers and links from the external LTM. It also detects a link failure when I disable the link all virtual servers will go down in DNS/GTM.

Could you give it a try, eventually the local DNS will delete the second IP in the server link and will remain only the external IP 192.168.1.120.

Do you have any explanation on this?

Please try to put both IPs on the server link and tell me your experience, it seems to work now. It will retrieve the links using the default route pool configured on the external LTM.

Hi Marvin,

So far, the best I have is to configure a generic server for the link (but I don't think your DNS has any access to the gateway link). Then I created a dependency, so when that link goes down, so does virtual server:

tmsh modify gtm server you virtual-servers modify { /Common/vip_192 { depends-on add { test:gw_192 } } }

So far, I can't find any other customer with this issue.

Kevin

Hi Kevin yes I meant the server object I understand it weird but after that F5 DNS automatically removed the internal Self IP from the server link object list and from that on it receives all the virtual servers and link (using the default route table of the external LTM) correctly.

I guess it may not be supported but technically now it is working. I could give it a try tough but the best way I guess is to implement it using the solution I posted, that is creating two local connected vlans (link1 and link2) and monitor the router using transparent monitor.

I am still surprised by the fact it is working after adding both self IP addresses to the same server link. Also I agree that this problem I am facing is unique because it is not a best practice.

Thanks for your help.