Dear All, Someone over here some experience with integrating a GTM located in the internal network with an external LTM using the bigip add command and Iquery. I set up a lab and had a succesfull connection from the GTM to the LTM self IP but nothing is being synchronized. There is active Iquery traffic viewing the iqdump command. What is missing here?

You may go thru the following article: K13690: Troubleshooting BIG-IP DNS synchronization and iQuery connections (11.x - 13.x) https://support.f5.com/csp/article/K13690

To explain the issue in more detail I included some more pics and graphs. This is the lab architecture both F5 Big IP VMs are located in the same network segment. The external LTM has connectivity to both internet connections. The internal LTM / GTM combo needs to resolve DNS requests and know the link status of both Links and virtual servers. So I was thinking to integrate the internal GTM with the external LTM using Iquery. The server link is active configured on the internal GTM using the external Self IP 192.168.1.120 and Iquery traffic is flowing between both F5 devices. So that seems to work properly, but the thing is that the internal GTM is unable to determine the status of links and virtual servers nor discover them automatically. If I configure one manually its becomes unavailable. But the virtual server is indeed available on the external LTM. Analyzing the Iquery traffic using Iqdump I do see active traffic. Someone any idea what to do to solve this issue?

Greetings, A few things to consider: 1) You can't define two links using the same subnet: K13761: BIG-IP DNS and Link Controller require a unique VLAN and IP subnet for each configured link (11.x - 13.x) https://support.f5.com/csp/article/K13761 2) You did define the GTM server object? =) 3) Do you need links? If you're not using dynamic bandwidth calculations, I believe thes3e aren't necessary. Hope this provides some help, Kevin

Hi Kevin, -Both WAN links will be on different segments with virtual servers linked to them, currently in lab not available, at least I should receive information and be able to monitor the status of the virtual servers. GTM server object is defined and enabled Yes I do need links because I want to realize inbound load balancing end when one link goes down all the associated virtual servers has to go down, therefore I need to know the Link status.

Okay, that's good to know. So, yet another thing to consider: 1) If the virtual servers are not situated on the other side of the links, shouldn't customers still be able to access them using the other wan link? I would hope so. 2) If the virtual servers are on the other side of the link, then BIG-IP LTM's monitors will detect them being unavailable and convey the status to GTM/DNS which will remove them from Wide-IP. Hope this is helpful! Kevin

internal GTM integrate with external LTM

24 Replies

Marvin
Cirrocumulus
Jan 29, 2018
Hi Kevin, the issue is 100% reproducible and easy to fix. It rather looks like a bug to me.

Big IP 1: only GTM self IP 192.168.1.121 Server link 192.168.1.120
Big IP 2: only LTM self IP 192.168.1.120
Result: no virtual server or links detected.

To resolve this, I do the following:

Big IP 1: only GTM self IP 192.168.1.121 Server link 192.168.1.120 and 192.168.1.121

Big IP 2: only LTM self IP 192.168.1.120

Result: all virtual servers and links are being detected and eventually IP 192.168.1.121 is being removed. All newly created virtual servers on the Big IP 2 are automatically discovered as well and assigned to the link. It is so weird its seems like a bug I am using 12.1.2 HF2 in VMware. By the way I am not the only one who is able to reproduce this issue, another F5 pre-sales engineers has exactly the same findings as I do but he used version 13.

As you can see in the images provided of the F5 Big IP DNS is using server link 192.168.1.120 (the external LTM self IP).

It seems like Big IP DNS is not able to retrieve status information using only the external server link IP address. When both (external and local) are configured it will start to work properly and eventually automatically delete the internal server link.

I would be a good idea to investigate this issue internally at F5 because it should work using only the external server link IP address. If you need anything from me let me know I am always willing to help making things better :-)
Kevin_K_51432
Historic F5 Account
Jan 29, 2018
Hi Marvin,

I can't see this being a bug as this design isn't the standard link configuration. A valid config would be to have GTM connected to the ISP links and LTM behind (so to speak). Then:

Both the GTM and LTMs need to be defined as server objects.
Both of the links (and default_gateway_pool members) should be ISP routers on separate subnets.

Sorry I wasn't more helpful with this question.

Kevin
Marvin
Cirrocumulus
Jan 30, 2018
Both the GTM and LTMs need to be defined as server objects.
Both of the links (and default_gateway_pool members) should be ISP routers on separate subnets.
Marvin
Cirrocumulus
Jan 30, 2018
Kevin, now it makes perfectly sense I marked it as the answer to this question. Using two server object links it works like a charm.