Forum Discussion

Dazzla_20011's avatar
Icon for Nimbostratus rankNimbostratus
May 23, 2011

iquery over the internet gtm - to ltm




Should I be OK to run iquery over the internet for GTM to LTM communication? I need to specify our LTM server objects using a public ip address which NATs to the LTM's real private address.






3 Replies

  • Hi Darren,



    I think it's generally recommended to run iQuery over the same route clients would take. It's encrypted traffic so you shouldn't need to worry about someone snooping the traffic. And you could lock down the ports on the firewall to only other GTM/LTMs.



  • Hi Aaron,



    Our LTM's have been specified within the GTM's using their private LAN addresses, each GTM has a route to the LTM's through the LAN.


    The problem we have is when one of the internet links go do down the GTM's can still see the LTM's through the LAN so still responds to dns queries as iquery is still functioning as normal. My plan is to specify each LTM on the GTM using a public ip address which I will NAT on the firewall to its private IP. Iquery for GTM's and LTM's at different data centres will run over the internet so it takes the same route as a client would take therefore if any device or link fails across that route the GTM will mark the virtual server associated with the failed device/link as down.



    Does this seem like normal practice?



    Many Thanks





  • That is THE only way to do it, really. As Aaron stated, it is best to use the same path client takes to get to for the iQuery traffic, to avoid the problems you are seeing.