Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Oct 02, 2023

Is nPath still practical?

Hi

We want to use F5 LTM to load balance local DNS server.

We have F5 LTM implement as one-arm topology but we need to preserve source IP for DNS traffic. = No SNAT.

So I check and find that there is DNS load balance with nPath.

But it's a bit old document and I didn't have any experience with it.

Is LTM using nPath deployment to load balance microsoft DNS server  practical?

Kridsana

  • Just remember DNS is/can be UDP and TCP which unless i've forgotten a config is two sperate Virtual Servers. One for UDP and one for TCP.

    • kridsana's avatar
      kridsana
      Icon for Cirrocumulus rankCirrocumulus

      So we just have to create 2 virtual server (  UDP 53 for DNS query/response  and TCP 53 for zone transfer)

      There is no problem to use nPath

      Am I correct?

  • Hi kridsana,

    The easiest way to deploy this config is to make the Float IP of your F5 the default gateway for your DNS servers and create a Forwarding VS 0.0.0.0/0.0.0.0 to give internet access to DNS servers through your F5.

    Npath configuration can disturb the sync cookie protection feature in the LTM so if you can avoid it I really recommend it.

    Hope it helps. 

    • kridsana's avatar
      kridsana
      Icon for Cirrocumulus rankCirrocumulus

      Hi
      I've some questions.   In my case, DNS server default gateway is not F5 LTM

      1. Do we need to create Forwarding VS for DNS server for outbound traffic? 

      2. If we using F5 for DNS udp 53 (nevermind TCP 53 for zone transfer), sync cookie protection can be ignore, right? I understand that sync cookie is for TCP only.

      3. There is no problem to use nPath, Am I correct?