Forum Discussion
Load-balancing generic hosts between different datacenters
Hi all
I have GTM F5 Load-balancer sitting in my primary Denver (USA) data center.
I have two VPN firewalls sitting in the Chennai (India) data center, where there is no F5 load balancer. Hence there is no GSLB. I would like to load-balance these two VPN firewalls through the Denver F5 GTM load balancer.
The public IPs are completely different between the data centers.
The expectation is that the end host ==> Public DNS Server ==> F5 GTM Listener (Denver) ==> Chennai (India) Datacenter (VPN Firewall).
Will this be doable?
- AubreyKingF5Moderator
You're asking if you can have a WIP (Wide IP) on your Denver F5 DNS implementation that points to 2 different endpoints in India. This is a piece of cake and will not impact performance negatively in any way, as a client will ask an LDNS and the LDNS will serve a cached response from the F5 DNS.
Have you looked at F5 Distributed Cloud DNS yet? For this sort of thing, it's perfect, as you've got DNS presence via anycast over 22-ish PoPs, boasting the 3rd best peering on the internet. The price is VERY nice, as I understand it, too.
nagachn If your intent is to have users connect to one or the other VPN and it's just a single FQDN they would use then I don't see why this wouldn't be possible. Now if I'm misunderstanding what you are attempting to do please add aditional context for us to better understand the ask.
- nagachnNimbostratus
The Firewall has two internet circuits which are differnt internet service providers. I am running the RAVPN (PA Globl Protect) in both the circuits. Bothe the internet public IP's are mapped with single fqdn (Example:vpntest.xyz.com). The vpntest.xyz.com mapped with both the public ip address. The intention is if one of the Internet circuit goes down then the users can connect the other RAVPN through the secondary internet link automaticall.y
nagachn I see no reason that you could not configure 1 FQDN on the GTM that points to the two locations. If you prefer it as active/standy or active/active you can definitely do that. If one of them goes down it will take about 30 seconds (your GTM TTL) to failover utilizing DNS. You can probably setup an ICMP monitor to the IPs in question or something a bit higher in the OSI model but I would start with ICMP.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com