Forum Discussion

InquisitiveMai's avatar
InquisitiveMai
Icon for Cirrostratus rankCirrostratus
Oct 13, 2022

LTM and F5 DNS on same hardware box or using LTM and F5 DNS on different hardware/vcmp guests

What is the recommendation for deploying LTM and F5 DNS.

LTM and F5 DNS on same hardware box or using LTM and F5 DNS on different hardware/vcmp guests. What are the pros and cons

    • InquisitiveMai's avatar
      InquisitiveMai
      Icon for Cirrostratus rankCirrostratus

      Thank you for your response.  Do you mean splitting between different hardware is better wrt to redundancy?  What kind of functionality impact would we see if its all in the same hardware or different hardware? If you can point out some documents That would be really helpful

  • Given a choice and no financial concerns, I prefer to run dns and application load balancing on separate devices, *and* license LTM+DNS on the DNS host.  If they're going to share the same virtualization platform, it has to be sized to accomodate DDOS capacity. 

    There's a couple advantages of running LTM+GTM as a package - mostly with L7 irules, and load balancing options for your pools of DNS servers behind the Big-IP DNS system. It's not something that comes up often, but every once in a while, those LTM L7 iRules will be able to save the day against a (D)DOS attack against your dns servers. For running the two concurrently, If they are the only two modules you'll ever run, and you're in a condensed environment, it works well. 

    If you intend to run more modules on your LTM - AFW, APM, ASM, etc, you'll find that having the DNS separate from the load balancing will provide you with a cleaner interface, and room to stack more relevant L7 modules on the load balancing device. 

    If you are in a high DDOS risk environment, having the DNS separate from the application services will be a best practice, so you can use the DNS system to monitor and mitigate the attack, and move applications between your datacenters.