Forum Discussion

Adam_3360's avatar
Adam_3360
Icon for Nimbostratus rankNimbostratus
Jun 16, 2011

LTM or GTM?

Hi All

 

 

I have inherited a network build already "designed" and in progress an I would like to ask a question around the Big-IP configuration that was planned.

 

 

The design is based around two data centres and the planned load balancer configuration was to have 2 x 1600s running in a HA pair at each site and synchronising over the network to act as one HA system. F5 have told me they do not believe this configuration will work with LTM and we would need to upgrade to GTM in order to achieve this configuration

 

 

So my questions are:

 

 

a) is this correct? Can we not achieve this configuration using LTM?

 

 

b) if the answer is no, would we be able to upgrade our existing 1600s to the GTM software (and relevant licenses)? According to the documentation I have read, GTM is available as "a standalone appliance" on the 1600s and is also available as an add-on module for LTM? (Source: http://www.f5.com/pdf/products/big-...ger-ds.pdf - page 7)

 

 

The units are running LTM v10.2.1. Thanks for reading.
  • Hi Adam,

     

     

    If you have a separate public subnet for each DC it would be a lot easier to use GTM to load balance between the sites. Normally you'd have a separate GTM instance and a separate redundant pair of LTMs for each DC.

     

     

    You can get an addon GTM license for an LTM unit. You can chat with your F5 SE or partner to get more detailed recommendations on this scenario.

     

     

    Aaron
  • Hi Aaron, thanks for the reply.

     

     

    Our configuration is that our public IP range is across both sites, controlled by BGP higher up the network which prioritises our primary DC and only sends to our secondary DC when the primary is unavailable. That is something out of my control unfortunately.

     

     

    The HA pair I have configured currently at our primary DC works a treat and does everything I want it to do. I now need to replicate that at our secondary DC and have the two HA pairs talk. I am stuck with the 4 x 1600s and cannot purchase more kit but can purchase the GTM Modules for each if it will do the job I am after.

     

     

    Please could you advise whether this scenario would work with the GTM module?

     

     

    Thanks

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Failover using BGP works as well as the BGP failover works... The only issue you'll have is with keeping the LTM configs synchronised between the pair in DC1 and the pair in DC2. That'll be either manual (Copy config file and restore - which does shared config only if the hostname is different), or you could script it via ssh/bash or iControl via Java/Perl/Whatever.

     

     

    (Some assumptions made here - YMMV :)

     

    -Assumes IP ranges are same so shared config can be loaded across all 4 units etc. So if DC's have different ranges and youre' NAT'ing the inbound traffic at the DC border, and just using the BGP to get to the external facing IP, there's be a bit of config 'cleanup' to be done in order to use synchronisation across the F5's. The remedy for that is a bit of intelligence in whatever you use to sync the configs... EIther a bit of perl to massage the configs, or change it when using iControl etc.

     

     

    H
  • Hi Hamish, thanks for the reply.

     

     

    My only issue with sync'ing two separate HA pairs (whether it be manual or automatic) would be whether there would be duplicate IP address errors as effectively the HA pairs at each site would be broadcasting the same VIP addresses?

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Well, that's up to your network design. If the front-end is a real VLAN, then it needs to be spanned (Cisco OTV is good for this BTW). If not, then it's up to your BGP to swing the route. If it is a real-VLAN of course, that's when you'll need to edit the config on the fly as you sync it...

     

     

    Like I said... A lot depends on the exact design of your network... Whether you NAT at the border or not, whether the VLAN's are spanned via OTV or similar etc.

     

     

    H
  • Hi Adam,

     

    Well the issue you will face is the delay between the devices and the system will get out of sync if you are planning to use LTM only. Unless you have a fiber link between the sites which will ensure the reply time with in 10ms