For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mabdrasol's avatar
mabdrasol
Icon for Nimbostratus rankNimbostratus
May 26, 2019

LTM+GTM at same box

we have two LTM nodes at HA setup and we need to migrate External DNS to F5 GTM

LTM and GTM license at same node

 

but I cant find a clear steps to do that or the best practices.

 

application delivery
BIG-IP DNS

8 Replies

  • Oscar_Pucheta's avatar
    Oscar_Pucheta
    Icon for Cirrus rankCirrus
    May 28, 2019

    Hi mabdrasol,

    it can be done, no problem on using LTM and GTM on the same box. In regards to best practices, I would suggest you create the DNS configuration on your GTM devices, create listener with an IP address different to the current one serving the DNS request. Test extensively via dig/lookups and only when you are sure all is good, you perform the cutover re-pointing the NS records to the GTM's listeners.

     

    Best Regards,

    Oscar Pucheta

    https://www.australtech.net

    https://www.linkedin.com/in/npucheta/

  • mabdrasol's avatar
    mabdrasol
    Icon for Nimbostratus rankNimbostratus
    Jun 26, 2019

    Hi Oscar,

    thanks for your replay

    I'm confused here in this implementations as my f5 has below interfaces

    -self IP (for LTM)

    -floating IP (for LTM)

    -HA IP

    when I try to add GTM and LTM as a servers do I need to add more self IPs for GTM as I cant use same self IP for GTM and LTM.

     

  • Oscar_Pucheta's avatar
    Oscar_Pucheta
    Icon for Cirrus rankCirrus
    Jun 26, 2019

    Hi, The selfip belongs to the device itself, it doesn't matter if you are using LTM or GTM, so, just add the device once, with the non-floating selfip and that's it. If you have LTM provisioned and you want to discover the Virtual Servers, then enable Virtual Server Discovery

  • Oscar_Pucheta's avatar
    Oscar_Pucheta
    Icon for Cirrus rankCirrus
    Jun 26, 2019

    if the devices are in HA, add both non-floating self-ips one for each device. But still add only once, so lets say the HA pair has these two devices:

    -ltm01

    -ltm02

     

    then add the HA pair with a name like this: ltm01-02 and use the non-floating self ip for each device. Important point is that even you have two devices, because they are in HA, you just add once.

    • AshrafKassem's avatar
      AshrafKassem
      Icon for Nimbostratus rankNimbostratus
      Sep 16, 2024

      Hi,

      can you please, explain to me what you mean? I have same setup HA LTM working as Active/Standby and i will add GTM License to the box. 

      should I login to the active F5 and add Two servers with Self-IP (one for active and for standby)?

      should I do this step on active and standby F5?

      should i use the Synck group in GTM?

       

  • mabdrasol's avatar
    mabdrasol
    Icon for Nimbostratus rankNimbostratus
    Jul 09, 2019

    Hello Oscar,

    thanks for great tips.

    now I have added

    -F5 node with two self ips

    -create listener ip

    -create pool with existing LTM VS.

    -create wideip with a record for this pool.

    -use dig tool to test dns resolving using listening ip from internal lan and resolving worked fine.

    now I need to use this test from WAN side but I have a confusion here

    here is my design

    remote user >>WAN>>NET Router>>FW>>F5 DNS>>F5 LTM>>server

    how to map VIP private IP to Real IP?

    listener IP is a private IP do I need to NAT it in internet firewall to real IP?