Forum Discussion
mpeace
Nimbostratus
NimbostratusNew user trying to setup my first virtual server.
We have recently added a pair of LTM-VE running on MS HyperV and our first order of business is to try and get our internal DNS setup in a basic load balancing configuration. I have opened up a ticket with support but only managed to get links to documentation that I already had found. The only PDF I have been able to find that lookslike it is specifically aimed at acomplishing this task is depreciated and the templates it references are no longer usable in 17.1.
I haven't even tried to get to any sort of HA setup between the two units because I'm having some difficulty in getting a functional VS directing my DNS queries to the pool members.
I have added several interfaces and have Both VS the management interface and the others needed for the various networks in our existing topology that will be part of this setup.
Int 1.0 Mgt, Int 1.1 Virtual, Int 1.4 DC1, Int 1.5 DC2. One DNs server is in each on different subnets, I have created two virtual servers one for TCP and one for UDP both use x.x.10.222 for the virtual server address and point to the same pool that contains our physical DNS servers.
Everything mentioned above, nodes, pool, and virtual servers are all green.
The HyperV server has two 10G connections in a team and is a trunk containing several VLAN that are used by the various servers on the HyperV host. All of the VLANs are present on the trunk and working fine on other devices,
I have tagging set on each interface at the HyperV settings for each network interface depending on which VLAN I want on it starting with the mgt vlan.
I can ping the self IP assigned to each VLAN and I can ping the IP of the VS from my workstation. I can ping the physical DNS servers from the console sheel of the LTM-VE on the HyperV server. when doing an nslookup using the VS IP address however I get nothing just a timeout.
I am very green with this product and hopefully it is someting simple and obvious to someone with experience, any pointers would be appreciated.
- JRahm
Admin
Hi mpeace ... welcome to the community! Some ideas to look at since I don't have any idea what your virtual servers look like below. Friday -> Monday is wellness weekend here at F5, so staff won't be around until Tuesday, but I'll look for a response tomorrow if I have a few minutes between naps 😎
- virtual server enabled on ingress vlan from client -> DNS servers
- Routes from egress vlan on BIG-IP to DNS servers if they networks are not local to BIG-IP
- Routes on DNS servers back to server-side BIG-IP egress local network if not local to BIG-IP
- If this is just load balancing and you are not using DNS services on the BIG-IP currently, make sure your ports for DNS traffic are accurate on both the TCP and UDP servers.
- Make sure you don't have any packet filters blocking traffic to those virtual server IP addresses
- Make sure you have a route from client networks to BIG-IP ingress network that your virtual server is part of
- Make sure your virtual servers aren't configured with a source filter that blocks your client range
- If your DNS servers have general routes to your client networks, make sure you are using snat addresses on BIG-IP for your virtual server configuration so return traffic comes through BIG-IP instead of asynchronously routing directly to the clients.
- Make sure if you have iRules or local traffic policies applied to your DNS virtual servers that they are not impacting your traffic.
I mention all the routing stuff only because monitors will use mgmt network as a last resort if there are routes to your destination servers, so they can present a non-data-path false confidence. Feel free to post some sanitized config snippets and a drawing and I can take a look.
mpeaceHello and thanks for the welcome and reply.
I have the virtual server defined on the same VLAN that we previously had the DNS load balancer address loaced when we used another product. It is the same network that clients receive their DNS server assignments via DHCP. All clients can see this network and I can do nslookups to the DNS servers currently in production in that network. So my virtual address is x.x.4.150/26 and the existing DNS servers that I can hit are x.x.4x129/26 & x.x.4.130/26.
There are three VLANs involved, VLAN 310 where the DNS servers and the virtual server IP address are, VLAN 6 where one of the physical DNS servers and VLAN where the secondary DNS server is .
The LTM is basically freshly out of the box, I haven created any packet filters and unless there are source filters added as a default the virtual servers have none.
All clients on the network receive two DNS servers assigned from the same network that the virtual server IP address is located.
I have no iRules or local traffic policies in place unless again they were created as part of the default configuration.
I haven't setup SNAT at all so that may be an issue but I'm not really sure where to start there.
So currently a client gets two DNS servers with their lease the virtual server address is in that same network so the clients can get there fine. These addresses are in VLAN 310 where our previous load balanced virtual IP addresses were.
When that load balancing product proved not to be up to the task those addresses in VLAN 310 were assigned to real DNS servers we created to take their place until we had a new load balanced for DNS.
Those DNS servers are secondary to our main DNS servers in VLANs 6 & 8. The cleints can also choose to query the real DNS servers in VLANs 6 & 8 from nslookup and it works fione of course.
Client ---->DNS servers VLAN310 (pulling zones from) -----> DNS servers VLAN 6 & 8.
What I want is virtual server addresses in 310 which use real DNS servers in VLAN 6 & 8 as the pool members for the virtual server.
