Forum Discussion
NimbostratusNew user trying to setup my first virtual server.
AdminHi mpeace ... welcome to the community! Some ideas to look at since I don't have any idea what your virtual servers look like below. Friday -> Monday is wellness weekend here at F5, so staff won't be around until Tuesday, but I'll look for a response tomorrow if I have a few minutes between naps 😎
- virtual server enabled on ingress vlan from client -> DNS servers
- Routes from egress vlan on BIG-IP to DNS servers if they networks are not local to BIG-IP
- Routes on DNS servers back to server-side BIG-IP egress local network if not local to BIG-IP
- If this is just load balancing and you are not using DNS services on the BIG-IP currently, make sure your ports for DNS traffic are accurate on both the TCP and UDP servers.
- Make sure you don't have any packet filters blocking traffic to those virtual server IP addresses
- Make sure you have a route from client networks to BIG-IP ingress network that your virtual server is part of
- Make sure your virtual servers aren't configured with a source filter that blocks your client range
- If your DNS servers have general routes to your client networks, make sure you are using snat addresses on BIG-IP for your virtual server configuration so return traffic comes through BIG-IP instead of asynchronously routing directly to the clients.
- Make sure if you have iRules or local traffic policies applied to your DNS virtual servers that they are not impacting your traffic.
I mention all the routing stuff only because monitors will use mgmt network as a last resort if there are routes to your destination servers, so they can present a non-data-path false confidence. Feel free to post some sanitized config snippets and a drawing and I can take a look.
mpeaceHello and thanks for the welcome and reply.
I have the virtual server defined on the same VLAN that we previously had the DNS load balancer address loaced when we used another product. It is the same network that clients receive their DNS server assignments via DHCP. All clients can see this network and I can do nslookups to the DNS servers currently in production in that network. So my virtual address is x.x.4.150/26 and the existing DNS servers that I can hit are x.x.4x129/26 & x.x.4.130/26.
There are three VLANs involved, VLAN 310 where the DNS servers and the virtual server IP address are, VLAN 6 where one of the physical DNS servers and VLAN where the secondary DNS server is .
The LTM is basically freshly out of the box, I haven created any packet filters and unless there are source filters added as a default the virtual servers have none.
All clients on the network receive two DNS servers assigned from the same network that the virtual server IP address is located.
I have no iRules or local traffic policies in place unless again they were created as part of the default configuration.
I haven't setup SNAT at all so that may be an issue but I'm not really sure where to start there.
So currently a client gets two DNS servers with their lease the virtual server address is in that same network so the clients can get there fine. These addresses are in VLAN 310 where our previous load balanced virtual IP addresses were.
When that load balancing product proved not to be up to the task those addresses in VLAN 310 were assigned to real DNS servers we created to take their place until we had a new load balanced for DNS.
Those DNS servers are secondary to our main DNS servers in VLANs 6 & 8. The cleints can also choose to query the real DNS servers in VLANs 6 & 8 from nslookup and it works fione of course.
Client ---->DNS servers VLAN310 (pulling zones from) -----> DNS servers VLAN 6 & 8.
What I want is virtual server addresses in 310 which use real DNS servers in VLAN 6 & 8 as the pool members for the virtual server.
