Non-Standard GTM/ LTM failover Query

Question

Hi All,&nbsp;&nbsp;We currently have a dual data centre deployment of Approx 200 Terminal Servers which are are configured in a standard fashion.&nbsp;&nbsp;&nbsp;By this I mean we have: -&nbsp;&nbsp;&nbsp;1. Several Virtual Servers on the LTMs accepting client connections&nbsp;2.GTM redirects end user connections to a virtual server based on the DNS Name&nbsp;2. Each virtual server has one or more pools of terminal servers.&nbsp;3. each end user is redirected to the appropriate pool member based on the default pool or Irule.&nbsp;4. GTM is used to automate the failover between a standby data centre.&nbsp;&nbsp;&nbsp;We are currently working on a a VMWare based solution. Due to the application requirements we will now need to send end user connections to a specific server. So in effect we will have the following: -&nbsp;&nbsp;&nbsp;1. The Number of Terminal Servers will increase dramatically from hundreds to thousands.&nbsp;2. There will be no need for pools as there will now be a one-one mapping between external IP address and terminal server.&nbsp;3. We will still need to failover the connections en masse. All the Servers will still have the same dependencies (storage, Data centre etc).&nbsp;&nbsp;&nbsp;It should be possible to address this issue by creating thousands of virtual servers and pools (with a single member in each), But is there a better way of doing this?&nbsp;&nbsp;&nbsp;For Example, could I use a Network Virtual server and redirect the connections to a node based on the last octet perhaps using an Irule? What I am trying to avoid is creating thousands of Virtual servers without any clear benefit. I would still need to monitor the virtual server availability, so I could trigger an automatic failover using GTM.&nbsp;&nbsp;&nbsp;Hopefully this makes sense, any thoughts?&nbsp;&nbsp;&nbsp;

the_bhattman · Answer

Hi Barry, 
&nbsp;    If you are doing one to one mappings then you can use the iRULE to steer the client to the right virtual.  I want to advise you that I am going to make some assumptions so hopefully you can clarify if I am going in the wrong direction. 
&nbsp;  
&nbsp; I have had a situation where a client wanted 1 virtual to many nodes where the many was in the three hundreds - all one to one connections and not load balancing and the ability to grow.  The trick in that situation was determine how to drive traffic to the correct node, especially if the node was added yesterday and without having someone make changes in the F5. So I decided to write up an iRule using b64encode/b64decode command.   Specifically the application made a request in the terminal server using b64encoded value which was decoded by the F5 and used to send traffic towards the node.   
&nbsp;  
&nbsp; I hope this helps 
&nbsp; @Bhattman

austin_geraci · Answer

Couple of questions: 
&nbsp;  
&nbsp;  2.GTM redirects end user connections to a virtual server based on the DNS Name"  
&nbsp;  
&nbsp; Sounds like you have a different DNS name per Server you want to hit? 
&nbsp;  
&nbsp;  4. GTM is used to automate the failover between a standby data centre.  
&nbsp;  3. We will still need to failover the connections en masse. All the Servers will still have the same dependencies (storage, Data centre etc). 
&nbsp;  
&nbsp; From those two statments I can't exactly figure out the desired failover..   "automatic the failover" and "failover the connections en masse"  That sounds like you want to failover everything together... ie "en masse" 
&nbsp;  
&nbsp; So we really need more information... but to take a stab at it.. 
&nbsp;  
&nbsp; You could have a wildcard Virtual server.  Then your irule coud direct traffic to a specific node, keying on the destination port.. 
&nbsp;  
&nbsp; The hurdle you'd have to overcome is failover... you mentioned "automated failover" if you need a one to one failover, ie one node fails you need to send it to the other DC, not "en masse".. That's going to be hard to acheive from a GTM perspective with one VS per DC to key on for availability.. 
&nbsp;  
&nbsp; Another possible angle, lets say you really don't need all the great benefits haveing an LTM will provide you, ie connection manipulation, SSL termination, full proxy, etc etc etc.  You could possibly accomplish what you're looking for using Generic hosts, GTMs, and irules (depending on what version you are on)... now you're back to haveing a bunch of elements... but you would solve the failover issue..

barry_fitchett · Answer

thanks for the reply, 
&nbsp;  
&nbsp; in answer to your questions 
&nbsp;  
&nbsp; 2.GTM redirects end user connections to a virtual server based on the DNS Name"  
&nbsp;  
&nbsp; Sounds like you have a different DNS name per Server you want to hit?  
&nbsp;  
&nbsp; Yes, we will have a different DNS name for every Terminal Server in the environment. Currently we have a more traditional approach, where there are several pools of Terminal servers hosted behind a virtual server on the LTM. The architecture is due to change so that every server will be configured differently for each customer and will need to be accessible via a unique DNS name as only a single server will be used per customer there would be no need for persistence or load balancing. The servers will be in several groups of ESX hosts which will be dependant on a NFS Datastore and data centre, so we need an automated way of failing over all connections (at the same data centre or using the same storage should a dependency fail. I'm happy to use Icontrol to automate the failover or service monitors, but the requirement is to be able to fail over as a unit to avoid having to manually failover a large number of hosts. The Failover on the storage is likely to be automatic, but manually initiated, so If we could simply disable something on the LTM/GTM to initiate the failover that may also be an acceptable solution. 
&nbsp;  
&nbsp; 4. GTM is used to automate the failover between a standby data centre.  
&nbsp; 3. We will still need to failover the connections en masse. All the Servers will still have the same dependencies (storage, Data centre etc).   
&nbsp;  
&nbsp; If one node fails, we will use VMWares failover functionality to failover locally, the node will come up on another esx host with the same IP address, so we would not failover DNS in this scenario. However, If we lost a Datacentre or the storage we would need a way of failing all nodes dependant on these to another datacentre. So in short there is no requirement to fail individual hosts, but any hosts dependant on a data centre or storage node. 
&nbsp;  
&nbsp; thanks for your help so far

barry_fitchett · Answer

Hi Bhattman, 
&nbsp;  
&nbsp; thanks for your reply, 
&nbsp;  
&nbsp; the scenario you describe sounds very similar to our requirement, but I am not familar with the use of b64encode/b64decode commands in irules. Would this allow us to ensure that a specific group of end users always connect to the same server? 
&nbsp;  
&nbsp; all of our customers will have a dedicated DNS name, the resultant IP address should always direct connections to the same server. If we fail datacentres the External IP would change, but each customer would in affect have 2 dedicated IP addresses, 1 at each data centre. 
&nbsp;  
&nbsp; Unless of course there is a way to redirect based on the DNS name in the request? I looked at something similar when we built the system before but it fell over as version 9.4.x of GTM didn't support data groups. However In that instance we had pools of terminal servers so it was simpler, we could write an Irule to say if a DNS name contained an entry in a datagroup, resolve a given virtual server. Can I do anything like that in this scenario?

austin_geraci · Answer

Since you have “dependencies” on your storage environment, and a requirement of a unique URL per Client..  I really don’t see a good way of getting around a lot of out of the out of the box features you have at your disposal without doing a lot of custom coding.. 
&nbsp;  
&nbsp;  “ If we fail datacenters the External IP would change” This sounds like external traffic… 
&nbsp;  
&nbsp; Since that is the case, hard to use an iRule at the GTM to key on LDNSs.. You may know the source address, but not the LDNSs.. 
&nbsp;  
&nbsp; You know the source addresses… you could do some traffic directing at the LTMs to cut down on actual elements.. but then you would need one VS per DC, and one global URL.. you could then failover en masse, and direct to the proper node on source.. but you would be limited to failing over en masse and not a per host basis, unless of course the two DCs were connected and you could load balance across the two..  hmmm or maybe you could have a “failover url” which would be the DC specific URL.. upon a failure you could issue a redirect to the client to access the other DC… That might be getting messy.. 
&nbsp;  
&nbsp; None the less, there are a lot of ways to skin this, and without knowing the requirements 100% this is a tough one..  &nbsp;

Forum Discussion

Non-Standard GTM/ LTM failover Query

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Configuring AWS HA Failover Across AZs Without EIPs Using F5 Cloud Failover Extension (CFE)

F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS

Pool downtime query

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

iRule Processing query

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS