Forum Discussion

Torijori_Yamamada's avatar
Torijori_Yamamada
Icon for Cirrus rankCirrus
Jul 17, 2023
Solved

Overlapped Networks Question

I have two networks which overlaps. 10.140.10.0/28 and 10.240.20.0/28  in  "DC_Networks" 10.140.10.0/23 and 10.240.20.0/23  in  "DRC_Networks" An iRule is using to determine which DNS response s...
application delivery
dns
IP Check
  • Ben_Novak's avatar
    Ben_Novak
    Jul 17, 2023

    I suggest you implement this traffic steering based on topology records/LB.  It will scale much better and is made for just this use case.

    K75177455: Forcing DNS traffic to different data center when using Topology Load Balancing method

    https://my.f5.com/manage/s/article/K75177455

    https://www.youtube.com/watch?v=PyqHmmMcmm0

    https://blog.garraux.net/2012/08/f5-gtm-topology-records-lessons-learned/

     

    But to answer your original question, once an "if" or "elseif" condition is matched, it is executed and the that whole logic tree is done.

    As I think about your scenario more, you may have bigger issues with either the clients being on overlapping network space or the dns response being on overlapping networks spaces.  If either one of those is true, L3 routing will break for one or both.  Overlapping address spaces are first isolated through route domains.  From there, DNS services can/should be further isolated to control responses as needed (seperate DNS).  You don't want DNS records accidentially bleeding into other domains.

Ben_Novak's avatar
Ben_Novak
Icon for Employee rankEmployee
Jul 17, 2023

I suggest you implement this traffic steering based on topology records/LB.  It will scale much better and is made for just this use case.

K75177455: Forcing DNS traffic to different data center when using Topology Load Balancing method

https://my.f5.com/manage/s/article/K75177455

https://www.youtube.com/watch?v=PyqHmmMcmm0

https://blog.garraux.net/2012/08/f5-gtm-topology-records-lessons-learned/

 

But to answer your original question, once an "if" or "elseif" condition is matched, it is executed and the that whole logic tree is done.

As I think about your scenario more, you may have bigger issues with either the clients being on overlapping network space or the dns response being on overlapping networks spaces.  If either one of those is true, L3 routing will break for one or both.  Overlapping address spaces are first isolated through route domains.  From there, DNS services can/should be further isolated to control responses as needed (seperate DNS).  You don't want DNS records accidentially bleeding into other domains.