Forum Discussion
NimbostratusReplacing DNS with GTM
can someone please explain about how gtm works? i am familiar with how LTM works. Please give example if possible in terms of traffic flow from client (Browser) to backend server or pool member(end to end traffic flow).
Thanks!
3 Replies
Mahmoud_Eldeeb_Cirrostratus
The biggest difference between the GTM and LTM, as mentioned earlier, is traffic doesn’t actually flow through the GTM to your servers. The GTM is an intelligent name resolver, intelligently resolving names to IP addresses. Once the GTM provides you with an IP to route to you’re done with the GTM until you ask it to resolve another name for you. Similar to a usual DNS server, the GTM does not provide any port information in its resolution. The LTM doesn’t do any name resolution and assumes a DNS decision has already been made. When traffic is directed to the LTM traffic flows directly through its’ full proxy architecture to the servers it’s load balancing. Since the LTM is a full proxy it’s easy for it to listen on one port but direct traffic to multiple hosts listening on any port specified.
BJ_114988Hi eldeeb, thanks for explanation..it really helped!!! :) If i want to use GTM in my network setup...what is the minimum requisite. i know a little but that i have to configure wide ip for two sites between which i wanna do load balance traffic. can you please tell me what exact configuration is needed on GTM box. if i have site 1 with ip 1.1.1.1 and site 2 with 2.2.2.2 then how i have to preceed?(basically i wanna know whole config that i have to do on GTM)...appreciate if you can tell me by using some example. thanks in advance!!
Hi BJ
Some additions from my side to what Eldeeb already mentioned earlier. Before you start doing something. Please get familiar with the GTM concepts first which are available under following link https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-concepts-11-5-0.html (BIG-IP Global Traffic Manager: Concepts).
Backgroud: GTM is an intelligent and secure resolver. You could configure DNS Round-Robin (DNS R-R) basically with any available DNS server but in that case you don't have any further logic to control the traffic for your business critical applications. Within GTM (our DNS module) you will be able to control DNS queries among different sites for the same application (what we call a WIDE-IP within GSLB topic). So, you need at least one GTM per data center (site). All these GTM's are configured into a sync-group to share the configuration with eatch other (over a secured connection logically). That means each GTM has the knowledge for any application among your data centers (sites, company, cloud what else) because all GTM's are in sync.
Why is this needed? Because you want to make sure your business critical application is available anywhere and anytime. (High availability a basic protection target of information security.)
Basic config steps:
- Configure GTM network connectivity
- Configure sync-group between you GTM's (search on ask.f5.com)
- configure your gslb servers (applications) on GTM (these are generic servers or other BIG-IP's which holds different appliactions etc. (search on ask.f5.com))
- configure a gslb pool
- the pool holds at least two "servers" (which are generic or BIG-IP apps etc.)
- configure a WIDE-IP and assign the pool
- configure a DNS profile and enable GSLB only (disable everything else)
- configure a listener on (port 53) and assign the DNS profile
- done
You will see within the DNS profile that there are a lot of more options. For instance, DNSSec, DNS-Express (DNS offloading to be more secure), Caching etc... All this stuff goes beyond gslb and gives you added value to konsolidate DNS overall with F5 (logically you could use our lovley iRules).
Cheerio,
Andrea
