Forum Discussion
Jim_Araujo_1061
Nimbostratus
NimbostratusStandalone GTMs in different DMZ with Different ISPs
Is there a way for the GTMs to detect a unplink is down based simply on ICMP ping?. The scenario I am trying to solve is we have two GTMs in standalone mode. Both are have Listener's in different DMZ subnets which utlize different ISPs for hosting, responding to DNS, etc. I want the ability for either of GTMs to detect when it's own upstream path to let's say 8.8.8.8 and 8.8.8.4 via it's ISP is not reachable to stop resolving to anything under its DataCenter objects (which I've defined as DC1 and DC2).
I've been reading about Link monitoring via the articles here. https://devcentral.f5.com/questions/how-can-i-automatically-mark-pool-addresses-down-when-one-isp-fails-with-gtm-acting-as-link-controller-with-multiple-isps
https://support.f5.com/kb/en-us/solutions/public/13000/700/sol13761.html https://devcentral.f5.com/questions/gtms-link-monitoring
I'm running 11.5.1 and my Link config looks like this
gtm link ISP1 {
datacenter DC1
monitor bigip_link
router-addresses {
y.y.y.189 {
device-name /Common/ISP1
}
}
service-provider ISP1
uplink-address 172.16.1.1
}
gtm link ISP2 {
datacenter DC2
monitor bigip_link
router-addresses {
x.x.x.145 {
device-name /Common/ISP2
}
}
service-provider ISP2
uplink-address 172.16.2.1
}
Under the availability in the web GUI each one complains that the other GTM isn't getting a reply (which it shouldn't) and marking the Link as down.
Another thing I've noticed is in each SOL article they seem to assume the topology is the GTM is used as Link Controller? These GTMs are behind a firewall which I've been monitroing to see if the GTMs even try to reach the google addresses, which they do not.
Thanks for your time and help.
I have ran into the exact same scenario. I'm trying to recall what I did to fix it.
A few things:
1) Don't use the bigip_link monitor(I believe that is specifically for link controllers), use the gateway_icmp or if doesn't give you the option in the WebUI, add it via the CLI. Or create a new custom monitor. (may have to configure it as a transparent). 2) Instead of using 8.8.8.8 use the next hop HSRP address (or one more hop above that) of your provider as the uplink address, and make sure you can traceroute and reach the address from the GTM. 3) I believe there was also an issue in 11.5.1 that may be resolved with the latest hotfix for this.Let us know.
Thanks! TJ
TJ_Vreugdenhil_Altostratus
I have ran into the exact same scenario. I'm trying to recall what I did to fix it.
A few things:
1) Don't use the bigip_link monitor(I believe that is specifically for link controllers), use the gateway_icmp or if doesn't give you the option in the WebUI, add it via the CLI. Or create a new custom monitor. (may have to configure it as a transparent). 2) Instead of using 8.8.8.8 use the next hop HSRP address (or one more hop above that) of your provider as the uplink address, and make sure you can traceroute and reach the address from the GTM. 3) I believe there was also an issue in 11.5.1 that may be resolved with the latest hotfix for this.Let us know.
Thanks! TJ
Jim_Araujo_1061So the uplink address field should be the GTMs gateway IP towards 8.8.8.8?- Jim_Araujo_1061Ah, making a Custom monitor was the missing piece. Under Monitors --> choose ICMP type --> Transparent = Yes --> Alias address = what address you want to pin. Next add it to the Link object, router should be filled with the next hop router the gtm will use to reach the device you specified on the monitor. Thanks all!
- TJ_Vreugdenhil_awesome - nice work!
TJ_VreugdenhilCirrus
I have ran into the exact same scenario. I'm trying to recall what I did to fix it.
A few things:
1) Don't use the bigip_link monitor(I believe that is specifically for link controllers), use the gateway_icmp or if doesn't give you the option in the WebUI, add it via the CLI. Or create a new custom monitor. (may have to configure it as a transparent). 2) Instead of using 8.8.8.8 use the next hop HSRP address (or one more hop above that) of your provider as the uplink address, and make sure you can traceroute and reach the address from the GTM. 3) I believe there was also an issue in 11.5.1 that may be resolved with the latest hotfix for this.Let us know.
Thanks! TJ
- Jim_Araujo_1061So the uplink address field should be the GTMs gateway IP towards 8.8.8.8?
- Jim_Araujo_1061Ah, making a Custom monitor was the missing piece. Under Monitors --> choose ICMP type --> Transparent = Yes --> Alias address = what address you want to pin. Next add it to the Link object, router should be filled with the next hop router the gtm will use to reach the device you specified on the monitor. Thanks all!
- TJ_Vreugdenhilawesome - nice work!
- JRahm
Admin
I haven't done much with link monitoring, perhaps these articles on AskF5 will help:
- Solution 6848: Monitoring link objects on a BIG-IP GTM
- Solution 13761: BIG-IP GTM requires a unique VLAN and IP subnet for each configured link (11.x)
