We have two Topology Regions: Internal space (10.0.0.0/8) and External space (public facing IPs).
The GTM is configured with two listeners, one internal-facing the other external-facing
The GTM is configured with two Topology Records defined in the following order:
Order LDNS Request Src Destination
1 10.0.0.0/8 Region is Internal space
2 0.0.0.0/0 Region is External space
The way I understand this is that if the LDNS request source originates from our internal private IP space, then the GTM responds with a pool member in the Internal IP space, else it responds with the pool member in our External IP space.
Now, we have a set of Windows DNS servers in our DMZ space that delegates queries to our GTMs external listeners. My question comes when we have a WIDE IP configured only with only an Internal_space pool member which is being used to respond to queries sourcing from these DMZ Windows DNS servers.
Does the GTM have a default configuration to respond with whatever pool member it has available regardless of the above Topology Records?
So i am no GTM expert, but i do use the topology mapping.
What i do is set the Request source to a IP subnet or Region, which in my case is just a more grouped list of subnets.
Then the destination is a pool.
And its that pool which has the list of A Records to be used with the health monitors etc to choose which one to use at that time.
So the wide IP - Pools - Load Balancing Method is "topology" and if you need to you can set a last resort pool as a backup plan.
The next issue you will have, is if the GTM is only getting DNS request from your windows DNS Server the Request Source will always be using the IP or the subnet there off of that server for its responce calcuation.
The way around this is to enable eDNS on the windows server to forward the client IP of the requesting client onto the f5 GTM. You then need to get the GTM to understand that there is a client ip in the eDNS (extended DNS) packet and use that variable instead. On that one, i know the theory i've just never done it! I was about to but redesigned to solution so the f5 GTM was a lot higher up the stack!
Hope this helps.
Hi, Thank you so much for replying!
I am not sure I follow you. We have two IP Subnets or Topology Regions, the external which are the public facing IPs, and the internal which are in our 10.0.0.0/8.
One thing that could resolve the issue with the particular Wide IP is to remove the delegation pointing to the GTM from the Windows DNS server
Ok, so silly question - are you using GTM to host records for your web servers/services.
Or, DNS for your Clients/Servers?
My answer was for web servers, so once you have your wide-ip setup to the DNS name.
You setup a topology, so when the wide-ip gets a request from a certain IP it knows what to do with it.
So if from say a certain range or geo-ip region it can deside which IP's to respond with.
So the topology is for the incoming comms.
Where as the pool, is a list of servers/IP's which the GTM has avaiable to it to choose from when a request comes in.
Really the question is, when a request comes from one of those ranges what do you want to happen?
Hi, Thank you again to continue engaging on this topic.
I am using the GTM to host DNS records for web servers/services/apps.
You helped me identify the issue. I have the wrong WIDE IP pool load balancing method as Round Robin instead of Topology. I feel embarrassed that I didn't notice this first. A lesson to look at the easiest possible resolution first instead of the more complicated ones.