Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

Is nPath still practical?

kridsana
Cirrocumulus
Cirrocumulus

‎02-Oct-2023 03:56

Hi

We want to use F5 LTM to load balance local DNS server.

We have F5 LTM implement as one-arm topology but we need to preserve source IP for DNS traffic. = No SNAT.

So I check and find that there is DNS load balance with nPath.

But it's a bit old document and I didn't have any experience with it.

Is LTM using nPath deployment to load balance microsoft DNS server  practical?

Kridsana

Labels:
0 Kudos
6 REPLIES 6

kridsana
Cirrocumulus
Cirrocumulus

‎02-Oct-2023 03:58

There is some issue like this post. it's conflict with netbios or something. (not sure if it correct info though)
https://community.f5.com/t5/technical-forum/has-npath-routing-caused-any-problems/td-p/151743

0 Kudos

Sebastiansierra
MVP
MVP

‎02-Oct-2023 04:12

Hi @kridsana,

The easiest way to deploy this config is to make the Float IP of your F5 the default gateway for your DNS servers and create a Forwarding VS 0.0.0.0/0.0.0.0 to give internet access to DNS servers through your F5.

Npath configuration can disturb the sync cookie protection feature in the LTM so if you can avoid it I really recommend it.

Hope it helps. 

0 Kudos

kridsana
Cirrocumulus
Cirrocumulus
In response to Sebastiansierra

‎02-Oct-2023 12:05

Hi
I've some questions.   In my case, DNS server default gateway is not F5 LTM

1. Do we need to create Forwarding VS for DNS server for outbound traffic? 

2. If we using F5 for DNS udp 53 (nevermind TCP 53 for zone transfer), sync cookie protection can be ignore, right? I understand that sync cookie is for TCP only.

3. There is no problem to use nPath, Am I correct?

0 Kudos

PSFletchTheTek
MVP
MVP

‎02-Oct-2023 04:17

Just remember DNS is/can be UDP and TCP which unless i've forgotten a config is two sperate Virtual Servers. One for UDP and one for TCP.

0 Kudos

kridsana
Cirrocumulus
Cirrocumulus
In response to PSFletchTheTek

‎02-Oct-2023 12:00

So we just have to create 2 virtual server (  UDP 53 for DNS query/response  and TCP 53 for zone transfer)

There is no problem to use nPath

Am I correct?

0 Kudos

PeteWhite
F5 Employee
F5 Employee
In response to kridsana

‎03-Oct-2023 02:12

yes - you can use nPath

0 Kudos
Copyright © 2023 Khoros, LLC