Forum Discussion

TJ_Vreugdenhil's avatar
TJ_Vreugdenhil
Icon for Cirrus rankCirrus
Jan 09, 2019

Reply with External DNS IP's with Internal LTM VIP's

Hi everyone - 

Environment: 
    * F5 LTM VE (has only Internal LTM VIP's (RFC 1918) 
    * F5 DNS VE (Has internal and DMZ access only to LTM) 
    * Upstream Firewall that NAT's Public IP to Private LTM VIP's
    * Upstream Firewall that NAT's Public IP to Internal DNS Listener
    * F5 DNS AutoDiscovery is enabled
    * F5 DNS is synced with External DNS provider with Incremental Zone transfers for two public domains. This is used for non-GSLB BIND functions.
    * 2 Datacenters built the same.

We would like to be able to have the F5 DNS use GSLB functionality to deliver external VIP addresses. What is the most effective way to accomplish this?

Option 1:

Do we need to clone our LTM Internal VIP's and modify the the Private IP to a Public IP for our 60 VIP's?

Option 2:

Define F5 DNS VIP's as Generic External Hosts - and then would we need to add a VE interface on the F5 DNS to monitor the route path through the firewall/LTM?

Is there another option?

Thanks!

application delivery
BIG-IP DNS
LTM
topology dns

1 Reply

Sort By
  • Rico's avatar
    Rico
    Icon for Cirrus rankCirrus
    Jan 09, 2019

    TJ,

     

    F5 DNS has a feature that seems to solve your issue. When defining the servers in DNS, you have the option to set a Translation Address and a Destination Address. The destination address is the address returned upon a DNS request whereas the translation address would be the actual IP that is checked for health monitoring. This allows you to have two IP addresses associated with each server, one for internal use (pre-NAT) and one for external use (post-NAT).

     

    Here is some helpful documentation on how it is configured.

     

    Hope this helps.