Load Balancing between same application deployed on Virtual clusters and Openshift containers
Hi, What will be a recommended way to load balance between existing GTM setup of Two Data Centers for both Virtual machines and Openshift Containers? My setup is the following: 1: Virtual Machine deployment: With two Data Centers DC1 and DC2 deploying same 80 rest services on separate ports, we have a GTM that distributes to two LTM (LTM1, LTM2), One in DC1 and another in DC2. The two LTMs are configured inside one pool on the GTM. The LTMs use Snat. The LTMs have a pool members pointing to the service endpoints per port. This setup is giving our clients access to all our services found on different ports and virtual machines and executing using the round robin Method. FQDN/WideIP is a.b.c.com DC1.b.c.com dc2.b.c.com 2: Openshift containers: Containers has same services but with a different GTM and LTM setup. FQDN/WideIP is ocp.b.c.com DC1.ocp.b.c.com Dc2.ocp.b.c.com I am wondering what is the recommended way to load balance between the two existing GTMs setup so that the client can reach either the Virtualized or the containerized service endpoints in a round robin fashion. Is it even recommended to load Balance even between to existing GTM configurations?
DNS tunneling mitigation v2 iRule lost - where is it?
In the old Devcentral there was an enhanced & more complex iRule to protect against DNS Tunneling. Old link was https://devcentral.f5.com/questions/dns-tunneling-mitigation with iRule v2. I cannot find it anymore after the Devcentral upgrade. Has anyone a copy of the iRule or working link?
importance of having dedicated vCPU for BIG-IP VE installation ?
Can you help me check the importance of having dedicated vCPU for BIG-IP VE installation ? For OVA installation, we have gone with VPC standard; (ie. no CPU reservation; no Thick provision) Can you advise if we have concerns on: a.No CPU reservation b.No Thick provisioning ** Note: The VPC team monitors the whole Hypervisor Frame and ensure util of CPU never exceed 40%; and guarantee disk space availability even VM is provision is Thin.
Wide IP and SOA query
Hi, That is probably obvious question but I am not sure if I am getting things right. All related to 13.1.0.6 version. Setup: Wide IP: created Automatically ZoneRunner Zone wip.exmaple.com creted with: SOA NS A for DNS profile with: Only GSLB enabled Unhandled Query Actions: Reject When performing A query for answer with correct IP returned. When performing SOA query for wip.exmaple.foo reply with REFUSED status returned. Only way I figured out to make SOA query work is: Unhandled Query Actions: Allow Use BIND Server on BIG-IP: Enabled I wonder if above is really only way to have SOA query working? Are SOA and NS RRs created just because bind zone file db.external.wip.example.foo. format requires it and those RR are not really necessary for any real life scenarios? Sure this is just W2K8 implementation but to create delegation (using wizard) without error for configured NS (for wip.example.foo subdomain) SOA query has to work. That is not big deal because even if there is error in wizard, name resolution is working. Still I am a bit curious if lack of ability to answer SOA query can be important? Piotr
BIG-IP DNS - Design Help
Hello Devs! I just got my first BIG-IP DNS project and I must say, I'm running out of ideas! Our environment consists of 2 Windows Servers running DNS. There are almost 50 forward standard zones, including the Active Directory zone, which is dynamic (as in client's laptop receive it's IP from the DHCP server and goes to these 2 windows servers and updates it's forward and reverse resource records). Our client wants to enhance this DNS resolution with BIG-IP DNS (since they had some bottlenecks in the DNS resolution). The only problem is that they don't want to change the IP address of the DNS. There are more than 5000 servers and they don't want to reconfigure every single one of them with the new IP (which would be the BIG-IP's new listener IP). At the same time, we can't (at least to my knowledge) make BIG-IP DNS completely replace the windows server because of that dynamic zone. At first, I thought I could move every zone (except the dynamic) to BIG-IP bind's an use DNS Express. But the problem would still be the dynamic zone. I thought of DNS Expressing all the zones (this could potentially solve the IP address requirement) but how would BIG-IP DNS handle those dynamic updates? Could it forward it to the windows servers? Am I missing something here? Any designs options I am missing? Thanks! RafaelUse Specific Gateway Pool based on SNAT address
Hi All, Currently we have 3 ISP Links which I am trying to get routing correctly based on outbound SNAT. I have created SNAT Pools for the internal subnets that contain a IPs from each of the three ISPs. The F5 seems to be SNATing to one of the external IP's from the pool then using our Wildcard Server, Round Robin to send the traffic down any one of the three ISP links. This results in the traffic going down the right link only every other time. ISP A ISP B ISP C Internal 192.168.20.0/24 Current Issue F5 -> Snat addresses 192.168.20.0/24 to external IP from ISP A -> Round Robin and send down link ISP A, B or C I would like to configure it so the F5 uses the correct ISP link based on its SNAT address. Someone please tell me this is possible? Best Regards, Scott
How does client work when dns response cname to client
I have some problem, I setup F5 DNS response cname when client request dns to > cname: , I try to packet capture when dns response cname to client, I found client not resolve cname, when i try to test by use client request dns to > AD DNS > F5 DNS it's work.
