can't access on prem dns when using F5LTM as a gateway
The title is the tl/dr. I have a server on an internal network that is set up to use our F5 as a gateway. I have all of the forwarding vip's set up and routed through snat pools. and if i set the server to use an external dns like google or opendns everything seems to work perfectly. however the server is being set up as an smtp server and needs to rely on our on prem dns for some mail destinations. side note, if forwarding vip's are set for snat automap, on prem dns works fine. i did watch traffic with tcpdump from the F5, on the internal network when using nslookup with both on prem and off prem dns servers, i could see traffic hit the outbound forwarding vip. however watching traffic on the external network, traffic appeared on the outbound forwarding vip's when using external dns servers. on prem seem to have died somewhere in the F5. can i fix this by just adding another outbound vip set to snat outmap to manage dns traffic? is that an appropriate fix?
Single LTM with multiple GTM domains
I am currently working on a Datacenter migration and we are re-IP'ing everything and rebuilding all the network appliances. I am working out the BEST, least impactful, way to migrate the GTM appliances to the new DC's. Here is the overall situation. Everything is the same version running 15.x.x with a mix of rSeries hardware running VE's and iSeries hardware also running VE's. Existing DC's: GTM Domain with two GTM's in different DC's Multiple LTM's all joined to the GTM New DC's: Two GTM's in different DC's, blank configuration Multiple LTM's all joined with the existing DC GTM's I know that I can add the new GTM's to the existing DC GTM domain, let them sync up, then update the NS records to migrate the DNS flows over to the new DC, but that also sync's over all the technical debt and limits my pre-testing abilities. I would like to setup a new GTM Domain in the new DC, build some automation for the WideIP / Pool creation, and manually review / rebuild all the necessary records in the new DC. My hangup is that this is ONLY possible if the LTM appliance can join multiple GTM domains. Can a single LTM appliance join multiple GTM domains and report status to multiple appliances? I don't have an easy way to build a test environment and build this out with VE's and validate so I am hoping for some input from the community.
F5 upgrades
We are upgrading F5 tenants from 17.1 to 17.5. We have Two R-series pairs at each data center ( ex:main and colo) Within the data center, they are in HA active standby and the 4 are in a GSLB group . Each host has one tenant During the upgrade process, I disabled GTM Sync on the F5 that is going to be upgraded. Is it recommended? I plan on having traffic moved to this active box at ex colo from the other data center main, I won't be making any config changes . After the applications move to this side, LTM pools show up on this side and global availability will have the upgraded side up. just want to make sure, if that is disabled, do we need to leave them disabled and sync them after all the 4 F5s are upgraded? during this process, can we make changes with the data center on LTM pools? Thank youDNS/GTM health monitor big3d timeout because of alias config
Hello Everyone, I was testing some experimental config for DNS/GTM where the health monitor does not monitor the pool members but a specific IP address configured in the "alias" and it does not work as the error says bigd timeouts to report the state. For LTM http/https health monitors the "alias" option works but not for gtm/dns. I think I discovered a bug as this is rare use case to not monitor the pool members themselves. I have changed the ip to 1.1.1.1 just for the picture screenshot 😄 Also in the logs after gtm and big3d is enabled I see the logs below and too bad that F5 DNS does not have monitor debug like LTM to just enable a debug for a monitor and not the entire box. ----- Will not probe x.x.x.x:80 ( in DC /Common/niki-dc because will be done by other GTM (<unknown>:<unknown>) Unable to identify which gtm server represents the local device
F5 DNS combine all zones into one top-level zone
We are migrating our F5 DNS(GTM) towards a new automated setup using AS3, but I noticed we forgot the create a top-level zone in the zone runner configuration. So now all our WideIPs already deployed have their own zone file with the A-records of the pool members. We can create a new top-level zone which should cover all our WideIPs but I am looking for away to transfer all the already existing A-records into this new top-level zone so we delete all the wideip specific zones. Is there an option to re-group all the records into this top-level zone?nsupdate to modify zone in specific views.
we have zone name example.com and we have 2 view (external and internal) so in /var/namedb/ we have zone file db.external.example.com and db.internal.example.com . How can we use nsupdate to modify zone in specific views? because we can't seem to specify view in nsupdate script. and we can't specify "zone internal.example.com" in nsupdate script too
F5 DNS Generic Host
I am trying to create a few generic hosts for a POC, but having issues with them being monitor failed. I created a new server named RANCHER-POC-11 and gave it an ip address of 10.4.65.11, this has a monitor of https assigned to it. I then created a virtual server with the same ip address and port 443 as well as the https monitor. The Server and Virtual Servers are both red triangles. I performed a packet capture and I don't see that the gtm is even attempting to monitor. I put a specific route in the network and pointed to the GW and now if I initiate a connection from the CLI I see logs in our monitoring but only if I do the connection manually. This is the first generic host we have tried to deploy as the rest of the virtual servers/pools are pulled from the LTM's and this service is not behind the LTM. Any suggestions would be appreciated. Thanks, Joe
