kaemtha nadana noelanie
Percival Blanco
When a GTM has LTMs as servers in its configuration, there is no need to monitor the actual VIP(s) with application monitors, as the LTM is doing that & iQuery reports the information back to the GTM.
Austin Geraci
is a subject matter expert in F5 Networks Technology, and has worked in the ADC space for 20 years. When he's not working with & evangelizing F5's cutting edge technology, you can find him on the squash courts, going for a ride around Lady Bird Lake, or listening to some live music in ATX. Follow @AustinGeraci
Good summary. I am learning this as a part of deplying Linux servers. Back in 2014 but looks like pretty much what it is today. Pretty cool product as I see LTM front application servers quite nicely. Thank you.
Hola Austin!
Tengo dos DC
Actualmente para llevar acabo el modulo de DNS es necesario implementar las Wide Ip?
Actualmente migre la zonas de DNS, pero no se si pueda resolver de esta manera?,
If you just want host zones and provide resolution for all types of resource records you can certainly do that with the DNS/GTM module in an authoritative or non-authoritative fashion using the ZoneRunner interface built into the DNS/GTM module.
I spoke with our GTM support team and he confirmed that in case request is coming from same ldns then in wide IP(GTM) configuration they can enabled persistence to mapped the traffic to specific DC. However user session raised mutiple request while browsing through web pages and could be possible thay landed into different ldns.
I had a question linked to Oracle RAC which already has SCAN-VIP configured in DNS resolved to 3 IPs round robin to Oracle Cluster for load balancing user connection among cluster nodes.
My setup has one Primary Cluster ( accessible to client with Scan-vipP)and One Standby Cluster (accessible to client only when activate using Scan-vipS) Both Primary and Standby are differnt Data Center.
Now due to some Application issue they cannot configure both Scan-vipP and Scan-vipS in their configuration which can easily take the Application connection to Activated/Live server and so anytime if we activate Standby, also need to make manual configuration changes to Application and cause lots of downtime. So looking for F5 solution which can monitor the live cluster and send the connection request to it.
So if I had to use GTM due to two different DataCenter and already have DNS based VIP (Scan-vipP and Scan-vipS) , what else is required for the configuration so that application can provide some host/VipName which can take the connection to live data center in either location and not required manual configuration changes on Application files.
DO I need additional VIP on local F5 and another WideIP or so?
Therefore, if a Wide-IP (dynamic DNS entity) on the GTM is configured to leverage a Virtual Server hosted on a properly configured LTM, it can make intellgent DNS resolution based on the availability of the Virtual Server.
Rather, I would say the BIG-IP functions at layers 2-7 of the OSI model. Depending on which features one utilizes, you will be delivering applications and operating at different / multiple layers. Does that make sense?
DNS_REV
The DNS_REV probe sends a DNS message to the probe target LDNS querying for a resource record of class IN, type PTR. Most versions of DNS answer with a record containing their fully-qualified domain name. The system makes these requests only to measure network latency and packet loss; it does not use the information contained in the responses.
DNS_DOT
The DNS.DOT probe sends a DNS message to the probe target LDNS querying for a dot (.). If the LDNS is not blocking queries from unknown addresses, it answers with a list of root nameservers. The system makes these requests only to measure network latency and packet loss; it does not use the information contained in the responses.
UDP
The UDP probe uses the user datagram protocol (UDP) to query the responsiveness of an LDNS. The UDP protocol provides simple but unreliable datagram services. The UDP protocol adds a checksum and additional process-to-process addressing information. UDP is a connectionless protocol which, like TCP, is layered on top of IP. UDP neither guarantees delivery nor requires a connection. As a result, it is lightweight and efficient, but the application program must take care of all error processing and retransmission.
TCP
The TCP probe uses the transmission control protocol (TCP) to query the responsiveness of an LDNS. The TCP protocol is the most common transport layer protocol used on Ethernet and Internet. The TCP protocol adds reliable communication, flow-control, multiplexing, and connection-oriented communication. It provides full-duplex, process-to-process connections. TCP is connection-oriented and stream-oriented.
ICMP
The ICMP probe uses the Internet control message protocol (ICMP) to query the responsiveness of an LDNS. The ICMP protocol is an extension to the Internet Protocol (IP). The ICMP protocol generates error messages, test packets, and informational messages related to IP.
Thanks for the wonderful write up!! i am new to F5. we are currently planning to migrate our DNS servers from window based to F5 GTM. We have two Datacenters, one Datacenter is primary and handles al the user/application traffic. The 2nd datacenter is new one and not in production yet. I am not confident enough to conclude which is the best deployment. Below are my questions.
1) Should have one GTM on each DC with Active/active or active/standby?
2) Today our window based external DNS servers are present in the DMZ zone, i studied about implementing the GTM before the perimeter (firewall). What is the advantage/ disadvantage of implementing the GTM before firewall?
Glad you found it useful Chris, feel free to reach out if you need any help. We have a ton of expertise migrating away from the Citrix Netscaler platform. You should feel confident your team made the right choice ?
Thanks Austin for this detailed explanation about GTM and LTM and it helped me a lot . I am very much new to this technology and planning to completely move to F5-ADC and it makes me passionate too when I get a chance to work on any F5 related issues.
Thank you for this detailed explanation found it very useful.
I have a query regarding a GTM and LTM setup. I have a experienced issue where the VIP on LTM is showing available but GTM marking the pool member down. Iquery happens fine and wonder is the other VIP which is hosted on same LTM member on the GTM which is part of different pool is marked available both on GTM and LTM.
Hi Austin,its really good explanation about GTM and LTM very helpfull.heartly thanks to you for such post.can you show some video how to add URL from Scratch means to add RUL,A record and all.i am working on f5 but no guidance about that but want to learn F5 i am very curious about how things work in F5.if you have any CBT nugget kind of this please share me the link.
Thank you for your all explanations
nslookup techglaze resolves to WIP techglaze.gslb.internal.webvalley.com which should resolve to one of the VIPs of the 3 pools set up at GTM(each pool set up as a VIP at LTM of each data center) depending on which VIP GTM chooses.
The most advanced SaaS certificate lifecycle management (CLM) platform for enterprise PKI, IAM, security, DevOps, cloud, platform and application teams. With visibility, automation and control of certificates and keys, AVX ONE enables crypto-agility to rapidly respond to cryptographic changes, mitigate threats, prevent outages and prepare for Post-Quantum Cryptography.
F5 BIG-IP Local Traffic Manager (LTM) enables you to deliver applications to consumers in a safe, dependable, and optimal manner. BIG-IP LTM maintains the availability and scalability of your applications by making intelligent traffic decisions that adapt to changing demands. You can simplify, automate, and customize applications more quickly and predictably using BIG-IP LTM.
The LTM is generally known for delivering load balancing services based on application health and performance, but it can do so much more. It can be used as a reverse proxy, forward proxy, and traffic shaper/bender for security and authentication. For full HTTP traffic inspection and manipulation, LTM can be used to terminate SSL/TLS. It can also conduct minimal API gateway capabilities by routing requests and doing basic validation using a local traffic policy or an iRule.
In the simplest terms, a pool is a collection of servers. A pool, like a VIP, is an essential BIG-IP configuration item. Although it can be considered one level lower in the configuration stack. To put it another way, you need a VIP in place to allow traffic into your F5 device in general, and pools become relevant only after that. A pool is a group of one or more servers, known as members.
A pool member refers to one of the specific servers linked with a specific pool. Pool members are crucial because they represent the actual servers in any configuration. The broad, general structure of a basic application stack within a BIG-IP is made up of a VIP, pool, and pool members. There can be thousands of permutations and alternatives, but this is the most basic, generic picture, which is critical to grasp for beginners. In addition to the configuration options inherently in place, pool members can have many options toggled on them.
A customer had a request of fellow St Louisan and F5er Brent Imhoff. They wanted the BIG-IP to decrypt traffic, send it through an in-line pass through IPS, receive the traffic back, then re-encrypt before sending on to the servers.
The configuration for the primary VE image starts with the vlans. Create the outside and outside_L2 vlans and assign interfaces 1.1 and 1.2 respectively, then create the inside_L2 and inside vlans and assign interfaces 1.3 and 1.4 respectively.
Now that the route domains are in place, assign the self IP addresses for the outside and outside_L2 vlans and the inside_VG vlan-group. Note again that the IP subnet for the outside_L2 and the inside_VG self is the same.
c01484d022