Forum Discussion

ashk's avatar
ashk
Icon for Cirrus rankCirrus
Feb 13, 2023
Solved

DNS load balancing to backend servers using GTM/LTM.

Hello Everyone, 

I have a question on how we set up a DNS resolution on GTM/LTM with out pools/nodes?

Example: I have test.facebook.com and wanted to send this url to multiple backend servers directly with out using LTM. 

test.facebook.com > xyz.facebook.com/abc.facebook.com/efg.facebook.com

Only one server will be active and based on the monitor 200OK it will resolve/send to available backend server. this is something based on DNS resolution and send. 

Appreciate the help. ๐Ÿ™‚

 

  • Hello Ashk,

    Speaking of GTM without the use of the LTM, you can load balance requests to a pool of DNS servers by creating a listener and assigning a pool to that listener.

    Note (load balancing to DNS servers can be achieved by creating a pool from DNS > deliver > load balancing> pool)

    the listener on the GTM is different than the virtual server on the LTM, you can check the listener configuration below:

    you can notice that there is a DNS profile assigned to the listener. after creating this listener, if you navigate to the LTM > virtual servers, you can find the listener listed as a virtual server (but having a DNS profile assigned), if you tried to remove this profile and then navigated back to DNS > listeners, you will not find the listener anymore.
    In conclusion, the GTM listener is used for DNS requests and you can load balance DNS requests across different backend servers inside a GTM pool. The GTM pool can have its own monitor same as LTM.

    regarding the part about "by passing LTM", I think the LTM will be hosting the services. When the user receives a DNS response, the client will initiate a new connection (HTTPs for example) and start communicating with the IP that was returned from the GTM, which I believe it will be hosted on the LTM.

    There is a difference between the connection opened with the GTM (just to receive a DNS response) and the connection which is opened with the LTM (service connection) for example: retrieving a home page for any of your services.

    There are cases, where both LTM and GTM are hosted on the same BIG-IP, so the client will initiate another connection with the same F5 to open a connection with the service.

    One last thing, regarding the delegation:
    "test.facebook.com > xyz.facebook.com/abc.facebook.com/efg.facebook.com"

    You can check the below article for delegating records using zone runner:

    https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-dns-services-implementations-13-0-0/14.html

    If i didn't answer your main request, please clarify it further.

    Thanks,

    Mohamed Salah

  • As Mohamed_Salah_  mentioned the DNS will give the F5 LTM VS IP address as a DNS resolution even if the F5 LTM is not local (not on the same box as the F5 DNS) this is not an issue and then after that the real connections will be load balanced by the LTM to the real servers.

     

    What you are saying sounds like you want to use Generic Host object on the F5 DNS that will point directly to the real server IP address but this only done when there is no F5 LTM product that load balances traffic to the servers and you then may need prober pool to control which F5 devices will monitor the generic host etc. and it is complex.

     

     

    I suggest to better read the F5 operations guides below as get an understanding of the F5 LTM and DNS/GTM modules:

     

    https://support.f5.com/csp/article/K70671013

    https://support.f5.com/csp/article/K05939436

     

6 Replies

  • Hello Ashk,

    Speaking of GTM without the use of the LTM, you can load balance requests to a pool of DNS servers by creating a listener and assigning a pool to that listener.

    Note (load balancing to DNS servers can be achieved by creating a pool from DNS > deliver > load balancing> pool)

    the listener on the GTM is different than the virtual server on the LTM, you can check the listener configuration below:

    you can notice that there is a DNS profile assigned to the listener. after creating this listener, if you navigate to the LTM > virtual servers, you can find the listener listed as a virtual server (but having a DNS profile assigned), if you tried to remove this profile and then navigated back to DNS > listeners, you will not find the listener anymore.
    In conclusion, the GTM listener is used for DNS requests and you can load balance DNS requests across different backend servers inside a GTM pool. The GTM pool can have its own monitor same as LTM.

    regarding the part about "by passing LTM", I think the LTM will be hosting the services. When the user receives a DNS response, the client will initiate a new connection (HTTPs for example) and start communicating with the IP that was returned from the GTM, which I believe it will be hosted on the LTM.

    There is a difference between the connection opened with the GTM (just to receive a DNS response) and the connection which is opened with the LTM (service connection) for example: retrieving a home page for any of your services.

    There are cases, where both LTM and GTM are hosted on the same BIG-IP, so the client will initiate another connection with the same F5 to open a connection with the service.

    One last thing, regarding the delegation:
    "test.facebook.com > xyz.facebook.com/abc.facebook.com/efg.facebook.com"

    You can check the below article for delegating records using zone runner:

    https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-dns-services-implementations-13-0-0/14.html

    If i didn't answer your main request, please clarify it further.

    Thanks,

    Mohamed Salah

  • As Mohamed_Salah_  mentioned the DNS will give the F5 LTM VS IP address as a DNS resolution even if the F5 LTM is not local (not on the same box as the F5 DNS) this is not an issue and then after that the real connections will be load balanced by the LTM to the real servers.

     

    What you are saying sounds like you want to use Generic Host object on the F5 DNS that will point directly to the real server IP address but this only done when there is no F5 LTM product that load balances traffic to the servers and you then may need prober pool to control which F5 devices will monitor the generic host etc. and it is complex.

     

     

    I suggest to better read the F5 operations guides below as get an understanding of the F5 LTM and DNS/GTM modules:

     

    https://support.f5.com/csp/article/K70671013

    https://support.f5.com/csp/article/K05939436

     

    • ashk's avatar
      ashk
      Icon for Cirrus rankCirrus

      Hello Nikoolayy1 

      I have been working on this from couple of days and I tried the Salah advice and its blocking me from out side resolution and i need to create a Deligation in my local DNS box..

      As you said the Generic Host, Yesterday I configured it with Generic Host under DNS>Servers and called them into pools. Assigned it to GSLB. Now am able to get the dns request directly to backend servers and its working like a magic. 

      I need to work more on monitors as the only one server should be active all the time and rest should be in standby until the first one is down. 

      Tho, really appreciate the efforts Salah and Nik for guide me where to look and work. Its working now. ๐Ÿ™‚ 

       

  • Hello,

    I'm a little bit confused, about how you will add a monitor and you don't want to use a pool.

    Also, regarding the main request which "sends url to back end servers", do you mean when users sent a DNS request asking for "test.facebook.com" they should receive the below answer?

    xyz.facebook.com or abc.facebook.com or efg.facebook.com

    If you could please clarify your request in detail, it would be better so we can discuss how to achieve it.

    Thanks,

    Mohamed Salah

    • ashk's avatar
      ashk
      Icon for Cirrus rankCirrus

      Hello Sir, 

      Thank you for the reply, 

      not using pools is like no LTM like no F5 features the url want to use. Only for DNS resolution. I thought using a GTM we can send the traffic to backend servers directly bypassing the LTM and we can use a monitor in GTM? is there a way in GTM? 

      Yes,  its correct "test.facebook.com" should send to any of the 3 IP address on port (active one) . ๐Ÿ™‚