Nimbostratus
Thanks,
WWTBIGIP
Nimbostratus
Nimbostratus
If so, perhaps you can set up a Layer7-centric IP on the DNS unit that has a gateway of the Layer7s floating IP, creating a hub-spoke setup. Using hub-spoke you can turn off SNAT because the gateway on the DNS is forced back through Layer7.
Alternately, setting the default gateway on the existing DNS server NIC to Layer7; or an Alias IP ? There are many ways to address a server but the key is to get that server to reply directly to Layer7 to enable you to turn off SNAT and pass the client IP through with the request packet.
Nimbostratus
The HA address showing up is the floating IP of the HA pair. Yes SNAT automap is enabled for all of our virtual servers living on the LTM.
Thanks,
WWTBIGIP
Anthony,
At this point would this be a global setting for all virtual servers on the LTM or are you referring to making that kind or architecture via an IRULE and have it only apply to our DNS VIP?
Thanks,
WWTBIGIP
Cirrostratus
If the DNS servers' default gateway is LTM they'll respond back through LTM. If the default gateway isn't LTM or you don't want to pass the responses back through LTM, you could use nPath (direct server return) on a stateless virtual server. This should be a lot more efficient in terms of LTM CPU and memory utilization and have lower latency for clients as there will be one less hop on responses. For nPath, you'd need to configure the virtual server address on a loopback interface on the DNS servers so that they'll respond back to the client from the client's original destination IP address.
See the nPath chapters for details:
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0.pdf
Aaron