GTM Configuration

 

 

What version of BigIP? And what's your LTM config look like?

 

 

How much config have you done? Is the gtmd capable of communicating with big3d? If you use iqdump do you see messages being sent?

 

 

H

ver 10.2. The LTM is;

 

 

vserver > pool > members:80. Is the big3d required if the GTM and LTM are on the same box?

 

Thanks for your help

 

 

Well... Yes. You really do need big3d. Although you could probably get away with defining the GTM server as 'Other' and manually defiing everythign and sorting out a decent monitor, but defining it as BigIP and using bigip as the monitor is probably the best (Then big3d tells gtmd the status of the VS's).

 

 

The VS's are then added as members to the GTM pool, and the GTM pool added to the wideip. CHeck teh status of the GTM pool members. If at least one of them isn't up you'll get strange results (With 0 TTL's) on the wideip responses).

 

 

H

Thanks alot Hamish. I am using one-armed mode and I used the self ip to define the GTM Server...since the ltm resides on the same box do I use the same self ip to define it?

Hi.

 

 

yes.

 

 

You have to create a GTM 'Server' object (WHich is a server the GTM will balance FOR, not the GTM server itself. That GTMServer object CAN be the same BigIP that GTM runs on (In fact GTM has to be a server object of itself IIUC - But I run GTM on my LTM like you do).

 

 

When you define the GTMServer object for the GTM/LTM itself you simply use the same self IP address that you're using for the GTM listener (WHich you can see actually turns into an LTM VS at the LTM level). That GTMServer object defines the gtmd (GTM daemon on the GTM itself) to big3d (The daemon on LTM that communicates back to gtmd the VS's, status messages, load etc) communications. Set the VirtualServer and Link Discovery to enabled (Can also select no delete or disabled which is the default). That will enable gtmd to discover the LTM's VS's for you automatically. Set the monitor to bogip only (VS's don't need a monitor when you're using BigIP).

 

 

Once you've done that, you need to setup the keys so that the encrypted connections (big3d comms are encrypted) can be authenticated.

 

 

What I do is create a new SSL key/cert pair for the BigIP using the FQDN. Then export that and import it as the device cert (Wish there was a way to just select a cert form your cert store, but for some reason there isn't, it has to be imported). That device cert will then be used for the HTTPS admin interface, iControl, big3d and gtmd comms.

 

 

Make sure when you do the new cert that it gets update din the gtmd and bog3d cert stores (Located in /config/gtm/server.crt and /config/big3d/client.crt) respectively. That's the certificate stores that big3d and gtmd use to authenticate the other end of their encrypted connection (As you're just configuring a GTM/LTM config to talk to itself, both vert stores will just have the certificate that is used in the device cert).

 

 

Then restart gtmd and bog3d ('bigstart restart gtmd'and 'bigstart restart big3d') and you should be good to go. Verify the big3d comms works at the CLI using the iqdump command. If 'iqdump ' connects and runs OK then you know gtmd can get the info from big3d.

 

 

On v11 you can check the iQuery stats as well (Not sure about 10.2 sorry, don't have one here to verify) under the GTM statistics. It'll show a green spot when it's working.

 

 

Once big3d comms are working and vrtual server discovery is running, you can create a GTM pool. Add the GTMServer VS's as GTMPool members and then add the GTMPool to the WideIP.

 

 

WideIP -> GTMPool (Member -> GTMServer VS).

 

 

Then gtm will serve the 'wideip' (Which should be named global name or something! it can be confusing, but kind of follows DNS convention of being named after what it resolves to which I admire :) from the pools that are up using the algorithm you selected. (There's two. One to select form a pool, and one to select from within a pool).

 

 

Note that in V11 there's a known bug where VS's NOT in the default traffic group won't be reported back to gtmd (Or EM which uses the same mechanism). If you configure an LTM running v11 you may have to use an additional tcp monitor on GTMServer VS's if they're using none, or a local only traffic group. Manifests as a pool member down with gtmd timeouts from big3d, which can be rather annoying to trace down until you know what's happening).

 

 

 

H

Thanks Hamish. Done everything and it all looking green. when I try the wideip, i can see it coming into the network (under global statistics > wideip) I can also see that the ltm vs created for the listener sees the request but i sill this error Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address. nslookup for the wideip timesout as well. clearly the gtm isn't responding to the dns queries

 

 

There is a firewall infront with udp port 53 open. any suggestions?

Is the inbound request for the record in the wideip?

 

 

Where do you see the error occur? In gtm logfile?

 

 

H