Forum Discussion

Robert_184589's avatar
Robert_184589
Icon for Nimbostratus rankNimbostratus
May 19, 2015

GTM Split-Brain DNS Setup

I'm trying to setup a F5/GTM/LTM server that is a virtual appliance. I have two data centers one for Production and one for DR. This would be a active/passive setup to some degree.

 

The ISP connection is tied to the firewall and the F5/GTM/LTM is behind the firewall in a DMZ with the Application in a different Email DMZ. I'm using exchange for my testing/starting setup. So owa.domain.com etc.

 

What do I have to setup so the F5 will publish Public IPs for External users and Private IPs for Internal users?

 

I was trying to follow this document: https://support.f5.com/kb/en-us/solutions/public/14000/400/sol14421.html

 

I setup two Topology Regions based on subnet with one called RFC1918-Internal that has all the standard private IP subnets in it and then another Catchall-External Region with Continent(all) on it.

 

Problem is the GTM Pools are created from LTM Virtual Servers with private IPs.

 

In order to setup a Topology Record that uses the Regions and then directs them to the right Pool I need some way of getting the Public IPs in there. I'm a little lost on what steps to take to make that happen.

 

BIG-IP DNS
deployment
virtual appliance

2 Replies

Sort By
  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    May 19, 2015

    You will need to manually add the Virtual Addresses to the GTM configuration and use the translation address. You cannot use auto detect with Addresses that are using NAT. Step 14 in the solution states to disable Virtual Server Discovery.

     

  • Robert_184589's avatar
    Robert_184589
    Icon for Nimbostratus rankNimbostratus
    Jun 02, 2015

    So in case anyone else comes along and looks at this. Here is the answer.

     

    The trick is to have multiple virtual servers configured on the LTM say

     

    domain.com_internal = 192.168.100.2

     

    domain.com_external = 208.x.x.2

     

    Both use the same pool of servers and health monitors.

     

    Then you have to go to DNS>GSLB>Pools and create a Pool one with the external virtual servers and the other with the internal virtual servers. The pools should reflect the difference as well.

     

    Then follow these instructions when using the F5 to resolve DNS. https://support.f5.com/kb/en-us/solutions/public/14000/400/sol14421.html

     

    Works like a champ.

     

    thanks,

     

    Robert