Forum Discussion

N_67263's avatar
N_67263
Icon for Nimbostratus rankNimbostratus
Aug 29, 2016

DNS request can provide a single IP? and then change it to some other IP?

Folks, We run a few services in Active/Passive mode out of our Primary/Backup Data Centers.

 

Consider an application, Oracle. The External DNS has a NS record pointing this hostname to our GTM devices in our Data Center. When the applications runs out of the Primary Data Center we keep that IP address as active and when the application runs out of the Backup Data Center we keep that IP address as active.

 

Sometimes we have customers who have allowed these IP addresses on there corporate firewalls and want to allow only the Primary Data Center IP address.

 

Due to this they raise complaints when we do to our Backup Data center.

 

Is there some way to tackle this at our end? i.e. the Customer allows only the Primary Data Center IP address and when the request lands to the GTM the GTM changes this IP to the IP address of the Backup Data Center.

 

Any suggestions?

 

Thanks, N.

 

application delivery
BIG-IP DNS

1 Reply

Sort By
  • Henrik_S's avatar
    Henrik_S
    Icon for Nimbostratus rankNimbostratus
    Aug 29, 2016

    The easiest and only correct solution is for the customer to allow both IPs, as they produce the same service but at different times.

     

    On another note, with DNS based load balancing, this is a common issue. Mainly because the FW policy builder will resolve the FQDN at the time of policy verification/installation, and after that only the one IP will be used.

     

    You could probably set up a LTM VS for that customer in particular on one of the sites, with members from both datacenters and monitors to actively disable the passive site, but that would again leave the one BIG-IP as a single point of failure.