NimbostratusDear All,
Someone over here some experience with integrating a GTM located in the internal network with an external LTM using the bigip add command and Iquery.
I set up a lab and had a succesfull connection from the GTM to the LTM self IP but nothing is being synchronized. There is active Iquery traffic viewing the iqdump command.
What is missing here?
CirrusYou may go thru the following article:
K13690: Troubleshooting BIG-IP DNS synchronization and iQuery connections (11.x - 13.x)
https://support.f5.com/csp/article/K13690
CirrocumulusTo explain the issue in more detail I included some more pics and graphs. This is the lab architecture both F5 Big IP VMs are located in the same network segment.
The external LTM has connectivity to both internet connections. The internal LTM / GTM combo needs to resolve DNS requests and know the link status of both Links and virtual servers. So I was thinking to integrate the internal GTM with the external LTM using Iquery.
The server link is active configured on the internal GTM using the external Self IP 192.168.1.120 and Iquery traffic is flowing between both F5 devices.
So that seems to work properly, but the thing is that the internal GTM is unable to determine the status of links and virtual servers nor discover them automatically. If I configure one manually its becomes unavailable.
But the virtual server is indeed available on the external LTM.
Analyzing the Iquery traffic using Iqdump I do see active traffic.
Someone any idea what to do to solve this issue?
Greetings,
A few things to consider:
1) You can't define two links using the same subnet:
K13761: BIG-IP DNS and Link Controller require a unique VLAN and IP subnet for each configured link (11.x - 13.x)
https://support.f5.com/csp/article/K13761
2) You did define the GTM server object? =)
3) Do you need links? If you're not using dynamic bandwidth calculations, I believe thes3e aren't necessary.
Hope this provides some help,
Kevin
CirrocumulusHi Kevin,
-Both WAN links will be on different segments with virtual servers linked to them, currently in lab not available, at least I should receive information and be able to monitor the status of the virtual servers.
GTM server object is defined and enabled
Yes I do need links because I want to realize inbound load balancing end when one link goes down all the associated virtual servers has to go down, therefore I need to know the Link status.
Okay, that's good to know. So, yet another thing to consider:
1) If the virtual servers are not situated on the other side of the links, shouldn't customers still be able to access them using the other wan link? I would hope so.
2) If the virtual servers are on the other side of the link, then BIG-IP LTM's monitors will detect them being unavailable and convey the status to GTM/DNS which will remove them from Wide-IP.
Hope this is helpful!
Kevin
CirrocumulusIn this lab environment I dont have WAN links, but the idea is indeed to have two WAN links connected and publish the Wide IP using two public IP addresses. I understand the logic and have implemented it several times. The only thing is that I ran into this technical issue using an internal DNS integrated with an external LTM that currently is not able to verify the status of the virtual servers configured and active on the external LTM device. The server link is green as you can see above but it does not discover any of the virtual servers of the external LTM nor the status of the virtual servers.
Maybe perhaps this is just a small issue using VMware I really dont understand, but I understand correctly this setup should work accordingly.
If you must use links, have you defined the default_gateway_pool on the system and applied the bigip_link and gateway_icmp monitors to the link?
I'd give this a full review to be sure everything's configured correctly:
https://support.f5.com/kb/en-us/products/lc_9_x/manuals/product/lc-implementations-12-1-0.pdf
If you have basic tcp connectivity between the devices, there should be no VMWare issues.
Lastly, you aren't doing any type of address translation?
Kevin
Oh, and i forgot the specific sections:
Creating a default gateway pool
Creating a default route to the Internet
Creating links to define the physical connections to the Internet
Kevin
CirrocumulusIn this setup it is a bit different because we are using to different F5 devices (Internal DNS and External LTM)
Is it possible to have this, refer to the design above:
Big IP LTM external, that means no Link Controller only LTM with default pool gateway in a separate VLAN
Big IP DNS internal, Link discovered via server link from the external LTM device, is that possible or not supported?
CirrocumulusI know yes and have experienced this behavior that when implementing a DNS+LTM combo when having defined the GTM links with bigip_link monitor and not defined in the LTM gateway pool the links wont come up. So it seems that both of them needs to work together, so I am questioning if it is even possible to seperate LTM and GTM on different F5 devices and having the LTM externally on other words the F5 DNS will not have direct connectivity to the gateways, it can only fetch the link status via the external F5 LTM device.
Hope it makes more sense now. I know its a little weird architecture but at this moment I dont have other options to implement this.
Thanks