GTM topology on internal network

Question

Hi,&nbsp;
&nbsp;I plan on doing proximity routing internally and thought of doing that via GTM. I configured topology on GTM and realized that the query originated from LDNS and not the actual client (new learning for me). Next step, I modified the topology according to our regional dns infrastructure and did some basic testing which worked fine. Now comes the real problem. We have Anycast deployed across company network for dns server. All client machines have primary dns server with Anycast IP which should be one of the closest dns server. The problem is that the Anycast is not working as expected, and the client is routed to only one DNS server. This breaks the topology configuration on GTM. If I change the DNS server to specific one, it works fine as expected. We are looking at the routing config but would like to know if there is any way to have client query the GTM directly? Is there any other to achieve this? or Can we have client make iterative query?&nbsp;
&nbsp;Thanks in advance.&nbsp;

hooleylist · Answer

Hi Sly, 
&nbsp;  
&nbsp; I can't think of a reason you couldn't have clients query GTM directly.  You'd just configure them with a listener IP that the GTMs answer on.  GTM in v11.1 supports anycast: 
&nbsp;  
&nbsp; GTM 11.1 release notes 
&nbsp; http://support.f5.com/kb/en-us/products/big-ip_gtm/releasenotes/product/relnote-gtm-lc-11-1-0.htmlrn_new 
&nbsp;  
&nbsp; IP Anycast 
&nbsp;  
&nbsp; This release provides support for IP Anycast for DNS services on BIG-IP GTM. This configuration helps mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with global traffic management. 
&nbsp;  
&nbsp; Configuring IP Anycast Route Health Injection 
&nbsp; http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-1-0/11.html 
&nbsp;  
&nbsp; Aaron

sly_85819 · Answer

Hi Aaron, 
&nbsp;  
&nbsp; The only reason I thought of sending queries directly to GTM so that it can see the original client IP. We do have DNS anycast setup, which is configured for infoblox. I do not want to change anything from Anycast DNS or take over DNS. We had some problem with anycast routing internally and it was only using on IP from globally spread infoblox servers. This made GTM to handover resource for that particular region which was not correct as per the topology. We have resolved that issue by tweaking WAN routing and solved 90% of issues. We are still doing testing. I wanted to know if there is any option like X-Forwerder or something which will somehow preserve the source client IP. Thanks for your response. I will go thru the suggestions. 
&nbsp;  
&nbsp; -Vishal

Forum Discussion

GTM topology on internal network

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Create isolated environment for internal and external networks

What is Multi-Cloud Networking?

Community Learning Path: Multi-Cloud Networking

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

A complete Multi-Cloud Networking walkthrough with F5 Distributed Cloud