Forum Discussion

Shailender_1542's avatar
Shailender_1542
Icon for Nimbostratus rankNimbostratus
Nov 03, 2015

GTM + LTM on Same Device , GTM has Public IP and LTM-VS has private IP , how client on internet communicate with Servers

Hi Experts,

 

I need to understand the traffic flow for my situation and how it will work.

 

  1. We have 2 Sites. both have BIG-IP in HA Pair.
  2. both pair will work as GTM + LTM
  3. Serves under LTM has Private IP addresses and its VS also has Private IP address on External and Internal both.
  4. GTM has Public IP address.
  5. Internet Client will send request to GTM WiP.
  6. How they will communicate with Servers which have Private IP.?

Please suggest any solution. 1. One solution what I think of is Need to give Public IP on External of LTM VS. and do SNAT for server pools

 

APM
availability
devops
security
TMOS
TMSH

8 Replies

Sort By
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Nov 03, 2015

    Your wideIP should resolve public IPs for the virtual servers to receive traffic from the internet. Thos public IPs can either live on the virtual servers themselves(preferred) or can be NAT's upstream by a firewall or some other device. If you make you virtual servers with public IPs directly GTM and "auto discover" the virtual servers automatically rather than having to manually create the virtual server in the GTM context.

     

    https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-3-0/7.html

     

    • Shailender_1542's avatar
      Shailender_1542
      Icon for Nimbostratus rankNimbostratus
      Nov 03, 2015
      Thanks Brad for the Understanding, some more queries, do we need to create 2 external , 1 for LTM and 1 for GTM. or only 1 external can solve the issue . can we use same public IP for GTM which is used for External for VS.
    • Brad_Parker_139's avatar
      Brad_Parker_139
      Icon for Nacreous rankNacreous
      Nov 03, 2015
      Technically you could get away with the 1 public as HTTP/S and DNS run on different ports, but its more of a question if you want that traffic on the same IP address. Also, you say you have 2 sites, if they are both HTTPS that will require you to use SNI. While you can get away with this 1 public IP approach, most don't do this. One reason is rDNS. Reverse DNS can only point to one FQDN and I assumer the name of your NS records will be different than your sites.
    • Shailender_1542's avatar
      Shailender_1542
      Icon for Nimbostratus rankNimbostratus
      Nov 04, 2015
      Thanks Brad, Is there any way if we use Private IP on External 1(LTM) for Internal clients and Public IP on External 2(GTM), as We have 2 sites is this needed to run GTM at both locations.
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 03, 2015

    Your wideIP should resolve public IPs for the virtual servers to receive traffic from the internet. Thos public IPs can either live on the virtual servers themselves(preferred) or can be NAT's upstream by a firewall or some other device. If you make you virtual servers with public IPs directly GTM and "auto discover" the virtual servers automatically rather than having to manually create the virtual server in the GTM context.

     

    https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-3-0/7.html

     

    • Shailender_1542's avatar
      Shailender_1542
      Icon for Nimbostratus rankNimbostratus
      Nov 03, 2015
      Thanks Brad for the Understanding, some more queries, do we need to create 2 external , 1 for LTM and 1 for GTM. or only 1 external can solve the issue . can we use same public IP for GTM which is used for External for VS.
    • Brad_Parker's avatar
      Brad_Parker
      Icon for Cirrus rankCirrus
      Nov 03, 2015
      Technically you could get away with the 1 public as HTTP/S and DNS run on different ports, but its more of a question if you want that traffic on the same IP address. Also, you say you have 2 sites, if they are both HTTPS that will require you to use SNI. While you can get away with this 1 public IP approach, most don't do this. One reason is rDNS. Reverse DNS can only point to one FQDN and I assumer the name of your NS records will be different than your sites.
    • Shailender_1542's avatar
      Shailender_1542
      Icon for Nimbostratus rankNimbostratus
      Nov 04, 2015
      Thanks Brad, Is there any way if we use Private IP on External 1(LTM) for Internal clients and Public IP on External 2(GTM), as We have 2 sites is this needed to run GTM at both locations.