Forum Discussion

Kevin_Pan_26226's avatar
Kevin_Pan_26226
Icon for Nimbostratus rankNimbostratus
May 04, 2016

GTM persistence in proxy environment

Hi,

 

We have 2 F5 GTM setup in 2 different sites. The purpose of them are to load balance the company's web surfing. In each of the site, we have a dedicated surfing infrastructure (i.e. FWs, internet links, proxy servers) to serve the resilience purpose.

 

We noticed that the DNS queries will be initiated by the DNS server (not the actual clients). In this case, the persistence setting will not work properly. As a result, if we want to configure our environment using round robin, there will be a chance that a single browsing session from a client will go through different surfing gateway.

 

Is this a common behaviour and we can only configure our GTM as active-passive?

 

Thanks in advance.

 

Kevin

 

BIG-IP DNS
security

1 Reply

Sort By
  • IanB's avatar
    IanB
    Icon for Employee rankEmployee
    May 05, 2016

    This isn't an unusual problem. At its core, the issue is that there's no information in the DNS request to allow the GTM to relate two queries from the same client that arrived via two different local DNS servers, although there are extensions that propose to solve this problem that aren't yet well supported in clients (EDNS0 client_subnet).

     

    With regard to active-standby, if the request arrives at the GTM process, then it will handle it. In order to arrive there, it needs to be received by a listener, so if the listener is on a floating IP, then only the active BigIP will ever receive the DNS request.

     

    Is there a reason you can't point your clients directly at the GTM listener IP addresses, and enable recursion on the GTM ? This would allow the GTM to see the original client IP address, handle the request if appropriate, otherwise recurse it.