External Facing F5 DNS between data centers

Question

We have external F5 DNS enabled at 2 of our datacenters.  The public address spaces are being advertised out of both DCs, but we are looking into no longer doing that.
I have 2 questions.
First, is it reasonable to go after a public address self-ip on the F5 LTM guests.  My concern is that the VIP itself would never actually be marked down if our internet circuit went down at a site.  F5 DNS queries a private address on the LTM guests.  If it went after a public address, then i would expect that F5 DNS would only be able to query a guest if it was actually reachable.  If we stopped advertising public address space between DCs, then these queries would go out via the internet.&nbsp;
2nd question, can i build a health check for the LTM VIPs that would mark the VIP down if the local internet connection was down?  Something like a query to the carrier's end of our connection with them.&nbsp;

maneesh_72711 · Answer

Cant you try running the iquery from external interface, that way if the Internet link goes down you would have the iquery failing as well.&nbsp;

kevin5866_19733 · Answer

My public address interfaces still sit in my DMZ, so they would still see internal routes to both sites.  I was thinking I would query the public address self-ip on the LTM guests.&nbsp;

Forum Discussion

External Facing F5 DNS between data centers

2 Replies

Recent Discussions

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

Related Content

BIG-IP Orchestrate in private Data Center using Terraform Cloud Agent

Security Operations Center - Helpers Behind the Scenes

CSV to Address External Datagroup File

F5 upgrade center

External Monitor Information and Templates