GTM - iRule for persistence
Hi to all
I'm facing a problem in GTM where we configured a wide-IP with two pool members.
Those pool members are separated APM modules in separated data centers.
End-users connecting to one APM module and start to work . inside the APM webtop there are some links enforcing the end-user to query again the same wide-ip . and here where the problem is start.
We've configured in GTM persistence CIDR /32 . But most of the end-user are using DNS servers that is using many LDNS servers , such as Google 8.8.8.8 listener which has a lot of LDNS servers all over the world. So, That 8.8.8.8 listener is not the one is querying the GTM , but the LDNS servers behind it:
172.217.40.8 wideip:A:/Common/mydomain.com-> pool-member:/Common/DC1:SSL_Portal 04-01 11:30:33
173.194.98.10 wideip:A:/Common/mydomain.com-> pool-member:/Common/DC2:SSL_Portal 04-01 11:33:09
173.194.98.9 wideip:A:/Common/mydomain.com-> pool-member:/Common/DC1:SSL_Portal 04-01 11:33:13
74.125.47.15 wideip:A:/Common/mydomain.com-> pool-member:/Common/DC2:SSL_Portal 04-01 11:35:50
From the following article it looks like Google Public DNS server ip addresses 8.8.8.8 and 8.8.4.4 are mapped to the nearest operational server by anycast routing.
https://developers.google.com/speed/public-dns/faq
When clients send queries to Google Public DNS, they are routed to the nearest location advertising the anycast address used (8.8.8.8, 8.8.4.4, or one of the IPv6 addresses in 2001:4860:4860::).
The specific locations advertising these anycast addresses change due to network conditions and traffic load, and include nearly all of the Core data centers and Edge Points of Presence (PoPs) in the Google Edge Network.
And this is a big problem to us. Because if end-user is querying Google DNS 8.8.8.8 , he/she might be get transferred between data centers.
There was some suggestions to solve this but none of them can totally resolve the issue :
-
To minimize the CIDR to /8 . But again , Google LDNSs , as you can see in the above example , does not reside on one specific CIDR.
-
To upgrade to v14 and use ECS feature . But then we need to make sure that each LDNS (DNS provider) which is forwarding DNS queries to the DNS BIG-IP system is using ECS feature.
I opened a case to F5, but seems to me nothing could resolve the issue but iRule. And I'm not sure which iRule ..
Has anyone came across this issue and solved it permanently ?
Thanks!