Forum Discussion

Craig's avatar
Craig
Icon for Nimbostratus rankNimbostratus
Dec 11, 2016

GTM Split DNS - Topology Records or Zone Views?

I'll be setting up a new Datacenter and running GTM between LTMs at each DC. When the need arises, I need internal clients to resolve internal VSs for a WIP, and external clients should get an external VS (either a NAT or a real public VS in a DMZ). My setup will be fairly simple, most applications are a single VS/Port, and either need to be active/active or active/standby across the two DCs.

 

What is everyone doing for GTM Split DNS? I have seen the F5 document regarding setting up topology records on the WIP to select a pool based on source IP, and I've also seen references to using Zone Views. Which is preferred for ease of setup/use as well as flexibility?

 

With Topology records, it seems to me that you lose a bit of flexibility because you have to dedicate your WIP load balancing to just doing Split DNS, and have to do all your load balancing at the pool level? Maybe not much of an issue, especially in a fairly simple setup. Possibly some duplication of work depending on the setup, having to create an Internal and External Pool and VS for every app?

 

Views seem to decouple Split DNS from the WIP/Pool/VS process, but it seems like it is going to be more trouble to manually manage the records in ZoneRunner? Specifically when you add a new WIP, it automatically adds a record in ZoneRunner, but it seems to add it to the default or highest ordered zone? So if that's the internal zone, it adds even external records to it or vise-versa? Then you have to go in and manually edit the records to fix it, and are those manual changes ever overridden in the future? Or is there a way to direct the records appropriately, or disable automatic record creation to force you to add it manually?

 

Thanks.

 

2 Replies

  • seems to advocate for Topology method.

     

    If you have a firewall that can provide the equivalent of Cisco ASA's DNS Doctoring, you wouldn't have to worry about split dns under certain network set up.

     

  • Hi,

    you can assign this irule to the wide IP.

    when DNS_REQUEST {
      if { [IP::addr [IP::remote_addr] equals 10.0.0.0/8] \
         or [IP::addr [IP::remote_addr] equals 192.168.0.0/16] \
         or [IP::addr [IP::remote_addr] equals 172.16.0.0/12] } {
        pool [string map {"_nat" "_int"} [lindex [pools -list] 0]]
      }
    }
    

    With this irule, pool name must be :

    • pool1_nat with VS with external IPs
    • pool1_int with VS with internal IPs

    The pool pool1_nat must be assigned to the VS.

    VS with external IPs must be created manually with following parameters:

    • IP address : External IP address
    • NAT address : LTM virtual server IP address (used to monitor service)