May 24, 2013

How to make the GTM to answer IPs in a 'sorted' way ?

Hello,

we are currently replacing Cisco CSS with F5 LTM/GTM.

The work with LTM is over, and am pretty happy to work wich such devices.

I'm now looking in how to translate to F5 the way we provide DNS resolutions to our clients. There is no story about internal/external IPs to provide, all requests come from Internet.

The way we proceed is:

-an application available over four different public IPs, let's call them IP1, IP2, IP3, IP4.

- We ALWAYS publish IP1 to clients, unless it goes down.

- Then we ALWAYS publish IP2 to client, unless it goes down.

- Then we ALWAYS publish IP3 to client, unless it goes down.

- Then we ALWAYS publish IP4 to client, unless it goes down.

- If for example we publish IP2, because IP1 is down, and IP1 is back, we do not want a kind of 'auto preempt' to occur that would make IP1 to be published again automatically.

I can imagine three ways to do it (see details below). My question is 'which is the best solution, in term of flexibility from an operationnal point of view' ?

1/ One Wide IP linked to fours pools, each containing one answer (VS).

- I would then use the 'order' parameter to make the LB decision, based on the LB method 'Global availability'

- The question is: what about the 'auto preempt' that I spoke about. Would I need an irule to prevent the GTM to automatically swap back to the pool in the list with the highest order ?

- I see that per pool, we can configure the 'manual resume'. Does someone can confirm this is the right option to avoid creating an Irule ?

- This one has my preference up to now

2/ One Wide IP linked to one pool, containing the four answers (VS)

- I would add all four VS into a single pool.

- I'm getting a bit confused, at the members level, in between 'Order' and 'Ratio'. I think that per member, the same principle applies (with LB method 'global availability') but if somone can confirm ?

- I cannot use 'manual resume' at the pool level, because only one pool. The option is not available at the member level, I see that I can play then with a 'dependancy list'. But there are no detail in the GUI help, and in CLI I only get:

depends-on Specifies the names of virtual servers on which this pool member depends.

which remains unclear to me (is the dependance on UP or DOWN) ?

3/ via Irules applied on a wide IP

- I would like to avoid such solution, so I will not dig into it, except if the two above are not feasible (which I doubt).

thanks in advance for your remarks/help.

Best regards,

Benoit

config

design

Forum Discussion

How to make the GTM to answer IPs in a 'sorted' way ?

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

Making EKS Anywhere Highly Available and Secure

Question & Answer: Regarding CVE-2020-5902

How to make DNS resolutions in an HTTP request event work FOR you, not against you

Re: Zero Trust - Making use of a powerfull Identity Aware Proxy (Hands on lab)

Sorting Kubernetes with Container Ingress Services