HA Domain Controllers

What is your goal here? Active Directory is HA by default if you are doing standard things like logins or any application that uses native APIs. If you have something like apache doing LDAP authentication then you can just setup a load balancing pool for LDAP against the domain controllers.

With something to ask, the answer was LDAP. So, now the only problem is that the DC's have a default route, which is not the BigIP...and the BigIP is just tagged into the same VLAN as the DC's.

 

 

Not sure if there'll be issues if the replies take a different route back.

If the client makes a request to the VIP but gets a response back directly from the DC, the client should drop the response as it's not coming from the IP it made the request from. You should be able to enable SNAT automap on the VIP to ensure the response goes back to the BIG-IP and the response to the client comes from the VIP address.

 

 

Aaron

Ya, it seemed to my fuzzy recollection and reasoning that SNATs would be needed and just turning on SNAT automap for the VIP was all that I would need to change. But, nobody here has ever used SNATS before, so I wasn't positive.

 

 

Lawrence

Well, I turned on SNAT, and at least I could telnet into the port.

 

 

Though it turned out that they were static routing to the secondary bigip, instead of the float (or the primary). And, then it turned out I had the wrong nodes in the pool. :oops:

 

 

Now it should just work

 

 

Lawrence