DNS LTM adding recommendation

Question

Hello,&nbsp;What is the recommendation in adding GTM and LTM/AWAF devices in multi datacenter&nbsp;&nbsp;More explanation&nbsp;if we have HQ and DR datacenters&nbsp;HQ data center&nbsp;GTM device (One device)LTM/AWAF Device (Pair)&nbsp;DR data center&nbsp;GTM device (One device)LTM/AWAF Device (Pair)&nbsp;shall we add DR LTM/AWAF to HQ GTM by using DR LTM/AWAF self IP reachable through internet or internally?Please highlight pros and cons for each method&nbsp;&nbsp;Why are we think to add DR LTM/AWAF to HQ GTM is to ensure that HQ GTM will see&nbsp; VS on DR LTM/AWAF down when internet link is down in DR&nbsp;&nbsp;If there another way to ensure that by monitoring links please clarify

aswin_mk · Answer

Hi&nbsp;We should add the lTM devices to all GTM for sync. If you have a requirement for DNS for the VIPs in those deviceYou can add the lTM using self ips and the self ip should allow required port(port lockdown settings)You can use the link for adding the LTM to GTMshttps://my.f5.com/manage/s/article/K43300744

ahmed_saied · Answer

Yes, we will add all devices for sure&nbsp;but question here is on HQ GTM shall will add DR devices to it ( DR GTM device and another pair LTM/ASM)by self IP though internet or internally?&nbsp;which pros and cons of each way?

aswin_mk · Answer

I hope you have internal connectivity towards DC(MPLS). So better to connect via internal self ip. For our infra. i done like the same. So GTM will have all the DC and DR vips and if the DC goes down traffic will switch to DR VIP.

i dont think you will have F5 self ip access from internet. its not secure. Please limit your self/management ip access from internal network

Forum Discussion

DNS LTM adding recommendation

Recent Discussions

Help with an I-rule rewrite

DNS LTM adding recommendation

iRule command to allow IP range to access specific URL

Ipsec.lookupspi database variable

irule does not work in browsers other than google

Related Content

The Power of &: F5 Hybrid DNS solution

Logging of DNS Requests and Responses without a DNS license

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability

ESRP Strategies: DNS Water Torture Attack

Logging DNS Requests