15 April 2013

F5 Diaries - Episode 4 - Really Simple Inbound Load Balancing with GTM

Outbound load balancing is simply a case of putting a few internet lines together and sending traffic out and
let it route back they same way.  Inbound load balancing is a bit harder.

How it works
I am using the same lab form Episodes 1,2 and 3.  From this we know that we have two Internet connections.  If we want to be able to publish a web site on either connection it would need an IP address associated with each link.

The same site would therefore be available on two different IP addresses.  This is where GTM comes in.  It selects the IP address to return to the requester and this governs over which connection the conversation will happen.



Configure the F5
There are of course many ways of doing this, this guide will cover the basics and this should give you enough understanding to carry on building more complex deployments.
  • Provisions the GTM module
  • Create a datacentre
  • Create links
  • Create listeners
  • Create a server
  • Create a virtual server (LTM)
  • Create a GTM pool
  • Create a Wide IP
At the end of this you would have a DNS server on the Internet that would return an IP for the site  (virtual server) you created.

Provision the GTM module
The F5 BIG-IP Ve Lab edition on TMOS 11.3 is licensed for GTM, but it is not provisioned by default.
  • System
  • Resource Provisioning
  • Check Global Traffic Management and select Nominal fromt he drap down
  • Submit
  • Reboot
Create a Data Center
Data centres act as coitainers for the various object and allows them to be logically grouped.
  • Global traffic
  • Data Centers
  • Data Center List
  • Create
  • Specify a name such as Data_Centre1
  • Finish
Create Links
Links represent physical connection links to the internet.  In the lab we have two ADSL lines, one with a fixed public routable IP the other with a dynamic IP, because of this one link would need translation and the other does not.

Create a fixed public rout-able IP link
Use this for creating a link for a internet connection that will always have the same fixed rout-able IP address
  • Global traffic
  • Links
  • Link list
  • Create
  • Name IS_FixedIP
  • Address Translation Disabled
  • Router address 169.212.74.65
  • UplinkAddress 169.212.74.66 (the ip you get from whatismyip.org)
  • Data Centre Data_Centre1
  • Health monitors bigip_link

Create a dynamic IP link
Note: the Uplink address is the IP that would be visible on the internet for the F5 itself.  If you are not sure go to whatismyip.org and verify.

  • Global traffic
  • Links
  • Link list
  • Create
  • Name Telkom_dynamic_IP
  • Address Translation Disabled
  • Router address 192.168.0.1
  • UplinkAddress 105.221.130.246 (the ip you get from whatismyip.org)
  • Data Centre Data_Centre1
  • Health monitors bigip_link
Create Listeners
Listeners sit on the internet IPs of the F5 and listens for DNS requests.  Listeners will show up a virtual machines in LTM
  • Global Traffic
  • Listeners
  • Create
  • Destination is the self IP
  • Finish
  • Repeat for the second public IP
You should end up with one on 192.168.0.254 and another on 169.212.74.66
These are the IP's and listeners we will be testing later on so keep this in mind when we get to the test pc.

Create a server
A server is a physical device that contains the virtual servers that are ultimately the destination of the DNS request.
  • Global traffic
  • Servers
  • Create
  • Name: GTM_and_LTM
  • Product: BIG-IP System (single)
  • Add both Internet Self IPs to the address list (192.168.0.254 and 169.212.74.66)
  • Data Centre Data_Centre1
  • Health monitor bigip
  • Virtual Server Discovery Enabled
  • Link Discovery enabled
Create a virtual server (LTM)
The server we just created needs contain virtual servers.  The easiest place for this is to create a virtual server on the local LTM.  In the lab I have a IIS web site an internal network.
  • Local Traffic
  • Pools
  • Create
  • Name pool_test_iis
  • Health monitor http
  • New Node (ip address of IIS site)
  • HTTP
  • Finish

  • Local Traffic
  • Virtual Servers
  • Create
  • Name vs_test_iis
  • Destination Host (This ip is what will be returned in a DNS request - so this is a public ip)
  • Service port HTTP
  • Default Pool pool_test_iis
  • Finish
Create GTM pool
A pool is a collection of  virtual server that can reside on multiple servers.
  • Global Traffic
  • Pools
  • Create
  • Name gtm_pool_test_iis
  • health monitor http
  • Memberlist (Select the virtual server created in the previous step)
  • Add
  • Finished
Create a Wide IP
A wide IP is a FQDN "DNS entry" that is mapped to the pool members   This is essentially the dynamic DNS name that can return different ip addresses.
  • Global Traffic
  • Wide IPs
  • Create
  • Name: www.mytestdomain.com (this is the actual fqdn)
  • Add the gtm_pool_test_iis to the pool list
  • Finished
By now you should have a online wide ip.  If you don't you need to go back and check the monitors to make sure that the wide ip is online.

Testing GTM from the Internet
Generally the GTM would be an authorative DNS server on the internet.  To test however we can simulate this by specifying the listener IP in an nslookup.

On your test internet connected PC
Open command prompt
nslookup
server 169.212.74.66  (your public ip specified in the listener)
now search for www.google.com - you should got no answer
now search for yourwide IP FQDN

You should get a reply with the IP specified in the LTM virtual server.

To test the same over the second ADSL link do the same but specify the nslookup server to be the other dynamic IP listed in the listeners.  A note here.  Since the dynamic IP can change it is not recommended to use one.  It may be useful for testing but it is not feasable for any real deployment


No comments:

Post a Comment