Geo-Location Based Traffic Management with F5 BIG-IP for VMware Products (PoC): Infrastructure Setup (continued) (SKKB1018)

In this article we will talk more about the infrastructure used for the PoC. We will configure additional software components to provide local DNS (LDNS) services and configure Cent SO virtual machines to serve as clients in our infrastructure.

Part 1: Geo-Location Based Traffic Management with F5 BIG-IP for vRA (PoC)
Part 2: Infrastructure Setup
Part 3: F5 BIG-IP LTM
Part 4: F5 BIG-IP GTM
Part 5: Infrastructure Setup (continued) (this article)
Part 6: Use Case 1
Part 7: Use Case 2

Lab Environment

The logical design of this lab can be seen HERE.

 

Infrastructure Setup (continued)

LDNS

For the purpose of this PoC we need two DNS server in each datacenter satisfying DNS requests on each external network. To accomplish this I have installed tow Windows Server VM’s the following properties.

Name: srv-a-01
Domain joined: vmnware.com
IP: 172.16.61.30
Subnet: 255.255.255.0
GW: 172.16.61.1
DNS: 172.16.61.30
Network: F5-External-a-01 (NSX VLAN)

Name: srv-b-01
Domain joined: vmnware.com
IP: 172.16.71.30
Subnet: 255.255.255.0
GW: 172.16.71.1
DNS: 172.16.71.30
Network: F5-External-b-01 (NSX VLAN)

Each of the servers has the DNS server role installed and configured with a Secondary Copy of the vmware.com DNS zone. Copy has been taken from the primary master for the zone: lan1dc1.vmware.com.

This has been done, because later on we will be setting GTM to manage the traffic based on subnet location.

Clients DNS request originating from clients (vm-a-01) on the external network in LA datacenter (F5-External-B-01 NSX VLAN) will be forwarded by the LDNS server in LA (srv-a-01) to the GTM devices.

Clients DNS request originating from clients (vm-b-01) on the external network in NY datacenter (F5-External-B-01 NSX VLAN) will be forwarded by the LDNS server in NY (srv-b-01) to the GTM devices.

This is roughly represented by the diagrams below:

 

Detailed DNS Query flow for f5.vmware.com zone for Clients in the LA Datacenter:

  • The Client (vm-a-01) is connected to the external network in LA datacenter (F5-External-a-01 NSX VLAN)
  • The Client (vm-a-01) send a DNS query to resolve a geoapp.f5.vmware.com DNS address to it’s defined local DNS server (srv-a-01).
  • The LDNS Server (srv-a-01) is also connected to the same external network in the LA Datacenter (F5-External-a-01 NSX VLAN)
  • The LDNS Server (srv-a-01) is configured with secondary copy of the vmware.com DNS zone, therefore it can directly resolve queries for this DNS namespace. The LDNS Server (srv-a-01) also has a delegation of the f5.vmware.com DNS zone.  LDNS Server (srv-a-01) server send a DNS Query for geoapp.f5.vmware.com to one of the Name Servers (f5-gtm-a-01 and f5-gtm-b-01) configured for the f5.vmware.com delegated zone.
  • The Name Server (f5-gtm-a-01 or f5-gtm-b-01) , applies Wide IP load balancing policies to determine the originating subnet is from the LA Datacenter and sends back DNS Response with the IP of the GeoApp in the LA Datacenter which is the Virtual Address vs-geoapp-la .

Detailed DNS Query flow for f5.vmware.com zone for Clients in the NY Datacenter:

  • The Client (vm-b-01) is connected to the external network in NY datacenter (F5-External-B-01 NSX VLAN)
  • The Client (vm-b-01) send a DNS query to resolve a geoapp.f5.vmware.com DNS address to it’s defined local DNS server (srv-b-01).
  • The LDNS Server (srv-b-01) is also connected to the same external network in the NY Datacenter (F5-External-B-01 NSX VLAN)
  • The LDNS Server (srv-b-01) is configured with secondary copy of the vmware.com DNS zone, therefore it can directly resolve queries for this DNS namespace. The LDNS Server (srv-b-01) also has a delegation of the f5.vmware.com DNS zone.  LDNS Server (srv-b-01) server send a DNS Query for geoapp.f5.vmware.com to one of the Name Servers (f5-gtm-a-01 and f5-gtm-b-01) configured for the f5.vmware.com delegated zone.
  • The Name Server (f5-gtm-a-01 or f5-gtm-b-01) , applies Wide IP load balancing policies to determine the originating subnet is from the NY Datacenter and sends back DNS Response with the IP of the GeoApp in the NY Datacenter which is the Virtual Address vs-geoapp-ny .

 

 

Client OS

For the purpose of this PoC we need two Clients in each datacenter , located on the external network. These clients will be making DNS request and accessing the GeoApp portal. I’ve deployed two CentOS VM’s with the following properties:

Name: vm-a-01.vmware.com
IP: 172.16.61.40
Subnet: 255.255.255.0
GW: 172.16.61.1
DNS: 172.16.61.30
Network: f5-External-A-01 (NSX VLAN)

Name: vm-b-01.vmware.com
IP: 172.16.71.40
Subnet: 255.255.255.0
GW: 172.16.71.1
DNS: 172.16.71.30
Network: f5-External-B-01 (NSX VLAN)

Later on when these clients try to access the GeoApp portal they will be sending requests to the LDNS servers in their respective external networks.

This is roughly represented by the diagrams below:

 

DISCLAIMER; This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
Photos
Unless stated, all photos are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to the blog owner. For any edit to photos, including cropping, please contact me first.
Recipes
Unless stated, all recipes are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Please credit all recipes to the blog owner and link back to the original blog post.
Downloadable Files
Any downloadable file, including but not limited to pdfs, docs, jpegs, pngs, is provided at the user’s own risk. The owner will not be liable for any losses, injuries, or damages resulting from a corrupted or damaged file.
Comments
Comments are welcome. However, the blog owner reserves the right to edit or delete any comments submitted to this blog without notice due to
– Comments deemed to be spam or questionable spam
– Comments including profanity
– Comments containing language or concepts that could be deemed offensive
– Comments containing hate speech, credible threats, or direct attacks on an individual or group
The blog owner is not responsible for the content in comments.
This policy is subject to change at anytime.