Implementing BIG-IP DNS Sync Group

GSLB Configuration

DNS205: Add GSLB Object

• DNS ›› GSLB : Data Centers : Data Center List [Create]
  • Name: DC2
• DNS ›› GSLB : Servers : Server List [Create]
• Add GTM207
  • Name: gtm207
  • Product: BIG-IP System
  • Data Center: DC2
  • Devices: [Add]
    • Device Name: gtm205
    • Address: 200.0.0.21
  • Health Monitors: bigip
  • Virtual Server Discovery: Disabled

DNS205: Create GSLB Sync Group

• Configuration Synchronization (DNS ›› Settings : GSLB : General)
  • Synchronize: Enabled
  • Group Name: GTM_HOME_NET
  • Time Tolerance: 10s

DNS207: gtm_add script

• Initial Trusted Certificates (Figure 2)
• Bash shell via SSH
  • gtm_add <BIG-IP_IP_address> or gtm_add <username>@<BIG-IP_IP_address>
  • gtm_add root@100.0.0.21 (Figure 3)
    • Are you absolutely sure you want to do this? [y/n] y (wipe out the current GSLB configuration and replace with 100.0.0.21)
    • Are you sure you want to continue connecting (yes/no)? yes (accept and add SSH RSA key to the known hosts)
    • Enter root password if prompted, Password: <root password of 100.0.0.21>
• Exchanged certificates: GTM205 and GTM207 (Figure 4)
  • GTM207 shares its device certificate to GTM205
    • System: Device Trust Certificates
    • DNS: Trusted Server Certificates
  • GTM205 shares its device certificate to GTM207
    • System: Device Trust Certificates
  • GTM205 sync its Trusted Server Certificates to GTM207
    • gtm207, gtm205, ltm201
  • All GSLB objects will be synced between GTM205 and GTM207, Including:
    • Configuration Synchronization (DNS ›› Settings : GSLB : General)
    • Trusted Server Certificates (DNS ›› GSLB : Servers : Trusted Server Certificates)
• GTM205 shares GTM207 device certificate to LTM201 (Figure 5)
  • Because LTM201 doesn’t have GTM207 in its Device Trust Certificates
  • This is done via iQuery (TCP port 4353)