Select Page

Integrating BIG-IP DNS With BIG-IP LTM

by | 15-Jun-2021 | ADC, DNS, F5

The Initial State

LTM201 Initial State (Figure 2)

  • Device Certificate (System ›› Certificate Management : Device Certificate Management : Device Certificate)
    • Renewed to self-signed certificate
    • CN: ltm201.home.net
  • Device Trust Certificates (System ›› Certificate Management : Device Certificate Management : Device Trust Certificates)
    • Inside this directory, it has the previous (initial) device certificate only
    • CN: localhost.localdomain

 

DNS205 Initial State (Figure 3)

  • Device Certificate (System ›› Certificate Management : Device Certificate Management : Device Certificate)
    • Renewed to self-signed certificate
    • CN: gtm205.home.net
  • Device Trust Certificates (System ›› Certificate Management : Device Certificate Management : Device Trust Certificates)
    • Inside this directory, it has the previous (initial) device certificate only
    • CN: localhost.localdomain
  • Trusted Server Certificates (DNS ›› GSLB : Servers : Trusted Server Certificates)
    • Inside this directory, it has current device certificate only
    • CN: gtm205.home.net

Adding BIG-IP LTM to a network with BIG-IP DNS

DNS205: Add GSLB Object (Figure 4)

  • DNS ›› GSLB : Data Centers : Data Center List [Create]
    • Name: DC1
  • DNS ›› GSLB : Servers : Server List [Create]
  • Add GTM205
    • Name: gtm205
    • Product: BIG-IP System
    • Data Center: DC1
    • Devices: [Add]
      • Device Name: gtm205
      • Address: 100.0.0.21
    • Health Monitors: bigip (will be set automatic if you use BIG-IP System as the Product)
    • Virtual Server Discovery: Disabled
  • Add LTM201
    • Name: ltm201
    • Product: BIG-IP System
    • Data Center: DC1
    • Devices: [Add]
      • Device Name: ltm201
      • Address: 100.0.0.11
    • Health Monitors: bigip (will be set automatic if you use BIG-IP System as the Product)
    • Virtual Server Discovery: Enabled

 

DNS205: bigip_add script (Figure 5) “To exchanges SSL Device Certificates”

  • Bash shell via SSH
    • bigip_add <BIG-IP_IP_address> or bigip_add <username>@<BIG-IP_IP_address>
    • bigip_add root@100.0.0.11
      • Accept SSH-RSA key of 100.0.0.11 and add to known hosts (/var/ssh/root/known_hosts)
  • GTM205: exchanged certificate
    • DNS ›› GSLB : Servers : Trusted Server Certificates
    • LTM201’s device certificate is appended
      • CN: ltm201.home.net
  • LTM201: exchanged certificate
    • System ›› Certificate Management : Device Certificate Management : Device Trust Certificates
    • GTM205’s device certificate is appended
      • CN: gtm205.home.net

 

DNS205: GSLB Servers (Figure 6)

  • Result

Recent Comments

    0 Comments

    Submit a Comment

    Your email address will not be published. Required fields are marked *