F5 LTM vs BIG-IP DNS (GTM)

Posted on By australtech Posted in F5, Load BalancersTagged , ,
F5 LTM vs BIG-IP DNS (GTM)

Local Traffic Manager vs Global Traffic Manager

This is one of the most common questions I get asked when customers discover that F5 provides more than just Load Balancing and that what they usually mean by F5, is the LTM module. So we will do a side by side F5 LTM vs BIG-IP DNS (GTM) comparison to clear up some concepts.


F5 Networks started with their flagship product that now is know as LTM (Local Traffic Manager). When the company started their named their product BIG/ip. Which basically was the load balancing module LTM that we know, without all the fancy features, it was just a basic Load Balancing product. Then they released what was know 3DNS, the product that provided Global Traffic Manager. 3DNS then was later renamed to GTM and recently to DNS. So after all this renaming what we got now is the following:

  • BIG-IP LTM (Local Traffic Manager) Module
  • BIG-IP DNS (Formerly, GTM, Global Traffic Manager) Module

So what is BIG-IP know then? BIG-IP is the platform, it was the hardware appliance, but know the line between hardware and software gets blurred even more everyday. So think about BIG-IP as the framework, where you provision the modules, which can be LTM or DNS (GTM), or others (APM, ASM, etc). I hope with this simple history lesson we cleared some doubts, but we will dive further into this LTM vs BIG-IP DNS matter and explore each module a little more.

BIG- IP LTM (Local Traffic Manager)

LTM load balances servers and also does caching, compression, persistence, etc. LTM is a full reverse proxy, handling connections from clients. The F5 LTM uses Virtual Servers (VSs) and Virtual IPs (VIPs) to configure a load balancing setup for a service.

A few points to remember about LTM:

  • LTM doesn’t do any name resolution and assumes a DNS decision has already been made.
  • When traffic is directed to the LTM traffic flows directly through its’ full proxy architecture to the servers it’s load balancing.
  • Since the LTM is a full proxy it’s easy for it to listen on one port but direct traffic to multiple hosts listening on any port specified.
  • LTM load balances servers and also does caching, compression, persistence, etc.
  • LTM can do SSL Offloading
  • LTM can inspect and modify the traffic using the iRules programming language
  • LTM is the product that people usually refers when they mean “the F5”.
  • LTM and BIG-IP DNS (GTM) can be provisioned on the same appliance (BIG-IP)
  • In a typical production device, If you run a tcpdump on a LTM you can see plenty of different protocols being load balanced
  • Concepts related to LTM are: Virtual Server, VIP, Pool, Pool Members, Node.

BIG-IP DNS (Formerly, GTM, Global Traffic Manager)

GTM (Now BIG-IP DNS) load balances traffic globally across Data Centers using DNS. GTM (DNS) is used as an “Intelligent DNS” server, handling DNS resolutions based on intelligent monitors and F5’s own iQuery protocol used to communicate with other BIGIP F5 devices. It is used in multiple data center infrastructures, deciding where to resolve requesting traffic to.

A few points to remember about DNS (GTM):

  • The DNS module is an intelligent name resolver, intelligently resolving names to IP addresses.
  • Traffic doesn’t actually flow through the BIG-IP DNS device to your servers. The BIG-IP DNS device, as their name suggests now, only manages DNS traffic
  • Once BIG-IP DNS (GTM) provides you with an IP to route to you’re done until you ask it to resolve another name for you.
  • Similar to a usual DNS server, BIG-IP DNS does not provide any port information in its resolution.
  • LTM and BIG-IP DNS (GTM) can be provisioned on the same appliance (BIG-IP)
  • If you run a tcpdump on a GTM (BIG-IP DNS) device you will see only DNS traffic (excluding iquery/icontrol communication)
  • Main concepts related to DNS are: WideIP (It is not an actual IP, is the FQDN being load balanced across datacenters) and Pools containing Virtual Servers.
  • Pools on BIG-IP DNS contain Virtual Servers, Pools on LTM contain Servers

Communication between GTM and LTM:

The gtmd agent on BIG-IP Global Traffic Manager (GTM), now called BIG-IP DNS uses the iQuery protocol to communicate with the local big3d agent, and the big3d agents installed on other BIG-IP systems. The gtmd agent monitors both the availability of the BIG-IP systems, and the integrity of the network paths between the systems that host a domain and the local DNS servers that attempt to connect to that domain.

The BIG -IP DNS (GTM) and LTM can work together or they can be totally independent. If your organisation owns both modules it’s usually using them together, and that’s where the real power comes in. They do this via a proprietary protocol called iQuery. iQuery, functioning on TCP port 4353, reports VIP availability / performance back to the BIG-IP DNS. The BIG-IP DNSs can then dynamically resolve VIPs that live on an LTM(s).

When a BIG-IP DNS has LTMs as servers in its’ configuration there is no need to monitor the actual VIP(s) with application monitors, as the LTM is doing that & iQuery reports the information back to the BIG-IP DNS.

This finishes our LTM vs BIG-IP DNS comparison, we hope we make it clear to you and names stay like this for a while :).