Forum Discussion

Patrik_Jonsson1's avatar
Patrik_Jonsson1
Icon for Altocumulus rankAltocumulus
Jan 30, 2017

GTM - Virtual server monitor down

Hi!

Noob warning here. I've set up a GTM from scratch:

  • Added default gateway 10.0.1.1
  • Created, data center
  • Added an F5 cluster using bigip default monitor
  • Added both nodes using bigip_add (the servers were all green after this step)
  • Ran big3d_install. Looked fine

The F5 LB cluster is in my lab environment:

  • 10.0.0.11
  • 10.0.0.12

My GTM is here:

  • 10.0.1.11

To rule out port lockdown I have set the self IP's to allow any.

Since I use SNAT translation on some of my VIP's the Virtual Server discovery does not work (according to some posts I've read?) so I have added a VIP manually using the exact same name and IP as the actual VIP on the LB (leaving translation settings blank). However, it's marked as down.

I have verified that the firewall is opened between the two:

curl --interface EXTERNAL -k https://10.0.0.22

        
        
        
        This is site1
        It is served from port 80 and site1 as host header

tcpdump does not show any monitoring attempts between the GTM and the LTM's. I have tested bigip, https and tcp as monitor. All of them shows the virtual server as red.

Please let me know what noob mistake I've made? 🙂

/Patrik

application delivery
BIG-IP DNS

4 Replies

Sort By
    • Patrik_Jonsson's avatar
      Patrik_Jonsson
      Icon for MVP rankMVP
      Jan 30, 2017

      Thank you for your suggestion!

       

      Since the bigip monitor works fine for the servers it should be right? Tested with iqdump just now and it looked good as well.

       

      /Patrik

       

  • FMA's avatar
    FMA
    Icon for Nimbostratus rankNimbostratus
    Jan 30, 2017

    Hey Patrik,

     

    Concerning virtual server discovery - f.e. if you have virtual servers which are assigned private IP addresses, and you want GTM to return public IP addresses instead of those private assigned to VIPs when DNS request comes, then you'll have to disable vs discovery, because it won't let you use "translation" feature.

     

    You won't see any "monitor probes" from GTM to your vs, since it is residing on a LTM and all the "metrics" and "health" are exhanged via iquery protocol (TCP 4353).

     

    Just a quick question - did you add a port of that vs you added? Can you show "show gtm server " from your GTM?

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 31, 2017

    Hi patrik,

     

    To summarize:

     

    • gtm private ip : 10.0.1.11
    • ltm 1 ip : 10.0.0.11
    • ltm 2 ip : 10.0.0.12
    • ltm vs : 10.0.0.22
    • ltm vs public ip (nat by firewall) : 1.2.3.4

    If you want gtm to answer with private ip, gtm vs must be created with the same ip as ltm one

     

    If you want gtm to answer with public ip, you must create the gtm vs with public ip (1.2.3.4) and define translation ip and port with ltm ip ( used to request ltm vs status)

     

    Ltm and gtm does not share vs status with name but with ip / port

     

    I think f5 must change this configuration because lots of deployment are with nat and we can't use vs discovery in such configuration! Maybe they are waiting IPv6 to solve this issue :-)

     

    EDIT (included in comments bellow):

     

    In gtm servers objects, you must have an object per gtm and an object per ltm

     

    Same configuration as vs.. if gtm is behind nat device and need to communicate with another gtm device via internet, you must configure translation.

     

    If you create link objects assigned to LTM object in GTM configuration, it must be defined with IP address of next hop of the appliance. if Link object is down, all related objects are down even if LTM VS status is up.

     

    If GTM / LTM communication use the only internet link of a datacenter, Link configuration is not necessary as if link is down, GTM will not be able to get status... :-)