Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

F5 Fundamental Lab-can't communicate between servers

Hi, I am currently following CBT Lab for F5 fundamentals(see attached 2 images) in which F5 imported and configured on Vmware workstation( Ver 13.x).The Internal subnet is 10.2.0.0/24 and Internal IP address on F5 is 10.2.0.145. My question relates to the INTERNAL section of the diagram where there are 3 web server nodes (10.2.0.11, 10.2.0.22 and 10.2.0.33) which I can't ping from F5. All three nodes can ping with each other. Also F5 internal side and all three web servers are all on Vmnet2. Image Text

I would appriciate if somebody can assist me as I have reached a road block.

Thanks

Anuj Image Text

0
Rate this Question
Comments on this Question
Comment made 16-Apr-2018 by boneyard 5579

run a tcpdump on the 1.2 interface, do you see the traffic enter?

0
Comment made 16-Apr-2018 by anujg27 1

Tried below command

[root@BIG-IP-test:Active:Standalone] config # tcpdump -ni 1.2 tcp port 80 -w/var/tmp/http.cap tcpdump: listening on 1.2, link-type EN10MB (Ethernet), capture size 65535 bytes

<>>

0
Comment made 16-Apr-2018 by boneyard 5579

and? what was the result?

i would do it without any filter and to screen first, to check any data is coming in. then perform a ping towards the F5 and see if you see that.

0
Comment made 16-Apr-2018 by anujg27 1

Thanks for helping me out. I understand you are trying to help but I am beginner with tcpdump and F5 so please don't get upset. I tried the below command with no filters but there is no traffic. please let me if below info is any help otherwise if you can tell me what command to run and I will do that.

[root@BIG-IP-test:Active:Standalone] config # tcpdump -ni 1.2 tcp port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 1.2, link-type EN10MB (Ethernet), capture size 65535 bytes

I tried ping again from server to F5 but still can't ping

0
Comment made 16-Apr-2018 by boneyard 5579

please without filter, so no tcp port 80

the general idea is to make sure there is some traffic going on there, i.e. arp, perhaps spanning-tree, although that is doubtful on vmware. but i would like to make sure you don't have a vmware config issue.

0
Comment made 17-Apr-2018 by anujg27 1

Sorry about the delay, I removed the filter and receiving below arp output

[root@BIG-IP-test:Active:Standalone] config # tcpdump -ni 1.2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 1.2, link-type EN10MB (Ethernet), capture size 65535 bytes 05:04:01.538995 ARP, Request who-has 10.2.0.33 tell 10.2.0.145, length 35 out slot1/tmm0 lis= 05:04:01.829990 ARP, Request who-has 10.2.0.11 tell 10.2.0.145, length 35 out slot1/tmm1 lis= 05:04:02.140067 ARP, Request who-has 10.2.0.22 tell 10.2.0.145, length 35 out slot1/tmm1 lis= 05:04:02.542342 ARP, Request who-has 10.2.0.33 tell 10.2.0.145, length 35 out slot1/tmm0 lis= 05:04:02.830053 ARP, Request who-has 10.2.0.11 tell 10.2.0.145, length 35 out slot1/tmm1 lis= 05:04:03.140270 ARP, Request who-has 10.2.0.22 tell 10.2.0.145, length 35 out slot1/tmm1 lis= 05:04:03.542078 ARP, Request who-has 10.2.0.33 tell 10.2.0.145, length 35 out slot1/tmm0 lis= 05:04:03.829821 ARP, Request who-has 10.2.0.11 tell 10.2.0.145, length 35 out slot1/tmm1 lis= 05:04:04.140054 ARP, Request who-has 10.2.0.22 tell 10.2.0.145, length 35 out slot1/tmm1 lis= 05:04:04.541731 ARP, Request who-has 10.2.0.33 tell 10.2.0.145, length 35 out slot1/tmm0 lis= 05:04:04.829547 ARP, Request who-has 10.2.0.11 tell 10.2.0.145, length 35 out slot1/tmm1 lis= 05:04:05.151254 ARP, Request who-has 10.2.0.22 tell 10.2.0.145, length 35 out slot1/tmm1 lis= 05:04:05.541915 ARP, Request who-has 10.2.0.33 tell 10.2.0.145, length 35 out slot1/tmm0 lis=

0
Comment made 17-Apr-2018 by boneyard 5579

yeah that pretty much indicates some sort of network issue. assuming your big-ip has ip 10.2.0.145 and the servers are 10.2.0.11, .22 and .33.

the big-ip is looking for them, but they aint responding. you need to look at the VMware network level for this. if the others parts are working then it is probably some configuration issue.

0
Comment made 18-Apr-2018 by anujg27 1

Please see attached my vmware network settings Image Text

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Anuj,

To me, it looks like VMnet issue rather then the F5 issue. Try swapping VMnet2 with other interfaces.

0
Comments on this Answer
Comment made 18-Apr-2018 by anujg27 1

Tried and still the same issue.

Correction-I think this resolved the issue. Instead of using VMNET2. I changed it to VMNET3 and it starting working.

0
Comment made 18-Apr-2018 by Learner 17

We can have teamviewer session if you need, let me know if you want me to come on teamviewer and see what's happening there.

0
Comment made 18-Apr-2018 by Learner 17

Also Anuj, can you send your VLAN and Self-IP configs of the LTM? Is the internal interface/vlan tagged or untagged?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

In VMware player or workstation pro, Host-Only network is just for the purpose as the name reads. You use it to establish communication channel between your Host and Guests. This will be suitable for management interface (if no internet connectivity is needed) and external interface so that your host can access VIPs.

Guest-to-Guest communication does not work with Host-Only networking. If you run native instances of web-servers, then you can use Host-Only networking for internal segment, but if you virtualize them, you can not.

With virtualized web-servers, your internal network needs Guest-to-Guest connectivity (BigIP to servers, and servers to BigIP). Your best choice here is to use "Lan Segment" for the respective network adapter.

My own lab on VMware was built as follows:

NetAdapter 1 (Management). NAT for internet connectivity via mgmt interface (a)
NetAdapter 2 (Client-Side/External). Host-Only with host adapter and DHCP disabled
NetAdapter 3 (Server-Side/Internal). Lan Segment 1
NetAdapter 4 (HA). Lan Segment 2

a) NAT also hides the mgmt interface from other folks in same network. If you build
 your lab on top of a laptop that you occasionally take to a conference or workplace,
 you should never use bridged networking in place of NAT for internet connectivity

With this setup, I could freely pick whether I use VLAN tagging or not. Also the routing can be implemented cleanly as in production-like environments without the requirement to use SNAT. Asymmetric routing issues are avoided by design.

Good luck with the studies and regards,

0
Comments on this Answer
Comment made 18-Apr-2018 by anujg27 1

Hannes,

Since I am just having issue with the pinging internal servers I have not configured anything else but the internal network. As advised by you I have tried to put the 10.2.0.11, .22 and .33 and my internal interfaces of BIGIP all on Lan Segment 1 and still the same issue. All webservers can ping each other but can't ping the big ip - 10.2.0.145

0
Comment made 18-Apr-2018 by Hannes Rapp 3890

Did you set your BigIP VLAN configuration as tagged or untagged? It's possible you have a mismatch

First thing I'd check

0
Comment made 21-Apr-2018 by anujg27 1

Untagged

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

hey man I had this same issue with this same lab.

Here's the problem during my issue:

ok so I finally got it.

The default gw on the servers was set to 10.2.0.1 which is the ip for the vmnet2 and not the bigIP interface, which in turn was set to 10.2.0.145.

So i set the gw to 10.2.0.145 and i get the webpages served all right.

The tutorial caused this confusion, I should email keith barker!

Get this checked.

0