I have configured f5 lb, one node and one pool , and two members in the pool. and Virtual Server is configured . I can see everything is working , (every place it is Green ), but when i use the VIP to connect my webserver, it is not getting resolved in my browser. can you pls throw some light on this issue. what to check and where to check ? I am Stuck with this issue for a long time.
p.s i have not configured irules, i have used default pool in Virtual server configuration
Whats the default gateway of your servers? If its not the F5 have you enabled SNAT?
please find the answers
2) VIP IP
3) web page not found error.
I want to trace the complete process, where can i find the trace logs. ?
and how to ensure that the my VIP is hit. ?
Does the port you specified on the pool member match what you have on the VS?
Is the pool assigned to the VS?
Does the monitor you assign match the service you are trying to connect to?
If you assign a different monitor, you could still get a positive feedback (Green) whereas the real service (http in this case) might not be available.
Please verify these.
Transactions are logged in /var/log/ltm
There are plenty of places we could start looking depending on the root cause.
First thing to consider is whether the frames are actually getting treatment from the VIP you think it is. I've seen folks get messed up by the processing order for instance https://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html
You could try a "noisy" tcpdump;
For you it would look something like;
tcpdump -ni 0.0:nnn "(host and port 80)" or "(host or host ...)" -s 0 -w
BIGIP adds a trailer that, when possible, tells you which VIP handled the frame. Of course, to make sense of it, you need that dissectors. You can grab those from;
Even without dissection, though the tcpdump will help you home in on the point of failure (are the frames even reaching F5? Can we see client-side counter-parts to these? etc) so maybe start there.
this may be helpful.
Quick Start: Application Delivery Fundamentals by Josh Michaels
I found the my Virtual Server is been hit by the request, but all my request are dropped.
and also found the below in my ltm log
Apr 13 11:31:46 local/tmm1 notice tmm1: 01200004:5: Packet rejected remote IP 136.2xx.1xx.2xx port 0 local IP 10.x1.1xx.1x port 3 proto ICMP: Port closed.
I checked bigip_error_maps.dat (in /var/run/ folder) looking for both 01200004 code as well as "rejected" word and nothing was returned matching posted entry, I was pretty sure that everything that is placed in ltm log should have entry in this file - am I wrong?
Considering problems with this VS - what version of LTM are you running? Can you ping selfIP of this LTM on the VLAN you have your VS defined? Actually Virtual IP used by VS should reply to ping even if VS is disabled or pool is down. This can be turned of in "Local Traffic ›› Virtual Servers : Virtual Address List ›› your VIP name" by setting ICMP Echo to disabled (this option is available with new versions, I thing 11.5+).
You can as well disable icmp using Packet Filter. Still both those options are not creating any entries similar to posted in my ltm log.
Sorry if I repeat any previous posts/questions. This is a quick response intended as rough guideline.
How you troubleshoot this depends heavily on how you are setup. So here I am making some assumptions.
If you are connecting from same VLAN as VIP, all you need to do is start a quick tcpdump from CLI to confirm the client can establish a 3-WAY tcp handshake with VIP. i.e:
tcpdump -s0 -nni VLAN_NAME:nnn host YOUR_CLIENT_IP_HERE or arp or icmp
So, if you are using standard VIP you should see SYN arrive to F5 and SYN/ACK go back towards client (Check layer2 as well as layer 3 addresses please) and ACK back from CLIENT, followed by HTTP request from Client (typical 3WHS). If you see HTTP request from client, can you confirm the server is receiving this ? If you can get the first part of this puzzle then you are closer to solving the problem.
If you need more help can I suggest you paste in your VIP and pool config for everyone's benefit. Of course if the IP is sensitive to you then feel free to mask that out.
I hope that helps.
Go to Virtual Server ---> Configuration . In configuration see the option "Source Address Translation" you will see 3 option in "Source Address Translation" (1)- SNAT (2)- Auto Map (3)- None .. Select the 2nd Option (2)-Auto Map and Update . Now put your Virtual Server IP in web address bar. Try its working ...
Hi gauravkool it worked thanks mate