Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

F5 Load balancer not working, but all the configurations are successful

I have configured f5 lb, one node and one pool , and two members in the pool. and Virtual Server is configured . I can see everything is working , (every place it is Green ), but when i use the VIP to connect my webserver, it is not getting resolved in my browser. can you pls throw some light on this issue. what to check and where to check ? I am Stuck with this issue for a long time.

p.s i have not configured irules, i have used default pool in Virtual server configuration

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Whats the default gateway of your servers? If its not the F5 have you enabled SNAT?

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi tilden,

  • Do you see any connection hits on the VIP when you are trying on the browser ?
  • Are you using VIP IP or any Domain name to connect on browser ?
  • whats the error you get when you hit ?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi, please find the answers
1) No,

2) VIP IP

3) web page not found error.

I want to trace the complete process, where can i find the trace logs. ? and how to ensure that the my VIP is hit. ?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Does the port you specified on the pool member match what you have on the VS? Is the pool assigned to the VS? Does the monitor you assign match the service you are trying to connect to? If you assign a different monitor, you could still get a positive feedback (Green) whereas the real service (http in this case) might not be available.

Please verify these.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Transactions are logged in /var/log/ltm

There are plenty of places we could start looking depending on the root cause.

First thing to consider is whether the frames are actually getting treatment from the VIP you think it is. I've seen folks get messed up by the processing order for instance https://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html

You could try a "noisy" tcpdump; https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13637.html

For you it would look something like;

tcpdump -ni 0.0:nnn "(host and port 80)" or "(host or host ...)" -s 0 -w

BIGIP adds a trailer that, when possible, tells you which VIP handled the frame. Of course, to make sense of it, you need that dissectors. You can grab those from; https://devcentral.f5.com/Wiki/AdvDesignConfig.F5WiresharkPlugin.ashx

Even without dissection, though the tcpdump will help you home in on the point of failure (are the frames even reaching F5? Can we see client-side counter-parts to these? etc) so maybe start there.

Cheers, Bernie

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

this may be helpful.

Quick Start: Application Delivery Fundamentals by Josh Michaels
https://devcentral.f5.com/articles/quick-start-application-delivery-fundamentals

0
Comments on this Answer
Comment made 13-Apr-2015 by M@rcus 486
This was really helpfull. Does any one has configured the setup in Virtual edition in VMWare ? how can we setup multiple VLANS and have a communication established between them ? Thanks in Advance. - SAM
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi all,

I found the my Virtual Server is been hit by the request, but all my request are dropped.

and also found the below in my ltm log

Apr 13 11:31:46 local/tmm1 notice tmm1[5137]: 01200004:5: Packet rejected remote IP 136.2xx.1xx.2xx port 0 local IP 10.x1.1xx.1x port 3 proto ICMP: Port closed.

0
Comments on this Answer
Comment made 13-Apr-2015 by Sadorect 395
I had the same issue with a POC I am working on presently where pings made to a pool are not being replied. However, a tcpdump shows that the packet got to the interface holding the pool member. ICMP is not a supported way to test virtual server connectivity. It's better to have a proper service running on the pool member and have the service accessed via the VS. In my case, the test was successful once the VS was attached to the service rather than depending on port connectivity with ICMP pings.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

I checked bigip_error_maps.dat (in /var/run/ folder) looking for both 01200004 code as well as "rejected" word and nothing was returned matching posted entry, I was pretty sure that everything that is placed in ltm log should have entry in this file - am I wrong?

Considering problems with this VS - what version of LTM are you running? Can you ping selfIP of this LTM on the VLAN you have your VS defined? Actually Virtual IP used by VS should reply to ping even if VS is disabled or pool is down. This can be turned of in "Local Traffic ›› Virtual Servers : Virtual Address List ›› your VIP name" by setting ICMP Echo to disabled (this option is available with new versions, I thing 11.5+). You can as well disable icmp using Packet Filter. Still both those options are not creating any entries similar to posted in my ltm log.

Piotr

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

Sorry if I repeat any previous posts/questions. This is a quick response intended as rough guideline.

How you troubleshoot this depends heavily on how you are setup. So here I am making some assumptions.

If you are connecting from same VLAN as VIP, all you need to do is start a quick tcpdump from CLI to confirm the client can establish a 3-WAY tcp handshake with VIP. i.e:

tcpdump -s0 -nni VLAN_NAME:nnn host YOUR_CLIENT_IP_HERE or arp or icmp

So, if you are using standard VIP you should see SYN arrive to F5 and SYN/ACK go back towards client (Check layer2 as well as layer 3 addresses please) and ACK back from CLIENT, followed by HTTP request from Client (typical 3WHS). If you see HTTP request from client, can you confirm the server is receiving this ? If you can get the first part of this puzzle then you are closer to solving the problem.

If you need more help can I suggest you paste in your VIP and pool config for everyone's benefit. Of course if the IP is sensitive to you then feel free to mask that out.

I hope that helps.

Rgds,

Alex

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Go to Virtual Server ---> Configuration . In configuration see the option "Source Address Translation" you will see 3 option in "Source Address Translation" (1)- SNAT (2)- Auto Map (3)- None .. Select the 2nd Option (2)-Auto Map and Update . Now put your Virtual Server IP in web address bar. Try its working ... Image Text

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi gauravkool it worked thanks mate

0