Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

vCMP route-domain issue

Having a strange issue. F5 is logically inline between a firewall and the servers. I attempted to migrate from a virtual edition to vCMP guest and ran into a few issues. The main issue I am struggling with is that the vCMP guest, configured with partitions and route-domains is not reachable on the server facing Self-IP from the client side.

Code 12.1.2

Let's say we have 2 VLANs in one parition/route-domain. VLAN 10, 192.168.10.0/24 client facing VLAN 20, 192.168.20.0/24 server facing

The route-domain in question has a default route with the gateway being a layer 3 VLAN on the firewall. The servers have a default gateway of the Floating Self-IP on the F5.

Virtual Edition: VLAN 10 and VLAN 20 Self-IP addresses are pingable from user networks through the firewall F5 can ping servers in VLAN 10 from VLAN 10 Self-IP Users can ping servers in VLAN 10 through the firewall

vCMP Guest: VLAN 10 Self IP addresses are pingable from the user networks through the firewall VLAN 20 Self IP addresses are unresponsive F5 can ping servers in VLAN 10 from VLAN 10 Self-IP Users CANNOT ping server in VLAN 10 through the firewall

bigip.conf file objects were copied from Virtual Edition partition to vCMP guest partition. All bigip_base.conf objects were created manually. 4 partitions/route-domains in total each setup similarly, all have the same issue.

Per F5 instructions: - inherited VLANs from host - deleted VLANs in guest - created route-domains - created partitions with appropriate route-domain set as default for partition - re-created VLANs inside appropriate paritions

Not really sure where to begin. Probably should have restarted MCPD, but didn't get a chance before rollback. Am I missing something, or could it have just been an MCPD issue?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You say "F5 can ping servers in VLAN 10 from VLAN 10 Self-IP", but also "VLAN 20, 192.168.20.0/24 server facing". Where are the servers located??

If VLAN 20, can you ping them from your self IP in VLAN 20 (use rdsh to switch to the right route domain)? Will you get a valid ARP entry for the server IPs in VLAN 20? If yes, is it in the right route domain? If no valid ARP entry can be seen, have you checked whether VLAN 20 is really available and forwarding on your vCMP host's uplinks?

0
Comments on this Answer
Comment made 11-May-2017 by amass87 83

Sorry, should have mentioned using rdexec 30 ping 192.168.20.20 I can reach the server in VLAN 20.

Wasn't able to figure out how to pull ARP for a specific route-domain. I assumed I could run "rdexec 20 arp" but that was unsuccessful.

0
Comment made 12-May-2017 by Martin Robbins 234

You can look at the local arp in the routing domain using the rdsh command

$ rdsh 20
$ arp -an
$ exit

Or for tmm arp table use

$ tmsh show net arp
0