Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Virtual Server creation

Hello,

I am new to F5 and using the evaluation version of F5 (Big IP LTM Virtual Edition). I am facing problem while creating the virtual server for tomcat application.

F5 Big-IP LTM VE is running on VMPlayer. And I can access the admin page of F5 via https://>

I want to test F5 with 3 tomcat applications which are running as cluster. All my three tomcat instances are on same machine with different port. http://:8081//cluter-example/test.jsp http://:8082//cluter-example/test.jsp http://:8083//cluter-example/test.jsp I tested out successfully this cluster with Apache server.

As I do not have much idea as how to create Virtual server which will use my newly created pool which has all the three tomcat instances.

I tried to create Virtual server with following parameter: Type : host Address : some random IP address. Service port : 80 with HTTP VLAN and tunnel traffic : All VLAN and tunnel SNAT Pool : autoMap

Afterward I try to access the virtual server as http://>:80 And then getting nothing (I am expecting it should go to one of the tomcat instance) I tried with http://>:80/cluster-example/test.jsp but same result.

In Health monitor side I used Send String : GET /cluster-example/test.jsp

Please let me know what are the things I am missing and why given virtual IP with 80 port as HTTP... its not redirecting to tomcat application side.

-Sandeep

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The BigIP acts as a proxy. So you can debug it at both the bigip/client and bigip/server side to see whats happening.

If you tcpdump both sides, what do you see? Does the connection between client and bigip succeed? Do you see the request come from the client? (I usually test using telnet for this point as browsers just get in the way at this level).

If that all looks OK, what do you see at the server side? Does BigIP open a connection to the server? Is the request passed through?

Are you seeing any errors in /var/log/ltm? Perhaps your client is using HTTP methods not supported by the HTTP profile?

  • This all assumes of course that your pool and poolmembers are marked as available by your pool monitor already...

H

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Hamish,

Thanks for the answer. Being new user of F5, I could not get lots of things which you asked. Can you please let me know how I can do tcpdump in both sides ?

I used telnet command to see whether I am able to connect virtual server IP with port, but I could not succeed. And that the reason I am thinking that Virtual server which I created is not accessible at all.

-Sandeep

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

it is up to you, but perhaps you should start with something simpler then.

one virtual server (standard) listening on port 80 (HTTP), one pool with one member also on port 80. not special profiles, just the basic and go from there.

then see if you can browse to the virtual server and get the website of the pool member to show up.

for tcpdump on both sides you can use the interface 0.0, so:

tcpdump -i 0.0 -nn

if that causes to much traffic you could use it with a filter, but then you need to use both the virtual server ip and the nodes.

tcpdump -i 0.0 -nn host <ip virtual server> or host <ip pool member 1> or host <pool member 2>
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

As I said earlier that my virtual server is not responding at all because when I use telnet command with virtual server ip and port its refusing the connection saying no route to host.

Let me tell all the things which I done till now. * Download F5 Big-IP LTM VE trial version * Running F5 via VMPlayer (VMPlayer is installed on my machine). * In console window of F5, I used command "config" and then set the IP address of f5. * Now I can access admin console from Browser. * After admin/admin credential, I created pool / members etc.. * Now last thing remaining is to create new virtual server. * As a lemon person: in Destination side I selected Type as Host and gave new random IP (111.111.111.100) with Service port as 80:HTTP * Everything looks good and I can see Green signal in Availability side

Now I back to my VMPlayer console and try to use telnet command to access new virtual server IP (111.111.111.100) with port.

Browser side. I tried to use http://111.111.111.100:80

As I am not a sysadmin person but I want to try F5 for evaluation purpose. And I am pretty much sure that creation of virtual server has some problem.

If we create virtual server with random IP (111.111.111.100), What all other things need to be consider ? I thought that I can give any random number because one of the f5 LAB video, I observed this.

-Sandeep

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

you have to consider being able to reach the F5 on the virtual server IP and the F5 being able to reach the pool members. i'm not sure how VMPlayer handles this, the LTM VE will probably choose interfaces it connects with for an external and internal network and management, but how exactly i don't know.

did you follow any documentation for setting it up you can share?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

see below linked which I followed.

http://www.youtube.com/watch?v=_tEzfsoMxJ4

http://www.dasblinkenlichten.com/f5-ltm-ve-setting-up-basic-load-balancing/

http://www.f5.com/pdf/deployment-guides/tomcat-dg.pdf

-Sandeep

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

For installation of LTM VE on VMPlayer, I used this link http://www.youtube.com/watch?v=1gyiQOYeS0A

-Sandeep

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

In console window of F5, I tried to use command : tmsh list ltm virtual ltm virtual CCE-Tomcat_virtual_server { destination 172.29.0.44:http ip-protocol tcp mask 255.255.255.255 persist { CCE-Tomcat_persist_profile { default yes } } pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } CCE-Tomcat_one_connect_profile { } bea_weblogic_http-lan-optimized-caching_shared_http { } } snat automap translate-address disabled }

Is there any way to change the netmask ?
In general I am using netmask 255.255.254.0

I tried to create virtual server with Network option but got the error:

01070348:3: Virtual Server CCE-Tomcat_virtual_server destination 172.29.0.44 and netmask 255.255.254.0 are not valid.

Would appreciate any help to configure Virtual server ?

-Sandeep

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Is there any way to change the netmask ? In general I am using netmask 255.255.254.0

you can use modify ltm virtual command. please make sure translate-address is enabled (i.e. it will translate destination ip to pool member ip). also, you may have to enable arp on network virtual address.

e.g.

root@ve10(Active)(tmos)# list ltm virtual bar
ltm virtual bar {
    destination 172.28.19.252:http
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    snat automap
}

root@ve10(Active)(tmos)# modify ltm virtual bar destination 172.28.18.0:80 mask 255.255.254.0 translate-address enabled

root@ve10(Active)(tmos)# list ltm virtual bar
ltm virtual bar {
    destination 172.28.18.0:http
    ip-protocol tcp
    mask 255.255.254.0
    pool foo
    profiles {
        http { }
        tcp { }
    }
    snat automap
}

root@ve10(Active)(tmos)# list ltm virtual-address 172.28.18.0
ltm virtual-address 172.28.18.0 {
    arp disabled
    mask 255.255.254.0
}

root@ve10(Active)(tmos)# modify ltm virtual-address 172.28.18.0 arp enabled

root@ve10(Active)(tmos)# list ltm virtual-address 172.28.18.0
ltm virtual-address 172.28.18.0 {
    mask 255.255.254.0
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi sundeep,

I am not sure but I believe you must configure the in and out interfaces as well, to get the request in to the VS them to specific pool member.

I suggest, you must go through the configuration and creation part of the VS, pool member and nodes.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I tried to change mask via modify command but got the same error.

[root@f5:Active] config # tmsh

root@f5(Active)(tmos)# list ltm virtual vs_http_sandeep

ltm virtual vs_http_sandeep { destination 172.29.0.251:http ip-protocol tcp mask 255.255.255.255 pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } } snat automap }

root@f5(Active)(tmos)# modify ltm virtual vs_http_sandeep destination 172.29.0.251:80 mask 255.255.254.0 translate-address enabled

01070348:3: Virtual Server vs_http_sandeep destination 172.29.0.251 and netmask 255.255.254.0 are not valid.

root@f5(Active)(tmos)# modify ltm virtual vs_http_sandeep destination 172.29.0.251:80 mask 255.255.254.0

01070348:3: Virtual Server vs_http_sandeep destination 172.29.0.251 and netmask 255.255.254.0 are not valid.

Concerning the Network Interface for in and out, I do not know how to create.
Can you please tell me the steps.

When I opened "Network->Interface->Statistics" I can see there are 3 interfaces:

Name: mgmt Status: UP (I can Bits in and out, Packets in and out)

Name:1.1 Status:Uninitialized (No Bits and No Packets)

Name:1.2 Status:Uninitialized (No Bits and No Packets)

Above interface inherited from VMPlayer side as I can see 3 network adapters when I open VmPlayer ->Manage -> Virtual machines setting.

First Network Adapter : Bridge (Automatic) Second Network Adapter : Host Only Second Network Adapter : Host Only

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

e.g.

root@ve10(Active)(tmos)# list ltm virtual vs_http_sandeep
ltm virtual vs_http_sandeep {
    destination 172.29.0.251:http
    ip-protocol tcp
    mask 255.255.255.255
    pool CCE-Tomcat_pool
    profiles {
        CCE-Tomcat_lan-optimized_tcp_profile { }
    }
    snat automap
}

root@ve10(Active)(tmos)# modify ltm virtual vs_http_sandeep destination 172.29.0.0:80 mask 255.255.254.0 translate-address enabled

root@ve10(Active)(tmos)# list ltm virtual vs_http_sandeep
ltm virtual vs_http_sandeep {
    destination 172.29.0.0:http
    ip-protocol tcp
    mask 255.255.254.0
    pool CCE-Tomcat_pool
    profiles {
        CCE-Tomcat_lan-optimized_tcp_profile { }
    }
    snat automap
}

root@ve10(Active)(tmos)# modify ltm virtual-address 172.29.0.0 arp enabled

root@ve10(Active)(tmos)# list ltm virtual-address 172.29.0.0
ltm virtual-address 172.29.0.0 {
    mask 255.255.254.0
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I tried again now with changed destination address and new net mask and got the same error.

root@f5(Active)(tmos)# modify ltm virtual vs_http_sandeep destination 172.29.0.252:80 mask 255.255.254.0 translate-address enabled

01070348:3: Virtual Server vs_http_sandeep destination 172.29.0.252 and netmask 255.255.254.0 are not valid.

Just to know you are also using the LTM VE 10.1.0.3341.1084?
I am still thinking that there is something missing out in my configuration.

Should I reinstall all the things I mean download the new copy of LTM VE 10.1.0.3341.1084 and then run it via VMPlayer ? I can not change version of LTM VE i.e 10.1.0.3341.1084 because its a trial.

-Sandeep

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

01070348:3: Virtual Server vs_http_sandeep destination 172.29.0.252 and netmask 255.255.254.0 are not valid.

172.28.0.252 is not a network address...

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Ok I tried modifying another virtual server which has initial IP as 172.29.0.44 :

root@f5(Active)(tmos)# list ltm virtual CCE-Tomcat_virtual_server
ltm virtual CCE-Tomcat_virtual_server { destination 172.29.0.44:http ip-protocol tcp mask 255.255.255.255 persist { CCE-Tomcat_persist_profile { default yes } } pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } CCE-Tomcat_one_connect_profile { } bea_weblogic_http-lan-optimized-caching_shared_http { } } snat automap }

root@f5(Active)(tmos)# modify ltm virtual CCE-Tomcat_virtual_server destination 172.29.0.50:80 mask 255.255.254.0 translate-address enabled 01070348:3: Virtual Server CCE-Tomcat_virtual_server destination 172.29.0.50 and netmask 255.255.254.0 are not valid.

Sorry for troubling lots !!!

-Sandeep

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

the network address is 172.29.0.0/23.

(tmos)# modify ltm virtual CCE-Tomcat_virtual_server destination 172.29.0.0:80 mask 255.255.254.0 translate-address enabled

you may have to enable arp on 172.29.0.0/23 virtual address. please make sure you understand its affect before enabling it.

(tmos)# modify ltm virtual-address 172.29.0.0 arp enabled
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Ok its worked only when I used 172.29.0.0 but If I used 172.29.0.16 (as this IP is available for the moment) then got the same error. Strange. Anyway I went ahead and changed 172.29.0.0 with mask 255.255.254.0 and enabled arp as well. But accessing this VS IP via browser ... got the same error which I had earlier.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

But accessing this VS IP via browser ... got the same error which I had earlier.

can you post the virtual server and pool configuration?

# tmsh list ltm virtual (virtual server name)
# tmsh list ltm pool (pool name)
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

root@f5(Active)(tmos)# list ltm virtual vs_http_sandeep

ltm virtual vs_http_sandeep { destination 172.29.0.0:http ip-protocol tcp mask 255.255.254.0 pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } } snat automap }

root@f5(Active)(tmos)# list ltm pool CCE-Tomcat_pool

ltm pool CCE-Tomcat_pool { load-balancing-mode least-connections-member members { 172.29.1.51:tproxy { monitor CCE-Tomcat_monitor priority-group 1 state up } 172.29.1.51:us-cli { monitor CCE-Tomcat_monitor priority-group 1 state up } 172.29.1.51:us-srv { monitor CCE-Tomcat_monitor priority-group 1 state up } } monitor CCE-Tomcat_monitor }

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

is there any specific reason you are using network virtual server (i.e. 172.29.0.0/23)? can you pick up one available ip address and setup host virtual server instead?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I thought to use network virtual server because I want to modify the netmask thinking that this is the root cause of problem.

Initially when I set up LTM VE, I tried to use host virtual server only. Anyway I modified my virtual server.

root@f5(Active)(tmos)# list ltm virtual vs_http_sandeep

    ltm virtual vs_http_sandeep {
        destination 172.29.0.44:http
        ip-protocol tcp
        mask 255.255.255.255
        pool CCE-Tomcat_pool
        profiles {
            CCE-Tomcat_lan-optimized_tcp_profile { }
        }
        snat automap
    }

root@f5(Active)(tmos)# list ltm pool CCE-Tomcat_pool

ltm pool CCE-Tomcat_pool {
    load-balancing-mode least-connections-member
    members {
        172.29.1.51:tproxy {
            monitor CCE-Tomcat_monitor
            priority-group 1
            state up
        }
        172.29.1.51:us-cli {
            monitor CCE-Tomcat_monitor
            priority-group 1
            state up
        }
        172.29.1.51:us-srv {
            monitor CCE-Tomcat_monitor
            priority-group 1
            state up
        }
    }
    monitor CCE-Tomcat_monitor
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Anyway I modified my virtual server.

so, does it work now? if not, can you capture packet on bigip to see what wrong is?

e.g.

# tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host 172.29.0.44 or host 172.29.1.51 -v
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Nope, it didn't work this time also. I run the command as you said and then try to access 172.29.0.44 or 172.29.1.51...

[root@f5:Active] tmp # tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host 172.29.0.44 or host 172.29.1.51 -v
tcpdump: listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 0
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Nope, it didn't work this time also. I run the command as you said and then try to access 172.29.0.44 or 172.29.1.51...

doesn't it mean it did not reach bigip?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Yes, http request is not reaching to f5. If I try to access http://172.29.0.44:80, I got the connection time out. Even when I ping VS IP (172.29.0.44) .. no response.

My three tomcat applications are running

 http://172.29.1.51:8081/cluster-example/test.jsp
 http://172.29.1.51:8082/cluster-example/test.jsp
 http://172.29.1.51:8083/cluster-example/test.jsp
0
Comments on this Answer
Comment made 23-Apr-2014 by jzjzjz 1
did you ever come up with a solution?? ive been banging my head against the wall with the same exact issue. ive tried every suggestion i can find on dev central, youtube & google. i feel its something simple im missing but cant put my finger on it (due to my very limited experience with bigip and vmware). from the lack of communication between the pc sitting on the outside /24 and the vs & external selfip... anyone?
0
Comment made 28-Mar-2017 by keshav 251

Please apply http profile on virtual servers so he can understand the traffic. After you applied if still not working take a tcpdump on virtual server side with command tcpdump -npi 0.0 host virtual servers IP address and check the issue.

Second run the curl command and paste the output here with info.

curl -x http:// virtual iP address

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It seems that the solution isn't available for this question either here or many other places like youtube, google, dev central website etc.

Can the destination address be any random value like (10.10.10.11) for a virtual server? or there are any specific values to be considered.

Thank you.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Dear Sravan Kumar,

The main thing you need to consider is that the Virtual Server (destination Address) has to be from a network which is accessible from your PC.

And before that.. (Sorry for this Question). Have you configured the Self-IP Addresses for your F5?

Regards

Mohammed Shiraz

0
Comments on this Answer
Comment made 14-Mar-2017 by Sravan Kumar M 2

Thankyou Shiraz, You mean the ping should be successful from my PC. But I see they are not reachable (ping says Request Timed out). I have reached out to the network provider to provide me the IPs.

Regarding your question: I am not sure how to configure Self-IP addresses for F5.

Once again thank you for the help. Appreciate it.

Regards, Sravan

0
Comment made 27-Mar-2017 by Sravan Kumar M 2

Does the ping successful a correct understanding?

In F5 support portal (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-5-0/2.html), it is mentioned that when a virtual server is created BIG IP will create the virtual address that is mentioned in destination address field.

Dos this mean, I can use any random value like 10.10.10.1 as destination address while creating a virtual server?

If so, my virtual server status is unknown and the traffic is not diverted to the pools/node members (physical servers) mapped to a Virtual server. (http://10.10.10.1:80 gives response as 'This site can’t be reached')

Please confirm if any address can be used as the destination address.

Thank you.

0