Floating self IP and virtual IP using same address.

Yes, it can work, but it's not generally a good idea as you're limited to which ports can be accessed as a self IP versus a virtual server IP. I'd look at the SNAT setting on the VS/routing if the pool is up, but no connections to the pool.

 

 

 

SOL8849: Configuring a virtual server to use the same IP address as a self IP

 

http://support.f5.com/kb/en-us/solutions/public/8000/800/sol8849.html

 

 

It is possible to configure a virtual server destination IP address and a self IP to use the same IP address.

 

 

Important: If you configure the BIG-IP web server and a virtual server to use the same self IP address, the virtual server will take precedence and process connections to the address.

 

 

 

Aaron

Aaron - if you're doing an HTTPS VIP, you're no longer able to manage device via Self-IP:443 then? How about if you're doing SNAT Automap? Do replies to automap address hit VIP instead of self-ip?

 

Thanks I removed the selfip as I dont think its a good idea generally.

 

 

As a side note I want to test the connection to my virtual server works on the active device from the standby device by sending a telnet 8080. I can ping the virtual IP from the other standby F5.. (it has routing domain configured and is in routing domain %4)

 

 

ping 10.252.1.61%4 <-- virtual ip on F5 active device

 

PING 10.252.1.61%4(10.252.1.61%4) 56 data bytes

 

64 bytes from 10.252.1.61%4: icmp_seq=0 ttl=64 time=4.15 ms

 

 

But cant figure out how to connect to it from the standby device e.g. telnet 10.252.1.61 8080 via route domain4, I cant use 10.252.1.61%4, it gives me unresolved. I want to somehow send a request to it via route domain4 to check I get a response from port 8080. Any ideas? or perhaps I have to enter route domain 4 mode or something?

 

 

 

 

Hi Chris,

 

 

It gets a bit "user-unfriendly" when trying to use CLI tools to connect to a virtual server in a non-default route domain. See SOL10467 for details on the issues:

 

 

sol10467: Userland applications on a BIG-IP system cannot connect to hosts in non-default route domains

 

http://support.f5.com/kb/en-us/solutions/public/10000/400/sol10467.html

 

 

Also, I think it would be simpler to test from the active unit as there have been issues connecting from the standby unit to the active.

 

 

Aaron

 

I thought I was the only one who had these issues! Ill check that article thanks.

 

By chance, did you try netcat? You may find that curl, wget or netcat will honor the route domain syntax - I'm not sure though.

 

-Matt

By chance, did you try netcat? You may find that curl, wget or netcat will honor the route domain syntax - I'm not sure though.

 

 

You basically need utilities that support IPv6 to connect from the LTM CLI to non-default route domains. So curl and netcat on LTM will work. But wget isn't included by default.

 

 

Aaron - if you're doing an HTTPS VIP, you're no longer able to manage device via Self-IP:443 then? How about if you're doing SNAT Automap? Do replies to automap address hit VIP instead of self-ip?

 

 

I expect if you define a VS on 443 on an IP defined as a self IP, you won't be able to connect to the admin GUI on that IP. If you enable SNAT using that self IP, TMM shouldn't use any reserved ports (<1024) to source traffic from. The TMM connection table should handle packets for established connections so there shouldn't be an issue there.

 

 

Aaron