F5 Newbie - Just Starting

My recommendation is check out the F5 Deployment guide. It may be able to answer most of your question

 

 

http://www.f5.com/solutions/resources/deployment-guides/index.htmlletterV

 

 

hope this helps,

 

CB

 

 

1. ) You are now ready to setup a Virtual Server (VS), which has fields to put in the name, IP address, and port, then select the pool you created. You don't need a route (at least on the BIG-IP LTM) to make it work, assuming the internal address on the LTM is the virtual machine's default gateway and if not, enable SNAT AutoMap on the VS during configuration (under Advanced settings). After you save the configuration for the VS, you should be good to go.

 

 

2. ) If you want to be able to route external requests directly to the virtual machines (for administration, etc.) then you need a route on the upstream router/firewall with a gateway of the BIG-IP shared self-IP address on the DMZ network. Example: If DMZ = 192.168.1.0 and internal = 172.16.1.0, do a "route add 172.16.1.0 netmask 255.255.255.0 gateway 192.168.1.1", where 192.168.1.1 is the BIG-IP external shared self-IP on that network). Again, gateway for servers must be 172.16.1.1, the internal shared self-IP.

 

 

As suggested earlier, you may want to check the Deployment Guide for a step-by-step process with illustrations on the VS creation (routing info is not in deployment guides) - but the information above covers the major steps.

 

 

/mh

Wow...this board is as good as ArsTechnica! Thanks for the pointers and I will check out the deployment guide.

 

 

I really appreciate the info!

 

 

Matt

OK, for some reason I am getting "servers marked down by a health monitor" I have them on the built-in http monitor.

 

What am I missing?

 

M

Matt: there could be a bunch of stuff affecting your health monitors. You mention that you're new to the f5 world, so I'll walk through some steps that may (hopefully) help you track it down. This is all done via the command line on your BigIP, since the BigIP is the client for health checks.

1) Ensure basic connectivity via ping.

2) If basic connectivity is good, telnet to your server port you defined for your pool members. For example, let's say I've got a server (192.168.100.10) listening on port 8080 and I want to be sure we're talking ok:

 
 config  telnet 192.168.100.10 8080 
 Trying 192.168.100.10... 
 Connected to 192.168.100.10. 
 Escape character is '^]'. 
 

If you connect, you'll see something like the output above. If you do, this is a good sign - the server is listening on the port you've configured in the pool. Now type "GET" and hit enter two times. Hopefully you'll see output.

If all of this works, you're getting close so don't give up!

For more (and higher quality) information on tracking this type of issue down refer to SOL3224 on ask.f5.com. Pay particular attention to their note about HTTP version mismatch, which I've run into dozens of times over the years.

-Matt

Check your server routing. Do the ping and "telnet " as suggested in the previous post, and if one or both fail, you probably have an additional NIC on the server with a different gateway (i.e. requests are going in one interface and out another). Otherwise, it is an ACL on the server not allowing the BIG-IP interface, or the standard "GET /" send string in the built-in monitor is getting kicked back. This usually means you need to create your own monitor, use http as the parent monitor, and put something more meaningful in the send and/or receive string field. Finally, you may just have the wrong server port. If you added the node without a port, it will default to the wildcard zero (*any port), in which case any service monitor will fail.