New BigIP VE not passing any traffic

Question

I'm running a trial version of Bigip VE 11.4.1 on ESXi/vSphere 5.5.  The only thing that works is the management interface (eth0). The other BigIP interfaces (internal, DMZ) won't pass any traffic. Ultimately from the VE, I can't ping the gateways of any of the interfaces (except the mgmt interface). I have been working with our networking and virtualization people on this with no luck.&nbsp;
The VE is connected to a virtual switch configured with VLAN 512. I have configured an untagged 512 VLAN and associated that with interface 1.1.  I have a self IP that is valid in that VLAN. The interface is enabled.  The MAC address of the interface matches in vsphere and in ifconfig and the BigIP GUI, so I know I have the correct interface.  I have tried the same config using both tagged and untagged for the VLAN.  I have reconfigured the routes, although that should not be needed to ping an address that is on the same network.  I have migrated the VE to a different virtual host in the same cluster, but that did not help. Thinking I might have fouled something up, I reset the VE back it its defaults but ran into the exact same problem and behavior.&nbsp;
If I take the same IP addressing and same vsphere virtual switch and stick them a virtual Windows server on them, the server works fine (can ping its gateway).  Of course the Windows server needs no VLAN configuration, so that is one difference between the VE and a Windows server.&nbsp;
So I'm at a loss to figure out why the VE can't ping a gateway. I'm out of ideas. What else can I try, check, change, or test?  We have 5 production 4200 LTMs that work well so I am familiar with the basics in that regard.&nbsp;

what_lies_bene1 · Answer

A few things to check;&nbsp;
You're using VMXNET3 vNICsPort Lockdown settingsI'm sure I had to enable Promiscuous Mode and Forget Transmits in the Hypervisor
Cheers&nbsp;

denisg_22372 · Answer

You could also ensure that the VLAN's you've assigned match up to the NIC that you have the set it to.  &nbsp;
Check the MAC address in the Host:  go to the virtual machine and edit settings and look at each of the NIC's and the MAC address.&nbsp;
Then go int o the bigIP and under Network Interfaces check the Mac there and make sure that NIC1 in the Host = Managment, NIC2 = External, NIC3 = Internal, NIC4 = HA&nbsp;
Hope this helps&nbsp;
D-Man&nbsp;

ken_b_50116 · Answer

Thanks everyone for the replies. I did finally get this working. All of the VLANs, interface numbers, and MAC addresses (virtual nics in vsphere and nics in BigIP) all did line up correctly. I did have all of the self IPs set to "allow all" for port lockdown, and I was using VMxnet3 for the virtual NICs.&nbsp;
The first problem was configuration problems on the virtual distributed switches in our virtualization environment, although I can't provide any detail about what was changed. I confirmed the virtual distributed switches in vcenter were configured for the correct VLANs. Next, I ran into a problem where enabling one of the virtual NICs wasn't working due a bug, whose fix was to shut down the VM, delete the NIC, and add a new NIC. Next, I had to use untagged VLANs, whereas our production Big IPs use tagged VLANs because of trunking.&nbsp;
Amazingly, after I got the one virtual NIC re-added and configured, my ping to its gateway started working.  I asked our vmware guy to hold off on the changes to the 'Promiscuous Mode' and 'Forget Transmits' settings.  &nbsp;
I added back the self IPs and VLANs for the other 2 interfaces, a default route, and one static route, confirmed the NICs were 'connected' in vcenter, and these new BigIP interfaces started working correctly too, pinging their gateways and reaching other networks.&nbsp;
So, I wish I could provide one simple reason for the problems, but it was at least 3 different factors: use untagged vlans, ensure virtual NICs connected/up, ensure virtual switches set correctly.&nbsp;
Now I can start testing the iApp for Websense, in hopes of figuring out why it doesn't work in our production environment.&nbsp;

what_lies_bene1 · Answer

Thanks for the feedback Ken, appreciated. I did some digging through my notes regarding 'Promiscuous Mode' and 'Forget Transmits' and it seems this may be vCentre specific and/or only required when using HA. Have you setup HA?

ken_b_50116 · Answer

I'm not planning to use HA on this virtual edition unit, as it 's a trial license anyhow.

Forum Discussion

New BigIP VE not passing any traffic

6 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Re: BigIP Report

BigIP 5200 traffic flow

Passing Arguments to iCall Scripts

BigIP Report Old

fellow traffic