Forum Discussion

Craigus_200691's avatar
Craigus_200691
Icon for Nimbostratus rankNimbostratus
May 05, 2015

F5 Initial Setup Help, Server cannot ping network

Hi,

 

Apologies I have had my head in whitepapers and trawled Google for hours then I came across this wonderful resource!

 

I have been thrown in at the deep end, we have purchased an f5bigip2000 with the LTM module and I have been given the task of setting this up from scratch, luckily I have a network engineering background and have worked with cisco's ACE and CSS platforms before so load balancing isn't totally foreign to me .

 

ISSUE I have a problem, I have dragged all the relevant vlans to the BIGIP and created self IP's for these vlans on the BIGIP. these self IP's are pingable through the network and the F5 has a default route to an SVI on our core network that is reachable (I have pinged this via the shell).

 

When I change a server (pool members) default gateway to the BIGIP the server looses connectivity and cannot ping the rest of the network, It CAN ping the self IP for its respected vlan on the LTM but nothing past this.

 

Any ideas, I am struggling with this one!

 

APM
availability
design
security
TMOS
TMSH

5 Replies

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    May 05, 2015

    Craigus

     

    Have you got a virtual server configured? The BIG-IP is a default deny box, unless there is a listener object (virtual server, snat or nat) then the box will drop traffic and not allow it through.

     

    For connectivity you may want to create a forwarding IP virtual server on 0.0.0.0/0 and all protocols.

     

    Hope this helps,

     

    N

     

  • Craigus_200691's avatar
    Craigus_200691
    Icon for Nimbostratus rankNimbostratus
    May 05, 2015

    Nathan,

     

    Thanks a-lot, that worked a treat. I can now ping the rest of the network from my servers when their gateways are on the BigIP.

     

    Is this a 'best practice' deployment option that you would see out in the field?

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      May 05, 2015
      good to hear. mark up if happy. re your second question, if a bigip is configured inline then yes, a forwarding ip vs would be required for the backend to get to other key resources updates, dns etc. if in a one-arm then not normally, rather you'd configure standard virtual servers to load balance apps via the bigip
  • Craigus_200691's avatar
    Craigus_200691
    Icon for Nimbostratus rankNimbostratus
    May 05, 2015

    Ok thanks, Can I still use the 'standard' VS to perform load balancing for clients incoming in this type of setup?

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      May 05, 2015
      yes, virtual servers have a precedence based on destination ip/port and, since 11.3 source ip too.