Forum Discussion

mikegray_198028's avatar
mikegray_198028
Icon for Cirrus rankCirrus
Jan 14, 2016

unable to ping server behind ltm

We have servers's default gateway is the LTM's floating IP and we configured wildcard(forward vip) vip also. After upgrade from VE 10.2.4 to VE 11.5.1 we are facing issue with icmp. We are unable to ping to the server behind the f5 from client desktop but able to ping from LTM to the servers. In the tcp dump able to the icmp packets are reaching to ltm. Can you tell me why icmp is not forwarding to servers?

 

Please note that all other protocols are working fine ,we are able to telnet to server from client and able to access http but the only issue with ping :(

 

====================

 

5583 57.620484 192.168.0.10 58.200.7.6 ICMP 182Echo (ping) request id=0x5035, seq=1/256, ttl=55 (no response found!)

 

====================

 

application delivery
BIG-IP
LTM

8 Replies

Sort By
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Jan 14, 2016

    Have you done a tcpdump on the LTM? Also, is your wildcard setup for all protocols rather than just TCP? The default is TCP only. This would cause you ICMP ping to fail.

     

    • mikegray_198028's avatar
      mikegray_198028
      Icon for Cirrus rankCirrus
      Jan 15, 2016
      Yes we have capture and I have copy pastes the packet in previous comment . The wildcard vip allowed for all protocols
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Jan 14, 2016

    Have you done a tcpdump on the LTM? Also, is your wildcard setup for all protocols rather than just TCP? The default is TCP only. This would cause you ICMP ping to fail.

     

    • mikegray_198028's avatar
      mikegray_198028
      Icon for Cirrus rankCirrus
      Jan 15, 2016
      Yes we have capture and I have copy pastes the packet in previous comment . The wildcard vip allowed for all protocols
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jan 15, 2016

    Did the ping packets reach the backend server at all?

     

  • tyson_244880's avatar
    tyson_244880
    Icon for Nimbostratus rankNimbostratus
    Jan 16, 2016

    @ mike can you elaborate.when we disable arp for vips on ltm using command "modify virtual-address any arp disabled", how is it going to effect icmp echo. Also i can see that you were facing this issue after upgrade from VE 10.2.4 to VE 11.5.1. you would have definitely tried to failover . there is when the problem would have started, if i am right. According to my knowledge, arp would have been disabled before the failover. when you tried to failover, BIG-IP virtual addresses sent gratuitous Address Resolution Protocol (ARP) messages after a failover event due to which BIG-IP virtual addresses that should not respond to ARP requests start receiving arp-traffic after failover.