Forum Discussion

aboulleill_3013's avatar
aboulleill_3013
Icon for Nimbostratus rankNimbostratus
Jun 05, 2017

health monitor issue from partition

Dears,

 

I have a strange behavior on my f5 BIG-IP (version 11.4.1) related to health monitor on nodes & pools. The f5 is partitioned into 3 partitions along with default common partition. Each partition has its own configuration and included default gateway and route domain. The problem is when trying to insert an external node into a pool as pool member and I choose health monitor type : TCP --> its not working (always offline in red) However ECHO-ICMP is working properly.

 

As well telnet from F5 cmd is not working within the pratition (rdsh X) however it works from F5 management.There is no asymmetric routing in our case and the f5 is placed one armed leg mode.

 

I tried to run wireshark on the node itself and discovered that the node is not replying back on SYN messages sent from F5 Partition IP.

 

Best Regards, Ralph El Habr

 

application delivery
LTM

2 Replies

Sort By
  • Ilian_Ivanov's avatar
    Ilian_Ivanov
    Icon for Nimbostratus rankNimbostratus
    Jun 05, 2017

    Hi,

     

    You can check what is your source IP address when trying to connect to the server.

     

    "ip route get SERVER_IP" in bash mode. Just be sure that you are in the correct partition.

     

    For example:

     

    (bigIP)(cfg-sync In Sync)(Active)(/Common)(tmos) bash

     

    [bigIP:Active:In Sync] ~ rdexec 2 bash

     

    [bigIP:Active:In Sync:%2] ~ [bigIP:Active:In Sync:%2] ~ ip route get 1.1.1.1 1.1.1.1 via 10.10.10.1 dev eth0 src 10.10.10.71 cache mtu 1500 advmss 1460 hoplimit 64

     

    Then I can suggest you to check if that IP/Port are allowed on your FW. Have in mind that 10.10.10.71 is your self-IP, you will need to allow also the floating IP address (if you have one).

     

  • aboulleill_3013's avatar
    aboulleill_3013
    Icon for Nimbostratus rankNimbostratus
    Jun 05, 2017

    Dear Ilian,

     

    Thank you for your prompt reply.But the firewall rules are allowing any any during troubleshooting purpose. I dont think its a firewall problem.

     

    Best Regards, Ralph El Habr