Setup BigIP F5 VE 25mbps Good in an AWS VPC

Question

Hello,&nbsp;
I've been trying for the last few days to setup Setup BigIP F5 VE 25mbps Good in an AWS VPC, based on these tutorials:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-amazon-ec2-12-1-0/2.html&nbsp;
https://devcentral.f5.com/articles/f5-in-aws-part-2-running-big-ip-in-an-ec2-virtual-private-cloud&nbsp;
(and probably many, many more F5 documentation pages)&nbsp;
Desired setup:
1 Virtual Server (PublicIP1:PortN)&nbsp;
1 Pool&nbsp;
1 Node (PublicIP2:PortN)&nbsp;
Current situation:
Node is green, HTTP monitor is green. SSH -&gt; curl to PublicIP2:PortN works.&nbsp;
Pool is green. Virtual Server is green. No firewall is blocking the connections.&nbsp;
However... the connection to PublicIP1:PortN does not work. BigIP does not have any IPs for eth0 and eth1 when I ifconfig, even though they should both have IPs (and they have Elastic IPs associated in AWS). &nbsp;
The web UI just shows me interface 1.1, as uninitialized... :(&nbsp;
I can provide any debugging information needed, just tell me where to get it since I'm obviously a BigIP newbie :)&nbsp;

costincaraivan_ · Answer

Coming back with some more details. I've managed to get past the uninitialized interface and have mostly been following this guide: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-amazon-ec2-12-0-0/2.html&nbsp;
However, when I connect to the Elastic IP bound to the second IP on the third network interface, the one used for the Virtual Server's external IP, the connection is reset.&nbsp;
tcpdump shows me something like this when trying to connect to the Elastic IP: PortN:&nbsp;
AWS private IP used by external interface:PortN &gt; web server IP:TotallyRandomPort (instead of PortN). I don't think this is normal and from what I can see everything is configured correctly regarding the ports, I can't see this random port number anywhere in the web UI. (nevermind, I think it's the port from the already established TCP connection to the backend, I think...; still overall there's no connection through Bigip)&nbsp;
Any ideas/tips for troubleshooting?&nbsp;

costincaraivan_ · Answer

Moving a bit forward, I think there's a routing issue:&nbsp;
show /net rst-cause&nbsp;

TCP/IP Reset Cause&nbsp;
RST Cause:             Count
No flow found for ACK     39
No route to host         311
Port denied               10&nbsp;
The connections are reset, the reset counter is incremented with "no route to host" every time I refresh the Firefox tab. Now I'm trying to figure out which route is missing...&nbsp;

jeff_giroux_f5 · Answer

Review our latest F5 templates on GitHub for AWS CFT deployments of BIG-IP. Does this help? These templates take care of all the routing and/or explaining in the README files.

https://github.com/F5Networks/f5-aws-cloudformation/tree/master/supported/standalone/3nic/existing-stack/payg

Forum Discussion

Setup BigIP F5 VE 25mbps Good in an AWS VPC

3 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Re: BigIP Report

BigIP Report Old

Looking for Setup Advice

How to Setup Shape Log Analysis in Fastly

Securing APIs with BigIP