Tomas_190557
Nimbostratus
NimbostratusSolved
ipip tunnel between linux box and F5 LTM
I need to setup ipip tunnel between linux box and F5 LTM.
I've been playing with F5 configuration for a while (trying different traffic groups, local vs. floating IP, etc.), but no success.
Linux end of the tunnel works properly and packets sent from linux box to the F5 are received on the F5 end. However F5 rejects them with ICMP message "Destination Host Unreachable". See tcpdump output from F5[1]. Currently I use this config[2] on F5 (- trying to setup the F5 end of the tunnel on float IP) and this config [3] on linux box.Any idea what I'm doing wrong?
Thanks![1]
[admin@upshift-poc-f5-01:Active:In Sync] ~ tcpdump -i lan-vlan998 host 10.8.234.251 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan-vlan998, link-type EN10MB (Ethernet), capture size 65535 bytes
04:40:40.277519 IP 10.8.228.11 > 10.8.234.251: IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 52457, seq 1, length 64 (ipip-proto-4) in slot1/tmm0 lis=
04:40:40.277559 IP 10.8.234.251 > 10.8.228.11: ICMP 10.8.234.251 protocol 4 unreachable, length 36 out slot1/tmm0 lis=
04:40:41.277742 IP 10.8.228.11 > 10.8.234.251: IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 52457, seq 2, length 64 (ipip-proto-4) in slot1/tmm0 lis=
04:40:41.277790 IP 10.8.234.251 > 10.8.228.11: ICMP 10.8.234.251 protocol 4 unreachable, length 36 out slot1/tmm0 lis=
04:40:42.277762 IP 10.8.228.11 > 10.8.234.251: IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 52457, seq 3, length 64 (ipip-proto-4) in slot1/tmm0 lis=
04:40:42.277803 IP 10.8.234.251 > 10.8.228.11: ICMP 10.8.234.251 protocol 4 unreachable, length 36 out slot1/tmm0 lis=
[2]
F5_IP=10.8.234.251
RAMP_IP=10.8.228.11
TUNNEL_IP1=172.19.0.1
tmsh create net tunnels tunnel SDN { description "OpenShift SDN" local-address $F5_IP profile ipip remote-address $RAMP_IP traffic-group traffic-group-1 }
tmsh create net self SDN { address $\{TUNNEL_IP1}/24 allow-service all vlan SDN traffic-group traffic-group-1 }
[3]
F5_IP=10.8.234.251
RAMP_IP=10.8.228.11
TUNNEL_IP1=172.19.0.1
TUNNEL_IP2=172.19.0.2
ip tunnel add tun1 mode ipip remote $F5_IP dev eth0 local $RAMP_IP
ip addr add $TUNNEL_IP2 dev tun1
ip link set tun1 up
ip route add $TUNNEL_IP1 dev tun1
I have solved that myself.
I realized there was missing route in the LTM - it couldn't route to the other end of the ipip tunnel.
Once I added static route for that, it started to work.
