NimbostratusMonitoring backend servers externally via ICMP
I have a simple setup in a test environment v13.1.1.2, with a virtual server and an associated pool with one member:
ltm node /Common/10.1.20.11 {
address 10.1.20.11
}
ltm pool /Common/pool_http {
members {
/Common/10.1.20.11:80 {
address 10.1.20.11
}
}
}
ltm virtual /Common/http_virtual {
destination /Common/10.1.10.20:80
ip-protocol tcp
mask 255.255.255.255
pool /Common/pool_http
profiles {
/Common/http { }
/Common/profile_analytics { }
/Common/tcp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}
I would like ICMP packets sent from my machine 10.1.10.1 to the virtual IP 10.1.10.20 to be forwarded to the backend server 10.1.20.11, and I would like to receive the replies.
If I look at the VIP configuration (Local Traffic ›› Virtual Servers : Virtual Address List ›› 10.1.10.20) I can see the "ICMP echo" configuration option, and the help section suggests the following:
"Specifies how the system sends responses to Internet Control Message Protocol (ICMP) echo requests on a per-virtual address basis. When enabled, the BIG-IP system intercepts ICMP echo request packets and responds to them directly. When disabled, the BIG-IP system passes ICMP echo requests through to the backend servers."
This does not happen (as verified with tcpdump), and if I understand K16885 correctly, then the instructions above are actually incorrect as the article says: "To prevent the BIG-IP system from responding to ICMP echo packets, you must disable ICMP Echo at the virtual address level."
So what method would you recommend to achieve my goal?
