LTM responding on behalf of servers which are down

Question

We are running on version 11.6.0 HF5, The behavior I am getting is : -&nbsp;
Client(US)---LAN----F5(Inline mode)(China)---Servers(this is the setup)&nbsp;
Being a client I am able to ping the IP's which are not yet assigned to servers and vacant, But subnet is allocated behind LB. Even If I try to trace my machine IP from one of the available server, trace completed in one single hop with "1 ms", and pinagble, No matter if I shutdown client machine. But when I trace from client to server it gets completed in 11-15 hop depending upon client location.&nbsp;
I have taken Wireshark on LB and seems that F5 is replying on behalf of servers and client. Which is creating issues. I have checked the forwarding Virtual servers configured on LB, they have ARP disabled. and ICMP echo enabled. &nbsp;
Any suggestions how can we get rid of this situation.&nbsp;

jinshu · Answer

As I understand from your question, you are getting ping responses from VIP even after the nodes are down, isn't it?&nbsp;
If thats case, thats the default behavior of F5 VIP. You can turn the VIP to disable mode to stop responding to ping/trace packets. &nbsp;
Disabling the ARP may cause you problems in future connectivity because ARP wont be updated for your VIP for your gateway and traffic might get mis-routed.&nbsp;
-Jinshu&nbsp;

ganesh_garg · Answer

issue was with ICMP-ECHO setting, which was enabled on forwarding Virtual server because of which LB was replying to the ICMP echo messages.&nbsp;

Forum Discussion

LTM responding on behalf of servers which are down

2 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Gzip content when using HTTP::respond

OCSP Responder

F5 Distributed Cloud Origin Server Subset Rules

Server Profile SNI

Virtual Server graphical App for F5 LTM