Forum Discussion
Nimbostratusall ip's in a subnet behind my F5 respond to ping even though I only have 4 devices active
Hello Everyone,
I was wondering if you could point out a likely configuration mistake. Currently I have an F5 that has a subnet behind it for virtual servers. The virtual servers that are currently behind it are functioning without issue. They can also communicate with my other devices not behind the F5. I can SSH and manage these devices with no problems.
My issue is that I can ping any IP address in the subnet and all of them return an icmp echo response. My guess is that I somehow configured the F5 to respond to echo requests for all IP's but I can not seem to figure it out.
6 Replies
Cory_50405Noctilucent
Can you elaborate a bit more about your environment and how clients reach assets in the subnet behind your BIG-IP? And more in general, how routing works in your environment? You mention being able to SSH to the devices behind the F5. Do these communications go through a virtual server on the BIG-IP?
jessej1111_1443Let me go a little more into the details. All IP's have been changed. I have a private IP range on the F5 lets call it 192.168.100.0/24. The F5 is the gateway for this subnet and has 192.168.100.1, 192.168.100.2, & 192.168.100.3 as I have 2 in an active / standby setup so .1 is the gateway. These are my real servers that sit behind the F5. I have public IP's that my virtual servers are using. In this case I have multiple virtual servers hosting websites passing to my real servers on port 80 and 443. I have Ethernet connections that go from my F5's to my core cisco. I have other private subnets that can access the real servers with no problem using their private IP addresses. The real servers can also access my other private subnets without issue. Connectivity is functioning and I get no logs suggesting a network connectivity issue. The weirdness is that if I ping an IP in the subnet the real servers are on that I know is not in use it returns an echo reply. This behavior is also only happening on the subnet behind the F5 and all of my other private subnets are functioning properly. I only noticed this when I ran a scan with my ipam tool and it told me the range was full.- Cory_50405For the IP addresses in your real server range that are responding to ping despite there not being a real server with that IP address, what is the MAC address being seen in the pinging machine's ARP table for that address? Is the BIG-IP responding to the ARP requests, or is something else?
- nitass
Employee
do you have network virtual address configuration with arp and icmp enabled?
e.g.
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual-address 192.168.100.0 all-properties ltm virtual-address 192.168.100.0 { address 192.168.100.0 app-service none arp enabled auto-delete true connection-limit 0 description none enabled yes floating enabled icmp-echo enabled inherited-traffic-group true mask 255.255.255.0 metadata none partition Common route-advertisement disabled server-scope any traffic-group traffic-group-1 unit 1 } 
johnsont531_182jessej1111 Was issue resolved? I am seeing same issue currently.
Thanks!
- johnsont531_182
Found issue had IP forwarding VIP with ICMP echo and ARP enabled. Disabled and straighted out.
