Forum Discussion
Gabriel_V_13146
Cirrus
CirrusBasic network configuration with BIGIP VE
Hello all,
one thing is to physically plug wires into the network plugs, however having possibility to run BIGIP as a Virtual Edition is great. I'm trying to run it in the AWS VPC network and having little problems to access backend servers.
I've followed the F5 documentation http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-amazon-ec2-11-4-0.html
As far I understand I allowed all traffic between the backend server and BIGIPin the AWS VPC level
Maybe it has nothing to do with BIGIP itself, but I hope somebody more experienced will notice
AWS VPC network configuration: https://dl.dropboxusercontent.com/u/44802047/images/F5%20LTM.png
trying to access the backend server: [root@f5:Active:Standalone] ~ ping 10.0.2.102 PING 10.0.2.102 (10.0.2.102) 56(84) bytes of data. From 10.0.2.64 icmp_seq=2 Destination Host Unreachable
is anything what I apparently forgot? if I run another EC2 instance with multiple network cards, I can ping the backned server with no problems.
Apparently I just forgot to configure something very stupidly simple. Any advice?
BIG-IP network configuration:
Interfaces
Status Name MAC Address Media Speed VLAN Count Trunk
UP 1.1 16:25:72:97:d3:6d 10000 1
UP 1.2 16:25:72:a2:fb:fa 10000 1
`
Self IP
`Name Application IP Address Netmask VLAN / Tunnel Traffic Group Partition / Path
10.0.1.101 10.0.1.101 255.255.255.0 external none Common
10.0.1.27 10.0.1.27 255.255.255.0 external none Common
10.0.2.101 10.0.2.101 255.255.255.0 internal none Common
10.0.2.64 10.0.2.64 255.255.255.0 internal none Common
`
VLAN
`Name Application Tag Untagged Interfaces Partition / Path
external 4093 1.1 Common
internal 4094 1.2 Common
`
Kernel IP routing table
`Destination Gateway Genmask Flags Metric Ref Use Iface
127.1.1.0 * 255.255.255.0 U 0 0 0 tmm0
127.3.0.0 * 255.255.255.0 U 0 0 0 mgmt_bp
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 0 0 0 external
10.0.2.0 * 255.255.255.0 U 0 0 0 internal
Hi. Good to hear that you resolved your problems.
Yes, you can't just configure an BIG-IP with IP address from a valid amazon subnet and start using it. Any IP address you use should be configured on amazon side via Manage Private IP Addresses. What about BIG-IP floating self-ips or failover? It works for me and afaik it's officially supported.
src/dest check is a good point. Personally I prefer to use source address translation set to Auto Map for a virtual server if possible.
What_Lies_Bene1Cirrostratus
Can you try uploading the picture again please, it's not showing.- Gabriel_V_13146really, the AWS VPC network configuration is at https://dl.dropboxusercontent.com/u/44802047/images/F5%20LTM.png if it helps
I think using this ip addressing scheme your backends and the BIG-IP instance should be placed within the same VPC. Is this what you did?
- Gabriel_V_13146
Hello Egor, indeed, it's all in the same VPC (well, I am pretty sure it is how it should be) :) I'm installing it clean again, I and see if it helps.
Gabriel
- Gabriel_V_13146
Ok, now it works. Apparently BIGIP cannot enforce it's settings to the AWS network interfaces, we have to live with what we get from the infrastructure. So what helped:
- disable the src/dest check on the network interfaces (The LTM translates only destination by default, n'est pas?)
- NIC secondary IP addresses (used as a virtual server address) removed from the SelfIP list
- stop / start the BIGIP instance
I am not aware I did anything different.
Carpe diem Gabriel
Hi. Good to hear that you resolved your problems.
Yes, you can't just configure an BIG-IP with IP address from a valid amazon subnet and start using it. Any IP address you use should be configured on amazon side via Manage Private IP Addresses. What about BIG-IP floating self-ips or failover? It works for me and afaik it's officially supported.
src/dest check is a good point. Personally I prefer to use source address translation set to Auto Map for a virtual server if possible.