Forum Discussion
NimbostratusBig-IP HA issue accessing management UI from a routed subnet
Good evening,
First time here and I don't have lots of experience with F5 but here's my question and hope someone can help :-)
I've been asked to take over an HA pair of F5 Big-IP v11.6 (virtual edition) that is configured in Active/Standby HA. The HA works fine although I still have some things to review. For the moment, I have a weird issue I can't seem to figure out. Here's a quick overview of my config:
Each BIG-IP has its own Management IP and 6 VLANs (include HA and external). Self IP and Virtual IP is defined on all VLANs. Port Lockdown is enabled only on HA (Default) and Monitoring (allow SSH and HTTPS only) VLANs.
The issue I have is when I try to manage the units through their self IP from a routed subnet. If I just try and PING both devices with their SelfIP, only one of them respond but never both. It always seems to be the Standby one that respond. The routing tables are the same on both devices.
Don't what else to check for.
Anything special I should look for?
Thanks! Sylvain
2 Replies
HamishCirrocumulus
Firstly, you shouldn't manage the bigip's via the selfip's. You should be managing via the management interface IP's. That's what they're for.
Second. To start to find out why one doesn't respond, use tcpdump to verify whether it's the packets TO bigip that get lost, or packets from bigip back to the management station. That's probably the first step I'd perform to work out where things are going wrong.
H
- Hamish
BigIP does respond to imp echo when active, so it's not that. Is the self you're trying to contact on the interface that's facing your client? or the far side of the bigip?
Are you tcpdump'ing with interface 0.0? or another interface?
H
