Forum Discussion

Jonas_Kunze_392's avatar
Jonas_Kunze_392
Icon for Nimbostratus rankNimbostratus
Feb 28, 2011

BIG-IP no handler deny

Hello,

 

 

our BIG-IP 4.2 is not handling requests to the virtual servers properly. With b summary I see the counter "no handler deny" increasing on every request. The backend nodes don't see any connection, even if the BIG-IP stats show connections made to the nodes in a balanced way.

 

 

 

Basically a request to 214.51.41.227 does not work and we need help for this! Thank you!

 

 

 

Here is our (simplified) test configuration:

 

 

 

---bigip_base.conf---

 

 

 

 

 

interfaces

 

 

 

vlans

 

vlan its {

 

tag 4094

 

interfaces add 1.24

 

}

 

vlan its-int {

 

tag 4093

 

interfaces add 1.1

 

}

 

vlan admin {

 

tag 4092

 

interfaces add 3.1

 

}

 

 

 

vlan groups

 

 

 

self IP addresses

 

self 214.51.41.229 {

 

vlan its

 

netmask 255.255.255.224

 

broadcast 214.51.41.255

 

}

 

self 10.0.1.9 {

 

vlan its-int

 

netmask 255.0.0.0

 

broadcast 10.255.255.255

 

}

 

self 192.168.0.245 {

 

vlan admin

 

netmask 255.255.255.0

 

broadcast 192.168.0.255

 

}

 

 

 

 

 

---bigip.conf---

 

 

 

constants

 

global mirror disable

 

global open_telnet_port enable

 

global open_ftp_ports enable

 

global open_ssh_port enable

 

global open_corba_ports enable

 

global webadmin_port 443

 

 

 

services

 

service 80 443 tcp enable

 

service 80 udp enable

 

 

 

default gateway pool

 

pool default_gateway_pool {

 

member 214.51.41.225:*

 

member 192.168.0.1:*

 

}

 

 

 

default_gateway use pool default_gateway_pool

 

 

 

server pools

 

 

 

pool mvnodes {

 

lb_method least_conn_member

 

min_active_members 1

 

member 10.0.1.18:81

 

member 10.0.1.19:81

 

}

 

pool mvnodes_test {

 

member 10.0.1.15:80

 

}

 

 

 

 

 

virtual servers

 

 

 

virtual 214.51.41.227:http unit 1 {

 

use pool mvnodes_test

 

vlans admin disable

 

}

 

virtual 214.51.41.228:http unit 1 {

 

use pool mvnodes

 

vlans admin disable

 

}

 

 

 

 

 

monitors

 

monitor testAvail {

 

type http

 

use "http"

 

interval 5

 

timeout 16

 

dest *:*

 

send "GET /rest/testAvailability"

 

recv ""

 

username ""

 

password ""

 

}

 

 

 

 

 

 

 

node * monitor use icmp

 

node 10.0.1.18:81 10.0.1.19:81 monitor use testAvail

 

 

 

 

 

 

 

 

  • Are you testing from the admin VLAN? Or maybe on a port other than 80? The virtual server is disabled on the admin VLAN and only listening on port 80.

     

     

    Aaron
  • No, I'm testing the virtual server ip port 80, from the "its" vlan. The BIG-IP receives the request but discards it with "no handler deny". Did I forget to configure anything? Or is there also a possibility to completely reset the BIG-IP to start from scratch?
  • For 4.2, I'm not sure. I remember in 4.5 that you could use 'b reset'. Else, you could probably just rename the bigip.conf and bigip_base.conf.

     

     

    sol4389: Resetting the BIG-IP configuration to the default settings

     

    http://support.f5.com/kb/en-us/solutions/public/4000/300/sol4389.html

     

    Applies To: 4.6.4, - 4.5 PTF-01

     

     

    You could try opening a case with F5 Support on this. Support will probably give you one free case even if you don't have a support contract. Ask for Paul, the chain mail guy, if you can get to him. He probably has the most experience with 4.2 :).

     

     

    Aaron
  • ok, thank you!

    i resolved it: this was missing:

      snat map { its-int to 214.51.41.228 unit 1 }
  • Glad that's working for you. It's a bit odd that the no handler deny count was incrementing if it was just a serverside routing issue.

     

     

    Aaron