Forum Discussion
NimbostratusBIG-IP no handler deny
our BIG-IP 4.2 is not handling requests to the virtual servers properly. With b summary I see the counter "no handler deny" increasing on every request. The backend nodes don't see any connection, even if the BIG-IP stats show connections made to the nodes in a balanced way.
Basically a request to 214.51.41.227 does not work and we need help for this! Thank you!
Here is our (simplified) test configuration:
---bigip_base.conf---
interfaces
vlans
vlan its {
tag 4094
interfaces add 1.24
}
vlan its-int {
tag 4093
interfaces add 1.1
}
vlan admin {
tag 4092
interfaces add 3.1
}
vlan groups
self IP addresses
self 214.51.41.229 {
vlan its
netmask 255.255.255.224
broadcast 214.51.41.255
}
self 10.0.1.9 {
vlan its-int
netmask 255.0.0.0
broadcast 10.255.255.255
}
self 192.168.0.245 {
vlan admin
netmask 255.255.255.0
broadcast 192.168.0.255
}
---bigip.conf---
constants
global mirror disable
global open_telnet_port enable
global open_ftp_ports enable
global open_ssh_port enable
global open_corba_ports enable
global webadmin_port 443
services
service 80 443 tcp enable
service 80 udp enable
default gateway pool
pool default_gateway_pool {
member 214.51.41.225:*
member 192.168.0.1:*
}
default_gateway use pool default_gateway_pool
server pools
pool mvnodes {
lb_method least_conn_member
min_active_members 1
member 10.0.1.18:81
member 10.0.1.19:81
}
pool mvnodes_test {
member 10.0.1.15:80
}
virtual servers
virtual 214.51.41.227:http unit 1 {
use pool mvnodes_test
vlans admin disable
}
virtual 214.51.41.228:http unit 1 {
use pool mvnodes
vlans admin disable
}
monitors
monitor testAvail {
type http
use "http"
interval 5
timeout 16
dest *:*
send "GET /rest/testAvailability"
recv ""
username ""
password ""
}
node * monitor use icmp
node 10.0.1.18:81 10.0.1.19:81 monitor use testAvail
5 Replies
hoolioCirrostratus
Are you testing from the admin VLAN? Or maybe on a port other than 80? The virtual server is disabled on the admin VLAN and only listening on port 80.
Aaron
Jonas_Kunze_392No, I'm testing the virtual server ip port 80, from the "its" vlan. The BIG-IP receives the request but discards it with "no handler deny". Did I forget to configure anything? Or is there also a possibility to completely reset the BIG-IP to start from scratch?- hoolioFor 4.2, I'm not sure. I remember in 4.5 that you could use 'b reset'. Else, you could probably just rename the bigip.conf and bigip_base.conf.
sol4389: Resetting the BIG-IP configuration to the default settings
http://support.f5.com/kb/en-us/solutions/public/4000/300/sol4389.html
Applies To: 4.6.4, - 4.5 PTF-01
You could try opening a case with F5 Support on this. Support will probably give you one free case even if you don't have a support contract. Ask for Paul, the chain mail guy, if you can get to him. He probably has the most experience with 4.2 :).
Aaron - Jonas_Kunze_392ok, thank you!
i resolved it: this was missing:snat map { its-int to 214.51.41.228 unit 1 } - hoolioGlad that's working for you. It's a bit odd that the no handler deny count was incrementing if it was just a serverside routing issue.
Aaron
