Forum Discussion

Sarah_258804's avatar
Sarah_258804
Icon for Cirrus rankCirrus
May 09, 2016

Can I change the default ephemeral ports that the F5 uses for health monitoring?

Currently I see that my F5 is reaching out to the servers in my server pools on low ephemeral ports for health monitoring. For example, I have a health monitor for DNS so that the F5 reaches out to the DNS servers to ensure that DNS is working properly. The source port coming from the F5 has a huge range from sometimes 7000 up to 65535. We are trying to standardize the ephemeral ports used in our datacenter to use the standard Microsoft ephemeral ports, 49152 - 65535 for ACI filtering.

 

Can I manually change which ports the F5 uses to send requests on? I know we are currently doing this with Linux servers, so I'd like to do it with the F5s as well.

 

application delivery
BIG-IP
ephemeral ports
filtering
health monitoring
LTM
port range
tcp-udp
  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    May 11, 2016

    Same as you would on a linux host:

    echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range

    • Sarah_258804's avatar
      Sarah_258804
      Icon for Cirrus rankCirrus
      May 11, 2016
      I ran that command on each F5 but am still seeing it try to communicate on 43900 and lower. Do I need to perform a system reboot for the changes to take effect, or something of that nature?
    • ekaleido's avatar
      ekaleido
      Icon for Cirrus rankCirrus
      May 11, 2016
      That will apply after a reboot. Try, sysctl -w net.ipv4.ip_local_port_range = 49152 65535
    • Sarah_258804's avatar
      Sarah_258804
      Icon for Cirrus rankCirrus
      May 11, 2016
      Received this error: error: "net.ipv4.ip_local_port_range" must be of the form name=value error: Malformed setting "=" error: "49152" must be of the form name=value error: "65535" must be of the form name=value
  • ekaleido_26616's avatar
    ekaleido_26616
    Icon for Cirrocumulus rankCirrocumulus
    May 11, 2016

    Same as you would on a linux host:

    echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range

    • Sarah_258804's avatar
      Sarah_258804
      Icon for Cirrus rankCirrus
      May 11, 2016
      I ran that command on each F5 but am still seeing it try to communicate on 43900 and lower. Do I need to perform a system reboot for the changes to take effect, or something of that nature?
    • ekaleido_26616's avatar
      ekaleido_26616
      Icon for Cirrocumulus rankCirrocumulus
      May 11, 2016
      That will apply after a reboot. Try, sysctl -w net.ipv4.ip_local_port_range = 49152 65535
    • Sarah_258804's avatar
      Sarah_258804
      Icon for Cirrus rankCirrus
      May 11, 2016
      Received this error: error: "net.ipv4.ip_local_port_range" must be of the form name=value error: Malformed setting "=" error: "49152" must be of the form name=value error: "65535" must be of the form name=value