Forum Discussion
Steve_Kearns_85
Nimbostratus
Nov 02, 2010Can the standby LTM access virtual servers?
I have a pair of LTM's in my data center (running BigIP 9.3.0), running as an active/standby pair. My situation is this: I have a virtual server/pool setup for outbound SMTP (for redundancy: I have multiple SMTP services running)--it's members resources are a couple of my application servers. I have configured alertd/postfix on both load balancers to relay outbound alerts to my virtual server for SMTP.
The problem is this only works on the active load balancer: if I have a pool go down, I receive the alert email from the active LB: but not from the standby LB. mailq on the standby LB shows the emails in the queue, but that the standby LB cannot connect to the configured relay host (the mesage from 'mailq' is essentially (connect to [mailserver vip]: Connection timed out)
Further tests: from both the active and standby LTM, I can 'ping' the mailserver VIP; however, I can only telnet to the mailserver VIP from the active LTM (not surprising, since it sends emails): on the standby LTM, the telent connection times out.
Can anyone offer some insight as to why my standby LTM cannot access the virtual server?
Thanks in advance.
Steve
- Chris_Miller
Altostratus
You should definitely be able to get to it. I'd do a tcpdump of a connection attempt. See if the attempt is dying at the VIP, or at the pool members. Do a tcpdump on the relay host as well to see if traffic is getting there. - Hamish
Cirrocumulus
Ahh... No.... The standby LTM won't be able to talk to the VS's on the active LTM... That hasn't worked since v9 IIRC... - Chris_Miller
Altostratus
Posted By Hamish on 11/03/2010 09:16 AMIf 1.1.1.1:25 is the VS, you should definitely be able to telnet to 1.1.1.1:25 from both units. I just tried this for an HTTP VS and it worked just fine from the backup unit.
- Hamish
Cirrocumulus
It'll depend on what the routing table says I think whether you connect to the local LTM or connect out the management port... If you do connect to the local LTM, and SNAT is enabled it might (Will probably) work. But then I only use SNAT as a last resort... - Chris_Miller
Altostratus
Good callouts! - Hamish
Cirrocumulus
It should depend on how the host routing table is setup. (Unless the kernel and/or TMM does something funny). - Steve_Kearns_85
Nimbostratus
Well, I haven't made much progress: as suggested, a tcpdump only showed an arp and the proper response (i.e., the vip belonged to the mac of the internal interface on the active LTM). I haven't done any sniffing from the relay host itself (it's a windows machine, so not so easy), but since I'm only seeing an ARP request on the LTM, I don't think I'm going to see anything at the pool member.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects