Forum Discussion
Steve_Kearns_85
Nimbostratus
NimbostratusCan the standby LTM access virtual servers?
I have a pair of LTM's in my data center (running BigIP 9.3.0), running as an active/standby pair. My situation is this: I have a virtual server/pool setup for outbound SMTP (for redundancy: I have multiple SMTP services running)--it's members resources are a couple of my application servers. I have configured alertd/postfix on both load balancers to relay outbound alerts to my virtual server for SMTP.
The problem is this only works on the active load balancer: if I have a pool go down, I receive the alert email from the active LB: but not from the standby LB. mailq on the standby LB shows the emails in the queue, but that the standby LB cannot connect to the configured relay host (the mesage from 'mailq' is essentially (connect to [mailserver vip]: Connection timed out)
Further tests: from both the active and standby LTM, I can 'ping' the mailserver VIP; however, I can only telnet to the mailserver VIP from the active LTM (not surprising, since it sends emails): on the standby LTM, the telent connection times out.
Can anyone offer some insight as to why my standby LTM cannot access the virtual server?
Thanks in advance.
Steve
7 Replies
- Chris_Miller
Altostratus
You should definitely be able to get to it. I'd do a tcpdump of a connection attempt. See if the attempt is dying at the VIP, or at the pool members. Do a tcpdump on the relay host as well to see if traffic is getting there. 
HamishCirrocumulus
Ahh... No.... The standby LTM won't be able to talk to the VS's on the active LTM... That hasn't worked since v9 IIRC...
Just configure your postfix to talk to an MX load balanced entry for SMTP (Which resolves to all your SMTP relays).
H- Chris_MillerPosted By Hamish on 11/03/2010 09:16 AM
Ahh... No.... The standby LTM won't be able to talk to the VS's on the active LTM... That hasn't worked since v9 IIRC...
Just configure your postfix to talk to an MX load balanced entry for SMTP (Which resolves to all your SMTP relays).
H
Why wouldn't it simply talk to its own VS?If 1.1.1.1:25 is the VS, you should definitely be able to telnet to 1.1.1.1:25 from both units. I just tried this for an HTTP VS and it worked just fine from the backup unit.
- HamishIt'll depend on what the routing table says I think whether you connect to the local LTM or connect out the management port... If you do connect to the local LTM, and SNAT is enabled it might (Will probably) work. But then I only use SNAT as a last resort...
Without SNAT, the src IP is probably going to be something quite strange (Sorry, at home ATM so can't check what the routing table looks like)... 127.0.0.1 (Loopback) perhaps
H - Chris_MillerGood callouts!
Without SNAT, the web server would see the source IP as the self-ip of the LTM, right? In my case, this isn't floating, therefore traffic will make it back properly. - HamishIt should depend on how the host routing table is setup. (Unless the kernel and/or TMM does something funny).
H 
Steve_Kearns_85Well, I haven't made much progress: as suggested, a tcpdump only showed an arp and the proper response (i.e., the vip belonged to the mac of the internal interface on the active LTM). I haven't done any sniffing from the relay host itself (it's a windows machine, so not so easy), but since I'm only seeing an ARP request on the LTM, I don't think I'm going to see anything at the pool member.
Just a bit more background: my vip is on my internal interface and is using snat (as it's pool members are on the same vlan). The standby LTM cannot access any of my vips though: I cannot access vips on the external or internal interface. The active LTM though can; I can use telnet to open any vip, on either the external or internal interface.
