Forum Discussion
Meena_Agnihotri
Nimbostratus
NimbostratusCan't ping active LTMs self ip or floating ip
I have two 2000s (F5a and F5b) in an active/standby configuration. TMOS version = 11.5.2HF1
There are 2 VLANs. Internal, External, HA. My problem is on the internal vlan.
On the internal-vlan,
F5a-self-ip = .163 F5b-self-ip = .164 Floating-ip = .161
From the upstream L3 switches, I can ping .164 but cannot ping .163 or .161
When I force F5a to standby, the problem reverses. Now I can ping .163 but not .164 or .161
It appears I can only ping the standby unit's self ip. The other two do not respond.
On the external VLAN, everything pings fine.
Anybody have any thoughts on what may be occuring here?
port-lockdown is set to allow all.
Thanks!!
Max_Q_factorCirrocumulus
Have you setup mac masquerading on the BIG-IP HA pair? (beware anything where you change mac addresses can confuse other devices on the same VLAN. SOL13502: Configuring MAC masquerade (11.x)
Meena_AgnihotriI opened a case and got the following response from the TAC.
Here is the answer for this SR.
https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3475.html?sr=45778187
If the ping originates from a different vlan then it will not get a response.
herve_iro_13287I have the same challenge. i can not ping the internal floating ip or the selfip of the active unit with two LTM 2000S in HA. Even if it is an F5 security system. how to disable this feature because my client want to be able to ping those ip.
Thanks
cchen_185811I'm experiencing the same issue where I can't ping the active or floating IP and only standby IP is pingable. The issue is reversed when I failed over. The response provided above is not relevant as I'm pinging from a host in the same vlan and the fact that it is reachable to the standby self IP shows that there's no network issue. Does anyone know how to fix the problem. Thanks
keshav_163381Yes..That kb is correct. You cannot block icmp traffic to BIGIP which is by default allowed in BIGIP for within same VLAN.
- cchen_185811
Thanks for your prompt reply. Would you know how I can get ping to work on the Active node? and not just on the Standby node?
This behavior is by design. When you try to ping a SelfIP on an interface that is not the interface you are originating from, it won't work on the Active device. You can ping the standby because, once you get back there, the Active device knows where to find that IP.
I'm not sure there is ever value in trying to ping the inside interface of the device like this. I've never seen a convincing use case.
- san2hosh_306591
I have the similar issue. where I can ping the non-floating address of the standby. But I cannot ping floating address on standby and all self-IP's in the active one. Any help.
