Forum Discussion
Create a Wide-IP in the "Member list" does not appear any virtual server to associate.
Hello People,
I'm a licensed equipment and provisioned with the LC version 11.6HF3 and when i create a Wide-IP in the "Member list" does not appear any virtual server to associate. Recalling that created the Virtual Server to the association, do not know if you have any specific configuration to create the Virtual Server to get to my associate Wide-IP. Would like you guys to help. Thank U.
- NikhilBEmployee
Assuming the WideIp will be automatically enabled from an LTM that has already been configured? If so, has an iQuery session already been established between GTM/LTM?
Hi Rodrigo,
as NikhilB already pointed out, there needs to be an internal established communication between the LTM and GTM component in your LinkController. The internal communication happens via the SSL-encrypted iQuery protol which is based on certificate trust. It is recommended, to create long lasting (3650 days) unit specific device certificates (by default it is set to common name "localhost.localdomain") and to add it to the list of trusted device certificates as well (WebUI: System >> Device Certificates >> Trusted Client Certificates). Afterwards you run the "
" and "bigip_add
" scripts versus the local device. Run "gtm_add
" to check for successful iQuery communication. Thanks, Stephantail -f /var/log/gtm
- Rodrigo_N_SoareNimbostratus
Hi NikhilB and Stephan, thank you for your help. I check for the certificate at (WebUI: System >> Device Certificates >> Trusted Client Certificates). There a certificate that lasts until 2024, so I think this is ok. But when I issued the command bigip_add I got the following error:
[root@bigip1:Active:Standalone] config bigip_add Retrieving remote and installing local BIG-IP's SSL certs ... Enter root password for if prompted ssh: mkdir -p /config/big3d; if [ -e /config/httpd/conf/ssl.crt/server.crt ]; then cat /config/httpd/conf: Name or service not known ERROR: Can't read remote cert via /usr/bin/ssh.
==> Done <==
Is there something that I'm missing?
Regards,
Hi Rodrigo,
both commands will be used versus a local self IP address (not a floating self IP address!). The self IP needs to be in "PortLockDown = allow-default" state. Now you run "
" to internally exchange certificates. Now you run "bigip_add
" to finish the internal GTM related configuration exchange. To validate the iQuery communication you can use "gtm_add
". Track the GTM log facility by running "iqdump
" in a second console. If you are running your LinkController as redundant pair, this needs to be done between both units as well. That´s why I mentioned the requirement for unit specific device certificates. Using the default "localhost.localdomain" certificate on both machines makes things even more complicated. I haven´t touched the LinkController for a while. But it was always good practice, to create a "default_gateway_pool" and use it as next hop for default gateway configuration in the network settings. This used to trigger the creation of a "datacenter" object automatically, which is not available from the LinkController´s WebUI. Thanks, Stephantail -f /var/log/gtm
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com