Forum Discussion
davidy2001
Cirrus
CirrusDestination address at F5
Hi I have question when I create virtual server. Please see the below sreenshot where there is "Destination Address/Mask". Is this address gateway located at outside of the F5 or address of the virtu...
Hi davidy2001 ,
> ICMP option is on virtual address list tab , see the below snap shot :Select your virtual server address and you will find the ICMP option and make it " disabled".
and try again.
> Or do it Cli ,
write this command on Tmsh prompt
( modify ltm virtual-address 10.0.30.254 icmp-echo disabled )
and try again
Look to this snap shot as well :Hi davidy2001 ,
it is not weired , each virtual server is only responsible for its nodes and when you disable icmp echo on " 10.0.30.254" virtual server this option is related only to this virtual server , and other virtual servers do not impacted by your change , you will find the option of icmp-echo still as default always on all virtual servers except " 10.0.30.254 virtual server "
> For command , you wrote the command wrong , you need to write 10.0.30.254 instead of 10.0.30.1.
> this a special configuration for your environment , as the most deployed that F5 as a loadbalancer servers real servers not routers but of course everything is doable and available in F5 to handle your traffic on the way you want.
- my configuration was a workaround for your environment and " this virtual server 10.0.30.254" is the only object will be impacted to solve your issue with routes , and the rest of your applications and services run without impact.
Tydavidy2001 ,
Also Note , When you change the virtual server IP only , the new virtual address added in statistics Page , Also you will find the in new virtual address the ( " icmp-echo" option returned to " always" ) again , so you will change it again.
> it is not good to change the virtual server ip address , you can create a new one instead of swapping ip , because existance of active session.
> Also , if you follow the scenario of swapping virtual server ip , run this command
" show sys connection cs-server-addr" , it will show to you that the traffic flow is correct and as expected.
Tydavidy2001In all honesty if you are trying to figure out how the BIG-IP works I would configure VMs behind it rather than routers because it seems like you would want to use the BIG-IP in the closest way you intend to in the future. Most deployments of the BIG-IPs are for websites and applications rather than ICMP to routers. Don't get me wrong here because you can do all sorts of things on the BIG-IP but if your intent is to learn it I think the best way to start is the closest thing that everyone typically uses them for which is application load balancing or website load balancing. You can perform tcpdumps on the BIG-IPs to see traffic traversing it as well as a wireshark (windows) or tcpdump (linux) on the destination servers to see the traffic flow. This is a great exercise that you posted just to learn something one off but not where I would have started to learn about them.
Hi davidy2001 ,
How are you ,
> you need to remove TCP profile and choose all protocols , because you are transferring icmp packets not a connection based on TCP :
check the below snap shot and tell me your feedback :Hope this help you and waiting your response.
davidy2001Cirrus
CirrusThank you very much for your nice reply. So from outside user perspective, the destination ip address is internal server (node) ip address. What is relation between the destination ip address 10.0.30.245 and external floating ip address? I thought the external floating ip is virtual server ip address. Looks like not.
Hi davidy2001 ,
well ,
> firstly, From outside user perspective , the destination IP is the " Virtual server = 10.0.30.245" Not The internal Node ip , even users do not know about the node ip.
- The " Virtual server = 10.0.30.245" speaks instead of internal node , all of user knowledge ends up to the" Virtual server = 10.0.30.245" and they can not know what behind the Big-ip from Real servers " internal nodes ".
- The Process of Destination Nat is a process related to F5 Big-ip which do it without knowledge of users , as it converts " Virtual server = 10.0.30.245" IP to " Internal node ip ".
> Secondly , you Though that the External Floating IP address is the Virtual server address.
well , Floating IP exists only if you deploy a High availability "HA" Clustering between two Appliances of F5 Bigip.
-The External Floating ip acts as the self IP address which you create for the standalone system.- External Floating ip maintains the reachability of your system and the peer device on network " Switchs , Routers , Firewalls " , This IP is related to Active and Standby units , but it is owned by Active unit until is become done or a hardware failure happens to it , if this failure happen , this IP will move and owned by the standby unit as it will become the Active unit in this Case.
- External Floating IP address is not included in user traffic ip packets.
- External Floating IP in " HA " Clustering is same as self ip in Standalone unit , it used in Layer 2 Arp packets , and the peer device" Layer 3 Switch , Router , Firwall " to F5 uses it as a next hop to forward traffic to F5.
- Without Creating Floating IP address , you will loose reachabilty with F5 outside network peers.
- Floating ip address is called " Virtual IP address " in other Vendors , I think it confuses you because of its name.
- But , Virtual server is the main speaker instead of internal nodes , and it must be included in the IP layes 3 Packets between users and F5.- Virtual server is the most important component in F5 Big-ip it contains a massive configuration Features adminstrators can do it.
>Note , Virtual IP and Floating ip can have the same IP address , but this is a bad network design and not deployed in almost network architectures.
I hope that helps you.
Ty and Regards
