Forum Discussion

davidy2001's avatar
Nov 05, 2022

Destination address at F5

Hi I have question when I create virtual server. Please see the below sreenshot where there is "Destination Address/Mask". Is this address gateway located at outside of the F5 or address of the virtu...
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Nov 06, 2022

    Hi davidy2001 , 
     > ICMP option is on virtual address list tab , see the below snap shot : 

    Select your virtual server address and you will find the ICMP option and make it " disabled". 
    and try again. 
    > Or do it Cli , 
    write this command on Tmsh prompt 
    (  modify ltm virtual-address 10.0.30.254 icmp-echo disabled ) 
    and try again 
    Look to this snap shot as well : 

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Nov 06, 2022

    Hi davidy2001 , 
           it is not weired , each virtual server is only responsible for its nodes and when you disable icmp echo on " 10.0.30.254" virtual server this option is related only to this virtual server , and other virtual servers do not impacted by your change , you will find the option of icmp-echo still as default always on all virtual servers except " 10.0.30.254 virtual server " 

    > For command , you wrote the command wrong , you need to write 10.0.30.254 instead of 10.0.30.1. 

    > this a special configuration for your environment , as the most deployed that F5 as a loadbalancer servers real servers not routers but of course everything is doable and available in F5 to handle your traffic on the way you want. 
    - my configuration was a workaround for your environment and " this virtual server 10.0.30.254" is the only object will be impacted to solve your issue with routes , and the rest of your applications and services run without impact. 

    Ty 

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Nov 07, 2022

    davidy2001 , 
            Also Note , When you change the virtual server IP only , the new virtual address added in statistics Page , Also you will find the in new virtual address the ( " icmp-echo" option returned to " always" ) again , so you will change it again. 

    > it is not good to change the virtual server ip address , you can create a new one instead of swapping ip , because existance of active session.

    > Also , if you follow the scenario of swapping virtual server ip , run this command 
    " show sys connection cs-server-addr" , it will show to you that the traffic flow is correct and as expected. 

    Ty

  • Paulius's avatar
    Paulius
    Nov 07, 2022

    davidy2001In all honesty if you are trying to figure out how the BIG-IP works I would configure VMs behind it rather than routers because it seems like you would want to use the BIG-IP in the closest way you intend to in the future. Most deployments of the BIG-IPs are for websites and applications rather than ICMP to routers. Don't get me wrong here because you can do all sorts of things on the BIG-IP but if your intent is to learn it I think the best way to start is the closest thing that everyone typically uses them for which is application load balancing or website load balancing. You can perform tcpdumps on the BIG-IPs to see traffic traversing it as well as a wireshark (windows) or tcpdump (linux) on the destination servers to see the traffic flow. This is a great exercise that you posted just to learn something one off but not where I would have started to learn about them.

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Nov 15, 2022

    Hi davidy2001 , 
      How are you , 
    >  you need to remove TCP profile and choose all protocols , because you are transferring icmp packets not a connection based on TCP : 
    check the below snap shot and tell me your feedback : 

     

    Hope this help you and waiting your response.