Forum Discussion
Destination address at F5
- Nov 06, 2022
Hi davidy2001 ,
> ICMP option is on virtual address list tab , see the below snap shot :Select your virtual server address and you will find the ICMP option and make it " disabled".
and try again.
> Or do it Cli ,
write this command on Tmsh prompt
( modify ltm virtual-address 10.0.30.254 icmp-echo disabled )
and try again
Look to this snap shot as well : - Nov 06, 2022
Hi davidy2001 ,
it is not weired , each virtual server is only responsible for its nodes and when you disable icmp echo on " 10.0.30.254" virtual server this option is related only to this virtual server , and other virtual servers do not impacted by your change , you will find the option of icmp-echo still as default always on all virtual servers except " 10.0.30.254 virtual server "
> For command , you wrote the command wrong , you need to write 10.0.30.254 instead of 10.0.30.1.
> this a special configuration for your environment , as the most deployed that F5 as a loadbalancer servers real servers not routers but of course everything is doable and available in F5 to handle your traffic on the way you want.
- my configuration was a workaround for your environment and " this virtual server 10.0.30.254" is the only object will be impacted to solve your issue with routes , and the rest of your applications and services run without impact.
Ty - Nov 07, 2022
davidy2001 ,
Also Note , When you change the virtual server IP only , the new virtual address added in statistics Page , Also you will find the in new virtual address the ( " icmp-echo" option returned to " always" ) again , so you will change it again.
> it is not good to change the virtual server ip address , you can create a new one instead of swapping ip , because existance of active session.
> Also , if you follow the scenario of swapping virtual server ip , run this command
" show sys connection cs-server-addr" , it will show to you that the traffic flow is correct and as expected.
Ty - Nov 07, 2022
davidy2001In all honesty if you are trying to figure out how the BIG-IP works I would configure VMs behind it rather than routers because it seems like you would want to use the BIG-IP in the closest way you intend to in the future. Most deployments of the BIG-IPs are for websites and applications rather than ICMP to routers. Don't get me wrong here because you can do all sorts of things on the BIG-IP but if your intent is to learn it I think the best way to start is the closest thing that everyone typically uses them for which is application load balancing or website load balancing. You can perform tcpdumps on the BIG-IPs to see traffic traversing it as well as a wireshark (windows) or tcpdump (linux) on the destination servers to see the traffic flow. This is a great exercise that you posted just to learn something one off but not where I would have started to learn about them.
- Nov 15, 2022
Hi davidy2001 ,
How are you ,
> you need to remove TCP profile and choose all protocols , because you are transferring icmp packets not a connection based on TCP :
check the below snap shot and tell me your feedback :Hope this help you and waiting your response.
Lets use one of your reply to start the conversation.
" it is not weired , each virtual server is only responsible for its nodes and when you disable icmp echo on " 10.0.30.254" virtual server this option is related only to this virtual server , and other virtual servers do not impacted by your change , you will find the option of icmp-echo still as default always on all virtual servers except " 10.0.30.254 virtual server " "
I still have question on this point. After I repeatedly tested, I found the phenomena. Lets say there are two situations: One is when ICMP Echo Disabled, 3725-1 can always ping virtual server successfully. Once it change back to Always, 3727-1 no longer ping virtual server. The second situation is when ICMP Echo Always, Once it change back to Disabled, 3727-1 no longer ping virtual server. but I do not know what can cause the two different situation? Thanks
Hi davidy2001,
when you set your option :
> Always : this option make F5 it self as a device reply to icmp packet when F5 itself sees that this virtual server is available " Green circle or blue Square " on it , if this Virtual server is not available or has a
" red Rhombus " or marked down , F5 as a system device will not reply to ICMP.
> Disable : F5 as a device does not reply to ICMP if its virtual server available or not , it only take icmp packets and send it to its pool members/nodes.
briefly , Always option tells F5 device to reply to icmps if the Pinged virtual server available whereas Disable tells F5 device not to reply to the icmp packets or bypass icmp packets to be relayed on the availability of " Pool members/ Nodes"
> I will send to you a snap shot for a very useful TAB on F5 Gui :
Help TAB is our hand and foot in F5.
Regards.
Ty
- davidy2001Nov 12, 2022Cirrus
Thanks. Can we say no matter Always or Disabled is selected, traffic should be sent to nodes from virtual server?
- Nov 12, 2022
Yes , always or disable only for icmp packets.
But real traffic delivered by nodes that assigned virtual servers .
Regards
- davidy2001Nov 12, 2022Cirrus
Mohamed_Ahmed_Kansoh Thanks
"Yes , always or disable only for icmp packets."
what I mean is no matter Always or Disabled is selected, traffic----Ping should be sent to nodes from virtual server? Because this is related with below issue.
Is there a config change which cause block traffic from virtual server to nodes in addition to linking virtual server to Node pool(Virtual server---->Resouces--->Load balance--->Default pool)?
the reason why I am asking the question is because it used to work, but now the virtual server already link a node pool, but the virtual server cannot transfer message( ping) from 3725-1 to nodes sometimes? when 3725-1 send ping to virtual server(ping is succefull), but Statistic show nothing changed (even if keeping press Refresh button)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com