Forum Discussion
NimbostratusDid Forwarding VS need to disable ARP and ICMP echo?
Hi
we have config many forwarding VS and many of them is host Forwarding.
Problem is when Node behind F5 is down , Monitor from outside still can ping (or tcp) IP of Node because ICMP echo and ARP enabled.
Did we need to disable arp and icmp echo to make monitor server not check IP on F5?
If we disable it, Did virtual server still working? Can we still forward traffic to node behind F5 properly?
ps. this problem not occur on wildcard FW vs due to virtual address list of 0.0.0.0 is disable ARP and ICMP echo b default.
2 Replies
natheCirrocumulus
kridsana,
whether a virtual address has ARP/ICMP echo enabled does not impact the monitoring of that the server. This is purely determined by the health monitor on the node. Saying that, a host forwarding ip virtual server does not have a concept of a pool so won't use this to determine whether the backend server is up. It simply forwards the traffic regardless.
Hope this helps,
N
kridsanaHi Nathan
In this case, Customer have monitor server in front of F5 which check ICMP to server. Did this will make monitor fault positive because F5 virtual address will response by ICMP echo even though real server is down. (it's affect only host forwarding vs, not network forwarding vs)
And in this case it shown conflict IP after real server reboot, So I think we need to disable arp+icmp echo on host forwarding vs. but I'm not sure if disable it and then we can use host forwarding vs properly
Kridsana
