Forum Discussion
F5 Load balancer not working, but all the configurations are successful
I have configured f5 lb, one node and one pool , and two members in the pool. and Virtual Server is configured . I can see everything is working , (every place it is Green ), but when i use the VIP to connect my webserver, it is not getting resolved in my browser. can you pls throw some light on this issue. what to check and where to check ? I am Stuck with this issue for a long time.
p.s i have not configured irules, i have used default pool in Virtual server configuration
- TechTNimbostratus
Hi tilden,
- Do you see any connection hits on the VIP when you are trying on the browser ?
- Are you using VIP IP or any Domain name to connect on browser ?
- whats the error you get when you hit ?
- tilden27_196853Nimbostratus
Hi, please find the answers
2) VIP IP
3) web page not found error.
I want to trace the complete process, where can i find the trace logs. ? and how to ensure that the my VIP is hit. ?
- Tosin_OmojolaAltostratus
Does the port you specified on the pool member match what you have on the VS? Is the pool assigned to the VS? Does the monitor you assign match the service you are trying to connect to? If you assign a different monitor, you could still get a positive feedback (Green) whereas the real service (http in this case) might not be available.
Please verify these.
- NikhilBEmployee
Whats the default gateway of your servers? If its not the F5 have you enabled SNAT?
- Bernie_Ongewe_6Nimbostratus
Transactions are logged in /var/log/ltm
There are plenty of places we could start looking depending on the root cause.
First thing to consider is whether the frames are actually getting treatment from the VIP you think it is. I've seen folks get messed up by the processing order for instance https://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html
You could try a "noisy" tcpdump; https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13637.html
For you it would look something like;
tcpdump -ni 0.0:nnn "(host and port 80)" or "(host or host ...)" -s 0 -w
BIGIP adds a trailer that, when possible, tells you which VIP handled the frame. Of course, to make sense of it, you need that dissectors. You can grab those from; https://devcentral.f5.com/Wiki/AdvDesignConfig.F5WiresharkPlugin.ashx
Even without dissection, though the tcpdump will help you home in on the point of failure (are the frames even reaching F5? Can we see client-side counter-parts to these? etc) so maybe start there.
Cheers, Bernie
- nitass_89166Noctilucent
this may be helpful.
Quick Start: Application Delivery Fundamentals by Josh Michaels
- M_2AltocumulusThis was really helpfull. Does any one has configured the setup in Virtual edition in VMWare ? how can we setup multiple VLANS and have a communication established between them ? Thanks in Advance. - SAM
- nitassEmployee
this may be helpful.
Quick Start: Application Delivery Fundamentals by Josh Michaels
- M_2AltocumulusThis was really helpfull. Does any one has configured the setup in Virtual edition in VMWare ? how can we setup multiple VLANS and have a communication established between them ? Thanks in Advance. - SAM
- tilden27_196853Nimbostratus
Hi all,
I found the my Virtual Server is been hit by the request, but all my request are dropped.
and also found the below in my ltm log
Apr 13 11:31:46 local/tmm1 notice tmm1[5137]: 01200004:5: Packet rejected remote IP 136.2xx.1xx.2xx port 0 local IP 10.x1.1xx.1x port 3 proto ICMP: Port closed.
- Sadorect_151355NimbostratusI had the same issue with a POC I am working on presently where pings made to a pool are not being replied. However, a tcpdump shows that the packet got to the interface holding the pool member. ICMP is not a supported way to test virtual server connectivity. It's better to have a proper service running on the pool member and have the service accessed via the VS. In my case, the test was successful once the VS was attached to the service rather than depending on port connectivity with ICMP pings.
- dragonflymrCirrostratus
Hi,
I checked bigip_error_maps.dat (in /var/run/ folder) looking for both 01200004 code as well as "rejected" word and nothing was returned matching posted entry, I was pretty sure that everything that is placed in ltm log should have entry in this file - am I wrong?
Considering problems with this VS - what version of LTM are you running? Can you ping selfIP of this LTM on the VLAN you have your VS defined? Actually Virtual IP used by VS should reply to ping even if VS is disabled or pool is down. This can be turned of in "Local Traffic ›› Virtual Servers : Virtual Address List ›› your VIP name" by setting ICMP Echo to disabled (this option is available with new versions, I thing 11.5+). You can as well disable icmp using Packet Filter. Still both those options are not creating any entries similar to posted in my ltm log.
Piotr
- alex_rosier_197Nimbostratus
Hi,
Sorry if I repeat any previous posts/questions. This is a quick response intended as rough guideline.
How you troubleshoot this depends heavily on how you are setup. So here I am making some assumptions.
If you are connecting from same VLAN as VIP, all you need to do is start a quick tcpdump from CLI to confirm the client can establish a 3-WAY tcp handshake with VIP. i.e:
tcpdump -s0 -nni VLAN_NAME:nnn host YOUR_CLIENT_IP_HERE or arp or icmp
So, if you are using standard VIP you should see SYN arrive to F5 and SYN/ACK go back towards client (Check layer2 as well as layer 3 addresses please) and ACK back from CLIENT, followed by HTTP request from Client (typical 3WHS). If you see HTTP request from client, can you confirm the server is receiving this ? If you can get the first part of this puzzle then you are closer to solving the problem.
If you need more help can I suggest you paste in your VIP and pool config for everyone's benefit. Of course if the IP is sensitive to you then feel free to mask that out.
I hope that helps.
Rgds,
Alex
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com