F5 Newbie - Just Starting

Question

So if I don't give all required info needed to allow people to assist, please shoot me. 
&nbsp;  
&nbsp; We have the BIGIP 9 and I have done the following: 
&nbsp;  
&nbsp; - Setup a pool and added 2 members to it (members are VMware Virtual Machines) 
&nbsp; - Setup 2 VLANs: 1 for the internal network and 1 for the DMZ network 
&nbsp;  
&nbsp; Now I am at a stopping point before I flip the DNS for our DEV environment in order to test it.  I have the following questions: 
&nbsp;  
&nbsp; 1) how do I assign an IP address to the pool that I setup? 
&nbsp; 2) do i need to setup a Route in order for it to completely see the inside network? 
&nbsp;  
&nbsp; Like I said in the topic, I am new to the F5 appliance and want to make sure I am not overlooking anything before flipping the DNS to test out the first of many pools to be created. 
&nbsp;  
&nbsp; Any and all help is appreciated. 
&nbsp;  
&nbsp; Ohio

the_bhattman · Answer

My recommendation is check out the F5 Deployment guide.  It may be able to answer most of your question 
&nbsp;  
&nbsp; http://www.f5.com/solutions/resources/deployment-guides/index.htmlletterV 
&nbsp;  
&nbsp; hope this helps, 
&nbsp; CB 
&nbsp;  &nbsp;

mark_harris_608 · Answer

1. ) You are now ready to setup a Virtual Server (VS), which has fields to put in the name, IP address, and port, then select the pool you created.  You don't need a route (at least on the BIG-IP LTM) to make it work, assuming the internal address on the LTM is the virtual machine's default gateway and if not, enable SNAT AutoMap on the VS during configuration (under Advanced settings).  After you save the configuration for the VS, you should be good to go. 
&nbsp;  
&nbsp; 2. )  If you want to be able to route external requests directly to the virtual machines (for administration, etc.) then you need a route on the upstream router/firewall with a gateway of the BIG-IP shared self-IP address on the DMZ network.  Example: If DMZ = 192.168.1.0 and internal = 172.16.1.0, do a "route add 172.16.1.0 netmask 255.255.255.0 gateway 192.168.1.1", where 192.168.1.1 is the BIG-IP external shared self-IP on that network).  Again, gateway for servers must be 172.16.1.1, the internal shared self-IP.  
&nbsp;  
&nbsp; As suggested earlier, you may want to check the Deployment Guide for a step-by-step process with illustrations on the VS creation (routing info is not in deployment guides) - but the information above covers the major steps. 
&nbsp;  
&nbsp; /mh

the_ohiostater_ · Answer

Wow...this board is as good as ArsTechnica!  Thanks for the pointers and I will check out the deployment guide. 
&nbsp;  
&nbsp; I really appreciate the info! 
&nbsp;  
&nbsp; Matt

the_ohiostater_ · Answer

OK, for some reason I am getting "servers marked down by a health monitor"  I have them on the built-in http monitor.  
&nbsp; What am I missing?  
&nbsp; M

l4l7_53191 · Answer

Matt: there could be a bunch of stuff affecting your health monitors. You mention that you're new to the f5 world, so I'll walk through some steps that may (hopefully) help you track it down. This is all done via the command line on your BigIP, since the BigIP is the client for health checks. 
  
 1) Ensure basic connectivity via ping. 
 2) If basic connectivity is good, telnet to your server port you defined for your pool members. For example, let's say I've got a server (192.168.100.10) listening on port 8080 and I want to be sure we're talking ok: 
  
 config  telnet 192.168.100.10 8080 
 Trying 192.168.100.10... 
 Connected to 192.168.100.10. 
 Escape character is '^]'. 
   
 If you connect, you'll see something like the output above. If you do, this is a good sign - the server is listening on the port you've configured in the pool. Now type "GET" and hit enter two times. Hopefully you'll see output.  
  
 If all of this works, you're getting close so don't give up!  
  
 For more (and higher quality) information on tracking this type of issue down refer to SOL3224 on ask.f5.com. Pay particular attention to their note about HTTP version mismatch, which I've run into dozens of times over the years.  
  
 -Matt

Forum Discussion

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

F5 ASM/AWAF – violations logged but no learning suggestions generated

F5 VELOS Backplane Inter-Tenants Communication

migrate from serie I to R. Cluster LTM-GTM

Best Practice guide for enabling Attack signature In BIG-IP ASM

Related Content

Getting Started on DevCentral

Getting Started With n8n For AI Automation

Getting started with F5 Distributed Cloud (XC) Telemetry

Getting Started with iRules: Variables

Physical Security - Starting Points