GTM Virtual Servers down after translation - Need Help

I am currently facing this same issue, where I am trying to hand out a public address but want to monitor the private IP. Based on our current network design we can't have the GTM monitor the public IP since the GTM lives within our DMZ private IP range. Currently running on GTM 11.2. Has anyone found a resolution to this issue yet?

 

 

-Jeff

HI,

 

 

we are experiencing something v v similar, did either of you find a solution for this?

 

 

https://support.f5.com/kb/en-us/solutions/public/13000/800/sol13865.html

 

 

is this the bug you came across?

 

 

Thanks,

 

I use an iRule since the translation address is more for where the address is translated between the LTM and GTM...

 

 

H

Even though this was an old post I came across it when experiencing the same issue and thought I'd share something that our engineer told us about this. Basically in this situation, if the back end Pool Member/Server Virtual Server is an F5 device, such as an LTM, then you don't specify any health monitors as the result is returned via iQuery from the LTM.

 

 

If you have a static server then I think you may be out of luck. As Hamish said I think you'd need to write an iRule to translate the address returned to clients, and just specify the address as the internal address.

 

 

I really think a feature request should be raised to have a tick box on the virtual server level saying 'monitor translated address' for this exact case.

Hello all,

 

 

I'm also in the same kind of situation, except that I am asked to use something else than Iquery to get the status of LTM VS from the GTM.

 

The purpose behind is to potentially use a mix of GTM and other GSLB devices, without sticking to any proprietary protocol (kalap, Iquery...). Thus I am using https.

 

 

I'm using 11.2.1 HFA5 and and am getting such false positive results. I will upgrade the GTM beginning next week to HFA6 to see if it really solve the issue. I keep you posted.

 

 

thanks and best regards,

 

 

--

 

Benoit

 

Hello,

 

 

FYI: I'm still getting the false positive results after the upgrade to 11.2.1 HFA6.

 

 

I will soon have a webex with the integrator in order to troubleshoot more, I would like to avoid to move to 11.3.

 

 

 

Anyway, could someone help me with the meaning of the workaround

 

To work around this issue, you can reconfigure the virtual servers and translation IP addresses to use unique IP addresses on the BIG-IP GTM servers.

 

 

Does that mean that I have to remove all translation IP addresses (for me, the internal 10.x ones, GTM is sitting in a private range) from the various VS ?

 

 

thanks

 

 

--

 

Benoit

I know that this thread is a little old, but I too ran into this issue running 11.3.0 HF6. Looks like the locally assigned Health Monitor, on the GTM, uses the NAT'd IP address for the health monitoring. I was able to work around this by creating a new health monitor using an Alias address and assigning that to the specific VS. Seems to work well.

 

Does anyone know if this will be fixed in a future release?

 

This looks like a problem with the NAT, are the BIGIP DNS and server behind the firewall ?

 

BIGIP DNS will monitor the VS which is configured in the IP address field which most of the time is the public ip( the translated ip is the real ip of the server )

 

Depending on how your network is setup, but if your real server lets say 1.2.3.4 sitting on a dmz is natted to 100.100.100.100 on outside and your DNS is also on DMZ then you need a nat on a firewall for your DNS lets say 5.6.7.8 mapped to 100.100.100.200, by doing this you are literally telling bigip dns to ping 100.100.100.100 from 100.100.100.200 which makes sense.

 

If you have multiple BIGIP devices then you might think of configuring the prober pools.

 

Hope this helps !! Thanks, Pankaj