Forum Discussion
NimbostratusI need help in completing this configuration
Hi my company bought a service contract with f5 the code is F5-SVC-BIG-PRE-L1-3, im trying to configure two BIG IP LTM devices but it seems after i have done all the configurations i cannot ping any of the self ip addresses or the virtual servers. My setup is like this CiscoASA G0/1 & G0/2 (192.168.15.5) ! ! --------------------------------------- ! ! ! (floating 192.168.15.1) ! bigip1 (ext-vlan192.168.15.2) bigip2 (ext-vlan192.168.15.3) ! ! ! (floating 10.10.168.1) ! bigip1 (int-vlan10.10.168.2) bigip2 (int-vlan10.10.168.3) ! ! ----------------------------------------
! ! Cisco switch ! ! HP-SERVER1 (10.10.168.13)---------------HP-SERVER2 (10.10.168.14)
Cisco ASA G0/1 & G0/2 bundled interfaces with IP Address 192.168.15.5. After configuring all the basic configs i cannot get my servers to ping any of my self IPs or even the Cisco ASA. I have also uploaded my qkview on ihealth case_number_C1431792_support_file(1).tar.
If you can help me please you can email me on kudakwashet@compulink.co.zw you can include the steps to configuring the device to basic connectivity even to get my data centre up my situation is critical, i have configured the rest of the network equipment im now only left with the BIG IPs. I have gone through a lot of the documentation found online but the staff is very confusing.
Regards
Kudakwashe Tayo
36 Replies
- nitass
Employee
still i cannot ping the IP addresses although my nodes and everything are now showing green and they are said to be available
you are using route domain, aren't you? can you post self ip and virtual address configuration?
tmsh list net self tmsh list ltm virtual-addressalthough my devices are sayed to be insync when i try to synchronise new configuration changes one of the devices is showing as disconnected
is time in sync?
kudakwashet_154This is the output from the commands you asked me to run, i hope it will help you to help figure this out.
So Cory are we saying i need not to worry about pinging the self ips as long as everything else seems okay.
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Mon May 19 13:58:17 2014 from 10.10.168.14
[root@imm:Active:In Sync] config tmsh list net self
net self 192.168.15.1 {
address 192.168.15.1/24 allow-service { default } traffic-group traffic-group-local-only vlan external}
net self 10.10.168.4 {
address 10.10.168.4/24 allow-service { default } floating enabled traffic-group traffic-group-1 unit 1 vlan internal}
net self 10.10.168.2 {
address 10.10.168.2/24 allow-service { default } traffic-group traffic-group-local-only vlan internal}
net self 192.168.15.3 {
address 192.168.15.3/24 allow-service { default } floating enabled traffic-group traffic-group-1 unit 1 vlan external}
net self 192.168.10.1 {
address 192.168.10.1/30 allow-service { default } traffic-group traffic-group-local-only vlan HA}
[root@imm:Active:In Sync] config tmsh list ltm virtual-address
ltm virtual-address 0.0.0.0 {
address any arp disabled icmp-echo disabled mask any traffic-group traffic-group-1}
ltm virtual-address 10.10.168.100 {
address 10.10.168.100 mask 255.255.255.255 traffic-group traffic-group-1}
ltm virtual-address 192.168.15.100 {
address 192.168.15.100 mask 255.255.255.255 traffic-group traffic-group-1}
[root@imm:Active:In Sync] config
- kudakwashet_154
And i have managed to get sync to function although the time is not the same i changed the sync mode to Auto that is what made it to sync. I dont know how to correct the time so that it can be the same on both device.
Cory_50405Noctilucent
Set an NTP server under System -> Configuration -> Device -> NTP. This will bring both of your device clocks in sync.
- nitass
So Cory are we saying i need not to worry about pinging the self ips as long as everything else seems okay.
you are saying you cannot ping 10.10.168.2 and 10.10.168.4 self ip from 10.10.168.13 and 10.10.168.14 server, aren't you?
can you try tcpdump (on bigip) when pinging the self ip?
tcpdump -nni 0.0 host x.x.x.x and icmp x.x.x.x is server ip you run pingI dont know how to correct the time so that it can be the same on both device.
sol3381: Setting the time and date on the BIG-IP system
http://support.f5.com/kb/en-us/solutions/public/3000/300/sol3381.htmlsol3122: Using the BIG-IP Configuration utility to add an NTP server
http://support.f5.com/kb/en-us/solutions/public/3000/100/sol3122.html - kudakwashet_154
how do i view the TCPDUMP output i have tried uploading on ihealth its not working
- kudakwashet_154
And also dont have any NTP services running in my Data centre can i put a global one and do you any global ntp server addresses
- Cory_50405You can use one of NIST's NTP servers: http://tf.nist.gov/tf-cgi/servers.cgi As for the tcpdump output, it should display on your screen unless you specified the -w modifier and then it would save to whatever file you specified. You'll need to download and view it in Wireshark.
- kudakwashet_154
okay thanks
- kudakwashet_154
Hi here is the tcpdump output
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Mon May 19 15:56:31 2014 from 10.10.168.14
[root@imm:Active:In Sync] config tcpdump -i 1.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 1.2, link-type EN10MB (Ethernet), capture size 96 bytes
12:39:25.593191 arp who-has 10.10.168.14 tell 10.10.168.3
12:39:25.778927 802.1d config 8001.58:0a:20:2e:f5:80.8010 root 8001.58:0a:20:2e:f5:80
pathcost 0 age 0 max 20 hello 2 fdelay 15
0x0000: 0180 c200 0000 580a 202e f590 8100 0000 ......X......... 0x0010: 0026 4242 0300 0000 0000 8001 580a 202e .&BB........X... 0x0020: f580 0000 0000 8001 580a 202e f580 8010 ........X....... 0x0030: 0000 ..12:39:26.360575 arp who-has 10.10.168.2 tell 10.10.168.3
12:39:26.592416 arp who-has 10.10.168.14 tell 10.10.168.3
12:39:26.592992 arp who-has 10.10.168.13 tell 10.10.168.3
12:39:27.360060 arp who-has 10.10.168.2 tell 10.10.168.3
12:39:27.591887 arp who-has 10.10.168.13 tell 10.10.168.3
12:39:27.591902 arp who-has 10.10.168.14 tell 10.10.168.3
12:39:27.783073 802.1d config 8001.58:0a:20:2e:f5:80.8010 root 8001.58:0a:20:2e:f5:80
pathcost 0 age 0 max 20 hello 2 fdelay 15
0x0000: 0180 c200 0000 580a 202e f590 8100 0000 ......X......... 0x0010: 0026 4242 0300 0000 0000 8001 580a 202e .&BB........X... 0x0020: f580 0000 0000 8001 580a 202e f580 8010 ........X....... 0x0030: 0000 ..12:39:28.591791 arp who-has 10.10.168.14 tell 10.10.168.3
12:39:28.591800 arp who-has 10.10.168.13 tell 10.10.168.3
12:39:29.259011 arp who-has 10.10.168.13 tell 10.10.168.2
12:39:29.359354 arp who-has 10.10.168.2 tell 10.10.168.3
12:39:29.591549 arp who-has 10.10.168.13 tell 10.10.168.3
12:39:29.591566 arp who-has 10.10.168.14 tell 10.10.168.3
12:39:29.787288 802.1d config 8001.58:0a:20:2e:f5:80.8010 root 8001.58:0a:20:2e:f5:80
pathcost 0 age 0 max 20 hello 2 fdelay 15
0x0000: 0180 c200 0000 580a 202e f590 8100 0000 ......X......... 0x0010: 0026 4242 0300 0000 0000 8001 580a 202e .&BB........X... 0x0020: f580 0000 0000 8001 580a 202e f580 8010 ........X....... 0x0030: 0000 ..12:39:30.258722 arp who-has 10.10.168.13 tell 10.10.168.2
12:39:30.258847 arp who-has 10.10.168.14 tell 10.10.168.2
12:39:30.359289 arp who-has 10.10.168.2 tell 10.10.168.3
12:39:30.590876 arp who-has 10.10.168.14 tell 10.10.168.3
12:39:30.590893 arp who-has 10.10.168.13 tell 10.10.168.3
12:39:31.258598 arp who-has 10.10.168.14 tell 10.10.168.2
12:39:31.258614 arp who-has 10.10.168.13 tell 10.10.168.2
12:39:31.358922 arp who-has 10.10.168.2 tell 10.10.168.3
12:39:31.590859 arp who-has 10.10.168.13 tell 10.10.168.3
^C
55 packets captured
55 packets received by filter
0 packets dropped by kernel
[root@imm:Active:In Sync] config tcpdump -i 1.3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 1.3, link-type EN10MB (Ethernet), capture size 96 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
[root@imm:Active:In Sync] config tcpdump -i internal
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on internal, link-type EN10MB (Ethernet), capture size 96 bytes
12:43:22.250544 arp who-has 10.10.168.13 tell 10.10.168.2
12:43:22.251585 arp who-has 10.10.168.14 tell 10.10.168.2
12:43:23.250636 arp who-has 10.10.168.13 tell 10.10.168.2
12:43:23.251647 arp who-has 10.10.168.14 tell 10.10.168.2
12:43:24.250551 arp who-has 10.10.168.13 tell 10.10.168.2
12:43:24.251567 arp who-has 10.10.168.14 tell 10.10.168.2
12:43:25.251506 arp who-has 10.10.168.14 tell 10.10.168.2
12:43:29.259969 arp who-has 10.10.168.13 tell 10.10.168.2
12:43:30.259588 arp who-has 10.10.168.13 tell 10.10.168.2
12:43:30.260972 arp who-has 10.10.168.14 tell 10.10.168.2
12:43:31.259491 arp who-has 10.10.168.13 tell 10.10.168.2
12:43:31.260474 arp who-has 10.10.168.14 tell 10.10.168.2
12:43:32.259565 arp who-has 10.10.168.13 tell 10.10.168.2
12:43:32.260622 arp who-has 10.10.168.14 tell 10.10.168.2
12:43:33.259497 arp who-has 10.10.168.13 tell 10.10.168.2
^C
28 packets captured
28 packets received by filter
0 packets dropped by kernel
- nitass
is vlan and trunk configuration between bigip and switch correct (i.e. matching)?
can you post the configuration here?
for bigip, you can run tmsh list net vlan.
- Cory_50405
There is nothing in these captures except ARP traffic. Were you running pings or any other communications through the LTM while you were taking these captures? And are interfaces 1.2 and 1.3 your production interfaces that you expect to see this traffic on?
