Forum Discussion
NimbostratusLDAP iApp error when using existing Virtual Server
Hi!
We are trying to use the LDAP iApp for the first time, integrating it with existing LDAP pools. When we try to create the iApp we get this error
01070333:3: Virtual Server /test-outside/LDAP.app/LDAP_vs illegally shares destination address, source address, service port, ip-protocol, and vlan with Virtual Server /test-outside/sdstest-389.
Our settings are as follows:
Name LDAP
Device Group Inherit device group from current partition / path
Traffic Group Inherit traffic group from current partition / path
Template Options
Which configuration mode do you want to use? Basic
Security
How should the BIG-IP system handle encrypted traffic? No encrypotion from client or LDAP High Availability
What IP address do you want to use for the virtual server? nnn.nnn.nnn.nnn
Do you want to create a new pool or use an existing one? (Existing) <existing pool name>
Application Health
Override the pool's health monitor? Use the health monitor that already exists on the pool
Any advie is greatly appreciated!
SajidCirrostratus
follow the deployment guide
https://www.f5.com/pdf/deployment-guides/iapp-ldap-dg.pdf
BIG-IP LTM version?
JGCumulonimbus
Obviously the iapp cannot use an existing virtual server. You can use a different IP address, and once you have fully tested your new deployment, you can then change the IP address at service cut-over.
jdanowitSorry, I said VS when I meant Pool; but it is allowing me to choose an existing pool and the choice is in a dropdown. So I am not sure why it would tease us like that.
So what I need to do is remove the pool from the existing VS, then use the existing pool, then reassign that pool to the previous VS?
The documentation doesn't seem to help
- JG
But the error message you posted above was about the use of an IP address already used for another virtual server.
Some iapps don't even allow the use of an existing node . If this is the case, you can create a new pool with fake or temporary pool members, and then disable "Strict Updates" for this deployment and modify the pool composition to swap the real servers in.
Nathan_F__F5_Employee
Hi jdanowit,
I would agree with JG on this. A pool should be able to be used for multiple virtual servers if you wanted to. The error you are seeing seems to be referencing the IP of the virtual server being the problem. The system won't allow you to create two virtual servers that use the same destination IP and port. If it did allow that you would end up with two virtual servers listening on the same IP and port which would cause an IP conflict.
I also confirmed this behavior in my lab by attempting to create a second virtual server with the same IP and port as an existing virtual server. I received the same error.
01070333:3: Virtual Server /Common/test_vs_2 illegally shares destination address, source address, service port, ip-protocol, and vlan with Virtual Server /Common/test_vs.
-Nathan F
- jdanowit
fair enough; again, this is my first time using this iApp (and my third time using iApps at all) so maybe I am missing something basic here, so let me back up a bit.
We have existing Virtual Servers and Pools setup for LDAP communication. Recently, our LDAP admin asked if we could use the F5 iApp to help speed requests, so together we sat through the building of the iApp through the console. We thought we could use existing components that are in place now and just allow the iApp to control them.
My understanding now is that we should build out a new, separate set of VIPs and Pools to use the iApp and then do a cutover. Is that correct?