Forum Discussion
NimbostratusLTM responding on behalf of servers which are down
We are running on version 11.6.0 HF5, The behavior I am getting is : -
Client(US)---LAN----F5(Inline mode)(China)---Servers(this is the setup)
Being a client I am able to ping the IP's which are not yet assigned to servers and vacant, But subnet is allocated behind LB. Even If I try to trace my machine IP from one of the available server, trace completed in one single hop with "1 ms", and pinagble, No matter if I shutdown client machine. But when I trace from client to server it gets completed in 11-15 hop depending upon client location.
I have taken Wireshark on LB and seems that F5 is replying on behalf of servers and client. Which is creating issues. I have checked the forwarding Virtual servers configured on LB, they have ARP disabled. and ICMP echo enabled.
Any suggestions how can we get rid of this situation.
2 Replies
JinshuCirrus
As I understand from your question, you are getting ping responses from VIP even after the nodes are down, isn't it?
If thats case, thats the default behavior of F5 VIP. You can turn the VIP to disable mode to stop responding to ping/trace packets.
Disabling the ARP may cause you problems in future connectivity because ARP wont be updated for your VIP for your gateway and traffic might get mis-routed.
-Jinshu
Ganesh_Gargissue was with ICMP-ECHO setting, which was enabled on forwarding Virtual server because of which LB was replying to the ICMP echo messages.
