Hi All new to F5 and this forum so if this has been asked before I'm sorry but I did search. I have a situation where I am using an F5 to monitor 3 variables in my Data center. Internet connection, internal connection and also a Bluecoat Proxy health. This then has a VC Pool associated with these monitors, but no actual traffic is passing this VC Pool, it is just being pinged by a router for an IP SLA measure. What I would like to do is for the F5 to stop responding to ICMP on the VC Pool address should any of the monitors go down. I can see the monitor go red (Yes I am using the Gui at the moment;) but I can still ping the VC. Any help or direction would be of great help. Thanks

Forgive my ignorance but what is a VC Pool?

Opps sorry I meant Virtual Servers Pools

OK, so IPSLA is PINGing the Virtual Server address yes? Is this a standard virtual server? If so, I think changing it to a FastL4 VS will solve your problem.

This hasn't worked. As I still only have the option of TCP or UDP on the protocol drop down. Am I going the wrong way and a VS is not what I should be using? As I am really open to suggestions on this problem.

That's right and as expected. The point is, whichever you choose (I think) if the Virtual Server is marked as down, the ICMP won't be responded to. You don't need to specify ICMP anywhere, it's just how a performance VS works.

Monitor and ICMP response

What_Lies_Bene1
Cirrostratus
Sep 25, 2012
Forgive my ignorance but what is a VC Pool?
Jonathanpe_4611
Nimbostratus
Sep 26, 2012
Opps sorry I meant Virtual Servers Pools
What_Lies_Bene1
Cirrostratus
Sep 26, 2012
OK, so IPSLA is PINGing the Virtual Server address yes? Is this a standard virtual server? If so, I think changing it to a FastL4 VS will solve your problem.
Jonathanpe_4611
Nimbostratus
Sep 28, 2012
This hasn't worked. As I still only have the option of TCP or UDP on the protocol drop down.

Am I going the wrong way and a VS is not what I should be using? As I am really open to suggestions on this problem.
What_Lies_Bene1
Cirrostratus
Sep 28, 2012
That's right and as expected. The point is, whichever you choose (I think) if the Virtual Server is marked as down, the ICMP won't be responded to. You don't need to specify ICMP anywhere, it's just how a performance VS works.
Jonathanpe_4611
Nimbostratus
Sep 28, 2012
I must be doing someting else wrong as it is still responding to ICMP even if a monitor is down or even is the VS is disabled.
What_Lies_Bene1
Cirrostratus
Sep 28, 2012
Sorry, I've looked into this a bit further and it seems ICMP will always be responded to as other virtual servers could exist on the device with the same IP address but using different service ports. However, a performance VS will send a RST on it's listening port. So, could you change the IP-SLA monitor to monitor the VS service port rather than use ICMP?
Jonathanpe_4611
Nimbostratus
Sep 28, 2012
So I could do a TCP_connect time sla. So if the VS dosn't respond on a defined TCP port the sla drops. The router and F5 are only a max of 5ms apart.
What_Lies_Bene1
Cirrostratus
Sep 28, 2012
Correct although I'm assuming IP-SLA won't accept a RST as confirmation that a host is up; I wouldn't of thought so. Just make sure the VS doesn't have a HTTP profile assigned as things work differently then.
Jonathanpe_4611
Nimbostratus
Sep 28, 2012
Yep I am using tcp port 9000 and the F5 sends a rst packet after Syn/ack packets even if the monitor is up or down. I am getting this from a packet capture on an ASA inbetween.

Forum Discussion

Monitor and ICMP response

Recent Discussions

CPU high load during specific time periods

F5 OS r-Series cron job schedule

Connections log

VAPT or APT tools scan prevention

R2600 device and tenant/partition configuration

Related Content

node monitor vs pool monitor?

Virtual Server and ICMP/PING

DNS Whitelist Responses

Parse username from server response

Devcentral email response adds the entire signature to the response!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS