Forum Discussion
gscholz
Nimbostratus
NimbostratusMonitoring backend servers externally via ICMP
I have a simple setup in a test environment v13.1.1.2, with a virtual server and an associated pool with one member:
ltm node /Common/10.1.20.11 {
address 10.1.20.11
}
ltm pool /Common/pool_http {
members {
/Common/10.1.20.11:80 {
address 10.1.20.11
}
}
}
ltm virtual /Common/http_virtual {
destination /Common/10.1.10.20:80
ip-protocol tcp
mask 255.255.255.255
pool /Common/pool_http
profiles {
/Common/http { }
/Common/profile_analytics { }
/Common/tcp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}
I would like ICMP packets sent from my machine 10.1.10.1 to the virtual IP 10.1.10.20 to be forwarded to the backend server 10.1.20.11, and I would like to receive the replies.
If I look at the VIP configuration (Local Traffic ›› Virtual Servers : Virtual Address List ›› 10.1.10.20) I can see the "ICMP echo" configuration option, and the help section suggests the following:
"Specifies how the system sends responses to Internet Control Message Protocol (ICMP) echo requests on a per-virtual address basis. When enabled, the BIG-IP system intercepts ICMP echo request packets and responds to them directly. When disabled, the BIG-IP system passes ICMP echo requests through to the backend servers."
This does not happen (as verified with tcpdump), and if I understand K16885 correctly, then the instructions above are actually incorrect as the article says: "To prevent the BIG-IP system from responding to ICMP echo packets, you must disable ICMP Echo at the virtual address level."
So what method would you recommend to achieve my goal?
The virtual you configured suppose to serve tcp traffic only.
If you want ICMP to pass through you need to create another vip and use "all protocols" with ipother profile.
