Forum Discussion
gianluca_gozzi
Nimbostratus
NimbostratusMonitoring node with npath routing
Hi Guys
I've this question regadin the node monitor with npath routing.
The configuration is
Vs 10.15.50.54:389
with fast L4 profile loose closed enabled.
the real server node are
10.15.50.21 and 10.15.50.22 with loopback address 10.15.50.54.
I,ve this problem:
the ldap service is activated on loopback address of the real server and my monitor against the real server address does not work.
Is possible send the monitor to the mac address of real server and ip of loopback?
Otherwise I'm forced to activate the service also on the real ip (10.15.50.21-22)
11 Replies
- The_BhattmanHi Gianluca,
I am afraid the monitors don't have the ability to use the mac-address. Also monitoring the loop backs of the server will not be possible because the LTM will see the VIP address since it's holding the address.
Bhattman 
hoolioCirrostratus
A stab in the dark: I wonder if you could use a transparent monitor for this?
Configuring Monitors - Using transparent and reverse modes
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_monitors.html1215710
Else, is it a problem to enable the service on the actual IP address and then use an alias for the monitor?
Aaron
L4L7_53191I actually don't think you can use transparent monitors for this particular use case, as they look for 'healthy' tcp conversations. Npath would prevent them from seeing return flows and things will break. If I am wrong here someone please correct me - I've not done much work with this type of monitor and I've not tested it with npath.
-Matt
HamishCirrocumulus
From memory (I don't use npath any more) transparent monitors ARE the way to monitor.
From memory you have to configure a different transparent monitor for each VS (The alias is set to the service IP).
H
laouedj_63413Hy
I have the same probleme and I don't find the solution anywhere. Is someone can help us ?
Thank you- hoolioHave you tried configuring a transparent monitor with the alias address set to the virtual server IP address? That seems logically, and per Hamish's comments, to be a possible solution.
Aaron - Dave_Whitla_254It may seem logical. I thought (from the rather terse contextual help) that it would do the trick but I can tell you with certainty that it doesn't. I don't understand why the F5 can't just use the same next-hop mechanism to monitor that it uses to forward the traffic. This is an nPath showstopper - so I'd appreciate any advice from anyone who has made this work. Dave
- Dave_Whitla_254Strange - I got this to work eventually.
Problem was with "ip address add dev lo 10.1.1.1/32 scope host label lo:images".
Seems the scope needed to be global . - hexueli_36169Hi Dave,
I have the same issue. Can you please be so kind to provide more details how you get this to work?
I don't follow your "Problem was with ....", where to putup that command? Are you using GTM? ...
Thanks for your help! - Dave_Whitla_254Apologies for the late reply hexueli. I've been on holiday. We are using LTM only with n-path otherwise known as Direct Server Return. The problem I had was not with the F5 devices but with the way I was configuring my RHEL 5 Linux boxes to accept packets for the VIP. The command included above was what I was using to configure the VIP as an interface IP on the Linux boxes. As someone else stated above, the correct LTM monitor configuration should set Transparent to YES and specify an Alias IP of whatever the virtual service IP is.
