Forum Discussion
mreco_159588
Cirrus
CirrusNo response after added virtual server IP address as floating self-IP address
Hi,
I have an F5 HA pair that serves several virtual servers.
VS1: ip1
VS2: ip2
Now, the IP address of VS1 (ip1) was already defined as a floating self-IP, but I found out that th...
It was driving me nuts, since I just want to understand what's going.
After reading this post: https://devcentral.f5.com/questions/self-ip-address-selection-with-multiple-to-choose-from, I checked the firewall logs again. And now the pieces fit.
On the Virtual Servers I have SNAT Automap enabled. When I only have one floating self IP, that floating self IP is used to initiate traffic to backend servers. When I add more floating self IPs, it will use any of those floating self IPs to initiate traffic towards the backend servers.
The firewall between the F5 and the backend servers does not accept this traffic, meaning not actually the VS stopped responding after I added the VS IP address as a floating self IP, but the firewall blocked traffic towards the backend servers.
So, conclusion (just to summarize):
- only one floating self IP is needed for SNAT communication towards the backend servers (if the amount of connections is less than 65000, otherwise more are needed and I must define a SNAT pool or allow the other floating IP addresses to communicate to the backend servers)
- I will remove the unneeded floating self IP, since they're not needed for a VS to function as a listener IP
Thanks all for your help!
marin_266716
Nimbostratus
NimbostratusIm confused, you said floating IP but you also said VS, are you adding a floating IP and thinking it will be the VIP for a pool?
VS1 = VIP1 (Application 1) VS2 = VIP2 (Application 2)
Self IP = IP in segment used to to reach into segments for monitoring or other purposes.
A Self IP is just that, in an HA cluster you could have 2-3 IP's per VLAN. 2x would be 1 Self IP (Non-Floating) per device in your HA group. The 3rd IP would be the floating IP added to the Active node and synced across to the standby. Floating IP's sync, self IP's do not. The Floating IP can be used as a default gateway for instance since it will always follow the active member.
What are you trying to accomplish with said "Self/Floating IP"
mreco_159588Cirrus
CirrusWell, on the unit is is not working on, I have (I have changed the IPs not to be the real world IPs) the following setup:
VS1: 204.12.15.183
VS2: 204.12.15.184
I recently added a couple VS's more:
VS3: 204.12.15.185
VS4: 204.12.15.186
VS5: 204.12.15.187
Self IP of unit 1 (non-floating): 204.12.15.180
Self IP of unit 2 (non-floating): 204.12.15.181
Floating IP on cluster: 204.12.15.183
Everything working just fine until now.
The I added to IP address of VS3, VS4 and VS5 as a floating self-IP (because I also have this on other units without problems) and then things stopped working: all VS's didn't accept traffic anymore. I then tested and as soon as I add a second floating self-IP to the cluster, all traffic VS's stop responding.
To answer your questions:
- Are the working VS's and this VS in question here all in the same subnet? Yes, all mentioned IPs and VS's are on the same VLAN.
- Are they even on the same F5? Yes.
- Can you give an example IP of a VS and the 2x Self-IP's and the Floating (which should match the VS IP)? See above.
- Also if you can tell me which VLAN's are trunked in your "Reals" and "Virtuals" along with the VLAN that said "working" VS is on? All VS's are on 'All VLANs and Tunnels'. Above mentioned self-IPs are on VLAN 'external'.
- On the VS that works, but also has a Floating of the same IP, I have a sneaking suspicion that the VLAN that supports that network is not trunked on the side where the "Floating" IP is used? That would be 204.12.15.183 then. How can I check if that's the case? I don't really understand what you mean here.