For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jay_Scovill_159's avatar
Jay_Scovill_159
Icon for Nimbostratus rankNimbostratus
Jun 02, 2014

Nodes in different subnets cannot ping each other

First, let me say that I'm a complete newbie to load balancing generally. I've spent a few days fighting through this and haven't found any thing that solves my issue.

 

I'm testing the F5 LTM virtual edition 11.3.

 

I have configured three VLANs:

 

Internal ID: 1972 SelfIP: 10.2.197.225 Untagged on 1.2

 

Dot196 ID: 1962 Self IP: 10.2.196.14 Untagged on 1.3

 

Dot194 ID: 1942 Self IP: 10.2.194.225 Untagged on 1.1

 

I have three hosts, two are in the 1942 subnet and one is in the 1962 subnet.

 

Hosts can ping the Self IP of of their own subnets and hosts within their VLAN. But hosts cannot ping or access the hosts in the other subnets. None of the hosts can access the internet either. They all have their default gateways set to the Self IP in their subnet.

 

I have created a virtual server that I thought would allow this but it doesn't work:

 

Type: forwarding IP source: 0.0.0.0/0 Dest: Network - 0.0.0.0/0 Service Port: 0 - All ports Protocol: All protocols VLAN and Tunnel Traffic: All VLANs and Tunnels Source Address Translation: None

 

Am I missing something obvious? Will paste a configuration if necessary.

 

Thanks.

 

application delivery
cloud
design
LTM
vmware

5 Replies

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Jun 02, 2014

    Hi!

     

    Sounds like it could be a traffic group issue. Have you tried either to create a floating self IP and assign it to the same traffic group as the virtual address of the forwarding server?

     

    If not I guess you could re-assign the traffic group of the forwarding server to the local-only group used by the self IP.

     

    /Patrik

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 02, 2014

    But hosts cannot ping or access the hosts in the other subnets.

    have you tried another service (i.e. not icmp)? if it still does not work, you may try tcpdump on bigip to see what the wrong is.

     tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x and host y.y.y.y -v

x.x.x.x is source ip
y.y.y.y is destination ip

    None of the hosts can access the internet either.

    you have configured default route in bigip, haven't you?

  • Jay_Scovill_159's avatar
    Jay_Scovill_159
    Icon for Nimbostratus rankNimbostratus
    Jun 02, 2014

    @Patrik: I both options but still no dice with either ICMP or RPC or any other kind of traffic.

     

  • Jay_Scovill_159's avatar
    Jay_Scovill_159
    Icon for Nimbostratus rankNimbostratus
    Jun 02, 2014

    Ok, I reset the F5 to factory defaults and reconfigured it from scratch using option one and I'm able to ping between subnets now!

     

    I really don't think I did anything differently in the configuration but there must have been something there in the previous one that was cleared out.

     

    Thanks for your help!

     

    • Patrik_Jonsson's avatar
      Patrik_Jonsson
      Icon for MVP rankMVP
      Jun 03, 2014
      Awww, that's disappointing. Troubleshooting is all the fun we get to have here! ;)