Nimbostratus

May 24, 2016

Routing with LTM Issues - Can't See Floating IP

We are in the process of creating a new network where we plan on doing nothing but automation. We want the LTM to act as the router so we can maintain source and not have to do Automap. Nothing that I do works and I am stumped. I even change the port lock down to allow all just to see if that was it, but wasn't. Any ideas?

Here are the devices being used to test this below.

The 3 machines I am using to test this are highlighted in yellow in the picture. The two VMs can ping each other no problem.

 Network:  172.19.68.0/22

 VMW7NETSEC = 172.19.68.30 
       Mask = 255.255.252.0
         DG = 172.19.68.5

 VMW7NETSEC2 = 172.19.68.32 
        Mask = 255.255.252.0
          DG = 172.19.68.5

DEV-LTM

This is the configuration of the Float and Self IP. The VLAN has been created and tagged as 323 on interface 1.3. I have verified that the MAC address of that interface matches on the vcenter side

The VLANs have been tagged on UCS and know that the two devices acting as "servers" can ping each other and are on same VLAN and should be able to ping and get to the LTM since this is host to host communication and is proven to work or the two VMS couldn't ping each other.

net self /Common/Float_Prod_HC_Web {
address 172.19.68.5/22
allow-service {
    default
}
traffic-group /Common/traffic-group-1
vlan /Common/Prod_HC_Web

net self /Common/Self_Prod_HC_Web {
address 172.19.68.4/22
traffic-group /Common/traffic-group-local-only
vlan /Common/Prod_HC_Web

application delivery

LTM

12 Replies

Hannes_Rapp
Nimbostratus
May 24, 2016
A few questions, I'm trying to narrow the search area.

Can you confirm your issue is that as you're trying to ping the Floating-SelfIP (172.19.68.5) from one of the VMs in same network, there's no response? If yes, have you tried using tcpdump on BigIP yet - do you see ICMP echo requests coming in, and if not, do you see any ARP who-is requests? Is the situation any better with the Local-SelfIP (172.19.68.4) - does it respond to ICMP as intended?
- Grayson_149410
  Nimbostratus
  May 24, 2016
  Neither the Self IP (.4) nor the Float IP (.5) are able to be pinged from those VMs. I am seeing on another server on the same VLAN sending requests to the LTM and I see this: 13:56:40.754585 ARP, Request who-has 172.19.68.20 tell 172.19.68.4,
- Grayson_149410
  Nimbostratus
  May 24, 2016
  Also to add, I just ran a capture and I am seeing ARP requests for both the Self and Float: 14:02:54.822595 ARP, Request who-has 172.19.68.4 tell 172.19.68.32, length 130 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=55 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0 14:02:55.782239 ARP, Request who-has 172.19.68.5 tell 172.19.68.32, length 130 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=55 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
- Hannes_Rapp
  Nimbostratus
  May 24, 2016
  It could be a VLAN tag-mismatch problem. What happens if you temporarily set Prod_HC_Web VLAN as "untagged" on 1.3 tmm interface? Does it change anything ?
Hannes_Rapp_162
Nacreous
May 24, 2016
A few questions, I'm trying to narrow the search area.

Can you confirm your issue is that as you're trying to ping the Floating-SelfIP (172.19.68.5) from one of the VMs in same network, there's no response? If yes, have you tried using tcpdump on BigIP yet - do you see ICMP echo requests coming in, and if not, do you see any ARP who-is requests? Is the situation any better with the Local-SelfIP (172.19.68.4) - does it respond to ICMP as intended?
- Grayson_149410
  Nimbostratus
  May 24, 2016
  Neither the Self IP (.4) nor the Float IP (.5) are able to be pinged from those VMs. I am seeing on another server on the same VLAN sending requests to the LTM and I see this: 13:56:40.754585 ARP, Request who-has 172.19.68.20 tell 172.19.68.4,
- Grayson_149410
  Nimbostratus
  May 24, 2016
  Also to add, I just ran a capture and I am seeing ARP requests for both the Self and Float: 14:02:54.822595 ARP, Request who-has 172.19.68.4 tell 172.19.68.32, length 130 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=55 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0 14:02:55.782239 ARP, Request who-has 172.19.68.5 tell 172.19.68.32, length 130 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=55 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
- Hannes_Rapp_162
  Nacreous
  May 24, 2016
  It could be a VLAN tag-mismatch problem. What happens if you temporarily set Prod_HC_Web VLAN as "untagged" on 1.3 tmm interface? Does it change anything ?
Chris_Grant
Employee
May 24, 2016
It is likely that you don't have a wildcard forwarding virtual server to handle the traffic being sent.

See: https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595/

Port Lockdown handles the ports your self IP will listen on for administrative connections.

See: https://support.f5.com/kb/en-us/solutions/public/17000/300/sol17333

The BigIP is a default deny device, and if it does not have a listener configured for the traffic reaching it it will either ignore or reset that traffic.
Chris_Grant
Employee
May 24, 2016
Since the formatting in the comment was totally hosed:

For the closest approximation of stateless IP forwarding, F5 recommends that you create an IP forwarding wildcard virtual server similar to the following example:

ltm virtual /Common/vs_wildcard_forwarding { destination /Common/0.0.0.0:0 ip-forward mask any profiles { /Common/my_route_friendly_fastl4 { } } source 0.0.0.0/0 translate-address disabled translate-port disabled }

Grayson_149410

Nimbostratus

May 24, 2016

Just wanted to update that I am seeing ARP requests to the LTM and LTM doesn't know what to do.

14:02:54.822595 ARP, Request who-has 172.19.68.4 tell 172.19.68.32, length 130 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=55 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0 

14:02:55.782239 ARP, Request who-has 172.19.68.5 tell 172.19.68.32, length 130 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=55 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0

Grayson_149410
Nimbostratus
May 24, 2016
Basically, I am only seeing the ARP request and then just stops there. It's like the LTM doesn't know how to respond and this is new territory for me.

Forum Discussion

Routing with LTM Issues - Can't See Floating IP

12 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

Issue on management route

Can a floating IP be the next hop for routing?

SNI Routing with BIG-IP

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

BIG-IP BGP Routing Protocol Configuration And Use Cases

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS