Forum Discussion
NimbostratusServers/Nodes behind F5 having on and off issue connecting to servers outside
Hello DevCentral Experts, Servers/Nodes are using F5 as default gateway. We are experiencing name resolution issue from the nodes behind F5 resolving to a server outside of F5. Sometimes it works, sometimes it doesn't. From the node behind F5, we tried to telnet to a welknown port that the DNS server is also listening on, we get on and off response, where telnet works one time and doesn't work the other time consecutively.
Ping to the same server is working 100% of the time.
7 Replies
PeteWhiteEmployee
Do you have a forwarding virtual server configured?When executing a telnet or ping: are you doing this via the hostname or ip address? Do you see a difference when executing both?
Amitabha_118500We have found the cause of the problem. The Nodes behind F5 is using fault tolerance NIC team. Servers have 2 NICs. One will transmit and receive. The other one will transmit only. We changed the NIC teaming config to have one interface active at a time. This NIC teaming config was not a problem for ACE and is not a problem for Cisco ASA, but it's a issue for F5. Does anyone know why? How does F5 handle ARP?
NikhilBWhen executing a telnet or ping: are you doing this via the hostname or ip address? Do you see a difference when executing both?
- Amitabha_118500We have found the cause of the problem. The Nodes behind F5 is using fault tolerance NIC team. Servers have 2 NICs. One will transmit and receive. The other one will transmit only. We changed the NIC teaming config to have one interface active at a time. This NIC teaming config was not a problem for ACE and is not a problem for Cisco ASA, but it's a issue for F5. Does anyone know why? How does F5 handle ARP?
- Amitabha_118500Yes, we had to create two standard type forwarding virtual servers to match all traffic for all destination in a route domain. One VS for TCP. One VS for UDP. When we created a VS type IP forwarding to match all protocol, it doesn't work for UDP traffic.
- Amitabha_118500
I found the resolution of this problem here:
https://devcentral.f5.com/questions/f5-ltm-vip-stp-problem
"In short: "Found this thread useful, so posting our solution to it, not sure if there is some other way of doing it.
Our problem was HP blade servers configured with TLB teaming initiating connections to a VIP where the F5 and HP servers were on the same VLAN - sometimes it worked, sometimes it didn't. Packet capture showed F5 sending traffic back to source MAC in request, rather than the MAC in the ARP table.
Our solution: On the VIP, we set "Auto Last Hop" to "disabled", which fixed our problem on that VLAN. It actually broke connections coming in via another VLAN through a firewall, so we just configured another VIP on that VLAN. So ended up with 2 VIPs, with same IP, with different source vlans and different "auto last hop" settings."
