Forum Discussion
NimbostratusTerraform LTM provider - ICMP disabled on resulting VIPs
Hello,
I recently started using the terraform provider to create my VIPs. It works great! It makes my life much easier and faster to create the non-prod environments and migrate those configs to prod. I've encountered one strange thing I'm struggling with though. I'm unable to ping the LTM VIPs.
The VIPs work perfectly other than we are unable to ICMP ping them. I hand-created a basic VIP in the same partition, on the same VLAN/Network, and I can ping it, so it's not a routing or firewall problem. There's no module other than LTM running on this F5, so there's no firewall policies or anything like that in play. Just an standard LTM VIP with HTTP and client-SSL profiles. Nothing I create with terraform is pingable though. There are no policies or irules in use. On the virtual address list ICMP Echo is set to always, ARP is enabled, state is enabled.
Has anyone else encountered this? I searched the forums and didn't find anything notable, and I haven't been able to find a solution yet. Even comparing the config files from the F5 hasn't produced anything notable. I'm sure it's something small that I'm missing.
LTM VIP configuration (sanitized) is inline below. Thanks!
ltm virtual /partition/app1PD-CLL-HTTPS {
description "server1, Terraform - Servicing the CLL"
destination /partition/10.1.212.244:443
ip-protocol tcp
mask 255.255.255.255
persist {
/partition/Cookie-app1CLL {
default yes
}
}
pool /partition/app1PD-CLL
profiles {
/partition/partition-HTTP-Weblogic-Proxy { }
/partition/OC-255.255.255.255 { }
/partition/server1 {
context clientside
}
/Common/tcp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
pool /partition/10.1.212.244
type snat
}
translate-address enabled
translate-port enabled
}
If you are using Terraform without AS3 then maybe just modify the virtual address that the virtual server uses bigip_ltm_virtual_address | Resources | F5Networks/bigip | Terraform | Terraform Registry
If you are using Terraform with AS3 it could be AS3 issue with your version or new bug (use latest as3 and if needed open git case under https://github.com/F5Networks/f5-appsvcs-extension ). See ARP of virtual address may show different property When Declare Virtual server via AS3 as in as3 you can create a service address option and then with "virtualAddresses": [{"use": "test.virtual-address"} ]," you can reference it in the Virtual server.
2 Replies
- Nikoolayy1
MVP
If you are using Terraform without AS3 then maybe just modify the virtual address that the virtual server uses bigip_ltm_virtual_address | Resources | F5Networks/bigip | Terraform | Terraform Registry
If you are using Terraform with AS3 it could be AS3 issue with your version or new bug (use latest as3 and if needed open git case under https://github.com/F5Networks/f5-appsvcs-extension ). See ARP of virtual address may show different property When Declare Virtual server via AS3 as in as3 you can create a service address option and then with "virtualAddresses": [{"use": "test.virtual-address"} ]," you can reference it in the Virtual server.
Scot_KreienkampThanks Nikoolayy1, that was the clue. Even though it creates the virtual address automatically it apparently doesn't do everything??? Not sure why, it looks the exact same in the UI before and after. I had to terraform destroy what I had (because otherwise it already created it and won't let me create it again), and add the virtual address creation before the VIP and automatic virtual address is created. Only then will it respond to ICMP.
