Forum Discussion
Unable to connect endpoint servers
ENVIRONMENT
1- F5 load balancer is configured with a trial license.
2- Node, pool and virtual server is configured with green sign.
NOTICED
Unable to ping virtual server.
QUERY
- Unable to connect from a user to configured pool node.
Application works in trail license.
- Check the connectivity from system to VIP(Load balancer) make sure System IP should have proper routing towards LB.
- Configure the SNAT "automap" in VIP and check the telnet, curl from F5 bash.
example: Login to F5 CLI.
==> curl -I http://IP_Address
==> telnet IP_Address:80
Hope it will help you.
- ZAHIDHASEEB
Nimbostratus
[root@F5:Active:Standalone] config # telnet 192.168.4.216:22
telnet: 192.168.4.216:22: Name or service not known
192.168.4.216:22: Unknown host
- Mathew
Cirrus
It looks the network reachability to the VS is not correct.Please confirm the network configurations for the Virtual server subnet . If possible please share the network and routing configurations
- ZAHIDHASEEB
Nimbostratus
I am not able to see destination IP when I run the ifconfig command on F5. Below snaps is for reference.
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::250:56ff:fe97:2bf8 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:97:2b:f8 txqueuelen 1000 (Ethernet)
RX packets 104193 bytes 25406179 (24.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4844 bytes 1234543 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.255.255.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 216848 bytes 23292454 (22.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 216848 bytes 23292454 (22.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.2.0.2 netmask 255.255.255.0
loop txqueuelen 1 (Local Loopback)
mgmt: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.4.130 netmask 255.255.248.0 broadcast 192.168.7.255
inet6 fe80::250:56ff:fe97:2bf8 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:97:2b:f8 txqueuelen 1000 (Ethernet)
RX packets 104181 bytes 23933995 (22.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4854 bytes 1236579 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tmm: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 127.1.1.254 netmask 255.255.255.0 broadcast 127.1.1.255
inet6 fe80::298:76ff:fe54:3210 prefixlen 64 scopeid 0x20<link>
inet6 fc00:f5::1 prefixlen 64 scopeid 0x0<global>
ether 00:98:76:54:32:10 txqueuelen 1000 (Ethernet)
RX packets 11442 bytes 634459 (619.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15505 bytes 14624952 (13.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tmm_bp: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 127.20.0.254 netmask 255.255.0.0 broadcast 127.20.255.255
inet6 fe80::1:23ff:fe45:fe prefixlen 64 scopeid 0x20<link>
ether 02:01:23:45:00:fe txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 360 (360.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@F5:Active:Standalone] config #
- Ahmed_Galal
Cirrostratus
is F5 implemented as gateway for backend servers or not?
becouse traffic connectivity (with Float address in case of HA) is different than healthcheck connectivity (with Self address one to one with backend server)
# if F5 not configured as backend servers gateway you should configure SNAT pool or automap on VS to avoid as-symmetric routing issue.
could you please share (#tmsh list ltm virtual <VS name>) so we would be able to see VS configuration
- ZAHIDHASEEB
Nimbostratus
I want to test it as a load balancer where I need to send traffic from a client to the virtual server.
root@(F5)(cfg-sync Standalone)(Active)(/Common)(tmos)# list ltm virtual XXXXXXX
ltm virtual XXXXXXX {
creation-time 2019-11-06:04:10:53
destination 192.168.4.216:ssh
ip-protocol tcp
last-modified-time 2019-11-06:04:10:53
mask 255.255.255.255
pool Pool1
profiles {
tcp { }
}
source 192.168.24.31/32
translate-address enabled
translate-port enabled
vs-index 2
(Do we need to assign this IP 192.168.4.216 to any ethernet interface?)
- Mathew
Cirrus
Hi Two things to verify as you have configured to allow from specific source IP Address make sure you are trying from 192.168.24.31 and yes you should have a path to come in to reach 192.168.4.216, Either create the interface in F5 or do the necessary routing configuration to reach this IP Address in F5. Please let me know any service or training required.
- Ahmed_Galal
Cirrostratus
ok, thats mean that F5 not configured as gateway for backend server.
you have to configure SNAT option as automap under VS to make force traffic to return back to F5.
note that you configured that only host 192.168.24.31 will connect to this VS
- ZAHIDHASEEB
Nimbostratus
Still facing request time out after Auto Map configuration
- Mathew
Cirrus
My last comment was not for the back end server communication i was refering to the vs communication . can you share the screenshot of virtual server statistics is it getting any hits.
- ZAHIDHASEEB
Nimbostratus
Can we see the virtual server IP on any interface of F5 OR should we be able to ping the VS IP ?
- Ahmed_Galal
Cirrostratus
(Do we need to assign this IP 192.168.4.216 to any ethernet interface?)
did you configured the following:-
- Trunk (LAG) and assign ether interfaces to this Trunk
- VLAN
- Self interfaces ( L3 interfaces for each VLAN)
- routing to backend servers.
if F5 connected to network with one interface no need to create Trunk (LAG) just assign VLAN to this eth.
- Mathew
Cirrus
Please verify that your virtual server statistics, is it really hitting F5 virtual server, If not there is configuration mismatch in network perspective.
- ZAHIDHASEEB
Nimbostratus
Do the VS pingable ? I am not able to see VS IP address when I run the ifconfig command at F5 cmd. Also when I ping VS from F5 i am also not able to see successful ping response. For your reference, please see the below output.
[root@F5:Active:Standalone] config # ping 192.168.4.216
PING 192.168.4.216 (192.168.4.216) 56(84) bytes of data.
From 192.168.4.130 icmp_seq=1 Destination Host Unreachable
- Adeyinka
Nimbostratus
Hello,
I am having the same issue.
I can ping the VIP from the F5 successfully and see it in the statistics page but cannot access on the GUI. However, can reach the servers URL directly (bypassing F5 VIP).
I have configured SNAT as Automap on the Virtual Server as well.
Please help.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com