For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

zoomlmk_159956's avatar
zoomlmk_159956
Icon for Nimbostratus rankNimbostratus
Jun 05, 2014

Unable to ping Management IP from another subnet

We have a GTM/LTM combo box and currently we are unable to ping the management IP from another subnet. The IP pings fine from the default gateway. I SSH'd into the F5 and did a tracepath to a node on the other subnet and the F5 is trying to send the traffic out of the external interface (Self-IP public address). This appears to most likely be the issue of the traffic leaving the outside interface as opposed to the management interface.

 

So I figured the fix would be to add a new route under Network -> Route within the F5 Web GUI. Unfortunately, the F5 does not recognize the default gateway of the F5's Management subnet as a connected interface, so it will not take any routes that include it.

 

Does anyone have any ideas on how to make the Management IP of our F5 pingable? We're operating on V 9.4.5 Build 1086.1 HF2.

 

Thanks,

 

Logan

 

management

6 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jun 05, 2014

    OK, so remove the route you added in the GUI, it only relates to LTM/TMM processed traffic, not the management interface.

    Then, to set a default gateway in the HMS (the Linux OS you use to manage the box) login via SSH and use this command;

    [tmsh] create sys management-route default gateway 'gateway-ip'
  • zoomlmk_159956's avatar
    zoomlmk_159956
    Icon for Nimbostratus rankNimbostratus
    Jun 05, 2014

    Thank you for the reply. After SSH'ing into my F5 I type "tmsh" but get a "-bash: tmsh: command not found." Any ideas? I did a "find -name 'tmsh'" but no joy.

     

  • zoomlmk_159956's avatar
    zoomlmk_159956
    Icon for Nimbostratus rankNimbostratus
    Jun 05, 2014

    I thought so too, so I tried that, but no go (create command not found). According to F5 documentation I should have a tmos prompt when in tmsh mode.

     

  • zoomlmk_159956's avatar
    zoomlmk_159956
    Icon for Nimbostratus rankNimbostratus
    Jun 06, 2014

    Yeah we're running a 9.X old version, so that is the issue. Nice catch.

     

    So after reading through the link you provided it looks like the 9.X version has an issue with unsolicited network traffic (aka icmp request from another source/network) not being routed out the right interface. The fix is to explicitly add a management route through the Linux OS.

     

    The command I used was: bigpipe mgmt route X.X.X.X netmask X.X.X.X gateway X.X.X.X

     

    Again, this fixed it. Thanks for your help all!

     

    Logan