Forum Discussion

amass87_221296's avatar
amass87_221296
Icon for Nimbostratus rankNimbostratus
May 11, 2017

vCMP route-domain issue

Having a strange issue. F5 is logically inline between a firewall and the servers. I attempted to migrate from a virtual edition to vCMP guest and ran into a few issues. The main issue I am struggling with is that the vCMP guest, configured with partitions and route-domains is not reachable on the server facing Self-IP from the client side.

 

Code 12.1.2

 

Let's say we have 2 VLANs in one parition/route-domain. VLAN 10, 192.168.10.0/24 client facing VLAN 20, 192.168.20.0/24 server facing

 

The route-domain in question has a default route with the gateway being a layer 3 VLAN on the firewall. The servers have a default gateway of the Floating Self-IP on the F5.

 

Virtual Edition: VLAN 10 and VLAN 20 Self-IP addresses are pingable from user networks through the firewall F5 can ping servers in VLAN 10 from VLAN 10 Self-IP Users can ping servers in VLAN 10 through the firewall

 

vCMP Guest: VLAN 10 Self IP addresses are pingable from the user networks through the firewall VLAN 20 Self IP addresses are unresponsive F5 can ping servers in VLAN 10 from VLAN 10 Self-IP Users CANNOT ping server in VLAN 10 through the firewall

 

bigip.conf file objects were copied from Virtual Edition partition to vCMP guest partition. All bigip_base.conf objects were created manually. 4 partitions/route-domains in total each setup similarly, all have the same issue.

 

Per F5 instructions: - inherited VLANs from host - deleted VLANs in guest - created route-domains - created partitions with appropriate route-domain set as default for partition - re-created VLANs inside appropriate paritions

 

Not really sure where to begin. Probably should have restarted MCPD, but didn't get a chance before rollback. Am I missing something, or could it have just been an MCPD issue?

 

  • You say "F5 can ping servers in VLAN 10 from VLAN 10 Self-IP", but also "VLAN 20, 192.168.20.0/24 server facing". Where are the servers located??

     

    If VLAN 20, can you ping them from your self IP in VLAN 20 (use rdsh to switch to the right route domain)? Will you get a valid ARP entry for the server IPs in VLAN 20? If yes, is it in the right route domain? If no valid ARP entry can be seen, have you checked whether VLAN 20 is really available and forwarding on your vCMP host's uplinks?