Forum Discussion
genseek_32178
Nimbostratus
NimbostratusVIP fails Telnet but responds to ICMP
F5A telnet 10.45.2.10 80 Trying 10.45.2.10...
telnet: connect to address 10.45.2.10: No route to host telnet:
Unable to connect to remote host: No route to host
F5A ping 10.45.2.10
PING 10.45.2.10 (10.45.2.10 ) 56(84) bytes of data.
64 bytes from 10.45.2.10: icmp_seq=1 ttl=255 time=2.77 ms
64 bytes from 10.45.2.10: icmp_seq=2 ttl=255 time=0.990 ms
virtual vs_80 { translate address disable translate service disable pool pool80 destination 10.45.2.10:www ip protocol tcp persist persist80 profiles fastl4_80 {} vlans 80 enable }
Pool members are showing as - inactive down and not responding to telnet on port 80.
However, memebrs are pinging from F5.
Any ideas..what route is missing here when VIP is pinging?
El_JefeIf the pool members are down, the monitor is marking them as down. The servers are there, and therefore respond to pings from the LTM. What kind of monitor are you using?
nitassEmployee
virtual vs_80 { translate address disable translate service disable pool pool80 destination 10.45.2.10:www ip protocol tcp persist persist80 profiles fastl4_80 {} vlans 80 enable } what is pool80 member?
is it correct that translate address and server are disabled?- genseek_32178yes, translate address and server are disabled.
pool80 member is 10.45.2.20.
monitor is icmp monitor. - El_JefeOK, first off, if you are using a monitor for web servers listening on port 80, use a custom HTTP monitor to test the servers. I usually start with a GET /\r\n\r\n as the monitor and wait for a 200 OK response. You can get more specific, but that is just a baseline. Use a tool like fiddler or HTTPWatch to get more elaborate.
Second, I also see that you are using a FastL4 profile. I wouldn't necessarily do that either, it make the VS a regular Layer 7 one, allowing more flexibility, highes Load Balancing Functionality, and iRule functionality.
Third, you might want to turn on SNAT Automap. This may be an asynchronous routing issue. - nitassyes, translate address and server are disabled. translate address should not be disabled since virtual server address and pool member address are different.
monitor is icmp monitor.pool member is pingable from bigip but it is marked down, isn't it? do you have selfip in 10.45.2.0/24 subnet? what is your management ip? - genseek_32178when VIP and pool members are on diffrent network, is it always to enable translate address and server?
yes, slef ip is 10.45.2.5
mgmt ip - 10.192.10.20
What does output of the below telnet command means...from F5 point of view....does ti mean F5 does not know the route to 10.45.2.0/24?
telnet: connect to address 10.45.2.10: No route to host telnet:
Unable to connect to remote host: No route to host
FastL4 profile is our standard for such Virtuals...as i was told that this virtual has some thing to with Direct Server Return configuration..and therfore ...there should not be SNAT. - nitasswhen VIP and pool members are on diffrent network, is it always to enable translate address and server?yes if pool member is final destination.
What does output of the below telnet command means...from F5 point of view....does ti mean F5 does not know the route to 10.45.2.0/24? i think it means f5 does not have route for 10.45.2.10. by the way, what is 10.45.2.5's subnet? is it /24? - nitassoh i see it is npath/direct server return configuration.
can you make pool member up and see if client is able to access the virtual server? - genseek_32178yes, subnet is /24.
you mean..client --->VIP--> Pool Member...if this is working?
But we are not able to telnet to pool members from F5, something is missing..here - nitassyou mean..client --->VIP--> Pool Member...if this is working?yes
But we are not able to telnet to pool members from F5, something is missing..here you did telnet to wrong address. it could be 10.45.2.20 since it is npath configuration.