For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Willian_Guilher's avatar
Willian_Guilher
Icon for Cirrus rankCirrus
Jul 09, 2014

Virtual Server and Virtual Address Question

Hey guys, I would like to ask for a little help with virtual address and virtual server. In my lab I created three virtual servers i.e 10.10.11.100:80, 10.10.11.100:443 and 10.10.11.100:22 so the virtual address is 10.10.11.100. My understanding is that if I disable the virtual address on the Virtual address list, none of these three virtual servers should be able to receive traffic; however, when I disable the virtual address I am still able to access these servers. I cleaned up cache and deleted the ARP entry but still does not work and I can access all three services, unless I directly disable the specific virtual server on the virtual server list. 1. Virtual Server: http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-1-0/ltm_virtual.html The SOL specifically says that you can create many-to-one relationship between virtual servers and a virtual address. My question is that it says that when you disable a virtual address, none of the virtual servers associated with that address can receive incoming traffic.

 

 

 

I appreciate your help.

 

application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
TMOS

5 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jul 09, 2014

    Looks like it's a known issue.

     

    http://support.f5.com/kb/en-us/solutions/public/8000/900/sol8940.html

     

  • gsharri's avatar
    gsharri
    Icon for Altostratus rankAltostratus
    Jul 09, 2014

    Have you tried disabling ARP in the virtual address properties? That should stop the virtual servers from responding.

     

    But...that still leaves the question of what's the point of disabling the VA if the VS will still respond? For that I do not have an answer at this time.

     

    Scott

     

  • Willian_Guilher's avatar
    Willian_Guilher
    Icon for Cirrus rankCirrus
    Jul 09, 2014

    Thank you Nathan and G. Scott. I followed Scott's advice and disabled the ARP configuration on the Virtual Address list. Once I disabled it, I all the virtual servers associated with that virtual address became inaccessible. Once I enabled it, the access to the web servers start working right away.

     

    Thank you very much.

     

  • gsharri's avatar
    gsharri
    Icon for Altostratus rankAltostratus
    Jul 09, 2014

    According to the SOL that Nathan referenced this has been a known issue for 7 - 8 years so don't hold your breath for a fix.

     

    Scott

     

  • Willian_Guilher's avatar
    Willian_Guilher
    Icon for Cirrus rankCirrus
    Jul 09, 2014

    Thanks Scott. I will address this to F5. I just tested it again on my lab and the only way it really works is if you disable the "ARP" configuration on the Virtual Address from the Virtual Address List. In this case you not even have to disable the virtual address itself, since the ARP is not resolved.