Forum Discussion
NimbostratusVirtual server not getting hits, irules not processed.
Hi
I have the following virtual servers:
VIRTUAL ip:port |---In----Out---Conn-|---In----Out---Conn-|-Nodes Up--
1.2.3.5:fud 0 0 0 0 0 0 16
none:webcache 0 0 0 0 0 0 16
none:https 0 0 0 0 0 0 16
none:http 0 0 0 0 0 0 16
none:imap 0 0 0 0 0 0 16
none:pop3 0 0 0 0 0 0 16
none:smtp 0 0 0 0 0 0 16
172.27.179.245:any 0 0 0 0 0 0 2
The 172.27.179.45 is not getting any hits at all even though a ping shows requests are coming in and the address is replying:
[root@cmansfieldf51102:Active] log tcpdump -i 0.0 host 172.27.179.245
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
17:54:07.053422 IP 172.27.179.51 > 172.27.179.245: ICMP echo request, id 16, seq 0, length 44
17:54:07.053430 IP 172.27.179.245 > 172.27.179.51: ICMP echo reply, id 16, seq 0, length 44
I have this irule on the virtual server:
when CLIENT_ACCEPTED {
log local0. "The IP Protocol is [IP::protocol]"
}
But nothing is logged.
I have identical config on another F5 (except for IP addresses) and its working.
Also I noticed when the virtual server is defined with a network address:
172.27.179.240 / 255.255.255.248 it does not reply when it should do, only when its configured as a host virtual server it replies, but still bigtop reports no stats and the irules do not fire.
I tried exporting/importing the config and bigstart restart but no change.
Any ideas?
7 Replies
hoolioCirrostratus
If you define a network virtual server, ARP is disabled by default as you are typically using the virtual server to forward traffic and do not want LTM answering ARP for the range.
What are you trying to do with the virtual server? If you want to accept traffic for 172.27.179.240 as a host, you should either add a new virtual server of 172.27.179.240 as a host or change the existing virtual server to a host.
Aaron
chris_connell_1Thanks Aaron.I have it defined as a host with specifically the IP:
172.27.179.245
I see icmps to this virtual server host IP.
Bigtop stats show zero requests though and irules are not processed.
- hoolioCan you post the anonymized output from 'b virtual VS_NAME list' and 'b virtual address 1.1.1.1 show' updating VS_NAME and 1.1.1.1 to your virtual server name and IP?
Thanks, Aaron - chris_connell_1
sure here it is:
virtual my_server {
snat automap
pool ingress
destination 1.1.1.1:any
rules log_irule
vlans vlan_South enable
}
b virtual my_server show
VIRTUAL ADDRESS 1.1.1.1 UNIT 1
| ARP enable
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
+-> VIRTUAL my_server SERVICE any
| PVA acceleration none
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
| requests (total) = 0
+-> RULE log_irule
+-> CLIENT_ACCEPTED 0 total 0 fail 0 abort
+-> POOL ingress LB METHOD round robin MIN/CUR ACTIVE MEMBERS 0/1
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
+-> POOL MEMBER pool-csm-ingress/172.8.2.4:any active,up
| | session enabled priority 0 ratio 1
| | (cur, max, limit, tot) = (0, 0, 0, 0)
| | (pkts,bits) in = (0, 0), out = (0, 0)
| | requests (total) = 0
+-> POOL MEMBER pool-csm-ingress/172.8.2.7:any inactive,down
| session enabled priority 0 ratio 1
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
| requests (total) = 0
- hoolioWhat protocol(s) are you trying to allow through?
Are you testing from a client on the vlan_South vlan? Can you try testing with curl (assuming this is HTTP)? Or netcat if it's a generic TCP app:
curl -v http://1.1.1.1/
nc 1.1.1.1 PORT
Aaron - chris_connell_1We are passing icmp through, basically its an icmp healthcheck which is forwarded to 2 servers.
I tried also making the virutal server more specific by putting "1" in the 'other' field instead of any.
- chris_connell_1sorry to answer your question, there are continous pings coming in on the vlan_south vlan to the virtual server IP, these are coming from a probe address.
