Forum Discussion
Virtual server not getting hits, irules not processed.
Hi
I have the following virtual servers:
VIRTUAL ip:port |---In----Out---Conn-|---In----Out---Conn-|-Nodes Up--
1.2.3.5:fud 0 0 0 0 0 0 16
none:webcache 0 0 0 0 0 0 16
none:https 0 0 0 0 0 0 16
none:http 0 0 0 0 0 0 16
none:imap 0 0 0 0 0 0 16
none:pop3 0 0 0 0 0 0 16
none:smtp 0 0 0 0 0 0 16
172.27.179.245:any 0 0 0 0 0 0 2
The 172.27.179.45 is not getting any hits at all even though a ping shows requests are coming in and the address is replying:
[root@cmansfieldf51102:Active] log tcpdump -i 0.0 host 172.27.179.245
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
17:54:07.053422 IP 172.27.179.51 > 172.27.179.245: ICMP echo request, id 16, seq 0, length 44
17:54:07.053430 IP 172.27.179.245 > 172.27.179.51: ICMP echo reply, id 16, seq 0, length 44
I have this irule on the virtual server:
when CLIENT_ACCEPTED {
log local0. "The IP Protocol is [IP::protocol]"
}
But nothing is logged.
I have identical config on another F5 (except for IP addresses) and its working.
Also I noticed when the virtual server is defined with a network address:
172.27.179.240 / 255.255.255.248 it does not reply when it should do, only when its configured as a host virtual server it replies, but still bigtop reports no stats and the irules do not fire.
I tried exporting/importing the config and bigstart restart but no change.
Any ideas?
- hoolioCirrostratusIf you define a network virtual server, ARP is disabled by default as you are typically using the virtual server to forward traffic and do not want LTM answering ARP for the range.
- chris_connell_1NimbostratusThanks Aaron.
I have it defined as a host with specifically the IP:
172.27.179.245
I see icmps to this virtual server host IP.
Bigtop stats show zero requests though and irules are not processed.
- hoolioCirrostratusCan you post the anonymized output from 'b virtual VS_NAME list' and 'b virtual address 1.1.1.1 show' updating VS_NAME and 1.1.1.1 to your virtual server name and IP?
- chris_connell_1Nimbostratus
sure here it is:
virtual my_server {
snat automap
pool ingress
destination 1.1.1.1:any
rules log_irule
vlans vlan_South enable
}
b virtual my_server show
VIRTUAL ADDRESS 1.1.1.1 UNIT 1
| ARP enable
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
+-> VIRTUAL my_server SERVICE any
| PVA acceleration none
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
| requests (total) = 0
+-> RULE log_irule
+-> CLIENT_ACCEPTED 0 total 0 fail 0 abort
+-> POOL ingress LB METHOD round robin MIN/CUR ACTIVE MEMBERS 0/1
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
+-> POOL MEMBER pool-csm-ingress/172.8.2.4:any active,up
| | session enabled priority 0 ratio 1
| | (cur, max, limit, tot) = (0, 0, 0, 0)
| | (pkts,bits) in = (0, 0), out = (0, 0)
| | requests (total) = 0
+-> POOL MEMBER pool-csm-ingress/172.8.2.7:any inactive,down
| session enabled priority 0 ratio 1
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
| requests (total) = 0
- hoolioCirrostratusWhat protocol(s) are you trying to allow through?
- chris_connell_1NimbostratusWe are passing icmp through, basically its an icmp healthcheck which is forwarded to 2 servers.
I tried also making the virutal server more specific by putting "1" in the 'other' field instead of any.
- chris_connell_1Nimbostratussorry to answer your question, there are continous pings coming in on the vlan_south vlan to the virtual server IP, these are coming from a probe address.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com