Forum Discussion
genseek_32178
Nimbostratus
NimbostratusVS Issue
Hi,
Have the following 2 Virtual servers config,
virtual VS1
pool pl443
destination 1.1.1.1:443
ip protocol tcp
profiles tcp-default
vlan 2 enable
client - any
VIP - 1.1.1.1:443
pl443 - 10.10.10.10 ( status- UP )
when trying to access- https://1.1.1.1/active.html via VIP - Not working
when trying to access directly on pool member - https://10.10.10.10/active.html- Works
virtual VS2
pool pool443
destination 172.20.20.10:443
ip protocol tcp
profiles tcp-default
vlan 3 enable
client - any
VIP - 172.20.20.10:443
pool443 - 172.20.20.30 (status - up )
when connecting VIP via sql server studio - DOES NOT WORK
but when connecting via DIP/pool member via sql server studio- IT WORKS
any ideas would be greatful
genseek
nitassEmployee
have you done tcpdump? how was it?
genseek_32178VIP is responding on portqry from outside....and also responding to telnet on port 443 for both VS...
But when accessing the VIP using browser..it fails..but directly with DIP...it works fine..- nitasswhen client accessed vip, did you see 3 ways handshake on server-side, i.e. between f5 and server, in tcpdump?
- El_JefeClear your browser cache. I have seen weird issues like this be just that. If the VIP is truly responding on 443 via telnet, (i.e., you're getting real traffic back from the pool member, and not just echos....), then the LTM is really working and doing it's job. Also, I notices it just enabled on one vlan, try enabling it on all, and see if that makes a difference, and check to see if SNAT Automap is turned on or not.
- genseek_32178Thanks for the reply nitass and El_Jefe
can you plz tell me the exact command for tcpdump...to check the handshake ..directly on the F5 and not using wireshark etc..etc
El_Jefe,
VIP is enabled on the VIP vlan 2
So does it mean, VIP will listen only if traffic is originating fom VLan 2 and not from ANY other VLAN creatd on the F5? - nitasse.g.
tcpdump -i 0.0:nnn -s0 -w /var/tmp/test1.pcap host 1.1.1.1 or host 10.10.10.10
tcpdump -i 0.0:nnn -s0 -w /var/tmp/test1/pcap host 172.20.20.10 or host 172.20.20.30 - genseek_32178nitass,
output from the tcpdump command we can see directly on the F5 prompt right..no need to to use any packet capture tool?
also can you answer on the question about enabling the vlan on the virtual? - El_Jefegenseek - enabling only on the one VLAN means it will only route traffic on that VLAN.
- nitassoutput from the tcpdump command we can see directly on the F5 prompt right..no need to to use any packet capture tool? i think it is easier to check packet trace using tool such as wireshark.
HamishCirrocumulus
Posted By El_Jefe on 06/28/2012 06:52 AM
genseek - enabling only on the one VLAN means it will only route traffic on that VLAN.
To expand a little. To make a VS active on only 1 VLAN means that the packets TO that IP address need to come into he TMM via the named vlans. Any others will be dropped.Also be aware that asymetric routing is not supported... If the bigip opens a tcp connection OUT one interface it will expect the responding packets to come IN tha interface roo.