For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ushan's avatar
ushan
Icon for Altocumulus rankAltocumulus
Aug 14, 2022
Solved

Which IP initiates health monitoring of nodes when F5 are in HA?

Hi, I have two Big IP F5 in HA Active/Standby state.  I have configured the internal interface of Big IP as follows, Big IP 1 : 10.10.10.2  (Non-floating) Big IP 2: 10.10.10.3 (Non-floating) Flo...
application delivery
  • boneyard's avatar
    boneyard
    Aug 15, 2022

    this is how it works. both nodes have to be able to determine for themselves if a poolmember is reachable. it makes sense to always use the non floating for this. else the health monitor IP would change with a failover.

  • StephanManthey's avatar
    StephanManthey
    Aug 15, 2022

    As written by boneyard, the non-floating self-IPs are used for the monitoring. That´s the default behaviour and might be changed perhaps by using an external monitor.

    That´s why your internal ACLs have to permit access to the real servers (aka poolmembers) for both non-floating self IPs and the IP-address being used for SNAT (i.e. the floating self IP with SNAT automap).

    Be aware, that a monitor might even be fired through the out-of-band management interface (using the management IP). This will be the case, if there is a better route to the target and might be prevented by using route domains or the InTMM monitoring feature.

boneyard's avatar
boneyard
Icon for MVP rankMVP
Aug 15, 2022

this is how it works. both nodes have to be able to determine for themselves if a poolmember is reachable. it makes sense to always use the non floating for this. else the health monitor IP would change with a failover.