Showing results for 
Search instead for 
Did you mean: 

F5 GTM communication

Hi all,



Excuse the novice post, I'm quite new to getting this kind of thing working and have read through some posts I've found on the site. I do have a manual but it's quite brief and not much help here...



I'm trying to get two GTMs communicating but am having a bit of an issue... they are both up and running, and I configured both GTMs public IPs in the servers section with bigip health monitor and virtual server discovery enabled.



the steps I've taken so far to get them talking are:



i) Changed sync group name to something more appropriate.





On the first GTM:



[root@glb01:Active] config cd /config/httpd/conf


[root@glb01:Active] conf cd ssl.crt


[root@glb01:Active] ssl.crt ls




[root@glb01:Active] ssl.crt openssl x509 -x509toreq -in server.crt -out server.csr -signkey /config/httpd/conf/ssl.key/server.key


Getting request Private Key


Generating certificate request


[root@glb01:Active] ssl.crt openssl x509 -req -in server.csr -signkey /config/httpd/conf/ssl.key/server.key -days 3650 -out server.crt


Signature ok


subject=/C=--/ST=WA/L=Seattle/O=MyCompany/OU=1222281709/CN=dhcp-71/emailAddress= root@dhcp-71


Getting Private key


[root@glb01:Active] ssl.crt bigip_add [dest ip]



3) The same was done on the second GTM, and then:



[root@glb012:Active] ssl.crt gtm_add [dest ip]


WARNING: Running this script will wipe out the current configuration


files (wideip.conf, named.conf and named zone files) on the BIG-IP GTM


Controller on which this script is run. The configuration will be


replaced with the configuration of the remote BIG-IP GTM Controller


in the specified sync group


The local BIG-IP GTM MUST already be added in the configuration of the


other GTM.



Are you absolutely sure you want to do this? [y/n] y



==> Running 'bigstart shutdown gtmd' on the local system


==> Running 'bigstart shutdown zrd' on the local system


==> Running 'bigstart shutdown named' on the local system


Retrieving remote and installing local BIG-IP's SSL certs ...


Enter root password if prompted




Verifying iQuery connection to This may take up to 30 seconds



Retrieving remote GTM configuration...



Retrieving remote DNS/named configuration...



Sync_zones script failed to retrieve DNS/named configuration:


13294:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:844:




New, (NONE), Cipher is (NONE)




Protocol : TLSv1


Cipher : 0000


Session-ID: B5B3639B5D832B69BC3314201A2DBACC63E01B4C42C7FB611CD4F541B641774D






Key-Arg : None


Start Time: 1225330204


Timeout : 7200 (sec)


Verify return code: 0 (ok)




rsync: connection unexpectedly closed (0 bytes received so far) [receiver]


rsync error: unexplained error (code 255) at io.c(453) [receiver=2.6.9]


Could not sync /var/named//config/named.conf!



Restarting gtmd


Restarting named


Restarting zrd


[root@glb02:Active] ssl.crt



if I run the bigip_add script again, iqdump shows more normal heartbeat output again btu replication doesn't work. Am I missing something simple here?



Thanks in advance!



EDIT: I followed the guide I found on here ( after deleting the certificates I'd created, but still no joy..

You mentioned that you have configured both GTM public IP's do they also have private IP's. If so should also add that information into the Translation address section of the Server objects

I know it's a little late, but I wanted others to maybe get something out of this... I was getting the same error as described above. I was able to correct the errors, and get iquery working again by doing a bigip_add, then the gtm_add for each box.



just my $.02, hope it helps someone...