cancel
Showing results for 
Search instead for 
Did you mean: 

F5 LTM Health check source IP issue

JayP_46820
Nimbostratus
Nimbostratus

We have pair of 8900 LTM in active/standby mode. They are running multiple partitions with multiple route domains. Virtual Server are in public range, real servers are in RFC1918 range. In one route domain, we have two VLAN which connect to internal network. These are on dot1q trunk.

 

- VLAN1 using self IP 172.26.255.1/28, VLAN100 using 172.26.255.17/28.

 

- Routing = 172.26/16 -> 172.26.255.14,

 

= 172.26.100/24 -> 172.26.255.30.

 

- VIP = 200.200.200.200.

 

- Pool member = 172.26.100.100:80

 

- Node = 172.26.100.100

 

 

For health monitor , the source IP address used to check node 172.26.100.100 is 172.26.255.1, which means the return path is asymmetrical (goes out VLAN100, comes back VLAN1). I was expecting it to use the outgoing interface IP of 172.26.255.17.

 

 

Is this normal behaviour or some bug. I should note that VLAN1 was configured first, and VLAN100 is only a recent addition.

 

 

Thanks

 

3 REPLIES 3

nitass
F5 Employee
F5 Employee
I was expecting it to use the outgoing interface IP of 172.26.255.17.i expect it too. have you tried to restart bigd?

 

 

tmsh restart sys service bigd

Chura_16140
Nimbostratus
Nimbostratus
How did u see it ?

 

Can you run tcpdump to check the actual source ?

JayP_46820
Nimbostratus
Nimbostratus

This was caused by a bug, apparently v10 and multiple route domains have many issues.

 

Better to upgrade to v11.

 

 

sol14048: The BIG-IP system may fail to use a self IP address from the same subnet as the pool member being monitored

 

https://support.f5.com/kb/en-us/solutions/public/14000/000/sol14048.html?sr=26997749