F5 VE lab setup question - Load balancer not responding to VIP?
hi,
Being quite new to F5, I am trying to setup my F5 practice lab according to: https://devcentral.f5.com/articles/configuring-the-big-ip-and-php-hack-it-yourself-auction-site
I have changed the IP addresses aroudn to match the F5 training manual -"Configuring BIG-IP ASM v11 Application Security Manger" (v11.6.0 - December 2014), and I am running the F5 virtual lab edition 11.6.
So far it's been good and I could access the GUI and configure the setting okay.
a. I have setup a virtual server with the IP address of 10.10.36.10 as shown below:
b. The vlan interface called "External" has also been setup okay:
external Link encap:Ethernet HWaddr 00:0C:29:F3:A9:81
inet addr:10.10.36.31 Bcast:10.10.36.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fef3:a981/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6547 errors:0 dropped:0 overruns:0 frame:0
TX packets:76 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:928727 (906.9 KiB) TX bytes:3512 (3.4 KiB)
c. from my test machine (10.10.36.200), I can access the F5 GUI via this external interface(10.10.36.31) without any issues (as I have allowed this over 443)
d. The vlan interface named "Internal"(which connects to the test web server I have setup) has also been setup okay:
internal Link encap:Ethernet HWaddr 00:0C:29:F3:A9:8B
inet addr:172.16.36.31 Bcast:172.16.36.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fef3:a98b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26595 errors:0 dropped:0 overruns:0 frame:0
TX packets:34891 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25210162 (24.0 MiB) TX bytes:2108852 (2.0 MiB)
e. The test webserver("hack it auction site") connects via this "Internal" vlan. And communications between the BIG IP and this webserver is okay as shown here:
[root@bigip36:Offline:Standalone] config tcpdump -i internal
-snip-
22:37:41.436510 IP 172.16.36.31.59490 > 172.16.36.150.http: R 209840290:209840290(0) win 0
22:37:41.438002 IP 172.16.36.150.http > 172.16.36.31.59490: . 2897:4345(1448) ack 10 win 181
22:37:41.439017 IP 172.16.36.31.59490 > 172.16.36.150.http: R 209840290:209840290(0) win 0
22:37:41.440543 IP 172.16.36.150.http > 172.16.36.31.59490: . 4345:5793(1448) ack 10 win 181
22:37:41.441510 IP 172.16.36.31.59490 > 172.16.36.150.http: R 209840290:209840290(0) win 0
22:37:41.443001 IP 172.16.36.150.http > 172.16.36.31.59490: . 5793:7241(1448) ack 10 win 181
[root@bigip36:Offline:Standalone] config telnet 172.16.36.150 80
Trying 172.16.36.150...
Connected to 172.16.36.150.
Escape character is '^]'.
f. However, the F5 does not seem to respond to the VIP I have setup.. although I have made sure the traffic is reaching the F5 machine via a static route on the test client(10.10.36.200):
[root@bigip36:Offline:Standalone] config tcpdump host 10.10.36.200 -i external
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on external, link-type EN10MB (Ethernet), capture size 96 bytes
22:43:11.127120 arp who-has 10.10.36.31 tell 10.10.36.200
22:43:11.127151 arp reply 10.10.36.31 is-at 00:0c:29:f3:a9:81 (oui Unknown)
22:43:11.130201 IP 10.10.36.200.50310 > 10.10.36.10.http: S 2503420874:2503420874(0) win 8192
22:43:11.377807 IP 10.10.36.200.50311 > 10.10.36.10.http: S 1615593643:1615593643(0) win 8192
22:43:14.127824 IP 10.10.36.200.50310 > 10.10.36.10.http: S 2503420874:2503420874(0) win 8192
22:43:14.378025 IP 10.10.36.200.50311 > 10.10.36.10.http: S 1615593643:1615593643(0) win 8192
22:43:20.286651 IP 10.10.36.200.50310 > 10.10.36.10.http: S 2503420874:2503420874(0) win 8192
22:43:20.378197 IP 10.10.36.200.50311 > 10.10.36.10.http: S 1615593643:1615593643(0) win 8192
22:44:55.886515 IP 10.10.36.200.netbios-dgm > 10.10.36.255.netbios-dgm: NBT UDP PACKET(138)
Wireshark cap from the client machine:
The F5 simply doesn't seem to response.. Out of interest I tried accessing the vip from the F5 itself and I get:
[root@bigip36:Offline:Standalone] config telnet 10.10.36.10 80
Trying 10.10.36.10...
telnet: connect to address 10.10.36.10: No route to host
- Am I supposed to add a route in addition to defining the virtual server as I have mentioned above?
- What could I be doing wrong here?
Kindly,
Pasan