F5 VE lab setup question - Load balancer not responding to VIP?

Question

hi,
Being quite new to F5, I am trying to setup my F5 practice lab according to:
https://devcentral.f5.com/articles/configuring-the-big-ip-and-php-hack-it-yourself-auction-site
I have changed the IP addresses aroudn to match the F5 training manual -"Configuring BIG-IP ASM v11 Application Security Manger" (v11.6.0 - December 2014), and I am running the F5 virtual lab edition 11.6.
So far it's been good and I could access the GUI and configure the setting okay.
a. I have setup a virtual server with the IP address of 10.10.36.10 as shown below:

b. The vlan interface called "External" has also been setup okay:
    external  Link encap:Ethernet  HWaddr 00:0C:29:F3:A9:81
              inet addr:10.10.36.31  Bcast:10.10.36.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:29ff:fef3:a981/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:6547 errors:0 dropped:0 overruns:0 frame:0
              TX packets:76 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:928727 (906.9 KiB)  TX bytes:3512 (3.4 KiB)

c. from my test machine (10.10.36.200), I can access the F5 GUI via this external interface(10.10.36.31) without any issues (as I have allowed this over 443)
d. The vlan interface named "Internal"(which connects to the test web server I have setup) has also been setup okay:
    internal  Link encap:Ethernet  HWaddr 00:0C:29:F3:A9:8B
              inet addr:172.16.36.31  Bcast:172.16.36.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:29ff:fef3:a98b/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:26595 errors:0 dropped:0 overruns:0 frame:0
              TX packets:34891 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:25210162 (24.0 MiB)  TX bytes:2108852 (2.0 MiB)
     
e. The test webserver("hack it auction site") connects via this "Internal" vlan. And communications between the BIG IP and this webserver is okay as shown here:
[root@bigip36:Offline:Standalone] config  tcpdump -i internal
-snip-
22:37:41.436510 IP 172.16.36.31.59490 &gt; 172.16.36.150.http: R 209840290:209840290(0) win 0
22:37:41.438002 IP 172.16.36.150.http &gt; 172.16.36.31.59490: . 2897:4345(1448) ack 10 win 181 
22:37:41.439017 IP 172.16.36.31.59490 &gt; 172.16.36.150.http: R 209840290:209840290(0) win 0
22:37:41.440543 IP 172.16.36.150.http &gt; 172.16.36.31.59490: . 4345:5793(1448) ack 10 win 181 
22:37:41.441510 IP 172.16.36.31.59490 &gt; 172.16.36.150.http: R 209840290:209840290(0) win 0
22:37:41.443001 IP 172.16.36.150.http &gt; 172.16.36.31.59490: . 5793:7241(1448) ack 10 win 181

[root@bigip36:Offline:Standalone] config  telnet 172.16.36.150 80
Trying 172.16.36.150...
Connected to 172.16.36.150.
Escape character is '^]'.

f. However, the F5 does not seem to respond to the VIP I have setup.. although I have made sure the traffic is reaching the F5 machine via a static route on the test client(10.10.36.200):
[root@bigip36:Offline:Standalone] config  tcpdump host 10.10.36.200 -i external
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on external, link-type EN10MB (Ethernet), capture size 96 bytes
22:43:11.127120 arp who-has 10.10.36.31 tell 10.10.36.200
22:43:11.127151 arp reply 10.10.36.31 is-at 00:0c:29:f3:a9:81 (oui Unknown)
22:43:11.130201 IP 10.10.36.200.50310 &gt; 10.10.36.10.http: S 2503420874:2503420874(0) win 8192 
22:43:11.377807 IP 10.10.36.200.50311 &gt; 10.10.36.10.http: S 1615593643:1615593643(0) win 8192 
22:43:14.127824 IP 10.10.36.200.50310 &gt; 10.10.36.10.http: S 2503420874:2503420874(0) win 8192 
22:43:14.378025 IP 10.10.36.200.50311 &gt; 10.10.36.10.http: S 1615593643:1615593643(0) win 8192 
22:43:20.286651 IP 10.10.36.200.50310 &gt; 10.10.36.10.http: S 2503420874:2503420874(0) win 8192 
22:43:20.378197 IP 10.10.36.200.50311 &gt; 10.10.36.10.http: S 1615593643:1615593643(0) win 8192 
22:44:55.886515 IP 10.10.36.200.netbios-dgm &gt; 10.10.36.255.netbios-dgm: NBT UDP PACKET(138)

Wireshark cap from the client machine:

The F5 simply doesn't seem to response.. Out of interest I tried accessing the vip from the F5 itself and I get:
[root@bigip36:Offline:Standalone] config  telnet 10.10.36.10 80
Trying 10.10.36.10...
telnet: connect to address 10.10.36.10: No route to host

Am I supposed to add a route in addition to defining the virtual server as I have mentioned above?What could I be doing wrong here?
Kindly,
Pasan

pasan_239927 · Answer

The device shows as 'offline'. Can this be the cause?.. If so how can I set it to become active in this lab environment?

pasan_239927 · Answer

It seemly I completely missed the fact the device was working offline. Since it's first time setting this up, thought that's norm. for the virtual environment :) learnt that traffic management won't work when the device is not active, even though you can access the GUI, ping and all&nbsp;
Trying to figure out why the device was inactive, it was show the 'HA status' as down. I wasn't sure how to bring that up so rebooted the device and the HA status became 'Active' again. Seems it synced with the 'device_trust_group'.. which I am not really sure what that's referring to:
&nbsp;

Forum Discussion

F5 VE lab setup question - Load balancer not responding to VIP?

2 Replies

Recent Discussions

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Large payload post requests aren't responding

NGINXaaS for Azure: Load Balancing

Change cookie domain in HTTP::respond

Health monitor question