Forum Discussion

Phaneath_Phour1's avatar
Phaneath_Phour1
Icon for Nimbostratus rankNimbostratus
May 02, 2018

Transparent monitors mark nodes down

Hello DC,

 

I have configured a ICMP transparent monitor to a node (192.168.1.10) as below configuration:

 

create /ltm monitor icmp gateway_trans_monitor defaults-from /Common/icmp destination 10.10.10.1 transparent enabled

 

But when I applied the transparent monitor to that node, then it marks nodes down. When I monitor on F5, I can see F5 use self-ip (192.168.1.1) for icmp request to IP gateway (10.10.10.1), but no reply. Any idea about this?

 

Below is my topology:

 

 

application delivery
BIG-IP DNS
LTM

3 Replies

Sort By
  • Tim_18689's avatar
    Tim_18689
    Icon for Cirrus rankCirrus
    May 02, 2018

    As I read this and look at your diagram, it does not make sense to use a transparent monitor in your setup. It would make sense only if you put a destination IP that is outside of your network and must be reached using one of the routers.

     

    Lets, for example, say you Put 203.0.113.100 in the destination.

     

    The way this works is you should put the IP address that you want the monitor probe to be sent to as the value of Destination. In your example network lets put 203.0.113.100. The monitor will then send its probe to 203.0.113.100 via whatever routing you have set up. In your example, it will use routers 10.10.10.1 or 20.20.20.1. It will use the layer two address to send the traffic to the next hop router to be forwarded to the destination. This is designed to verify that your routers are working properly and are able to forward traffic out to the destination 203.0.113.100 via the routers. It is really monitoring the routers, not the destination.

     

    • Phaneath_Phour1's avatar
      Phaneath_Phour1
      Icon for Nimbostratus rankNimbostratus
      May 02, 2018

      Hi Tim,

       

      Thanks for your answer.

       

      Maybe I put a wrong diagram, and let say that my diagram as below and I have configured transparent monitor destination to the ISP-1 gateway 203.0.113.1 on node (192.168.1.10). And my purpose, I want pool member of the Wide IP mark as down when link connection of ISP-1 down. But when I apply this, node (192.168.1.10) mark itself down.

       

      Is it correct for my scenario? Or do you have any idea for load balance inbound traffic with multiple ISP links?

       

       

  • Tim_18689's avatar
    Tim_18689
    Icon for Cirrus rankCirrus
    May 02, 2018

    Almost but not quite right. If 203.0.113.1 is the gateway(router) then you need to set the destination to something that is beyond that router that will need to use a router to be reached. Say like 8.8.8.8. If the probe is able to reach 8.8.8.8 while using the router 203.0.113.1 it shows that the router is working.

     

    You do not set the destination IP with the router address. You set it to something on the far side of the router.

     

    I want to comment on the other thing you mentioned about the wideips. For this to work in that way you need to: - create an ltm pool with the two routers in it - apply the transparent gateway_icmp monitors to it as we have been discussing - create a default route that uses the pool - configure a Links in the DNS section each router in the gateway pool and apply the bigip_link monitor to each.

     

    The bigip_link monitor will get the status internally from the monitors configured in the default gateway pool. If a router is marked down by the pool member the bigip_link monitor will mark it down. Any resource in the DNS section that relies on that link to work will inherit that down status as well.

     

    That is how the wideips will get marked down if the link they rely on is failing health checks.