Unable to connect endpoint servers

Application works in trail license.

1. Check the connectivity from system to VIP(Load balancer) make sure System IP should have proper routing towards LB.
2. Configure the SNAT "automap" in VIP and check the telnet, curl from F5 bash.

example: Login to F5 CLI.

==> curl -I http://IP_Address

==> telnet IP_Address:80

Hope it will help you.

It looks the network reachability to the VS is not correct.Please confirm the network configurations for the Virtual server subnet . If possible please share the network and routing configurations

I am not able to see destination IP when I run the ifconfig command on F5. Below snaps is for reference.

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

       inet6 fe80::250:56ff:fe97:2bf8 prefixlen 64 scopeid 0x20<link>

       ether 00:50:56:97:2b:f8 txqueuelen 1000 (Ethernet)

       RX packets 104193 bytes 25406179 (24.2 MiB)

       RX errors 0 dropped 0 overruns 0 frame 0

       TX packets 4844 bytes 1234543 (1.1 MiB)

       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

       inet 127.0.0.1 netmask 255.255.255.0

       inet6 ::1 prefixlen 128 scopeid 0x10<host>

       loop txqueuelen 1 (Local Loopback)

       RX packets 216848 bytes 23292454 (22.2 MiB)

       RX errors 0 dropped 0 overruns 0 frame 0

       TX packets 216848 bytes 23292454 (22.2 MiB)

       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

       inet 127.2.0.2 netmask 255.255.255.0

       loop txqueuelen 1 (Local Loopback)

mgmt: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

       inet 192.168.4.130 netmask 255.255.248.0 broadcast 192.168.7.255

       inet6 fe80::250:56ff:fe97:2bf8 prefixlen 64 scopeid 0x20<link>

       ether 00:50:56:97:2b:f8 txqueuelen 1000 (Ethernet)

       RX packets 104181 bytes 23933995 (22.8 MiB)

       RX errors 0 dropped 0 overruns 0 frame 0

       TX packets 4854 bytes 1236579 (1.1 MiB)

       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tmm: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

       inet 127.1.1.254 netmask 255.255.255.0 broadcast 127.1.1.255

       inet6 fe80::298:76ff:fe54:3210 prefixlen 64 scopeid 0x20<link>

       inet6 fc00:f5::1 prefixlen 64 scopeid 0x0<global>

       ether 00:98:76:54:32:10 txqueuelen 1000 (Ethernet)

       RX packets 11442 bytes 634459 (619.5 KiB)

       RX errors 0 dropped 0 overruns 0 frame 0

       TX packets 15505 bytes 14624952 (13.9 MiB)

       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tmm_bp: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

       inet 127.20.0.254 netmask 255.255.0.0 broadcast 127.20.255.255

       inet6 fe80::1:23ff:fe45:fe prefixlen 64 scopeid 0x20<link>

       ether 02:01:23:45:00:fe txqueuelen 1000 (Ethernet)

       RX packets 0 bytes 0 (0.0 B)

       RX errors 0 dropped 0 overruns 0 frame 0

       TX packets 4 bytes 360 (360.0 B)

       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@F5:Active:Standalone] config #

is F5 implemented as gateway for backend servers or not?

becouse traffic connectivity (with Float address in case of HA) is different than healthcheck connectivity (with Self address one to one with backend server)

# if F5 not configured as backend servers gateway you should configure SNAT pool or automap on VS to avoid as-symmetric routing issue.

could you please share (#tmsh list ltm virtual <VS name>) so we would be able to see VS configuration

I want to test it as a load balancer where I need to send traffic from a client to the virtual server.

root@(F5)(cfg-sync Standalone)(Active)(/Common)(tmos)# list ltm virtual XXXXXXX

ltm virtual XXXXXXX {

   creation-time 2019-11-06:04:10:53

   destination 192.168.4.216:ssh

   ip-protocol tcp

   last-modified-time 2019-11-06:04:10:53

   mask 255.255.255.255

   pool Pool1

   profiles {

       tcp { }

   }

   source 192.168.24.31/32

   translate-address enabled

   translate-port enabled

   vs-index 2

(Do we need to assign this IP 192.168.4.216 to any ethernet interface?)

Hi Two things to verify as you have configured to allow from specific source IP Address make sure you are trying from 192.168.24.31 and yes you should have a path to come in to reach 192.168.4.216, Either create the interface in F5 or do the necessary routing configuration to reach this IP Address in F5. Please let me know any service or training required.

ok, thats mean that F5 not configured as gateway for backend server.

you have to configure SNAT option as automap under VS to make force traffic to return back to F5.

note that you configured that only host 192.168.24.31 will connect to this VS

My last comment was not for the back end server communication i was refering to the vs communication . can you share the screenshot of virtual server statistics is it getting any hits.

(Do we need to assign this IP 192.168.4.216 to any ethernet interface?)

did you configured the following:-

• Trunk (LAG) and assign ether interfaces to this Trunk
• VLAN
• Self interfaces ( L3 interfaces for each VLAN)
• routing to backend servers.

if F5 connected to network with one interface no need to create Trunk (LAG) just assign VLAN to this eth.

Please verify that your virtual server statistics, is it really hitting F5 virtual server, If not there is configuration mismatch in network perspective.