cancel
Showing results for 
Search instead for 
Did you mean: 

Virtual Server creation

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

Hello,

 

I am new to F5 and using the evaluation version of F5 (Big IP LTM Virtual Edition). I am facing problem while creating the virtual server for tomcat application.

 

F5 Big-IP LTM VE is running on VMPlayer. And I can access the admin page of F5 via https://>

 

I want to test F5 with 3 tomcat applications which are running as cluster. All my three tomcat instances are on same machine with different port. http://:8081//cluter-example/test.jsp http://:8082//cluter-example/test.jsp http://:8083//cluter-example/test.jsp I tested out successfully this cluster with Apache server.

 

As I do not have much idea as how to create Virtual server which will use my newly created pool which has all the three tomcat instances.

 

I tried to create Virtual server with following parameter: Type : host Address : some random IP address. Service port : 80 with HTTP VLAN and tunnel traffic : All VLAN and tunnel SNAT Pool : autoMap

 

Afterward I try to access the virtual server as http://>:80 And then getting nothing (I am expecting it should go to one of the tomcat instance) I tried with http://>:80/cluster-example/test.jsp but same result.

 

In Health monitor side I used Send String : GET /cluster-example/test.jsp

 

Please let me know what are the things I am missing and why given virtual IP with 80 port as HTTP... its not redirecting to tomcat application side.

 

-Sandeep

 

29 REPLIES 29

Hamish
Cirrocumulus
Cirrocumulus

The BigIP acts as a proxy. So you can debug it at both the bigip/client and bigip/server side to see whats happening.

 

If you tcpdump both sides, what do you see? Does the connection between client and bigip succeed? Do you see the request come from the client? (I usually test using telnet for this point as browsers just get in the way at this level).

 

If that all looks OK, what do you see at the server side? Does BigIP open a connection to the server? Is the request passed through?

 

Are you seeing any errors in /var/log/ltm? Perhaps your client is using HTTP methods not supported by the HTTP profile?

 

  • This all assumes of course that your pool and poolmembers are marked as available by your pool monitor already...

H

 

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

Hi Hamish,

 

Thanks for the answer. Being new user of F5, I could not get lots of things which you asked. Can you please let me know how I can do tcpdump in both sides ?

 

I used telnet command to see whether I am able to connect virtual server IP with port, but I could not succeed. And that the reason I am thinking that Virtual server which I created is not accessible at all.

 

-Sandeep

 

boneyard
MVP
MVP

it is up to you, but perhaps you should start with something simpler then.

 

one virtual server (standard) listening on port 80 (HTTP), one pool with one member also on port 80. not special profiles, just the basic and go from there.

 

then see if you can browse to the virtual server and get the website of the pool member to show up.

 

for tcpdump on both sides you can use the interface 0.0, so:

 

tcpdump -i 0.0 -nn

if that causes to much traffic you could use it with a filter, but then you need to use both the virtual server ip and the nodes.

 

tcpdump -i 0.0 -nn host or host or host

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

Hi,

 

As I said earlier that my virtual server is not responding at all because when I use telnet command with virtual server ip and port its refusing the connection saying no route to host.

 

Let me tell all the things which I done till now. * Download F5 Big-IP LTM VE trial version * Running F5 via VMPlayer (VMPlayer is installed on my machine). * In console window of F5, I used command "config" and then set the IP address of f5. * Now I can access admin console from Browser. * After admin/admin credential, I created pool / members etc.. * Now last thing remaining is to create new virtual server. * As a lemon person: in Destination side I selected Type as Host and gave new random IP (111.111.111.100) with Service port as 80:HTTP * Everything looks good and I can see Green signal in Availability side

 

Now I back to my VMPlayer console and try to use telnet command to access new virtual server IP (111.111.111.100) with port.

 

Browser side. I tried to use http://111.111.111.100:80

 

As I am not a sysadmin person but I want to try F5 for evaluation purpose. And I am pretty much sure that creation of virtual server has some problem.

 

If we create virtual server with random IP (111.111.111.100), What all other things need to be consider ? I thought that I can give any random number because one of the f5 LAB video, I observed this.

 

-Sandeep

 

boneyard
MVP
MVP

you have to consider being able to reach the F5 on the virtual server IP and the F5 being able to reach the pool members. i'm not sure how VMPlayer handles this, the LTM VE will probably choose interfaces it connects with for an external and internal network and management, but how exactly i don't know.

 

did you follow any documentation for setting it up you can share?

 

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

see below linked which I followed.

 

http://www.youtube.com/watch?v=_tEzfsoMxJ4

 

http://www.dasblinkenlichten.com/f5-ltm-ve-setting-up-basic-load-balancing/

 

http://www.f5.com/pdf/deployment-guides/tomcat-dg.pdf

 

-Sandeep

 

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

For installation of LTM VE on VMPlayer, I used this link http://www.youtube.com/watch?v=1gyiQOYeS0A

 

-Sandeep

 

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

In console window of F5, I tried to use command : tmsh list ltm virtual ltm virtual CCE-Tomcat_virtual_server { destination 172.29.0.44:http ip-protocol tcp mask 255.255.255.255 persist { CCE-Tomcat_persist_profile { default yes } } pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } CCE-Tomcat_one_connect_profile { } bea_weblogic_http-lan-optimized-caching_shared_http { } } snat automap translate-address disabled }

 

Is there any way to change the netmask ?

 

In general I am using netmask 255.255.254.0

 

I tried to create virtual server with Network option but got the error:

 

01070348:3: Virtual Server CCE-Tomcat_virtual_server destination 172.29.0.44 and netmask 255.255.254.0 are not valid.

 

Would appreciate any help to configure Virtual server ?

 

-Sandeep

 

nitass
F5 Employee
F5 Employee

Is there any way to change the netmask ? In general I am using netmask 255.255.254.0

 

you can use modify ltm virtual command. please make sure translate-address is enabled (i.e. it will translate destination ip to pool member ip). also, you may have to enable arp on network virtual address.

 

e.g.

 

root@ve10(Active)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.19.252:http ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } snat automap } root@ve10(Active)(tmos) modify ltm virtual bar destination 172.28.18.0:80 mask 255.255.254.0 translate-address enabled root@ve10(Active)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.18.0:http ip-protocol tcp mask 255.255.254.0 pool foo profiles { http { } tcp { } } snat automap } root@ve10(Active)(tmos) list ltm virtual-address 172.28.18.0 ltm virtual-address 172.28.18.0 { arp disabled mask 255.255.254.0 } root@ve10(Active)(tmos) modify ltm virtual-address 172.28.18.0 arp enabled root@ve10(Active)(tmos) list ltm virtual-address 172.28.18.0 ltm virtual-address 172.28.18.0 { mask 255.255.254.0 }

Mohammed_Abdul_
Nimbostratus
Nimbostratus

Hi sundeep,

 

I am not sure but I believe you must configure the in and out interfaces as well, to get the request in to the VS them to specific pool member.

 

I suggest, you must go through the configuration and creation part of the VS, pool member and nodes.

 

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

I tried to change mask via modify command but got the same error.

 

[root@f5:Active] config tmsh

 

root@f5(Active)(tmos) list ltm virtual vs_http_sandeep

 

ltm virtual vs_http_sandeep { destination 172.29.0.251:http ip-protocol tcp mask 255.255.255.255 pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } } snat automap }

 

root@f5(Active)(tmos) modify ltm virtual vs_http_sandeep destination 172.29.0.251:80 mask 255.255.254.0 translate-address enabled

 

01070348:3: Virtual Server vs_http_sandeep destination 172.29.0.251 and netmask 255.255.254.0 are not valid.

 

root@f5(Active)(tmos) modify ltm virtual vs_http_sandeep destination 172.29.0.251:80 mask 255.255.254.0

 

01070348:3: Virtual Server vs_http_sandeep destination 172.29.0.251 and netmask 255.255.254.0 are not valid.

 

Concerning the Network Interface for in and out, I do not know how to create.

 

Can you please tell me the steps.

 

When I opened "Network->Interface->Statistics" I can see there are 3 interfaces:

 

Name: mgmt Status: UP (I can Bits in and out, Packets in and out)

 

Name:1.1 Status:Uninitialized (No Bits and No Packets)

 

Name:1.2 Status:Uninitialized (No Bits and No Packets)

 

Above interface inherited from VMPlayer side as I can see 3 network adapters when I open VmPlayer ->Manage -> Virtual machines setting.

 

First Network Adapter : Bridge (Automatic) Second Network Adapter : Host Only Second Network Adapter : Host Only

 

nitass
F5 Employee
F5 Employee

e.g.

 

root@ve10(Active)(tmos) list ltm virtual vs_http_sandeep ltm virtual vs_http_sandeep { destination 172.29.0.251:http ip-protocol tcp mask 255.255.255.255 pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } } snat automap } root@ve10(Active)(tmos) modify ltm virtual vs_http_sandeep destination 172.29.0.0:80 mask 255.255.254.0 translate-address enabled root@ve10(Active)(tmos) list ltm virtual vs_http_sandeep ltm virtual vs_http_sandeep { destination 172.29.0.0:http ip-protocol tcp mask 255.255.254.0 pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } } snat automap } root@ve10(Active)(tmos) modify ltm virtual-address 172.29.0.0 arp enabled root@ve10(Active)(tmos) list ltm virtual-address 172.29.0.0 ltm virtual-address 172.29.0.0 { mask 255.255.254.0 }

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

I tried again now with changed destination address and new net mask and got the same error.

 

root@f5(Active)(tmos) modify ltm virtual vs_http_sandeep destination 172.29.0.252:80 mask 255.255.254.0 translate-address enabled

 

01070348:3: Virtual Server vs_http_sandeep destination 172.29.0.252 and netmask 255.255.254.0 are not valid.

 

Just to know you are also using the LTM VE 10.1.0.3341.1084?

 

I am still thinking that there is something missing out in my configuration.

 

Should I reinstall all the things I mean download the new copy of LTM VE 10.1.0.3341.1084 and then run it via VMPlayer ? I can not change version of LTM VE i.e 10.1.0.3341.1084 because its a trial.

 

-Sandeep

 

nitass
F5 Employee
F5 Employee

01070348:3: Virtual Server vs_http_sandeep destination 172.29.0.252 and netmask 255.255.254.0 are not valid.

 

172.28.0.252 is not a network address...

 

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

Ok I tried modifying another virtual server which has initial IP as 172.29.0.44 :

 

root@f5(Active)(tmos) list ltm virtual CCE-Tomcat_virtual_server

 

ltm virtual CCE-Tomcat_virtual_server { destination 172.29.0.44:http ip-protocol tcp mask 255.255.255.255 persist { CCE-Tomcat_persist_profile { default yes } } pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } CCE-Tomcat_one_connect_profile { } bea_weblogic_http-lan-optimized-caching_shared_http { } } snat automap }

 

root@f5(Active)(tmos) modify ltm virtual CCE-Tomcat_virtual_server destination 172.29.0.50:80 mask 255.255.254.0 translate-address enabled 01070348:3: Virtual Server CCE-Tomcat_virtual_server destination 172.29.0.50 and netmask 255.255.254.0 are not valid.

 

Sorry for troubling lots !!!

 

-Sandeep

 

nitass
F5 Employee
F5 Employee

the network address is 172.29.0.0/23.

 

(tmos) modify ltm virtual CCE-Tomcat_virtual_server destination 172.29.0.0:80 mask 255.255.254.0 translate-address enabled

you may have to enable arp on 172.29.0.0/23 virtual address. please make sure you understand its affect before enabling it.

 

(tmos) modify ltm virtual-address 172.29.0.0 arp enabled

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

Ok its worked only when I used 172.29.0.0 but If I used 172.29.0.16 (as this IP is available for the moment) then got the same error. Strange. Anyway I went ahead and changed 172.29.0.0 with mask 255.255.254.0 and enabled arp as well. But accessing this VS IP via browser ... got the same error which I had earlier.

 

nitass
F5 Employee
F5 Employee

But accessing this VS IP via browser ... got the same error which I had earlier.

 

can you post the virtual server and pool configuration?

 

tmsh list ltm virtual (virtual server name) tmsh list ltm pool (pool name)

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

root@f5(Active)(tmos) list ltm virtual vs_http_sandeep

 

ltm virtual vs_http_sandeep { destination 172.29.0.0:http ip-protocol tcp mask 255.255.254.0 pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } } snat automap }

 

root@f5(Active)(tmos) list ltm pool CCE-Tomcat_pool

 

ltm pool CCE-Tomcat_pool { load-balancing-mode least-connections-member members { 172.29.1.51:tproxy { monitor CCE-Tomcat_monitor priority-group 1 state up } 172.29.1.51:us-cli { monitor CCE-Tomcat_monitor priority-group 1 state up } 172.29.1.51:us-srv { monitor CCE-Tomcat_monitor priority-group 1 state up } } monitor CCE-Tomcat_monitor }

 

nitass
F5 Employee
F5 Employee

is there any specific reason you are using network virtual server (i.e. 172.29.0.0/23)? can you pick up one available ip address and setup host virtual server instead?

 

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

I thought to use network virtual server because I want to modify the netmask thinking that this is the root cause of problem.

 

Initially when I set up LTM VE, I tried to use host virtual server only. Anyway I modified my virtual server.

 

root@f5(Active)(tmos) list ltm virtual vs_http_sandeep ltm virtual vs_http_sandeep { destination 172.29.0.44:http ip-protocol tcp mask 255.255.255.255 pool CCE-Tomcat_pool profiles { CCE-Tomcat_lan-optimized_tcp_profile { } } snat automap } root@f5(Active)(tmos) list ltm pool CCE-Tomcat_pool ltm pool CCE-Tomcat_pool { load-balancing-mode least-connections-member members { 172.29.1.51:tproxy { monitor CCE-Tomcat_monitor priority-group 1 state up } 172.29.1.51:us-cli { monitor CCE-Tomcat_monitor priority-group 1 state up } 172.29.1.51:us-srv { monitor CCE-Tomcat_monitor priority-group 1 state up } } monitor CCE-Tomcat_monitor }

nitass
F5 Employee
F5 Employee

Anyway I modified my virtual server.

 

so, does it work now? if not, can you capture packet on bigip to see what wrong is?

 

e.g.

 

tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host 172.29.0.44 or host 172.29.1.51 -v

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

Nope, it didn't work this time also. I run the command as you said and then try to access 172.29.0.44 or 172.29.1.51...

 

[root@f5:Active] tmp tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host 172.29.0.44 or host 172.29.1.51 -v tcpdump: listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 65535 bytes Got 0

nitass
F5 Employee
F5 Employee

Nope, it didn't work this time also. I run the command as you said and then try to access 172.29.0.44 or 172.29.1.51...

 

doesn't it mean it did not reach bigip?

 

Sandeep_Gupta_1
Nimbostratus
Nimbostratus

Yes, http request is not reaching to f5. If I try to access http://172.29.0.44:80, I got the connection time out. Even when I ping VS IP (172.29.0.44) .. no response.

 

My three tomcat applications are running

 

http://172.29.1.51:8081/cluster-example/test.jsp http://172.29.1.51:8082/cluster-example/test.jsp http://172.29.1.51:8083/cluster-example/test.jsp

did you ever come up with a solution?? ive been banging my head against the wall with the same exact issue. ive tried every suggestion i can find on dev central, youtube & google. i feel its something simple im missing but cant put my finger on it (due to my very limited experience with bigip and vmware). from the lack of communication between the pc sitting on the outside /24 and the vs & external selfip... anyone?

Please apply http profile on virtual servers so he can understand the traffic. After you applied if still not working take a tcpdump on virtual server side with command tcpdump -npi 0.0 host virtual servers IP address and check the issue.

 

Second run the curl command and paste the output here with info.

 

curl -x http:// virtual iP address

 

Sravan_Kumar_M_
Nimbostratus
Nimbostratus

It seems that the solution isn't available for this question either here or many other places like youtube, google, dev central website etc.

 

Can the destination address be any random value like (10.10.10.11) for a virtual server? or there are any specific values to be considered.

 

Thank you.

 

Shiraz
Altostratus
Altostratus

Dear Sravan Kumar,

 

The main thing you need to consider is that the Virtual Server (destination Address) has to be from a network which is accessible from your PC.

 

And before that.. (Sorry for this Question). Have you configured the Self-IP Addresses for your F5?

 

Regards

 

Mohammed Shiraz