14-Aug-2022 06:56 - edited 14-Aug-2022 06:57
Hi,
I have two Big IP F5 in HA Active/Standby state.
I have configured the internal interface of Big IP as follows,
Big IP 1 : 10.10.10.2 (Non-floating)
Big IP 2: 10.10.10.3 (Non-floating)
Floating IP: 10.10.10.1
I have configured a node for one application and applied health monitor(https).
So which IP will initiate the health monitor for that node? Non floating IP or the Floating IP?
In my case I see that the health monitoring traffic is initiated from the Non Floating IP i.e. from 10.10.10.2 and 10.10.10.3.
Health monitoring traffic is not being initiated from the Floating IP i.e 10.10.10.1.
Since the device are in HA the health monitoring traffic for nodes should be initiated from the Floating IP and not from the Non-floating IP, I guess.
Am I missing something in HA configuration or is this the expected behaviour?
Solved! Go to Solution.
15-Aug-2022 09:49
this is how it works. both nodes have to be able to determine for themselves if a poolmember is reachable. it makes sense to always use the non floating for this. else the health monitor IP would change with a failover.
15-Aug-2022 10:09
As written by @boneyard, the non-floating self-IPs are used for the monitoring. That´s the default behaviour and might be changed perhaps by using an external monitor.
That´s why your internal ACLs have to permit access to the real servers (aka poolmembers) for both non-floating self IPs and the IP-address being used for SNAT (i.e. the floating self IP with SNAT automap).
Be aware, that a monitor might even be fired through the out-of-band management interface (using the management IP). This will be the case, if there is a better route to the target and might be prevented by using route domains or the InTMM monitoring feature.
15-Aug-2022 09:49
this is how it works. both nodes have to be able to determine for themselves if a poolmember is reachable. it makes sense to always use the non floating for this. else the health monitor IP would change with a failover.
15-Aug-2022 10:09
As written by @boneyard, the non-floating self-IPs are used for the monitoring. That´s the default behaviour and might be changed perhaps by using an external monitor.
That´s why your internal ACLs have to permit access to the real servers (aka poolmembers) for both non-floating self IPs and the IP-address being used for SNAT (i.e. the floating self IP with SNAT automap).
Be aware, that a monitor might even be fired through the out-of-band management interface (using the management IP). This will be the case, if there is a better route to the target and might be prevented by using route domains or the InTMM monitoring feature.
16-Aug-2022 03:28
are you asking a follow up question wondering if @StephanManthey and me are right?
this article implies it: https://support.f5.com/csp/article/K49435003
here the same is asked and answered