Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Which IP initiates health monitoring of nodes when F5 are in HA?

Go to solution
ushan
Altocumulus
Altocumulus

‎14-Aug-2022 06:56 - edited ‎14-Aug-2022 06:57

Hi,

I have two Big IP F5 in HA Active/Standby state. 

I have configured the internal interface of Big IP as follows,

Big IP 1 : 10.10.10.2  (Non-floating)

Big IP 2: 10.10.10.3 (Non-floating)

Floating IP: 10.10.10.1

I have configured a node for one application and applied health monitor(https).

So which IP will initiate the health monitor for that node? Non floating IP or the Floating IP?

In my case I see that the health monitoring traffic is initiated from the Non Floating IP i.e. from 10.10.10.2 and 10.10.10.3. 

Health monitoring traffic is not being initiated from the Floating IP i.e 10.10.10.1.

Since the device are in HA the health monitoring traffic for nodes should be initiated from the Floating IP and not from the Non-floating IP, I guess.

Am I missing something in HA configuration or is this the expected behaviour?

 

 

 

Labels:
0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
boneyard
MVP
MVP

‎15-Aug-2022 09:49

this is how it works. both nodes have to be able to determine for themselves if a poolmember is reachable. it makes sense to always use the non floating for this. else the health monitor IP would change with a failover.

View solution in original post

Go to solution
StephanManthey
MVP
MVP

‎15-Aug-2022 10:09

As written by @boneyard, the non-floating self-IPs are used for the monitoring. That´s the default behaviour and might be changed perhaps by using an external monitor.

That´s why your internal ACLs have to permit access to the real servers (aka poolmembers) for both non-floating self IPs and the IP-address being used for SNAT (i.e. the floating self IP with SNAT automap).

Be aware, that a monitor might even be fired through the out-of-band management interface (using the management IP). This will be the case, if there is a better route to the target and might be prevented by using route domains or the InTMM monitoring feature.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
boneyard
MVP
MVP

‎15-Aug-2022 09:49

this is how it works. both nodes have to be able to determine for themselves if a poolmember is reachable. it makes sense to always use the non floating for this. else the health monitor IP would change with a failover.

Go to solution
StephanManthey
MVP
MVP

‎15-Aug-2022 10:09

As written by @boneyard, the non-floating self-IPs are used for the monitoring. That´s the default behaviour and might be changed perhaps by using an external monitor.

That´s why your internal ACLs have to permit access to the real servers (aka poolmembers) for both non-floating self IPs and the IP-address being used for SNAT (i.e. the floating self IP with SNAT automap).

Be aware, that a monitor might even be fired through the out-of-band management interface (using the management IP). This will be the case, if there is a better route to the target and might be prevented by using route domains or the InTMM monitoring feature.

0 Kudos

Go to solution
boneyard
MVP
MVP
In response to Greenbaum569

‎16-Aug-2022 03:28

are you asking a follow up question wondering if @StephanManthey and me are right?

this article implies it: https://support.f5.com/csp/article/K49435003

here the same is asked and answered

https://community.f5.com/t5/technical-forum/which-ip-does-f5-ltm-use-as-its-source-ip-address-to-per...

 

Copyright © 2023 Khoros, LLC