cancel
Showing results for 
Search instead for 
Did you mean: 

Which IP initiates health monitoring of nodes when F5 are in HA?

ushan
Altocumulus
Altocumulus

Hi,

I have two Big IP F5 in HA Active/Standby state. 

I have configured the internal interface of Big IP as follows,

Big IP 1 : 10.10.10.2  (Non-floating)

Big IP 2: 10.10.10.3 (Non-floating)

Floating IP: 10.10.10.1

I have configured a node for one application and applied health monitor(https).

So which IP will initiate the health monitor for that node? Non floating IP or the Floating IP?

In my case I see that the health monitoring traffic is initiated from the Non Floating IP i.e. from 10.10.10.2 and 10.10.10.3. 

Health monitoring traffic is not being initiated from the Floating IP i.e 10.10.10.1.

Since the device are in HA the health monitoring traffic for nodes should be initiated from the Floating IP and not from the Non-floating IP, I guess.

Am I missing something in HA configuration or is this the expected behaviour?

 

 

 

2 ACCEPTED SOLUTIONS

boneyard
MVP
MVP

this is how it works. both nodes have to be able to determine for themselves if a poolmember is reachable. it makes sense to always use the non floating for this. else the health monitor IP would change with a failover.

View solution in original post

As written by @boneyard, the non-floating self-IPs are used for the monitoring. That´s the default behaviour and might be changed perhaps by using an external monitor.

That´s why your internal ACLs have to permit access to the real servers (aka poolmembers) for both non-floating self IPs and the IP-address being used for SNAT (i.e. the floating self IP with SNAT automap).

Be aware, that a monitor might even be fired through the out-of-band management interface (using the management IP). This will be the case, if there is a better route to the target and might be prevented by using route domains or the InTMM monitoring feature.

View solution in original post

3 REPLIES 3

boneyard
MVP
MVP

this is how it works. both nodes have to be able to determine for themselves if a poolmember is reachable. it makes sense to always use the non floating for this. else the health monitor IP would change with a failover.

As written by @boneyard, the non-floating self-IPs are used for the monitoring. That´s the default behaviour and might be changed perhaps by using an external monitor.

That´s why your internal ACLs have to permit access to the real servers (aka poolmembers) for both non-floating self IPs and the IP-address being used for SNAT (i.e. the floating self IP with SNAT automap).

Be aware, that a monitor might even be fired through the out-of-band management interface (using the management IP). This will be the case, if there is a better route to the target and might be prevented by using route domains or the InTMM monitoring feature.

are you asking a follow up question wondering if @StephanManthey and me are right?

this article implies it: https://support.f5.com/csp/article/K49435003

here the same is asked and answered

https://community.f5.com/t5/technical-forum/which-ip-does-f5-ltm-use-as-its-source-ip-address-to-per...