Creating a GTM Pool error
I am trying to add a GTM pool with the following command create gtm pool a POOL_NAME { members add { DC:/Common/VS_NAME { member-order 0 } } } It is giving me this error: 01070226:3: Pool Member VS_NAME references a nonexistent Virtual Server The virtual server does exist. I have added 40+ other pools with the same command, this is the only one giving me an error. When I try to create the pool via the GUI this server is not available in the "Virtual Server:" dropdown list. What could be the issue?60Views0likes1CommentAdding LTM to GTM with different version
Hi Experts, I am looking for a KB that shows the prerequisites or consideration prior doing BIGIP ADD in GTM. Are goal is to use GSLB functionality of our GTM. Our GTM is running in 11.6.1 version and we will upgrade our LTM from 11.6.1 to 13.0. May we know if it is possible or there is an issue with this setup.613Views0likes2CommentsGTM Source IP Redirect to Specific Pools iRule
I'm trying to redirect clients to specific pools based on the clients IP address through an iRule. I created this iRule in the GTM and it seems to be working fine however, I'd like to set client networks in the rule instead of "starts_with" in an effort to keep this rule as short as we add more and more clients. I've tried "equals "10.80.0.0/16" however that didn't seem to work. Anyone have any ideas on what I could do to achieve my goal? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- when DNS_REQUEST { if { [IP::client_addr] starts_with "10.80." } { pool pool_10_80 } elseif { [IP::client_addr] starts_with "10.96." } { pool pool_10_96 } elseif { [IP::client_addr] contains "172.27." } { pool pool_172_27 } } =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thanks in advance for any feedback.525Views0likes3CommentsBIGIP DNS health monitor
I suspect I am missing some fundamental understanding for this but what i want to accomplish is to have a wide ip that monitors two web servers and just returns only an ip of a server that is up. I created two server objects of product generic host. I put the ip of one webserver in the big-ip system devices and also created a resource on the page with the same ip. Repeated the process for the other. I created a GSLB pool and added both server objects. I created the wide ip object and added the pool. Resolves as expected with the webserver ips alternating, however none of the health monitors actually work (all are red) when i look at the pool members they have the error against availibility as Offline (Enabled) - Monitor /Common/gateway_icmp from <unknown> : no reply from big3d: timed out I suspect I am creating the server object incorrect or there is another way to do this, could anyone please advise?751Views0likes1CommentDnsClientNrptRule configuration not working when connected to BIG-IP Edge Client
Hello, Our problem is when connecting to a third party VPN, our local DNS is not resolving causing problems with users accessing local resources while on this VPN. Split tunneling is enabled on the connection but we do not have control over changing any of the F5 connection settings since this connection is outside of our organization. We are attempting to fix this using a DnsClientNrptRule but even after adding the rule, it still uses the DNS servers configured on the VPN connection. The rule works as expected when not connected to the VPN. Any insight would be greatly appreciated. Thanks!967Views0likes2Commentshow GTM monitor work , what is the process of a GTM https montor
create monitor https m-test-host.c-name.test.doamin.com-HTTPS-8090 interval 15 timeout 60 send "HEAD /test.html HTTP/1.1\r\nHost: test-host.test.doamin.com:8090\r\n\r\n" recv "HTTP/1.[01] [23][0-9][0-9]" modify server server1 virtual-servers add { vs-dc1_test-host-8090 { destination 192.168.11.21:8090 } } exit exit modify server server2 virtual-servers add { vs-dc2_test-host-8090 { destination 172.16.5.12:8090 } } exit exit create pool a p-test-host.c-name.test.doamin.com modify pool a p-test-host.c-name.test.doamin.com members add { server1:vs-dc1_test-host-8090 { member-order 0 } } members add { server2:vs-dc2_test-host-8090 { member-order 1 } } monitor m-test-host.c-name.test.doamin.com-HTTPS-8090 load-balancing-mode global-availability alternate-mode none fallback-mode none max-answers-returned 1 ttl 10 exit exit exit create wideip a test-host.c-name.test.doamin.com { pools add { p-test-host.c-name.test.doamin.com } } environment setting: a cname has been add: test.host.test.domain.com test.host.c-name.test.domain.com domain test.domain.com is configured to be resolved by the above GTM GTM listen to the DNS resolve request for test.domain.com I have a GTM configuration above , I am wondering how GTM https monitor works, here is my understandings, is that correct ? GTM detect the aliveness with test command: curl --insecure -v https://test-host.test.doamin.com:8090/test.html GTM send the DNS resolve request for test-host.test.doamin.com , since there is Cname , GTM will request DNS resolve for test.host.c-name.test.domain.com 3. since the c-name.test.domain.com will be resolve by itself , GTM check the configuration , found that a pool is configured for test-host.test.doamin.com 4, GTM check the pool member aliveness with command , curl --insecure -v https://192.168.11.21:8090/test.html curl --insecure -v https://172.16.5.12:8090/test.html if any of the pool member is up , the pool will be up , the wideip will be up.486Views0likes2Commentshow to read the output of show pool a p detail on GTM
here is the output of show pool detail comment . I have few questions: what does prefer 100 mean in the output . what does global pick 100 mean in the output. show pool a p-sample.com detail ------------------------------------------------------------- Gtm::Pool::A p-sample.com ------------------------------------------------------------- Status Availability : available State : enabled Reason : Available Load Balancing Preferred 104 Alternate 0 Fallback 0 Returned from DNS 0 Returned to DNS 0 Dropped 0 ---------------------------------------------------------------------------------- | Gtm::Pool Member: p-sample.com:A vs-DC1_samples-443:server1 ---------------------------------------------------------------------------------- | Status | Availability : available | State : enabled | Reason : Available | | Load Balancing | Preferred 100 | Alternate 0 | Fallback 0 ----------------------------------------------------------------- | Gtm::Virtual Server: vs-DC1_samples-443 ----------------------------------------------------------------- | Status | Availability : unknown | State : enabled | Reason : | Destination : 192.16.1.2:443 | | Link Name --- | | Global | Picks 100 | Connections 0 | Virtual Server Score 0 | | Throughput In Out | Bits/sec 0 0 | Packets/sec 0 0 ---------------------------------------------------------------------------------- | Gtm::Pool Member: p-sample.com:A vs-DC2_samples-443:server2 ---------------------------------------------------------------------------------- | Status | Availability : available | State : enabled | Reason : Available | | Load Balancing | Preferred 101 | Alternate 0 | Fallback 0 ----------------------------------------------------------------- | Gtm::Virtual Server: vs-DC2_samples-443 ----------------------------------------------------------------- | Status | Availability : unknown | State : enabled | Reason : | Destination : 172.16.1.3:443 | | Link Name --- | | Global | Picks 101 | Connections 0 | Virtual Server Score 0 | | Throughput In Out | Bits/sec 0 0 | Packets/sec 0 0393Views0likes1CommentCannot Establish GTM/DNS Sync Group
Hi all We're attempting to get a GTM/DNS sync group setup and having some difficulty. We've set the two BIG-IP systems up in a HA pair and on one device configured all the necessary components to include: Data center object Server objects for each GTM Confirmed ports 4353 and 22 are open between them. We know they are as both server objects are up/green. Configured the sync group name and enabled it The problem comes when we go to the second device and run the gtm_add script to initialise and sync with the group we get this message: ssh_exchange_identification: read: Connection reset by peer ERROR: Can't read remote cert via /usr/bin/ssh. Restarting gtmd Restarting named Restarting zrd Couple of things to note: As stated above, these devices are already in a HA active/standby pair. We don't believe to be an impediment as this should be a valid way to set GTMs up. We are using proper 3rd party certificates for management. To that end we have installed the intermediate CA and root certs in the following locations System ›› Certificate Management : Device Certificate Management : Device Trust Certificates DNS ›› GSLB : Servers : Trusted Server Certificates We have tried running the gtm_add command using a local user with admin/advanced tmsh privileges as well as root. On either device we get nothing in /var/log/gtm or even ltm, that would help give us a clue. Right now we're at a total loss and don't know where to turn next. Anyone have any helpful clues, hints or insights to help us through this? Thank you.548Views0likes1Comment