HA Active/Standby add 2nd Floating IP from a different Vlan
I have 1 HA Active/Standby pair, I am looking to add a second floating IP for management access from our Management Vlan. We are wanting to access the configuration GUI from an internal URL and get to the Active F5 no matter which one is the active F5 Currently we have a floating self IP and a non floating IP on each of the pairs. What considerations do I need to take to accomplish this? Is this feasible? Do I need to add/change the SNAT pool? Will this affect config-sync or failover? SNAT pool: internal-snatpool 10.1.20.20 Current setup Example. prd1 10.1.20.1 - traffic-group-local-only, internal 10.20.30.213 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 192.168.1.22 - traffic-group-local-only, HA prd2 10.1.20.2 - traffic-group-local-only, internal 10.20.30.214 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 192.168.1.23 - traffic-group-local-only, HA possible setup example. prd1 10.1.20.1 - traffic-group-local-only, internal 10.20.30.213 - traffic-group-local-only, external 10.30.30.213 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 10.30.30.215 - traffic-group-1, external, port lockdown set to default 192.168.1.22 - traffic-group-local-only, HA prd2 10.1.20.2 - traffic-group-local-only, internal 10.20.30.214 - traffic-group-local-only, external 10.30.30.214 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 10.30.30.215 - traffic-group-1, external, port lockdown set to default 192.168.1.23 - traffic-group-local-only, HA
health monitor without hostname
hi guys, i have a health monitor without hostname GET /icap/AV HTTP/1.1\r\nConnection: Close\r\n\r\n we have 2 backend nodes . Just wnat to know what will be the hostname when traffic is sent to backend servers. will this add original FQDN from client traffic or it adds server IP address .etc
Reset cause
Hello, someone can help me with this? I've a F5 LTM VM and the sho /net rst-cause command displays this situation: TCP/IP Reset Cause RST Cause: Count ------------------------------------------- Flow expired (sweeper) 103387 No flow found for ACK 339414 No pool member available 0 RST from BIG-IP internal Linux host 659163 SSL handshake timeout exceeded 3 TCP RST from remote system 114027 TCP retransmit timeout 48 TCP zero window timeout 136 Unknown reason 57 handshake timeout 52912 I have tried enabling the logs on LTM in order to understand the handshake timeout resets cause but I am quite confused. I can't figure out the cause of the TCP handshakes or how increase them in the tcp profile. The LTM log returns me this error: RST sent from 10.109.120.228:35681 to 10.1.29.237:8403, [0x2f3864d:271] {peer} handshake timeout Thank you for your support.
Unable to login to F5 Big-IP CLI console after data centre move
Hello, I am looking for any help! We currently have Big-IP 17.1 Best Bundle running on VE in ESXi. After moving data centres, I am unable to login on to the CLI via console to amend the management interface on to the new network that's been put in place. When I try to login as root it hangs and then presents the message "gethostbyname: Unknown host" and then reverts back to the username login prompt without asking for the password. I have tried rebooting but without being able to get past the login prompt there's not much more I can do! I'm assuming it maybe trying to do some DNS resolution at logon but being as it's on a new network it can't get out until I change it. Thanks for any help
Help with excessive RST and Port denied issues
Just setup a big IP trial in my VMware lab. I have a SELF IP on the external interface and one on the internal. I created a pool with three web servers on the internal side and I made a virtual server point to that pool. Everything looks green in the F5. I'm able to ping the web servers from the BIG IP and the machine i'm conecting from as well. But in the logs I'm seeing constant TCP resets from the F5 external IP to both my ESXi hosts. Also seeing a lot of port denied errors. Needless to say when I try to connect the the VIP it just times out even though a port scan shows port 80 open. a show /net rst-cause shows this and its only about 20 minutes since I reset all the counters. ------------------------------------------ TCP/IP Reset Cause RST Cause: Count ------------------------------------------ No flow found for ACK 186 Port denied 1580 RST from BIG-IP internal Linux host 115 TCP RST from remote system 0 TCP retransmit timeout 12 handshake timeout 0 Also seeing No flow found for ACK messages from my internal Self IP to the web server IPs What is going on and what have I done wrong???