Adding a network interface to a Big-IP VE?
I have a Big-IP running v14.1.4.6 and need to add another network interface. At the moment, interfaces 1.1, 1.2 and 1.3 are configured, but I see no option in the GUI to add a fourth. According to the server team folks there's a fourth network adapter configured (in VMware, I believe), but I'm at a loss regarding how to create a fourth one on the F5. I did find the command below (modified for what I need) for adding an interface in another post, but was unable to get it to work. tmsh create net vlan vlan103 interfaces add { 1.4 { untagged } } Am I going about this the wrong way? It's odd that adding an interface can't simply be done via the GUI. Thanks!Solved2.2KViews0likes2CommentsvCMP logical interfaces throughput
Hello, we currently have 2 BIG-IP 15800 each one connected with 2 100Gb interfaces. So i have a guest vcmp with 8vCPU and 8 logical interfaces 0.1, 0.2, 0.3 and so on to 0.8. In the cli-console or at my zabbix those interfaces are detected as 10Gb each, and i can see traffic in all of them... My question is, are those virtual interfaces capped at 10Gb ? Or in another words, how much bandwidth do i have on this vCMP?Solved2.1KViews0likes6CommentsMost likely cause of network input errors?
I have an HA pair of LTMs running 10.2.3. On one vlan I am incrementing input errors at the same exact rate on both the active and passive units. Discussing with our network engineer, he says he has seen this before at another job, but can't quite remember the cause. He believes it is a case of the LTMs not understanding some type of traffic coming across the port and dropping it as a result. Have any of you ever encountered anything like this? Thanks, Chris1.1KViews0likes6CommentsConnection loss Client -> F5 BIGIP LTM
Hi all, I am currently experiencing an issue with an application that is being used on 3 application servers (windows server 2003), loadbalanced behind the F5 BIGIP. Users are sometimes losing connection to the server, which makes the application crash. I have launched a capture for one of these clients and I'm seeing the following when this issue occurs (capture.png): Client: 10.229.237.235, IP of virtual server on BIGIP: 172.20.5.41 From what I can see there is no SYN-ACK being returned from BIGIP. There are also a lot of messages in the log containing TCP Window Full & TCP out of order. When we let the user connect directly to an application server instead of passing through BIGIP, they have no issues. The capture is also very clean in that case, no retransmissions, no duplicate acks or TCP resets.. The TCP protocol being used is Protocol Profile (Client) - TCP LAN Optimized and for Protocol Profile (Server) - TCP WAN Optimized. Does anyone have an idea why BIGIP doesn't send a SYN-ACK in this case? I was thinking maybe an issue with receiving window & send buffers.. Or would I need a capture on the virtual server to further analyze this behaviour? Any help would be greatly appreciated! Thank you Kind regards Ron999Views0likes6CommentsNew i2800 to Cisco 93180YC-FX3 Twinax
I've seen older post and I've used these before but cannot get them working now. Does anyone know if you can still use the Cisco Twinax cables (SFP-H10GB-CU3M)? My F5 is showing the following: Net::Interface Name Status Bits Bits Pkts Pkts Drops Errs Media In Out In Out --------------------------------------------------------------- 1.0 up 0 0 0 0 0 0 1000CX-FD 2.0 miss 0 0 0 0 0 0 none 3.0 miss 0 0 0 0 0 0 none 4.0 miss 0 0 0 0 0 0 none 5.0 down 0 0 0 0 0 0 none 6.0 down 0 0 0 0 0 0 none mgmt up 20.2G 6.2G 1.7M 670.7K 0 0 1000T-FD net interface 5.0 { if-index 352 mac-address 14:a9:d0:06:80:88 media-max 10000T-FD module-description "Unsupported Optic detected" mtu 9198 serial JPC23220CWT vendor CISCO-JPC vendor-oui 001897 vendor-partnum P3410UB03000-1 vendor-revision A0832Views0likes1CommentAccess loadbalanced IP from internal VLAN
Hi again, I'm not sure if my current problems are related to the changes outlined here: https://devcentral.f5.com/questions/nat-exemption-next-hop-routing But it might well be. I'm currently not able to access the loadbalanced ip from the internal VLAN, where the loadbalanced IP is configured for, example: 1.1.1.1:80 -> 192.168.1.1:80 + 192.168.1.2:80 (round robin) I can access 1.1.1.1 perfectly fine from any other internal VLAN (like from servers in the 192.168.2.0/24 subnet), but am not able to access them from the 192.168.1.0/24 VLAN. Any ideas how to solve that issue? I think it's related to the virtual servers we created in the above mentioned question but I'm not sure how to work around that without breaking my other requirements. Thanks, best, AlexSolved561Views0likes4CommentsNAT Exemption / Next-Hop Routing
Hey there, I got a tricky situation here, let me try to outline it as simple as possible. I do have a BigIP LTM running 10.2.4HF7 here which has one Uplink-VLAN (public ip space), several internal VLANs (private ip space divided up into /24s) and one link VLAN which goes directly to a Cisco ASA firewall used for remote dialin and IPSEC site2site connections. I'd like to have local connections (from one VLAN to the other) being routed and not NATed, that is, the source IP should stay intact, so if vlan1 wants to connect to vlan2, this should be possible and the source ip should not be changed. If the inside vlans try to access the internet, they should be NATed of course for internet access and if the inside vlans try to access a remote subnet which is behind an IPSEC site2site tunnel, the packets should also not be NATed and forwarded to the next hop which then takes care about throwing these packets into the IPSEC tunnel. I've tried so many things now that I don't even recall them all, but basically, I think I have a misconception of how routing works on the BigIP. Let's assume the following subnets: outside (internet facing) vlan: 110.0.0.0/24 inside vlans: 192.168.1.0/24 192.168.2.0/24 link subnet to the Cisco ASA firewall: 192.168.99.0/24 remote subnets: 192.168.100.0/24 I have added a route on the BigIP which routes traffic to 192.168.100.0/24 via 192.168.99.0/24 to specify the next hop. I've also added an automap SNAT for my internal vlans and things seemed to work just fine until I realized, that connections to the remote subnets did not keep their source IP, instead they were NATed to the ip on the link subnet (which is what automap does essentially) and thefore the packets did not find its way into the tunnel because the link subnet is not part of the IPSEC site2site tunnel configuration. I've played with several irule examples I've found here in the forums but couldn't make it work, things like conditional SNAT, etc. and I think I must have a design flaw somewhere in my configuration and am hoping for some valuable input here. If you have any questions, please feel free to ask. Thanks in Advance, Alex516Views0likes7CommentsStrange SNAT IP address behaviour
Hello everyone, Recently we've discovered a weird behaviour on our BIG-IP system. We are currently running version 11.5.1 on an 8950 Active/Passive HA pair. We have detected that a couple of servers, due to misconfiguration, are generating UDP traffic to port 1002 of an SNAT IP address which belongs to a SNAT Pool. Our BIG-IP is bouncing that traffic back to the network simply changing source an destination MAC address on the ethernet header. You can see it on the following screenshots: Is this an expected behaviour? Shouldn't F5 just drop this traffic? As additional info: the VS to which this SNAT Pool belongs is configured for port 80 HTTP. Thank you very much in advance for your answers. Best regards, Carlos472Views0likes9Comments