Virtual Servers (LTM on EC2)

Question

Hello,&nbsp;
I have installed the F5 AMI on EC2. Let's assume its IP is&nbsp;
1.0.0.1&nbsp;
I have provisioned three more machines running Apache each of which serves up a simple web page on port 80. Assume these servers' IPs are...&nbsp;
1.0.0.2
1.0.0.3
1.0.0.4&nbsp;
I have created a Pool with these Apache servers as members and have associated this Pool with a Virtual Server. Within the Virtual Server section, I have set the Destination Type to 'Host' and the Destination Address to the same address as the F5 instance (i.e. 1.0.0.1). I have set the Service Port to 80.&nbsp;
When I try to browse 1.0.0.1:80, I get page not found instead of the request being 'load balanced' to one of the Apache servers. Why is this?&nbsp;
I realize that, on 1.0.0.1, the admin console runs on port 443 but 80 should be free, right?&nbsp;
I also know that my pool is set up correctly, because the health monitoring I've set up in it is reporting the status of each of the three Apache servers correctly.&nbsp;
My EC2 security group for the F5 and Apache servers is correct.&nbsp;
I can browse each of the Apache server web pages if I access that IP directly.&nbsp;
Any ideas?&nbsp;
Thanks,&nbsp;
Matthew&nbsp;

thi · Answer

Seems to be one legged configuration, i.e. virtual server and pool members (nodes) are in the same subnet. &nbsp;
Might be a routing problem for the return packets from the servers. If you monitor the packets to the server do you see any traffic going to the servers and anything coming back? You can check with GUI: Statistics  ››  Module Statistics : Local Traffic  ››  Virtual Servers or Nodes: Bits/Packets In /Out. If you see something going in but 0 out, then the return packets may bypass the BIG-IP and connection cannot be made.&nbsp;
Do the servers have a route back to the client via the BIG-IP? Where is the servers' default gateway pointing? If not to the BIG-IP self IP (1.0.0.1), do you have any SNAT, like SNAT Automap for the virtual defined? SNAT Automap will rewrite client address to be the BIG-IP's address for the server bound packets. Thus the servers think they are communicating with the BIG-IP on packet level, and will send the return packets back to the BIG-IP, which will pass them back to the client.&nbsp;

what_lies_bene1 · Answer

Can you describe the IP and VLAN setup of your instance please? How many interfaces and IPs do you have configured?&nbsp;

Forum Discussion

Virtual Servers (LTM on EC2)

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Virtual Server graphical App for F5 LTM

Use BIG-IP LTM Virtual Server & iRule for an internal "What's My IP" website

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Trouble applying GoDaddy certificate to a virtual server