Forum Discussion

PrismaNet_17675's avatar
PrismaNet_17675
Icon for Nimbostratus rankNimbostratus
Nov 10, 2014

Big-IP HA issue accessing management UI from a routed subnet

Good evening,

 

First time here and I don't have lots of experience with F5 but here's my question and hope someone can help :-)

 

I've been asked to take over an HA pair of F5 Big-IP v11.6 (virtual edition) that is configured in Active/Standby HA. The HA works fine although I still have some things to review. For the moment, I have a weird issue I can't seem to figure out. Here's a quick overview of my config:

 

Each BIG-IP has its own Management IP and 6 VLANs (include HA and external). Self IP and Virtual IP is defined on all VLANs. Port Lockdown is enabled only on HA (Default) and Monitoring (allow SSH and HTTPS only) VLANs.

 

The issue I have is when I try to manage the units through their self IP from a routed subnet. If I just try and PING both devices with their SelfIP, only one of them respond but never both. It always seems to be the Standby one that respond. The routing tables are the same on both devices.

 

Don't what else to check for.

 

Anything special I should look for?

 

Thanks! Sylvain

 

2 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus

    Firstly, you shouldn't manage the bigip's via the selfip's. You should be managing via the management interface IP's. That's what they're for.

     

    Second. To start to find out why one doesn't respond, use tcpdump to verify whether it's the packets TO bigip that get lost, or packets from bigip back to the management station. That's probably the first step I'd perform to work out where things are going wrong.

     

    H

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus

    BigIP does respond to imp echo when active, so it's not that. Is the self you're trying to contact on the interface that's facing your client? or the far side of the bigip?

     

    Are you tcpdump'ing with interface 0.0? or another interface?

     

    H