Solved

Virtual IP reachability

Posted on 2012-03-25
9
546 Views
Last Modified: 2012-04-24
Hi, Experts,

A VIP is configured on a F5 LB and is listening on port 80 and 443.

The VIP is reachable from internet meaning reply from pool nodes behind the VIP is fine.

However, the same VIP is NOT rechable from another poolA servers on the same F5 LB. As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

VIP should be reachable directly from the poolA server with out the host entry.

Any ideas?
0
Comment
Question by:genseek
  • 4
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Nayyar HH (CCIE RS)
ID: 37765229
Not familiar with F5 but ....

The Load-balancers flows usually breaks when the to be load-balanced request is initiated from the server-farm being load-balanced or behind the LB as opposed to from the "Outside".  On a Cisco LB this is fixed with source NAT to fix the broken flow.

HTH
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37765778
If adding a host entry to "badppol" worked, then the VIP is reachable.

What this means is that "badpool" is access the VIP by host name and not just IP address.
So either "badpool" can't resolve the host name or it is resolving it to an incorrect IP address.

So you need to look at how "badpool" is resolving the host name.
0
 

Author Comment

by:genseek
ID: 37773361
If host entry is removed, the VIP is not working. Even with IP.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 57

Expert Comment

by:giltjr
ID: 37773462
Let me understand this.

On the servers in poolA you define an entry like:

10.1.1.1 somehost.name

Where 10.1.1.1 is the VIP on the F5 and somehost.name is the host name you want to use to access the VIP?

What happens when you issue the command:

     nslookup somehost.name

From a server in poolA, without the host entry there?
0
 

Author Comment

by:genseek
ID: 37810270
nslookup somehost.name ...this is the complete URL.......is not working but

nslookup somehost is working...

But this is not working ONLY from the 4 servers...but working from ALL other servers...n also from other domains.

any ideas?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37811922
If all of the servers use the same DNS server for resolution, then they have different domain name suffix's and/or different domain name search suffixes.

If the servers are Linux, you can look at /etc/resolv.conf to see what they are setup for.

If they are pointing to different DNS servers for resolution, then you need to look at how those DNS servers are setup.
0
 

Author Comment

by:genseek
ID: 37826238
giltjr,

Have checked, DNS resolution is happening from hostname to IP and vice-versa.

Without the host entry, we are able to telnet on port 443 using the IP

But when using the URL on the browser, again facing the same issue.

Any more ideas what could be preventing on the server/browser etc end?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 37828661
O.K, I getting confused.  Ignore the URL, what you want to focus on is just host name.  Based on what you have said something is not resolving host names.  Now we need to figure out if it is just host name or fully qualified domain name.

You stated eariler:

--> As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

What entry did you add?  What is just hostname or was it hostname.domain.tld?
0
 

Author Closing Comment

by:genseek
ID: 37890370
though it did not help directly, it hleped me to understand the concept.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question