Solved

Virtual IP reachability

Posted on 2012-03-25
9
551 Views
Last Modified: 2012-04-24
Hi, Experts,

A VIP is configured on a F5 LB and is listening on port 80 and 443.

The VIP is reachable from internet meaning reply from pool nodes behind the VIP is fine.

However, the same VIP is NOT rechable from another poolA servers on the same F5 LB. As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

VIP should be reachable directly from the poolA server with out the host entry.

Any ideas?
0
Comment
Question by:genseek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Nayyar HH (CCIE RS)
ID: 37765229
Not familiar with F5 but ....

The Load-balancers flows usually breaks when the to be load-balanced request is initiated from the server-farm being load-balanced or behind the LB as opposed to from the "Outside".  On a Cisco LB this is fixed with source NAT to fix the broken flow.

HTH
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37765778
If adding a host entry to "badppol" worked, then the VIP is reachable.

What this means is that "badpool" is access the VIP by host name and not just IP address.
So either "badpool" can't resolve the host name or it is resolving it to an incorrect IP address.

So you need to look at how "badpool" is resolving the host name.
0
 

Author Comment

by:genseek
ID: 37773361
If host entry is removed, the VIP is not working. Even with IP.
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 57

Expert Comment

by:giltjr
ID: 37773462
Let me understand this.

On the servers in poolA you define an entry like:

10.1.1.1 somehost.name

Where 10.1.1.1 is the VIP on the F5 and somehost.name is the host name you want to use to access the VIP?

What happens when you issue the command:

     nslookup somehost.name

From a server in poolA, without the host entry there?
0
 

Author Comment

by:genseek
ID: 37810270
nslookup somehost.name ...this is the complete URL.......is not working but

nslookup somehost is working...

But this is not working ONLY from the 4 servers...but working from ALL other servers...n also from other domains.

any ideas?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37811922
If all of the servers use the same DNS server for resolution, then they have different domain name suffix's and/or different domain name search suffixes.

If the servers are Linux, you can look at /etc/resolv.conf to see what they are setup for.

If they are pointing to different DNS servers for resolution, then you need to look at how those DNS servers are setup.
0
 

Author Comment

by:genseek
ID: 37826238
giltjr,

Have checked, DNS resolution is happening from hostname to IP and vice-versa.

Without the host entry, we are able to telnet on port 443 using the IP

But when using the URL on the browser, again facing the same issue.

Any more ideas what could be preventing on the server/browser etc end?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 37828661
O.K, I getting confused.  Ignore the URL, what you want to focus on is just host name.  Based on what you have said something is not resolving host names.  Now we need to figure out if it is just host name or fully qualified domain name.

You stated eariler:

--> As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

What entry did you add?  What is just hostname or was it hostname.domain.tld?
0
 

Author Closing Comment

by:genseek
ID: 37890370
though it did not help directly, it hleped me to understand the concept.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question