Solved

Virtual IP reachability

Posted on 2012-03-25
9
544 Views
Last Modified: 2012-04-24
Hi, Experts,

A VIP is configured on a F5 LB and is listening on port 80 and 443.

The VIP is reachable from internet meaning reply from pool nodes behind the VIP is fine.

However, the same VIP is NOT rechable from another poolA servers on the same F5 LB. As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

VIP should be reachable directly from the poolA server with out the host entry.

Any ideas?
0
Comment
Question by:genseek
  • 4
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Nayyar HH (CCIE RS)
ID: 37765229
Not familiar with F5 but ....

The Load-balancers flows usually breaks when the to be load-balanced request is initiated from the server-farm being load-balanced or behind the LB as opposed to from the "Outside".  On a Cisco LB this is fixed with source NAT to fix the broken flow.

HTH
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37765778
If adding a host entry to "badppol" worked, then the VIP is reachable.

What this means is that "badpool" is access the VIP by host name and not just IP address.
So either "badpool" can't resolve the host name or it is resolving it to an incorrect IP address.

So you need to look at how "badpool" is resolving the host name.
0
 

Author Comment

by:genseek
ID: 37773361
If host entry is removed, the VIP is not working. Even with IP.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37773462
Let me understand this.

On the servers in poolA you define an entry like:

10.1.1.1 somehost.name

Where 10.1.1.1 is the VIP on the F5 and somehost.name is the host name you want to use to access the VIP?

What happens when you issue the command:

     nslookup somehost.name

From a server in poolA, without the host entry there?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:genseek
ID: 37810270
nslookup somehost.name ...this is the complete URL.......is not working but

nslookup somehost is working...

But this is not working ONLY from the 4 servers...but working from ALL other servers...n also from other domains.

any ideas?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37811922
If all of the servers use the same DNS server for resolution, then they have different domain name suffix's and/or different domain name search suffixes.

If the servers are Linux, you can look at /etc/resolv.conf to see what they are setup for.

If they are pointing to different DNS servers for resolution, then you need to look at how those DNS servers are setup.
0
 

Author Comment

by:genseek
ID: 37826238
giltjr,

Have checked, DNS resolution is happening from hostname to IP and vice-versa.

Without the host entry, we are able to telnet on port 443 using the IP

But when using the URL on the browser, again facing the same issue.

Any more ideas what could be preventing on the server/browser etc end?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 37828661
O.K, I getting confused.  Ignore the URL, what you want to focus on is just host name.  Based on what you have said something is not resolving host names.  Now we need to figure out if it is just host name or fully qualified domain name.

You stated eariler:

--> As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

What entry did you add?  What is just hostname or was it hostname.domain.tld?
0
 

Author Closing Comment

by:genseek
ID: 37890370
though it did not help directly, it hleped me to understand the concept.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now