Virtual IP reachability

Hi, Experts,

A VIP is configured on a F5 LB and is listening on port 80 and 443.

The VIP is reachable from internet meaning reply from pool nodes behind the VIP is fine.

However, the same VIP is NOT rechable from another poolA servers on the same F5 LB. As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

VIP should be reachable directly from the poolA server with out the host entry.

Any ideas?
genseekAsked:
Who is Participating?
 
giltjrConnect With a Mentor Commented:
O.K, I getting confused.  Ignore the URL, what you want to focus on is just host name.  Based on what you have said something is not resolving host names.  Now we need to figure out if it is just host name or fully qualified domain name.

You stated eariler:

--> As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

What entry did you add?  What is just hostname or was it hostname.domain.tld?
0
 
Nayyar HH (CCIE RS)Network ArchitectCommented:
Not familiar with F5 but ....

The Load-balancers flows usually breaks when the to be load-balanced request is initiated from the server-farm being load-balanced or behind the LB as opposed to from the "Outside".  On a Cisco LB this is fixed with source NAT to fix the broken flow.

HTH
0
 
giltjrCommented:
If adding a host entry to "badppol" worked, then the VIP is reachable.

What this means is that "badpool" is access the VIP by host name and not just IP address.
So either "badpool" can't resolve the host name or it is resolving it to an incorrect IP address.

So you need to look at how "badpool" is resolving the host name.
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
genseekAuthor Commented:
If host entry is removed, the VIP is not working. Even with IP.
0
 
giltjrCommented:
Let me understand this.

On the servers in poolA you define an entry like:

10.1.1.1 somehost.name

Where 10.1.1.1 is the VIP on the F5 and somehost.name is the host name you want to use to access the VIP?

What happens when you issue the command:

     nslookup somehost.name

From a server in poolA, without the host entry there?
0
 
genseekAuthor Commented:
nslookup somehost.name ...this is the complete URL.......is not working but

nslookup somehost is working...

But this is not working ONLY from the 4 servers...but working from ALL other servers...n also from other domains.

any ideas?
0
 
giltjrCommented:
If all of the servers use the same DNS server for resolution, then they have different domain name suffix's and/or different domain name search suffixes.

If the servers are Linux, you can look at /etc/resolv.conf to see what they are setup for.

If they are pointing to different DNS servers for resolution, then you need to look at how those DNS servers are setup.
0
 
genseekAuthor Commented:
giltjr,

Have checked, DNS resolution is happening from hostname to IP and vice-versa.

Without the host entry, we are able to telnet on port 443 using the IP

But when using the URL on the browser, again facing the same issue.

Any more ideas what could be preventing on the server/browser etc end?
0
 
genseekAuthor Commented:
though it did not help directly, it hleped me to understand the concept.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.