Solved

Virtual IP reachability

Posted on 2012-03-25
9
550 Views
Last Modified: 2012-04-24
Hi, Experts,

A VIP is configured on a F5 LB and is listening on port 80 and 443.

The VIP is reachable from internet meaning reply from pool nodes behind the VIP is fine.

However, the same VIP is NOT rechable from another poolA servers on the same F5 LB. As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

VIP should be reachable directly from the poolA server with out the host entry.

Any ideas?
0
Comment
Question by:genseek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Nayyar HH (CCIE RS)
ID: 37765229
Not familiar with F5 but ....

The Load-balancers flows usually breaks when the to be load-balanced request is initiated from the server-farm being load-balanced or behind the LB as opposed to from the "Outside".  On a Cisco LB this is fixed with source NAT to fix the broken flow.

HTH
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37765778
If adding a host entry to "badppol" worked, then the VIP is reachable.

What this means is that "badpool" is access the VIP by host name and not just IP address.
So either "badpool" can't resolve the host name or it is resolving it to an incorrect IP address.

So you need to look at how "badpool" is resolving the host name.
0
 

Author Comment

by:genseek
ID: 37773361
If host entry is removed, the VIP is not working. Even with IP.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:giltjr
ID: 37773462
Let me understand this.

On the servers in poolA you define an entry like:

10.1.1.1 somehost.name

Where 10.1.1.1 is the VIP on the F5 and somehost.name is the host name you want to use to access the VIP?

What happens when you issue the command:

     nslookup somehost.name

From a server in poolA, without the host entry there?
0
 

Author Comment

by:genseek
ID: 37810270
nslookup somehost.name ...this is the complete URL.......is not working but

nslookup somehost is working...

But this is not working ONLY from the 4 servers...but working from ALL other servers...n also from other domains.

any ideas?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37811922
If all of the servers use the same DNS server for resolution, then they have different domain name suffix's and/or different domain name search suffixes.

If the servers are Linux, you can look at /etc/resolv.conf to see what they are setup for.

If they are pointing to different DNS servers for resolution, then you need to look at how those DNS servers are setup.
0
 

Author Comment

by:genseek
ID: 37826238
giltjr,

Have checked, DNS resolution is happening from hostname to IP and vice-versa.

Without the host entry, we are able to telnet on port 443 using the IP

But when using the URL on the browser, again facing the same issue.

Any more ideas what could be preventing on the server/browser etc end?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 37828661
O.K, I getting confused.  Ignore the URL, what you want to focus on is just host name.  Based on what you have said something is not resolving host names.  Now we need to figure out if it is just host name or fully qualified domain name.

You stated eariler:

--> As a workaround, a host entry is made on the poolA servers and the VIP is reachable from the poolA servers.

What entry did you add?  What is just hostname or was it hostname.domain.tld?
0
 

Author Closing Comment

by:genseek
ID: 37890370
though it did not help directly, it hleped me to understand the concept.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a trunk port on a Cisco switch? 20 86
site - site VPN 3 77
VPN Tunnel Stops Working Cisco RV130W 18 75
Rogue RDP Connections 5 103
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question