No response after added virtual server IP address as floating self-IP address
Hi,
I have an F5 HA pair that serves several virtual servers.
VS1: ip1
VS2: ip2
Now, the IP address of VS1 (ip1) was already defined as a floating self-IP, but I found out that the IP address of VS2 was not defined as a self-IP. So I added ip2 as a floating self-IP.
From that moment on, no traffic was accepted on either ip1 or ip2.
Moreover, when I add a floating self-IP (let's say ip3), the virtual servers stop accepting traffic.
Any idea what can be causing this? Is it necessary to define the IP address of a virtual servers as a floating self-IP? Are there benefits of doing that?
On other units I manage, I always first add the floating self-IP and then I add the virtual server on that IP address.
I'm running version "BIG-IP 11.6.0 Build 0.0.401 Final"
Thanks.
It was driving me nuts, since I just want to understand what's going.
After reading this post: https://devcentral.f5.com/questions/self-ip-address-selection-with-multiple-to-choose-from, I checked the firewall logs again. And now the pieces fit.
On the Virtual Servers I have SNAT Automap enabled. When I only have one floating self IP, that floating self IP is used to initiate traffic to backend servers. When I add more floating self IPs, it will use any of those floating self IPs to initiate traffic towards the backend servers.
The firewall between the F5 and the backend servers does not accept this traffic, meaning not actually the VS stopped responding after I added the VS IP address as a floating self IP, but the firewall blocked traffic towards the backend servers.
So, conclusion (just to summarize):
- only one floating self IP is needed for SNAT communication towards the backend servers (if the amount of connections is less than 65000, otherwise more are needed and I must define a SNAT pool or allow the other floating IP addresses to communicate to the backend servers)
- I will remove the unneeded floating self IP, since they're not needed for a VS to function as a listener IP
Thanks all for your help!