Creating a GTM Pool error
I am trying to add a GTM pool with the following command create gtm pool a POOL_NAME { members add { DC:/Common/VS_NAME { member-order 0 } } } It is giving me this error: 01070226:3: Pool Member VS_NAME references a nonexistent Virtual Server The virtual server does exist. I have added 40+ other pools with the same command, this is the only one giving me an error. When I try to create the pool via the GUI this server is not available in the "Virtual Server:" dropdown list. What could be the issue?55Views0likes1CommentAdding LTM to GTM with different version
Hi Experts, I am looking for a KB that shows the prerequisites or consideration prior doing BIGIP ADD in GTM. Are goal is to use GSLB functionality of our GTM. Our GTM is running in 11.6.1 version and we will upgrade our LTM from 11.6.1 to 13.0. May we know if it is possible or there is an issue with this setup.597Views0likes2CommentsGTM Source IP Redirect to Specific Pools iRule
I'm trying to redirect clients to specific pools based on the clients IP address through an iRule. I created this iRule in the GTM and it seems to be working fine however, I'd like to set client networks in the rule instead of "starts_with" in an effort to keep this rule as short as we add more and more clients. I've tried "equals "10.80.0.0/16" however that didn't seem to work. Anyone have any ideas on what I could do to achieve my goal? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- when DNS_REQUEST { if { [IP::client_addr] starts_with "10.80." } { pool pool_10_80 } elseif { [IP::client_addr] starts_with "10.96." } { pool pool_10_96 } elseif { [IP::client_addr] contains "172.27." } { pool pool_172_27 } } =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thanks in advance for any feedback.517Views0likes3CommentsBIGIP DNS health monitor
I suspect I am missing some fundamental understanding for this but what i want to accomplish is to have a wide ip that monitors two web servers and just returns only an ip of a server that is up. I created two server objects of product generic host. I put the ip of one webserver in the big-ip system devices and also created a resource on the page with the same ip. Repeated the process for the other. I created a GSLB pool and added both server objects. I created the wide ip object and added the pool. Resolves as expected with the webserver ips alternating, however none of the health monitors actually work (all are red) when i look at the pool members they have the error against availibility as Offline (Enabled) - Monitor /Common/gateway_icmp from <unknown> : no reply from big3d: timed out I suspect I am creating the server object incorrect or there is another way to do this, could anyone please advise?728Views0likes1CommentDnsClientNrptRule configuration not working when connected to BIG-IP Edge Client
Hello, Our problem is when connecting to a third party VPN, our local DNS is not resolving causing problems with users accessing local resources while on this VPN. Split tunneling is enabled on the connection but we do not have control over changing any of the F5 connection settings since this connection is outside of our organization. We are attempting to fix this using a DnsClientNrptRule but even after adding the rule, it still uses the DNS servers configured on the VPN connection. The rule works as expected when not connected to the VPN. Any insight would be greatly appreciated. Thanks!946Views0likes2Commentshow GTM monitor work , what is the process of a GTM https montor
create monitor https m-test-host.c-name.test.doamin.com-HTTPS-8090 interval 15 timeout 60 send "HEAD /test.html HTTP/1.1\r\nHost: test-host.test.doamin.com:8090\r\n\r\n" recv "HTTP/1.[01] [23][0-9][0-9]" modify server server1 virtual-servers add { vs-dc1_test-host-8090 { destination 192.168.11.21:8090 } } exit exit modify server server2 virtual-servers add { vs-dc2_test-host-8090 { destination 172.16.5.12:8090 } } exit exit create pool a p-test-host.c-name.test.doamin.com modify pool a p-test-host.c-name.test.doamin.com members add { server1:vs-dc1_test-host-8090 { member-order 0 } } members add { server2:vs-dc2_test-host-8090 { member-order 1 } } monitor m-test-host.c-name.test.doamin.com-HTTPS-8090 load-balancing-mode global-availability alternate-mode none fallback-mode none max-answers-returned 1 ttl 10 exit exit exit create wideip a test-host.c-name.test.doamin.com { pools add { p-test-host.c-name.test.doamin.com } } environment setting: a cname has been add: test.host.test.domain.com test.host.c-name.test.domain.com domain test.domain.com is configured to be resolved by the above GTM GTM listen to the DNS resolve request for test.domain.com I have a GTM configuration above , I am wondering how GTM https monitor works, here is my understandings, is that correct ? GTM detect the aliveness with test command: curl --insecure -v https://test-host.test.doamin.com:8090/test.html GTM send the DNS resolve request for test-host.test.doamin.com , since there is Cname , GTM will request DNS resolve for test.host.c-name.test.domain.com 3. since the c-name.test.domain.com will be resolve by itself , GTM check the configuration , found that a pool is configured for test-host.test.doamin.com 4, GTM check the pool member aliveness with command , curl --insecure -v https://192.168.11.21:8090/test.html curl --insecure -v https://172.16.5.12:8090/test.html if any of the pool member is up , the pool will be up , the wideip will be up.483Views0likes2Commentshow to read the output of show pool a p detail on GTM
here is the output of show pool detail comment . I have few questions: what does prefer 100 mean in the output . what does global pick 100 mean in the output. show pool a p-sample.com detail ------------------------------------------------------------- Gtm::Pool::A p-sample.com ------------------------------------------------------------- Status Availability : available State : enabled Reason : Available Load Balancing Preferred 104 Alternate 0 Fallback 0 Returned from DNS 0 Returned to DNS 0 Dropped 0 ---------------------------------------------------------------------------------- | Gtm::Pool Member: p-sample.com:A vs-DC1_samples-443:server1 ---------------------------------------------------------------------------------- | Status | Availability : available | State : enabled | Reason : Available | | Load Balancing | Preferred 100 | Alternate 0 | Fallback 0 ----------------------------------------------------------------- | Gtm::Virtual Server: vs-DC1_samples-443 ----------------------------------------------------------------- | Status | Availability : unknown | State : enabled | Reason : | Destination : 192.16.1.2:443 | | Link Name --- | | Global | Picks 100 | Connections 0 | Virtual Server Score 0 | | Throughput In Out | Bits/sec 0 0 | Packets/sec 0 0 ---------------------------------------------------------------------------------- | Gtm::Pool Member: p-sample.com:A vs-DC2_samples-443:server2 ---------------------------------------------------------------------------------- | Status | Availability : available | State : enabled | Reason : Available | | Load Balancing | Preferred 101 | Alternate 0 | Fallback 0 ----------------------------------------------------------------- | Gtm::Virtual Server: vs-DC2_samples-443 ----------------------------------------------------------------- | Status | Availability : unknown | State : enabled | Reason : | Destination : 172.16.1.3:443 | | Link Name --- | | Global | Picks 101 | Connections 0 | Virtual Server Score 0 | | Throughput In Out | Bits/sec 0 0 | Packets/sec 0 0391Views0likes1CommentCannot Establish GTM/DNS Sync Group
Hi all We're attempting to get a GTM/DNS sync group setup and having some difficulty. We've set the two BIG-IP systems up in a HA pair and on one device configured all the necessary components to include: Data center object Server objects for each GTM Confirmed ports 4353 and 22 are open between them. We know they are as both server objects are up/green. Configured the sync group name and enabled it The problem comes when we go to the second device and run the gtm_add script to initialise and sync with the group we get this message: ssh_exchange_identification: read: Connection reset by peer ERROR: Can't read remote cert via /usr/bin/ssh. Restarting gtmd Restarting named Restarting zrd Couple of things to note: As stated above, these devices are already in a HA active/standby pair. We don't believe to be an impediment as this should be a valid way to set GTMs up. We are using proper 3rd party certificates for management. To that end we have installed the intermediate CA and root certs in the following locations System ›› Certificate Management : Device Certificate Management : Device Trust Certificates DNS ›› GSLB : Servers : Trusted Server Certificates We have tried running the gtm_add command using a local user with admin/advanced tmsh privileges as well as root. On either device we get nothing in /var/log/gtm or even ltm, that would help give us a clue. Right now we're at a total loss and don't know where to turn next. Anyone have any helpful clues, hints or insights to help us through this? Thank you.530Views0likes1CommentGTM/DNS Not able to run simple external monitor?
Hello All, I've been struggling with this for some time and wanted to see if anyone else had any ideas. Scenario: We have a GTM/DNS VE to perform intelligent DNS resolution for generic hosts (IE, non LTM virtual servers etc). We have multiple Squid proxies in one location that we want to intelligently resolve IP's for. For example, we want all traffic to flow through proxyA in case it's down then start resolving proxyB. We figure would could send a command to probe a website on the internet through the proxy which will give us a bit more accuracy instead of a simple port monitor. For example reach out to www.google.com/robots.txt and expect to receive a 200 (or something similar) will ensure the proxy itself can reach the internet even though the port is still accessible to the internal clients. I have a curl command that does reach through the proxy and gets the response we're expecting but we can't seem to get that to work in monitor format. We continue to receive: Offline (Enabled) - Monitor /Common/proxy_mon from [self_ip] : state returned down The External Program: #!/bin/sh # These arguments supplied automatically for all external monitors: # $1 = IP (nnn.nnn.nnn.nnn notation) # $2 = port (decimal, host byte order) # # This script expects the following Name/Value pairs: # HOST = the host name of the SNI-enabled site # URI = the URI to request # RECV = the expected response # # Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) NODE=`echo ${1} | sed 's/::ffff://'` PORT=${2} if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then NODE=${NODE} else NODE=[${NODE}] fi PIDFILE="/var/run/`basename ${0}`.sni_monitor_${HOST}_${PORT}_${NODE}.pid" if [ -f $PIDFILE ]; then echo "EAV exceeded runtime needed to kill ${HOST}:${PORT}:${NODE}" | logger -p local0.error kill -9 `cat $PIDFILE` > /dev/null 2>&1 fi echo "$$" > $PIDFILE STATUS=`curl-apd -x http://${NODE}:${PORT} https://${URL} 2>/dev/null` rm -f $PIDFILE if [[ "$STATUS" == "$RECV"* ]]; then echo "UP" fi exit The GTM Monitor: The GTM log just shows the same message as the monitor status on the member properties. We even tried to setup a simple monitor that simply does an echo "UP" so it shouldn't be reaching out through the proxy yet that still comes back with the same status. Any ideas on where else to look is greatly appreciated! Thanks, Luis518Views0likes1Comment