F5 BIGIP — Determine the Healthcheck Source Address

I was discussing some F5 LTM Healthcheck Monitor capabilities with a colleague of mine at work the other day, when he brought up a great question.

What does an F5 LTM use for a source IP address when connecting to pool members for the healthcheck monitor service? Especially on a Multi-Network setup.

To answer this question we have to consider the typical LTM cluster set up . Usually set up in pairs of two(2), one acting as an Active unit and the other as Standby unit. Each unit has it’s own Self IP for each “network leg” it is attached to.  The Active and Standby unit also share a “Floating IP address”, which is used for the backend traffic to pool members. But back to the question, let’s use the following example:

Networks:

192.168.0.0/24 (Pool Members)
192.168.100.0/24 (Pool Members)
10.0.0.0/22 (VIPs)

LTM 1 – Self IPs

192.168.0.1
192.168.100.1
10.0.0.1  (Identified as Default Gateway in Routing Table)

LTM 2 – Self IPs

192.168.0.2
192.168.100.2
10.0.0.2 (Identified as Default Gateway in Routing Table)

As you can see we have 3 network segments and a single /22 which I’ve designated for VIPs. I’m not sure you would ever segregate this small, it truly depends on your situation and how flat your network is. A Pool Monitor is only unique to it’s monitor type, the target IP address and port are defined by the pool itself.  The source IP address and/or interface the F5 uses to send the Monitor out depends on it’s own routing table and self IP list.  If the Monitor being sent is on either of the F5s self IP networks, it will choose that IP address and interface to send it out. However if neither of the Self IPs are part of the same network as the Monitor being sent out, the F5 will use it’s routing table, and default gateway to send the Monitor and traverse the network to it’s target.

Back to the example:

Member1 = 192.168.0.4
Member2 = 192.168.100.4
Member3 = 10.32.45.3

So, a Monitor request being sent for Member 1 will have the source address of 192.168.0.1 from LTM1 and 192.168.0.2 from LTM2. The Member’s network log will see two identical requests from two different sources, one from LTM1 and one from LTM2. The same goes for Member2, except each LTM uses it’s corresponding source IP on the 192.168.100.0/24 network. The last member, Member 3, does not conform to any of our interface’s networks. Therefore by default the F5 LTM will choose from it’s routing table it’s own default gateway to traverse to the target pool member.

Notes:
The F5 does not use it’s floating IP address to monitor pool members!!

Sources: