K30503041: Creating a virtual server with ARP and/or ICMP disabled at creation Non-Diagnostic Original Publication Date: Apr 16, 2020 Update Date: Apr 16, 2020 Topic You should consider using this procedure under the following condition: You want to create a new virtual server with the Address Resolution Protocol (ARP) and/or the Internet Control Message Protocol (ICMP) disabled at creation. Description In some network environments, you may want to create virtual servers that have ARP and/or ICMP disabled. When creating a new virtual server (one that does not use an IP address of an existing virtual server), you can enable or disable the virtual server. However, you cannot set the IP address of the virtual server with ARP and/or ICMP to 'disabled' when creating the virtual server. You can only enable or disable ARP or ICMP by modifying the virtual address that is automatically created when you create the virtual server. In this scenario, you create the virtual address with ARP and ICMP enabled at the time of creation. You can work around this scenario by creating the virtual address for the virtual server in advance with ARP and/or ICMP disabled. After creating the virtual address, you can then create the virtual server that references the same IP address of the virtual address as the destination IP address of the virtual server. Prerequisites You must meet the following prerequisite to use this procedure: Administrative access to the BIG-IP Configuration utility or the TMOS Shell (tmsh). Note: You cannot create a virtual address using the Configuration utility. To create the virtual address, you can use the iControl REST API. Access to the REST interface requires administrative access to the Configuration utility. Procedures Using REST to create a virtual address Using tmsh to create a virtual address Using REST to create a virtual address The following REST command syntax demonstrates how to create a virtual address with ARP and ICMP disabled using the Linux cURL utility. Impact of procedure: Performing the following procedure should not have a negative impact on your system. curl -sk -u admin:<password> -H "Content-Type: application/json" -X POST https://<big-ip ip address>/mgmt /tm/ltm/virtual-address -d '{"name":"<name or virtual ip address>","partition":"Common","address":"<virtual ip address>","mask":"<mask>","arp":"<state>","icmpEcho":"<state>","floating":"<state>"}' In this command syntax, note the following: <password> is the administrative user password. <big-ip ip address> is the IP address of the destination BIG-IP device. <name or ip address> is text name or the IP address for the virtual address. <virtual ip address> is the IP address for the virtual address. <mask> is the netmask of the virtual address. For non-network addresses, F5 recommends a 32-bit mask 255.255.255.255. <state> is enabled or disabled for each object. For example, use 'disabled' if you do not want that object enabled (ARP, ICMP). For example: curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://192.168.1.62/mgmt/tm/ltm /virtual-address -d '{"name":"my-virtual-address","partition":"Common","address":"10.14.0.1","mask":" 255.255.255.255","arp":"disabled","icmpEcho":"disabled","floating":"enabled"}' The following alternate example reuses the virtual address as the name: curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://192.168.1.62/mgmt/tm/ltm /virtual-address -d '{"name":"10.14.0.1","partition":"Common","address":"10.14.0.1","mask":" 255.255.255.255","arp":"disabled","icmpEcho":"disabled","floating":"enabled"}' You can now use your normal method for creating a new virtual server using the virtual address created in the procedure as the virtual server destination address. For more information about REST syntax to create a virtual server, refer to: K13225405: Common iControl REST API command examples. Using tmsh to create a virtual address The following tmsh command syntax demonstrates how to create a virtual address with ARP and ICMP disabled. Impact of procedure: Performing the following procedure should not have a negative impact on your system. 1. Log in to tmsh by typing the following command: tmsh 2. To create a new virtual address, use the following command syntax: 2. create /ltm virtual-address <name or virtual ip address> address <virtual ip address> mask <mask> arp <state> icmp-echo <state> In this command syntax, note the following: <name or ip address> is the text name or the IP address for the virtual address. <virtual ip address> is the IP address for virtual address. <mask> is the netmask of the virtual address. For non-network addresses, F5 recommends a 32-bit mask 255.255.255.255. <state> is enabled or disabled for each object. For example, use 'disabled' if you do not want that object enabled (ARP, ICMP). For example: create /ltm virtual-address my-virtual-address address 10.14.0.1 mask 255.255.255.255 arp disabled icmp-echo disabled 3. Save the configuration by typing the following command: save /sys configuration partitions all You can now use your normal method for creating a new virtual server using the virtual address created in the procedure as the virtual server destination address. Supplemental Information K13225405: Common iControl REST API command examples Applies to: Product: BIG-IP 15.X.X, 14.X.X, 13.X.X, 12.X.X.