For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

chip_cunningham's avatar
chip_cunningham
Icon for Nimbostratus rankNimbostratus
Aug 13, 2014

Add Virtual Server to BigIP without updating ARP tables

Hi!

 

A quick question: we're translating to F5 BigIPs (11.5) from our current load balancing system, which is Loadbalancer.org's EnterpriseVAs. We'd like to use the same IPs for the new Virtual Servers in the BigIP that we already have in our current load balancer. I assumed that I could create the Virtual Servers in BigIP and leave them in the "Disabled" state without affecting anything. However, it seems that, even though the virtual server is in the Disabled state, BigIP still updated the ARP tables on our Nexus switches, and so the switches started directing traffic to the BigIPs instead of leaving it pointed at the current load balancer. We had to go in and clear the ARP tables on the switches to reverse this. Is there a way to set up the virtual servers, leave them disabled and NOT update ARP on the switch, so that I can then drain the connections in the current load balancer and enable the virtual server in BigIP?

 

Thanks!

 

Chip

 

application delivery
deployment
LTM

8 Replies

  • shaggy's avatar
    shaggy
    Icon for Nimbostratus rankNimbostratus
    Aug 13, 2014

    In the Configuration Utility, navigate to Local Traffic | Virtual Servers | Virtual Address List - click on the desired virtual IP address and uncheck "ARP"

     

    I would create the virtual servers on the standby, disable ARP on the virtual address, and then sync to the active

     

  • chip_cunningham's avatar
    chip_cunningham
    Icon for Nimbostratus rankNimbostratus
    Aug 13, 2014

    Shaggy,

     

    Thanks! Unfortunately (at least from my n00b point of view) you can only do that after creating the Virtual Server, not in the process of creating it. The second you hit "Finished" on the Virtual Server creation screen, it updates ARP. However, the suggestion about creating it on the standby device and not letting them auto-sync is a good idea, so long as a device in passive mode doesn't update ARP. Anyone know if it does?

     

    • shaggy's avatar
      shaggy
      Icon for Nimbostratus rankNimbostratus
      Aug 13, 2014
      only the active device will update arp. standby will not update arp until it goes active
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Aug 13, 2014

    It will only ARP (gratuitous) ARP on failover.

     

    I wonder if another option is creating the virtual address first and that way u can disable arp at the point of setup and then create the virtual server? Not at my lab to test I'm afraid.

     

    N

     

  • mimlo_61970's avatar
    mimlo_61970
    Icon for Cumulonimbus rankCumulonimbus
    Aug 13, 2014

    I have assigned virtual servers to a dummy vlan(a vlan not attached to any interfaces that goes nowhere) on creation to make sure I don't have a duplicate ip/arp problem until I am ready for them.

     

    • chip_cunningham's avatar
      chip_cunningham
      Icon for Nimbostratus rankNimbostratus
      Aug 18, 2014
      Unfortunately we only have one VLAN, so this doesn't work for us...at least I don't think.
    • mimlo_61970's avatar
      mimlo_61970
      Icon for Cumulonimbus rankCumulonimbus
      Aug 18, 2014
      You can create a new vlan and don't assign it to any interfaces, just give it a name. Then you can assign the virtual server to that vlan and it won't impact traffic on the 'real' vlans. The above tmsh command(from shaggy) to disable arp at the time of creation is probably your best option though.