Forum Discussion

Ron_Peters_2122's avatar
Ron_Peters_2122
Icon for Altostratus rankAltostratus
Sep 15, 2016

ARP/MAC Tables Not Updating on Core Switches After F5 LTM Failover (GARP Issue?)

We have two F5 LTM 5250v appliances configured with 2 vCMP instances each in an HA pair (Active/Standby). Each F5 5250v has a 10G uplink to two core switches (Cisco Nexus 7010) configured as an LACP ...
application delivery
arp
fail over
gratuitous arp
LTM
Ron_Peters_2122's avatar
Ron_Peters_2122
Icon for Altostratus rankAltostratus
Sep 21, 2016

We are running Version 11.5.3 HF2.

 

We have not heard anything definitive back from support yet. They e-mailed me and linked me the following SOL article: SOL11880: BIG-IP objects may not send gratuitous ARP requests during failover https://support.f5.com/kb/en-us/solutions/public/11000/800/sol11880.html

 

However, we do not feel this applied. We have multiple partitions on each vCMP instance. Each partition has only one default route-domain. Each partition has multiple VLANs allocated to it. Every VLAN has 2 Self-IPs and 1 Floating IP address. All virtual-servers share the same subnet as their designated VLAN/floating-IP. We are utilizing Auto-Map for all virtual-servers instead of using SNAT pools. We are also utilizing Auto-Last Hop so return traffic passes through the original source VLAN instead of using the single default route we have tied to the single route-domain.

 

Note, the F5s are not utilized as the default gateway by the nodes. They only send return traffic through the F5s for traffic entering through the virtual-server. Each VLAN has an SVI on both upstream Nexus switches and we are utilizing HSRP with a virtual-address. The HSRP virtual-address is used as the default gateway by the nodes.

 

We have another maintenance window scheduled for this Wednesday evening to perform another manual failover on our DEVQA vCMP instance where I will be setting up a tcpdump on the unit that will become Active to capture all ARP traffic. This is to verify whether the unit is sending GARPs after failover or not. We were also linked the following SOL article from support but we have monitored the switch and checked the logs/statistics and have confirmed the switches are not dropping any ARP traffic: SOL7332: Gratuitous ARPs may be lost after a BIG-IP failover event https://support.f5.com/kb/en-us/solutions/public/7000/300/sol7332.html

 

We have verified each of these points and have confirmed that the upstream 7Ks are not dropping any ARP traffic. The ARP timeout is set to the default aging period, which on this platform is 25min.

 

I will respond again after we conclude the failover test tomorrow night.

 

Thank you for the responses thus far.