Forum Discussion
Ron_Peters_2122
Altostratus
AltostratusARP/MAC Tables Not Updating on Core Switches After F5 LTM Failover (GARP Issue?)
We have two F5 LTM 5250v appliances configured with 2 vCMP instances each in an HA pair (Active/Standby). Each F5 5250v has a 10G uplink to two core switches (Cisco Nexus 7010) configured as an LACP ...
Ron_Peters_2122Altostratus
AltostratusFrom everything I've been able to look at thus far, I see no indications that the 7Ks are dropping the ARP traffic. The only thing we have in place that would possibly filter ARP traffic is the control-plane policing (CoPP) policies we have in place on the Admin VDC. When I look at the statistics that are defined for ARP, there are no drops (see below). I'll be running the tcpdump on the Standby tonight before I failover our DEVQA vCMP instance and that will for sure tell me if the F5 is sending GARPs after I force the Active to Standby.
I had some concerns with MAC masquerading - I wasn't 100% we could do that without causing MAC confusion/flapping on the 7Ks. Since each F5 has 10G uplinks to each 7K in a port-channel / port-channel/vPC on the 7K side, it seemed to me like that could cause MAC flapping if the Standby also advertised its MACs for the virtual-servers while in Standby. It presently does this as I can see the different individual MACs for each VLAN on each port-channel interface.
I will also point out, that after I failover, I have a script I run via CLI to disable/reenable all virtual-servers/ARP and then re-enable them. I just paste it all in. When I do this, all MACs on the 7Ks refresh so I believe I'm replicating the GARP flooding but only as fast as the console commands are processed.
class-map copp-system-p-class-normal (match-any)
match access-group name copp-system-p-acl-mac-dot1x
match protocol arp
set cos 1
police cir 680 kbps bc 250 ms
conform action: transmit
violate action: drop
module 2:
conformed 3681791362 bytes,
5-min offered rate 207 bytes/sec
peak rate 12986775 bytes/sec at Thu Jan 14 22:24:13 2016
violated 0 bytes,
5-min violate rate 0 bytes/sec
peak rate 0 bytes/sec
module 9:
conformed 250641810380 bytes,
5-min offered rate 19456 bytes/sec
peak rate 320515191 bytes/sec at Thu Jan 14 22:29:13 2016
violated 0 bytes,
5-min violate rate 0 bytes/sec
peak rate 710 bytes/sec at Thu Jan 14 22:29:13 2016
module 10:
conformed 88017602822 bytes,
5-min offered rate 6214 bytes/sec
peak rate 153161524 bytes/sec at Thu Jan 14 22:29:13 2016
violated 0 bytes,
5-min violate rate 0 bytes/sec
peak rate 0 bytes/sec