Forum Discussion
Ron_Peters_2122
Altostratus
AltostratusARP/MAC Tables Not Updating on Core Switches After F5 LTM Failover (GARP Issue?)
We have two F5 LTM 5250v appliances configured with 2 vCMP instances each in an HA pair (Active/Standby). Each F5 5250v has a 10G uplink to two core switches (Cisco Nexus 7010) configured as an LACP ...
Ron_Peters_2122Altostratus
AltostratusWe have finally resolved this issue and as promised I said I would comment on what the issue was. We confirmed 100% with a tcpdump on the F5s that they were sending Gratuitous ARPs out its 10G interfaces for all virtual-addresses after a failover event.
We opened a TAC case with Cisco and found that there is a hardware rate-limiter in place on the particular F1 card (very old card) that these F5's were terminating into. The rate-limit for class rl-4, which ARP was assigned to was set to 100 packets-per-second. This is way too low to support the amount of ARP traffic the F5 generates and we had millions of ARP drops on this particular card.
We analyzed the pcap file and found the rate at which the F5 transmitted these GARPs and adjusted the rate-limit on the rl-4 class to 3000 packets per second. We performed failover tests and the MAC addresses on both 7Ks updated immediately for all virtual-addresses.
Thanks for all the input you guys provided.
portoalegre
Nimbostratus
NimbostratusMy problem is finally fixed! I increased IP GLEAN from 100 to 5000 on each Cisco 7700 Switch, I manually forced the Primary LTM into Standby, the new promoted LTM sent out 2000 gratuitous APP's out and this time this burst of ARP's are now seen across OTV on the other Aggregation Nexus 7700 Switches, so all Virtual Servers have one F5 LTM MAC addresses. This command has forced my failover to work, so the problem was that IP GLEAN has a limit by default on how many PPS it can send (default 100 which isn't a lot IMO) NB: once you configured IP GLEAN on 7700's the propagates IP GLEAN config to OTV, AGG VDC's etc.