Forum Discussion
F5 is sending via correct IP with an incorrect MAC address
This has been a bummer and I've scoured the internet looking for answers and came up with nothing so here I am.
We have a standard VS with SNAT Automap enabled. We have the following self IP
xx:xx:xx:xx:5e:0b - ACTIVE local self IP x.x.x.59
xx:xx:xx:xx:62:16 - STANDBY local self IP x.x.x.62
xx:xx:xx:xx:7c:03 - Floating self IP x.x.x.60
Based on packet capture gathered, F5 is sending traffic to the nodes via the IP x.x.x.60 but it's source MAC address xx:xx:xx:xx:5e:0b. The reply of node is going to the IP x.x.x.60 but the destination MAC address is xx:xx:xx:xx:7c:03. This causes the IP x.x.x.60 with MAC of xx:xx:xx:xx:7c:03 to send a RST packet back to the node since it does not acknowledge that packet.
My question is why is the floating ip using the MAC address of the active F5?
Is this a BIG-IP HA pair with MAC masquerade configured under the traffic group?
If so, then you should see:
SRC IP: x.x.x.60 (Floating Self IP)
SRC MAC: MAC Masquerade Address (use "list cm traffic-group mac" on the CLI to verify
If you do *NOT* have MAC masquerade configured under the traffic group then you should see:SRC IP: x.x.x.60 (Floating Self IP)
SRC MAC: xx:xx:xx:xx:5e:0b (ACTIVE unit's MAC address)Also check that you are not mixing up health monitor traffic with user traffic in your packet capture. Health monitor traffic will be sent from both units periodically from their local non-floating self IPs and their own egress interface MAC addresses.
- teemo123Nimbostratus
Hi Michael, we have checked that MAC masquerade is not enabled so the Source IP and MAC is correct. However, when we checked the server's ARP table, we see that x.x.x.60 is associated with the MAC address xx:xx:xx:xx:7c:03 while x.x.x.59 is associated with xx:xx:xx:xx:5e:0b. This causes the server to reply to the correct IP with wrong MAC address. We are also certain that no health monitor traffic included in the capture.
- zamroni777Nacreous
i suggest you try to enable mac masquerade to overcome probable switch's slow handling of gratuitous ARP
https://my.f5.com/manage/s/article/K13502
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com