Forum Discussion

teemo123's avatar
teemo123
Icon for Nimbostratus rankNimbostratus
Mar 01, 2024

F5 is sending via correct IP with an incorrect MAC address

This has been a bummer and I've scoured the internet looking for answers and came up with nothing so here I am.

We have a standard VS with SNAT Automap enabled. We have the following self IP
xx:xx:xx:xx:5e:0b - ACTIVE local self IP x.x.x.59
xx:xx:xx:xx:62:16 - STANDBY local self IP x.x.x.62
xx:xx:xx:xx:7c:03 - Floating self IP x.x.x.60

Based on packet capture gathered, F5 is sending traffic to the nodes via the IP x.x.x.60 but it's source MAC address xx:xx:xx:xx:5e:0b. The reply of node is going to the IP x.x.x.60 but the destination MAC address is xx:xx:xx:xx:7c:03. This causes the IP x.x.x.60 with MAC of xx:xx:xx:xx:7c:03 to send a RST packet back to the node since it does not acknowledge that packet.

My question is why is the floating ip using the MAC address of the active F5?

3 Replies

  • Hi Michael, we have checked that MAC masquerade is not enabled so the Source IP and MAC is correct. However, when we checked the server's ARP table, we see that x.x.x.60 is associated with the MAC address xx:xx:xx:xx:7c:03 while x.x.x.59 is associated with xx:xx:xx:xx:5e:0b. This causes the server to reply to the correct IP with wrong MAC address. We are also certain that no health monitor traffic included in the capture. 

  • Is this a BIG-IP HA pair with MAC masquerade configured under the traffic group?

    If so, then you should see:

    SRC IP:  x.x.x.60 (Floating Self IP)
    SRC MAC: MAC Masquerade Address (use "list cm traffic-group mac" on the CLI to verify

    If you do *NOT* have MAC masquerade configured under the traffic group then you should see:

    SRC IP:  x.x.x.60 (Floating Self IP)
    SRC MAC: xx:xx:xx:xx:5e:0b (ACTIVE unit's MAC address)

    Also check that you are not mixing up health monitor traffic with user traffic in your packet capture. Health monitor traffic will be sent from both units periodically from their local non-floating self IPs and their own egress interface MAC addresses.