Forum Discussion
F5 LTM VIP/STP Problem
Over the weekend, we removed foundry switches and replaced those with the Cisco 3560E’s. Since this change over we have had a few issues with no resolution to date. First, when we try to access the VIP for our webservers on the F5 LTM by HTTP/HTTPS it does not resolve. If we try to access the LTMs HTTPS web address, it does not resolve either. However, we can access all servers using their physical address with HTTP/HTTPS. What is really weird is that we can ping the VIP and LTM address. We do not currently have an access-list on any device denying this traffic. Also, when we removed a NIC from the team, we could resolve the VIP and LTM by HTTP/HTTPs. The second issue is that spanning-tree is blocking the redundant interfaces on our second switch. Not sure why this is happening if the LTM is in an Active/Standby state and it must be noted that we are using STP pass through.
Hopefully someone reading this has experienced this before or has an idea/suggestion for a resolution. We have opened a ticket with F5, but no resolution yet. We opened a case with Cisco TAC and they have reviewed the switch configuration and everything looks good.
- jfrizzell_43066NimbostratusHamish,
- jfrizzell_43066NimbostratusThe default method on the NIC teams is either TCP Connection or Destination MAC. I say this because neither of these options work, but according to the HP NIC Teaming document it states on page 52 "Although in the current product automatic mode is identical to TCP Connection mode."
- J_H__3680Nimbostratuswe're seeing a similar issue here. it's random and often traffic will flow one way but not the other and some virtual server ip's will be reachable but others will not. On the host the IP will have the correct MAC in the ARP table on the host but traffic will not pass. So far all but one have been corrected by changing the teaming type to NFT from automatic. I was chalking it up to extensive use of Route Domains on our end but it sounds like a larger issue?
- TechgeeegNimbostratusHi Jfrizzell,
- HDsup123_35917NimbostratusI would like to report the same issue's and add some of my information to this discussion.
- HDsup123_35917NimbostratusOpend up a support case @ f5.
- HamishCirrocumulusMmm.. Looking at the whole picture, that's probably fair. Much as I like bashing a vendor for not doing what I want, I'm not sure how F5 would support a feature from another vendor that was subject to arbitrary revision and change and can be implemented in so many different ways and called the same thing.
- stevehuffy_1335Nimbostratus
Found this thread useful, so posting our solution to it, not sure if there is some other way of doing it.
Our problem was HP blade servers configured with TLB teaming initiating connections to a VIP where the F5 and HP servers were on the same VLAN - sometimes it worked, sometimes it didn't. Packet capture showed F5 sending traffic back to source MAC in request, rather than the MAC in the ARP table.
Our solution: On the VIP, we set "Auto Last Hop" to "disabled", which fixed our problem on that VLAN. It actually broke connections coming in via another VLAN through a firewall, so we just configured another VIP on that VLAN. So ended up with 2 VIPs, with same IP, with different source vlans and different "auto last hop" settings.
- Amitabha_118500NimbostratusWe ran into this exact same issues months ago and running into it again now. We ended up disabling the fault tolerance on the server and didn't what was the root cause. stevehuffy 's comment explains it. Thanks A LOT. Namo Amituofo.....
- stevehuffyNimbostratus
Found this thread useful, so posting our solution to it, not sure if there is some other way of doing it.
Our problem was HP blade servers configured with TLB teaming initiating connections to a VIP where the F5 and HP servers were on the same VLAN - sometimes it worked, sometimes it didn't. Packet capture showed F5 sending traffic back to source MAC in request, rather than the MAC in the ARP table.
Our solution: On the VIP, we set "Auto Last Hop" to "disabled", which fixed our problem on that VLAN. It actually broke connections coming in via another VLAN through a firewall, so we just configured another VIP on that VLAN. So ended up with 2 VIPs, with same IP, with different source vlans and different "auto last hop" settings.
- Amitabha_118500NimbostratusWe ran into this exact same issues months ago and running into it again now. We ended up disabling the fault tolerance on the server and didn't what was the root cause. stevehuffy 's comment explains it. Thanks A LOT. Namo Amituofo.....
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com