Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

muruganyash's avatar
muruganyash
Icon for Nimbostratus rankNimbostratus
3 years ago

Gateway sends VIP ARP request to F5 using F5 interface MAC address instead of broadcast MAC FF:FF..

When i capture the tcpdump i noticed, upstream network device sends virtual server IP's ARP request to F5 using F5's self interface MAC address instead of broadcast MAC FF:FF.. May i know how the ups...
application delivery
muruganyash's avatar
muruganyash
Icon for Nimbostratus rankNimbostratus
3 years ago

If F5 use to update its virtual server address MAC to neighbour device using GARP periodically, why cisco gateway is sending ARP request for F5 VIP address ? All i want to know is how this ARP request is answered  by F5 selp interface?

mihaic's avatar
mihaic
Icon for MVP rankMVP
3 years ago

GARP is used when an F5 device boots,  becomes active or when the VIP is enabled.

Both ARP and MAC table entries have an aging timer. MAC and ARP entries have different aging timers.

So when this expires the upstream device will remove the ARP entry for example.

If new traffic is coming for a VIP IP it will need to know the MAC address so it will ask by broadcasting an ARP request. The F5 will reply  VIP IP  request with its MAC address from its interface.