Forum Discussion
Jason_Keating
Altostratus
AltostratusHA failover and ARP confusion
Hi, I am having some trouble with a HA failover scenario and suspect it's the switch (but can see no evidence of this) however the problem presents itself as stale ARP entries so thought I w...
nitass
Employee
Employeeas i tested, there was no garp on internal vlan (no selfip). however, with mac masquerading, client in internal vlan was able to connect to virtual server after failing over.
without mac masquerading, arp was not changed since garp was not sent out on internal vlan. so, client in internal vlan cannot connect to virtual server after failing over.
bigip01:
[root@bigip01:Active] config b version|grep -iA 2 version
BIG-IP Version 10.2.0 1755.1
Hotfix HF1 Edition
vlan external {
tag 4093
interfaces 1.1
}
vlan internal {
tag 4094
mac masq 02:01:D7:1E:C3:43
interfaces 1.3
}
self 172.28.17.50 {
netmask 255.255.255.0
vlan external
allow all
}
self 172.28.17.99 {
netmask 255.255.255.0
unit 1
floating enable
vlan external
allow all
}
virtual bar {
snat automap
pool foo
destination 10.10.70.100:http
ip protocol tcp
}
bigip02:
[root@bigip02:Standby] config b version|grep -iA 2 version
BIG-IP Version 10.2.0 1755.1
Hotfix HF1 Edition
vlan external {
tag 4093
interfaces 1.1
}
vlan internal {
tag 4094
mac masq 02:01:D7:1E:C3:43
interfaces 1.3
}
self 172.28.17.10 {
netmask 255.255.255.0
vlan external
allow all
}
self 172.28.17.99 {
netmask 255.255.255.0
unit 1
floating enable
vlan external
allow all
}
virtual bar {
snat automap
pool foo
destination 10.10.70.100:http
ip protocol tcp
}
bigip01:
[root@bigip01:Active] config b fo standby
bigip02:
[root@bigip02:Standby] config tcpdump -e -nni 0.0 'arp[14:4] = arp[24:4]'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
03:57:02.596939 00:01:d7:1e:c3:44 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 4093, p 0, ethertype ARP, arp who-has 172.28.17.99 (ff:ff:ff:ff:ff:ff) tell 172.28.17.99
03:57:03.596976 00:01:d7:1e:c3:44 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 4093, p 0, ethertype ARP, arp who-has 172.28.17.99 (ff:ff:ff:ff:ff:ff) tell 172.28.17.99
03:57:04.596594 00:01:d7:1e:c3:44 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 4093, p 0, ethertype ARP, arp who-has 172.28.17.99 (ff:ff:ff:ff:ff:ff) tell 172.28.17.99
03:57:05.596643 00:01:d7:1e:c3:44 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 4093, p 0, ethertype ARP, arp who-has 172.28.17.99 (ff:ff:ff:ff:ff:ff) tell 172.28.17.99
03:57:06.596685 00:01:d7:1e:c3:44 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 4093, p 0, ethertype ARP, arp who-has 172.28.17.99 (ff:ff:ff:ff:ff:ff) tell 172.28.17.99
client in internal vlan:
[root@web1 ~] arp -a|grep 10.10.70.100
? (10.10.70.100) at 02:01:D7:1E:C3:43 [ether] on eth0
