For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Pranav1's avatar
Pranav1
Icon for Nimbostratus rankNimbostratus
Mar 15, 2020

Incomplete HWaddress in Dynamic ARP of BIGIP F5

Hi all,

 

I setup a F5 on VMware and i configured below settings:

  1. Management IP : 10.208.107.8/26 with Default Gateway : 10.208.107.1
  2. created Vlan 606 and Tag it with interface 1.1 and i cross checked the MAC address of VM network adapter with F5 interface (Both matched).
  3. created self IP and assigned Vlan 606 to it with IP 10.208.108.5/26.
  4. Routes: Destination 0/0 and Gateway: 10.208.108.2
  5. Added one server in (Local traffic -> Nodes) which is showing down (IP: 10.208.108.9) (Monitoring ICMP)

 

Note: whenever i remove Self-IP, the server comes UP.

 

The problem is i am unable to get ARP of Self-IP on my FW.

Unable to ping 10.208.108.9 Node from F5

 

Network - ARP - Dynamic ARP --- Here it is showing me 10.208.108.9 & 10.208.108.2 but in MAC address section it is showing "incomplete"

 

As i am not getting ARP, Self-IP and Nodes are not able to communicate.

 

What i suspect is the Media Speed of F5 interface is 10000 , auto

Interface configured on FW with vlan 606 has BW 1000 Mbps.

I tried to change F5 interface media speed to 1000 by using "modify net interface 1.1 media 1000T-FD", it given an error:

 

"invalid property vlaue "media":"1000T-FD" The requested media is invalid, valid settings are: 10000T-FD, auto. please see SOL14556 for details.

 

Question:

  1. Is the Mismatch of media speed is causing the ARP issue ?
  2. Have i missed some configuration which is causing this ?

 

Please suggest a solution as i need to get this resolved asap.

I can also show my settings on a ZOOM session, if someone is willing to help.

 

Thanks in Advance.

 

application delivery
BIG-IP
LTM

5 Replies

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Mar 15, 2020

    Is 10.208.108.2 your SVI or L3 as you are using it as gateway? Is it actually .2 or it is .1?

    please cross check same.

     

    Mayur

  • Pranav1's avatar
    Pranav1
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2020

    Sorry, it was a typo mistake, actually i configured 10208.108.1 as a gateway.

     

    fw01# sh ip

    System IP Addresses:

    Interface        Name          IP address   Subnet mask   Method 

    Ethernet0/0       outside        XXX.XXX.XXX.XX 255.255.255.240 CONFIG

    Ethernet0/1.601     inside-01       10.208.107.1  255.255.255.192 manual

    Ethernet0/1.604     inside-604       10.208.107.129 255.255.255.192 manual

    Ethernet0/1.605     inside-605       10.208.107.193 255.255.255.192 manual

    Ethernet0/1.606     inside-606       10.208.108.1  255.255.255.192 manual

  • Lidev's avatar
    Lidev
    Icon for Nacreous rankNacreous
    Mar 16, 2020

     

    Have you check if Packet Filters is disable on you F5 BIG-IP device ? (Network -> Packets filters) or are you using AFM module ?

    Regards

  • ebeng's avatar
    ebeng
    Icon for Nimbostratus rankNimbostratus
    Feb 07, 2021

     

    did you resolve it? I'm having exactly the same issue.

     

    When the SELF_IP of the F5 is in the SAME VLAN as the servers, it does not respond to anything. (even when the DG is the FW-interface in that VLAN)

     

    ofcourse when you delete the SELF_IP the traffic is now flowing through the mgmnt. (this should be even not possible from security-perspective)