LTM HA - network or hardware failover?

I use both VLAN Failsave and hardware failover. It is normal to assign both units a shared IP address - the Active unit is responsible for responding with the shared address. Even after a failover, there is always an Active unit so the shared address should be responding (unless something really unusual happened). You designate an IP address as "shared" by selecting the "Floating IP" checkbox (in 10.2.0, at least). Yes, unfortunately you have to create this shared address on both units. But once it's set up, both units can respond to it (though as I mentioned, only the Active unit will).

 

 

In addition to creating a floating IP address, I also assign a floating MAC address - referred to as a "Masquerade MAC". It works the same way as a floating IP - only the Active unit responds to it. The benefit is that when there is a failover event, the router does not need to update it's ARP table - which has been problematic several times for me. Assigning a Masquerade MAC has resolved that, and it makes sense intuitively - just like a floating IP does.