Forum Discussion
NimbostratusMigrated from various hardware > 10200v and changed VLAN
We migrated from 8900/6900's to 10200V instances over the weekend and also changed from the basic untagged internal VLAN to a tagged vlan. This is on version 11.4.1 HF2 - I ran a iHealth file and found that with the new VLAN being tagged we have the following issue during failover:
BIG-IP objects configured on a different subnet than the self IP address do not send gratuitous ARP requests on failover: sol11880
Question is - if I add a Self-IP per subnet, do I have to do this off-hours? Or will it not cause an issue doing it in the middle of the day? Everything is working fine right now, but I want to be prepared properly for the failover and adding a self-ip per subnet is no problem for our envrionment (vs mac masquerading).
Also - should it be a floating IP or static per box?
1 Reply
Steve_M__153836Best practice, assuming a single traffic group, would be one self IP per VLAN per ltm instance (if two instances in HA pair, one self IP for each per VLAN) and one floating IP per HA setup per VLAN. So if you have 3 devices, in actice-active-standby for example, you would have 4 IPs used; 3 self IPs and one floating IP, again per VLAN.
As for when you add them. I would definitely do this after hours. I'm not 100% certain, but I think if you add the self/floating IPs on a VLAN that has nodes then the F5 would starting sending traffic via that floating IP so application traffic would go to your servers from a different IP. If you are dealing with firewalls in between the F5 and the client/destination you'll also need to make sure that the firewall rules are updated. Hope this helps.
