Forum Discussion
R2600 Enabling Multi-Interface Causes L2 Forwarding
Hello,
I’m currently working on an F5 deployment with the following architecture:
- Two F5 R2600 devices (active/standby).
- Two switches connected in a full mesh configuration.
- The switches do not support stacking, so LACP cannot be used.
Here’s the challenge I’m facing:
- On the F5 devices, a VLAN cannot be assigned to more than one interface by default. However, I found a KB article that outlines a way to configure it.
- When I followed the KB instructions, I managed to assign the VLAN to two interfaces, but the behavior became problematic. The two interfaces on the F5 devices started communicating with each other, effectively making the standby F5 act like a switch.
- This resulted in L2 forwarding between the two interfaces, which is not something I’ve experienced with physical F5 devices in non-VM environments.
I tested connecting the gateway only to Switch1 and then disabled the interface between the F5-Active and Switch1. However, the connection to the gateway was still functional. Upon investigation, I discovered that the standby F5 was forwarding the packets as follows: F5-Active to Switch2 to F5-Standby to Switch1.
KB Command:
config
system network config multi-interfaces-vlan enabled
Commit
mod sys db vlan.macassignment value unique (ON VM)
The outcome is undesirable because it causes unexpected packet forwarding on the standby F5, which disrupts the network. This issue does not occur with other physical F5 devices—it seems specific to the R series.
I’d like to know the best way to properly configure a full mesh architecture in this scenario.
How can I prevent the F5 from forwarding packets between two interfaces on the same VLAN?
- Is there a better approach?
Any insights or recommendations would be greatly appreciated.
Thank you!
To be honest in You Cannot Associate A Trunk VLAN to More Than One Interface on r2xxx/r4xxx Platfoms it is written that you could have a loop.
You should be aware of your Spanning Tree topology and make switch 1 the Bridge, also you can control the port priority on the rSeries ports under NETWORK SETTINGS > STP Configuration. Better review your STP environment as I mentioned.
- f51
Cirrocumulus
Configuring a full mesh architecture with F5 devices, particularly the R2600 series, can be challenging, especially when dealing with VLAN assignments and L2 forwarding. Your observations about the F5 devices behaving unexpectedly when VLANs are assigned to multiple interfaces are accurate, as this can lead to unintended Layer 2 (L2) forwarding loops and other issues.
Here’s an example of how you might configure the F5 devices and switches to avoid L2 forwarding issues:
- Switch Configuration:
- Configure trunk ports on the switches to carry multiple VLANs.
- Ensure that each VLAN is properly tagged and isolated.
interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 10,20,30
- F5 Configuration:
- Assign a single VLAN to each interface on the F5 devices.
- Use VLAN tagging if necessary to separate traffic.
config
net vlan VLAN10 {
interfaces add { 1.1 }
tag 10
}
net vlan VLAN20 {
interfaces add { 1.2 }
tag 20
}Floating IP Configuration:
- Configure floating IP addresses for the virtual servers and services.
tmsh create net self self_floating {
address 192.168.10.2/24
vlan VLAN10
traffic-group traffic-group-1
}By following these guidelines, you should be able to avoid the L2 forwarding issues you're experiencing with the R2600 series devices. Ensure that VLANs are correctly assigned and isolated, use VLAN tagging and trunking where applicable, and leverage floating IP addresses for HA configurations. If issues persist, consulting with F5 support for more specific guidance tailored to your deployment is highly recommended.
Here are some article related.
https://my.f5.com/manage/s/article/K000132544
https://my.f5.com/manage/s/article/K000133283
- Switch Configuration:
- VVV
Nimbostratus
It seems that the R series does not support a Full Mesh architecture without LACP. Thank you both for your expert feedback. For now, I will have to resolve this by modifying the topology. I appreciate everyone’s input—thank you!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com