Forum Discussion

Cirrostratus

Apr 18, 2023

Rebooting HA pair

Is a outage expected when a HA failover happens? trying to figure out what would cause a outage in a HA pair, when configured is INSYNC and the process followed is F5A(Active) and F5B(Standby) ...

application delivery

G-Rob
Apr 21, 2023
MAC Masquerade means that all of the self IP addresses on the F5 unit will share a single MAC address, instead of having a unique MAC per VLAN. That greatly speeds up the MAC learning process on the upstream device as it only needs to learn a single MAC for the entire appliance to move within the CAM table.

However, the MAC does change during a failover and the F5 will send out Gratuitous ARPs (GARPs) that notify adjacent devices to the L2 change. You can tune how fast the GARP flood starts and continues using database variables.

For TCP connections, connection mirroring is required for seamless failover. This is how the standby device will know about established connections in order to continue those flows during a failover event. ICMP and UDP traffic will create a new flow upon the first packet, so you should not see interruption for the stateless protocols. Thus for true HA failover, enable connection mirroring. The "system degradation" isn't really a factor but use a dedicated interface for HA (config sync and mirroring) to keep that overhead away from your data interfaces if you're concerned.

InquisitiveMai

Cirrostratus

Thank you mihaic and CA_Valli , Are there any limitations for MAC Masquerade? I see that connection mirroring causes system degradation...So MAC Masquerade is the preferred one?

From the client side, windows or linux...what would be best for them to change for smooth failover event? or is it preferred to make the changes on the F5

G-Rob

Employee

Apr 21, 2023

MAC Masquerade means that all of the self IP addresses on the F5 unit will share a single MAC address, instead of having a unique MAC per VLAN. That greatly speeds up the MAC learning process on the upstream device as it only needs to learn a single MAC for the entire appliance to move within the CAM table.

However, the MAC does change during a failover and the F5 will send out Gratuitous ARPs (GARPs) that notify adjacent devices to the L2 change. You can tune how fast the GARP flood starts and continues using database variables.

For TCP connections, connection mirroring is required for seamless failover. This is how the standby device will know about established connections in order to continue those flows during a failover event. ICMP and UDP traffic will create a new flow upon the first packet, so you should not see interruption for the stateless protocols. Thus for true HA failover, enable connection mirroring. The "system degradation" isn't really a factor but use a dedicated interface for HA (config sync and mirroring) to keep that overhead away from your data interfaces if you're concerned.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Rebooting HA pair

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 LTM HA pair upgrade Automation using Python

Create a BIG-IP HA Pair in Azure

LTM HA Pair SSL Certs

Add LTM to existing HA pair

Changing Management-ip in an HA pair setup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS