Forum Discussion
Self and Floating IP mac-address conflict
Hi, I am trying to troubleshoot one of the server behind F5 VIP. I disabled the 2 servers out of 3, to isolate the issue. The LTM is in active/standby configuration. There is self and floating ip configured on it. Somehow F5 is not able to send packets to the end server. When i did the tcpdump on self ip and floating IP, I see health check IPs are flowing through both IPs. As far as I know, I think only self IP should be used to communicate with the end server. Then I ran run a tcpdump including the layer 2 information to check for ARPs in my network:
tcpdump -nnni -e -c 100 'arp and host '
And I see that self and floating IP having the same mac-address.
Not sure if this the issue on F5 or how can i approach to resolve this issue.
Hi Frank,
unless you've configured a "Masquarade MAC" on your Traffic-Group, the Self-IP and the Floating-IP will use identical MAC addresses. During a failover event, the MAC of the Floating-IP will change to the MAC address of the the Self-IP of your standby unit via gARP.
K13502: Configuring MAC masquerade (11.x - 12.x)
https://support.f5.com/csp/article/K13502
K14513: MAC address assignment for interfaces, trunks, and VLANs (11.x - 12.x)
https://support.f5.com/csp/article/K14513
In a cluster environment the Self-IP will be used for e.g. Monitoring traffic and the Floating-IP or other virtual addresses will be used to access your configuration objects (e.g. L3 Forwardings, L4-7 Virtual Servers, SNAT IPs / Pools, etc.)
So nothing unusual at this time...
Cheers, Kai
- MacaronNimbostratus
Thanks Kai, for clarifying the same MAC address concept for both self and floating IP addresses. I thought the issue is because of that, but I made it to work by adjusting the Maximum segment size value. Apparently, the client packet size has an overhead due to which the connection was getting reset and after the MSS is adjusted to 1300, application started to work as expected.
Thanks
Good to hear you've solved your problem. MSS related problems are sometimes very hard to analyse... ;-)
Cheers, Kai
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com