Self and Floating IP mac-address conflict

Question

Hi, 
     I am trying to troubleshoot one of the server behind F5 VIP. I disabled the 2 servers out of 3, to isolate the issue. The LTM is in active/standby configuration. There is self and floating ip configured on it.  Somehow F5 is not able to send packets to the end server. When i did the tcpdump on self ip and floating IP, I see health check IPs are flowing through both IPs. As far as I know, I think only self IP should be used to communicate with the end server. Then I ran run a tcpdump including the layer 2 information to check for ARPs in my network:&nbsp;
tcpdump -nnni  -e -c 100 'arp and host '&nbsp;
And I see that self and floating IP having the same mac-address. &nbsp;
Not sure if this the issue on F5 or how can i approach to resolve this issue.&nbsp;

kai_wilke · Answer

Hi Frank,&nbsp;
unless you've configured a "Masquarade MAC" on your Traffic-Group, the Self-IP and the Floating-IP will use identical MAC addresses. During a failover event, the MAC of the Floating-IP will change to the MAC address of the the Self-IP of your standby unit via gARP.&nbsp;
K13502: Configuring MAC masquerade (11.x - 12.x)&nbsp;
https://support.f5.com/csp/article/K13502&nbsp;
K14513: MAC address assignment for interfaces, trunks, and VLANs (11.x - 12.x)&nbsp;
https://support.f5.com/csp/article/K14513&nbsp;
In a cluster environment the Self-IP will be used for e.g. Monitoring traffic and the Floating-IP or other virtual addresses will be used to access your configuration objects (e.g. L3 Forwardings, L4-7 Virtual Servers, SNAT IPs / Pools, etc.) &nbsp;
So nothing unusual at this time...&nbsp;
Cheers, Kai&nbsp;

macaron · Answer

Thanks Kai, for clarifying the same MAC address concept for both self and floating IP addresses. I thought the issue is because of that, but I made it to work by adjusting the Maximum segment size value. Apparently, the client packet size has an overhead due to which the connection was getting reset and after the MSS is adjusted to 1300, application started to work as expected. &nbsp;
Thanks &nbsp;

kai_wilke · Answer

Good to hear you've solved your problem. MSS related problems are sometimes very hard to analyse... ;-)&nbsp;
Cheers, Kai&nbsp;

Forum Discussion

Self and Floating IP mac-address conflict

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

MAC address assignment in F5

When using F5 Distributed Cloud Platform, never deal with Site to Site IP conflicts again!

Test access sourcing from float

a conflict HA virtual Mac address in the different HA cluster use the same group id.

MAC address of Floating IP address /Self IP address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS