TCP connctions and failover MAC addresses

All,

I am not sure if there is an iRule which can help solve this problem.

However you guys know a lot about how the BIG IPs (and networks in general) work so hopefully you can help.

We are using Solaris multipath for link redundancy. So we have 2 physical links between our web server via the BIG IP LTM to a SQL box.

Solaris multipath should allow link failure to be transparent. However after a link failure from the primary link (BGE1 on the Solaris web server box) to the secondary link (BGE3 on the Solaris web server box) we are seeing traffic returning from the BIG-IP LTM addressed to the MAC address of the PRIMARY link on the Solaris box.

We have verified that the ARP cache on the BIG-IP IS getting updated after the link failure. And new connections work fine after the link failure. However already open TCP connections do NOT seem to get redirected to the updated MAC address.

The sequence of events is:

a) Traffic flows OK from web server IP 192.168.202.14 (BGE1 primary with MAC A) to SQL box

b) Dynamic ARP cache on BIGIP shows mapping from 192.168.202.14 to MAC A

c) We pull cable to simulate link failure

d) Gratutious ARP from Solaris box informs network of change of MAC for 192.168.202.14 to MAC B.

e) Dynamic ARP cache on BIGIP immeadiately shows mapping 192.168.202.14 to MAC B

f) Traffic keeps flowing out of web server on IP 192.168.202.14 but source MAC is now MAC B (traffic is flowing out of the seconary interface, BGE3) to SQL box.

g) Responses from SQL box back to the web server box addressed to MAC address A and so are undeliverable to the application.

So my questions are:

1) Has anyone else seen this behaviour?

2) Does anyone know if the ARP cache is used for existing connections? Our observed behaviour seems to be that once a TCP connection is open the IP to MAC address mapping is fixed for the life of that connection.

3) Can an iRule be written to get around this problem?

If I need to clarify any of the above please let me know.

Forum Discussion

TCP connctions and failover MAC addresses

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

ASM Export JSON - size Limit ?

SNI Sites not taking correct certificate.

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

F5 LTM listening on 3306

Related Content

Configuring AWS HA Failover Across AZs Without EIPs Using F5 Cloud Failover Extension (CFE)

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS

Using Distributed Cloud DNS Load Balancer with Geo-Proximity and failover scenarios

Why it does not switching secondary ip address on azure when failover???

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS