Forum Discussion
CirrusTwo LTM working in active/passive. Getting weird log on passive LTM
I am using only 2 vlans, 171 external and 169 internal. Vlan group is configured for these both vlans. Its been a year recently i am getting these logs on passive LTM continuously.
Mar 19 02:16:01 www notice tmm4[12647]: 01230114:5: port movement detected for 02:23:e9:87:b6:c3, vlan /Common/External_vlan_171 none to vlan /Common/External_vlan_171 none
Mar 19 02:16:01 www notice tmm4[12647]: 01230114:5: port movement detected for 02:23:e9:87:b6:c3, vlan /Common/Internal_vlan_169 none to vlan /Common/Internal_vlan_169 none
Both are connected directly through dedicated HA vlan but this mac is not of those ports. This mac address is of niether LTM Nor cisco switch interfaces. But in cisco switch arp mac-table this mac address was learned through the interface connected with active LTM. So Passive LTM through cisco switch is learning something from active LTM. What does this log means and is it serious?
Here is the mac of cisco switch
* 169 0223.e987.b6c3 dynamic 10 F F Eth1/28
7 Replies
Muhammad_Irfan1please anyone
StephanMantheyNacreous
Hi Muhammad,
F5 is using two vendor MAC ranges (legacy products on 00:01:d7 and current product generation on 00:23:e9).
Replacing the 2nd bit to be send, i.e. by changing the MAC address to start with "02" (with ethernet the least significant bit will be send first) as with 02:23:e9 indicates as self administered MAC address. VLAN group configurations are automatically using this type of MAC addresses.
The shown MAC address is an address hold on the active BIG-IP and learned by the Cisco switch.
Personally I´ve never been a fan of using VLAN groups as they are hard to troubleshoot, not used often in the field and it´s easy to run in loop issues.
If you do not notice high throughput spikes simultaneously to the log messages I won´t be concerned and would assume they are caused by G-ARPs or ARP replies sent by the active unit.
I just noticed your other post on this subject 4 month ago and recommend to open a support case.
Thanks, Stephan- nitass
Employee
have you configured vlan group proxy exclusion list and disabled bridge in standby option?
sol11812: Failure to specify non-floating self IP addresses in the VLAN group Proxy Exclusion List may cause misdirected monitor traffic
https://support.f5.com/kb/en-us/solutions/public/11000/800/sol11812.htmlsol8248: The Bridge in Standby option is enabled by default in a VLAN group
https://support.f5.com/kb/en-us/solutions/public/8000/200/sol8248- Muhammad_Irfan1Proxy exclusion is configured thanks you, you pointed me towards that few months back. But i will check bridge mode tomorrow and if it was enabled then i will disable it.
nitass_89166Noctilucent
have you configured vlan group proxy exclusion list and disabled bridge in standby option?
sol11812: Failure to specify non-floating self IP addresses in the VLAN group Proxy Exclusion List may cause misdirected monitor traffic
https://support.f5.com/kb/en-us/solutions/public/11000/800/sol11812.htmlsol8248: The Bridge in Standby option is enabled by default in a VLAN group
https://support.f5.com/kb/en-us/solutions/public/8000/200/sol8248- Muhammad_Irfan1Proxy exclusion is configured thanks you, you pointed me towards that few months back. But i will check bridge mode tomorrow and if it was enabled then i will disable it.
MartinVKonov_15Nimbostratus
Hi Muhammad,
Did you find the solution?
Thanks!
