For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

werner_v_113449's avatar
werner_v_113449
Icon for Nimbostratus rankNimbostratus
Mar 18, 2015

virtual server sending arp

Hello ,

 

we are working with a LTM cluster in version 11.4.1 .There are several virtual servers defined on this unit .

 

Both unit are working in v11.4.1 & we are using traffic groups.Within traffic groups we define "virtual" mac-addressess which are used by the associated virtual servers.

 

Example : Virtual server 10.12.14.71 on port 9000 , pointing to servers (10.12.142.20, etc ...). Virtual server is defined with Snat - automap (so source IP is NATted to IP of loadbalancer)

 

This setup is working correctly. But when doing a tcpdump on vlan where this virtual server is residing , i see arp request for this virtuall address coming from same virtual address?

 

11:41:29.010126 arp who-has 10.12.14.72 (ff:ff:ff:ff:ff:ff) tell 10.12.14.72 f5 type 255 len 255

 

Can anybodyy explain this behaviour ? it looks like loadbalancer is sending out arp request on front vlan & that these arp's are coming from same virtual address.Everything seems to work correctly but this is generating a lot of useless traffic.

 

greetins werner

 

4 Replies

  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    Mar 18, 2015

    Hi,

     

    Those are Gratuitous ARP requests that are used by LTM to advertise IP to MAC relation changes to other devices on the interface. For sure those are send when there is failover but if I can recall as well when new VIP is created, VS is disabled and enabled etc. I was trying to find some definitive SOL with exact specification when gARP is send but failed.

     

    Piotr

     

  • werner_v_113449's avatar
    werner_v_113449
    Icon for Nimbostratus rankNimbostratus
    Mar 23, 2015

    Thanks for the answer. (Sorry that i didn't react earlier but i had a couple of days off.) Seems indeed to be gratuitous ARP . But what i don't understand is that we have this behaviour continiously (about every second , these arp messages re-appaer). Even when no other traffic is arriving for this virtual server.

     

    There is no failover happening , and we are not making any changes to any setup . It's happening about once per second for all virtual servers we have (more than 300) . When reading the article mentioned above , i can understand that it happens from time to time . But you should also have period without seeing these arp-messages.

     

    seen the nr of virtual servers we have on this ltm unit , i'm trying to look for a way to limit these arp requests.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 23, 2015

    There is no failover happening , and we are not making any changes to any setup . It's happening about once per second for all virtual servers we have (more than 300) .

     

    it is not normal to have garp every second with no change. i think it may be a good time to open a support case.