About ping from BIG-IP

Question

Hello,&nbsp;
I use BIG-IP's LTM on the intranet.
It is a question when I ping from BIG-IP.&nbsp;
Internet side ⇔ Firewall⇔ L3switch (2 units redundant with HSRP) ⇔ BIGIP (LTM) ⇔ Server&nbsp;
With the above configuration, I was pinging to confirm the normality when replacing the old L3SW with the new L3SW.&nbsp;
While continuing to ping (with routedomain) from BIGIP to FW (default gateway), we did the following:&nbsp;
① Delete VLAN of old L3SW (standby machine → active machine)&nbsp;
② Clear MAC address table with FW&nbsp;
③ Put VLAN in new L3SW (active machine → standby machine)&nbsp;
The movement of ping at this time was unexpected.&nbsp;
In ①, ping stops when VLAN of standby machine is deleted.&nbsp;
After executing ②, a number of "host unreachable" pings are returned from the firewall, and then "host unreachable" comes back from the external Self IP of BIG-IP.&nbsp;
③ After that, ping starts to fly normally.&nbsp;
If I thought ping started again when I put the VLAN in both machines. . .&nbsp;
Why does it behave like this?&nbsp;

hannes_rapp · Answer

Are you pinging from the Management interface or TMM/data interface? If from the Management interface, it's unlikely to be a BigIP problem. Nevertheless, as a first step, try to set a MAC masquerade address for your BigIP traffic-group. This is normally only needed for Active-Active BigIP clusters but it doesn't hurt with Active-Standby. A problem with Gratuitous ARP updates and old ARP caches is a possibility. You may need to perform a similar procedure with your L3 switches to make the failover event more reliable.
SOL article
Video explanation by J.Rahm

hannes_rapp_162 · Answer

Are you pinging from the Management interface or TMM/data interface? If from the Management interface, it's unlikely to be a BigIP problem. Nevertheless, as a first step, try to set a MAC masquerade address for your BigIP traffic-group. This is normally only needed for Active-Active BigIP clusters but it doesn't hurt with Active-Standby. A problem with Gratuitous ARP updates and old ARP caches is a possibility. You may need to perform a similar procedure with your L3 switches to make the failover event more reliable.
SOL article
Video explanation by J.Rahm

akiko_344053 · Answer

Thank you for the fast reply&nbsp;
Since the source address is not specified, I think that it is transmitting from the interface address of the same segment.&nbsp;
What  is "A problem with Gratuitous ARP updates and old ARP caches"?
Could you tell me more specifically?&nbsp;

akiko_344053 · Answer

Thank you for the fast reply&nbsp;
Since the source address is not specified, I think that it is transmitting from the interface address of the same segment.&nbsp;
What  is "A problem with Gratuitous ARP updates and old ARP caches"?
Could you tell me more specifically?&nbsp;

hannes_rapp_162 · Answer

If a new unit in a cluster comes active it must update all network participants, forcing them to update ARP cache tables immediately. A problem here is my main suspect since you said failovers were involved. In particular, it looks as if either Standby BigIP or Standby L3 Switch was assumed an owner of floating IP addresses by the network. Re-Adding a deleted VLAN to a Standby L3 switch would not restore connectivity otherwise.

Forum Discussion

About ping from BIG-IP

8 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

Quick Optimizations for F5 BIG-IP Virtual Edition

Getting Started with BIG-IP Next: Upgrading Central Manager

Deploying F5 BIG-IP with Azure Cross-region load balancer

Service discovery and registration with BIG-IP