Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 VS Conflict with citrix configuration through our migration.

Ireda
Cirrus
Cirrus

‎09-Jul-2023 03:41

Dears,

We migrate from Citrix to F5 VM. we copied all configurations from Citrix to F5 VM and all F5 VS were disabled.

Just as we connected the NIC of F5 VM, all service become down although we disabled VS of F5 VM.

when we disconnected the NIC of the F5 VM, all service become up.

Why? Is this a Conflict with Citrix configuration?

Labels:
0 Kudos
7 REPLIES 7

Daniel_Wolf
MVP
MVP

‎09-Jul-2023 07:25

Hi @Ireda,

disabled virtual servers still advertise through ARP and answer ICMP requests. Thatswhy you might have an IP adress conflict. However you can control this behaviour. See K16885: Controlling the BIG-IP ARP and ICMP echo response behavior for a virtual address.
Via tmsh you can disable arp and icmp-echo for all virtual server with a few commands.

KR
Daniel

Ireda
Cirrus
Cirrus
In response to Daniel_Wolf

‎09-Jul-2023 23:29

Thanks Danial, I will try this

0 Kudos

whisperer
Cumulonimbus
Cumulonimbus

‎09-Jul-2023 18:06

Yup, as stated earlier... VIP will still respond to ARP and you may need to clear cache. I presume you are migrating a few VIPs at one time and not a single "big bang" migration. I would selectively disable ARP on all VIPs and then bring up as you migrate.

Also, how are you handling the network routes? Did you create new Self IP addresses for the network, or are you using the same IP addresses for the network as on Citrix? If you are migrating a few at a time and need both networks up to both Citrix and F5, you may have issues. You will eventually need to move a route to the F5 self IPs. However, if you are only moving a few VIPs at a time, you may need to temporarily put in more specific /32 routes for the VIPs individually as you move services from VIP on Citrix to VIP on F5.

Some more considerations 😉

 

Ireda
Cirrus
Cirrus
In response to whisperer

‎09-Jul-2023 23:47

Hello@whisperer, thank you so much for your reply.

Yes, I am migrating a few at a time and need both networks up to both Citrix and F5. I used new IPs for the self and floating but from the same subnet of citrix, Ex: citrix self IP 10.10.20.2, F5 self IP: 10.10.20.5.

Also I added specific routes /32 for backend server on F5. Regarding FW policy I allow connection from outside to "VIP /32".

But I did not disable ARP or ICMP. if I need both networks up to both Citrix and F5 to test F5 before the migration, Can I disable ARP and ICMP for spesific VIP not for all?

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
0 Kudos

Daniel_Wolf
MVP
MVP
In response to Ireda

‎10-Jul-2023 07:38

Hi @Ireda

@Ireda wrote: Can I disable ARP and ICMP for spesific VIP not for all?

Yes, that is described in the link I shared with you. 

KR
Daniel
 

LiefZimmerman
Community Manager
Community Manager

‎14-Jul-2023 07:52

@Ireda,
If your post was solved please choose Accept As Solution on one (or more) replies.

This helps other members find answers more quickly and confirms the efforts of those who helped.
Thanks for being part of our community.
Lief

0 Kudos

Ireda
Cirrus
Cirrus

‎15-Jul-2023 23:17

Hello @LiefZimmerman 

I am waiting for a window of downtime to test this solution, and I will repost the update here when I finished.

Thanks for your support.

Copyright © 2023 Khoros, LLC