When i capture the tcpdump i noticed, upstream network device sends virtual server IP's ARP request to F5 using F5's self interface MAC address instead of broadcast MAC FF:FF.. May i know how the upstream device aware to send the request to F5 interface MAC and how F5 responsd to that request? Is that using proxy ARP ?
Example: 231 2022-11-23 13:07:23.402506 Cisco_43:ae:43 VMware_83:3f:f4 ARP 84 IN s1/tmm0 : Who has 10.240.133.130? Tell 10.240.133.2 232 2022-11-23 13:07:23.402568 VMware_83:3f:f4 Cisco_43:ae:43 ARP 84 OUT s1/tmm0 : 10.240.133.130 is at 00:50:56:83:3f:f4
If F5 use to update its virtual server address MAC to neighbour device using GARP periodically, why cisco gateway is sending ARP request for F5 VIP address ? All i want to know is how this ARP request is answered by F5 selp interface?
GARP is used when an F5 device boots, becomes active or when the VIP is enabled.
Both ARP and MAC table entries have an aging timer. MAC and ARP entries have different aging timers.
So when this expires the upstream device will remove the ARP entry for example.
If new traffic is coming for a VIP IP it will need to know the MAC address so it will ask by broadcasting an ARP request. The F5 will reply VIP IP request with its MAC address from its interface.
But what am noticing in wireshark output is not a broadcast MAC. Its clearly sending the ARP to F5 interface MAC VMware_83:3f:f4, that is the poing it confusing me.
Example: 231 2022-11-23 13:07:23.402506 Cisco_43:ae:43 VMware_83:3f:f4 ARP 84 IN s1/tmm0 : Who has 10.240.133.130? Tell 10.240.133.2 232 2022-11-23 13:07:23.402568 VMware_83:3f:f4 Cisco_43:ae:43 ARP 84 OUT s1/tmm0 : 10.240.133.130 is at 00:50:56:83:3f:f4
