cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Same IP Shared between multiple GTM LIsteners

Jim_Araujo
Nimbostratus
Nimbostratus

Hi All, I hope this is a simple anwser because I don't believe this is setup correctly. We have two i2800 F5s running DNS and LTM feature sets. LTM portion works as expected with device-group and traffic-group, etc. The issue I believe is on the DNS (GTM) feature set. I've only ever seen this installed in a standalone fashion with two different IPs configured on each GTM respectively. The current setup I am working has two GTM listeners with the same IP running on two different boxes within the same VLAN... I've set this up in a lab setting to mimic it with some VEs and the behavior I see is as soon as the active unit reboots the ARP sticks on the local switch and connectivity is loss. So HA isn't working and I believe it is because this is architecture incorrectly using the same IP on both GTM units as their listeners. From some research I don't see a way to have a "floating" address shared between the two units. From what I can tell these units need different IPs for the listeners and HA would be handled up stream via DNS hierarchy?

 

Tech notes:

 

F5#1:

selfIP x.x.x.211

listeners x.x.x.15

 

F5#2

selfIP x.x.x.212

listerner x.x.x.15

2 REPLIES 2

PeteWhite
F5 Employee
F5 Employee

You can have a DNS listener which is a floating IP address in the LTM sense, to provide HA failover of the listener. Or you can have standalone DNS listeners which are different IP addresses ( and the client will failover between them ), or you can have DNS Anycast where the DNS listener is the same and is redistributed into routing via different VLANs. Then use routing to push clients to the correct listener.

 

Seems like you may be having issues with the HA functionality - maybe look at MAC masquerading.

As Pete already mentioned, it is definitely HA configuration issue, If you have not configured MAC Masquerade feature, in L2 requests coming from BIG IP devices, source MAC is always active member's MAC address. So when failover occurs, some switches couldn't clear there ARP caches quickly enough and hence there continue to give away the same MAC in ARP responses. So you have to configure masquerading, this will create virtual MAC for your listener IP which will float with it after failover.

 

Here is how to configure this feature: https://support.f5.com/csp/article/K13502

And this is very helpful article by f5 about how to choose unique MAC: https://support.f5.com/csp/article/K3523

 

Hope that helps.

// GIorgi