Forum Discussion

Peter_Baumann's avatar
Peter_Baumann
Icon for Cirrostratus rankCirrostratus
Mar 12, 2013

VLAN Groups Config does not work anymore with v11.3

Hi all,

 

 

I have the following config on a v11.2.1 VE Installation:

 

 

bigip.conf:

 

===========

 

ltm virtual /Common/vs_priv_svc.domain.com {

 

description "Ext IPv4: 1.2.3.4"

 

destination /Common/172.24.0.205:80

 

ip-protocol tcp

 

mask 255.255.255.255

 

pool /Common/pool_svc.domain.com

 

profiles {

 

/Common/http_svc.domain.com { }

 

/Common/oneconnect { }

 

/Common/optimized-caching { }

 

/Common/tcp { }

 

/Common/wan-optimized-compression { }

 

}

 

source 0.0.0.0/0

 

translate-address enabled

 

translate-port enabled

 

vlans {

 

/Common/MONITOR1

 

}

 

vlans-enabled

 

}

 

 

ltm pool /Common/pool_svc.domain.com {

 

members {

 

/Common/svc.domain.com:80 {

 

address 172.24.0.105

 

}

 

}

 

monitor min 1 of { /Common/inband_svc.domain.com /Common/gateway_icmp }

 

}

 

 

bigip_base.conf:

 

================

 

net vlan-group /Common/MONITOR_GROUP {

 

auto-lasthop enabled

 

description "VLAN MONITOR1, MONITOR12"

 

members {

 

/Common/MONITOR1

 

/Common/MONITOR12

 

}

 

}

 

 

This is a VLAN Groups L2 Config were the traffic is arriving on 172.24.0.205 and then

 

sent to pool member 172.24.0.105.

 

 

This config works with v11.2.1.

 

 

Since I'm upgraded to v11.3 the config does not work anymore. I can get it wo work when

 

I'm activating SNAT in the Virtual Server above but I want to get the source ip in the server logs.

 

Transparency Mode is set to Translucent, I also tried Opaque, Transparent without success.

 

 

Is there a problem with Proxy ARP in the new v11.3 HF3?

 

 

Many thanks for a reply!

 

 

Best regards,

 

Peter

 

config
design

1 Reply

  • Peter_Baumann's avatar
    Peter_Baumann
    Icon for Cirrostratus rankCirrostratus
    May 08, 2013

    Hi all,

     

     

    Answering my own question, I was hitting a bug of v11.3...

     

     

    I could use my "old" v11.2 config and upgrade it to v11.3. Apparently the VLAN Group Feature seems not to work anymore as described above.

     

    Well, after a longer troubleshooting session I have seen very strange behavior with tcpdump traces which lead me to the following bug:

     

     

    http://support.f5.com/kb/en-us/prod..._ki_ltm-ve

     

    -> ID 366403

     

    "After modifying the BIG-IP system configuration by adding or removing Network Interfaces,

     

    the interface numbering might appear out of order and NICs may appear that are no longer present"

     

     

    In my config it happened that exactly the two Interfaces for the VLAN Group were vice versa configured!

     

    As a result the VLAN Group or Layer 2 Config was not working anymore as expected!

     

     

    So the solution was first to check the MAC Addresses of the interfaces and give the right order of the Virtual Machine again in vSphere.

     

    Then the VLAN Group Config was working again!

     

     

    This problem was a big "time eater" for me but it is solved now.

     

     

    So when you're using BigIP v11.3 in a Virtual Machine keep in mind that you

     

     

    CHECK THE ORDER OF YOUR INTERFACES ACCORDING TO THE MAC ADDRESSES !

     

     

     

    I hope I can help to prevent this error for other installations out there in the field.

     

     

    Peter