mac masquerade
5 TopicsHow does MAC Masquerading work exactly?
Hi, I am trying to grasp how exactly MAC Masquerading works, and how it behaves differently during a failover. Situation without MAC Masquerading Every floating Self IP & virtual IP will have a gARP anouncement with the new MAC address issued on the device becoming active, making the switches now route to the new device. Issues can arise if network equipment cannot handle the amount of gARPs. Situation with MAC Masquerading Every floating Self IP in the cluster has the same MAC address. Not sure about the vIPs. During failover, the switches need not learn a new MAC address but just learn it's now available on a new switch. (in our case, L3 switches with OSPF) So how do vIPs fit in the mac masquerade story? And how do switches learn the vIPs/floating Self IPs are now on this port without gARPs? The DevCentral articles do not discuss this in great detail.3.1KViews0likes1CommentARP & Failover hassle: Self-IP in the vIP range or MAC Masquerading?
Hello, We recently had some issues regarding a failover where a part of the vips weren't ARP'd right. (These worked fine before) F5 Support mentioned having a self-ip in the vIP range or using MAC Masquerading on the traffic group would solve our problems. Now there are a few things I do not get; if a self-ip in the vIP range is required, how are we accessing our listeners right now? How is the bigip broadcasting the vIPs without a self-ip in the vIP range? Why would MAC masquerading work better? Our bigips are connected to L3 switches, if that may help. Thanks!281Views0likes1CommentMAC address masquerade configuration for multi-VLAN trunk interface
I've got a 2-device LTM cluster with a 2-port LACP-bundle trunk that has several VLANs on it, and I'm looking at deploying MAC masquerade. Currently, the LTM cluster does not have masquerade configured. I've been looking at https://support.f5.com/kb/en-us/solutions/public/13000/500/sol13502.html for configuration instructions. Do I only need to set a single virtual MAC, or do I need to specify a virtual MAC for each VLAN? If only one, will it iterate through virtual MACs for each VLAN like it does with the predefined MAC addresses? Or will it end up using the same MAC address for each VLAN? For example, currently, the (anonymized) MAC address for the eth0 interface is: eth0 Link encap:Ethernet HWaddr DE:AD:BE:EF:00:01 But each VLAN IP interface has a VLAN-specific MAC address that's the same as the base eth0 MAC address with a different last byte. I.e.: MYVLAN1 Link encap:Ethernet HWaddr DE:AD:BE:EF:00:07 MYVLAN2 Link encap:Ethernet HWaddr DE:AD:BE:EF:00:08 MYVLAN3 Link encap:Ethernet HWaddr DE:AD:BE:EF:00:09 MYVLAN4 Link encap:Ethernet HWaddr DE:AD:BE:EF:00:0A If I configure my LTM and go to Device Management->Traffic Groups->traffic-group-1 and enter 2B:AD:BE:EF:00:01 in the "MAC Masquerade Address" field, will my interface MAC addresses be like this? eth0 Link encap:Ethernet HWaddr 2B:AD:BE:EF:00:01 MYVLAN1 Link encap:Ethernet HWaddr 2B:AD:BE:EF:00:07 MYVLAN2 Link encap:Ethernet HWaddr 2B:AD:BE:EF:00:08 etc or will each VLAN have the same virtual MAC, like this: eth0 Link encap:Ethernet HWaddr 2B:AD:BE:EF:00:01 MYVLAN1 Link encap:Ethernet HWaddr 2B:AD:BE:EF:00:01 MYVLAN2 Link encap:Ethernet HWaddr 2B:AD:BE:EF:00:01 Thanks!358Views0likes1CommentMAC Masquerading for VIPs on VLANs on the same Layer2 Network
Hello Guys, we've got a customer with a grown and old network design which causes some headache and i am evaluating possible solutions. During a manually triggered failover for a hotfix installation some of the 180 VS didn't accept traffic. I guess the switch thought that the sudden amount of GARPs might be an attack and dropped some advertisements. After around 15min everything was working fine again. So to prevent something like this in the future i had the idea of using mac masquerading on the traffic group, but i am uncertain on the possible pro and cons. The BIG-IP has two vlans configured, internal and external. Each vlan is on a dedicated physical interface (1.1 and 1.3) and each is untagged, so basicly both vlans are on the same layer2 network. What will happens once mac masquerading would be enabled? From my understanding each IP associated with an VS, each floating self ip will have the same MAC address in the traffic group, which seems like an bad idea for me in the given scenario. I'd appreciate your input on this. Best regards David407Views0likes6Commentsmac masquerade expected behaviour with non floating self ip addresses.
I have implemented mac masquerade and all functions are working spot on. When testing from a pc in a vlan hanging off a tagged vlan on the F5 and pinging its non floating self IP address I get a mac address that points to a different interface on my F5. When checking this out on the switch port for the interface it confirms that the F5 gives back a mac address that is not the address that matches up on the F5 interface, but another interface mac address on the F5. For one of the interfaces it even dishes out at mac address for an interface that is down on the F5. I'm thinking this is just expected behaviour, but could trip one up if you were troubleshooting health checks (that come from the non floating self ip)??478Views0likes5Comments