Forum Discussion

Mubasher_Sultan's avatar
Mubasher_Sultan
Icon for Nimbostratus rankNimbostratus
Sep 09, 2013

F5-LTM - Connections are passing through Standby Device

Dear Folks,

 

I am doing a deployment of F5 LTM + Version ( BIG-IP 11.4.0 Build 2419.0 Hotfix HF3 ).

 

Things are working good... But, Connections are passing from Standby always? My infrastructure is Juniper based. Do i have to assign the static arp? I think gratituous arp is not working.

 

any comment or feedabck on this

 

Regards, Mubasher

 

7 Replies

  • where did you see traffic passing through standby unit e.g. tcpdump, statistics, etc?

     

  • I checked it from

     

    sh sys connection cs-server-addr 1.1.1.1 cs-server-port 443

     

    Also on statistics.....

     

  • Make sure your virtual addresses are assigned to traffic-group-1.

     

    In case your floating self IP, VIP, SNAT, NAT or whatever virtual address is assigned to traffic-group-local-only, I guess.

     

    I.e. for a virtual IP address associated with a virtual server it should look as follows:

     

    [root@bigip171:Active:Standalone] config tmsh list ltm virtual-address

     

    ltm virtual-address 10.131.131.109 {

     

    address 10.131.131.109

     

    mask 255.255.255.255

     

    traffic-group traffic-group-1

     

    }

     

    Lookup the virtual address settings in the tab associated with the virtual server settings or simply modify from CLI with:

     

    tmsh modify ltm virtual-address your_ip_address_here traffic-group traffic-group-local-1

     

    Dont forget to:

     

    tmsh save sys config

     

    tmsh run cm config-sync to-group device-group-failover (Perhaps you need to replace the device group name)

     

  • I checked it from

     

    sh sys connection cs-server-addr 1.1.1.1 cs-server-port 443

     

    Also on statistics.....

     

    are you using connection mirroring?

     

    can you run tcpdump on standby unit and check what packet's destination mac address is?

     

    • Shiraz_84431's avatar
      Shiraz_84431
      Icon for Nimbostratus rankNimbostratus

      Hi Nitass,

       

      I have same issue and when I checked using the tcpdump on standby unit, I see the destination MAC as the Active device MAC. and yes, the connection mirroring is enabled on all the virtual server.

       

      Is it normal behaviour to have the connections including the traffic itself on standby device when connection mirroring is enabled??

       

  • I checked it from

     

    sh sys connection cs-server-addr 1.1.1.1 cs-server-port 443

     

    Also on statistics.....

     

    are you using connection mirroring?

     

    can you run tcpdump on standby unit and check what packet's destination mac address is?

     

    • Shiraz_84431's avatar
      Shiraz_84431
      Icon for Nimbostratus rankNimbostratus

      Hi Nitass,

       

      I have same issue and when I checked using the tcpdump on standby unit, I see the destination MAC as the Active device MAC. and yes, the connection mirroring is enabled on all the virtual server.

       

      Is it normal behaviour to have the connections including the traffic itself on standby device when connection mirroring is enabled??