Forum Discussion

Gambler_168259's avatar
Gambler_168259
Icon for Nimbostratus rankNimbostratus
Feb 13, 2015

F5 LTM 2000s Loop Issue with Cisco 6500 L3 Switch

We have deployed two F5 LTM 2000s Load Balancers for our client

 

1.These two load balancer are connected to each other using VLAN HA with their respective ports 1.3 2.Load Balancer-1 and Load Balancer-2 internal VLAN-14 is connected to the client uplink Core-6500 Switches. 3. Load Balancer-1 and Load Balancer-2 external VLAN-16 is connected to the client uplink Core-6500 Switches. 4. Design is attached for reference. 5. Client Cisco-6500 Core Switches have all the vlans defined and also inter-vlan routing is defined there.

 

Once we deployed the network based on this design, we faced an issue while having a Layer-2 connectivity of F5 Load Balancer with Cisco 6500 Core Switches. Keeping the Cisco Core 6500 Switch interface to access port and linking the F5 LB port to both VLAN-14 and VLAN-16 as tagged and untagged, it didn’t work but once the client changed the interface to trunk mode and also configuring dot1q trunking at Cisco 6500 Switch at the interface and keeping the F5 LB as tagged for VLAN-14 and VLAN-16 it suddenly start works…

 

• We have also created the VLAN group having internal and external VLANs and also we configured the default route as 0.0.0.0/24 with default gateway 10.50.16.1 • Default gateway of VLAN-14 is 10.50.14.1 and VLAN-16 is 10.50.16.1 • VLAN-14 contains the client servers and VLAN-16 contains Virtual Server IP acting as external as well towards Cisco 6500 Core Switch.

 

Below are the queries that need to clarified:

 

  1. After this we have faced an issue at client network as in F5 LB ARP entries shows MAC addresses of others servers which are connected on the Core Cisco-6500 Switch and are on VLAN-16 and internal VLAN is limited to only few servers in the VLAN-14 as per solution pitched to client. Why is this behaviour as this is very much unusual for us???

     

  2. Also we have faced an issue of Loop in the client network after configuring the F5 LB with VS, Self and Floating IPs and connecting it with the Cisco-6500 on Layer-2, loop created and clog down the whole network??

     

  3. Kindly share the findings why this case of untagged access port at F5 LB and access port at Cisco 6500 switch interface doesn’t work??

     

  4. After this on Client Cisco 6500 Switch VLAN-14 ARP table contains the entries of VLAN 16 machines and VLAN-16 ARP Table contains the entries of VLAN-14, with this Cisco Core 6500 Switch contains the ARP entry with the F5 LB MAC against the multiple IP of VLAN-16 which is again the unsual behaviour???

     

application delivery
availability
cisco
deployment
design
LTM

2 Replies

Sort By
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Feb 13, 2015

    Hi Gambler,

    by configuring a VLANgroup you create a L2 connection between internal and external VLAN.

    Is this technically required? Same L2 broadcast domain? Whenever possible I avoid using VLANgroups.

    In case you have assigned VLANs in "tagged" mode to interfaces on the F5 you will need a corresponding "trunk" (Cisco terminology for VLAN tagging) on the Cisco gear.

    By using VLAN tagging a single link or aggregated links (aka F5 trunk, aka Cisco channel) can be associated with multiple VLANs.

    For troubleshooting on the F5 the tcpdump will help you: 
    tcpdump -nnni 0.0 -e -c 1000

    The "-e" parameter dumps L2 information (MAC address and vlan tag), the "-nnni 0.0" is dumping on all interfaces and prevents all level name resolution, the "-c 1000" just limits the number of packets to dump.

    Perhaps you are already aware of all these aspects and I misunderstood your question.

    Thanks, Stephan
  • Prageeth_k_7322's avatar
    Prageeth_k_7322
    Icon for Nimbostratus rankNimbostratus
    Mar 25, 2015

    Hi, did you resolve this l2 loop? was it because you selected bridge on standby option for the vlan group or else how did you resolve the issue? Thanks!