Forum Discussion

NiHo_202842's avatar
NiHo_202842
Icon for Cirrostratus rankCirrostratus
Jan 04, 2017

ARP & Failover hassle: Self-IP in the vIP range or MAC Masquerading?

Hello,

 

We recently had some issues regarding a failover where a part of the vips weren't ARP'd right. (These worked fine before) F5 Support mentioned having a self-ip in the vIP range or using MAC Masquerading on the traffic group would solve our problems.

 

Now there are a few things I do not get;

 

  • if a self-ip in the vIP range is required, how are we accessing our listeners right now?
  • How is the bigip broadcasting the vIPs without a self-ip in the vIP range?
  • Why would MAC masquerading work better?

Our bigips are connected to L3 switches, if that may help. Thanks!

 

1 Reply

  • if a self-ip in the vIP range is required, how are we accessing our listeners right now? As longs as the traffic arrives in the F5 unit, if matches a listener, the F5 will handle the traffic.

     

    How is the bigip broadcasting the vIPs without a self-ip in the vIP range? When you create a virtual server, it will create a virtual address as well. The virtual address by default has arp enabled, so it will respond to arp requests. Also, in case of failover events or it becomes first active, GARPs are sent for self ips and virtual addresses.

     

    Why would MAC masquerading work better? The recommended setup for a HA pair (Active/Standby), is a non-floating self IP per unit and one float self IP, this for each vlan. The float IP floats to the other unit in case of failover, but the mac address will be the new one from the new active unit, in case the devices in your network take time or have problems updating the mac table, you can use MAC masquerade so both IP and MAC floats to the new active unit.

     

    Some useful solutions about that:

     

     

     

    There is also something important for people that come from a network background, F5 may work without any routes, see this functionality: