F5 LTM VIP/STP Problem

We are currently experiencing an issue in our data center. We have two F5 LTM’s with VIPs for our database cluster and webservers. In the data center, we run HP ProLiant Servers with Fault Tolerant Load Balancing (TLB) NIC teams and two Cisco 3560E switches with Etherchannel Layer 2 trunks. We have two F5 LTMs that are currently in an Active/Standby configuration. On the first LTM, we have interface 1.1 going to switch 1 and interface 1.2 going to switch 2. On the second LTM, we have the same configuration. Please see the simplified topology concerning the connection to the switches.

 

 

Over the weekend, we removed foundry switches and replaced those with the Cisco 3560E’s. Since this change over we have had a few issues with no resolution to date. First, when we try to access the VIP for our webservers on the F5 LTM by HTTP/HTTPS it does not resolve. If we try to access the LTMs HTTPS web address, it does not resolve either. However, we can access all servers using their physical address with HTTP/HTTPS. What is really weird is that we can ping the VIP and LTM address. We do not currently have an access-list on any device denying this traffic. Also, when we removed a NIC from the team, we could resolve the VIP and LTM by HTTP/HTTPs. The second issue is that spanning-tree is blocking the redundant interfaces on our second switch. Not sure why this is happening if the LTM is in an Active/Standby state and it must be noted that we are using STP pass through.

 

 

Hopefully someone reading this has experienced this before or has an idea/suggestion for a resolution. We have opened a ticket with F5, but no resolution yet. We opened a case with Cisco TAC and they have reviewed the switch configuration and everything looks good.