vlan failsafe don`t work on vcmp guest

Question

Hello,&nbsp;
I have a 2x5250V (VCMP). I have installed three guests (Prod,dmz and QA) on both of them host. These Guests are connected on the same Vlans for HA &amp; the following vlan for each guest:&nbsp;
prod1/prod2 guest are in failover active/standby, external vlan2, internal vlan12, ha vlan30
dmz1/dmz2 guest are in failover active/standby, external vlan3, internal vlan13,  ha vlan30
qa1/qa2 guest are in failover active/standby, external vlan2, internal vlan12, ha vlan30&nbsp;
When I shutdown the physical port-channel for the vlan 2 and 3 on the switch, the Guests Prod1 and Dmz1 successfully commute with vlan failsafe but guest qa not switch.&nbsp;
The active traffic groups located to qa don't switch to standby status and the application does not work properly. on guest qa only work gateway failsafe.&nbsp;
How can I do to work vlan failsafe to switch to the neighbord (qa1--&gt;qa2)?&nbsp;
Thank you&nbsp;

ianb · Answer

I'm not sure I fully understand your question, but I think you're staying that you have three pairs of vcmp guests, and two of them are working with vlan failsafe, but the third is not ? Is that correct ?&nbsp;
If so, I suggest you run tcpdump -i  on both guests, to see what traffic is still being seen there, compared with the traffic seen on the other two vlans.   Is the VLAN really totally inactive ?&nbsp;
VLAN failsafe is a timer that resets every time it receives a packet. If it reaches half of the timeout value, it starts sending ARP requests out to try and elicit a response.  At 3/4s of the timeout, it starts pinging 224.0.0.1 to try and get a response. If none of that works, it will trigger failover.&nbsp;
Note that the vlan failsafe configuration is not part of the shared configuration, so make sure you have configured the same values on both guests.&nbsp;
Overview of VLAN failsafe&nbsp;
Note that VLAN failsafe can be problematic if both devices share the same VLAN, as the gratuitous packets from one device end up keeping the other one alive.  In such a situation, Gateway failsafe is more appropriate, but that can have problems too, where the loss of the common gateway router causes both devices to go standby, since both see it as being down.&nbsp;

tatmotiv · Answer

VLAN failsafe will watch for traffic on the VLAN and generate some traffic itself (ARP requests) after some time when it has detected a possible loss of connectivity. When running VLAN failsafe on several vCMP guests on the same vCMP host that share one VLAN with VLAN failsafe activated, the traffic generated on one guest by the VLAN failsafe mechanism itself will be detected by the other vCMP guests' VLAN failsafe mechanisms. This is due to the fact that the vCMP guests themselves are connected with each other via the virtual switch within the vCMP hypervisor. Thus, inter-guest traffic will not need to leave the vCMP host, so VLAN failsafe will never get triggered in this constellation, even if there is a "real" loss of connectivity (e.g. switch outage).

Forum Discussion

vlan failsafe don`t work on vcmp guest

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

VPN fragmented IP packets dropped

Related Content

Don’t Conflate Virtual with Dynamic

Booth Babes Don’t Wear Glasses

LTM: Interface Failsafe

Some of vCMP Guest is not shown on the Guests Status Page.

Don’t Confuse A Rubber Stamp With Validation