Forum Discussion

Cirrostratus

May 20, 2015

VRRP/HSRP and auto last hop tunning - why necessary?

Hi, I have to be missing something important here as I can not at all understand why actions described in SOL9487: BIG-IP support for neighboring VRRP/HSRP routers are required. My understa...

Nimbostratus

Hi Piotr,

yes your assumption 2 is not correct. HSRP e.g. uses it's physical router MAC as source not the virtual MAC associated with the VIP. It gets even worse when using Cisco's vPC. In this case you will see all physical MACs as source depending which physical device forwards the packet. They behave like active/active for sending packets regardless which one is active for the group an owns the VIP.

IMHO the default setting using auto last hop is kind of dangereous as it is not compatible with HSRP, VRRP, ClusterXL which are used in many environments. Why not just use the routing table which will allways forward return traffic to the VIPs MAC? It's not as smart but won't lead to problems where admins don't know the details about redundancy protocols...

Cheers

Alex

dragonflymr

Cirrostratus

Dec 28, 2015

Hi, Thanks a lot. Very valuable info. To be on safe side I do disable global Auto Last Hop for installations when this technologies are involved. Piotr

Forum Discussion

VRRP/HSRP and auto last hop tunning - why necessary?

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

HSRP and VRRP Optimization

Wir wissen was zu tun ist

Migration to IPv6 is necessary and pressing

OLYMPIA 2012 und IT – Was hat das miteinander zu tun?

Events, Messen, Meetings,... voller Kalender und wenig Zeit und Budget – was tun?