Forum Discussion

CVela_52327's avatar
CVela_52327
Icon for Nimbostratus rankNimbostratus
Aug 19, 2009

Outbound SNAT for LDAP server connectivity

Hi All

 

 

We've got the F5's set up with SNAT for all outbound LDAP requests. Prior to failover, the servers which sit behind the LTMs have no issues connecting through the LTMs out to the LDAP servers. However if the Active LTM fails over to the standby then the connections are very intermittent and occasionally fail. At first I thought connection mirroring would resolve the issue however it didnt as the binds from the servers out to ldap occasionally fail.

 

 

Any advice or troubleshooting tips?

 

 

Thanks

 

 

KC
config
design

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 19, 2009
    Hi, KC,

     

     

    It sounds like the upstream switch may not have updated its ARP cache. You could try enabling MAC masquerading on the LTM VLAN that the outbound LDAP connections go out. This should shorten the time it takes for the upstream switches to accept the traffic after a failover.

     

     

    For details on configuring MAC masquerading and selecting a unique MAC address, you can check two AskF5 solutions:

     

     

    SOL7214 - Configuring MAC masquerading

     

    https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7214.html

     

     

    BEST PRACTICE: SOL3523 - Choosing a unique Media Access Control (MAC) address for MAC masquerade

     

    https://support.f5.com/kb/en-us/solutions/public/3000/500/sol3523.html

     

     

    Aaron