LTM cluster duplicating IP
Hi I have an issue with a cluster of two nodes LTM BIG-IP 11.2.1 Build 1042.0 Hotfix HF3 active-stby. What is happening is well weird:
Problem: Some of the VIPS are actually getting traffic on the ST-by node
So from a server in the same vlan I have sniffed the arp requests and sadly i receive an arp reply from both unit saying that they are the vip ip. Hence first to answer first to be served.
In the logs on the active node I have found: Wed Jan 8 10:03:32 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.229 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:03:33 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.232 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:03:33 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.214 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:03:33 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.229 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:03:34 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.232 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:03:34 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.214 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:03:34 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.229 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:03:35 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.232 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:03:35 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.214 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:04:01 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.233 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:04:02 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.233 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:04:03 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.233 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:04:04 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.233 (00:01:d7:e0:92:83) on vlan 4093 Wed Jan 8 10:04:05 ICT 2014 warning HKG1-AG-LB-04 tmm[7280] 01190004 address conflict detected for 10.117.192.233 (00:01:d7:e0:92:83) on vlan 4093
and the mac here (00:01:d7:e0:92:83) is actually the mac of the st-by unit.
Possible cause:
I think some of the administrator here have created those vips in the first place on the st-by nit ? I have no other explanation this is the first time i see this kind of behavior. Any Idea ?
Action taken so far:
Delete the VIP, sync the conf, re create the vip on the primary node and sync back.
Delete the VIP on the st-by unit only , sync the conf back from the primary.
Well so far no success.
I'm thinking about enabling mac masquerading, but that would require a MW because it will impact arp on the whole vlan and for all the VIPS.
Any help would be much appreciated.
Paolo