Forum Discussion

Christian_Manue's avatar
Christian_Manue
Icon for Nimbostratus rankNimbostratus
Apr 10, 2017

F5 HA: Issue with Connection When the Primary appliance is brought online

Hi Friends,

 

We have a issue with a pair of F5 Appliance in Active/StandBy Setup: F5_A (Active)and F5_B (StandBy)

 

Case 1: When we failover to the F5_B, all connections is fine and the traffic continues working.

 

Case 2: When we rebooted the F5_A, and F5_B is going to active, all connections is fine and the traffic continues working, but later F5_A take control (becouse we are setup auto-failback en 60 seconds) all connection are lost and the traffic stop to process. The traffic returns to flow after 5 or 6 minutes.

 

Case 3 (similar to case 2): When we rebooted the F5_A, and F5_B is going to active, all connections is fine and the traffic continues working. In this case, we Disabled auto-failback, and wait about 15 minutes and failover to the F5_A, and equal, all connection are lost and the traffic stop to process. The traffic returns to flow after 5 or 6 minutes.

 

What is the reason for that? Do you had been any case similir to these?

 

Something to point, we are testing this with mac masquerade and withot this and the result is the same. Please if your have any comment or idea, thats help us alot.

 

Thanks

 

Christian Garcia

 

application delivery
BIG-IP
ha
LTM

2 Replies

Sort By
  • Ed_Summers's avatar
    Ed_Summers
    Icon for Nimbostratus rankNimbostratus
    Apr 10, 2017

    Issues processing GARP were an initial thought until you mentioned the problem persists even with MAC masquerading. Given that (and the timeframe being around the Cisco-default 300 second MAC address aging) have you looked at neighboring switch MAC/CAM tables when the issue appears? In the MAC masquerading configuration, are the neighboring switches associating the shared MAC with the correct port (port associated to the active unit)?

     

    I've seen partial traffic loss issues when the neighboring device couldn't process all of the GARP traffic on failover. But this only impacted some of the traffic, and was resolved with MAC masquerading (as then only the neighboring switch has to update the MAC table; L2-L3 mapping doesn't change).

     

    K25241134 Describes a race-condition issue where the BIGIP transitioning to Offline sends GARPs, but the workaround is to configure MAC masquerade.

     

    Outside of this issue, can F5_A successfully operate and handle traffic in a steady-state condition? No issues with traffic handling on that device outside of a ~5 minute outage when the traffic-group transitions from F5_B to F5_A?

     

    How are the two units connected to the rest of the network? Have also seen partial traffic loss in a Cisco HSRP/vPC environment when admin forgot to enable 'peer-gateway' as described in K12440. Impact depends on how traffic is flowing through the network.

     

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Apr 11, 2017

    First up are your BIGIP's the same hardware, version and hotfix?

     

    Are your mirroring traffic ports open on BIGIP-A? It appears you are only mirroring information in one direction. You can check if you are receiving mirroring traffic on BIGIP-A using the steps outlined in K54622241