Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Oct 30, 2015

Ubtagged VLAN with two interfaces and ARP

Hi,

 

I am trying to understand how this kind of setup is managing MAC address-interface bond.

 

Scenario:

 

VLAN100 with interface 1.1 and 1.2 assigned

 

Interface 1.1 connected to switch1, to switch1 node1 and node2 servers connected

 

Interface 1.2 connected to switch2, to switch2 node3 and node4 servers connected

 

Pool1 created with nodes 1-4

 

Virtual created with Pool1

 

According to all my tests as well as SOL14513 all L3 traffic is using VLAN MAC not Interface MAC (seems logical as same IPs are available via both interfaces).

 

Now we trying to ping node1 - I assume that ARP Request (Broadcast dst MAC) is send via both interfaces. ARP Reply returns only via interface 1.1 as node1 is connected only to switch1.

 

So far so good, but how BIG-IP stores that packet for node1 should be only send via interface 1.1? I can't see Interface column in Network>ARP>Dynamic List (GUI) or when issuing tmsh show net arp. There is no entry at all in FDB - tmsh list net fdb vlan VLAN100 all-properties.

 

Only info is to which VLAN given MAC address belongs. That's fine if we have one interface/trunk VLAN but seems to be not enough when there are more than two interfaces in VLAN.

 

How BIG-IP can send packets only via interface where dst MAC was reported?

 

Is that mean that all packets destined for IP that belongs to given VLAN are send all the time via all ports assigned to VLAN?

 

Piotr

 

10 Replies

  • giltjr's avatar
    giltjr
    Icon for Nimbostratus rankNimbostratus

    Is there a path between switch1 and switch2? Can node 1/2 ping with node 3/4?

     

  • giltjr's avatar
    giltjr
    Icon for Nimbostratus rankNimbostratus

    What do you see if you issue the command:

     

    tmsh show net fdb vlan VLAN100 all-properties

     

  • giltjr's avatar
    giltjr
    Icon for Nimbostratus rankNimbostratus

    Try issuing:

     

    tmsh show net fdb VAN100

     

    or

     

    tmsh show net fdb

     

    You should get back a list showing each mac address of hosts you talk to and what interface is being used. Something like:

     

    [root@DCANET1F501:Active] config tmsh show net fdb VLANXXX

     

    Net::FDB

     

    Vlan Mac Address Member Dynamic

    VLANXXX xx:xx:xx:xx:xx:x1 interface:1.2 yes VLANXXX xx:xx:xx:xx:xx:x2 interface:1.2 yes VLANXXX xx:xx:xx:xx:xx:x3 interface:1.2 yes VLANXXX xx:xx:xx:xx:xx:x4 interface:1.2 yes VLANXXX xx:xx:xx:xx:xx:x5 interface:1.2 yes

     

  • Formated a little better:

    [root@xxxxx:Active] config  tmsh show  net fdb VLANXXX
    
    Net::FDB
    Vlan     Mac Address        Member         Dynamic
    --------------------------------------------------
    VLANXXX  xx:xx:xx:xx:xx:x1   interface:1.2  yes
    VLANXXX  xx:xx:xx:xx:xx:x2   interface:1.2  yes
    VLANXXX  xx:xx:xx:xx:xx:x3   interface:1.2  yes
    VLANXXX  xx:xx:xx:xx:xx:x4   interface:1.2  yes
    VLANXXX  xx:xx:xx:xx:xx:x5   interface:1.2  yes
    
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      I was expecting something like that but it did not worked. Will try again but right now I have only VA not physical device so I am not sure if it works the same. Anyway when tried on physical device nothing showed up. I launched ping to host reachable via given interface and have wath -n 5 tmsh show net fdb vlan VLANXXX all-records in another terminal window. Nothing showed up. Will try again. Thanks a lot for help. Piotr
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      OK, seems that tmsh show net fdb vlan VLANXXX all-records do not work at all on VE. I am getting no output at all. Piotr
  • That sort of makes since, since there are no physical interfaces. In your VE does your virtual interfaces map to unique physical interfaces or to the same physical interface?

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      To the same interface. I was expecting something like that with VE but I was playing around with BIG-IP 2000 doing same test. There I could see some output when issuing command but without any MAC-Interface data. Even when there was for sure new ARP entry created in TMM ARP dynamic list (same watch -n 5 tmsh...). Maybe it was because I omitted all-records keyword. Anyway, if you can confirm that this command is showing MAC addresses learned per interface (with VLAN containing more than one physical interface) then it's enough for me. Will test it when I will have access to physical devices again. BTW, are you sure there is all-properties for this command? I can only see all-records - like that: tmsh show net fdb vlan VLANXXX all-records Piotr
  • I don't have any VLAN's that contain more than one interface don't have an environment where I can set that up. I would think that it should, as it would be just like a switch that has multiple ports within the same VLAN.

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Well, I guess listing MAC address per interface with mentioned command should work even for one interface per VLAN (on physical device) and yes, for me BIG-IP in setup with multiple interfaces per VLAN should behave like standard L2 switch - that was what puzzled me - why there is no output from the command. OK, will have to test again with physical device. Thanks again for help, Piotr