Forum Discussion

Dan_L1's avatar
Dan_L1
Icon for Nimbostratus rankNimbostratus
Jun 09, 2014

Migrated from various hardware > 10200v and changed VLAN

We migrated from 8900/6900's to 10200V instances over the weekend and also changed from the basic untagged internal VLAN to a tagged vlan. This is on version 11.4.1 HF2 - I ran a iHealth file and found that with the new VLAN being tagged we have the following issue during failover:

 

BIG-IP objects configured on a different subnet than the self IP address do not send gratuitous ARP requests on failover: sol11880

 

Question is - if I add a Self-IP per subnet, do I have to do this off-hours? Or will it not cause an issue doing it in the middle of the day? Everything is working fine right now, but I want to be prepared properly for the failover and adding a self-ip per subnet is no problem for our envrionment (vs mac masquerading).

 

Also - should it be a floating IP or static per box?

 

application delivery
availability
deployment
ihealth
LTM

1 Reply

Sort By
  • Steve_M__153836's avatar
    Steve_M__153836
    Icon for Nimbostratus rankNimbostratus
    Jun 09, 2014

    Best practice, assuming a single traffic group, would be one self IP per VLAN per ltm instance (if two instances in HA pair, one self IP for each per VLAN) and one floating IP per HA setup per VLAN. So if you have 3 devices, in actice-active-standby for example, you would have 4 IPs used; 3 self IPs and one floating IP, again per VLAN.

     

    As for when you add them. I would definitely do this after hours. I'm not 100% certain, but I think if you add the self/floating IPs on a VLAN that has nodes then the F5 would starting sending traffic via that floating IP so application traffic would go to your servers from a different IP. If you are dealing with firewalls in between the F5 and the client/destination you'll also need to make sure that the firewall rules are updated. Hope this helps.