BigIP Network Failover on Catalyst 6500 Switches

carlzemke · ‎07-06-2006

Pardon my ignorance on this, but I have had little experince with Catalyst switches.

I have a problem with a Pair of Redundant F5 BigIP switches and the time it takes them to failover on the Network.

According to F5 the BigIP should fail over in a matter of seconds if the Active unit is disconnected from the network, the standby unit is to take over. From what I have seen, it is taking 90 seconds to failover.

It appears to be a problem with STP or some related configuration on the 6509 Switches. Both Active / Standby units are sharing a MAC address / IP address, so I do not beleive it is an ARP issue.

I have each BigIp on seperate 6509s which are running HSRP. From what I have been reading it looks like I need to configure STP with Portfast on the Interfaces that are connected to the BigIPs.

Has anyone seen this problem before or have ideas on what I might look at.

We are running version 12.1(8a)E5.

Regards,

Carl aka "Dazed and Confused"

mironduplessis · ‎07-07-2006

Carl,

Are you using any failsafe options/thresholds. do you have a screen shot of your high availability screen. Portfast is only usefull when your Big-IP system comes back online and will not influence your standby unit as the port would have already transitioned into the forwarding state when it booted up.

Miron

carlzemke · ‎07-07-2006

Yes, I am using VLAN Fail-Safe on the F5. I have both the Internal VLAN and External VLAN set to timeout after 10 seconds and failover if there is no traffic on the VLAN for 10 seconds.

F5 is telling me it has to do with the Cisco switches and not the BigIP configuration.

Thanks,

Carl

mironduplessis · ‎07-07-2006

Carl,

I have my 6400's connected to our 6509 pair. And on a timeout for vlan failsafe of 10 second it takes about 15 seconds for the standby to become active. If you reboot the active the failover is instantaneous. Have you tried the BigIP pair attached to the same switch to rule out any issues with the BIG-IP.

Miron

carlzemke · ‎07-07-2006

I have not tried placing them on the Same switch. That I will try, since we are still in the testing phase I can do this.

Are you using Hardwired Failover or Network Failover?

I am using Network Failover which is a must since they are in seperate Computer rooms for Redundancy.

I moved the F5s to the same switch with the same results. If I switch the Active to Standby, my browser connection still takes approx 90 seconds before I connect to the web server again.

Regards,

Carl

carlzemke · ‎07-12-2006

F5 Support states that I am running into a default timeout for STP Blocking which is normally 90 seconds.

How would I check to see what this is configured for and modify this setting?

Has anyone else run into this issue?

-Carl

mironduplessis · ‎07-12-2006

Carl,

The spanning-tree portfast command is what you need to use. Try it and see if it solves your problem.

I dont think that it will because both your units have their interfaces up so when their is a failure on one unit or the link goes down the other unit is already in the forwarding state.

(if using IOS - Replace with own interface)

interface gig 1/1

switchport

spanning-tree portfast

(is using CatOs - Replace with own interface )

set spantree portfast 1/1

Miron