cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9047
Views
0
Helpful
9
Replies

Gratuitous ARP Problem

darrenriley5
Level 1
Level 1

Hi,

We’ve recently experienced arp issues on our core switches when our F5 load balancers failover. We have one F5 load balancer at each of our data centres which are connected via layer 2 dark fibre links.

When the F5 load balancers failover they send out a gratuitous arp broadcast. The servers behind the load balancer update their arp cache during failover but our core Cisco 6500 and Nexus switches don’t. To resolve the issue I have to clear the arp cache on all 4 core switches.

Can anything be changed on the switches so they update the arp cache during these arp broadcasts.

Thanks

Darren

9 Replies 9

rais
Level 7
Level 7

Darren,

Do you have F5 and servers on the same subnet? If so, switches need not have ARP entry for LBA.

Thanks.

Hi,

At the back end the servers are on the same subnet as the F5 device but the failover at this end worked OK. The problem was the vlan which is used for the virtual ip addresses. When this failed over our core switches didn't  update arp cache.

Thanks

Darren

I think you mean to say south switches failovered fine but north switches didn't. When F5 failovers, the whole box failovers. You can tcpdump on the north side interface and see if gratuitous arp was sent.

Thanks.

aacj231210
Level 1
Level 1

Hi,

the 6500's arp expire time is 300 by default, when the time is expire, the switch can update the ARP entry in the ARP table.

To solve your question, you can configure thestatic MAC address in your F5,

Network-》VLANS-》configuration:advanced-》MAC Masquerade

if so ,when the active F5 down, the standby F5 can take the active role without send the gratuitous ARP packet.

Is this something that happens all the time? This link may be helpful.

Thanks.

Thanks, all replies very helpful.

Hi,

Can you share what the resolution was for this issue?

Hello,

 

I am facing the same issue. Can you please share the solution.

The best solution is to use the MAC masquerade feature on the F5 load-balancers. This feature allows the active and standby load-balancers to share a virtual MAC for shared float addresses. It is configured under the traffic-group. That way, in the event of a failover, ARP tables do not need to be updated, just MAC tables (much faster).

 

Here is a link from F5 describing the feature.  

 

https://support.f5.com/csp/article/K13502

 

I like to embed the string f5:f5 in the MAC that I use for this purpose as it can be helpful during troubleshooting and when reviewing packet captures.

 

HTH.

 

Louie

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: