Re: Network issues with Nexus N7K / inline IPS / F5

jcardona1 · ‎12-07-2021

The scenario is as follows, we have 2 F5 appliances in cluster and 2 Nexus N7K series. Each F5 appliance consists of an LACP 2 x 10G fiber connectivity. Each LACP fiber connects to a different Nexus N7K switch. The thing here is that we are trying to deploy an inline IPS appliance between the F5 appliances and the switches. So, we only cabled the stand-by F5 appliance through the Fail-opens/bypass device and the IPS appliance.

After we cabled the stand-by F5 appliance as described and shown below, we started seeing general network outages, like web applications which were not served by any of these F5 appliances not responding, also vpn services not responding and also some web applications being served by the active F5 appliance also not responding.

Surprisingly or not, It all got resolved after disconnecting the fibers on both fail-opens below. We don’t really understand how inserting fail opens and IPS inline in layer 2, could have interfered in the network, but for sure it has some relation with this issue. We are thinking of some possible layer 2 loop or broadcast.

Any information you could suggest to help understand what could have happened here is very much appreciated.

pieterh · ‎12-08-2021

>>> Each LACP fiber connects to a different Nexus N7K switch <<
It may be you cannot use a "multi-chassis LACP link" when those switches are stand-alone

(you do not mention those N7K switches being configures as VSS ?)

jcardona1 · ‎12-08-2021

Thanks for your reply. We have a port-channel configured on both switches. I am attaching a portion of the log on each switch by the time this issue happened.