I have opened a support case with F5 and we have yet to determine where the issue lies. As a test I went in and manually disabled all virtual-servers and then enabled them and all MACs updated immediately. We have confirmed the upstream core switches are not dropping any GARPs.
I found an SOL article that talks about when GARPs can be missed after failover: SOL7332: Gratuitous ARPs may be lost after a BIG-IP failover event. Eventually the ARP entries age out for all virtual servers and get refreshed with the correct MAC address. The ARP time out on the Nexus 7Ks is 1500 seconds (default) so it takes 25min after a failover for a full network recovery. For traffic to virtual-servers, we are using Auto-MAP to SNAT to the floating Self-IP and using Auto-Last Hop so return traffic passes through the correct source VLAN.
Each partition only has a single route-domain the VLANs are allocated to. We have multiple partitions on each vCMP instance with several VLANs associated with each partition. However, the ARP tables on the Nexus 7K Core switches do not get updated so all the virtual-servers continue to have the MAC address associated with F5ADC01. If F5ADC01 is Active and we force it Standby, it immediately changes to Standby and F5ADC02 immediately takes over the Active role. We are having an issue during automatic or manual failover where the MAC addresses for the virtual-servers are not being updated. When I look at the MAC address tables on both 7K1 and 7K2, I can see all the individual F5 MACs for each VLAN we have configured on the F5 vCMP instances. Each F5 5250v has a 10G uplink to two core switches (Cisco Nexus 7010) configured as an LACP port-channel on the F5 side and a Port-Channel/vPC on the Nexus side.
We have two Fv appliances configured with 2 vCMP instances each in an HA pair (Active/Standby).
0 kommentar(er)
