Customers using the X-Series platform in a DBHA configuration attached to an F5 BIG-IP load balancer may experience performance issues or even traffic failure when VRRP failover is triggered.
This article could be also relevant to another devices using a similar mechanism to auto_lasthop on F5 load balancers.
By default BIG-IP implements a low-latency mechanism called auto_lasthop which allows the BIG-IP system to send response IP packets to the MAC address from which requests were sent, instead of relying on the usual IP routing and ARP resolution.
Each X-Series chassis forwards traffic using its own source MAC address (even when vrrp-mac is configured).
In a DBHA configuration, there can be two different X-Series source MAC addresses in a given network segment.
BIG-IP records the MAC address of the current VRRP master for each IP connection's source and uses this MAC address to forward response traffic. Two issues could occur when the neighboring load balancer returns traffic to the original source address without sending ARP request.
Traffic outage after VRRP failover
When VRRP failover occurs, BIG-IP will continue to send response traffic to the MAC address to the former VRRP master.
Such traffic fails.
New connections received from unknown IP addresses will work normally because BIG-IP associates this traffic with the new VRRP master.
Packets returned by the load balancer to the physical MAC address instead of VRRP MAC address are classified as new flows which are set up on the NPM. This could cause significant performance impact and NFI queuing.This could also cause the NfiQueuedPktsHigh alarm to be triggered. In the worst case scenario, this may lead to a packet loss on the NPM.
The behavior described is controlled by the BIG-IP auto_lasthop global variable.
To support neighboring VRRP routers, F5 recommends that users disable this variable.
For other vendor's load balancers, please, refer to the respective documentation.