210si2022 11:20, Overview of VLAN failsafe AskFS Home / K13297 K13297: Overview of VLAN failsafe Non-Diagnostic inal Publication Date: Jun 25, 2020 Updated Date: Jul 26, 2021 Topic VLAN failsafe is a high availabilty (HA) feature that allows the BIG-IP system to monitor for network failure on VLANs and take appropriate action when the system detects a loss of network connectivity. Description When you configure VLAN failsafe, the BIG-IP system monitors network traffic on the VLAN. If the BIG-IP system detects a loss of network traffic on the VLAN, the VLAN failsafe timer begins and the BIG-IP system attempts to generate traffic to nodes or the default router that is accessible through the VLAN in the manner described in the following table. VLAN Traffic generated by the BIG-IP system failsafe timer Half expired lf expired + Initiates an Address Resolution Protocol (ARP) request for the IP address of the oldest entry in the BIG-IP ARP table + Initiates an ICMPv6 neighbor discovery probe (only if entries exist in the BIG-IP IPv6 neighbor cache) Th enters + Initiates an ARP request for all IP addresses in the BIG-IP ARP 8 table expired + Initiates an ICMPv6 neighbor discovery probe (only if entries exist in the BIG-IP IPv6 neighbor cache) + Initiates a multicast ping to 224.0.0.1 For example, if the VLAN failsafe timeout value is configured with 40 seconds and the BIG-IP system detects a loss of network traffic on the VLAN for the last 20 seconds, the BIG-IP system attempts to initiate an ARP request for the IP address of the oldest entry in the BIG-IP ARP table, as well as an ICMPV6 neighbor hitps:Isupport5.comiesplartlerk13297 us‘ainsr2022 11:20 Overview of VLAN faisate discovery probe, The VLAN failsafe timer resets and the failsafe action is avoided if the BIG-IP system receives a response to the traffic it generated, You can control the type of traffic that can reset the BIG-IP system VLAN failsafe timer by the Failover. VianFailsafe.ResetTimerOnAnyFrame database key. VLAN Failsafe options When enabling VLAN failsafe for a VLAN, you can choose fram the Timeout or the Action options. Timeout ‘The VLAN failsafe timeout specifies the number of seconds that must elapse before the BIG-IP system triggers the failsafe action. The default value is 90 seconds, and the minimum value is 10 seconds Action The failsafe actions in the following table define options that the system can take if the system does not detect any traffic on this VLAN and the timeout has expired, Important: After the failsafe timer expires and the configured action is performed, the device remains in failsafe fault mode and cannot become active until network activity is detected on the VLAN. Action Description Reboot Specifies that the system restarts, Restart is the default action. Restart All Specifies that the system restarts all system services. Failover Specifies that the active unit fails over to its peer. Failover Restart Specifies that the active unit fails over to its peer and restart its ™ ‘TMM process. Using tmsh to modify the VLAN failsafe setting 1, Log in to the TMOS Shell (tmsh) by entering the following command: ‘tmsh 2. To enable VLAN failsafe, set the failsafe action and modify the failsafe timer value using the following ‘command syntax: modify /net vlan failsafe failsafe-action failsafe-timeout For example, to enable VLAN failsafe on a VLAN named internal and set the action to failover when the timer reaches 60 seconds, enter the following command modify net vlan internal failsafe enabled failsafe-action failover failsafe-timeout 60 3, Save the change by entering the following command: save sys config The failovervianfailsafe.resettimeronanyframe database key You can use the database key values in the following table to define the type of traffic the BIG-IP system can receive to reset the VLAN failsafe timer. hitpsiIsupport5.comiesplartlerk13297 aies210si2022 11:20 Overview of VLAN failsafe Database Description key value False When the database key is set to false, the BIG-IP system resets the VLAN failsafe timeout counter only upon reception of valid ARP or NDP packets sent in response to VLAN failsafe traffic, Other traffic, such as responses to BIG-IP monitor requests, does not reset the VLAN failsafe timeout counter. Because the default timeout behavior ignores any other traffic on the VLAN, VLAN failsafe may be triggered before the VLAN has been idle for the entire timeout value True When the database key is set to true, the BIG-IP system resets the timeout counter upon reception of any frame on the VLAN, including responses to BIG-IP monitor traffic. Note: In BIG-IP 11.4.0 and later, the failover.vianfailsafe.resettimeronanyframe database key value is ignored if you activate aggressive mode on the BIG-IP system. For more information, refer fo K16568: The BIG-IP system resets the VLAN failsafe timer upon receiving any frame in aggressive mode. Using tmsh to modify the database key 1. Log in to tmsh by entering the following command: ‘tmsh 2. To set the database key to either true or false, use the following command syntax: modify /sys db failover.vlanfailsafe.resettimeronanyframe value For example, to set the database key to true, enter the following command: modify /sys db failover.vlanfailsafe.resettimeronanyframe value true 3, Save the change by entering the following command: save sys config Recommendations When configuring VLAN failsafe for a VLAN, you should consider the following factors: + VLAN failsafe configuration is local to the BIG-IP system. It is not a shared configuration synchronized between HA systems during ConfigSync operations, As a result, you must define VLAN failsafe on all BIG-IP systems in an HA system. + To avoid unnecessary failover, you should set the VLAN failsafe timeout value to a value larger than the number of seconds that the neighboring links take to initialize. An unnecessary failover may cause more disruption than a brief flap in network connectivity. Setting the timeout value too low can cause system and network instability issues if both members of the HA configuration experience intermittent, connectivity, + Ifyou enable VLAN failsafe on a VLAN with nodes that do not respond consistently to the standard \VLAN failsafe probes, the BIG-IP HA systems can experience unintended VLAN failsafe events. + Unwanted VLAN failsafe events can occur if you enable VLAN failsafe on a VLAN with no default gateway or pool members and the VLAN contains only devices that do not respond to ARP requests, ICMPV6 neighbor discovery probes, or multicast pings. To help prevent this behavior, you can assign a health monitor to at least one node on that VLAN, This practice helps to consistently populate the ARP tables on the BIG-IP high availability systems and gives a more accurate view of VLAN availability. hitps:Isupport5.comiesplartlerk13297 38210si2022 11:20, Overview of VLAN failsafe + Ifyou set the VLAN failsafe action to restart all or reboot when a low failsafe timeout value is configured, the BIG-IP system may enter a cycle of restarting services or restarting the system until VLAN failsafe is disabled. This behavior may occur when the timeout value is set too low and the interfaces are not available after a restart due to a Spanning Tree update or because Link Aggregation Control Protocol (LACP)-enabled trunks have not initialized. To prevent this behavior from occurring, do not set the VLAN failsafe timeout value below the recommended value of 90 seconds, + Testing the VLAN failsafe feature for an HA redundant pair by removing all nodes from the VLAN may not result in a VLAN failsafe action being triggered. If you use the tested VLAN for network failover or state mirroring, the traffic generated between the redundant BIG-IP systems is sufficient to prevent VLAN failsafe from being triggered. + Ifyou configure more than one guest on a Virtual Clustered Multiprocessing (vCMP) host to use the same VLAN, you should avoid using the VLAN failsafe feature for the guest instances. When a vCMP- guest detects a loss of network traffic on the VLAN and attempts to generate VLAN failsafe traffic, the other guests that are configured on the same VLAN may respond to the failsafe requests and prevent a failover event from occurring. + F5 recommends that you avoid configuring VLAN failsafe on a dedicated high availability VLAN for an HA pair, as itis possible to enter a state where neither device can become active due to the failsafe fault Supplemental Information + K13674: Preventing a standby member of a sync-failover group from rebooting when a VLAN failsafe event is triggered (1.x - 13.x) + 8817 Preventing a standby member of a sync-failover group from rebooting when a VLAN failsafe event is triggered (9.x - 10.x) + K07317717: Error Message: 01140029:4: HA fails action is restart + K17150: A standby BIG-IP system configured with VLAN fail-safe may leak memory Applies to: Product: BIG-IP 16X.X, 15.XX, 14.XX, 13.X.X, 1.X.X, 10.X.X hitps:Isupport5.comiesplartlerk13297 48