210si2022 11:20, Overview of VLAN failsafe
AskFS Home / K13297
K13297: Overview of VLAN failsafe
Non-Diagnostic
inal Publication Date: Jun 25, 2020
Updated Date: Jul 26, 2021
Topic
VLAN failsafe is a high availabilty (HA) feature that allows the BIG-IP system to monitor for network failure on
VLANs and take appropriate action when the system detects a loss of network connectivity.
Description
When you configure VLAN failsafe, the BIG-IP system monitors network traffic on the VLAN. If the BIG-IP
system detects a loss of network traffic on the VLAN, the VLAN failsafe timer begins and the BIG-IP
system attempts to generate traffic to nodes or the default router that is accessible through the VLAN in the
manner described in the following table.
VLAN Traffic generated by the BIG-IP system
failsafe
timer
Half expired
lf expired + Initiates an Address Resolution Protocol (ARP) request for the
IP address of the oldest entry in the BIG-IP ARP table
+ Initiates an ICMPv6 neighbor discovery probe (only if entries
exist in the BIG-IP IPv6 neighbor cache)
Th
enters + Initiates an ARP request for all IP addresses in the BIG-IP ARP
8 table
expired
+ Initiates an ICMPv6 neighbor discovery probe (only if entries
exist in the BIG-IP IPv6 neighbor cache)
+ Initiates a multicast ping to 224.0.0.1
For example, if the VLAN failsafe timeout value is configured with 40 seconds and the BIG-IP system detects a
loss of network traffic on the VLAN for the last 20 seconds, the BIG-IP system attempts to initiate an ARP
request for the IP address of the oldest entry in the BIG-IP ARP table, as well as an ICMPV6 neighbor
hitps:Isupport5.comiesplartlerk13297 us‘ainsr2022 11:20 Overview of VLAN faisate
discovery probe, The VLAN failsafe timer resets and the failsafe action is avoided if the BIG-IP system
receives a response to the traffic it generated, You can control the type of traffic that can reset the BIG-IP
system VLAN failsafe timer by the Failover. VianFailsafe.ResetTimerOnAnyFrame database key.
VLAN Failsafe options
When enabling VLAN failsafe for a VLAN, you can choose fram the Timeout or the Action options.
Timeout
‘The VLAN failsafe timeout specifies the number of seconds that must elapse before the BIG-IP system triggers
the failsafe action. The default value is 90 seconds, and the minimum value is 10 seconds
Action
The failsafe actions in the following table define options that the system can take if the system does not detect
any traffic on this VLAN and the timeout has expired,
Important: After the failsafe timer expires and the configured action is performed, the device remains in
failsafe fault mode and cannot become active until network activity is detected on the VLAN.
Action Description
Reboot Specifies that the system restarts, Restart is the default action.
Restart All Specifies that the system restarts all system services.
Failover Specifies that the active unit fails over to its peer.
Failover Restart Specifies that the active unit fails over to its peer and restart its
™ ‘TMM process.
Using tmsh to modify the VLAN failsafe setting
1, Log in to the TMOS Shell (tmsh) by entering the following command:
‘tmsh
2. To enable VLAN failsafe, set the failsafe action and modify the failsafe timer value using the following
‘command syntax:
modify /net vlan failsafe failsafe-action
failsafe-timeout
For example, to enable VLAN failsafe on a VLAN named internal and set the action to failover when
the timer reaches 60 seconds, enter the following command
modify net vlan internal failsafe enabled failsafe-action failover failsafe-timeout
60
3, Save the change by entering the following command:
save sys config
The failovervianfailsafe.resettimeronanyframe database key
You can use the database key values in the following table to define the type of traffic the BIG-IP system can
receive to reset the VLAN failsafe timer.
hitpsiIsupport5.comiesplartlerk13297 aies210si2022 11:20 Overview of VLAN failsafe
Database Description
key
value
False When the database key is set to false, the BIG-IP system resets the
VLAN failsafe timeout counter only upon reception of valid ARP or NDP
packets sent in response to VLAN failsafe traffic, Other traffic, such as
responses to BIG-IP monitor requests, does not reset the VLAN failsafe
timeout counter. Because the default timeout behavior ignores any other
traffic on the VLAN, VLAN failsafe may be triggered before the VLAN has
been idle for the entire timeout value
True When the database key is set to true, the BIG-IP system resets the
timeout counter upon reception of any frame on the VLAN, including
responses to BIG-IP monitor traffic.
Note: In BIG-IP 11.4.0 and later, the failover.vianfailsafe.resettimeronanyframe database key value is
ignored if you activate aggressive mode on the BIG-IP system. For more information, refer fo K16568: The
BIG-IP system resets the VLAN failsafe timer upon receiving any frame in aggressive mode.
Using tmsh to modify the database key
1. Log in to tmsh by entering the following command:
‘tmsh
2. To set the database key to either true or false, use the following command syntax:
modify /sys db failover.vlanfailsafe.resettimeronanyframe value
For example, to set the database key to true, enter the following command:
modify /sys db failover.vlanfailsafe.resettimeronanyframe value true
3, Save the change by entering the following command:
save sys config
Recommendations
When configuring VLAN failsafe for a VLAN, you should consider the following factors:
+ VLAN failsafe configuration is local to the BIG-IP system. It is not a shared configuration synchronized
between HA systems during ConfigSync operations, As a result, you must define VLAN failsafe on all
BIG-IP systems in an HA system.
+ To avoid unnecessary failover, you should set the VLAN failsafe timeout value to a value larger than the
number of seconds that the neighboring links take to initialize. An unnecessary failover may cause more
disruption than a brief flap in network connectivity. Setting the timeout value too low can cause system
and network instability issues if both members of the HA configuration experience intermittent,
connectivity,
+ Ifyou enable VLAN failsafe on a VLAN with nodes that do not respond consistently to the standard
\VLAN failsafe probes, the BIG-IP HA systems can experience unintended VLAN failsafe events.
+ Unwanted VLAN failsafe events can occur if you enable VLAN failsafe on a VLAN with no default
gateway or pool members and the VLAN contains only devices that do not respond to ARP requests,
ICMPV6 neighbor discovery probes, or multicast pings. To help prevent this behavior, you can assign a
health monitor to at least one node on that VLAN, This practice helps to consistently populate the ARP
tables on the BIG-IP high availability systems and gives a more accurate view of VLAN availability.
hitps:Isupport5.comiesplartlerk13297 38210si2022 11:20, Overview of VLAN failsafe
+ Ifyou set the VLAN failsafe action to restart all or reboot when a low failsafe timeout value is
configured, the BIG-IP system may enter a cycle of restarting services or restarting the system until
VLAN failsafe is disabled. This behavior may occur when the timeout value is set too low and the
interfaces are not available after a restart due to a Spanning Tree update or because Link Aggregation
Control Protocol (LACP)-enabled trunks have not initialized. To prevent this behavior from occurring, do
not set the VLAN failsafe timeout value below the recommended value of 90 seconds,
+ Testing the VLAN failsafe feature for an HA redundant pair by removing all nodes from the VLAN may
not result in a VLAN failsafe action being triggered. If you use the tested VLAN for network failover or
state mirroring, the traffic generated between the redundant BIG-IP systems is sufficient to prevent
VLAN failsafe from being triggered.
+ Ifyou configure more than one guest on a Virtual Clustered Multiprocessing (vCMP) host to use the
same VLAN, you should avoid using the VLAN failsafe feature for the guest instances. When a vCMP-
guest detects a loss of network traffic on the VLAN and attempts to generate VLAN failsafe traffic, the
other guests that are configured on the same VLAN may respond to the failsafe requests and prevent a
failover event from occurring.
+ F5 recommends that you avoid configuring VLAN failsafe on a dedicated high availability VLAN for an
HA pair, as itis possible to enter a state where neither device can become active due to the failsafe
fault
Supplemental Information
+ K13674: Preventing a standby member of a sync-failover group from rebooting when a VLAN failsafe
event is triggered (1.x - 13.x)
+ 8817 Preventing a standby member of a sync-failover group from rebooting when a VLAN failsafe
event is triggered (9.x - 10.x)
+ K07317717: Error Message: 01140029:4: HA fails action is restart
+ K17150: A standby BIG-IP system configured with VLAN fail-safe may leak memory
Applies to:
Product: BIG-IP
16X.X, 15.XX, 14.XX, 13.X.X, 1.X.X, 10.X.X
hitps:Isupport5.comiesplartlerk13297
48