Virtual MAC (VMAC) with HA

Virtual MAC is a means of doing HA at layer 2, rather than layer 3. Essentially, in addition to a shared IP there is a shared MAC address which is owned by whichever unit is active. By implementing this, all Virtual Service traffic will communicate to this shared MAC address, allowing the standby device to pick up the traffic seamlessly. In the event of a failover, upstream devices do not need to change the ARP record associated with the services. The only change that must occur is that the switch must begin sending frames out a different port.

VMAC is the best way to accomplish HA, the only reason it is not the default is because some environments prohibit migrating MAC addresses across ports. Settings such as Cisco’s Port-Security can prevent VMAC from working properly.

A quick way to test whether your environment can use this is the 'laptop test'. If you take a laptop and plug it into a port on the switch, get connectivity, then move the connection to a different port on the same switch. If the connectivity returns without incident, then you should also be able to use VMAC.

If your HA pair is connected to two different switches, the laptop test should be done on the switch that those switches converge at (rather than the switches LoadMaster connect to) since that is where the MAC bookkeeping will have to change quickly.

After confirming that VMAC will work in your environment, you can change to Virtual MAC during a maintenance window since it will require a reboot and for ARP to be flushed on relevant devices. To turn it on, select the Use Virtual MAC addresses check box in the LoadMaster Web User Interface (WUI) by going to Local Administration > HA Parameters on both devices. Following that, you will need to reboot both devices. You will need to flush the ARP on all upstream devices. It is recommended but may not be necessary to flush the Real Servers ARP as well.

VMAC feature can be used with the hardware device only.

Was this article helpful?

0 out of 0 found this helpful