IBM Support

How to use "MAC Hardening" for Virtual MAC Takeover Standby Control

Technote (troubleshooting)


If using Virtual MAC Takeover implementation for Standby Control on IBM WebSphere DataPower SOA Appliances, the administrator might want to implement "MAC Hardening" if duplicate MAC addresses are occurring when the ACTIVE appliance has a warm restart.


If the Virtual MAC address is seen configured on a Standby Control group member other than the single ACTIVE appliance interface after a warm restart, then there might have been a problem releasing the Standby Control Virtual MAC Address.


In some network environments or scenarios involving a warm restart of the ACTIVE Standby Control group member, there might be a problem releasing the Virtual MAC Address that should be only associated with the currently ACTIVE Standby Control group member.


This only applies to the pre-4.0.2 Firmware which uses the Virtual MAC takeover implementation.

On 4.0.2 Firmware and later, the mac-takeover method is still available as a configuration option, but the default "no mac-takeover" method is recommended, which does not involve using the Virtual MAC Address implementation (also known as the ARP takeover method).

In 4.0.2 Firmware and later, the user can toggle the Standby Control MAC Takeover option.
The toggle can be found in the appliance Network Settings and it specifies whether to use virtual MAC address takeover. If enabled, a Standby Control takeover is performed by moving the virtual MAC address to the newly active appliance. If disabled (default), all Standby Control groups use ARP takeover.

Diagnosing the problem

For certain scenarios when using an environment that utilizes the Virtual MAC Address takeover implementation of Standby Control and the ACTIVE appliance has a warm restart, the user might observe that more than one appliance might display the Virtual MAC Address.

Resolving the problem

If this scenario occurs, the recommendation is to consider using the default "no mac-takeover" method available on 4.0.2 Firmware and newer.

If the Virtual MAC takeover method is needed, then a possible solution might be to implement "MAC Hardening".

"MAC Hardening" consists of adding the original hardware MAC address into the DataPower configuration so that it overrides any temporarily assigned MAC address during a warm restart or configuration reload.

This can be accomplished in the WEBGUI by navigating to Network -> Interface -> Ethernet Interface and modifying the "MAC Address" field. Then clicking Apply and then saving the configuration.

From the CLI, the command from the desired interface configuration mode is:

mac-address <Specify the original 48-bit MAC address in hexadecimal format>

NOTE: Do NOT hard code the Virtual MAC address, which would be in the format of 00:00:0c:07:ac:xx, where xx is hex for the Standby Control group number.

Please note that it would be recommended to temporarily remove Standby Control configuration from the interfaces before adding the hard-coded MAC address to the configuration.

Document information

More support for: WebSphere DataPower Integration Blade XI50B

Software version: 3.8.2, 4.0, 4.0.1, 4.0.2, 5.0.0

Operating system(s): Firmware

Reference #: 1624459

Modified date: 20 February 2013

Translate this page: