Active Active Datacenter design

Question

We are going through design phase of the our project that involves the following: 
&nbsp;  
&nbsp; 1. Two datacenters (apart 15 km) running active/active. 
&nbsp; 2. We have layer 2 connectivity at each zone for the servers to have the same subnet over two datacenter. 
&nbsp;  
&nbsp; We have one F5 in one datacenter and one F5 in other datacenter. The question is that whats the best design approach regarding F5s connectivity between two datacenters. Which one is the better approach Active/Standby or Active/Active. 
&nbsp;  
&nbsp; Is there anyone who have implemented active active datacenter with F5s. Is there any issues we need to look for. Is there any whitepaper that talks about active active datacenter design using F5s. 
&nbsp;  
&nbsp; Thanks for answering. 
&nbsp;  
&nbsp; Regards, 
&nbsp;  
&nbsp; Dr. Muhammad Malik

the_bhattman · Answer

Hi Dr. Muhammad, 
&nbsp;    I am running a similiar configuration where I have a pair of F5s in one datacenter and another pair in another datacenter.  Each F5 grouping is active/passive.  We used the GTM to essentially serve traffic accross both datacenters as an active/active scenario.   This design worked, but you must keep in mind of the drawback which is that if one datacenter's LTM reached above 50% capacity based on traffic, the other datacenter could would not be able to cope with a datacenter loss.   Thus we have to upgrading in any manner to keep the capacity below 50% because our requirement was that each datacenter needed to be redundant. 
&nbsp;  
&nbsp; I hope this information helps you. 
&nbsp; CB 
&nbsp;  
&nbsp;  &nbsp;

robert_leon_778 · Answer

Posted By CB  on  06/17/2009 12:42 PM 
&nbsp;  
&nbsp; Hi Dr. Muhammad,  
&nbsp;     I am running a similiar configuration where I have a pair of F5s in one datacenter and another pair in another datacenter.  Each F5 grouping is active/passive.  We used the GTM to essentially serve traffic accross both datacenters as an active/active scenario.   This design worked, but you must keep in mind of the drawback which is that if one datacenter's LTM reached above 50% capacity based on traffic, the other datacenter could would not be able to cope with a datacenter loss.   Thus we have to upgrading in any manner to keep the capacity below 50% because our requirement was that each datacenter needed to be redundant.  
&nbsp;    
&nbsp;  I hope this information helps you.  
&nbsp;  CB  
&nbsp;    
&nbsp;    
&nbsp;  &nbsp; 
&nbsp;  
&nbsp; With this design - what are some methods of ensuring configs are syncrhonized with both pairs (datacentre pair and DR pair)?

the_bhattman · Answer

Since both pairs basically have different IP addresses between DR and active pairs so we cannot 100% guarantee they are perfectly synchronized.  Our only method for now is tightly controlled deployment and maintenance strategy. For example we add new vips and pools in the Active and DR environments and then follow up with a montly audit to ensure process and procedure is followed. 
&nbsp;  
&nbsp; CB &nbsp;

l4l7_53191 · Answer

Active/Sandby is best practice for BigIP.  
&nbsp;  
&nbsp; With a design like yours, just keep in mind (an obvious point) that the L2 connectivity between centers is absolutely critical. It works very well overall, but I've seen at least one case where the heartbeat VLAN was clobbered for whatever reason (user error, etc.), which caused a 'split brain' deal where both of the BigIPs went active. Whenever a BigIP goes active it'll issue a GARP on each VLAN it is connected to, which can be bad when the systems are both claiming ownership of all of the floating resources (VIPs, Self-IPs, etc.). 
&nbsp;  
&nbsp; Be sure and use MAC masquerade, etc. as well... 
&nbsp;  
&nbsp; -Matt

ahmed_shakil_23 · Answer

Dr. Malik,&nbsp;
&nbsp;I am just getting into designing two active/active failover DR sites. These two sites are already in place. We are looking into complete Business Continuity from IT perspective. I cam across your post and it appears to me that we are trying to design the same infrastructure as you probably have already implemented. I would very much appreciate it if I can discuss about your network architecture that you have implemented as an active/active failover DR sites.&nbsp;
&nbsp;I will be glad to call you if you would be kind enough to share your contact information with me. I am in Tennessee, USA. Please see below my contact information. By the way, we have an office in Sydney, Australia, connects us through IPSec Tunnel. We have about 14 such tunnels connecting to one of these sites, these sites are also need be to ported to other site during the outage. Please respond to my email address below. I hope to hear from you soon.&nbsp;
&nbsp;I also noticed that few others in the forum have posted some solution and advice. I would very much like to contact them as well and get their feed back. I am considering GTM and Enterprise DNS service solution from provider like UltraDNS, dnsMadeEasy, etc.&nbsp;
&nbsp;Bets Regards,&nbsp;
&nbsp;Ahmed Shakil
&nbsp;Elan Polo, Inc.
&nbsp;1+(615) 844-2367 [off]
&nbsp;1+(615) 957-1309 [mobile]&nbsp;

Forum Discussion

Active Active Datacenter design

Recent Discussions

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Advent Calendar, IPA alert, Active Cyber Defense, call ChatGPT

Exploit PowerShell, Ransomware Attack Report, Active Cyber Defense, Attack to GPS

Want to understand BigIP F5 LB Active/Active setup

Azure Active Directory and BIG-IP APM Integration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS