Active/Active HA Setup

Question

I have a question regarding HA Setup with Active/Active Setup.

I want to perform sync in both devices without affecting the configured routes of Both F5. Do you have an idea how could I do it? I'm trying to configure it in an F5 VE AWS environment.

stephanmanthey · Answer

There is a way to put configuration objects (i.e. virtuals, pools,profiles) and file objects (i.e. certs/keys) into folders.
You would run your BIG-IPs not in a sync-failover device group, but in a sync-only device group.
To create the folder you might follow this example:
tmsh create sys folder allsites_synconly \
device-group devgroup_sync-only_all-sites \
traffic-group none
tmsh save sys config partitions all
Objects like certificates may be imported/assigned to a folder like this:
tmsh create sys file ssl-key allsites_synconly/cert_service.bit \
source-path file:/shared/service.bit/service.bit.key
tmsh create sys file ssl-cert allsites_synconly/cert_service.bit \ source-path file:/shared/service.bit/service.bit.crt

If you prefer using the TMUI, don´t forget to put the folder always in front of your objekt name, i.e.:

&nbsp;
&nbsp;

Forum Discussion

Active/Active HA Setup

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Need recommendation on Active-Active F5 setup

Re activate license failed

F5 Active Standby Node Configuration

Activate serverssl profile in iRule

Active-Active HA setup with F5 i2600 and F5 i2800

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS