Forum Discussion
BIG IP Link failover happen but i try to link fallback
I have used LTM-DNS with AFM on BIG IP.
For Internet outgoing I used wildcard VS link failover happens when wan1 is down it goes to wan2 but I want to link fallback when WAN1 comes up again.
We noticed that when one link (WAN1) goes down, traffic shifts to the other link (WAN2) as expected. However, when the WAN1 link comes back up, traffic does not automatically route back to it. To move traffic back to WAN1, we need to disable the WAN2 link manually or physically remove it.
Thanks
Prasad
hi Prasad21l
Could you please share the configuration Flow.
For me I expect you have a Firewall Sandwich solution > we called it like that when BIGIP sits down between 2 firewalls but in this case you have two routers instead of Firewalls.
I will explain what I understood and let me know if I am correct:
1- you have wildcard Virtual server >> Traffic goes through it to internet.2- you have pool with two members ( Wan1 & Wan2 )
3- you are configuring a transparent health monitor , to monitor bother of links.
So let me ask you here , do you use PGA "Priority Group Activation " on pool level or not ?
I need to know the Configuration criteria of choosing the active link and when it marks it disabled.
so let me know more about the context- Prasad21lNimbostratus
Hi Mohamed,
Thanks for the reply,
Flow f5-->switch-->FW-->SW-->DMZ
1- you have wildcard Virtual server >> Traffic goes through it to internet. ----- yes2- you have pool with two members ( Wan1 & Wan2 ) ---- yes
3- you are configuring a transparent health monitor, to monitor bother of links. -- yes
No Priority Group Activation configured.
very well,
I recommend using Priority group activation , please follow this article : https://my.f5.com/manage/s/article/K13525153
this will let you leverage :
1- Fault tolerance on Pool members level ( WAN1 & WAN2 ) , for example this selects WAN 1 as the primary and active link whereas WAN2 is standby in case of failures in WAN1.
2- If an issue happened in WAN 1 "Active Link" , WAN 2 will carry over traffic , and when WAN 1 returns back , WAN1 will get the traffic again and WAN2 will be standby again automatically by default.
By the way you can change this behavior and return traffic to WAN 1 manually if you wish in the future.3- Using this approach will give you the visibility and granular control for traffic flow.
Try it and let me know.
- zamroni777Nacreous
how is the persistency config of the vserver?
if it is source ip only or dest ip only based persistence, then it makes sense that newly up wan link is unused, especially when most internet connections are done via proxy servers.you can use hash or universal persistence to use source port as persistence key
- Prasad21lNimbostratus
Hi Zamroni777,
Thanks for the replay,
yes, In persistence we used the source address affinity
SO in hash or universal what I need to configure.
- HarunTunaCirrus
Hi,
The behavior you are describing is related to link failover and link fallback settings in your F5 BIG-IP configuration. By default, BIG-IP does not automatically fail traffic back to the primary (WAN1) link when it recovers, unless link fallback or a proper priority group activation mechanism is configured.
Steps to Implement Link Fallback
You can use Priority Group Activation to achieve the desired behavior where WAN1 becomes active again automatically once it recovers. This setup ensures WAN1 is the preferred link, and traffic will fall back to it when it is healthy.
Priority Group Activation on the Wildcard Virtual Server
To prioritize WAN1 and allow automatic fallback:
- Navigate to the Virtual Server Configuration:
Go to Local Traffic >> Virtual Servers. - Modify the Pool Associated with the Wildcard Virtual Server:
- Go to the Pool Members section.
- Assign a priority group to each member (WAN links).
- WAN1 → Higher priority (e.g., Priority = 10).
- WAN2 → Lower priority (e.g., Priority = 5).
- Enable Priority Group Activation:
- Under the Pool Configuration, set:
- Priority Group Activation: "Less than" 1 member.
This ensures traffic uses members with the highest priority, and it will fail back when WAN1 recovers.
- Priority Group Activation: "Less than" 1 member.
- Under the Pool Configuration, set:
- Verify Health Monitors:
- Ensure there is a Health Monitor assigned to each link (e.g., ICMP, HTTP).
- Health monitors are critical for detecting when WAN1 recovers so that traffic can fail back.
Configure Auto Fallback with Persistence (Optional)
If you are using Persistence (e.g., Source Address Affinity), configure the Fallback Persistence method to ensure existing sessions migrate back cleanly when WAN1 comes back up.
- Go to the Virtual Server >> Resources >> Persistence settings.
- Configure Fallback Persistence appropriately.
Verify and Test the Configuration
- Test the failover scenario by taking down WAN1. Verify that traffic shifts to WAN2.
- Bring WAN1 back online and confirm traffic automatically fails back to WAN1.
- Use Statistics under Local Traffic >> Pools to confirm which link is active.
Additional Notes
- Priority Group Activation ensures that traffic is always routed to the highest-priority link when it is healthy.
- Ensure the health monitor for WAN1 is reliable and configured correctly so that the BIG-IP can detect its recovery.
By implementing Priority Group Activation, WAN1 will automatically regain traffic once it comes back online, eliminating the need for manual intervention. Let me know if you need detailed steps for any specific part of this configuration!
So, if you use Priority Group Activation, it will help a lot.
To read more... -- > https://my.f5.com/manage/s/article/K13525153
Harun
- Navigate to the Virtual Server Configuration:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com