Forum Discussion
NimbostratusBigIP 4200 Active/Standby <> Change Management IP/Hostname
Hi,
I'm running a pair of BigIP 4200 in an Active/Standby Configuration. Softwareversion is 11.4.0 HF6. I have a dedicated link for the network failover. I am using the IP of the Failover-Network and the Management IP as Unicast Failover Adresses.
Due to a change in our network design, I have to change the Management-IP/Hostname for both devices.
I tried the change, but I ended up with a lot of problems and the BigIPs in State Active/Active. Luckily, I did a backup of the working configuration und I could make a restore immediately. I performed the following steps:
- delete the Management IP as a Failover Unicast IP
- change IP, Subnet, Gateway und Hostname in one Step using the GUI on Standby-Unit
- change IP, Subnet, Gateway und Hostname in one Step using the GUI on Active-Unit
What exactly was my problem? Did I destroy my device trust by changing the hostname, or was changing the IP the reason? Is there a chance to change Management IP/Hostname In-Service or do I need a maintenance window?
Thanks in advance Regard,
Thorsten
4 Replies
Vitaliy_SavransNacreous
Hi,
you destroyed device trust by changing hostname.
Device identity
The devices in a BIG-IP® device group use x509 certificates for mutual authentication. Each device in a device group has an x509 certificate installed on it that the device uses to authenticate itself to the other devices in the group.
Device identity is a set of information that uniquely identifies that device in the device group, for the purpose of authentication. Device identity consists of the x509 certificate, plus this information:
- Device name
- Host name
- Platform serial number
- Platform MAC address
- Certificate name
- Subjects
- Expiration
- Certificate serial number
- Signature status
To avoid BigIPs in state Active/Active, you can switch StandBy Unit into "Force to Offline" mode.
elfasso_137228Hi Vitaliy,
thanks for your answer.
So what would be the steps to perform the change without a maintenance window?
- set standby device to force offline
- change IP/Hostname of standby device
- set up Device trust again (device 1 old IP, device 2 new IP)
- release offline standby device
- force standby active device
- set standby device to force offline
- change IP/Hostname of standby device
- set up Device trust again (device 1 new IP, device 2 new IP)
- release offline standby device
- force offline active device
Is this correct? Unfortunately, I have no lab to test this...
- Vitaliy_Savrans
I made the same changes on my devices using following steps:
- set standby device to force offline
- change IP/Hostname of standby device
- release offline standby device
- force standby active device (if needed make standby device to active manualy)
- set standby device to force offline
- change IP/Hostname of standby device
- set up Device trust (device 1 new IP, device 2 new IP)
- release offline standby device
In my network environment I didn't use maintenance window for this changes, there was no traffic failures. If you have complex network configuration it's better to use maintenance window.
- elfasso_137228
After you change the IP of the first device (step 2) you have destroyed the device trust. If you release offline (step 3) you have an Active/Active state until you force the other device offline. So, you have a short period where you might have a negative influence on the applications.
Is this correct?
