Forum Discussion

NiHo_202842's avatar
NiHo_202842
Icon for Cirrostratus rankCirrostratus
May 31, 2016

Cannot join devices into cluster

Hello,

I am trying to join two devices into a device group on 11.5.3 I did the following things;

  • Added HB vlan aswell as other VLANs
  • Set NTP and DNS servers
  • Added Self IP in HB vlan (with port lockdown: allow all)
  • Set device ConfigSync to HB self ip
  • Set network failover addresses to HB self ip & mgmt ip
  • Set mirroring address to HB self ip
  • Set certificate for mgmt (during the wizard, so nothing special)
  • Reset device trust, added other devices mgmt ip with correct credentials
  • Ensured local device can reach the mgmt webui of the remote one (curl)
  • Ensures local device can ping the HB self ip of the remote device
  • netstat -pan | grep -E 6699
    shows no connections

Now when I look at the device group, I see 'Disconnected' for the local and the remote machine. Ideas?

tmsh show net self; http://pastebin.com/raw/SsMkPcPP

tmsh show net vlan; http://pastebin.com/raw/XZkUcsrr

cluster
device
devops
group
TMOS
TMSH
trust
  • NiHo_202842's avatar
    NiHo_202842
    Jun 27, 2016

    Fixed this in the end by running the same version on all devices and fixing a wrongly blocked port on the HB self-ip.

     

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    May 31, 2016

    Have you configured your appliances to use the HA SelfIP for ConfigSync, Network Failover and Traffic Mirror purpose (check below)? A good old reboot may also come to rescue here, as you mentioned a modification to device certificates. If you're still getting nowhere, specify your BigIP version.

     ConfigSync SelfIP Local Address:
Device Management -> Devices -> asd.asd.asd(Self) -> Device Connectivity -> ConfigSync

 Local unicast Failover Address (one will suffice, multicast is not needed under normal circumstances):
Device Management -> Devices -> asd.asd.asd(Self) -> Device Connectivity -> Network Failover

 Primary Local Mirror Address (secondary is not needed):
Device Management -> Devices -> asd.asd.asd(Self) -> Device Connectivity -> Mirroring
    • NiHo_202842's avatar
      NiHo_202842
      Icon for Cirrostratus rankCirrostratus
      May 31, 2016
      Hello Hannes, I did do this (including reboot); Set device ConfigSync to HB self ip Set network failover addresses to HB self ip & mgmt Set mirroring address to HB self ip My version is 11.5.3
    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      May 31, 2016
      Alright, do you also see the correct addresses regarding your peer device (Devices -> Peer)? Or do you see dots/blank fields instead? As a last resort action item, I'd try to reset device trust (generate new self-signed cert), and then reboot both appliances. You will need to re-include both members in device group afterwards.
    • NiHo_202842's avatar
      NiHo_202842
      Icon for Cirrostratus rankCirrostratus
      May 31, 2016
      Peer List -> Peer authority devices lists the other device with serial and MAC address, yes. I rebooted them and reset the trust several times, to no avail.
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    May 31, 2016

    Have you configured your appliances to use the HA SelfIP for ConfigSync, Network Failover and Traffic Mirror purpose (check below)? A good old reboot may also come to rescue here, as you mentioned a modification to device certificates. If you're still getting nowhere, specify your BigIP version.

     ConfigSync SelfIP Local Address:
Device Management -> Devices -> asd.asd.asd(Self) -> Device Connectivity -> ConfigSync

 Local unicast Failover Address (one will suffice, multicast is not needed under normal circumstances):
Device Management -> Devices -> asd.asd.asd(Self) -> Device Connectivity -> Network Failover

 Primary Local Mirror Address (secondary is not needed):
Device Management -> Devices -> asd.asd.asd(Self) -> Device Connectivity -> Mirroring
    • NiHo_202842's avatar
      NiHo_202842
      Icon for Cirrostratus rankCirrostratus
      May 31, 2016
      Hello Hannes, I did do this (including reboot); Set device ConfigSync to HB self ip Set network failover addresses to HB self ip & mgmt Set mirroring address to HB self ip My version is 11.5.3
    • Hannes_Rapp_162's avatar
      Hannes_Rapp_162
      Icon for Nacreous rankNacreous
      May 31, 2016
      Alright, do you also see the correct addresses regarding your peer device (Devices -> Peer)? Or do you see dots/blank fields instead? As a last resort action item, I'd try to reset device trust (generate new self-signed cert), and then reboot both appliances. You will need to re-include both members in device group afterwards.
    • NiHo_202842's avatar
      NiHo_202842
      Icon for Cirrostratus rankCirrostratus
      May 31, 2016
      Peer List -> Peer authority devices lists the other device with serial and MAC address, yes. I rebooted them and reset the trust several times, to no avail.
  • IainThomson85_1's avatar
    IainThomson85_1
    Icon for Cumulonimbus rankCumulonimbus
    Jun 27, 2016

    Hi NiHo,

     

    I've had a few config sync issues with the wonderful "Disconnected" Word.

     

    Few things that have helped me. 1) Ensure NTP is enabled/working 2) Reboot the devices after resetting the device trust, generate a new Certificate signing authority. "Start again" 3) "Start again" create all the same configuration, and it may work.

     

  • NiHo_202842's avatar
    NiHo_202842
    Icon for Cirrostratus rankCirrostratus
    Jun 27, 2016

    Fixed this in the end by running the same version on all devices and fixing a wrongly blocked port on the HB self-ip.