Forum Discussion
Changing Management-ip in an HA pair setup
Hello,
I've read this Article: https://support.f5.com/csp/article/K62249587
but I've a question:
if the management IP is not involved in Failover Network ot Config Sync, do I need to delete the Device Trust?
I thought about these steps:
- force the standby unit offline
- change Management IP of the standby unit
- change Management IP of the active unit
- release standby unit from offline
would there be traffic interruption?
Does the Management IP define the Device Trust?
As I've described, Failover Networks are HA and Inside Interface
Thanks for Answers
Karl
kgaigl ,
it is highly recommended to do that in a maintenance Window , specially if you have " voice " services or FTP applications on you Big-ip device.
if your services are web application only , you will not feel by impact during your action.
> I have do this before with 2 devices in HA , on of them was faulty and when getting the RMA new device , I installed it with the other node without any impact.
- I Broke the HA and device Trust and Configure the HA and build the trust from Scratch again , and it worked fine.
> only Follow these KBs :
This you have shared it :
https://support.f5.com/csp/article/K62249587
> Re-build Device Trust :
https://support.f5.com/csp/article/K42161405but it is better to do it in a maintenance Window.
Regards
- kgaiglCirrocumulus
Hello Mohamed,
thanks for the Details. one last Question:
Can I do this without traffic-interruption?
kgaigl ,
it is highly recommended to do that in a maintenance Window , specially if you have " voice " services or FTP applications on you Big-ip device.
if your services are web application only , you will not feel by impact during your action.
> I have do this before with 2 devices in HA , on of them was faulty and when getting the RMA new device , I installed it with the other node without any impact.
- I Broke the HA and device Trust and Configure the HA and build the trust from Scratch again , and it worked fine.
> only Follow these KBs :
This you have shared it :
https://support.f5.com/csp/article/K62249587
> Re-build Device Trust :
https://support.f5.com/csp/article/K42161405but it is better to do it in a maintenance Window.
Regards
Hi kgaigl ,
yes , it is a best Practise to Break the device trust even if you do not use the management network in " Config sync or mirroring " Or even if you did not build the device trust between devices by " HA or other Vlans interfaces " Not by using Management ips.
> Before I have implemented a HA between 2 F5 appliances , and I did not use Management interfaces to build the trust " Exchange certificates " , and instead of that I used the " HA" Vlan ips/interfaces , and it works well until now.
> But the issue is :
open ( Device management >>> select Devices >>> Properities TAB) you can see the Peer device name and its management ip address.
So changing management ips without break the trust will make some issues , as the management ip address info is transferred at the first time when building trust.
So the Result is : Management ip address is used to be an identification for appliance.
So you need to break the trust and change your management network as you read in this KB "https://support.f5.com/csp/article/K62249587" , after changing mangement ips , try ti build trust again " use the new mgmt ips / or HA ips " it will work well.
> And After finishing your Trust , and HA settings , and make sure that your apliances become "insync" again.
Navigate
( Device management >>> select Devices >>> Properities TAB)
you should see under properities TAB
The new mgmt ip address of the other Peer , and same thing if you logged in the other appliance.
I hope this helps you.
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com