Cold Disaster recovery to F5 different geographical location

Hey Skeenster!

Using the MGMT port for synchronization can be done but it is not recommended. You will have to modify the following DB value: configsync.allowmanagement. In some cases it can cause strange behavior.

Would it be possible for you to create a new subnet and route that over the MPLS network instead? You should be able to simply add the new subnet/vlan on all devices and then add the DR BIG-IPs to the trust by using the new self-IP addresses in the configsync subnet. Before you do any more changes, make sure there are connectivity between all devices.

Then, change the configsync IP to the same subnet as the devices in the DR site. You can keep the same settings for failover and mirroring addresses since those are only relevant for the primary site.

Afterwards you would have 4 devices that can communicate with each other over the sync network. Now you create a sync-only group consisting of all 4 devices. If the sync in the primary site would fail, simply change back to the original address and you're back where you begun. If there is any outage, only the sync will be affected.

Another option would be to purchase BIG-IQ and use the Central Management function to push the same configuration to all devices. In that case you just need to make sure BIG-IQ has a connection to each BIG-IP device. BIG-IQ can make sure the certificates and configuration is the same on all devices and it can also backup your devices.