Config-sync only certain BIG-IP folders

Question

Hey guys - 
We have F5 platforms at each datacenter using a OTV link to extend Layer 2 services. 
We would like to be able to synchronize everything in the /Common folder/partition. But create a site specific folder or partition that does not get synchronized. Reading the snippet below, it seems like this is doable using folders. But it is not clear to me how to actually assign a folder to a specific traffic-group, and then to a specific sync-only device group?

Any help on the configuration steps to accomplish this? (BIG-IP 12.1.2) 
Folders
A folder is a container for BIG-IP configuration objects. You can use folders to set up synchronization and failover of configuration data in a device group. You can sync all configuration data on a BIG-IP device, or you can sync and fail over objects within a specific folder only.

https://support.f5.com/csp/article/K13946

nitass_89166 · Answer

can you try something like this?
// active

[root@bip1a:Active:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1a:Active:In Sync] config  tmsh create ltm pool /Common/local/localpool_test
[root@bip1a:Active:In Sync] config  tmsh list ltm pool /Common/local/*
ltm pool local/localpool_test { }
[root@bip1a:Active:In Sync] config

// standby

[root@bip1b:Standby:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1b:Standby:In Sync] config  tmsh list ltm pool /Common/local/*
01020036:3: The requested Pool (/Common/local/*) was not found.
[root@bip1b:Standby:In Sync] config

normally i use sync only device group to sync object among big-ip in different ha pair e.g. fips key across 2 pairs of big-ip.

nitass · Answer

can you try something like this?
// active

[root@bip1a:Active:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1a:Active:In Sync] config  tmsh create ltm pool /Common/local/localpool_test
[root@bip1a:Active:In Sync] config  tmsh list ltm pool /Common/local/*
ltm pool local/localpool_test { }
[root@bip1a:Active:In Sync] config

// standby

[root@bip1b:Standby:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1b:Standby:In Sync] config  tmsh list ltm pool /Common/local/*
01020036:3: The requested Pool (/Common/local/*) was not found.
[root@bip1b:Standby:In Sync] config

normally i use sync only device group to sync object among big-ip in different ha pair e.g. fips key across 2 pairs of big-ip.

tj_vreugdenhil · Answer

Thanks Nitass, that is helpful!&nbsp;
So we really have a pair of F5 devices at each datacenter. &nbsp;
So would I have to do something like this? &nbsp;
DC1
device-group 1
sync-failover (DC1-bigip1, DC1-bigip2)&nbsp;
DC2
device-group 2
sync-failover (DC2-bigip3, DC2-bigip4)&nbsp;
device-group 3
sync-only (DC1-bigip1, DC1-bigip2, DC2-bigip3, DC2-bigip4)&nbsp;
device-group 4 (DC1 site local)
sync-only DC1-bigip1, DC1-bigip2&nbsp;
device-group 5 (DC2 site local)
sync-only (DC2-bigip3, DC2-bigip4)&nbsp;
traffic-group-4 (device-group-4 )
virtual-address 4&nbsp;
traffic-group-2  (device-group 1, device-group 2)
virtual-address 1
virtual-address 2&nbsp;
Also, is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI? Or do the configuration objects have to be created or moved using the CLI/TMSH if you want them in a certain folder? &nbsp;
Thanks!&nbsp;

tj_vreugdenhil · Answer

Thanks Nitass, that is helpful!&nbsp;
So we really have a pair of F5 devices at each datacenter. &nbsp;
So would I have to do something like this? &nbsp;
DC1
device-group 1
sync-failover (DC1-bigip1, DC1-bigip2)&nbsp;
DC2
device-group 2
sync-failover (DC2-bigip3, DC2-bigip4)&nbsp;
device-group 3
sync-only (DC1-bigip1, DC1-bigip2, DC2-bigip3, DC2-bigip4)&nbsp;
device-group 4 (DC1 site local)
sync-only DC1-bigip1, DC1-bigip2&nbsp;
device-group 5 (DC2 site local)
sync-only (DC2-bigip3, DC2-bigip4)&nbsp;
traffic-group-4 (device-group-4 )
virtual-address 4&nbsp;
traffic-group-2  (device-group 1, device-group 2)
virtual-address 1
virtual-address 2&nbsp;
Also, is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI? Or do the configuration objects have to be created or moved using the CLI/TMSH if you want them in a certain folder? &nbsp;
Thanks!&nbsp;

nitass_89166 · Answer

DC1&nbsp;
device-group 1&nbsp;
sync-failover (DC1-bigip1, DC1-bigip2)&nbsp;
DC2&nbsp;
device-group 2&nbsp;
sync-failover (DC2-bigip3, DC2-bigip4)&nbsp;

doesn't failover happen inside each dc e.g. bigip1 to bigip2 or vice versa, bigip3 to bigip3 or vice versa? if you want to synchronize some object among all 4 bigip, you can create sync only device group with all 4 bigip as members. whatever object with this sync only device group will be synchronized to all the bigip e.g. certificate, private key.&nbsp;

is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI?&nbsp;

you can use full path when creating object in gui e.g. /Common/local/localpool_test as a pool name.&nbsp;

Forum Discussion

Config-sync only certain BIG-IP folders

Recent Discussions

Management IP F5 cant be accessed

ASD

Big-IP VE edition for MacBook M4 Chip

301 redirect and waf policy log problem

Background Tasks

Related Content

disable config sync upgrade GTM

BIG-IP LTM VE config sync failure

Perl Config Sync

F5 Config Sync Issue

Perl Management Folder

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS