Forum Discussion

nitass_89166's avatar
nitass_89166
Icon for Noctilucent rankNoctilucent
Jan 06, 2018

can you try something like this?

// active

[root@bip1a:Active:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1a:Active:In Sync] config  tmsh create ltm pool /Common/local/localpool_test
[root@bip1a:Active:In Sync] config  tmsh list ltm pool /Common/local/*
ltm pool local/localpool_test { }
[root@bip1a:Active:In Sync] config 

// standby

[root@bip1b:Standby:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1b:Standby:In Sync] config  tmsh list ltm pool /Common/local/*
01020036:3: The requested Pool (/Common/local/*) was not found.
[root@bip1b:Standby:In Sync] config

normally i use sync only device group to sync object among big-ip in different ha pair e.g. fips key across 2 pairs of big-ip.

  • TJ_Vreugdenhil's avatar
    TJ_Vreugdenhil
    Icon for Cirrus rankCirrus
    Jan 07, 2018

    Thanks Nitass, that is helpful!

     

    So we really have a pair of F5 devices at each datacenter.

     

    So would I have to do something like this?

     

    DC1 device-group 1 sync-failover (DC1-bigip1, DC1-bigip2)

     

    DC2 device-group 2 sync-failover (DC2-bigip3, DC2-bigip4)

     

    device-group 3 sync-only (DC1-bigip1, DC1-bigip2, DC2-bigip3, DC2-bigip4)

     

    device-group 4 (DC1 site local) sync-only DC1-bigip1, DC1-bigip2

     

    device-group 5 (DC2 site local) sync-only (DC2-bigip3, DC2-bigip4)

     

    traffic-group-4 (device-group-4 ) virtual-address 4

     

    traffic-group-2 (device-group 1, device-group 2) virtual-address 1 virtual-address 2

     

    Also, is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI? Or do the configuration objects have to be created or moved using the CLI/TMSH if you want them in a certain folder?

     

    Thanks!

     

  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Jan 08, 2018

    DC1

     

    device-group 1

     

    sync-failover (DC1-bigip1, DC1-bigip2)

     

    DC2

     

    device-group 2

     

    sync-failover (DC2-bigip3, DC2-bigip4)

     

    doesn't failover happen inside each dc e.g. bigip1 to bigip2 or vice versa, bigip3 to bigip3 or vice versa? if you want to synchronize some object among all 4 bigip, you can create sync only device group with all 4 bigip as members. whatever object with this sync only device group will be synchronized to all the bigip e.g. certificate, private key.

     

    is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI?

     

    you can use full path when creating object in gui e.g. /Common/local/localpool_test as a pool name.