Configuration Synchronization across BIG IPs

Ciao Krodriç, Sync-only HA groups do not sync traffic objects (such as VIPs, pools, etc.), only non traffic objects. This behavior is by design.

 

Given the diagram, I'm assuming BIG-IP-C is some kind of Disaster Recovery node.

Have you considered how you're going to move user connections from the existing cluster to BIG-IP-C when it's going Active? 

How about active sessions & persistency tabls - do you have any session mirroring currently in place on A and B? 

Finally, do you see any impacts in including it into the existing HA Group? This would be the easiest way in my opinion, and it also helps you with easier management of the two points above (if you have applicatns that require it). 

 

Otherwise, you would need to perform this task manually. In my opinion the best way to work with configuration files is creating .scf or .ucs archives on the BIG-IP device and use it to import the full configuration on the peer node (like you would do with a RMA unit).

 

Hop this helps,

CA

Hi krodric,

To replicate the configuration of an Active-Standby cluster (BIG-IP-A and BIG-IP-B) to another standalone BIG-IP instance (BIG-IP-C), creating a Sync-Only device group and specifying manual synchronization is a good approach. Here are the steps and considerations to ensure this setup works effectively:

Steps to Configure Sync-Only Device Group

1. Create a Sync-Only Device Group:
   • Purpose: This group will synchronize configuration data without affecting traffic failover.
   • Steps:
   1. Log in to the F5 Configuration utility.
   2. Navigate to: Device Management -> Device Groups.
   3. Create a new device group:
      • Name: Provide a name for the device group.
      • Type: Select "Sync-Only".
      • Members: Add BIG-IP-A, BIG-IP-B, and BIG-IP-C as members.
   4. Set Sync Type: Choose "Manual" to control when synchronization occurs.
2. Initiate Manual Synchronization:
   • Steps:
   1. Log in to the F5 Configuration utility.
   2. Navigate to: Device Management -> Overview.
   3. Select the Sync-Only device group.
   4. Initiate Sync: Click "Sync" to manually synchronize the configuration.

Considerations and Best Practices

1. Configuration Consistency:
   • Ensure all devices are running the same version of the BIG-IP system software to avoid compatibility issues[1].
2. Regular Backups:
   • Regularly create UCS backups of your configurations to ensure you can restore them if needed.
3. Monitoring and Alerts:
   • Set up monitoring and alerts to notify you of any synchronization issues or configuration changes.
4. Testing:
   • Periodically test the synchronization process to ensure it works as expected and that BIG-IP-C has the correct configuration.
5. Documentation:
   • Document the synchronization process and any specific configurations to ensure consistency and ease of troubleshooting.

Example Commands

Creating a Sync-Only Device Group

tmsh create cm device-group SyncOnlyGroup type sync-only devices add { BIG-IP-A BIG-IP-B BIG-IP-C }

Initiating Manual Synchronization

tmsh run cm config-sync to-group SyncOnlyGroup

Limitations of Sync-Only Device Groups

1. No Failover Support:
   • Description: Sync-Only device groups do not support failover. This means that while configuration data is synchronized between devices, there is no automatic failover of traffic if one device becomes unavailable.
   • Impact: You need to manually manage failover scenarios, which can increase downtime and require more administrative effort.
2. Maximum Number of Devices:
   • Description: A Sync-Only device group supports a maximum of 32 devices.
   • Impact: If you have a large deployment with more than 32 devices, you will need to create multiple Sync-Only device groups, which can complicate management.
3. Manual Synchronization:
   • Description: Synchronization in Sync-Only device groups is typically manual, meaning you need to initiate the sync process yourself.
   • Impact: This requires regular administrative intervention to ensure configurations are up-to-date across all devices.
4. Configuration Consistency:
   • Description: All devices in the Sync-Only device group must run the same version of the BIG-IP software.
   • Impact: Ensuring software version consistency across all devices can be challenging, especially in large environments.
5. No Traffic Group Synchronization:
   • Description: Sync-Only device groups do not synchronize traffic groups. The same has been told by CA_VALLI in his post above.
   • Impact: You need to manually manage traffic groups and ensure they are correctly configured on each device.

Best Practices

1. Regular Backups:
   • Regularly create UCS backups to ensure you can restore configurations if needed.
2. Monitoring and Alerts:
   • Set up monitoring and alerts to notify you of any synchronization issues or configuration changes.
3. Testing:
   • Periodically test the synchronization process to ensure it works as expected and that configurations are correctly applied.
4. Documentation:
   • Document the synchronization process and any specific configurations to ensure consistency and ease of troubleshooting.

By understanding these limitations and implementing best practices, you can effectively manage and synchronize configurations using Sync-Only device groups on F5 BIG-IP.

Additional Resources

• F5 Documentation: Refer to the F5 documentation for detailed steps on managing configuration synchronization[1][2].
• Community Forums: Engage with the F5 community for additional insights and best practices[3].

By following these steps and considerations, you can effectively replicate the configuration of your Active-Standby cluster to the standalone BIG-IP instance. 

[1]: Managing Configuration Synchronization - F5, Inc. [2]: Working with Device Groups - F5, Inc. [3]: Configuration Synchronization across BIG IPs | DevCentral

References

[1] Managing Configuration Synchronization - F5, Inc.

[2] Working with Device Groups - F5, Inc.

[3] Configuration Synchronization across BIG IPs | DevCentral

Kindly rate

HTH

F5 Design Engineer