For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

f5newuser_18231's avatar
f5newuser_18231
Icon for Nimbostratus rankNimbostratus
Jan 21, 2015

Configuring Active/Passive in One-Armed-Mode Setup

I've already configured my BIG-IP LTM in one armed mode setup and is working fine. Is there anyone who can provide step by step configuration?

 

5 Replies

  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2015

    active/passive is simply a function of the traffic groups. You'll need to define your traffic groups (there's a default one of traffic-group-1) make sure all your vip objects exist in that group, and then set the failover order for that group.

    For example:

     list cm traffic-group traffic-group-1
cm traffic-group traffic-group-1 {
    default-device bip1
    ha-order {
        bip1
        bip2
    }
    unit-id 2
}


 modify ltm virtual-address all { traffic-group traffic-group-1 }

    Now all the virtuals are in traffic-group-1 and the primary is bip1 and the secondary is bip2.

    I prefer to create custom traffic groups rather than utilizing the default (traffic-group-1) there may be cause at some point to separate out things into more traffic groups so you can run active/active if you have load issues down the road (this allows you to horizontally scale, if the need arises).

  • f5newuser_18231's avatar
    f5newuser_18231
    Icon for Nimbostratus rankNimbostratus
    Sep 03, 2015

    Sorry but I am pretty new in F5, so I need help on how to setup the passive and active mode. Do you have the topology on how to cable the two F5 network devices? Can you give also the step by step guide in GUI rather than CLI?

     

    • R_Marc_77962's avatar
      R_Marc_77962
      Icon for Nimbostratus rankNimbostratus
      Sep 03, 2015
      I don't use the gui, sorry. As far as cabling, that depends on your requirements. I, for example, connect the management interface to a management network, the console port to a terminal server, one or two interfaces to the DMZ (where actual traffic flows) and then connect the two nodes together with another interface. It really doesn't matter which interface for the DMZ and HA, in my case, but I utilize 10G ports where available. I set up my physical and VE instances in the same manner. The HA communication happens over both the cross connect and the management interface. If you have a sales engineer, I'm sure he/she can provide a custom diagram for your requirements and also a quick start guide for how to use the GUI. I find the CLI and Rest interface much more useful....but that's me.
  • f5newuser_18231's avatar
    f5newuser_18231
    Icon for Nimbostratus rankNimbostratus
    Sep 04, 2015

     

    Hi Marc, I attached the drawing, the 10.10.10.253 is now active and working. What I want to do is to add the passive/failover device. Is my wiring connected to 10.10.10.251 is correct? Could you give me the step by step guide on this please?