Forum Discussion
Derek_21893
Nimbostratus
NimbostratusDiscovery of failover peer using iControl
Hi,
I'd like to be able to discover a failover peer for an active-active or active-standby pair of LTMs using iControl. From what I can tell there is no good way to do this currently.
I can use System.Failover.get_peer_address to get the address of the peer, but if this address is not routable (I'm not sure you can even make it routable) then how else can you discover a usable IP address for the peer?
In my instance the primary LTM is using 192.168.255.1 and the peer is using 192.168.255.2. All I can get is the peer address. I can't even get the "self" address, so even if these IP addresses were unique across an enterprise, there would be no way to correlate the two LTMs together into a redundant pair.
The only way I can think of to figure out if two LTMs are in a failover pair is to compare the VIPs and maybe self-ips to see if the IP addresses match, which is a cludge at best and wouldn't cover all scenarios such as multiple pairs of LTMs which their VIPs are participating in anycast and thus all have the same IP addresses across multiple pairs of LTMs.
Any ideas?
Thanks,
-Derek
38 Replies
HamishCirrocumulus
Ah... Pull the config via iControl... Then you don't have to ssh into it...
Actually I'm a bit disappointed that the peer management address doesn't appear in the DB... I thought it would have either appeared there or in an iControl return somewhere...
H- HamishOK. Use iControl (v10.1) and grab bigip_base.conf via the download_configuration() call (Under System.ConfigSync). Then parse the file for the management peer statement which looks like
failover { peer mgmt addr 172.16.158.3 unicast peer one { dest addr 10.0.0.2 port 3066 source addr 10.0.0.1 } }
Oh. This does relie on network failover being configured of course... H - You can programatically get the peer management address using the, uh, rather clunky ltconfig interface.
!/usr/bin/env python import sys from SOAPpy import * def main(argv): user = argv[1] password = argv[2] bigip = argv[3] url = '%%s://%s:%s@%s/iControl/iControlPortal.cgi' % (user,password,bigip) ProxyBuilder = lambda x: SOAPProxy(url % 'https', namespace='urn:iControl:' + x) ltcfg = ProxyBuilder('LTConfig/Class') failover = ltcfg.get_list_of_instances(class_names=['failover']) ltcfg = ProxyBuilder('LTConfig/Field') peer = ltcfg.get_value(class_instance_key=failover[0][0], field_instance_name='peer_mgmt_addr') print peer if __name__ == "__main__": sys.exit(main(sys.argv)) 
hoolioCirrostratus
Would that get the failover or peer management IP address? If so, I think Derek explained why this isn't necessarily usable:
Well, I've already been down that road, and it may work under certain circumstances, but will not work under all circumstances. get_peer_address will give you the address of the config_sync peer, whatever that is configured to be. Many folks will use a separate VLAN for this, which is not routable, and is only for configuration synchronization between two LTMs in an HA pair, thus you could not connect via iControl to the IP address you receive from get_peer_address. Additionally, there is nothing stopping people from configuring the same config sync IP address for every HA pair they have, e.g. 192.168.0.1 and 192.168.0.2, if they use an isolated VLAN so that they are not routable. There's no real reason you couldn't do this (and I've seen it done). So in this scenario, you could end up with two different individual LTMs with the exact same failover IP address, and no real way to tell which one is the right config sync peer.
Aaron
Derek_21893Actually I've never used the clunky ltconfig interface before (it was probably too clunky for me), let me look into this and verify if it returns the management address of the peer. Will post back with results...- Posted By hoolio on 04/13/2010 10:29 AM Would that get the failover or peer management IP address?
Peer management address. The 10.x failover config pretty much requires that it be set in a redundant pair.peer = ltcfg.get_value(class_instance_key=failover[0][0], field_instance_name='peer_mgmt_addr') - Derek_21893Interesting. Now to see how far back this works ... anyone want to take bets on 9.4? I'll test it when I get home tonight.
- Derek_21893Oh, and I'll verify on 10.x too...
- HamishLate to the party again, I know, but I was looking for something else and stumbled across this little gem.
Under 10.1 (In fact according to iControl it's in 9.6.0 and up) is the Networking/AdminIP->get_cluster_list() api call. Which returns a list of lists of cluster admin IP's.
H - Derek_21893Well actually, that method requires you pass it a list of cluster names (from System/Cluster->get_list). When I try to get that list of names, it's empty (on an active/standby member):
./dump-api-response System/Cluster get_list
$VAR1 = [];
So now I'm going down the LTConfig path.
