F5 BigIp cluster active/stanby in Azure, failover very slow

Question

Hello,I'm contacting you because I need to configure a F5 BigIp cluster in active/stanby in Azure, and I'm encountering a problem with failover.My infrastructure and part of the configuration looks like this:With the mentioned iRules, the failover goes fine.My problem is that it's dramatically slow (between 30 seconds and 3 minutes for the ALB to realize the failover).Do you know a way of minimizing this delay?Thanks in advance for your help.

whisperer · Answer

HA works completely different in cloud environments due to abstraction of L2 networking. Instead, I would just run a few active BIG-IP instances and load balance via DNS. More specifically, I would use terraform or ansible or some other automation framework to auto-build my cloud BIG-IP instances based off some github managed master configuration. Then I would use cloud native automation tools to manage the DNS entries. Sadly, there is no way to minimize HA failover delay in the cloud.... you are trying to fit a square peg into a triangle hole. F5 HA was designed for connected and local traditional L2 network designs. You dont have that with cloud so trying to replicate similar functionality is really a hack. Go active w/ DNS based failover.
A BETTER way, would be to look into F5 Distributed Cloud for HTTP/S workloads.

jrahm · Answer

Hi&nbsp;Alexandre_Demasi&nbsp;here are a couple resources to reference.

https://community.f5.com/t5/technical-articles/lightboard-lessons-big-ip-deployments-in-azure-cloud/ta-p/284445
https://community.f5.com/t5/technical-articles/create-a-big-ip-ha-pair-in-azure/ta-p/282837

&nbsp;

nikoolayy1 · Answer

The Azure API is much slower than AWS API for example and as F5 in the cloud uses CFE as when there is a failover the F5 needs to call the API to change the elastic IP address attachment as cloud environments do not support GARP this is where the issue with more than a minute failover is seen.
Use Azure ALB for failover for ASM and LTM deployments as this was used in the old F5 azure arm templates but now you can modify the autoscale group if needed:
&nbsp;
f5-azure-arm-templates-v2/examples/autoscale/payg/README.md at main · F5Networks/f5-azure-arm-templates-v2 · GitHub
Lightboard Lessons: BIG-IP Deployments in Azure Cl... - DevCentral (f5.com)
&nbsp;
f5-azure-arm-templates/supported/failover/same-net/via-lb/3nic/existing-stack/byol/README.md at main · F5Networks/f5-azure-arm-templates · GitHub
&nbsp;
&nbsp;
For APM VPN deployments I suggest use F5 GTM and standalone APM devices:
https://my.f5.com/manage/s/article/K70300789

alexandre_demasi · Answer

Thank you for your answers.I'll keep looking, starting with the links and ideas you mentioned.Have a nice day.

Forum Discussion

F5 BigIp cluster active/stanby in Azure, failover very slow

Recent Discussions

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

DEVICE-0202 Error while adding rSeries as a provider in CM

Related Content

Adaptive Apps: Multi-Cluster K8S Workload Migration and Failover Resiliency - Solution Demo

Deploy Failover BIG-IP Cluster with New Stack in Google Cloud using v2 Templates

F5 BIG-IP deployment with OpenShift - multi-cluster architectures

Deploy Failover BIG-IP Cluster with Existing Stack in Google Cloud using v2 Templates

Integrating with your IPv6 Kubernetes Cluster

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS