F5 BigIp cluster active/stanby in Azure, failover very slow

Question

Hello,I'm contacting you because I need to configure a F5 BigIp cluster in active/stanby in Azure, and I'm encountering a problem with failover.My infrastructure and part of the configuration looks like this:With the mentioned iRules, the failover goes fine.My problem is that it's dramatically slow (between 30 seconds and 3 minutes for the ALB to realize the failover).Do you know a way of minimizing this delay?Thanks in advance for your help.

whisperer · Answer

HA works completely different in cloud environments due to abstraction of L2 networking. Instead, I would just run a few active BIG-IP instances and load balance via DNS. More specifically, I would use terraform or ansible or some other automation framework to auto-build my cloud BIG-IP instances based off some github managed master configuration. Then I would use cloud native automation tools to manage the DNS entries. Sadly, there is no way to minimize HA failover delay in the cloud.... you are trying to fit a square peg into a triangle hole. F5 HA was designed for connected and local traditional L2 network designs. You dont have that with cloud so trying to replicate similar functionality is really a hack. Go active w/ DNS based failover.
A BETTER way, would be to look into F5 Distributed Cloud for HTTP/S workloads.

jrahm · Answer

Hi&nbsp;Alexandre_Demasi&nbsp;here are a couple resources to reference.

https://community.f5.com/t5/technical-articles/lightboard-lessons-big-ip-deployments-in-azure-cloud/ta-p/284445
https://community.f5.com/t5/technical-articles/create-a-big-ip-ha-pair-in-azure/ta-p/282837

&nbsp;

nikoolayy1 · Answer

The Azure API is much slower than AWS API for example and as F5 in the cloud uses CFE as when there is a failover the F5 needs to call the API to change the elastic IP address attachment as cloud environments do not support GARP this is where the issue with more than a minute failover is seen.
Use Azure ALB for failover for ASM and LTM deployments as this was used in the old F5 azure arm templates but now you can modify the autoscale group if needed:
&nbsp;
f5-azure-arm-templates-v2/examples/autoscale/payg/README.md at main · F5Networks/f5-azure-arm-templates-v2 · GitHub
Lightboard Lessons: BIG-IP Deployments in Azure Cl... - DevCentral (f5.com)
&nbsp;
f5-azure-arm-templates/supported/failover/same-net/via-lb/3nic/existing-stack/byol/README.md at main · F5Networks/f5-azure-arm-templates · GitHub
&nbsp;
&nbsp;
For APM VPN deployments I suggest use F5 GTM and standalone APM devices:
https://my.f5.com/manage/s/article/K70300789

alexandre_demasi · Answer

Thank you for your answers.I'll keep looking, starting with the links and ideas you mentioned.Have a nice day.

Forum Discussion

F5 BigIp cluster active/stanby in Azure, failover very slow

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Adaptive Apps: Multi-Cluster K8S Workload Migration and Failover Resiliency - Solution Demo

Deploy Failover BIG-IP Cluster with New Stack in Google Cloud using v2 Templates

Deploy Failover BIG-IP Cluster with Existing Stack in Google Cloud using v2 Templates

Integrating with your IPv6 Kubernetes Cluster

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS