For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

shaggy's avatar
shaggy
Icon for Nimbostratus rankNimbostratus
Jul 28, 2014

If I have ports available, I usually dedicate a 'peernet' link (1gbps has always been fine for me) for f5-to-f5 connectivity, solely for the purpose of config-sync, failover, and mirroring. I then use HA-groups to monitor my production links (NOT the peernet link) to provide network-aware failover in the event production links fail. I always want my F5's to see each other and be able to communicate failover information regardless of connectivity to the rest of the network. If I don't have spare ports, I would do as Arnaud mentioned - tag a peernet VLAN across the production LACP trunk.

 

I haven't seen a situation where I ever needed excessive capacity for the peernet link, but I've also not actively monitored usage of that link. The F5s are only transferring state information (failover state, HA scores), config-sync data (at most a full copy of the current local UCS), and mirrored data (connection table). I think you would be having other device/capacity issues well before you saturate a link with peer-to-peer communication

 

Related Content