Cirrus
MVPHi Torijori,
CEF basically swaps the assigned IPs used for VIPs/Floating from unit-a to unit-b in the case of an failover via Azure API calls.
If your assigned VIPs in Azure having a public IP attached then those will be swapped too. But you dont have to use public IPs - they are optional.
Personally I dont like the CEF approach, too complex and the latency of the Azure API is causing sometime headaches during Failover events. If you can effort the monthly fees for a Azure LB frontending your F5 then try this route, it feels almost On-Prem with this setup.
Cheers, Kai
MVPTorijori_YamamadaI would go with what Kai_Wilke has stated. I have worked on HA F5s in Azure and the headache of how Azure actually does failover on F5s is not worth it. You are better off deploying a single F5 with the Azure LB frontending the F5 because it's a giant mess otherwise. Or the alternative which would be 2 individual F5s and having an environment deployed in a Primary/Secondary method with the 2 F5s in different regions and a GTM or GTM service balancing to each to cover yourself for a region going down.