For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Torijori_Yamamada's avatar
Torijori_Yamamada
Icon for Cirrus rankCirrus
Dec 08, 2022

F5 HA Cluster on Azure without Public IPs

Hello I'd like to ask a couple of question about F5 running on Azure Public Cloud.  Is that possible to use CFE without Public IP (aka elastic ip) and just with secondary ip addresses? Is th...
application delivery
Azure
cloud
f5
ha
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Dec 08, 2022

Hi Torijori,

CEF basically swaps the assigned IPs used for VIPs/Floating from unit-a to unit-b in the case of an failover via Azure API calls.

If your assigned VIPs in Azure having a public IP attached then those will be swapped too. But you dont have to use public IPs - they are optional. 

Personally I dont like the CEF approach, too complex and the latency of the Azure API is causing sometime headaches during Failover events. If you can effort the monthly fees for a Azure LB frontending your F5 then try this route, it feels almost On-Prem with this setup. 

Cheers, Kai

 

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Dec 14, 2022

    Torijori_YamamadaI would go with what Kai_Wilke has stated. I have worked on HA F5s in Azure and the headache of how Azure actually does failover on F5s is not worth it. You are better off deploying a single F5 with the Azure LB frontending the F5 because it's a giant mess otherwise. Or the alternative which would be 2 individual F5s and having an environment deployed in a Primary/Secondary method with the 2 F5s in different regions and a GTM or GTM service balancing to each to cover yourself for a region going down.