Gemini6
Nov 21, 2020Nimbostratus
F5 Migration
Hi Dears,
If I wanna migrate from two F5 devices in HA mode to a new one device, Should I extract the UCS file before splitting the HA or it is normal to generate the UCS file in HA mode?
Hi Dears,
If I wanna migrate from two F5 devices in HA mode to a new one device, Should I extract the UCS file before splitting the HA or it is normal to generate the UCS file in HA mode?
Hi Gemini6,
When you restore a HA UCS to a single unit, it will assume Active Unit config, IP addresses, etc and create IP conflict on the network.
I would setup a single unit on a network and disable its ports ( internal, external, dmz etc.) probably at the network switch level and made it accessible only from its management port.
Then I will restore the UCS to a single unit and verify the configuration. May be adjust IP addresses if needed and then bring it live on the network.
The single unit also assume there will be a standby unit and have HA config. You can either leave it as is or may be clean up.
I hope it helps.
-Muhammad
Theres more to consider. If you for example set the "forced offline" (or minimum blades up on VIPRION) that setting is saved in the bigDB and included in the UCS, and so the restored unit will be brought up in an offline mode. I've used that to ensure a device does not start process traffic after it is started.
If you're moving to another platform, check out the platform-migrate option when loading configuration. There's also a reset-trust option when loading config that might interest you if you load UCS config from HA devices.
Don't forget to copy the master key to the new unit. In HA it is replicated. If you restore config on a new device you need to first import the key.
It's also a good idea to do a tmsh load sys config verify before creating UCS so you know the UCS will actually load later and not bail out on a sytax error.
Thank you Muhammad
We have received 2 i5800 boxes that will replace 5050 (HA pair).
Besides Common there are multiple partitions. We have LTM and ASM in place. New platform will have Adv WAF.
I'm thinking migrating the config offline if it loads without error then just replace the hardware in network.
What strategy should we take? Can I have some high level guideline?
High Level: Join the new hardware in the DSC group, sync config, test, remove old devices from group. :)
Here is a little more detailed procedure from how I did it, but I write this from memory, but it should be fairly accurate. Of course, there might be configuration in your current setup that makes this not perfectly suitable to your situation.
Of course it is always a good idea to have backups, preferably stored offline and also backup the master key. I always to a tmsh load sys config verify before creating UCS files, since I have seen errors in configs being written to UCS files and then when you restore them it does not work.
I think that's about it... not sure if ASM > AWAF could be an issue... Good luck!