Failover for UDP Performance Layer 4 with One (1) Connection

Question

Hello, I am using the F5 to hopefully load balance or serve as an active-passive configuration for my firewall log pipeline. My firewall successfully sends logs via UDP to the F5 and they make their way to the configured pool member and are visible within my log collection environment, so that works.

I tried adding a 2nd server to the pool, but there is no load balancing because there is only one active connection from my firewall. That makes sense.

I figured the next best thing that I could attempt was to configure failover so if one node with the active connection goes offline, then my second node will pick up the traffic. I added both nodes to my pool today and turned off the service on my node with the active connection. The F5 UDP health monitor marked the primary node as offline, but the active connection never failed over to the secondary node. I was expecting the F5 to transfer the connection to the secondary node, and I am a bit confused as so why it did not. As I understand, this is potentially because of the connectionless nature of UDP. However, since the F5 marked the node as offline, I thought it would be able to failover the connection.

Do you know of any way to enable this active-passive configuration with the F5 using UDP protocol, Performance Layer 4, and two nodes in the pool?

Thanks!

redadmin1972 · Answer

Here are some of the settings from the build. Pretty bare bones:&nbsp;

aswin_mk · Answer

Could you please try and test the priority group activation in pool memberhttps://my.f5.com/manage/s/article/K13525153&nbsp;&nbsp;

redadmin1972 · Answer

I did try that after posting and it still did not failover within 5 minutes. I am still stick on this one.

I did not clear the active connection before testing. Maybe I need to force my virtual server offline, so the connection is removed before I test.

aswin_mk · Answer

please set persistence as none. Also please confirm active pool member showing as red when you put down the server, then the traffic should forward to secondary, if primary goes down, please create priority group as per above link. then it should be working

zamroni777 · Answer

try to change the Source address translation to Automap.your current setting is None, that means the flow should only work if the f5 acts as ip router.

Forum Discussion

Failover for UDP Performance Layer 4 with One (1) Connection

Recent Discussions

Help with an I-rule rewrite

When adding new GTM(DNS) to the existing group, if software version is not same, what will happen?

Keep encoding when request is handled by irule

Application drop down menus does not work behind F5 APM Portal Access

irule does not work in browsers other than google

Related Content

Performance Logging iRule (Rule_http_log)

Session/Connection Management during a Failover event in a HA Peer

Adaptive Apps: Multi-Cluster K8S Workload Migration and Failover Resiliency - Solution Demo

Per-app failover for Kubernetes-based services using F5 Distributed Cloud Services

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery