Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Steve_M__153836's avatar
Steve_M__153836
Icon for Nimbostratus rankNimbostratus
Jul 16, 2014

HA Groups vs VLAN Failsafe vs Neither

We don’t currently make use of VLAN failsafe or HA groups in two of our 3 LTM appliance HA pairs. I’ve been doing some reading to try to determine what the best path is for us. I’m predominantly conc...
application delivery
deployment
design
ha groups
LTM
TMOS
Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Jul 23, 2014

Hi Steve,

 

our preferred design option is to connect the LB via a LACP channel to a VRF switch stack. So if one switch fails you are just loosing bandwidth. And if the whole switch stack fails, then the LB is "isolated" and the network heartbeat will activate the second LB.

 

If there isn't a VRF switch available/possible, we recommend to patch all cables of the LB to just one switch, but still using a channel/trunk.

 

We also separate the heartbeat to a dedicated physical interface and to avoid the unlikely event of breaking all cables of the production channel/trunk, we configure a HA-group with active bonus for it.

 

VLFS is not used from us at all, as we had bad experiences with it in the past. Not sure how stable this is in one of the latest v11 versions, but we are totally fine with our above mentioned design.

 

Ciao Stefan :)