Forum Discussion
NimbostratusHA Pair is Active / Active and In Sync
I have two BIGIP-LTM which I have built for my HA Lab, but the problem is both of them are in "Active" and "In Sync".
I have verified:
-
The device group is "sync-failover"
-
The device trust has been formed - they are peers
-
Both of them are in SYNC
The device-group are:
- Ansible-Device-Group
- device_trust_group
- gtm
ChotaUdhav_3655Device Groups on BIGIP1
root@(BIGIP1)(cfg-sync In Sync)(Active)(/Common)(tmos) list cm device-group cm device-group Ansible-Device-Group { devices { BIGIP1.lab.local { } BIGIP2.lab.local { } } type sync-failover } cm device-group device_trust_group { auto-sync enabled devices { BIGIP1.lab.local { } BIGIP2.lab.local { } } } cm device-group gtm { devices { BIGIP1.lab.local { } } }Device Groups on BIGIP1 root@(BIGIP2)(cfg-sync In Sync)(Active)(/Common)(tmos) list cm device-group cm device-group Ansible-Device-Group { devices { BIGIP1.lab.local { } BIGIP2.lab.local { } } type sync-failover } cm device-group device_trust_group { auto-sync enabled devices { BIGIP1.lab.local { } BIGIP2.lab.local { } } } cm device-group gtm { devices { BIGIP2.lab.local { } } }
tatmotivCirrostratus
Do you have more than one traffic-group on the devices? Can you paste the output of 'show cm traffic-group all-properties'?
What happens when you you try to force one of the devices into standby?
- ChotaUdhav_3655
Hello tatmotiv,
Thank you for taking the initiative for helping.
Here is the output you asked,
BIGIP1
CM::Traffic-Group Name Device Status Next Load Next Active HA Group Times Became Last Became Active Load Active Active ---------------------------------------------------------------------------------------------------------------------------- traffic-group-1 BIGIP1.lab.local active false 1 - - 22 2018-Jul-10 10:59:24 traffic-group-1 BIGIP2.lab.local offline false - - - 0 - traffic-group-local-only - - - - - - - -BIGIP2
---------------------------------------------------------------------------------------------------------------------------- CM::Traffic-Group Name Device Status Next Load Next Active HA Group Times Became Last Became Active Load Active Active ---------------------------------------------------------------------------------------------------------------------------- traffic-group-1 BIGIP1.lab.local offline false - - - 0 - traffic-group-1 BIGIP2.lab.local active false 1 - - 8 2018-Jul-10 10:46:14 traffic-group-local-only - - - - - - - - - ChotaUdhav_3655
Every BIGIP is detecting the other BIGIP as offline, so it itself becomes active.
Andy_McGrathCumulonimbus
Have you configured the Failover address and config sync address on each device?
Make sure they are configured and can communicated between the F5 devices ok.
- Andy_McGrath
Looks like it is either the devices don’t trust each other or they cannot communicate the configured Failover VLAN and IP addresses.
You can test connection from the command line, under Bash SSH from bigip1 to the failover address configured on bigip2. If this work both ways connection should be good. If not double check network configuration and the SelfIP port security config is set to Allow All.
Once happy with connection setup the trust again, on bigip1 go to Device Management > Device Trust, and then Peer List.
Click Add and use the failover IP address of bigip2 and admin username and password.
You may find you need to remove bigip2 from the Device Group and delete it as a trusted peer before doing this.
Let us know if that works or not.
youssef1Hi,
First of check the communication channels for trust and failover, so connect in SSH then try to ping HA selfIP (don't forget to set you self IP for HA to allow all for service).
Then you have to define which interface should be used for the sync, failover an moirrorin part on each device:
on each device you have to go to : Device Management ›› Devices ›› devicename - then set ConfigSync, failover Network, Mirroring - for failover network setting you can add management also.
Keep me update