Forum Discussion
How to setup F5 LTM HA network
Hi Expert
I'm new to F5. Can anyone let me know how to connect two F5 LTM for HA setup?. Below are available ports on my F5 LTM. There is a port with the name FAILOVER bottom. How can i connect both?
Agree with nitass, don't use failover port. A number of limitations and basically no worthwhile advantages
I'd use both 1G interfaces that are already populated with GbE SFPs for HA, configured as LACP Port Trunk. You will need more SFPs for data though.
Observing the ports available, you cannot evenly allocate remaining ports for segregated client-side and server-side LACP bundles. So I'd bundle 2x 10G interfaces as LACP port trunk for data, and use this 20G link for both, client-side and server-side VLANs.
Here's summary
- 2x 1G interfaces directly to other unit for HA functions. Config sync, Network failover, Traffic mirror
- 2x 10G to network switch stack. All client-side and serve-side traffic
- Mgmt to network switch (ideally dedicated management switch). SSH and HTTPS (GUI)
- nitass_89166Noctilucent
it is hard wire failover port. i rarely use it nowadays since network failover has much more functionalities.
K2397: Comparison of hardwired failover and network failover features
K1426: Pinouts for the failover cable used with BIG-IP platforms
K15802: Revision to the hardware failover cable for certain BIG-IP platforms
- Shamsul_Alam_34Nimbostratus
Thank you for your response. I will consider to implement Network fail over.
- nitassEmployee
it is hard wire failover port. i rarely use it nowadays since network failover has much more functionalities.
K2397: Comparison of hardwired failover and network failover features
K1426: Pinouts for the failover cable used with BIG-IP platforms
K15802: Revision to the hardware failover cable for certain BIG-IP platforms
- Shamsul_Alam_34Nimbostratus
Thank you for your response. I will consider to implement Network fail over.
- Hannes_RappNimbostratus
Agree with nitass, don't use failover port. A number of limitations and basically no worthwhile advantages
I'd use both 1G interfaces that are already populated with GbE SFPs for HA, configured as LACP Port Trunk. You will need more SFPs for data though.
Observing the ports available, you cannot evenly allocate remaining ports for segregated client-side and server-side LACP bundles. So I'd bundle 2x 10G interfaces as LACP port trunk for data, and use this 20G link for both, client-side and server-side VLANs.
Here's summary
- 2x 1G interfaces directly to other unit for HA functions. Config sync, Network failover, Traffic mirror
- 2x 10G to network switch stack. All client-side and serve-side traffic
- Mgmt to network switch (ideally dedicated management switch). SSH and HTTPS (GUI)
- Shamsul_Alam_34Nimbostratus
Excellent!! this what i need. you have explain in perfect manner which i need. Do i need to do anything on switch level for LACP Port Trunk?
- Hannes_RappNimbostratus
Refer to vendor guide if you need help. LACP is a popular standard and well documented. If you use Cisco NS, look for Etherchannel LACP implementation guide.
-
You need to bundle together 2 interfaces. Make sure all clientside and serverside vlans you define on BigIP are defined on the Network switch, and then ensure those VLANs are allowed on the aggregated interface itself. Recommend to define all VLANs on BigIP as tagged so you don't have to worry about which VLAN on your switchport trunk is "native".
-
Put all interfaces in LACP-active mode so each interface is able to initiate link aggregation negotiation with its peer. As an alternative, put BigIP interfaces in LACP-passive and NS interfaces in LACP-active if you believe such limitation gives you a security benefit. I'd say the benefit is next to none, but you don't have to follow my advice.
Pretty much the only thing you can mess up here is the cabling. If you have a network switch stack, make sure 1 cable goes into a port of NS-1, and the other cable goes to a port of NS-2 so you have maximum high-availability.
To give an example, this is a good cabling plan for a 2-unit NS stack.
1st LACP bundle
- BigIP-1/Te1 - NS1/Te7
- BigIP-1/Te2 - NS2/Te7
2nd LACP bundle
- BigIP-2/Te1 - NS1/Te8
- BigIP-2/Te2 - NS2/Te8
-
- Hannes_Rapp_162Nacreous
Agree with nitass, don't use failover port. A number of limitations and basically no worthwhile advantages
I'd use both 1G interfaces that are already populated with GbE SFPs for HA, configured as LACP Port Trunk. You will need more SFPs for data though.
Observing the ports available, you cannot evenly allocate remaining ports for segregated client-side and server-side LACP bundles. So I'd bundle 2x 10G interfaces as LACP port trunk for data, and use this 20G link for both, client-side and server-side VLANs.
Here's summary
- 2x 1G interfaces directly to other unit for HA functions. Config sync, Network failover, Traffic mirror
- 2x 10G to network switch stack. All client-side and serve-side traffic
- Mgmt to network switch (ideally dedicated management switch). SSH and HTTPS (GUI)
- Shamsul_Alam_34Nimbostratus
Excellent!! this what i need. you have explain in perfect manner which i need. Do i need to do anything on switch level for LACP Port Trunk?
- Hannes_Rapp_162Nacreous
Refer to vendor guide if you need help. LACP is a popular standard and well documented. If you use Cisco NS, look for Etherchannel LACP implementation guide.
-
You need to bundle together 2 interfaces. Make sure all clientside and serverside vlans you define on BigIP are defined on the Network switch, and then ensure those VLANs are allowed on the aggregated interface itself. Recommend to define all VLANs on BigIP as tagged so you don't have to worry about which VLAN on your switchport trunk is "native".
-
Put all interfaces in LACP-active mode so each interface is able to initiate link aggregation negotiation with its peer. As an alternative, put BigIP interfaces in LACP-passive and NS interfaces in LACP-active if you believe such limitation gives you a security benefit. I'd say the benefit is next to none, but you don't have to follow my advice.
Pretty much the only thing you can mess up here is the cabling. If you have a network switch stack, make sure 1 cable goes into a port of NS-1, and the other cable goes to a port of NS-2 so you have maximum high-availability.
To give an example, this is a good cabling plan for a 2-unit NS stack.
1st LACP bundle
- BigIP-1/Te1 - NS1/Te7
- BigIP-1/Te2 - NS2/Te7
2nd LACP bundle
- BigIP-2/Te1 - NS1/Te8
- BigIP-2/Te2 - NS2/Te8
-
- Hoang_HungCirrus
Hi all
Do you know " show failover interface status" and how do you do configuration HA using failover interface dedicate.?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com