Forum Discussion

Shamsul_Alam_34's avatar
Shamsul_Alam_34
Icon for Nimbostratus rankNimbostratus
Jan 03, 2018

How to setup F5 LTM HA network

Hi Expert

 

I'm new to F5. Can anyone let me know how to connect two F5 LTM for HA setup?. Below are available ports on my F5 LTM. There is a port with the name FAILOVER bottom. How can i connect both?

 

 

  • Agree with nitass, don't use failover port. A number of limitations and basically no worthwhile advantages

     

    I'd use both 1G interfaces that are already populated with GbE SFPs for HA, configured as LACP Port Trunk. You will need more SFPs for data though.

     

    Observing the ports available, you cannot evenly allocate remaining ports for segregated client-side and server-side LACP bundles. So I'd bundle 2x 10G interfaces as LACP port trunk for data, and use this 20G link for both, client-side and server-side VLANs.

     

    Here's summary

     

    • 2x 1G interfaces directly to other unit for HA functions. Config sync, Network failover, Traffic mirror
    • 2x 10G to network switch stack. All client-side and serve-side traffic
    • Mgmt to network switch (ideally dedicated management switch). SSH and HTTPS (GUI)
  • it is hard wire failover port. i rarely use it nowadays since network failover has much more functionalities.

     

    K2397: Comparison of hardwired failover and network failover features

     

    https://support.f5.com/csp/article/K2397

     

    K1426: Pinouts for the failover cable used with BIG-IP platforms

     

    https://support.f5.com/csp/article/K1426

     

    K15802: Revision to the hardware failover cable for certain BIG-IP platforms

     

    https://support.f5.com/csp/article/K15802

     

    • Shamsul_Alam_34's avatar
      Shamsul_Alam_34
      Icon for Nimbostratus rankNimbostratus

      Thank you for your response. I will consider to implement Network fail over.

       

    • Shamsul_Alam_34's avatar
      Shamsul_Alam_34
      Icon for Nimbostratus rankNimbostratus

      Thank you for your response. I will consider to implement Network fail over.

       

  • Agree with nitass, don't use failover port. A number of limitations and basically no worthwhile advantages

     

    I'd use both 1G interfaces that are already populated with GbE SFPs for HA, configured as LACP Port Trunk. You will need more SFPs for data though.

     

    Observing the ports available, you cannot evenly allocate remaining ports for segregated client-side and server-side LACP bundles. So I'd bundle 2x 10G interfaces as LACP port trunk for data, and use this 20G link for both, client-side and server-side VLANs.

     

    Here's summary

     

    • 2x 1G interfaces directly to other unit for HA functions. Config sync, Network failover, Traffic mirror
    • 2x 10G to network switch stack. All client-side and serve-side traffic
    • Mgmt to network switch (ideally dedicated management switch). SSH and HTTPS (GUI)
    • Shamsul_Alam_34's avatar
      Shamsul_Alam_34
      Icon for Nimbostratus rankNimbostratus

      Excellent!! this what i need. you have explain in perfect manner which i need. Do i need to do anything on switch level for LACP Port Trunk?

       

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus

      Refer to vendor guide if you need help. LACP is a popular standard and well documented. If you use Cisco NS, look for Etherchannel LACP implementation guide.

       

      1. You need to bundle together 2 interfaces. Make sure all clientside and serverside vlans you define on BigIP are defined on the Network switch, and then ensure those VLANs are allowed on the aggregated interface itself. Recommend to define all VLANs on BigIP as tagged so you don't have to worry about which VLAN on your switchport trunk is "native".

         

      2. Put all interfaces in LACP-active mode so each interface is able to initiate link aggregation negotiation with its peer. As an alternative, put BigIP interfaces in LACP-passive and NS interfaces in LACP-active if you believe such limitation gives you a security benefit. I'd say the benefit is next to none, but you don't have to follow my advice.

         

      Pretty much the only thing you can mess up here is the cabling. If you have a network switch stack, make sure 1 cable goes into a port of NS-1, and the other cable goes to a port of NS-2 so you have maximum high-availability.

       

      To give an example, this is a good cabling plan for a 2-unit NS stack.

       

      1st LACP bundle

       

      • BigIP-1/Te1 - NS1/Te7
      • BigIP-1/Te2 - NS2/Te7

      2nd LACP bundle

       

      • BigIP-2/Te1 - NS1/Te8
      • BigIP-2/Te2 - NS2/Te8
  • Agree with nitass, don't use failover port. A number of limitations and basically no worthwhile advantages

     

    I'd use both 1G interfaces that are already populated with GbE SFPs for HA, configured as LACP Port Trunk. You will need more SFPs for data though.

     

    Observing the ports available, you cannot evenly allocate remaining ports for segregated client-side and server-side LACP bundles. So I'd bundle 2x 10G interfaces as LACP port trunk for data, and use this 20G link for both, client-side and server-side VLANs.

     

    Here's summary

     

    • 2x 1G interfaces directly to other unit for HA functions. Config sync, Network failover, Traffic mirror
    • 2x 10G to network switch stack. All client-side and serve-side traffic
    • Mgmt to network switch (ideally dedicated management switch). SSH and HTTPS (GUI)
    • Shamsul_Alam_34's avatar
      Shamsul_Alam_34
      Icon for Nimbostratus rankNimbostratus

      Excellent!! this what i need. you have explain in perfect manner which i need. Do i need to do anything on switch level for LACP Port Trunk?

       

    • Hannes_Rapp_162's avatar
      Hannes_Rapp_162
      Icon for Nacreous rankNacreous

      Refer to vendor guide if you need help. LACP is a popular standard and well documented. If you use Cisco NS, look for Etherchannel LACP implementation guide.

       

      1. You need to bundle together 2 interfaces. Make sure all clientside and serverside vlans you define on BigIP are defined on the Network switch, and then ensure those VLANs are allowed on the aggregated interface itself. Recommend to define all VLANs on BigIP as tagged so you don't have to worry about which VLAN on your switchport trunk is "native".

         

      2. Put all interfaces in LACP-active mode so each interface is able to initiate link aggregation negotiation with its peer. As an alternative, put BigIP interfaces in LACP-passive and NS interfaces in LACP-active if you believe such limitation gives you a security benefit. I'd say the benefit is next to none, but you don't have to follow my advice.

         

      Pretty much the only thing you can mess up here is the cabling. If you have a network switch stack, make sure 1 cable goes into a port of NS-1, and the other cable goes to a port of NS-2 so you have maximum high-availability.

       

      To give an example, this is a good cabling plan for a 2-unit NS stack.

       

      1st LACP bundle

       

      • BigIP-1/Te1 - NS1/Te7
      • BigIP-1/Te2 - NS2/Te7

      2nd LACP bundle

       

      • BigIP-2/Te1 - NS1/Te8
      • BigIP-2/Te2 - NS2/Te8
  • Hi all 

    Do you know " show failover interface status" and how do you do configuration HA using failover interface dedicate.?