Forum Discussion
How to setup F5 LTM HA network
- Jan 04, 2018
Agree with nitass, don't use failover port. A number of limitations and basically no worthwhile advantages
I'd use both 1G interfaces that are already populated with GbE SFPs for HA, configured as LACP Port Trunk. You will need more SFPs for data though.
Observing the ports available, you cannot evenly allocate remaining ports for segregated client-side and server-side LACP bundles. So I'd bundle 2x 10G interfaces as LACP port trunk for data, and use this 20G link for both, client-side and server-side VLANs.
Here's summary
- 2x 1G interfaces directly to other unit for HA functions. Config sync, Network failover, Traffic mirror
- 2x 10G to network switch stack. All client-side and serve-side traffic
- Mgmt to network switch (ideally dedicated management switch). SSH and HTTPS (GUI)
Agree with nitass, don't use failover port. A number of limitations and basically no worthwhile advantages
I'd use both 1G interfaces that are already populated with GbE SFPs for HA, configured as LACP Port Trunk. You will need more SFPs for data though.
Observing the ports available, you cannot evenly allocate remaining ports for segregated client-side and server-side LACP bundles. So I'd bundle 2x 10G interfaces as LACP port trunk for data, and use this 20G link for both, client-side and server-side VLANs.
Here's summary
- 2x 1G interfaces directly to other unit for HA functions. Config sync, Network failover, Traffic mirror
- 2x 10G to network switch stack. All client-side and serve-side traffic
- Mgmt to network switch (ideally dedicated management switch). SSH and HTTPS (GUI)
- Shamsul_Alam_34Jan 04, 2018Nimbostratus
Excellent!! this what i need. you have explain in perfect manner which i need. Do i need to do anything on switch level for LACP Port Trunk?
- Hannes_Rapp_162Jan 04, 2018Nacreous
Refer to vendor guide if you need help. LACP is a popular standard and well documented. If you use Cisco NS, look for Etherchannel LACP implementation guide.
-
You need to bundle together 2 interfaces. Make sure all clientside and serverside vlans you define on BigIP are defined on the Network switch, and then ensure those VLANs are allowed on the aggregated interface itself. Recommend to define all VLANs on BigIP as tagged so you don't have to worry about which VLAN on your switchport trunk is "native".
-
Put all interfaces in LACP-active mode so each interface is able to initiate link aggregation negotiation with its peer. As an alternative, put BigIP interfaces in LACP-passive and NS interfaces in LACP-active if you believe such limitation gives you a security benefit. I'd say the benefit is next to none, but you don't have to follow my advice.
Pretty much the only thing you can mess up here is the cabling. If you have a network switch stack, make sure 1 cable goes into a port of NS-1, and the other cable goes to a port of NS-2 so you have maximum high-availability.
To give an example, this is a good cabling plan for a 2-unit NS stack.
1st LACP bundle
- BigIP-1/Te1 - NS1/Te7
- BigIP-1/Te2 - NS2/Te7
2nd LACP bundle
- BigIP-2/Te1 - NS1/Te8
- BigIP-2/Te2 - NS2/Te8
-
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com