How to sync the config in CLI when we have multiple traffic-group ( Active-Active)

Question

Hi Experts !!!&nbsp;How to sync the config via cli in Active-Active setup .&nbsp;Example : We have 2 f5 named BIGIP-A  and BIGIP-B and 2 traffic-group-1 is active in BIGIP-A and traffic-group-2 is Active in BIGIP-2 .On BIGIP-A I configure a VIP which is Active in traffic-group-2 , in this case how do I sync the config in CLI .&nbsp;I need  CLI command to sync the config when the F5 HA status are in Acive-Active setup .

ca_valli · Answer

You're confusing Traffic and Device Groups. Config Sync is commanded by Device Groups, not Traffic Groups, so an Active/Active scenario doesn't necessarily mean there will be separate Config Sync.  You can have multiple Device Groups for config sync, either with separate devices (in a 2+ unit HA environment) or for separate modules (eg. set WAF to automatic sync ), but if you only have one device group for your HA units, the will also be only one configsync option available. Command will be (v11 to v16)run /cm config-sync &lt;sync_direction&gt; &lt;sync_group&gt; Where &lt;sync_group&gt; is your Device Group name (not traffic group!) and &lt;sync_direction&gt; will either be to-group or from-group depending on which unit will receive/push the configuration.

blue_whale · Answer

&nbsp;Thanks for the clarification . &nbsp;But in cli which &lt;sync-group&gt; should I be using for sync ...I see 2 sync only groups and 1 sync-failover group .

ca_valli · Answer

Whichever is the group with the disalignment .. "show /cm sync-status" command should help you clarify this, but I'd guess your main Device Group will be the sync-failover one.&nbsp;The others you see are likely the default BIGIP device groups, device_trust_group is a sinc-only auto-sync group which is created when you perform device trust for the first time and handles device trust, while you might also see datasync-global-dg if you have WAF provisioned, this is a sync-only manual-sync group that handles metadata and attack signature update sync between the two units. It's unlikely to see those groups out of sync in daily administration and you will have some high-priority problems to be handled if they are. &nbsp;&nbsp;

blue_whale · Answer

Whichever is the group with the disalignment . ? What do you mean by this ? please explain .

ca_valli · Answer

You have 3 Device Groups, each verifying its own sync status. Each one of them might be out of sync. You can check this with the "show /cm sync status" command as I stated in my previous comment. &nbsp;Whichever is the group with the disalignment must be synced. So if only one is, sync that one. If two DG's are out of sync, you will need to sync both.&nbsp;K15419 details this operation, you can check KB's for more information on sync process.&nbsp;

Forum Discussion

How to sync the config in CLI when we have multiple traffic-group ( Active-Active)

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Azure Virtual Machine Scale Set (VMSS) with F5 LTM

Load Balancing IIS Servers

Creating Client SSL Profile using Certs from a new CA

Long URL Redirecting

APM Access Policy|SSLVPN | SAML auth questionnaires

Related Content

Advent Calendar, IPA alert, Active Cyber Defense, call ChatGPT

Exploit PowerShell, Ransomware Attack Report, Active Cyber Defense, Attack to GPS

Understanding HTTP/2 Activation Modes on BIG-IP

Re activate license failed

F5 Active Standby Node Configuration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS