Forum Discussion
NimbostratusInitial deployment question
So I inherited these two Big IP LTM products. In the past I have used Cisco Content Switches and they made sense. This is my first time working with the F5's and the documentation so far have been of no help. It is really the worst documenation so far right after Citrix.
Any ways I want to basically setup the two devices in Active/Active mode and per documentation I do not see any option for HA Wizzard. So far I have just configured the Management IP's on the two, I was able to setup a trust between the two but the configuration sync kept saying pending. I do not see any option under "Platform --> System to change the Unit ID's and the mode". It does not say anything about the licensing in the documentation so I don't think it is a licensing issue.
So can some one please point me in the right direction in accomplishing this for starters:
1- Setup the two devices in active/active mode (as I don't even see the options any where)
2- Tell me what exactly Interface Mirroring will do for me I know it is supposed to duplicate traffic to another interface why would I want to do that? Is it like port span to capture packets or something?
3- I know I have to enable network failover so ok I do that do I need to connect the TMM switch ports for the failover options to show up or like connect the two interfaces via cross over cable like 1.1 of Unit 1 to 1.1 of Unit 2?
Thank you.
36 Replies
mali77_57143Posted By What Lies Beneath on 10/23/2012 07:05 AM
Have you checked the Port Lockdown settings for the Self-IPs?
Did you ever check the time difference between the two devices?
Do you get any error messages?
Port lock down was set for "Allow Default" I changed it to "Allow All"Time is the same on both
Error messages where?
Here is how I setup the HA VLAN:
10.1.255.1/255.255.255.252 --> traffic-group1 (floating) [This is on both devices]
10.1.255.2/255.255.255.252 --> traffic-group-local-only (non-floating) [Device 1]
10.1.255.3/255.255.255.252 --> traffic-group-local-only (non-floating) [Device 2]
- nitass
Employee
Here is how I setup the HA VLAN:
10.1.255.1/255.255.255.252 --> traffic-group1 (floating) [This is on both devices]
10.1.255.2/255.255.255.252 --> traffic-group-local-only (non-floating) [Device 1]
10.1.255.3/255.255.255.252 --> traffic-group-local-only (non-floating) [Device 2]can you try /29 (255.255.255.248)? - mali77_57143
Tail Command gives me this:
- nitassTail Command gives me this:you were in tmsh. you have to go to bash.
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) run util bash [root@ve11a:Active:In Sync] config 
What_Lies_Bene1Cirrostratus
Or you can check the Local Traffic log in the GUI, same difference- mali77_57143
Ok thank you I got the tail command working. I removed the device trust and added them both back in using the HA IP instead of the Management IP address. So here is the latest status:
1- Device 1 shows Online/Active/In Sync
2- Device 2 shows Online/Standby/In Sync
However now if I disconnect device 1's management cable and/or cable for HA vlan in 1.4 interface Standby device is not becoming active. Also even though it says configs are in sync but Device 1 has a single VLAN as I deleted a second one but Device 2 still has 2 VLAN's.
I have both devices in the device group that is how it is supposed to be right? By the way I created a case with F5 on this too yesterday so far haven't heard anything back from them. - nitassHowever now if I disconnect device 1's management cable and/or cable for HA vlan in 1.4 interface Standby device is not becoming active.have you configured vlan failsafe or ha group?
Also even though it says configs are in sync but Device 1 has a single VLAN as I deleted a second one but Device 2 still has 2 VLAN's. vlan is not shared configuration. additionally, configsync has to run manually.
By the way I created a case with F5 on this too yesterday so far haven't heard anything back from them.it depends on what severity you created. sev4 will take 24 hours in response. anyway, if you want to work immediately, you can call them and ask to speak to support engineer. i believe they are happy to help. :-) 
natheCirrocumulus
All,
Just to add my observations. When I setup an Active/Standby 11.2.0 pair I had a "funny" with the Device Group / initial Sync, even though the initial Setup Wizard had gone through fine. As above, I had to manually remove and re-add a device to get this to work. I had another pair on 11.2.1 and I don't remember having this as an issue.
I don't like to jump straight to recommending upgrading as it should've worked but I wonder if it's worth attempting a 11.2.1 HF1 install to see if this helps. F5 Support may come back with this as an option anyway.
Alternatively, does Force to Standby on the current Active result in the Standby coming up as Active? Or rebooting / powering off the Active? If not you may get different errors which shed more light on your issue.
Looks like you're getting some good advice anyway but thought I'd share my experience too.
Hope this helps,
N- mali77_57143Posted By nitass on 10/23/2012 08:07 AM
However now if I disconnect device 1's management cable and/or cable for HA vlan in 1.4 interface Standby device is not becoming active. have you configured vlan failsafe or ha group?
Also even though it says configs are in sync but Device 1 has a single VLAN as I deleted a second one but Device 2 still has 2 VLAN's. vlan is not shared configuration. additionally, configsync has to run manually.
By the way I created a case with F5 on this too yesterday so far haven't heard anything back from them. it depends on what severity you created. sev4 will take 24 hours in response. anyway, if you want to work immediately, you can call them and ask to speak to support engineer. i believe they are happy to help. :-)
1- No I have not configured VLAN Failsafe or HA group, but it worked before not sure why it stopped working.2- So if I make VLAN changes on one and that device crashes I will have to make all those changes on the second unit too because it won't sync? Also you mentioned it has to run manually I have manually run the sync everytime I make a change?
- What_Lies_Bene1Have you configured Network Failover for the correct VLAN and IPs and confirmed there's no serial cable in place?
Yes, VLAN configuration must be performed manually on each device - I'd suggest in advance of a failure!
Yes, you need to ConfigSync manually each time you make changes. I'm not sure anyone would like it to be automatic, especially if a misconfiguration or typo kills a service on all your devices - removing the opportunity of a backout by failing over! Of course, I'm sure there's some people using iControl or tmsh scripts to manage this.
