Forum Discussion

Derek_21893's avatar
Derek_21893
Icon for Nimbostratus rankNimbostratus
Aug 11, 2009

Is a floating self-ip really necessary?

Hi, I'm hoping someone here can provide a little more insight on if a floating self-ip is truly necessary for an Active-Standby configuration.

 

 

A little context is possibly in order. I'm writing an application using iControl in which I would like to be able to determine if two given F5 LTM devices are peers for failover. The suggestion on the iControl forum was to see if two LTMs had the same floating self-ip, and this would be a good determination that these two are peers in a failover pair.

 

 

So in our lab, I have a pair of F5 LTMs which are peers in Active-Standby failover. These were set up by someone other than I, but I now administer them. They have no floating self-ip addresses on either the external or internal VLANs. They do however have static self-ip addresses on both external and internal VLANs.

 

 

Now, the hosts on the internal VLAN (i.e. web servers) have their default gateway set to a core lab router, not the F5, so a floating IP isn't really of use in this case. Traffic from the LTM to the servers all happens via directly connected interface, thus no default route or other routing decision is needed by either the LTM or servers.

 

 

If a failover occurred, the VIP addresses would then move to the Standby unit, and new requests would be NATed to the static self-ip of the Standby (or freshly Active) LTM on the internal VLAN, and the servers would then respond to this new address.

 

 

The only advantage I can think of for having the floating self-ip on the internal VLAN would be that it could possibly be a requirement for connection mirroring, but I was unable to find any documentation which alluded to this.

 

 

Any insight would be appreciated!

 

 

Thanks,

 

-Derek

 

 

config
design
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Aug 11, 2009
    Hi Derek,

     

     

    In your configuration, since the LTM's aren't the default gateway or the routing next hop for any of your devices (all connections must be using SNAT), then you are correct that floaters are not necessary.

     

     

    Connection mirroring is done via the primary failover addresses defined in the high availability config, so there's no requirement there for floaters either.

     

     

    I haven't checked the iControl SDK, but I would imagine one of the items you can check would be the defined peer address for each system.

     

     

    Denny
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Aug 11, 2009
    FWIW, I wholeheartedly agree with Matt's points, especially 3. When I want to manage a pair, I like having a DNS name configured that always brings me to the active unit. Definitely helpful when you're in a hurry to check something.

     

     

    Denny
  • sojan_86359's avatar
    sojan_86359
    Icon for Nimbostratus rankNimbostratus
    Jul 02, 2013

    When you do SNAT , it pickup the egress vlans floating IP as the source address . Since floating IP is shared between the devices , the reply traffic from the server can be handled by standby unit as well , if there was a failure of active unit any time.

     

     

    So floating IP is a nice feature. Hop this is something you should consider.

     

    Regards

     

    Sojan