Forum Discussion
NimbostratusLayer 2 LTM cluster setup in 11.4.x
I am building a active/standby fail-over pair of ltm's using the 11.4.x code. I need to configure this as a layer 2 environment only, one trunk interface with multiple tagged vlans.
The documents state that I need to supply self ip addresses to the internal and external vlans.
Question is are these vlans and addresses visible outside of the cluster? can I just create dummy vlans and addresses that will not traverse the trunk in order to accomplish this design?
Any clarification is appreciated.
JB
7 Replies
What_Lies_Bene1Cirrostratus
Hmmm, interesting. Will you not have any L3 virtual servers at all?
JB_106099No, there will be no layer 3 Virtual servers, this is how we have it today in the 9.4.6 code.
- What_Lies_Bene1
OK, so that document I'm sure you've read is just demonstrating the expected set-up with L3 Traffic Groups. Certain parts are not essential. I guess the question is, what are you looking for HA wise? What function is actually going to move between devices? How are surrounding devices going to know to route via the newly active devices?
- JB_106099
We want the basic active/standby cluster, where all resources are active on the active unit. The vs communicat via there vlan gateway which is on a firewall and not the F5.
The vs use broadcasts to communicate within their own vlan.
- What_Lies_Bene1
OK, I'm not sure I understand the full picture on how this works but perhaps that's not necessary. So, if you use a dedicated VLAN and some nonsense addresses between devices you can use network failover with HA-groups or all the failsafe features. Alternatively you could drop even those addresses and use the serial failover cable instead. Regardless you'd need to create the relevant device group and trusts but this can be done through the management interfaces. Does that help?
- JB_106099
What I did is similar to your suggestion, I created three vlans that are not used in our network and did not put them on th etrunk interface (HA,Internal, and External) and linked the 1.1, 1.2, and 1.3 interfaces to the respective vlans. I then used crossover patch cables and connected the standby unit to the primary unit respective interfaces. This brought up the interface and I was able to complete the cluster configuration. All seems fine and works as expected but I still wonder if what I did is truly necessary.
Oh, I do have failover configured for the serial cable, not the network.
Thank You for your input.
- What_Lies_Bene1
It's my understanding that that was all unnecessary. You should be able to create the trust via the management interfaces. Still, a HA VLAN would be good so you can ConfigSync (this can't be done via the mgmt interface). Seeing as you'll use a HA VLAN you probably shouldn't use serial failover and should rely on network instead.
So, I think it should look like this;
1) Just keep the HA VLAN, use 'dummy' addressing
2) Cable this via the same switches as the other VLANs but different interfaces (so it'll cause a failover if a switch fails)
3) Enable VLAN fail-safe on all VLANs
4) Configure ConfigSync and network failover on the HA VLAN only
5) Don't use the serial cable
6) Take a look at the System Fail-safe feature too
Any issues or questions, let me know.
