Forum Discussion

TaibC_89930's avatar
TaibC_89930
Icon for Nimbostratus rankNimbostratus
Oct 03, 2012

LTM 3900 Network Failover

I am new to F5 and would appreciate some guidance, I am setting up a redundant pair of BIG IP LTM 3900s in an ACTIVE/STANDBY SETUP using Network failover.

 

 

Below are the issues I am having and what I think the solution is to each, but if anyone can suggest a recommended/best practice way I’d appreciate the help.

 

 

 

CURRENT BIG IP LTM setup

 

3 TRUNKS configured: 4 members, 2 members, 2 members

 

Failover type: Network Failover, LTM peers are separated by a geographically distributed LAN, cannot use Hardware failover.

 

Failover criteria: Using HA Groups to monitor members in TRUNKs

 

Trunk Threshold – 2 active, 1 active, 1 active

 

 

Active Bonus set: as without this the peers failover when a single member of the 4 link trunk goes down, even though threshold is set to 2 active members. Cannot see why this is.

 

Looking for a way to automatically synchronise the configs between the two peers, and have been researching SYNC-ONLY DEVICE GROUPs, but am having trouble with the implementation, is this an option on the LTM 3900?

 

Do I need a specific VLAN for the failover heatbeat? I have seen conflicting posts on this as some say there should be a dedicated VLAN for failover to prevent flaps, and others it isn’t necessary.

 

Am still looking at VLAN failsafe, but I’m trying to get the basic interface failover working first

 

Is there a way to use a floating management IP address, so using HTTPs to this address always takes me to the active LTM device, cannot see how to set a floating Self IP for use just on for management.

 

 

These forums have been a great help, so thanks in advance.

 

 

application delivery
availability
LTM
TMOS
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 03, 2012

    Could you please let us know what version you are running. It would also be useful to see the HA group configuration if you can post it please.

     

     

    In this situation for the configuration synchronisation, I'd suggest ConfigSync is the way to go as I'd imagine it's simpler to setup.

     

    Regarding the dedicated VLAN I'd suggest most debate has been around a dedicated interface rather than a VLAN. In theory this would be best practise but in reality, if a switched network was so congested that traffic was being dropped it's not going to help much unless the two devices could be directly cabled together which wouldn't be the case here.

     

  • TaibC_89930's avatar
    TaibC_89930
    Icon for Nimbostratus rankNimbostratus
    Oct 03, 2012

    Thanks for the reply, I am running version 10.2.4 on LTM 3900,

     

    I used b ha group HA-GROUP-01 list, to get the output below, tried b ha group then show but it only showed the HA-groups configured.

     

    ha group HA-GROUP-01 {

     

    active bonus 50

     

    trunks BACKBONE-TRUNK {

     

    scoring {

     

    threshold 2

     

    weight 100

     

    }

     

    }

     

    }

     

     

    I'll look into config sync, thanks for that.

     

    Is there any way of having a single management IP that floats between the two peers, and always takes you to the active peer?

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 03, 2012
    OK, I've looking into the HA Group scoring and what's happening is normal behavior. The threshold setting doesn't modify the HA score unless the members of the 'group' drop below the value, in which case that group' (of the trunk interfaces in your case) no longer contributes to the HA score at all. So, you'll need the active bonus to prevent failover if just one link fails.

     

     

    You should carefully consider what scenarios you do want to cause a failover and calculate the weights and active bonus accordingly. See here for more information on how the scores are calculated: http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/viprion_configuration_guide_10_1/clustered_systems_redundant.html
  • TaibC_89930's avatar
    TaibC_89930
    Icon for Nimbostratus rankNimbostratus
    Oct 03, 2012
    thanks for that, i will look into it, i do not think i am running the viprion system though, it is a standard 3900 LTM system, when i did b version show i get the below, but my unit is a single module, non expandable, but i will look at the manual you sent me anyway.

     

    Kernel:

     

    Linux 2.6.18-164.11.1.el5.1.0.f5app

     

    Package:

     

    BIG-IP Version 10.2.4 591.0

     

    Hotfix HF2 Edition

     

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 03, 2012
    Don't worry, the HA Group and Fast Failover features work the same for a 3900 or VIPRION
  • TaibC_89930's avatar
    TaibC_89930
    Icon for Nimbostratus rankNimbostratus
    Oct 03, 2012
    thanks again, I am reading that manual now,

     

    I will look for the floating management IP address online, there must be a way of having a single IP address shared between the two systems, and when HTTPs to it takes you to the active unit.
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 03, 2012
    Regarding the management IP, as long as you don't absolutely have to use the management network interfaces, you can just manage the device through any of the floating IPs configured. You may need to make some adjustments to the Port Lockdown settings of the Self-IP you wish to use depending on what's configured now. Allow Default should do the trick.
  • TaibC_89930's avatar
    TaibC_89930
    Icon for Nimbostratus rankNimbostratus
    Oct 04, 2012
    thanks for your replies sir, been a great help, and a great introduction to these forums!!