LTM HA - network or hardware failover?

But what if if the switch port which connects to the active unit goes down? will the device failover to the backup unit using hardware failover?i assume you mean all network connectivities are down. if so, bigip won't failover (since hardware failover is there) unless you also configure vlan failsafe or ha-group.

 

 

Failover if network connectivity is lost to active devicei think this can be done using vlan failsafe or ha-group.

Yes, if network connectivity to one unit is down i will need it to failover (obviously) so i guess VLAN fail safe would be what I want. Does that work OK with hardware failover? I mean can vLAN fail safe and hardware failover be used together?

 

 

Also, I have noticed that when I create a new VLAN on one unit and then sync the config, the new vlan does not show up on the standby unit.... Is this normal?

 

Does that work OK with hardware failover? I mean can vLAN fail safe and hardware failover be used together?why not? ;-)

 

 

Also, I have noticed that when I create a new VLAN on one unit and then sync the config, the new vlan does not show up on the standby unit.... Is this normal?yes, that is normal since vlan is not shared configuration. only shared configuration such as virtual, pool, node will be synchronized.

Posted By nitass on 05/16/2012 06:14 AM

 

Does that work OK with hardware failover? I mean can vLAN fail safe and hardware failover be used together?why not? ;-)

 

 

Also, I have noticed that when I create a new VLAN on one unit and then sync the config, the new vlan does not show up on the standby unit.... Is this normal?yes, that is normal since vlan is not shared configuration. only shared configuration such as virtual, pool, node will be synchronized.

 

That kinda sucks.... I'm going to have over 100 VLANS (all with self IPs)

I have an API that can configure vlans, VIPs, pools, nodes etc etc at any time via a web portal that our customers can use...

 

 

 

If they don't get configured on the backup device and a failover occurs traffic wont flow. Is it possible to get this synchronised somehow at all?

 

 

I use both VLAN Failsave and hardware failover. It is normal to assign both units a shared IP address - the Active unit is responsible for responding with the shared address. Even after a failover, there is always an Active unit so the shared address should be responding (unless something really unusual happened). You designate an IP address as "shared" by selecting the "Floating IP" checkbox (in 10.2.0, at least). Yes, unfortunately you have to create this shared address on both units. But once it's set up, both units can respond to it (though as I mentioned, only the Active unit will).

 

 

In addition to creating a floating IP address, I also assign a floating MAC address - referred to as a "Masquerade MAC". It works the same way as a floating IP - only the Active unit responds to it. The benefit is that when there is a failover event, the router does not need to update it's ARP table - which has been problematic several times for me. Assigning a Masquerade MAC has resolved that, and it makes sense intuitively - just like a floating IP does.

@luca That's interesting, is it for one client? Or are you offering shared services to multiple clients?

 

 

Just sounds like you would have to build some logic to build the non syncable items on the peer..

Posted By iRuleYou on 05/17/2012 07:05 AM

 

@luca That's interesting, is it for one client? Or are you offering shared services to multiple clients?

 

 

Just sounds like you would have to build some logic to build the non syncable items on the peer..

 

Its a public cloud service. Customers can go to a web portal and create load balancing rules which then get programmed into the F5 via an API.

 

 

Previously we have just run a single F5 but now we are expanding we have a new HA cluster. So yes looks like we will have to modify the API to create the VLANs and self IPs on both units.