F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Ganesh_Iyyappa1's avatar
Ganesh_Iyyappa1
Icon for Nimbostratus rankNimbostratus
Sep 29, 2013

LTM Route-Domains and VLAN Fail-safe

Hi,

 

Configured paid of F5 devices on Active/passive HA. Sync VLAN is in the common partition. I have another partition which is associated with a route-domain let say RDA. VLAN 100 is in the RDA and configured virtual servers, pool, nodes. etc. Everything is fine so far. The fail-over works when one of the devices goes down. But how do I enable the VLAN fail-safe in this situation. ?

 

When I enabled the vlan failsafe and brought down the port-channel interfaces on the switch which are connecting to the active unit, the failover did not happen, the unit1 was still remaining as active unit, though its interfaces (trunk) are down.

 

Can someone help me understand what am I doing wrong here.?

 

Thanks Ganesh

 

availability
deployment
management

4 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Sep 29, 2013

    I really hate HA in TMOS; mainly because I just can't fully get my head around it. Anyway, there's a few possibilities. To start with, do you have network failover configured? Anything else?

     

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Sep 30, 2013

    The HA concept is still work in progress as there is no association between the so called HA group feature and traffic groups.

     

    Anyway, we have to deal with the current features and we are limited to legacy methods as are:

     

    • VLAN Fail-Safe
    • Gateway Fail-Safe

    and the new

     

    • HA Group

    Make sure to use HA Group only or VLAN / Gateway Fail-Safe as alternative approach.

     

    VLAN Fail-Safe needs to be activated per VLAN and will not be synchronized.

     

    Make sure to apply it to production VLANs only, be conservative with the timeout (stay at least above 30 seconds) and use the failover action 'failover'. Otherwise it might be required to start the unit in single user mode to get out of a never ending loop ...

     

    Gateway Fail-Safe will require to create two pools (which will be synchronized).

     

    One Pool will assigned per device to be monitored as a failover trigger. This is a unique mapping.

     

    Both with VLAN Fail-Safe and Gateway Fail-Safe you can face a standby/standby if both devices do not have the required resources!

     

    An HA Group may contain pools of servers, aggregated links (trunk) and number of available blades (VIPRION only). Especially the trunk monitoring allows a pretty fast failover by using the bi-directional LACP protocol for link verification.

     

    Using HA Groups requires some more brainwork as you need to calculate a proper balance of assigned wheigts and active bonus.

     

    As mentioned before the HA Groups are fine to run v11 in active/standby because by now only a single HA Group per device can be created.