LTM Traffic group failover

Question

We have 4 LTM's in a device group and moved one of our Traffic groups to a different LTM a few weeks ago. All 4 devices show that padf5-core1.csiweb.com (the LTM it was moved to) as the active device, but there are no stats or connections present on that LTM. The orignal LTM it was moved from still has all the traffic and I have traced MAC address' to that device. I have failed/moved between traffic groups many many times without issues. I opened a case with support which has not gotten very far...from the QKVIEW's they say that both devices are "active" and I need to disable the VS's on the original for it to work properly. I don't understand this as I have never had to do this in the past and if I were to disable the VS"s on any inactive LTM how would failover work in the event of an outage. I have requested a support session with F5 on this issue but haven't recieved a response at this time.

FYI both LTM's in question have other traffic groups running properly on them.

Thanks,

Joe

whisperer · Answer

You may have a split brain situation where you actually dont have an active sync and network failover happeneing between all 4 devices. Do you have all 4 devices within the same device-group/traffic-group? When you perform an iqdump on each unit, do you see the other 3 units communicating properly? Can you provide a screenshot of the sync page, where the F5 units part of the device groups are listed with their current status -- ie, grey or green balls.

jomedusa · Answer

My ultimate goal will be to have only 2 devices in the traffic group for failover as we will be decommisioning 2 of the LTM's later this year.

From the image below I would like to ultimately only have the padf5-core1 and padf5-core2 in the traffic group, but currenly all the traffic is on Pad-F5-2.

Can you please provide more information on the iqdump?

Thanks,

whisperer · Answer

Do you have more than one traffic group configured? That is another instance where you would have more than one F5 unit active. If the traffic groups are not on the same unit, then multiple units may be active. If you need to move connections ASAP, just force offline the problematic F5 unit.

Looks like the devices should all see each other and configs are synced. So there shouldnt be any issue with network failover, the port lockdown settings, or iquery comms in this case. (If you log into each unit and the standby / active devices all look the same in GUI .. connected, grey balls or green balls, same ball colors, etc. then connectivity wise you should be OK. I would check the traffic groups.

jomedusa · Answer

Yes we have seperate traffic groups for each Partition.&nbsp; My goal is migrate each Partion/Traffic group to the new LTM in phases.&nbsp; I know I have moved between all of the devices in the past but I am not sure I have since we performed an upgrade a few months ago.&nbsp; I think I am going to migrate traffic off the "problem one" this weekend and then perform a reboot.&nbsp; I have held off on this but I am pretty sure I am hitting a known issue where the versions don't show up correctly from one device to another, I have had this in the past and had to perform the following:K13030: Forcing the mcpd process to reload the BIG-IP configurationhttps://support.f5.com/csp/article/K13030Thanks,Joe

whisperer · Answer

Well, that is why you have a mish mash of active devices. It all depends where that traffic group is located. The shared objects, such as Virtual Servers, associated with that traffic group will still process traffic on the unit where that traffic group is active.Not sure what you mean by versions btw. Are you suggesting the units are running different version of BIG-IP software (that shouldnt be the case) or that the configs are out of sync?

Forum Discussion

LTM Traffic group failover

8 Replies

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Sync-failover group doesn't sync properly

Configuring AWS HA Failover Across AZs Without EIPs Using F5 Cloud Failover Extension (CFE)

Certified Kubernetes Administrator - Study Group

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Using Distributed Cloud DNS Load Balancer with Geo-Proximity and failover scenarios