LTM Traffic Groups Failover - Is Layer 2 needed?
Dear All,
For years we have connected Active-Standby LTMs with a common VLAN for VIP-Bound traffic (and responses). We use traffic groups with a shared "floating ip" which is meant to float across to the standby unit in the same VLAN following an HA Event. Our failover heartbeats happen separately across dedicated sync cables and a management port. VIPs are pointed at the LTM's floating IP address using static routes, which minimises ARP during a failover.
I have been busy building an EVPN fabric and I would now like to consider the options for migrating the LTM Active-Standby pair onto it. My preference would be to connect the two LTMs to separate leafs and use Cisco's HMM track to inject the static routes into BGP when the connected LTM becomes active (i.e. starts responding to the floating IP). This is how Cisco recommend connecting a load-balancer to an EVPN fabric (see "Firewall Failover with Static Routes").
Ideally I would like to remove the L2 common VLAN between the Active and Standby unit, but still float a single IP address between the devices.
- Could you advise if the LTM will allow a floating traffic-group IP to be floated to a unit which isn't in the same L2 broadcast domain?
- Does the LTM issue a GARP when taking over the floating IP?
- I guess that if the above isn't possible, an MLAG/VPC up to a leaf pair would be the way to go and just connect both F5s to the same leaf pair.
The question about L2 connectivity between LTM units has been asked before, but I didn't see any firm answers.
Thanks in advance.
James.