Forum Discussion
Need recommendation on Active-Active F5 setup
- Feb 19, 2020
Hi John,
It absolutely depend on your requirement and the platform capacity. Just one quick question. do you have hardware or VM series platforms?
Now if you really want to deploy cluster in active-active mode. Below are some deployment related inputs from my end -
- As you have mentioned you have two subnets to be taken behind F5 i.e. LAN and DMZ. You can configured to take load on LAN on F5-A and DMZ load on other F5.
- This can be configured using traffic groups. There is one traffic group by default. You can create new traffic group.
- e.g. in traffic group 1, F5-1 will be active and other will be standby and for traffic group 2, F5-2 will be active and other will be standby.
- Also there will be failovers like if F5-1 goes down, F5-2 will take traffic on DMZ as well as LAN and vice-a-versa.
- You can even configure separate partitions for LAN and DMZ to keep separate configuration and easy to manage. Also have separate route domains. e.g. for LAN 1 and DMZ 2.
This way you can plan your configuration. Actually i have tested exactly same deployment in my LAB setup Let ms know if you have any queries on this.
Mayur
Hi John,
It absolutely depend on your requirement and the platform capacity. Just one quick question. do you have hardware or VM series platforms?
Now if you really want to deploy cluster in active-active mode. Below are some deployment related inputs from my end -
- As you have mentioned you have two subnets to be taken behind F5 i.e. LAN and DMZ. You can configured to take load on LAN on F5-A and DMZ load on other F5.
- This can be configured using traffic groups. There is one traffic group by default. You can create new traffic group.
- e.g. in traffic group 1, F5-1 will be active and other will be standby and for traffic group 2, F5-2 will be active and other will be standby.
- Also there will be failovers like if F5-1 goes down, F5-2 will take traffic on DMZ as well as LAN and vice-a-versa.
- You can even configure separate partitions for LAN and DMZ to keep separate configuration and easy to manage. Also have separate route domains. e.g. for LAN 1 and DMZ 2.
This way you can plan your configuration. Actually i have tested exactly same deployment in my LAB setup Let ms know if you have any queries on this.
Mayur
Hello Mayur,
Thanks for sharing details. I have all VM series F5 and new deployment will also VM series only. I am with your points of configuring two separate partitions and RDs for LAN and DMZ. Both F5s will be there for taking traffic for both lan and dmz.
I am quite curious about managing it. We dont have BigIQ for managing our F5s, we are managing them separately by logging into active gateway using its management interface and post making changes, we do sync it with peer. Now in active-active setup, how can i manage configuration changes effectively? Any suggestions?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com