Forum Discussion

chester_16314's avatar
chester_16314
Icon for Nimbostratus rankNimbostratus
Aug 30, 2012

Network failover interface

This seems like a really simple problem, I'm just not sure the right way to go about it in 11.1.

 

 

This morning, a tech accidentally unplugged one of two switches I have behind my F5. When he did that, my F5 lost access to all its nodes. Here's why:

 

 

My 11.1 F5 is configured to have one interface for the OUTER and one interface for the INNER VLAN traffic. The inner traffic was plugged into the switch that was powered down.

 

 

Now, my second F5 is in Active/Passive config and is configured the same way, except its INNER is plugged into the other switch that wasn't powered off.

 

 

So, had I manually failed over my F5 to the other device I would've been fine.

 

 

My question is, isn't there a way that I can use one of my other unused interfaces to connect to an alternate switch and have it used when the 'primary' interface loses connectivity? Interface mirroring seems wrong because I don't want my traffic going out both interfaces.

 

 

Is it as simple as assigning both interfaces to my VLAN? And then does the F5 use only the first in the list unless....
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    There's lots of ways to do this. And it pretty much depends on exactly what you'd like to protect against for the major parts, and what you're connecting to for the details.

     

     

    One way that would have helped here would have been network failsafe. basically the BigIP can monitor the attached vlans and if one of them goes 'down' the unit will go into standby. (In fact you can choose from standby, restart tmm, reboot etc).

     

     

    However there's also ways to make sure that the networks themselves are more robust. You can do etherchannels (Trunks in F5 parlance) that can do LACP (802.1ad signalling that allows two interfaces to appear as one logical and be load-balanced for the traffic).

     

     

    Or if LACP isn't available (e.g. two switches that usually won't do LACP across them - This is what you're really asking about above) you can simply have a spanned vlan across two switches and rely on STP (Spanning Tree) to stop the loop in the network. Careful design of your STP priorities is usually wanted to make sure the 'right' interfaces block (Usually you'd want one of the interfaces on the BigIP to be blocking).

     

     

    ** Note when I say spanning tree, what you usually want to run is called STP+ or PVST (Per VLAN Spanning Tree) which keeps a separate tree for each vlan. e.g. if you have two vlans you can block one on one interface and the second on the other interface.

     

    H