Network failover, network mirroring, vlan failsafe

1. is there any best practice for configuring network failover? (e.g. dedicated vlan, 2 physical links as trunk for failover traffic, etc)in v10, i always use 2 pairs of unicast entry; one is on mgmt interface and the other one is on tmm interface. for tmm interface, i use dedicated vlan with one port if possible.

 

 

this sol is for viprion.

 

 

sol11939: Configuring network failover for redundant VIPRION systems

 

http://support.f5.com/kb/en-us/solutions/public/11000/900/sol11939.html

 

 

2. is that necessary to have a dedicated vlan for network mirroring traffic? otherwise where should they go though?if traffic is high, i would use dedicated vlan.

 

 

3. after enabling network failover, is it necessary to configure vlan failsafe? Without vlan failsafe, would failover be triggered if a network interface goes down?it is not necessary. without vlan failsafe, bigip won't failover even interface is down.

 

 

by the way, have you seen this sol before? hope it is helpful.

 

 

sol12277: Change in Behavior: How simultaneous failsafe events affect a redundant system

 

http://support.f5.com/kb/en-us/solutions/public/12000/200/sol12277

 

3. after enabling network failover, is it necessary to configure vlan failsafe? Without vlan failsafe, would failover be triggered if a network interface goes down?it is not necessary. without vlan failsafe, bigip won't failover even interface is down.

 

 

by the way, have you seen this sol before? hope it is helpful.

 

 

sol12277: Change in Behavior: How simultaneous failsafe events affect a redundant system

 

http://support.f5.com/kb/en-us/solutions/public/12000/200/sol12277

 

You mean,without vlan failsafe, bigip will or will not failover if interface goes down? If bigip will not failover, should I configure vlan failsafe or HA group?

I haven't seen this sol before. Thanks for your information.

 

You mean,without vlan failsafe, bigip will or will not failover if interface goes down?bigip won't failover.

 

 

should I configure vlan failsafe or HA group?yes, either vlan failsafe or ha group. i understand ha group is more granular.

 

 

cheer!

1 more question. If there is no dedicated vlan for network mirroring traffic, where should these traffic be put on? on the network failover link?

If there is no dedicated vlan for network mirroring traffic, where should these traffic be put on? on the network failover link?i have never seen any official document; anyway, if i were you, i would put it on internal (production) vlan since i think network failover vlan (link) should be treated as the highest priority unless you also have hardware serial failover.

Do you think I can use the management interface for network mirroring traffic?

Do you think I can use the management interface for network mirroring traffic?i got this when trying.

 

 

01070707:7: The state mirroring address, statemirror.ipaddr, x.x.x.x may not be on the same network as the management port

If you think about it, then the management port doesn't work for mirroring traffic as it's

 

 

A. Only 100Mbps...

 

B. Not connected to the switch port and out of band from the tim process (And it's the tim that does the mirroring).

 

 

I usually use an 'internal' interface for port mirroring... What that really is depends. A favourite of mine is a separate HA/Mirroring VLAN in a completely separate physical interface and switch... (e.g. a dedicated switch or pair of switches for the HA traffic).

 

 

H