New LTM setup question

Hi jaylaval,

 

 

VLAN failsafe can be used with trunks without issue. VLAN failsafe will only kick in if no traffic is seen over the VLAN for the specified time period. There's more info in the link below.

 

 

VLAN failsafe overview:

 

 

https://support.f5.com/kb/en-us/solutions/public/7000/000/sol7066.html?sr=9240433

 

 

Alot of my customers use a dedicated VLAN for network failover. In my experience a switch is always placed between the interfaces. In theory, a crossover cable could be used between the devices but I am afraid I haven't tested this. The below might offer you some guidance

 

 

Configuring High Availability (version 10.0.x):

 

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_0_0/tmos_high_avail.html?sr=92404491051387

 

 

I hope this helps but if not, post back here and I can give more info.

 

 

Thanks,

 

 

Chris

thanks chris for the response. The way our network is setup, we connect the odd numbered hardware together and the even numbered hardware together. Example. F5-1 would connect to fw-1 and switch-1. F5-2 would connect to Fw-2 and switch-2. If i'm understanding trunks correctly, I would need to take say 1.1 and 1.2, trunk them together as a 2GB link. Plug one interface into sw-1 and one into sw-2. However, we generally don't connect our network that way. I was thinking of using vlan failsafe and not the trunks. If I had say 1.1 and 1.2 trunked plugged into the same switch, it doesn't give me an redundancy at the switch level. If Sw-1 went down, I would need to have failsafe enabled anyway if they were plugged into the same switch. Just wondering what common cabling scheme you see. Do most customers use the copper ports with trunks? I also have 8 sfp fiber ports available. I have a pair of 6900's with alot of ports that will be free, I want to allow for future growth but only see using maybe 4 interfaces to start.

 

 

Thanks again,,

 

Hi Jaylaval,

 

 

from reading your description I am wondering if Gateway Failsafe is more appropriate to your needs? I have struggled to find a concise overview of Gateway failsafe but the Netork & Systems management guides contain some info.

 

 

For example:

 

 

version 9.4:

 

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip_nsm_guide_943/nsm_high_avail.html1012058

 

 

version 10.1:

 

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_high_avail.html1012058

 

 

 

From personal experience most of the trunking setups I have seen use the ethernet (rather than sfp) ports but I am not aware of anything that would prevent you creating an sfp trunk.

 

 

Trunknig is usually best thought of as 'port redundancy' (e.g. 1.1 and 1.2 are in a trunk to switch1, Interface 1.1 goes down but 1.2 is still up and available to service the traffic) and VLAN or gateway failsafe is usually best thought of as 'device redundancy' (in the case of gateway failsafe it can even be considered 'path redundancy').

 

To make matters more complicated, you can of course use a combination of trunking and vlan/gateway failsafe.

 

 

I hope this helps but if you can't use the links I have posted or you have more questions, then do post here and I'll answer as soon as I can.

 

 

 

Chris

 

Thanks again for the information. I'm using the new 10.2 version and it looks like gateway failsafe may be the better option One more question for the dedicated synch interface/vlan, can that be non routed vlan that is not reachable?

 

Hello Jaylaval,

 

 

in terms of the sync VLAN, it can be non-routed in that it doesn't need to go anywhere other than to be able to communicate with the other device in the HA pair. So it doesn't need a route to the internet for example, nor would you need to be able to access that VLAN via the selfip for administration for instance. Does that answer your question?

 

 

As always, if you think of anythnig else, let me know!

 

 

Chris

Yes it does answer my question and I appreciate it. I'm still a little torn if I want to use trunks or not. It would be nice to have the interface redundancy on one box and use gateway fail safe for in case of a upstream switch failure. I just don't want to eat up all my ports right away. We do alot of segmentation. SO even though most of the servers will never drive a gig port, we like to run seperate cable segments to keep traffic isolated. Right off the bat, i'm going to be load balancing exchange 2010, microsoft OCS, and a dozen or so internal web apps. I probably will segment exchange on it's own 1 or 2 interfaces with OCS, our internal apps on another. If I use trunks thats 6 interfaces used up. I do have plenty left, and the SFP Ports. I will say, going from a 3400 platform to a 6900, it's nice to finally get some hardware with horsepower. I'm not sure if there are any issues with version 10.2. From what i've been reading on the forums out here it seems to be fairly stable.