Forum Discussion
One-Arm Mode Migration
- Jan 23, 2023
Sounds ok to me. Just check that the ARP is enabled on the virtual address of the VIP. By default it is, but to be sure please check.
In case you have issues make sure you check the arp table on the firewall and the vip ip is pointing to the right mac address. Probably it be good to check this before you migrate a vip , and record the mac address so you can compare it.
- Jan 24, 2023
Sri_Narasimha_05 the UCS restore overrides all configuration of the new device when imported last I had to do one with the exception of validating various difference between platforms when you use the platform migrate. You might try a UCS restore on a virtual appliance first in a sandbox to see exactly what happens.
Thanks so much for the valuable assistance provided.
I've been told that SCF file doesn't include the SSL certs. Sure, I'll look after the possibility of using SCF file as well.
Just a final query, if the 'platform'migrate' option is being used,
My intention is to connect the new pair of F5s on the New management IP and dedicated HA (and not connect the TMM interfaces). Once imported and verified, then connect the interfaces for data processing.
I hope you're referring to the below about TMM interfaces and not the Management interfaces, so the imported file doesn't override the existing management IP.
"but keep in mind that you should not have the new F5s plugged into the network at all when you do this or you will cause connectivity issues to the existing F5s"
Sri_Narasimha_05 the UCS restore overrides all configuration of the new device when imported last I had to do one with the exception of validating various difference between platforms when you use the platform migrate. You might try a UCS restore on a virtual appliance first in a sandbox to see exactly what happens.
- Sri_Narasimha_05Jan 24, 2023Altocumulus
Hi Paul,
Many thanks for the assistance provided so far. Though I've got what I needed, I've a question and wanna check in the same forum as it's related and need your guidance please.
Though the VIP is marked as down, it's still responding to Ping and ARP entry is seen. In my case, initially, even though the VIP's would be disabled until migrated to the new pair of F5's, I still need to disable ARP and Ping for that respective VIP (under virtual address list) to avoid duplicate MAC address issue on switches.
Once migrated, similar approach to be followed on the F5 (which were hosting this application before cut-over) for that respective VIP.
Is that correct?
- PauliusJan 24, 2023MVP
Sri_Narasimha_05 That is correct sort of. You should be able to go to the following path and just uncheck ARP and save in order to leave the virtual servers going to the old F5s if your intent is to have the configuration in place on both old and new F5s. When you are ready to move the virtual server over it should be a disable ARP on the old F5s and an enable ARP on the new F5s. All of these changes is the main reason why I recommend going the route of having all new IPs for the virtual servers so it is a NAT change on the firewalls and possibly a Security Policy or Access-list update.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com