Forum Discussion
Sri_Narasimha_05
Altocumulus
AltocumulusOne-Arm Mode Migration
Hi Experts, We're running F5 BIG-IP 2200 v15.1.2.1 (Build 0.0.10) appliances on HA and planning to migrate it to i2000 series (HA). Currently, the config is one-arm mode and we've been asked to do...
Sounds ok to me. Just check that the ARP is enabled on the virtual address of the VIP. By default it is, but to be sure please check.
In case you have issues make sure you check the arp table on the firewall and the vip ip is pointing to the right mac address. Probably it be good to check this before you migrate a vip , and record the mac address so you can compare it.
Sri_Narasimha_05 the UCS restore overrides all configuration of the new device when imported last I had to do one with the exception of validating various difference between platforms when you use the platform migrate. You might try a UCS restore on a virtual appliance first in a sandbox to see exactly what happens.
Sri_Narasimha_05Altocumulus
AltocumulusThanks so much for the valuable assistance provided.
I've been told that SCF file doesn't include the SSL certs. Sure, I'll look after the possibility of using SCF file as well.
Just a final query, if the 'platform'migrate' option is being used,
My intention is to connect the new pair of F5s on the New management IP and dedicated HA (and not connect the TMM interfaces). Once imported and verified, then connect the interfaces for data processing.
I hope you're referring to the below about TMM interfaces and not the Management interfaces, so the imported file doesn't override the existing management IP.
"but keep in mind that you should not have the new F5s plugged into the network at all when you do this or you will cause connectivity issues to the existing F5s"
Paulius
MVP
MVPSri_Narasimha_05 the UCS restore overrides all configuration of the new device when imported last I had to do one with the exception of validating various difference between platforms when you use the platform migrate. You might try a UCS restore on a virtual appliance first in a sandbox to see exactly what happens.
- Paulius
Sri_Narasimha_05 That is correct sort of. You should be able to go to the following path and just uncheck ARP and save in order to leave the virtual servers going to the old F5s if your intent is to have the configuration in place on both old and new F5s. When you are ready to move the virtual server over it should be a disable ARP on the old F5s and an enable ARP on the new F5s. All of these changes is the main reason why I recommend going the route of having all new IPs for the virtual servers so it is a NAT change on the firewalls and possibly a Security Policy or Access-list update.
- Sri_Narasimha_05
Hi Paul,
Many thanks for the assistance provided so far. Though I've got what I needed, I've a question and wanna check in the same forum as it's related and need your guidance please.
Though the VIP is marked as down, it's still responding to Ping and ARP entry is seen. In my case, initially, even though the VIP's would be disabled until migrated to the new pair of F5's, I still need to disable ARP and Ping for that respective VIP (under virtual address list) to avoid duplicate MAC address issue on switches.
Once migrated, similar approach to be followed on the F5 (which were hosting this application before cut-over) for that respective VIP.
Is that correct?