Forum Discussion
Revolver1102_32
Nimbostratus
NimbostratusProblem with HA configuration
Hello everybody,
My company system now is located at one Datacenter and now my boss want to split it to two different Datacenters to achieve full redundancy ability for the system (hardware and netwoking)and we can share workload between two Datacenter as well.
I have deceiced to extend our VLAN at old Datacenter to new Datacenter via VXLAN with Multicast protocol. I did a LAB with my idea but i have some problems with F5 devices in HA mode(without mirroring state). Please kindly give me some advise. My Lab is look like "topology" attachment. - I run VXLAN via a GRE Tunnel to make it transparent to ISPs and it up and running. - I use VLAN 50 (172.16.1.0/24) for HA purpose to achieve Active/Active mode for a pair of HA devices and also VLAN 200 for Management purpose. You can see the latency on VLAN50, VLAN200 between 2 F5 before config-sync occur as my ping result attachments. https://drive.google.com/open?id=0B1jVb3_KazOfLTVQMU5KaThVV1U https://drive.google.com/open?id=0B1jVb3_KazOfYnpqTV8yWHgzckE https://drive.google.com/open?id=0B1jVb3_KazOfR1huLW93MFJPdEU https://drive.google.com/open?id=0B1jVb3_KazOfSF9VSzBIelczSU0
- The problem appear after i create a peer list, device group for two F5s, they never completely perform neighbor. One F5 is always in disconnected mode, the other is always in trust-only mode, please see my "state" attachments. https://drive.google.com/open?id=0B1jVb3_KazOfTTF4b0tuNkIxb0k https://drive.google.com/open?id=0B1jVb3_KazOfSlRtM1dTS0xuV1E
When every time i access device management => overview F5 is be hangout and even affect to all the networking performance between to my Switches (network behavior like being flood packet). When i show /var/log/ltm i can see the CMI connection was being flapping may be due to TMM can't perform connect with peer device. I cann't understand what make it happen. https://drive.google.com/open?id=0B1jVb3_KazOfNGhZU0YtWlpYN2s
- Anyway, my two ASAs can work perfectly on active/active mode.
Any advise for me is much appreciated.
BB16Hi Revolver, your setup looks great. Kindly check with below link https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_0_0/tmos_high_avail.html
check with some 1. redundancy properties, 2. creating vlan & self IP's / failover 3. Network failover 4. HA setup wizard. GOOD LUCK!!!
- Revolver1102_32
Dear Mr. Bbukane.
Thank you for your response,
If i do the HA configure for 2 F5s that have HA link connect by a Switch, they will work properly. At the moment i have 3 pairs of A/S F5 in my old Datacenter.
Summary in my case, the F5 in old datacenter can not make TMM connection with the F5 in new datacenter via L3 connection. This make CMI flap every 5 seconds. Has anybody successfully did HA for a pair device through L3 connection yet?
Anyway, sorry for my bad english.
- BB16
You mean there are total 12 F5 boxes, 6 in each DC (3 pairs of A/S F5 in my old Datacenter) & 1-1 active in both DC, other 5 pairs standby. let me know about this, need sometime to analyze this. Thanks :)
Also share your error messages, logs etc. bigip is getting.
- Revolver1102_32
I am appreciate your help. Actually i manage 6 F5 devices now, and in future we want to split them to another DC (I called New Datacenter) for DR site. I just do a lab now. Here is my devices log: https://www.dropbox.com/s/0nvfza0muih3iya/New_Datacenter.docx?dl=0 https://www.dropbox.com/s/lqchtgh8mpfrymw/Old_Datacenter.docx?dl=0
Tomorrow i will do a test in real devices.