Question on Interface fail-safe script

Nacreous

Jan 12, 2015

Hi Omnix, the script does the following:

shift 
shift
interfaces="$*"
interfaces="1/2.1 1/2.3 2/2.1"
b interface show > /tmp/b_interface_show
for i in $interfaces
do
    status=grep "^ *$i " /tmp/b_interface_show | awk '{print $2}'
    logger -p local0.notice "interface $i is parsed and status is $status"
    if [ "$status" = "DN" ]
    then
        logger -p local0.notice "$MON_TMPL_NAME: interface $i is DOWN (status: $status)"
        for f in $interfaces
        do
            logger -p local0.notice "$MON_TMPL_NAME: bring down other interfaces"
            if [ $f != $i ]
            then 
                b interface $f disable
            fi 
        done
        echo "failed" > /tmp/int_fail_state
        exit 1
    fi
    if [ "$status" = "UP" ]
    then
        state=cat /tmp/int_fail_state
        if [ "$state" = "failed" ]
        then
            logger -p local0.notice "$MON_TMPL_NAME: interface $i is back UP (status: $status)"
            for f in $interfaces
            do
                logger -p local0.notice "$MON_TMPL_NAME: bring UP interface $f in group ($interfaces)"
                b interface $f enable
            done
            echo "ok" > /tmp/int_fail_state
        fi
    fi
done

A list of interfaces (probably on a VIPRION due to the leading blade number) is specified.

The bigpipe command (b) to show interface state is run and in case of one of the interfaces is list is reported as down, all other interfaces in the list will be disabled administratively.

The file /tmp/int_fail_state will contain the string "failed". In case there is no interface reported as down and the file /tmp/int_fail_state still indicates the "failed" stage, all interfaces will be re-enabled by the bigpipe command and the /tmp/int_fail_state will now contain the string "ok".

As F5 does not provide a mechanism to track interface states, one needs workarounds as this, if you rely need to rely on this aspect.

From my perspective there are much better built-in alternatives available:

1. Since TMOS v10 you can use so called HA groups and used trunk (aggregated link) states as a failover trigger for sub-second failover. In HA groups you can also monitor specific nodes, i.e. gateways with a monitor of your choice.

2. Since BIG-IP v4 and higher you have VLAN failsave and gateway failsafe to trigger a failover. Please keep in mind, that VLAN failsave and gateway failsafe may still result in standby/standby, if none of the monitored resources are available.

The "gateway failsafe" mechanism allows the monitoring of specified resources (i.e. via PING or whatever). Two failsafe pools will be required to be bound to the two different unit IDs (assuming you are still on v9 or v10 as you´re using "bigpipe" in your script).

Thanks, Stephan

Forum Discussion

Question on Interface fail-safe script

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SOLVED: sending IsCompliant, IsKnown and IsManaged via SAML (SSO)

BIG-IP methods to Fix the “421 Misdirected Request” Error

Dealing with iRule $variables for HTTP2 workload while HTTP MRF Router is enabled

Is it possible to create a Single Pool with multiple ports ?

F5 object groups in AFM

Related Content

Application Programming Interface (API) Authentication types simplified

vCMP logical interfaces throughput

Symmetric routing on NGINX Plus with multiple interfaces

LTM: Interface Failsafe

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS