Forum Discussion
NimbostratusReplacing F5 in HA
Hi,
We are running F5 HA (Say Member A and Member B) in Active-Active mode. Member A had a h/w issue and is currently in offline/in sync mode. We are planning to replace Member A over the weekend. I just want to confirm the process for replacing F5. I have checked other solutions on F5 but couldn't really see something that would explain everything.
In my mind, the process is
- Member B which is active at the stage, Update Device groups, traffic groups, Device trust, etc..by removing references for faulty Member A. This will force the box to go in Active/Standalone
- Shutdown faulty member A.
- Put new box New-Member-A (it is already configured with mgmt IP, self IP, VLANs, license, default routes)
- Switch on New-Member-A. It should be Standalone mode
- Re-establish Device Groups, device trust, etc...
- Sync New-Member-A to the group.
Please correct me if I have missed anything.
Cheers, MP
Hi,
Your process looks like how I would logically think its done.
Im fairly certain it would be a combination of the 2 below: https://support.f5.com/kb/en-us/solutions/public/13000/500/sol13551.html https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-upgrade-active-active-11-6-0/1.html
6 Replies
Tyron_Fourie_18Cirrus
Hi,
Your process looks like how I would logically think its done.
Im fairly certain it would be a combination of the 2 below: https://support.f5.com/kb/en-us/solutions/public/13000/500/sol13551.html https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-upgrade-active-active-11-6-0/1.html
The_Engima_CodeThanks. The interesting part is I couldn't find any specific instructions on F5 site which would confirm how it is exactly done.
- Tyron_Fourie_18
I agree it is rather strange. I also searched for a while and couldn't find any resources on replacing 1 device in an Active-Active setup.
- Tyron_Fourie_18
Please once you are done give feedback here. I am interested to see if our logic was correct.
- The_Engima_Code
Hi Tyron,
We tried the swap on Wednesday night and it failed. After talking to F5, we realized that the replacement box needs self IP, VLANs,route domains, etc... configuration for all partitions whereas it was only done on the common partition. Doing this manually would've been difficult so we left the config on the replacement box as is. It had basic configuration.
Here are the steps I did.
-
Uploaded the UCS file of member-A on the replacement box new-member-A
-
Disabled the switch ports connected all interfaces except for management interfaces. This isolated New-Member-A from Member-B(Active).
-
On Member-B, run f5mku -K and copy the key on New-Member-A run f5mku -r
As we were replacing a box in HA, the key to manage configs and HA is shared between both members. This key is required to restore config.
-
Restore the config of Member-A on New-Member-A. tmsh load /sys ucs no-license
-
This step is optional but I did.Remove HA config from New-Member-A and force it to go offline. Above steps you can perform w/o a change window as you are isolating the replacement box from Active one.
-
Now on Member-B (Active), remove HA config and make it Active/Standalone
-
Enable switch ports(disabled in step 2)for New-Member-A, the box will be in Forced Offline/Standalone mode.
-
Rebuild the trust, configure device groups, etc.. Once the boxes were in in-sync, I did sync device to group with overwrite option on Member-B which was active.
-
Once the config is synced, force New-Member-A to go online.
This did the trick for me. I have mentioned the steps that worked for me and the assumption is both F5 members are backed up, network maps, and other screenshots are taken for rollback.
I hope this helps. Feel free to ask any questions.
-
- Tyron_Fourie_18
Fantastic. Thanks for that answer.
