Sync Problems

Do the two devices have the same software version running?

 

 

Please confirm the Port Lockdown feature is not set to None on the Self IPs.

 

 

Have you configured failover to use the VLAN? Is a floating IP configured for that VLAN? Is the VLAN configured as untagged on the interfaces? Are you using the same physical inteface on each device?

 

 

The guide here also suggests that three VLANs must be present. I'm not sure about that but perhaps, if none of the above are an issue, you could try adding two more vlans?

 

I'm running BIGIP-11.2.1.797.0 on both devices. I have "Allow Default" on each of the ports, and the VLAN is present on both (its actually an untagged interface as the switch ports are access ports). I'd read about having an internal, external, and HA interface but didn't know whether it was a strict requirement. Supposedly these things will run in a 'one armed' mode which surely would mean they aren't neccassary?

Absolutely and it's a fair point. Can you answer these please;

 

 

Have you configured failover to use the VLAN?

 

Is a floating IP configured for that VLAN?

 

Have you configured a Traffic Group?

I have few LTMs located global, one of the biggest challenges supporting our clients is locating where a virtual is and what services or application uses it! It's a pain having to logon to each LTM appliance and lookup the virtual server IP. Is there a solution available that will create a toplogy showing the location of a VIP including a description/etc? I have had a look the F5 enterprise manager.

 

 

Franco

 

sorry, my comment is a mistake, ignore it

Sorry for the slow reply WhatLiesBeneath. To answer your questions:

 

 

1) Failover is configured to use the internal VLAN I created/configured.

 

2) I have tried configuring a floating ip on both units, doesn't seem to make any difference

 

3) Yep, I assigned the floating IP address to this traffic group no change.

That's OK, can I assume you've configured the ConfigSync address on each unit using the Self IP address for that same VLAN?

 

 

Can you ping successfully between units using those IP addresses?

 

 

Can you run this tcpdump to confirm you're seeing failover packets being exchanged across the VLAN: tcpdump -i vlan-name -nn udp port 1026

Yep, config sync is configured to use their own respective SelfIP's.

 

 

No traffic on udp 1026 but I can see plenty on tcp/1028, tcp/4353.

 

 

Ping's between the two devices work fine.

 

Hmmm, something else I notice which seems to be causing issues is that the MAC address changes on my internal VLAN after joining the virtual device to the cluster.

 

 

internal Link encap:Ethernet HWaddr 00:50:56:AC:6E:68

 

inet addr:192.168.167.251 Bcast:192.168.167.255 Mask:255.255.254.0

 

inet6 addr: fe80::298:76ff:fe54:3210/64 Scope:Link

 

inet6 addr: fe80::250:56ff:feac:6e68/64 Scope:Link

 

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

 

RX packets:4205 errors:0 dropped:0 overruns:0 frame:0

 

TX packets:426 errors:0 dropped:0 overruns:0 carrier:0

 

collisions:0 txqueuelen:0

 

RX bytes:2731292 (2.6 MiB) TX bytes:23383 (22.8 KiB)

 

 

 

internal Link encap:Ethernet HWaddr 00:50:56:AC:40:83

 

inet addr:192.168.167.251 Bcast:192.168.167.255 Mask:255.255.254.0

 

inet6 addr: fe80::298:76ff:fe54:3210/64 Scope:Link

 

inet6 addr: fe80::250:56ff:feac:4083/64 Scope:Link

 

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

 

RX packets:19243 errors:0 dropped:0 overruns:0 frame:0

 

TX packets:2455 errors:0 dropped:0 overruns:0 carrier:0

 

collisions:0 txqueuelen:0

 

RX bytes:13927378 (13.2 MiB) TX bytes:165984 (162.0 KiB)

 

 

 

Immediately after this happens, I cannot ping the gateway, other peer on that interface. The second MAC address doesn't match the MAC on the vmware server (so definately doesn't work!)

 

OK, so let's go back to basics here and confirm the configuration;

 

 

1) You have a single VLAN configured on both devices using the same tag number, Source Check and Failsafe are both disabled, assigned (untagged) to a single interface on both devices, the 'physical' interface used is the same on both devices and configured for the same speed and duplex settings

 

2) You've configured both devices to trust each other and each appears in the other's Peer List

 

3) You've created a Device Group and assigned both devices to it, on both devices and enabled Network Failover

 

4) You have a non-floating Self IP configured on both devices and assigned to the single VLAN, with Port Lockdown configured as Allow Default and assigned to the traffic-group-local-only traffic group

 

5) You have a floating Self IP configured on one device, assigned to the VLAN, with Port Lockdown configured as Allow Default and assigned to traffic-group-1

 

6) In System > Platform the root folder Device Group is your device group and the root folder Traffic Group is the one used in 4)

 

7) In Device Management > Devices > 'name' > Device Connectivity > ConfigSync you have the local non-floating IP address specified, on both devices

 

8) In Device Management > Devices > 'name' > Device Connectivity > Failover you have the same local non-floating IP address and port specified, on both devices

 

9) In Device Management > Devices > 'name' > Device Connectivity > Mirroring you have the same local non-floating IP address specified, on both devices