Trunk setup procedure - review?

Question

I need to change a single interface over to a two-interface Trunk group on a pair of 7200 chassis. Below is how I'm thinking it could be done, but I thought I'd post it here for the more experienced folks to look over and see if there's anything missing (or a better alternative). The switch config side of this is being handled by a fellow tech, and we've done this before on a 2200 (but as an initial config). So, anway...&nbsp;
Scenario: A pair of active/active 7200 chassis with four VCMP guests each. Guests run in four active/standby pairs. Usually, all VCMP guests on one chassis are active and the other standby (no technical reason for doing so, it's just easier to remember who's active).&nbsp;
Tagged interface 2.1 on each chassis is currently used for 19 vlans. Plan is to create a Trunk with interfaces 2.1 and 2.2 (not in use) in it on each.&nbsp;
Do this first on the "standby" 7200 chassis (all VMs in standby). Once complete, force failover all active VMs and then repeat on the other chassis. Force failover again (back to the original one) afterward to verify.&nbsp;
Create "Trunk01" and add interface 2.2.Move a vlan over to it and verify nodes in that vlan recover on one or more VMs. Test a ping to a self IP, etc. Trunk01 will be used as a "tagged" interface.Once the secondary link connectivity looks good, move over the other vlans to Trunk01. Check to ensure nodes recover.Once all vlans have been moved from 2.1 to Trunk01, move 2.1 into the Trunk01 LAG with 2.2.Force failover the active VMs to the standby ones and repeat the procedure on the other chassis. Once complete, force failover back to verify.
Thanks!&nbsp;

fallout1984 · Answer

Note: Failover vlans use interface 1.1, which will not be involved here.&nbsp;

only1masterbla1 · Answer

;Make sure that vlan failsafe is turned off otherwise it change cause active/standby failovers:&nbsp;
K13297 - Overview of VLAN failsafe - AskF5 - F5 Networks
https://support.f5.com/csp/article/K13297&nbsp;

chris_grant · Answer

Your plan is fine.  The easiest way to do this without major impact would be to create the  trunk with two new unused interfaces, replace the interface on the VLAN with the trunk, and test.  This also gives rapid fallback if a failure takes place.  
&nbsp;
If this is not feasible, likely due to lack of available ports, then I would suggest moving the second interface into the trunk before you do your testing.  Link aggregation is unlikely to cause issues, but if you have something misconfigured on the switch or the BigIP, you will want to know this sooner rather than later.&nbsp;
Make sure that you have LACP configured properly if you are using LACP.  It doesn't hurt to have both endpoints active, but having both endpoints passive will bring your trunk down in short order.  
&nbsp;
I would be aware of the contents of this article: https://support.f5.com/csp/article/K1689&nbsp;

fallout1984 · Answer

Got it, thanks! We're not using vlan failsafe (have vlans in use over multiple VCMP guests), so we're ok there. I looked over the doc link - thanks!&nbsp;

Forum Discussion

Trunk setup procedure - review?

4 Replies

Recent Discussions

Provisioning r2600 equipment

Block CBC

active/active Support Declarative Onboarding

Error while running ansible

URL

Related Content

string first replacement procedure for ID999881

Kyle Fox's Security News 2023 in Review - F5 SIRT

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

F5 Backup procedure over SCP using iCall

BIG-IP Upgrade Procedure Using CLI (vCMP Guest & Host)