VLAN Fail safe

I have a version 10.2 HA pair newly built for a DC, and facing issues with "vlan failsafe" whenever I shut down an interface on the switch for device A, vlan failsafe is triggered on both the devices A & B and they both go to standby.is there any other active device in that vlan besides device A? if no, vlan failsafe on device B will also be triggered because there is no traffic on that vlan (since only active device on that vlan, device A, is already down).

 

 

sol13297: Overview of VLAN failsafe (10.x - 11.x)

 

http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13297.html

 

 

sol12277: How simultaneous failsafe events affect a redundant system

 

http://support.f5.com/kb/en-us/solutions/public/12000/200/sol12277

 

 

if you want to failover when interface is down, i think ha-group might be better solution.

 

 

Configuring HA groups

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_high_avail.html1026652

 

 

hope this helps.

Thanks Nitass,

 

 

What is VLAN failsafe meant for then?

 

 

Questions about HA Group:

 

Do I need to create pools for monitoring the upstream gateway for each VLAN?

 

Also shall I add them to a single HA Group or it needs 1 group per VLAN?

 

I have to upgrade these boxes to 11.3 later, and I think I need to remove these HA groups and

 

 

I am going through the score calculation and will post questions related to it later :)

Thanks Nitass,

 

 

What is VLAN failsafe meant for then?

 

 

Questions about HA Group:

 

Do I need to create pools for monitoring the upstream gateway for each VLAN?

 

Also shall I add them to a single HA Group or it needs 1 group per VLAN?

 

I have to upgrade these boxes to 11.3 later, and I think I need to remove these HA groups and

 

 

I am going through the score calculation and will post questions related to it later :)

What is VLAN failsafe meant for then? if you just want to failover based on vlan traffic and do not require granular control, i think vlan failsafe is what you need.

 

 

Do I need to create pools for monitoring the upstream gateway for each VLAN? you can.

 

 

Also shall I add them to a single HA Group or it needs 1 group per VLAN? i understand you can have only one ha-group. can you configure more than one ha-group??

 

 

I have to upgrade these boxes to 11.3 later, and I think I need to remove these HA groups and why do you have to remove ha-group when upgrading to 11.3??

VLAN failsafe is not helping as I said earlier even if I only shut the switch port for LTM 1 it triggers the failsafe to LTM 2 also, and both go to standby.

 

 

As per the below KB we need to clear the HA groups before upgrading but its not mentioned if we have to recheck them back after upgrade, I believe we should recheck it after a successfull upgrade

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-upgrade-active-standby-11-3-0/1.htmlconceptid

 

 

My question here is how would I create a failover configuration where if any of my interface/VLAN fails on one device, it should failover to the other box ?

 

My question here is how would I create a failover configuration where if any of my interface/VLAN fails on one device, it should failover to the other box ?you can create trunk with one interface and configure the trunk in ha-group.

Hi Nitass,

 

As recommended, I created 3 new trunks with 1 interface (I already had PO1 with 2 interfaces in it)

 

 

Below are the issues I am facing:

 

Even though I mentioned the threshold as 1 for PO1, it fails out when I shut one of the interfaces in the PO, I am expecting it fail only when both the interfaces of PO1 go down.

 

When the interface for device A comes up and the interface on device B goes down it doesn't switch the role, Device B still hold the Active role, for instance:

 

1. if I make interface 1.3 (Trunk_111) down on device A, failover happens immediately and device B gets the Active role.
2. Now when I bring up the interface then device B holds the Active role, which is what I want, (I set the failover preference to none on both devices)
3. When I make interface 1.3 (Trunk_111) down on device B, it still keeps Active role with him which ideally it should become standby and release Active role to device A, This is a problem

 

I think something here is to do with weights assigned or the active bonus, not getting how to solve this.

 

Below is both device A & B config for ha-group & trunks, please suggest how to fix this

 

 

Code 10.2

 

--------------------------------- Active Box -----------------------------------

 

[asheikh@LTM1:Active] ~ tmsh list sys ha-group ha-group_1

 

sys ha-group ha-group_1 {

 

trunks {

 

PO1 {

 

percent-up 100

 

threshold 1

 

weight 40

 

}

 

Trunk_111 {

 

percent-up 100

 

weight 20

 

}

 

Trunk_112 {

 

percent-up 100

 

weight 20

 

}

 

Trunk_211 {

 

percent-up 100

 

weight 20

 

}

 

}

 

}

 

[asheikh@LTM1:Active] ~ tmsh list net trunk

 

net trunk PO1 {

 

bandwidth 2000

 

cfg-mbr-count 2

 

id 0

 

interfaces {

 

1.1

 

1.2

 

}

 

mac-address 0:23:e9:4e:75:96

 

working-mbr-count 2

 

}

 

net trunk Trunk_111 {

 

bandwidth 1000

 

cfg-mbr-count 1

 

id 2

 

interfaces {

 

1.3

 

}

 

mac-address 0:23:e9:4e:75:98

 

working-mbr-count 1

 

}

 

net trunk Trunk_112 {

 

bandwidth 1000

 

cfg-mbr-count 1

 

id 1

 

interfaces {

 

1.6

 

}

 

mac-address 0:23:e9:4e:75:97

 

working-mbr-count 1

 

}

 

net trunk Trunk_211 {

 

bandwidth 1000

 

cfg-mbr-count 1

 

id 3

 

interfaces {

 

1.4

 

}

 

mac-address 0:23:e9:4e:75:99

 

working-mbr-count 1

 

}

 

[asheikh@LTM1:Active] ~

 

 

--------------------------------- Standby Box -----------------------------------

 

[asheikh@LTM2:Standby] ~ tmsh list sys ha-group ha-group_1

 

sys ha-group ha-group_1 {

 

trunks {

 

PO1 {

 

percent-up 100

 

threshold 1

 

weight 40

 

}

 

Trunk_111 {

 

percent-up 100

 

weight 20

 

}

 

Trunk_112 {

 

percent-up 100

 

weight 20

 

}

 

Trunk_211 {

 

percent-up 100

 

weight 20

 

}

 

}

 

}

 

[asheikh@LTM2:Standby] ~ tmsh list net trunk

 

net trunk PO1 {

 

bandwidth 2000

 

cfg-mbr-count 2

 

id 0

 

interfaces {

 

1.1

 

1.2

 

}

 

mac-address 0:23:e9:4e:7e:96

 

working-mbr-count 2

 

}

 

net trunk Trunk_111 {

 

bandwidth 1000

 

cfg-mbr-count 1

 

id 2

 

interfaces {

 

1.3

 

}

 

mac-address 0:23:e9:4e:7e:98

 

working-mbr-count 1

 

}

 

net trunk Trunk_112 {

 

bandwidth 1000

 

cfg-mbr-count 1

 

id 1

 

interfaces {

 

1.6

 

}

 

mac-address 0:23:e9:4e:7e:97

 

working-mbr-count 1

 

}

 

net trunk Trunk_211 {

 

bandwidth 1000

 

cfg-mbr-count 1

 

id 3

 

interfaces {

 

1.4

 

}

 

mac-address 0:23:e9:4e:7e:99

 

working-mbr-count 1

 

}

 

[asheikh@LTM2:Standby] ~

 

Please suggest if this is something that is workable, I am trying to achieve that "Any interface failure should trigger a fail-over"

Even though I mentioned the threshold as 1 for PO1, it fails out when I shut one of the interfaces in the PO, I am expecting it fail only when both the interfaces of PO1 go down.i understand you need active bonus (not threshold).

 

 

When I make interface 1.3 (Trunk_111) down on device B, it still keeps Active role with him which ideally it should become standby and release Active role to device A, This is a problemhave you checked ha-score (on both units)? what was it?

Hi Nitass,

 

 

Thanks for the response, the HA score was fine

 

Rather there was an issue with the STP which was preventing the traffic and I got this fixed after filtering the BPDUs on the switch ports.

 

 

Good part in this was I learnt the nitty-gritty of configuring HA-Group