VLAN Failsafe

It seems I should only configure VLAN Failover on the active unit, if i configure it on both units they both go into standby if a network connection is lost. Is this correct?is this wha tyou are looking for?

 

sol12277: Change in Behavior: How simultaneous failsafe events affect a redundant system

 

http://support.f5.com/kb/en-us/solutions/public/12000/200/sol12277.html

 

 

They way i have configured HA is using a dedicated VLAN called LTM-HA. This is configured on both devices, each with their own self IP. This is also one of the VLANs i have configured failsafe on. Does that sound ok?i do not think vlan failsafe should be enabled on ha vlan. for example, if ha vlan is down but hardware failover cable is still working fine, enabling vlan failsafe on ha vlan would trigger failover.

 

 

Also one question on floating IP addresses, it seems i need to use three addresses to make a floating IP. Two IPs for the static self IP on each unit, then one IP as the floating, is that also correct?yes, three addresses; two are non-floating (one per unit) and one is floating.

Hi all,

 

Sorry to ressurect this topic, but I want to know what is the best practice when configuring VLAN Failsafe. Should I configure the VLAN Failsafe failover only in the active unit? Or the best practice is to configure it on both active and standby units? I'm running version 10.2.

 

Thank you

 

Marcio

 

Should I configure the VLAN Failsafe failover only in the active unit? Or the best practice is to configure it on both active and standby units? I'm running version 10.2.you can configure vlan failsafe on both units but just want to make sure they are not triggered at the same time.

 

 

anyway, if you want to just failover when interface on bigip is down, i think ha-group might be better solution.

 

 

Configuring HA groups

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_high_avail.html1026652

I definitely agree on HA groups versus VLAN failsafe as the failover time is much faster and it is more intelligent.

 

 

Aaron

Thank you for the answers!

Luca, sometimes ago i had a problem with vlan fail safe, I opened a case on F5 support. and the Engineer said:

 

 

" One of the contributing factors to the issue you're experiencing is from your failover settings. Currently unit 1 is set to prefer active, and unit 2 is set to prefer standby. This will cause unit 1 to fight for active status anytime there is no failover condition present. I recommend you set both units to have no failover preference.

 

 

Also, a note about VLAN failsafe: this feature does not just monitor the connection between the F5 and the switch, but the entire VLAN. If the F5 looses connection to that VLAN do to an issue elsewhere in the network, neither unit will be able to be active and they will ping pong. Unless there is a specific reason you need to monitor for VLAN communicate I would strongly recommend you remove VLAN failsafe from your configuration. This feature is only useful in very select circumstances and usually causes failover problems as you've been experiencing "

once could have prevented that from happening configuring the following: Using tmsh to modify the database key 1.Log in to tmsh by typing the following command: tmsh

 

2.To set the database key to either true or false, use the following command syntax: modify /sys db failover.vlanfailsafe.resettimeronanyframe value

 

 

For example, to set the database key to true, type the following command:

 

modify /sys db failover.vlanfailsafe.resettimeronanyframe value true

 

3.Save the change by typing one of the following commands: save sys config

 

https://support.f5.com/csp/article/K13297