For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mark_57945's avatar
Mark_57945
Icon for Nimbostratus rankNimbostratus
Mar 29, 2016

Which objects will Sync-Only device groups actually sync?

I'm looking for a mechanism to synchronize the configuration between four load balancers: a production pair of load balancers (in a Sync-Failover cluster) and a DR pair of load balancers (also in a Sync-Failover cluster).

 

I'd like to use a Sync-Only device group to sync configs between the four LTMs, but the documentation vaguely implies that certain objects are not synced in a Sync-Only device group. Unfortunately, I haven't been able to find a good list of which object types are or are not synced in a Sync-Only group. Will a Sync-Only group sync profiles, monitors, irules, pools, and vips?

 

Also, I see in the docs that the Sync-Only device groups functions as an override of the Sync-Failover device group. Will putting these objects (pools, vips, etc) in a folder synced via the Sync-Only device group interfere with failover?

 

Thanks,

 

Mark

 

application delivery
BIG-IP
cloud
LTM

4 Replies

  • Georgi__Joe__St's avatar
    Georgi__Joe__St
    Icon for Altostratus rankAltostratus
    Jan 27, 2017

    Hi Mark, Do you have any success with this? I am trying to implement same in our organization... without success for the moment

     

  • Randy_Hall's avatar
    Randy_Hall
    Icon for Nimbostratus rankNimbostratus
    Apr 20, 2017

    I too am in the same boat. I have a case open with F5 support to help me get to this same state. If I get any traction and get it to work, I will come back and post the setup.

     

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Apr 21, 2017

    So this is really not as complex as it sounds, but it's also not well documented. A Sync only device group only syncs non traffic objects. It won't sync Virtual Servers, Pools, Floating IPs, etc, but it will sync your APM objects and your ASM policies.

     

    To illustrate how this can be helpful, consider a situation where you have a data center in Denver, and one in Fort Lauderdale. Same configuration, same servers, different IP addressing.

     

    Sync Only allows your ASMs to be centrally managed while automatically protecting both data centers.

     

    Sync-Failover allows for on site redundancy.

     

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Nov 25, 2017

    So according to Dev, this is intended. As the virtual server in the partition is in traffic group none, it's not technically a failover object, so it gets synced. The solution is to put the virtual server in common and associate it with a traffic group. Not particularly intuitive until you look at it that way.