AWS Advanced HA iApp

Problem this snippet solves:

SUMMARY

For customers who want to deploy Public Internet-facing services on a traditional High Availability pair but also leverage the benefits of AWS’s Availability Zones, we introduce the AWS Advanced HA iApp. The AWS Advanced HA iApp helps facilitate the HA Across AZs deployment, an additional deployment option to those discussed in:

F5 in AWS Part 1 - AWS Networking Basics

F5 in AWS Part 2 - Running BIG-IP in an EC2 Virtual Private Cloud

F5 in AWS Part 3 - Advanced Topologies and More on Highly Available Services

As well as enable traditional HA pairs to perform basic route management of AWS route tables (whether in “Single AZ” or the “Across AZ” deployments introduced above). By having the Active BIG-IP take ownership of your client’s or application’s “default” or specific routes, this enables:

• Virtual Servers to avoid using SNAT* Manage Access Traffic (ex. point clients/servers to BIG-IP APM VPN for specific on-prem networks)* Facilitate various outbound proxy use cases (NAT, URI filtering, etc)

For more information, see the Deployment Guide

Minimum required BIG-IP version: 12.1.0 HF2.

Supported BIG-IP versions: 12.1.0 HF2.

Various Cloud Formation Templates that automate the installation of this solution are available on github. They are listed under the naming format "full-stack-across-az-cluster-*"

We recommend you first start with "full-stack-" examples to get a fully functioning reference deployment and the "existing-*" ones once you're comfortable with the general requirements (security groups, route tables, etc).

RELEASES

v1.0.0

iApp template to configure HA Across Availability Zones in AWS by managing EIP mappings.

v1.0.1

iApp template to configure HA Across Availability Zones in AWS by managing EIP and route mappings.

v1.0.1rc1

This version 1.0.1rc1 of the iApp template is available at downloads.f5.com. This official release candidate version contains the same functionality as the previous version (v1.0.1 on DevCentral), but the presentation has been updated. There is also a new F5 deployment guide to accompany the iApp template.

1. Go to https://downloads.f5.com/esd/index.jsp.2. Click Find a Download.
2. Click iApp Templates.
3. Accept the EULA, and then download the iapps zip file to a location accessible from your BIG-IP system.
4. Extract (unzip) the f5.aws_advanced_ha.v1.0.1rc1.tmpl file, found in the **_RELEASE CANDIDATE_** directory of the zip file.

v1.1.0rc1

This version 1.1.0rc1 template is available for download on this page.

F5 has released version 1.1.0rc1 of the iApp. This official release candidate version contains the same functionality as the previous version (v1.0.1rc1 on DevCentral), with further checks and support added for AWS EIP ownership. In previous versions, EIP ownership was indicated by which device owns the default floating traffic-group-1. As there was only one floating traffic group, this affected the global Active/Standby status of the devices. This iApp has been updated to validate EIP ownership after an active-active state scenario and ensures the current EIP owner is Active for traffic-group-1 (the traffic-group tied to the EIP mappings).

CAVEATS

1. Both BIG-IP devices will now report active for their global status, as each device will now own a device specific traffic group. The active status of the default floating traffic-group-1 will indicate which BIG-IP device is actively serving EIP production traffic.
2. The BIG-IP hostname should not be changed during an active deployment of this iApp.​
3. This solution only supports the 3 traffic groups as described above.

INSTALLATION

If you are using a previous version of this iApp and need to update the application service with this updated iApp, there are two prerequisites before you run this iApp:

1. Remove from the file /config/failover/active this line "python /config/failover/aws_advanced_failover.py”
2. Delete the file /config/failover/aws_advanced_failover.py entirely
3. Reparent the application service to use the new version of iApp template

This new version will modify the following files in /config/failover on first configuration run

1. tgactive (modify)
2. tgstandby (modify)

and install the following

1. aws_af_tgactive
2. aws_af_tgstandby
3. aws_advanced_failover.py
4. aws_advanced_failover.dat

On subsequent reconfiguration, it updates the above 4 files listed.

v1.2.0rc1

This version 1.2.0rc1 template is available for download on this page.

F5 has released version 1.2.0rc1 of the iApp. This official release candidate version contains the same functionality as the previous version (v1.0.1rc1 on DevCentral, or v1.1.0rc1), with further checks and support added for AWS EIP ownership. In previous versions, EIP ownership was indicated by which device owns the default floating traffic-group-1. As there was only one floating traffic group, this affected the global Active/Standby status of the devices. This iApp has been updated to validate EIP ownership after an active-active state scenario and ensures the current EIP owner is Active.

CAVEATS

Noted caveats from v1.1.0rc1 removed.

INSTALLATION

If you are using a previous version of this iApp and need to update the application service with this updated iApp, there are a few prerequisites before you run this iApp:

• Remove from the file /config/failover/active this line "python /config/failover/aws_advanced_failover.py”
• Delete the file /config/failover/aws_advanced_failover.py entirely
• Delete the file /config/failover/aws_af_tgactive (if previous version is v1.1.0rc1)
• Delete the file /config/failover/aws_af_tgstandby (if previous version is v1.1.0rc1)
• Reparent the application service to use the new version of iApp template

This new version will modify the following files in /config/failover on first configuration run

• tgactive (modify)
• tgstandby (modify)
• tgrefresh (modify)

and install the following

• aws_advanced_failover.py
• aws_advanced_failover.dat On subsequent reconfiguration, it updates the above 2 files listed.

Code :

70828