Getting Started with BIG-IP Next: Configuring Instance High Availability

With BIG-IP classic, there are a lot of design choices to make and steps on both systems to arrive at an HA pair. With BIG-IP Next, this is simplified quite a bit. Once configured, the highly available pair is treated by Central Manager as a single entity. There might be alternative options in the future, but as of version 20.1, HA for instances is active/standby only. In this article, I'll walk you through the steps to configure HA for instances in the Central Manager GUI.

Background and Prep Work

I set up two HA systems in my preparation for this article. The first had dedicated interfaces for the management interface, the external and internal traffic interfaces, and the HA interface. So when configuring the virtual machine, I made sure each system had four NICs. For the second, I merged all the non-management interfaces on a single NIC and used vlan tagging, so those systems had two NICs. In my lab that looks like this:

The IP addressing scheme in my lab is shown below. First the four NIC system:

4-NIC System next-4nic-a next-4nic-b floating
mgmt 172.16.2.152/24 172.16.2.153/24 172.16.2.151/24
cntrlplane ha (vlan 245) 10.10.245.1/30 10.10.245.2/30 NA
dataplane ha (int 1.3) 10.0.5.1/30 10.0.5.2/30 NA
dataplane ext (int 1.1) 10.0.2.152/24 10.0.2.153/24 10.0.2.151/24
dataplane int (int 1.2) 10.0.3.152/24 10.0.3.153/24 10.0.3.151/24

And now the two NIC system:

2-NIC System next-2nic-a next-2nic-b

floating

mgmt 172.16.2.162/24 172.16.2.163/24 172.16.2.161/24
cntrlplane ha (vlan 245) 10.10.245.5/30 10.10.245.6/30

NA

dataplane ha (vlan 50) 10.0.5.5/30 10.0.5.6/30 NA
dataplane ext (vlan 30) 10.0.2.162/24 10.0.2.163/24 10.0.2.161/24
dataplane int (vlan 40) 10.0.3.162/24 10.0.2.163/24 10.0.3.161/24

Beyond the self IP addresses for your traffic interfaces, you'll need additional IP addresses for the floating address, the control-plane HA sub-interfaces (which are created for you), and teh data-plane HA interfaces. Before proceeding, make sure you have a plan for network segmentation and addressing similar to above, you've installed two like instances, and that one (and only one) of them is licensed.

Configuration

This walk through is for the 2-NIC system shown above, but the steps are mostly the same. First, login to Central Manager, and click on Manage Instances.

Click on the standalone mode for the system you want to be active initially in your HA pair. For me, that's next-2nic-a. (You can also just click on the system name and then select HA in the menu, but this saves a click.)

In the pop-up dialog, select Enable HA. Read the notes below to make sure your systems are ready to be paired.

On this screen, a list of available standalone systems will populate. Click the down arrow and select your second system, next-2nic-b in my case. Then click Next.

On this next prompt, you'll need to create two vlans, one for the control plane and one for the data plane. The control plane mechanics are taken care of for you and you don't need to plan connectivity other than to select an available vlan that won't conflict with anything else in your system. For the data plane, you need to have a dedicated vlan and/or interface set aside. Click Create VLAN for the control plane.

Name and tag your vlan. In my case I used cp-ha as my vlan name and tag 245. Click Done.

Now click Create VLAN for the data plane.

Because I'm tagging all networks on the 2-NIC system, my own interface is 1.1. So I named my data plan vlan dp-ha, set the tag to 50, selected interface 1.1, and clicked Done.

Now that both HA VLANs have been created, click Next.

On this screen, you'll name your HA pair system. This will need to be unique from other HA pairs, so plan accordingly. I named mine next-ha-1, but that's generic and unlikely to be helpful in your environment. Then set your HA management IP, this is how Central Manager will connect to the HA pair. You can enable auto-failback if desired, but I left that unchecked. For the HA Nodes Addresses, I referenced my addressing table posted at the top of this article and filled those in as appropriate. When you get those filled out, click Next.

Now you'll be presented with a list of your traffic VLANs. On my system I have v102-ext and v103-int for my external and internal networks. First, I clicked v102-ext.

On this screen you'll need to add a couple rows so you can populate the active node IP, the standby node IP, and the floating IP. The order doesn't matter, but I ordered them as shown, and again referenced my addressing table. Once populated, click Save.

That will return you to this screen, where you'll notice that v102-ext now has a green checkbox where the yellow warning was. Now click into your other traffic VLAN (v103-int in my case) if applicable to your environment or skip this next step.

This is a repeat of the external traffic network for the internal traffic network. I referenced my address table one more time and filled the details out as appropriate, then clicked Save.

Make sure that you have green checkboxes on the traffic VLANs, then click Next.

Review the summary of the HA settings you've configured, and if everything looks right, click Deploy to HA.

On the "are you sure?" dialog where you're prompted to confirm your deployment, click Yes, Deploy.

You'll then see messaging at the top of the HA configuration page for the instance indicating that HA is being created. Also note that the Mode on this page during creation still indicates standalone.

Once the deployment is complete, you'll see the mode has changed to HA and the details for your active and standby nodes are provided. Also present here is the Enable automatic failover option, which is enabled by default. This is for software upgrades. If left enabled, the standby unit will be upgraded first, a failover will be executed, and the the remaining system will be upgraded. If in your HA configuration you specified auto-failback, then after the second system is upgraded there will be another failover executed to complete the process.

And finally, as seen in the list of instances, there are three now instead of four, with next-ha-1 taking the place of next-2nic-a and next-2nic-b from where we started.

Huzzah! You now have a functioning BIG-IP Next HA pair. After we conclude the "Getting Started" series, we'll start to look at the benefits of automation around all the tasks we've covered so far, including HA. The click-ops capabilities are nice to have, but I think you'll find the ability to automate all this from a script or something like an Ansible playbook will really start to drive home the API-first aspects of Next.

Updated Mar 11, 2024
Version 2.0
  • i have both n1/n2 nodes in central manager and both show healthy. I follow these steps and when cm is trying to create the ha I get an error that says "unable to connect to the https server on peer node ip x.x.x.x" pairup failed.  I checked our firewall logs and see no communications from the central manager to this ip. Also the ctrl plane ha, data plane ha, dataplane-ext and dataplane-int vlans are all on the same router with no acls so nothing should be blocking their access.  Any idea's on what would cause this issue?

    • Scot_JC's avatar
      Scot_JC
      Icon for Employee rankEmployee

      Hi, I experienced the same difficulty - "unable to connect to the https server on peer node ip x.x.x.x" - once and I think I got over this with ensuring the active instance is licensed.

  • Thanks for the great post. Does the same architecture apply for BIG-IP next on rSeries ? How do I map the BIG-IP next interfaces with the BIG-IP rSeries interfaces. 

    It would be very helpful if we could see BIG-IP next demo on the BIG-IP rSeries environment. At least on the networking and HA standpoint.

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      The HA process is the same regardless, just need to make sure your networking layers are setup properly on rSeries/VELOS. I'll add a demo for rSeries to my list, but the HA pair will be on same appliance as that's all I have access to.