cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
JRahm
Community Manager
Community Manager

In this episode of Lightboard Lessons, I cover the basics of F5’s high availability architecture called Device Services Clustering, or DSC for short.

Update - step by step configuration of an example deployment shown below.

So let’s take the overall theory and break make some stuff! In this article we'll add four BIG-IP devices into a peer relationship, establish 2 sync-failover device groups, establish 2 traffic groups on one of the sync failover groups, and then create some failover objects for each of the traffic groups.

For each device, we’ll start by preparing them for peering. First, make sure your device certificate matches your fqdn. For each of my devices, that’s bigip_ha(n).test.local, where (n) is the device number in my lab. You can do this at System->Device Certificates->Device Certificate. I’m just using a self signed certificate for this article. Next, go to Device Management -> Devices, and click on the (Self) device as shown below

0151T000003d6yTQAQ.png

In the device view, you’ll need to click Device Connectivity and set each of Config Sync, Failover Network, and Mirroring. I’m choosing my HA network for all three and foregoing a backup option, though in production you might want to consider using one.

0151T000003d6yUQAQ.png

0151T000003d6yVQAQ.png

0151T000003d6yWQAQ.png

Make sure your port lockdown settings are configured to allow for your HA traffic. Allow default should be sufficient. Repeat these steps for your remaining devices.

Now that the devices are all configured, let’s add some peers! For this lab, I will use device bigip_ha1 to add the other three peers. First, we supply an IP address, which I specify as the HA self IP address, and credentials.

0151T000003d6yXQAQ.png

Verify the information the BIG-IP pulled in about that peer, then click finish.

0151T000003d6yYQAQ.png

Repeat for the remaining devices. Now in the device list, I see all four BIG-IPs.

0151T000003d6yZQAQ.png

Moving on, let’s create a a couple sync-failover groups, putting bigip_ha1/2 in the first and bigip_ha3/4 in the second. Shown below is the first, just repeat the steps for the second.

0151T000003d6yaQAA.png

After the second is created, you can see both in the device group list

0151T000003d6ybQAA.png

Next do an initial sync by selecting a device to sync to group for each failover group

0151T000003d6ycQAA.png

So at this point we have two pairs of sync-failover groups, all synced, all in the sync-only device_trust group. By default, all traffic for each sync group will now be active standby since the only floating traffic group is traffic-group-1. Let’s add a traffic group to our first sync-failover pair.

0151T000003d6ydQAA.png

Now, instead of having an active/standby pair of devices, you have an active/active pair! And if we had a third device in this failover group, and created a third traffic group, we would transition from active/active/standby to active/active/active. Cool stuff!

0151T000003d6yeQAA.png

Now if you add failover objects, you’ll notice they all add to traffic-group-1 by default. This is because the /Common partition defaults to traffic-group-1. Let’s create a specific partition for both traffic groups so we can be explicit with the traffic.

0151T000003d6yfQAA.png

0151T000003d6ygQAA.png

Now we can add a failover object like a snatpool in each partition

0151T000003d6yhQAA.png

0151T000003d6yiQAA.png

So now if we look at the traffic groups and select All partitions, we can see that each traffic group has two failover objects (the two snat addresses we added to the snat pools.)

0151T000003d6yjQAA.png

And if we click into one of them, we can see the actual failover objects attached to that traffic group.

0151T000003d6ykQAA.png

This is just the tip of the iceberg, there is plenty more to cover on the failover methods, which we will touch on next week.

Resources

Configuring BIG-IP Local Traffic Manager (LTM)
Version history
Last update:
‎01-Mar-2017 12:00
Updated by:
Contributors