Paulius.

Thanks for the info.  I worry a little about latency also, but the second pair and the new traffic-group are so we cam move applications to the new location along with moving them to the new traffic group to prevent application latency.  The first pair does not need to failover to the second group, just sync.  I'll take a look at the aricle and let you know how it goes.  

Dave

@dcarterjr If the new pair is not a failover pair for the first pair I would configure those new ones as their own HA pair and then copy the configuration over manully by using CLI list commands or creating an SCF file and grabbing the appropriate configuration and moving it over to the new units. You can do this by copying the configuration in question and then typing the following command which will allow you to paste in the configuration and save it to the new pair. Keep in mind that if any of the configuration is hashed you will need to configure the exact same master key on the new pair for the configuration to load properly.

load sys config from-terminal merge

It is important that you use this exact command because if not you could overwrite the existing configuration of the new F5 pair. The reason I recommend the process above is because it seems like you are trying to save the leg work of configuring the new HA pair by using the SYNC but you shouldn't do that because these new devices will not be failover devices for the existing HA pair.

I've actually been thinking along the same lines.  Let me talk to management.  Thanks.

If I can talk management into doing as you suggest, after I get this pair setup, I'm still going to have to do the same thing, but this will envolve failover too because I'll only have one box in the new location until everything gets moved.  So I'll need to add the 3rd box to the exisitng HA pair, I think I'd create a second traffic group which would run in the new location, allowing me to move each application to the new traffic group as they move.  So are there any gotchas to adding the 3rd device to the HA pair and creating the second traffic group.  I realize the second traffic group would exist on all 3, but only be active on the new box.  These are production boxes so I need to get it right the first time.  Thanks again.  

@dcarterjr As far as adding in a 3rd device and a new traffic group I don't believe you really have to worry about much. What is the desired end result when you are done with this project? Will you have 4 devices, 2 new in HA, and 2 old in HA at the same location as the new F5s? With this information we might be able to come up with a more appropriate migration advice.

The plan right now for the first scenario is to end up with 2 devices in the new location only once everything is moved, although I'm not sure there's currently a plan for the 2 exisitng boxes. 

In the secod scenario, I've suggested ending up with all 3 boxes in the new location once everything is moved, running both traffic groups, one on each of 2 active boxes, with the 3rd as a standby, since we don't have a use for a standalone.  

I have also suggested running 2 traffic groups on the HA pair and running active/active, but that's a different discussion.  

@dcarterjr I would just have the 2 devices in HA running as active/standby because it makes things so much simpler unless it is absolutely necessary that you run them active/active? To add in the 3rd device would be simple but adding the additional traffic group would most likely cause blips in connectivity when you start to shuffle virtual servers around to specific traffic-groups. I have not had the opportunity to shuffle them around after they have been up so I cannot provide any expected behavior other than what makes sense to me on how F5 behaves in most situations. You can keep that 3rd device as a spare to swap out if one of your F5s has a failure and then RMA it while still having HA with 2 devices. I would take this opportunity to make sure the master key on all the F5s is the same.