Add LTM to existing HA pair

Question

I need to add 2 LTMs to an exsiting HA pair, and create a second traffic group in that device group.&nbsp; The second pair are in a different location.&nbsp; I've looked at many F5 articles, and it looks doable, but I haven't found one that talks specifically about adding these extra devices to the HA pair.&nbsp; I'd appreciate any input.&nbsp; These are FIPS boxes, if that makes any difference.&nbsp; 7200s, Version 14.5.1.2.&nbsp; Thanks

paulius · Accepted Answer

dcarterjr&nbsp;I believe the best route would be to create the new traffic group on the existing pair first to confirm it functions. After that you should be able to add in the other devices to the HA pair the same as any other F5 HA setup. This article might help you with your configuration.
https://clouddocs.f5.com/training/community/adc/html/class1/module1/lab4.html
The only concern I would have is latency between the 4 devices because those other devices are at a different location. As long as you can extend your subnets for the existing pair to the other location for the two new devices it should be possible to configure this setup.

dcarterjr · Answer

Paulius.Thanks for the info.&nbsp; I worry a little about latency also, but the second pair and the new traffic-group are so we cam move applications to the new location along with moving them to the new traffic group to prevent application latency.&nbsp; The first pair does not need to failover to the second group, just sync.&nbsp; I'll take a look at the aricle and let you know how it goes.&nbsp;&nbsp;Dave

paulius · Answer

dcarterjr If the new pair is not a failover pair for the first pair I would configure those new ones as their own HA pair and then copy the configuration over manully by using CLI list commands or creating an SCF file and grabbing the appropriate configuration and moving it over to the new units. You can do this by copying the configuration in question and then typing the following command which will allow you to paste in the configuration and save it to the new pair. Keep in mind that if any of the configuration is hashed you will need to configure the exact same master key on the new pair for the configuration to load properly.
load sys config from-terminal merge
It is important that you use this exact command because if not you could overwrite the existing configuration of the new F5 pair. The reason I recommend the process above is because it seems like you are trying to save the leg work of configuring the new HA pair by using the SYNC but you shouldn't do that because these new devices will not be failover devices for the existing HA pair.

dcarterjr · Answer

I've actually been thinking along the same lines.&nbsp; Let me talk to management.&nbsp; Thanks.

dcarterjr · Answer

If I can talk management into doing as you suggest, after I get this pair setup, I'm still going to have to do the same thing, but this will envolve failover too because I'll only have one box in the new location until everything gets moved.&nbsp; So I'll need to add the 3rd box to the exisitng HA pair, I think I'd create a second traffic group which would run in the new location, allowing me to move each application to the new traffic group as they move.&nbsp; So are there any gotchas to adding the 3rd device to the HA pair and creating the second traffic group.&nbsp; I realize the second traffic group would exist on all 3, but only be active on the new box.&nbsp; These are production boxes so I need to get it right the first time.&nbsp; Thanks again.&nbsp;&nbsp;

paulius · Answer

dcarterjr As far as adding in a 3rd device and a new traffic group I don't believe you really have to worry about much. What is the desired end result when you are done with this project? Will you have 4 devices, 2 new in HA, and 2 old in HA at the same location as the new F5s? With this information we might be able to come up with a more appropriate migration advice.

Forum Discussion

Add LTM to existing HA pair

10 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

F5 LTM HA pair upgrade Automation using Python

Rebooting HA pair

LTM HA Pair SSL Certs

Add UPN to existing policy

add LTM to GTM