cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Azure Big IP F5 template with HA via LB

Enfield303
Nimbostratus
Nimbostratus

Hello All, I have deployed two Big IP virtual appliances into Micosoft Azure using the following template: https://github.com/F5Networks/f5-azure-arm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/payg

I ran accross the problem detailed here (https://github.com/F5Networks/f5-azure-arm-templates/issues/198) but once I manually set the failover network and mirroring network IP address both devices synced in an Active/Sandby configuration.

 

My question now is how does the Azure loadbalancer in front of these F5 devices pass traffic / manage failover for them? The Azure loadbalancer as deployed from the template has the F5 external addresses in a back-end pool but there are no health probes, loadbalancing rules or inbound NAT rules defined - does all this have to be done manually similar to what is documented here? : - https://azure-f5-lab-days.readthedocs.io/en/latest/class1/module3/lab1.html

 

Thanks for any help

4 REPLIES 4

Enfield303
Nimbostratus
Nimbostratus

On a related note, the advice for using an Azure LB for failover seems to be to use a wildcard, network range or different ports for the VIP - but what if I have multiple *seperate* apps that use the *same* port? - if the secondary IP addresses are on a /24 subnet do I need to further subnet that to differentiate between different apps? - or should I use DSR instead?

DSR does seem to simplify a lot of this but Jeff Giroux seems to not recommend it generally.

Enfield303
Nimbostratus
Nimbostratus

So it look like for more virtual servers the advice is to add more secondary IP configurations to the ext interface on the F5s: https://github.com/F5Networks/f5-azure-arm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/payg#creating-virtual-servers-on-the-big-ip-ve

The 'adding more secondary IP' approach is working well for me. However, each F5 in the HA cluster will have differing IPs for their VIPs. So how can i keep config in sync if the 2 configs have to differ?

Hello Jim I created a shared object that contained both F5 IPs and used that shared object for the VIP