30-Jan-2023 08:38 - edited 30-Jan-2023 08:40
We've a pair of F5's in HA where Firewall is the gateway with /29 subnet.
Now, we'd like to expand the subnet from /29 to /28 to accomdate or install a new switch in our data center. . Noticed, K62249587 mentions about changing the management IP but my query is regarding the subnet-mask (Management IP remains the same).
Just changing the subnet-mask on F5 standby followed by F5 Active via configuration utility along with the changes on Gateway subnet mask. Will it suffice or will it create any issues in HA. Please note Mgmt interface is used in 'Failover Network' as a part of HA config.
Also, please assist if this needs any maintenance window.
Primary F5- 10.1.1.26/29
Secondary F5- 10.1.1.27/29
Primary F5- 10.1.1.26/28
Secondary F5- 10.1.1.27/28
Though creating a new interface for the VLAN on gateway would be a straight forward option, I just wanna know if this is feasible. Thanks in advance.
@Sri_Narasimha_05 I have never had an opportunity to make this type of change but based on how networking functions this change shouldn't cause an issue and I don't believe it would require a reboot. Sadly I do not have a test environment where I can test this to say if it will or will not require a reboot. On a positive you do have failover so if you have to reboot the standby you can without much issue but you will have a slight blip when you failover from active to standby to reboot the primary unit. If you have a lab environment I would recommend testing it out on those devices to be sure.
Thanks for the reply, Is there any chance for failover or getting into split brain situation due to this?
@Sri_Narasimha_05 Typically a split brain situation occurs because one device cannot reach the other on an interface and believes it is active because they other cannot be reached but both devices are actually up so they both become active. In this instance an ARP already exists so from a networking perspective they should be able to communicate with each other on the respective IP so that shouldn't happen. I do recommend doing this in a lab situation first because sometimes devices don't follow networking the way we would always expect them to and that could occur but it shouldn't.