Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Config-sync only certain BIG-IP folders

TJ_Vreugdenhil
Cirrus
Cirrus

‎05-Jan-2018 11:44 - last edited on ‎02-Jun-2023 10:11 by Fog

Hey guys -

We have F5 platforms at each datacenter using a OTV link to extend Layer 2 services.

We would like to be able to synchronize everything in the /Common folder/partition. But create a site specific folder or partition that does not get synchronized. Reading the snippet below, it seems like this is doable using folders. But it is not clear to me how to actually assign a folder to a specific traffic-group, and then to a specific sync-only device group?

Any help on the configuration steps to accomplish this? (BIG-IP 12.1.2) 

Folders
A folder is a container for BIG-IP configuration objects. You can use folders to set up synchronization and failover of configuration data in a device group. You can sync all configuration data on a BIG-IP device, or you can sync and fail over objects within a specific folder only.

https://support.f5.com/csp/article/K13946
Labels:
0 Kudos
9 REPLIES 9

nitass
F5 Employee
F5 Employee

‎05-Jan-2018 17:10 - last edited on ‎02-Jun-2023 10:11 by Fog

can you try something like this?

// active

[root@bip1a:Active:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1a:Active:In Sync] config  tmsh create ltm pool /Common/local/localpool_test
[root@bip1a:Active:In Sync] config  tmsh list ltm pool /Common/local/*
ltm pool local/localpool_test { }
[root@bip1a:Active:In Sync] config 

// standby

[root@bip1b:Standby:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1b:Standby:In Sync] config  tmsh list ltm pool /Common/local/*
01020036:3: The requested Pool (/Common/local/*) was not found.
[root@bip1b:Standby:In Sync] config

normally i use sync only device group to sync object among big-ip in different ha pair e.g. fips key across 2 pairs of big-ip.

0 Kudos

TJ_Vreugdenhil
Cirrus
Cirrus
In response to nitass

‎07-Jan-2018 13:53

Thanks Nitass, that is helpful!

 

So we really have a pair of F5 devices at each datacenter.

 

So would I have to do something like this?

 

DC1 device-group 1 sync-failover (DC1-bigip1, DC1-bigip2)

 

DC2 device-group 2 sync-failover (DC2-bigip3, DC2-bigip4)

 

device-group 3 sync-only (DC1-bigip1, DC1-bigip2, DC2-bigip3, DC2-bigip4)

 

device-group 4 (DC1 site local) sync-only DC1-bigip1, DC1-bigip2

 

device-group 5 (DC2 site local) sync-only (DC2-bigip3, DC2-bigip4)

 

traffic-group-4 (device-group-4 ) virtual-address 4

 

traffic-group-2 (device-group 1, device-group 2) virtual-address 1 virtual-address 2

 

Also, is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI? Or do the configuration objects have to be created or moved using the CLI/TMSH if you want them in a certain folder?

 

Thanks!

 

0 Kudos

nitass
F5 Employee
F5 Employee
In response to nitass

‎07-Jan-2018 16:33

DC1

 

device-group 1

 

sync-failover (DC1-bigip1, DC1-bigip2)

 

DC2

 

device-group 2

 

sync-failover (DC2-bigip3, DC2-bigip4)

 

doesn't failover happen inside each dc e.g. bigip1 to bigip2 or vice versa, bigip3 to bigip3 or vice versa? if you want to synchronize some object among all 4 bigip, you can create sync only device group with all 4 bigip as members. whatever object with this sync only device group will be synchronized to all the bigip e.g. certificate, private key.

 

is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI?

 

you can use full path when creating object in gui e.g. /Common/local/localpool_test as a pool name.

 

0 Kudos

nitass_89166
Noctilucent
Noctilucent

‎05-Jan-2018 17:10 - last edited on ‎02-Jun-2023 10:10 by Fog

can you try something like this?

// active

[root@bip1a:Active:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1a:Active:In Sync] config  tmsh create ltm pool /Common/local/localpool_test
[root@bip1a:Active:In Sync] config  tmsh list ltm pool /Common/local/*
ltm pool local/localpool_test { }
[root@bip1a:Active:In Sync] config 

// standby

[root@bip1b:Standby:In Sync] config  tmsh list sys folder /Common/local
sys folder local {
    device-group none
    inherited-devicegroup false
    inherited-traffic-group false
    traffic-group traffic-group-local-only
}
[root@bip1b:Standby:In Sync] config  tmsh list ltm pool /Common/local/*
01020036:3: The requested Pool (/Common/local/*) was not found.
[root@bip1b:Standby:In Sync] config

normally i use sync only device group to sync object among big-ip in different ha pair e.g. fips key across 2 pairs of big-ip.

0 Kudos

TJ_Vreugdenhil
Cirrus
Cirrus
In response to nitass_89166

‎07-Jan-2018 13:53

Thanks Nitass, that is helpful!

 

So we really have a pair of F5 devices at each datacenter.

 

So would I have to do something like this?

 

DC1 device-group 1 sync-failover (DC1-bigip1, DC1-bigip2)

 

DC2 device-group 2 sync-failover (DC2-bigip3, DC2-bigip4)

 

device-group 3 sync-only (DC1-bigip1, DC1-bigip2, DC2-bigip3, DC2-bigip4)

 

device-group 4 (DC1 site local) sync-only DC1-bigip1, DC1-bigip2

 

device-group 5 (DC2 site local) sync-only (DC2-bigip3, DC2-bigip4)

 

traffic-group-4 (device-group-4 ) virtual-address 4

 

traffic-group-2 (device-group 1, device-group 2) virtual-address 1 virtual-address 2

 

Also, is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI? Or do the configuration objects have to be created or moved using the CLI/TMSH if you want them in a certain folder?

 

Thanks!

 

0 Kudos

nitass_89166
Noctilucent
Noctilucent
In response to nitass_89166

‎07-Jan-2018 16:33

DC1

 

device-group 1

 

sync-failover (DC1-bigip1, DC1-bigip2)

 

DC2

 

device-group 2

 

sync-failover (DC2-bigip3, DC2-bigip4)

 

doesn't failover happen inside each dc e.g. bigip1 to bigip2 or vice versa, bigip3 to bigip3 or vice versa? if you want to synchronize some object among all 4 bigip, you can create sync only device group with all 4 bigip as members. whatever object with this sync only device group will be synchronized to all the bigip e.g. certificate, private key.

 

is there an easy way to create the local datacenter's VIP, self IP's, pool, etc inside the "local" folder via the GUI?

 

you can use full path when creating object in gui e.g. /Common/local/localpool_test as a pool name.

 

0 Kudos

Davidfisher_345
Altocumulus
Altocumulus

‎01-Sep-2018 12:37

This guy has a post on something similar, take a look:

 

https://deviousnetworks.blogspot.com/2017/03/big-ip-folders.html

 

0 Kudos

TJ_Vreugdenhil
Cirrus
Cirrus
In response to Davidfisher_345

‎01-Sep-2018 13:21

Nice find. That was exactly what I was going for. I didn't end up doing it for a client to avoid administration complexity. It's easy to understand if you set it up yourself, but if a new resource came in, they may not know or remember to create objects in the correct folder.

 

0 Kudos

TJ_Vreugdenhil
Cirrus
Cirrus
In response to Davidfisher_345

‎01-Sep-2018 13:23

Actually, the article is close to what we were going for. But a little different. Either way, it's a good reference.

 

0 Kudos
Copyright © 2023 Khoros, LLC