Two Devices (i10800) setup in Active / Standby - failover considerations and questions.
1) Can two dedicated HA interfaces inside single trunk be directly cross-connected between the two F5 hosts? OR do we need a switch in between this connection to do network type failover for vCMP ? I believe that I read somewhere that we can not directly connect two F5s with HA cable if we do vCMP ? (Please advise - see below)
2) If we have two 40G interfaces inside single TRUNK port for DATA traffic going into the F5, do we need to match the same for HA speed link? Or can the HA link interface be only two 10G ports? (lower speeds).
3) Can the HA VLAN for vCMP guests just be part of the same DATA trunk link? Basically not require separate HA physical connection? Is this supported/recommended?
I found the following document: https://support.f5.com/csp/article/K2397 that recommends:
Network issues may cause BIG-IP systems to enter into active-active mode. To avoid this issue, F5 recommends that you dedicate one interface on each system to perform only failover communications and, when possible, directly connect these two interfaces with an Ethernet cable to avoid network problems that may cause the systems to go into an active-active state.
BUT I'm little confused by the hardwire comment that it doesn't support vCMP? Is hardwire refering to cross-connect OR is this special optics cable outside of directly connecting the F5s via normal cable?
Thank you for feedback!
The note around the HA cabling would I believe refer to using the physical port on the device labelled "Failover". It should be RJ-45 on that platform, but on older generations it used a DB-9 style cable like a serial cable. In the VCMP case the two host systems should typically be configured as standalone units, and the failover port is not passed through to the VCMP guest. Think of the F5 hardware device more like a hypervisor such as ESX. If you had more than two VCMP host systems then using a switch would be recommended. It's worth noting that the IPs used in the HA direct-connection would likely not be routable from outside of the F5 cluster.
In this configuration having a crossover network cable plugged between each device allows for the systems to continue to pass data to each other for HA traffic in the event a cable, switchport, or switch fails. However, I would use the main data trunk as the primary link for any mirror traffic if your deployment calls for it. You can leverage the various failover detection mechanisms to help ensure that the right system is active depending on the failure scenario (Gateway/VLAN failsafe, for example).
Hope this helps,