cancel
Showing results for 
Search instead for 
Did you mean: 

How to sync the config in CLI when we have multiple traffic-group ( Active-Active)

Sarovani
Cirrostratus
Cirrostratus

Hi Experts !!!

 

How to sync the config via cli in Active-Active setup .

 

Example :

We have 2 f5 named BIGIP-A and BIGIP-B and 2 traffic-group-1 is active in BIGIP-A and traffic-group-2 is Active in BIGIP-2 .

On BIGIP-A I configure a VIP which is Active in traffic-group-2 , in this case how do I sync the config in CLI .

 

I need CLI command to sync the config when the F5 HA status are in Acive-Active setup .

5 REPLIES 5

C_A__Valli
Cirrostratus
Cirrostratus

You're confusing Traffic and Device Groups.

 

Config Sync is commanded by Device Groups, not Traffic Groups, so an Active/Active scenario doesn't necessarily mean there will be separate Config Sync.

 

You can have multiple Device Groups for config sync, either with separate devices (in a 2+ unit HA environment) or for separate modules (eg. set WAF to automatic sync ), but if you only have one device group for your HA units, the will also be only one configsync option available.

 

Command will be (v11 to v16)

run /cm config-sync <sync_direction> <sync_group>

Where <sync_group> is your Device Group name (not traffic group!) and <sync_direction> will either be to-group or from-group depending on which unit will receive/push the configuration.

 

@dr papero​ 

Thanks for the clarification .

 

But in cli which <sync-group> should I be using for sync ...I see 2 sync only groups and 1 sync-failover group .

C_A__Valli
Cirrostratus
Cirrostratus

Whichever is the group with the disalignment .. "show /cm sync-status" command should help you clarify this, but I'd guess your main Device Group will be the sync-failover one.

 

The others you see are likely the default BIGIP device groups, device_trust_group is a sinc-only auto-sync group which is created when you perform device trust for the first time and handles device trust, while you might also see datasync-global-dg if you have WAF provisioned, this is a sync-only manual-sync group that handles metadata and attack signature update sync between the two units. It's unlikely to see those groups out of sync in daily administration and you will have some high-priority problems to be handled if they are.

 

 

Whichever is the group with the disalignment . ? What do you mean by this ? please explain .

You have 3 Device Groups, each verifying its own sync status.

Each one of them might be out of sync. You can check this with the "show /cm sync status" command as I stated in my previous comment.

 

Whichever is the group with the disalignment must be synced. So if only one is, sync that one. If two DG's are out of sync, you will need to sync both.

 

K15419 details this operation, you can check KB's for more information on sync process.