Forum Discussion

Blue_whale's avatar
Blue_whale
Icon for Cirrocumulus rankCirrocumulus
Jan 13, 2022

What steps need to be followed if one of the HA device is out of order ?

Hi Experts ,

 

In production environment if one of the F5 device from HA pair goes out of order ( does not power on due to hardware issue ) , What steps we need to follow while replacing that device with new RMA device . ?

1.In this scenario how do we start building our new RMA device ?

2.How do we configure HA - Should we need to disable anything on Active device ?

 

Please advice .....

 

 

3 Replies

  • Steps to be done will be:

    • license RMA unit
    • rekey RMA unit (f5mku) for succesful import of encrypted config
    • restore UCS backup using no-license option (that will include all HA configurations and certs already)

    You can optionally force offline RMA unit until you're ready to have it inline, I don't remember if this has an impact on HA link communication, it used to in older versions

    • rack, wire (maybe only HA+mgt link first, then traffic links when unit has s.by role) & boot RMA unit
    • optionally, failover the cluster and confirm traffic flows as intended
    • success
  • Hello Sarovani,

    There are two scenarios,

    First one is that you don't  have a backup UCS from the defective device and don't have the master key of it and in this scenario you have to do the below:

    - power on the new RMA device, License it and configure initial configuration like MGMT IP, VLANs , Self IPs , NTP , DNS and HA configurations like the defective device was configured to make it as an HA peer to the active device.

    - Then you can sync the configurations from the active device.

    Second one is that you have a backup UCS from the defective device and also the master key and in this scenario you have to do the below:

    - power on the new RMA device, License it and rekey RMA unit with the master ke and then restore UCS backup using no-license option.

    - then sync the configurations.

    _ for test, failover between the active device and RMA Device to be sure that traffic is working on the new RMA device.

    _ in all scenarios, make sure that the new device is to be offline till you will be ready to make it as online to test traffic on.

    + to get Master key >>>>> use this command : f5mku -K

    + to rekey the new device >>> f5mku -r <key_value>

    this is described in this link : https://support.f5.com/csp/article/K9420

    I hope it is clear for you.