Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

What steps need to be followed if one of the HA device is out of order ?

Sarovani
Cirrocumulus
Cirrocumulus

Hi Experts ,

 

In production environment if one of the F5 device from HA pair goes out of order ( does not power on due to hardware issue ) , What steps we need to follow while replacing that device with new RMA device . ?

1.In this scenario how do we start building our new RMA device ?

2.How do we configure HA - Should we need to disable anything on Active device ?

 

Please advice .....

 

 

0691T00000F8zC1QAJ.png

3 REPLIES 3

CA_Valli
MVP
MVP

Steps to be done will be:

  • license RMA unit
  • rekey RMA unit (f5mku) for succesful import of encrypted config
  • restore UCS backup using no-license option (that will include all HA configurations and certs already)

You can optionally force offline RMA unit until you're ready to have it inline, I don't remember if this has an impact on HA link communication, it used to in older versions

  • rack, wire (maybe only HA+mgt link first, then traffic links when unit has s.by role) & boot RMA unit
  • optionally, failover the cluster and confirm traffic flows as intended
  • success

Also if there is a DNS module there specific requerments for RMA:

 

https://support.f5.com/csp/article/K14083

 

 

Also see:

 

https://support.f5.com/csp/article/K12880

Omar2
Cirrus
Cirrus

Hello Sarovani,

There are two scenarios,

First one is that you don't  have a backup UCS from the defective device and don't have the master key of it and in this scenario you have to do the below:

- power on the new RMA device, License it and configure initial configuration like MGMT IP, VLANs , Self IPs , NTP , DNS and HA configurations like the defective device was configured to make it as an HA peer to the active device.

- Then you can sync the configurations from the active device.

Second one is that you have a backup UCS from the defective device and also the master key and in this scenario you have to do the below:

- power on the new RMA device, License it and rekey RMA unit with the master ke and then restore UCS backup using no-license option.

- then sync the configurations.

_ for test, failover between the active device and RMA Device to be sure that traffic is working on the new RMA device.

_ in all scenarios, make sure that the new device is to be offline till you will be ready to make it as online to test traffic on.

+ to get Master key >>>>> use this command : f5mku -K

+ to rekey the new device >>> f5mku -r <key_value>

this is described in this link : https://support.f5.com/csp/article/K9420

I hope it is clear for you.