LTM Active/Active vs Active/Standby?
Hi I'm currently in the process of deploying several pairs of LTMs as HA pairs and am looking at the pros and cons of running an Active/Active vs Active/Standby configuration. I've had a read around and from what I understand the Active/Active mode of operation is based on associating VIPs with traffic groups and having one traffic group active per LTM. F5 recommend running HA pairs as Active/Standby but I cant find anything that backs this up, i.e. there are no reasons given as to why this is. The only one I can really think of is that careful capacity management will need to be undertaken to ensure that each box doesnt run at over 50% of utilisation. Are there any other technical or operational reasons why LTMs should not be run as an Active/Active pair? Thanks Malcolm1.8KViews0likes7CommentsActive Active Advanced WAF behind Azure LB Best Practice
Hi Hope someone can help me. I'm trying to work out the best configuration for our use case - 50 + web applications bound on SSL on a active / active Advanced WAF cluster behind an Azure Load Balancer configured on top of the single nic deployment from F5's supported ARM template (https://github.com/F5Networks/f5-azure-arm-templates/tree/main/supported/autoscale/waf/via-lb) Should I separate out every application into separate Virtual Servers either on a separate port / IP binding? If IP binding - is it possible even to share Self IPs between both Active BigIPs in single arm configuration behind an ALB (to reduce the admin overhead creating Virtual Servers twice on both BigIPs)? Or should I bind more internal IPs directly to both BigIPs independently and duplicate the Virtual Server config based on that? Or should I go for a 2 or 3 Nic configuration and will that allow me to configure shared IPs? If port binding, is it efficient to create multiple virtual servers on same IP different ports? Should that an IP binding on multiple ports or a wildcard destination? I'm struggling to find a definitive guide for my use case that goes beyond a single Virtual Server set up. I'm sure I've misunderstood some of these concepts! thanks in advance1.2KViews0likes3CommentsWhy is an Active-Active configuration not recommended by F5?
I was considering configuring our F5 LTMs in an Active/Active state within Cisco ACI but I read here that this type of configuration is not recommended without having at least one F5 in standby mode. "F5 does not recommend deploying BIP-IP systems in an Active-Active configuration without a standby device in the cluster, due to potential loss of high availability." Why is this? With two F5s in Active/Active mode, they should still fail over to each other if one happens to go down. Would it take longer for one device to fail over to another who is active rather than being truly standby?999Views0likes5CommentsHA Pair from Active/Standby to Active/Active
I had a BIGIP in HA pair and we have decided to move the standby unit to another datacenter. Now, both devices are shown as active devices. There is no firewall in between them. Do you guys have any suggestions of what may be the problem?506Views0likes10CommentsEmpty Virtual Address List on ASM BIG-IP
Hi, What could be reason that no VIP is listed in Virtual Address List - I never seen something like that before. It's HA pair in Active-Active configuration with two Traffic Groups running on BIG-IP 2000 devices with 11.6.x TMOS licensed for ASM only. There is plenty of VS defined and when checking in TG - Objests I can see different VIPs in both TG. I can as well change TG for self IPs. But there is no way I can find to change it for VIPs - as there are no VIPs in the list. Is that something specific to ASM only license on BIG-IPs? Piotr300Views0likes4CommentsActive-Active non-floating IP requirement
Hi I'm migrating a single F5 physical appliance to an Active-Active Virtual Edition pair, running LTM module. Running version 12.1.0. Something i'm confused about is the apparent requirement to have non-floating self IP's on each F5 prior to configuring a floating IP. My understanding is that i need to use floating IP's in order for failover to work correctly, which seems logical. But if i just try to configure a floating IP, it throws an error saying that there is no non-floating IP in the same VLAN that i'm trying to configure a floating IP for. Example: VLAN 10 Floating IP: 10.10.10.1/24 Big IP 1 Non-Floating: 10.10.10.2/24 Big IP 2 Non-Floating: 10.10.10.3/24 I'm not sure what purpose the non-floating IP's serve. Surly the floating IP would be used for any actual forwarding for that VLAN. If the F5 was running something like VRRP, i'd understand, as it'd use those IP's to check for each others availability/status. In this case though, the F5 is using the "HA" VLAN as a heartbeat. What am i missing here? Thanks in advance.261Views0likes1CommentBIG IP Active/Active with Bridge and Routed Mode
Hi Guys, If possible to set a cluster active/active with a routed and bridge mode? 01 traffic group in routed mode and another traffic group wit bridge mode? currently i´m testing and the solution only work with active/standby; in active/active the switches generate a broadcast storm. Could you share me links or information about that example? Best Rgds.236Views0likes2CommentsAdding New BigIP Units Using Free CPUs on i7800 (LB13 & LB14) to an existing HA Pair
Hello, We have a pair of i7800 devices, each running two guests with the following configuration: i7800 Unit 1: LB09 & LB11 i7800 Unit 2: LB10 & LB12 Current Setup: LB09 & LB10: These are part of a High Availability (HA) pair, running in an Active/Active configuration. LB11 & LB12: Similarly, these two guests are also in an HA pair, running in Active/Active mode. Each LBx unit is utilizing 6 CPUs (which is the maximum allowed per guest). The i7800 comes with 14 CPUs total, so there are 2 unused CPUs per unit (not allocated to any guest). Questions: Can we bring up new BigIP units (LB13 & LB14) using the 2 free CPUs on each i7800 unit? Can these new units join the existing HA pair of LB11 & LB12 and sync configuration to each other? Can the new Units serve their own traffic groups ( as shown below in the diagram ) ? Is there any potential limitation or issue with utilizing the remaining CPUs for this purpose? Will i7800 run out of memory or go low in memory ? Goal: Offload 20% of the traffic (a handful of VIPs) to the newly created LB13 & LB14 units. All LBxx ( 11,12,13 & 14 ) should back each other up and sync configuration across Thank you for any assistanceSolved109Views0likes13Commentsactive/active Support Declarative Onboarding
I tried to deploy a DO with a custom trafficGroup named traffic-group-2. This traffic Group is then referenced in the self-ip declaration.When sending the post request I get the answer: "errors": [ { "keyword": "enum", "dataPath": ".declaration.Common['DMZLAN_TG2_1'].trafficGroup", "schemaPath": "#/allOf/7/then/properties/trafficGroup/enum", "params": { "allowedValues": [ "traffic-group-local-only", "traffic-group-1" ] }, "message": "should be equal to one of the allowed values" }, Which makes sense because the appendix of self ip names only tg-1 & tg-local-only as possible values. But does that mean there is no way to create a active/active cluster with DO? If so why is the feature to define traffic-groups available in the first place?29Views0likes0Comments