HA Active/Standby add 2nd Floating IP from a different Vlan
I have 1 HA Active/Standby pair, I am looking to add a second floating IP for management access from our Management Vlan. We are wanting to access the configuration GUI from an internal URL and get to the Active F5 no matter which one is the active F5 Currently we have a floating self IP and a non floating IP on each of the pairs. What considerations do I need to take to accomplish this? Is this feasible? Do I need to add/change the SNAT pool? Will this affect config-sync or failover? SNAT pool: internal-snatpool 10.1.20.20 Current setup Example. prd1 10.1.20.1 - traffic-group-local-only, internal 10.20.30.213 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 192.168.1.22 - traffic-group-local-only, HA prd2 10.1.20.2 - traffic-group-local-only, internal 10.20.30.214 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 192.168.1.23 - traffic-group-local-only, HA possible setup example. prd1 10.1.20.1 - traffic-group-local-only, internal 10.20.30.213 - traffic-group-local-only, external 10.30.30.213 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 10.30.30.215 - traffic-group-1, external, port lockdown set to default 192.168.1.22 - traffic-group-local-only, HA prd2 10.1.20.2 - traffic-group-local-only, internal 10.20.30.214 - traffic-group-local-only, external 10.30.30.214 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 10.30.30.215 - traffic-group-1, external, port lockdown set to default 192.168.1.23 - traffic-group-local-only, HA88Views0likes5CommentsLTM Floating IP`s mac address has gone mad!
Hi there! We have 2 BIG-IP LTM version 9.3.0, I know it s old :) These two have a floating ip between them(HA) and this ip is set on web servers as their default gateway, and it was working fine for a long time, but this week both web servers reported ip conflict and they couldn't ping the floating ip and when we get "arp -a" on web servers they return a wrong mac-address for the floating ip(the mac-address is the address which belongs to BIG-IP s own default gateway which is a cisco ASA), so we changed the web servers default gateway to one of the BIGs self-ip and servers don`t get ip conflict anymore and the "arp -a" returns the BIG-IP mac-address correctly. Is it a known issue on BIG-IP?748Views0likes10CommentsFloating IPs on new traffic group members
I have a situation where there are a pair of older F5s being replaced by a pair of newer ones. All devices are running 14.1. The new devices have had their self IPs for the various VLANs added but there is some hesitation as to when to add the floating IP that resides on the existing pair. My assertion is that the traffic groups and HA groups, need to be created and the new devices are added to the Sync-Failover group before the floating IPs are added as I believe that the new devices would activate the traffic group were they not in the failover group. My colleague believes that the floating IP should be added as soon as the shared traffic group is created. Is there any documents that support one position over the other?Solved674Views0likes2CommentsVIP IS MARKED GREEN BUT CANNOT BE PINGED, POOL MEMBERS HAVE CONNECTIVITY FROM F5
Hello,Is there any possibility, where a configured VIP on an LTM can be unreachable, even though marked GREEN. The Pool members however can be reached directly. Is there an explanation for this,and how can this be resolved. The Self-Ip is configured correctly,and other VIP in the same VLAN are reachable188Views0likes1CommentFloating IP the same on HA pair?
I am setting up a pair of BIG-IP VE in my lab and following a HA lab guide from F5. The configuration has me setting different floating IPs for each BIG IP. BIG-IP_1 Internal Self IP 10.128.20.240/24 Floating IP 10.128.20.242 External Self IP 10.128.10.240/24 Floating IP 10.128.10.242 BIG-IP_2 Internal Self IP 10.128.20.241/24 Floating IP 10.128.20.243 External Self IP 10.128.10.241/24 Floating IP 10.128.10.243 The load balanced web page comes up fine with either BIG-IP_1 or BIG-IP_2 as Active. My understanding is that the floating IP should be the same on each BIG-IP. However, when I try to give the Floating IP the same address on both BIG-IPs the web page will only display on BIG-IP_1 and times out if BIG-IP_2 is Active. I am confused by this behavior. Can someone explain?890Views0likes6CommentsMove Floating IP to /common partition
Hello. I've inherited a pair of HA devices where all self/floating IPs, save one floating IP, have been created in the /common partition. It isn't absolutely necessary, but my OCD keeps eating at me and I have to move this other floating IP back to the /common partition. I am looking for the best method to do this. Since it is a floating IP it is sync'd during config sync. Thus my thought would be to delete the floating IP on the standby, recreate it in the /common partition, and then configsync. What do you think? I think the LTM is going to error on me when I try to delete the floating IP because I have existing virtuals on that network. If that is the case I'll have to modify the bigip.conf file to move the floating IP, then load/save the config on the Standby, and then configsync. Is that correct? If so, I'll have a few seconds where traffic will be queued, right?Solved522Views0likes8CommentsWhat is the impact of adding a floating IP to an active HA LTM pair?
Hello. I have recently started a new position and while going through the environment I've found a couple pairs of LTMs in HA config with floating IPs for some networks and not for others. I generally follow the best practice of creating a floating IP for any network on any pair of devices. To my knowledge we are not using the LTMs as the default gateway on any of the servers that are load balanced by the F5s. In this case I would think there would be no impact to adding a floating IP and then synching each pair, but since they are production devices I'd like to get some confirmation from the community. Please let me know if you need some more details. Thanks.604Views0likes9Comments