ha groups
4 TopicsSync Only config for HA and standalone BIG IP devices
Hello guys, Please, I´ll appreciate you could answer this question and provide some advice for a happy deployment. Currently, I have a BIG IP HA (active-standby) pair located in the HQ office and a BIG IP standalone located in a remote secondary data center. All three 4000s boxes are running LTM+GTM+APM with v11.2.1 (I am planning to upgrade to v12 soon). Due to I have no plenty of IPv4 public addresses, I could not deploy a data center load balancing in active-active mode by using GTM. I have a active-pasive scenario instead. It works as follows: every time there is a disaster in the HQ, the Internet service provider (carrier) switch the internet connection to the secondary DC, so the standalone must take over with the same configuration, IPs, pools and virtual servers as if it was the "HA" pair. To manage this scenario has become a pain due to I need to manually configure the daily changes in the standalone in order to have it with the last configuration. Therefore, I am thinking of deploying a scenario where the configuration changes could be replicated from the HA located in the headquarters to the standalone located in the secondary DC. Currently, I am using a VLAN in the HA boxes just for sync and monitoring. Such VLAN is attached to the 1.8 NIC in each box, so there is a cable which bonds them. I have some questions about this scenario: - Is it possible to Sync Only the devices in my platform composed of the HA pair and the standalone located 50 miles away each other? - In case of being able to Sync Only the configuration, do I need to have a dedicated link (low latency, dedicated bandwidth) for the communication between the HA and the standalone? - Is the standalone ever going to pull the configuration from the active device, no matter if there is a failover in the HA? - What kind of configuration files could be synchronized? Thanks in advance for your help. Jorge500Views0likes1CommentSNMP v3 Problems in conjunction with CA Spectrum
Hello guys, We are actually experiencing some “connection” problems with some F5 LTM’s on our monitoring system (CA Spectrum). The LTMs are modeled in the monitoring system and are monitored via icmp/snmpv3. The LTMs are running in HA Mode and the problems only occurs between the HA partners. Sometimes Spectrum loses the connection to the “Management Agent” of a device which is in CA speech a not working SNMP connection. In other cases (and other devices types) this usually had something to do with the SNMP EngineID which was by accident or whatever identical. In these cases we edited one EngineID and reset the device in Spectrum and everything was fine. But on the LTMs it looks a bit more complicated. They’re running fine for a while and suddenly Spectrum loses the connection to the management agent. I reset the settings in spectrum and it will work again for some time. I have checked the SNMP Settings on the LTM`s twice, done everything like this SOL6821 says and I also checked the EngineID s that are used by/in spectrum and they are different… like it should. What I noticed is that this always happens when I sync the devices over the GUI with a check on “overwrite configuration”. Is there any connection between the sync processes of HA devices and the snmp agents? Has somebody made experience with similar problems? Thanks and Regards, eneR399Views0likes1CommentHA Groups vs VLAN Failsafe vs Neither
We don’t currently make use of VLAN failsafe or HA groups in two of our 3 LTM appliance HA pairs. I’ve been doing some reading to try to determine what the best path is for us. I’m predominantly concerned with physical switch failure. If we have some sort of routing or VTP problem I'm unsure how VLAN failsafe or HA groups will help. From what I can find it seems like HA Groups is the preferred method in TMOS v10 and newer. What I’m wondering, is that if you have a configuration like the below figure 1 where each F5 is connected to both switches do you really need either VLAN failsafe/HA Groups? In figure 2, I would definitely think you would want either VLFS or HA Groups configured because losing a switch means an F5 is without connectivity. Looking for feedback and thoughts on this or if there is a definite way to configure VLFS or HAG based on each config. The documentation is pretty light on how either feature should be used based on the network design. 1) 2)313Views0likes1CommentUnderstanding LTM folder in configuration
https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13649.html A Sync-Only device group must be associated with a folder other than the / or /Common folders. Sometimes it's confusing to understand the folder concept in LTM. It seems related to partition and device group. Can anyone help me to understand this ?232Views0likes1Comment