HA Configuration (One in primary and One in DR)
Hi folks, I currently have HA pair (active/passive) in a primary data center and we are bringing up a DR. wondering can I split up the HA pair (One in primary and One in DR) and continue to have HA with utilizing different subnets? We are using multiple IPSEC tunnels to connect the sites so we are still working on whether we can extend subnets but if we can't I wanted to ask if different subnets are possible. Thank you any info is appreciated22Views0likes2CommentsClustering among VCMPs and Tenants ( rSeries )
Hello guys, we are approaching a migration from a vCMP cluster to a Tenant ( on r5600 ) cluster . VLAN/Networks betweeen old and new nodes will be the same and the migration will be VIPs based ( not every vs at once ). I was wondering if it is possible to add Tenant nodes to the already vCMP device group so that we can continue to have a synced configuration during the migration . Has anyone ever configured a mixed device group with vCMPs and Tenants running on r-series ? thank you in advance102Views0likes2CommentsLogging Configuration in LTM HA
Hello everyone I'm doing a logging lab and I'm asking for your help to understand some things. I have two BIG-IP LTM in HA and a Qradar logging server. I have configured the Qradar as syslog servers at each HA node. At the Qradar level I receive the active logs but the standby only sends errors like "BIGIP_TMM_TIMMERR_PMBR_BACK_UP. I'd like to know if it's normal for the standby to send only error messages, and in general I'd like to understand how logging works in HA and what type of event each device sends to the server. thanks in advance219Views0likes2CommentsHow to force close TLS sessions in a failover scenario
Hi, We have an application behind Big-IP which doesn't handle failovers well. The Big-IP keeps all TLS sessions consistent and open during failover but the application doesn't support TLS resume for a session and this causes problems in the app. I'm looking for a way to close TLS sessions for a specific VS in a failover scenarios. We're on version 16.1.4.1 Any suggestions? Thanks529Views0likes5CommentsDevice name under 'Device Management'
I'm looking for some information as to why there's device name shown as 'bigip1(self)' and also a hostname under 'Device Management > Devices', though the device hostname has been changed. Also, is there a way to change the device name from the CLI?731Views0likes5CommentsConfigure HA on trial environment
Hello everyone, I have to two 30 day trial SN. and i am using some instructor to perform ha sync between them but the sync doesn't work. the same instruction help me to set up sync in a production environment. is it possible that HA not supported on trial version ? I'm using BIG-IP VE Version 17.0.0.1.7KViews0likes17CommentsHA pair in VMware v7 update 3 - Should "power on connect" be enabled, or disabled for vlans/network?
Late last year we migrated the vcmp guests off of our 7200 chassis into VMware. Up until now, "Connect at power On" has been diabled for the vlans/networks. The question is whether that should be enabled. The question sent by the Server tech is below... We have noticed that the F5 VMs networks are not checked for “Connect at power On”, should this be the case in our HA F5? We ask this is because we noticed the other HA pair don’t have their network adapter connected and is not connected. Should both HA pairs have their network adapter be checked for “Connect at power On” so they can connect at power on? Thanks!Solved1.6KViews0likes2CommentsCan we remove sync-only device group? Is there impact of procedure?
Hi Currently we are using F5 LTM+DNS+APM. And we have 4 unit in DNS sync group.. (2 in DC and 2 in DR) We have sync-failover separatly in each DC but we have same sync-only group for APM sync policy Our issue is, They saw device group of other DC show incorrectly. For example. If you are access to GUI on F5 DC. in Device management menu , You will see Sync-failover device group of 2 DC unit (which is correct) but you will also see Sync-failover device group of 2 DR unit too and it show in Disconnect state. <<<< This is problem. but i think it's expect behavior because F5 DC should disconnect from F5 DR I suspect this is happen because we have sync-only group (which include all 4 device both DC and DR) Question is Can we just remove that Sync-only device group? Is there any interruption of service orimpact of procedure? Or I can't remove it and need to re-create all new HA from scratch both DC and DR? Sync status as below Thank you688Views0likes1CommentF5 HA Cluster on Azure without Public IPs
Hello I'd like to ask a couple of question about F5 running on Azure Public Cloud. Is that possible to use CFE without Public IP (aka elastic ip) and just with secondary ip addresses? Is that possible to use CFE for just manipulating the routes? TL;DR These question comes into my mind when i need to figured out a solution for a pair of F5 running on Azure Public Cloud. Because, all public IP addresses bound on a Firewall which currently sitting in between Internet and F5 cluster. Since there won't be any public ip addresses on F5s, i could not find a way to send traffic to the active F5. CFE comes into play here but CFE needs two ip addresses which first one is public and the other is secondary. Clearly, without public ips, CFE won't help much. The schenario in my mind, when traffic came to public ip address on firewall, it sends the traffic to the secondary ip address which is currently attached on active F5 device. But when a failover occurred, i have to send traffic to the current active device, but how? Could i use CFE to manage just route tables? If yes, so i can point to traffic where should be sent, even if there is no public ip addresses. When a failover occurred, i can point to other secondary ip on curent active unit for whole subnet that F5 uses as virtual ip addresses, or this is just a dream?663Views0likes2CommentsChanging Management-ip in an HA pair setup
Hello, I've read this Article:https://support.f5.com/csp/article/K62249587 but I've a question: if the management IP is not involved in Failover Network ot Config Sync, do I need to delete the Device Trust? I thought about these steps: force the standby unit offline change Management IP of the standby unit change Management IP of the active unit release standby unit from offline would there be traffic interruption? Does the Management IP define the Device Trust? As I've described, Failover Networks are HA and Inside Interface Thanks for Answers KarlSolved1.6KViews0likes3Comments