High-availability configuration produces a status of "ONLINE (STANDBY), In Sync"
Problem: High-availability configuration produces a status of "ONLINE (STANDBY), In Sync" on the F5 primary and standby units. Models: F5 1600 Big-IP Version: BIG-IP 11.5.0 Build 7.0.265 Hotfix HF7 Steps used to configure high-availability: Connect a network cable on port 1.3 of each F5 1600 Create a dedicated VLAN for high-availability on each F5 1600 Configure an IP address for the high-availability VLAN on each F5 1600 Ensure that both F5 1600 units can ping each other from the high-availability VLAN On each F5 1600, navigate to "Device Management" -> "Devices" -> "Device List". Select the F5 1600 system labelled as "self" On each F5 1600, navigate to "Device Connectivity" -> "ConfigSync". Select the IP address assigned to the high-availability VLAN On each F5 1600, navigate to "Device Connectivity" -> "Network Failover". Add the IP address assigned to the high-availability VLAN to the failover unicast configuration Force the standby unit offline On the active unit, navigate to "Device" -> "Peer List". Click "Add", and add standby unit to the high-availability configuration At this point, the primary F5 unit has a status of "ONLINE (ACTIVE), In Sync", and the standby unit has a status of "FORCED (OFFLINE), In Sync" On the primary unit, navigate to "Device Management" -> "Device Groups" to create a device group At this point, both units have a status of "ONLINE (STANDBY), In Sync". Any ideas as to why this happening? My goal is to have high-availability configured in an ACTIVE/STANDBY pair.Why is an Active-Active configuration not recommended by F5?
I was considering configuring our F5 LTMs in an Active/Active state within Cisco ACI but I read here that this type of configuration is not recommended without having at least one F5 in standby mode. "F5 does not recommend deploying BIP-IP systems in an Active-Active configuration without a standby device in the cluster, due to potential loss of high availability." Why is this? With two F5s in Active/Active mode, they should still fail over to each other if one happens to go down. Would it take longer for one device to fail over to another who is active rather than being truly standby?Failover object missing in traffic group
Hello Folks, When we cannot see an object within failover objects and how to add it manually? I have a VS, which isn't appearing in Failover objects. And strange thing is, for that specific VS, traffic goes to standby appliance and that is actually processes the traffic. As a result the VS servers intermittent services and looses the connection and functionality anytime. I have tried creating a new VS, however that behaves the same way. And again that VS is not reflecting to failover objects. Any clues? Thanks, Darshan
HA Configuration with Route-Domains
Hello All, I have couple of queries. (We are running 11.4 with HF3) 1. When deploying F5 using route domains each using separate partitions and each having its own internal/external vlans, what is the recommended HA configuration. Shall we define a separate HA-vlan for each route domain and then add them to the "failover unicast configuration" one-by-one ? because currently HA config (configSync/Failover/Mirroring) options just has the mgmt interface and the HA interface of the default route domain. We did a failover test by bringing down the the trunk on Active F5 but it didn't failed. I suspect this is happening because the self IPs in route domain are not visible in failover unicast configuration (common partition) and as mentioned above failover unicast configuration is just showing mgmt and HA-VLAN(direct HA link bw F5s). We then had to enable vlan fail-safe option (45 sec interval) on the internal/external vlan for the failover to work. Since we have multiple route domains, shall we define a separate traffic groups for each partition/route-domain ? Is there any best practice document with recommendations on above design challenges ? Regards, AkhtarHA soft switchover with session persistence
Hi, Is there a way to maintain open sessions during a switchover from active to standby (I don't mean a failover, when the switch is more or less forced, i mean a situation, when I make the standby F5 go active). What I want to achieve is to keep open connections on the previously active F5 and open all new ones on the actual active. So after some time I'd be able to do my maintenance on a completely traffic free device without clients having noticed anything. I looked into session mirroring, but this will not work for me, since Active and Standby are in separate data centers
Device Service Clustering (vCMP guests not failing over when physical vCMP host interface fails)
Hello, Today we have the following physical setup for two 5250v F5s that we are using as vCMP host for 5 vCMP guests in each of them. These vCMP guest are configured in an HA pair using Device Service Clustering with load aware. They are homogeneous. Last week we had failover tests in the Data Center and brought down manually the physical interfaces from the switch side that are members of Port-Channel107 shown in the picture and the fail-over did not occur. While in the vCMP host we noticed the the port status changed to down in the physical interface, this was not passed over to the vCMP guests and that is what I am assuming was the cause of the failing over not happening. We did see all the VIPs, Nodes, Pools going down on the active unit but the failover was not triggered and cause all the applications to fail. Questions: -Is the expected behavior not to pass the status of the physical interfaces in the vCMP host to the vCMP guests? -Is there something that I am missing in my current configuration that is causing these vCMP guests not to fail-over when the physical interfaces in the vCMP host fail? -Do I need to use HA groups to monitor the trunks instead of load aware for the fail-over to be triggered?
