Why is an Active-Active configuration not recommended by F5?
I was considering configuring our F5 LTMs in an Active/Active state within Cisco ACI but I read here that this type of configuration is not recommended without having at least one F5 in standby mode. "F5 does not recommend deploying BIP-IP systems in an Active-Active configuration without a standby device in the cluster, due to potential loss of high availability." Why is this? With two F5s in Active/Active mode, they should still fail over to each other if one happens to go down. Would it take longer for one device to fail over to another who is active rather than being truly standby?
High-availability configuration produces a status of "ONLINE (STANDBY), In Sync"
Problem: High-availability configuration produces a status of "ONLINE (STANDBY), In Sync" on the F5 primary and standby units. Models: F5 1600 Big-IP Version: BIG-IP 11.5.0 Build 7.0.265 Hotfix HF7 Steps used to configure high-availability: Connect a network cable on port 1.3 of each F5 1600 Create a dedicated VLAN for high-availability on each F5 1600 Configure an IP address for the high-availability VLAN on each F5 1600 Ensure that both F5 1600 units can ping each other from the high-availability VLAN On each F5 1600, navigate to "Device Management" -> "Devices" -> "Device List". Select the F5 1600 system labelled as "self" On each F5 1600, navigate to "Device Connectivity" -> "ConfigSync". Select the IP address assigned to the high-availability VLAN On each F5 1600, navigate to "Device Connectivity" -> "Network Failover". Add the IP address assigned to the high-availability VLAN to the failover unicast configuration Force the standby unit offline On the active unit, navigate to "Device" -> "Peer List". Click "Add", and add standby unit to the high-availability configuration At this point, the primary F5 unit has a status of "ONLINE (ACTIVE), In Sync", and the standby unit has a status of "FORCED (OFFLINE), In Sync" On the primary unit, navigate to "Device Management" -> "Device Groups" to create a device group At this point, both units have a status of "ONLINE (STANDBY), In Sync". Any ideas as to why this happening? My goal is to have high-availability configured in an ACTIVE/STANDBY pair.Failover object missing in traffic group
Hello Folks, When we cannot see an object within failover objects and how to add it manually? I have a VS, which isn't appearing in Failover objects. And strange thing is, for that specific VS, traffic goes to standby appliance and that is actually processes the traffic. As a result the VS servers intermittent services and looses the connection and functionality anytime. I have tried creating a new VS, however that behaves the same way. And again that VS is not reflecting to failover objects. Any clues? Thanks, Darshan
HA Configuration with Route-Domains
Hello All, I have couple of queries. (We are running 11.4 with HF3) 1. When deploying F5 using route domains each using separate partitions and each having its own internal/external vlans, what is the recommended HA configuration. Shall we define a separate HA-vlan for each route domain and then add them to the "failover unicast configuration" one-by-one ? because currently HA config (configSync/Failover/Mirroring) options just has the mgmt interface and the HA interface of the default route domain. We did a failover test by bringing down the the trunk on Active F5 but it didn't failed. I suspect this is happening because the self IPs in route domain are not visible in failover unicast configuration (common partition) and as mentioned above failover unicast configuration is just showing mgmt and HA-VLAN(direct HA link bw F5s). We then had to enable vlan fail-safe option (45 sec interval) on the internal/external vlan for the failover to work. Since we have multiple route domains, shall we define a separate traffic groups for each partition/route-domain ? Is there any best practice document with recommendations on above design challenges ? Regards, AkhtarHA soft switchover with session persistence
Hi, Is there a way to maintain open sessions during a switchover from active to standby (I don't mean a failover, when the switch is more or less forced, i mean a situation, when I make the standby F5 go active). What I want to achieve is to keep open connections on the previously active F5 and open all new ones on the actual active. So after some time I'd be able to do my maintenance on a completely traffic free device without clients having noticed anything. I looked into session mirroring, but this will not work for me, since Active and Standby are in separate data centersAdding New BigIP Units Using Free CPUs on i7800 (LB13 & LB14) to an existing HA Pair
Hello, We have a pair of i7800 devices, each running two guests with the following configuration: i7800 Unit 1: LB09 & LB11 i7800 Unit 2: LB10 & LB12 Current Setup: LB09 & LB10: These are part of a High Availability (HA) pair, running in an Active/Active configuration. LB11 & LB12: Similarly, these two guests are also in an HA pair, running in Active/Active mode. Each LBx unit is utilizing 6 CPUs (which is the maximum allowed per guest). The i7800 comes with 14 CPUs total, so there are 2 unused CPUs per unit (not allocated to any guest). Questions: Can we bring up new BigIP units (LB13 & LB14) using the 2 free CPUs on each i7800 unit? Can these new units join the existing HA pair of LB11 & LB12 and sync configuration to each other? Can the new Units serve their own traffic groups ( as shown below in the diagram ) ? Is there any potential limitation or issue with utilizing the remaining CPUs for this purpose? Will i7800 run out of memory or go low in memory ? Goal: Offload 20% of the traffic (a handful of VIPs) to the newly created LB13 & LB14 units. All LBxx ( 11,12,13 & 14 ) should back each other up and sync configuration across Thank you for any assistance
