Applies To:

Show Versions Show Versions

Manual Chapter: Managing Failover
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

What is a traffic group?

A traffic group is a collection of related configuration objects, such as a floating self IP address and a virtual IP address, that run on a BIG-IP® device. Together, these objects process a particular type of traffic on that device. When a BIG-IP device becomes unavailable, a traffic group floats (that is, fails over) to another device in a device group to ensure that application traffic continues to be processed with little to no interruption in service. In general, a traffic group ensures that when a device becomes unavailable, all of the failover objects in the traffic group fail over to any one of the devices in the device group, based on the number of active traffic groups on each device.

An example of a set of objects in a traffic group is an iApps™ application service. If a device with this traffic group is a member of a device group, and the device becomes unavailable, the traffic group floats to another member of the device group, and that member becomes the device that processes the application traffic.

About active-standby vs. active-active configurations

A device group that contains only one traffic group is known as an active-standby configuration.

A device group that contains two or more traffic groups is known as an active-active configuration. For example, if you configure multiple virtual IP addresses on the BIG-IP system to process traffic for different applications, you might want to create separate traffic groups that each contains a virtual IP address and its relevant floating self IP address. You can then choose to make all of the traffic groups active on one device in the device group, or you can balance the traffic group load by making some of the traffic groups active on other devices in the device group.

About active and standby failover states

During any config sync operation, each traffic group within a device group is synchronized to the other device group members. Therefore, on each device, a particular traffic group is in either an active state or a standby state. In an active state, a traffic group on a device processes application traffic. In a standby state, a traffic group on a device is idle.

For example, on Device A, traffic-group-1 might be active, and on Device B, traffic-group-1 might be standby. Similarly, on Device B, traffic-group-2 might be active, traffic-group-1 might be standby.

When a device with an active traffic group becomes unavailable, the active traffic group floats to another device, choosing whichever device in the device group is most available at that moment. The term floats means that on the target device, the traffic group switches from a standby state to an active state.

The following illustration shows a typical device group configuration with two devices and one traffic group (named my_traffic_group). In this illustration, the traffic group is active on Device A and standby on Device B prior to failover.
Traffic group states before failover Traffic group states before failover
If failover occurs, the traffic group becomes active on the other device. In the following illustration, Device A has become unavailable, causing the traffic group to become active on Device B and process traffic on that device.
Traffic group states after failover Traffic group states after failover

When Device A comes back online, the traffic group becomes standby on that device.

Viewing the failover state of a device

You can use the BIG-IP® Configuration utility to view the current failover state of a device in a device group.
  1. Display any screen of the BIG-IP Configuration utility.
  2. In the upper left corner of the screen, view the failover state of the device. An Active failover state indicates that at least one traffic group is currently active on the device. A Standby failover state indicates that all traffic groups on the device are in a standby state.

Viewing the failover state of a traffic group

You can use the BIG-IP® Configuration utility to view the current state of all traffic groups on the device.
  1. On the Main tab, click Network > Traffic Groups.
  2. In the Failover Status area of the screen, view the state of a traffic group on the device.

Forcing a traffic group to a standby state

This task causes the selected traffic group on the local device to switch to a standby state. By forcing the traffic group into a standby state, the traffic group becomes active on another device in the device group. For device groups with more than two members, you can choose the specific device to which the traffic group fails over. This task is optional.

  1. Log in to the device on which the traffic group is currently active.
  2. On the Main tab, click Network > Traffic Groups.
  3. In the Name column, locate the name of the traffic group that you want to run on the peer device.
  4. Select the check box to the left of the traffic group name. If the check box is unavailable, the traffic group is not active on the device to which you are currently logged in. Perform this task on the device on which the traffic group is active.
  5. Click Force to Standby. This displays target device options.
  6. Choose one of these actions:
    • If the device group has two members only, click Force to Standby. This displays the list of traffic groups for the device group and causes the local device to appear in the Next Active Device column.
    • If the device group has more than two members, then from the Target Device list, select a value and click Force to Standby.
The selected traffic group is now active on another device in the device group.

About default traffic groups on the system

Each BIG-IP® device contains two default traffic groups:

  • A default traffic group named traffic-group-1 initially contains the floating self IP addresses that you configured for VLANs internal and external, as well as any iApps™ application services, virtual IP addresses, NATs, or SNAT translation addresses that you have configured on the device.
  • A default non-floating traffic group named traffic-group-local-only contains the static self IP addresses that you configured for VLANs internal and external. Because the device is not a member of device group, the traffic group never fails over to another device.

About MAC masquerade addresses and failover

A MAC masquerade address is a unique, floating Media Access Control (MAC) address that you create and control. You can assign one MAC masquerade address to each traffic group on a BIG-IP device. By assigning a MAC masquerade address to a traffic group, you indirectly associate that address with any floating IP addresses (services) associated with that traffic group. With a MAC masquerade address per traffic group, a single VLAN can potentially carry traffic and services for multiple traffic groups, with each service having its own MAC masquerade address.

A primary purpose of a MAC masquerade address is to minimize ARP communications or dropped packets as a result of a failover event. A MAC masquerade address ensures that any traffic destined for the relevant traffic group reaches an available device after failover has occurred, because the MAC masquerade address floats to the available device along with the traffic group. Without a MAC masquerade address, on failover the sending host must relearn the MAC address for the newly-active device, either by sending an ARP request for the IP address for the traffic or by relying on the gratuitous ARP from the newly-active device to refresh its stale ARP entry.

The assignment of a MAC masquerade address to a traffic group is optional. Also, there is no requirement for a MAC masquerade address to reside in the same MAC address space as that of the BIG-IP device.

Note: When you assign a MAC masquerade address to a traffic group, the BIG-IP system sends a gratuitous ARP to notify other hosts on the network of the new address.

About failover objects and traffic group association

A floating traffic group contains the specific floating configuration objects that are required for processing a particular type of application traffic. The types of configuration objects that you can include in a floating traffic group are:

  • iApps™ application services
  • Virtual IP addresses
  • NATs
  • SNAT translation addresses
  • Self IP addresses

You can associate configuration objects with a traffic group in these ways:

  • You can rely on the folders in which the objects reside to inherit the traffic group that you assign to the root folder.
  • You can create an iApp application service, assigning a traffic group to the application service in that process.
  • You can use the BIG-IP® Configuration utility or tmsh to directly assign a traffic group to an object or a folder.
Important: The association of a traffic group with a virtual IP address or a SNAT translation address in the BIG-IP Configuration utility exists but is hidden. By default, floating objects that you create with the BIG-IP Configuration utility are associated with traffic-group-1. Non-floating objects are associated with traffic-group-local-only. You can change these associations by modifying the properties of those objects.

Viewing failover objects for a traffic group

You can use the BIG-IP® Configuration utility to view a list of all failover objects associated with a specific traffic group. For each failover object, the list shows the name of the object, the type of object, and the folder in which the object resides.
  1. On the Main tab, click Network > Traffic Groups.
  2. In the Name column, click the name of the traffic group for which you want to view the associated objects.
  3. On the menu bar, click Failover Objects. The screen displays the failover objects that are members of the selected traffic group.

About device selection for failover

When a traffic group fails over to another device in the device group, the device that the system selects is normally the device with the least number of active traffic groups. When you initially create the traffic group on a device, however, you specify the device in the group that you prefer that traffic group to run on in the event that the available devices have an equal number of active traffic groups (that is, no device has fewer active traffic groups than another). Note that, in general, the system considers the most available device in a device group to be the device that contains the fewest active traffic groups at any given time.

Within a Sync-Failover type of device group, each BIG-IP® device has a specific designation with respect to a traffic group. That is, a device in the device group can be a default device, as well as a current device or a next active device.

Table 1. Default, current, and next active devices
Target device Description
Default Device A default device is a device that you specify on which a traffic group runs after failover. A traffic group fails over to the default device in these cases:
  • When you have enabled auto-failback for a traffic group.
  • When all available devices in the group are equal with respect to the number of active traffic groups. For example, suppose that during traffic group creation you designated Device B to be the default device. If failover occurs and Device B and Device C have the same number of active traffic groups, the traffic group will fail over to Device B, the default device.
The default device designation is a user-modifiable property of a traffic group. You actively specify a default device for a traffic group when you create the traffic group.
Current Device A current device is the device on which a traffic group is currently running. For example, if Device A is currently processing traffic using the objects in Traffic-Group-1, then Device A is the current device. If Device A becomes unavailable and Traffic-Group-1 fails over to Device C (currently the device with the fewest number of active traffic groups), then Device C becomes the current device. The current device is system-selected, and might or might not be the default device.
Next Active Device A next active device is the device currently designated to accept a traffic group if failover of a traffic group should occur. For example, if traffic-group-1 is running on Device A, and the designated device for future failover is currently Device C, then Device C is the next active device. The next active device can be either system- or user-selected, and might or might not be the default device.

About automatic failback

The failover feature includes an option known as auto-failback. When you enable auto-failback, a traffic group that has failed over to another device fails back to its default device whenever that default device is available to process the traffic. This occurs even when other devices in the group are more available than the default device to process the traffic.

If auto-failback is not enabled for a traffic group and the traffic group fails over to another device, the traffic group runs on the failover (now current) device until that device becomes unavailable. In that event, the traffic group fails over to the most available device in the group. The traffic group only fails over to its default device when the availability of the default device equals or exceeds the availability of another device in the group.

Managing automatic failback

You can use the BIG-IP® Configuration utility to manage the auto-failback option for a traffic group.
  1. On the Main tab, click Network > Traffic Groups.
  2. In the Name column, click the name of the traffic group for which you want to view the associated objects.
  3. In the General Properties area of the screen, select or clear the Auto Failback check box.
    • Selecting the check box causes the traffic group to be active on its default device whenever that device is as available or more available than another device in the group.
    • Clearing the check box causes the traffic group to remain active on its current device until failover occurs again.
  4. If auto-failback is enabled, in the Auto Failback Timeout field, type the number of seconds after which auto-failback expires.
  5. Click Update.

Before you configure a traffic group

The following configuration restrictions apply to traffic groups:

  • On each device in a Sync-Failover device group, the BIG-IP® system automatically assigns the default floating traffic group name to the root and /Common folders. This ensures that the system fails over any traffic groups for that device to an available device in the device group.
  • The BIG-IP system creates all traffic-groups in the /Common folder, regardless of the partition to which the system is currently set.
  • Any traffic group named other than traffic-group-local-only is a floating traffic group.
  • You can set a traffic group on a folder to a floating traffic group only when the device group set on the folder is a Sync-Failover type of device-group.
  • If there is no Sync-Failover device group defined on the device, you can set a floating traffic group on a folder that inherits its device group from root or /Common.
  • Setting the traffic group on a failover object to traffic-group-local-only prevents the system from synchronizing that object to other devices in the device group.
  • You can set a floating traffic group on only those objects that reside in a folder with a device group of type Sync-Failover.
  • If no Sync-Failover device group exists, you can set floating traffic groups on objects in folders that inherit their device group from the root or /Common folders.

Specifying IP addresses for failover

This task specifies the local IP addresses that you want other devices in the device group to use for failover communications with the local device. You must perform this task locally on each device in the device group.
Note: The failover addresses that you specify must belong to route domain 0.
  1. Confirm that you are logged in to the actual device you want to configure.
  2. On the Main tab, click Device Management > Devices. This displays a list of device objects discovered by the local device.
  3. In the Name column, click the name of the device to which you are currently logged in.
  4. From the Device Connectivity menu, choose Failover.
  5. For the Failover Unicast Configuration settings, retain the displayed IP addresses. You can also click Add to specify additional IP addresses that the system can use for failover communications. F5 Networks recommends that you use the self IP address assigned to the HA VLAN.
  6. If the BIG-IP® system is running on a VIPRION® platform, then for the Use Failover Multicast Address setting, select the Enabled check box.
  7. If you enable Use Failover Multicast Address, either accept the default Address and Port values, or specify values appropriate for the device. If you revise the default Address and Port values, but then decide to revert to the default values, click Reset Defaults.
  8. Click Update.
After you perform this task, other devices in the device group can send failover messages to the local device using the specified IP addresses.

Creating a traffic group

If you intend to specify a MAC masquerade address when creating a traffic group, you must first create the address, using an industry-standard method for creating a locally administered MAC address.

Perform this task when you want to create a traffic group for a BIG-IP® device. You can perform this task on any BIG-IP device within the device group, and the task creates a traffic group on that device.

Important: This procedure creates a traffic group but does not associate it with failover objects. You associate a traffic group with specific failover objects when you create or modify each object. For some objects, such as floating self IP addresses and iApps™ application services, you can use the BIG-IP® Configuration utility. For other objects, you use tmsh.
  1. On the Main tab, click Network > Traffic Groups.
  2. On the Traffic Groups list screen, click Create.
  3. In the Name field, type a name for the new traffic group.
  4. In the Description field, type a description for the new traffic group.
  5. Select a default device (a remote device) for the new traffic group.
  6. In the MAC Masquerade Address field, type a MAC masquerade address. When you specify a MAC masquerade address, you reduce the risk of dropped connections when failover occurs. This setting is optional.
  7. Select or clear the check box for the Auto Failback setting.
    • If you select the check box, it causes the traffic group to be active on its default device whenever that device is as available, or more available, than another device in the group.
    • If you clear the check box, it causes the traffic group to remain active on its current device until failover occurs again.
  8. If auto-failback is enabled, in the Auto Failback Timeout field, type the number of seconds after which auto-failback expires.
  9. Confirm that the displayed traffic group settings are correct.
  10. Click Finished.
You now have a floating traffic group with a default device specified.

Viewing a list of traffic groups for a device

You can view a list of the traffic groups that you previously created on the device.
  1. On the Main tab, click Network > Traffic Groups.
  2. In the Name column, view the names of the traffic groups on the local device.

Traffic group properties

This table lists and describes the properties of a traffic group.

Property Description
Name The name of the traffic group, such as Traffic-Group-1.
Partition / Path The name of the folder or sub-folder in which the traffic group resides.
Description A user-defined description of the traffic group.
Default Device The device with which a traffic group has some affinity when auto-failback is not enabled.
Current Device The device on which a traffic group is currently running.
Next Active Device The device currently most available to accept a traffic group if failover of that traffic group should occur.
MAC Masquerade Address A user-created MAC address that floats on failover, to minimize ARP communications and dropped connections.
Auto Failback The condition where the traffic group tries to fail back to the default device whenever possible.
Auto Failback Timeout The number of seconds before auto failback expires. This setting appear only when you enable the Auto Failback setting.
Floating A designation that enables the traffic group to float to another device in the device group when failover occurs.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)