Manual Chapter : Completing the All-Active Configuration

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP Link Controller

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP Analytics

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP AFM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP ASM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0
Manual Chapter

Task summary

There are several tasks that you perform to implement a clustering configuration with an ECMP-enabled router.

Important: To perform the tasks in this implementation, you must have the Administrator user role assigned to your user account for BIG-IP ®system.

Task list

Creating a server pool

Before starting this task:

  • Decide on the IP addresses or FQDNs for the servers that you want to include in your server pool.
  • If your system is using DHCP, make sure your DNS servers are not configured for round robin DNS resolutions; instead, they should be configured to return all available IP addresses in a resolution.
Use this task to create a pool of servers with pool members. The pool identifies which servers you want the virtual server to send client requests to. As an option, you can identify the servers by their FQDNs instead of their IP addresses. In this way, the system automatically updates pool members whenever you make changes to their corresponding server IP addresses on your network.
  1. On the Main tab, click Local Traffic > Pools .
    The Pool List screen opens.
  2. Click Create.
    The New Pool screen opens.
  3. In the Name field, type a unique name for the pool.
  4. For the Health Monitors setting, from the Available list, select a monitor and move the monitor to the Active list.
    Note: A pool containing nodes represented by FQDNs cannot be monitored by inband or sasp monitors.
  5. From the Load Balancing Method list, select how the system distributes traffic to members of this pool.
    The default is Round Robin.
  6. For the New Members setting, add each server that you want to include in the pool:
    1. Select New Node or New FQDN Node.
    2. (Optional) In the Node Name field, type a name for the node.
    3. If you chose New Node, then in the Address field, type the IP address of the server. If you chose New FQDN Node, then in the FQDN field, type the FQDN of the server.
      If you want to use FQDNs instead of IP addresses, you should still type at least one IP address. Typing one IP address ensures that the system can find a pool member if a DNS server isn't available.
    4. For the Service Port option, pick a service from the list.
    5. If you are using FQDNs for the server names, then for Auto Populate, keep the default value of Enabled.
      Note: When you leave Auto Populate turned on, the system creates an ephemeral node for each IP address returned as an answer to a DNS query. Also, when a DNS answer shows that the IP address of an ephemeral node doesn't exist anymore, the system deletes the ephemeral node.
    6. Click Add.
    7. Do this step again for each node.
  7. Click Finished.

Creating a destination address and port for application traffic

Before you start this task, make sure you have specified primary and secondary mirroring IP addresses on each device in the device group.
Completing this task provides a destination for application traffic coming into the BIG-IP® system from an ECMP-enabled router on the network.
Note: You only have to do this task on one device in the device group (in our example, Bigip_A). Later you will synchronize this configuration to the other devices in the device group.
  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen opens.
  2. Find the Partition list in the upper right corner of the BIG-IP Configuration utility screen, to the left of the Log out button.
  3. From the Partition list, pick partition Common.
  4. Click the Create button.
    The New Virtual Server screen opens.
  5. In the Name field, type a unique name for the virtual server.
  6. From the Type list, select Standard.
  7. In the Destination Address/Mask field, type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24, and an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP® system automatically uses a /32 prefix.
    Note: This address must be on a separate network available only through routing (instead of through a directly-connected network).
    In our example, this address is 30.1.1.10.
  8. In the Service Port field, type a port number or select a service name from the Service Port list.
  9. From the Configuration list, select Advanced.
  10. From the Source Address Translation list, select Auto Map.
  11. For the Connection Mirroring setting, select the check box.
    Note: This setting only appears when the BIG-IP device is a member of a device group.
  12. In the Resources area of the screen, from the Default Pool list, select the relevant pool name.
  13. Configure any other settings that you need.
  14. Click Finished.
The virtual server appears in the list of existing virtual servers on the Virtual Server List screen.

Enabling the virtual address to span all devices

For this ECMP setup, you will need to log in to the BIG-IP® device you created the virtual server and make sure that the associated virtual address is associated with the default traffic group (traffic-group-1). Then you will need to enable the Spanning option.

Note: You only need to do this task on one device in the device group (in our example, Bigip_A). Later you will synchronize this configuration to the other devices in the device group.
  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen displays a list of existing virtual servers.
  2. On the menu bar, click Virtual Address List.
    This displays the list of virtual addresses.
  3. Click the name of the virtual address you want to view.
    This shows the properties of that virtual address.
  4. Ensure that the Traffic Group list is set to traffic-group-1.
    Note: traffic-group-1 is the default floating traffic group on the system.
  5. Clear the ARP check box.
    This disables the Advanced Resolution Protocol (ARP).
  6. Select the Spanning check box.
    This setting adds this floating virtual address to all floating traffic groups in the device group, ensuring that all devices in the device group can receive traffic from the ECMP-enabled upstream router.
  7. Click Update.

Creating traffic groups for failover

On one of the devices in the device group, create the floating traffic groups you will need for your configuration, except for traffic-group-1, which is the default traffic group. Each new traffic group is empty after you create it.

  1. On the Main tab, click Device Management > Traffic Groups .
  2. On the Traffic Groups screen, click Create.
  3. In the Name field, type a name for the new traffic group.
    An example of a traffic group name is traffic-group-2.
  4. In the Description field, type a description for the new traffic group.
    For example, you can type This traffic group contains the floating IP addresses that are on BIGIP_B.
  5. In the MAC Masquerade Address field, type a MAC masquerade address.
    For this setting, you should use an industry-standard method for creating a locally-administered MAC address. Each traffic group needs a MAC masquerade address to reduce the risk of dropped connections when failover happens.
  6. From the Failover Method list, select HA Order.
  7. Select the Auto Failback check box.
    This enables auto failback for the traffic group. When you combine auto failback with the HA Order setting you selected, each traffic group in the configuration goes active on a separate device, providing you with an all-active device group.
  8. For the Failover Order setting, in the Available box, select the name of the device that you want this traffic group to be active on and then move it to the Enabled box. Repeat for each device that you want to be the next-active device if failover occurs.
    You can put only members of the device group on the ordered list. You can't put devices from the local trust domain on the list if they are not in the device group.

    In our sample device group, where we configured each traffic group to be active on a different device, the first device in traffic-group-1's Failover Order list is BIGIP_A. Similarly, the first device in the traffic-group-2 list is BIGIP_B, and the first device in the traffic-group-3 list is BIGIP_C.

  9. Click Finished.
  10. Repeat this task for as many active traffic groups as you need for your configuration.
When you have finished configuring a traffic group (with auto-failback enabled), the traffic group goes active on the first device in the Failover Order list, even before any failover event happens. From then on, the traffic group always tries to be active on that device. If all of the devices in the ordered list are unavailable, and you have device group members that are not on the ordered list, the BIG-IP® system ignores the ordered list. Instead, it looks at the devices that are not on the list, and uses them to calculate a load-aware score for each of those devices, based on the local device's configured HA Capacity and the default HA Load value (1).

Creating floating self IP addresses

Each device in the BIG-IP® device group requires a floating self IP address to ensure that inbound or outbound traffic targeted to a BIG-IP device reaches its destination even when a device goes down and failover occurs. You can create the floating self IP addresses from just one of the devices in the device group (in our example, Bigip_A). Later, you will sync that device's configuration to the other devices in the device group. Using our sample configuration with three devices that each have an external and internal VLAN, this means you will create a total of six floating self IP addresses, each associated with a specific VLAN and a specific traffic group.

BIG-IP Device VLAN external VLAN internal Traffic Group
Bigip_A 20.1.1.2 10.1.1.2 Traffic-group-1
Bigip_B 20.1.1.3 10.1.1.3 Traffic-group-2
Bigip_C 20.1.1.4 10.1.1.4 Traffic-group-3
  1. On the Main tab, click Network > Self IPs .
  2. Find the Partition list in the upper right corner of the BIG-IP Configuration utility screen, to the left of the Log out button.
  3. From the Partition list, make sure that partition Common is selected.
  4. Click Create.
    The New Self IP screen opens.
  5. In the Name field, type a unique name for the floating self IP address.
    For example, for the floating external self IP address for device Bigip_A, this name could be float_ext_self_bigipA.
  6. In the IP Address field, type an IP address.
    For example, in our sample configuration for device BIGIP_A, the static self IP address for VLAN external could be 20.1.1.6 .
  7. In the Netmask field, type the full network mask for the specified IP address.
  8. From the VLAN/Tunnel list, select either external or internal.
  9. Click Add.
  10. From the Traffic Group list, select the name of a floating traffic group.
    For example, for IP address 20.1.1.2, select Traffic-group-1. For address 20.1.1.3, select Traffic-group-2, and so on.
  11. Click Finished.
    The screen refreshes, and displays the new self IP address.
  12. Repeat this task for each of the floating IP addresses that you want to be members of a traffic group.

Syncing the BIG-IP configuration to the device group

Before you sync the configuration, verify that the devices that are targeted for config sync are members of a Sync-Failover device group.
This task synchronizes the latest BIG-IP® configuration data from the local device to the devices in the device group. This synchronization makes sure that devices in the device group work correctly.
Note: You only need to do this task on one device in the device group.
  1. On the Main tab, click Device Management > Overview .
  2. In the Device Groups area of the screen, from the Name column, select the name of the relevant device group.
    The screen expands to show a summary and details of the sync status of the selected device group, as well as a list of the individual devices within the device group.
  3. In the Devices area of the screen, from the Sync Status column, select the device that shows a sync status of Changes Pending.
  4. In the Sync Options area of the screen, select Sync Device to Group.
  5. Click Sync.
    The BIG-IP system syncs the configuration data of the selected device in the Device area of the screen to the other members of the device group.
After you complete this task, the BIG-IP configuration data is synchronized to every device in the device group.