Manual Chapter : Optimizing BIG-IP Resources for Application Traffic Flows

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP Analytics

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP Link Controller

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP AFM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP ASM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0
Manual Chapter

Overview: Maintaining high availability through resource monitoring

Sometimes a traffic group within a BIG-IP® Sync-Failover device group needs a certain number of resources to be up: resources like pool members, trunk links, VIPRION ®cluster members, or some combination of these.

With HA groups, you can define the minimum number of resources that a traffic group needs to stay active on its current device. If resources fall below that number, the traffic group fails over to a device with more resources. An HA group:

  • Monitors resource availability on current and next-active devices for an active traffic group.
  • Calculates an HA resource score on each device for choosing the next-active device.

The step-by-step tasks in this document guide you through creating the example configuration shown in the illustration. The illustration shows three sample devices with two active traffic groups. We've configured both traffic groups to use HA groups to define acceptable criteria for trunk health. Although it's not shown here, we'll assume that traffic-group-1 and traffic-group-2 use the HA Score and the Preferred Device Order failover methods, respectively, to pick their next-active devices.

In our example, we see that on both BIG-IP A and BIG-IP B, three of four trunk links are currently up, which meets the minimum criteria specified in the HA groups assigned to traffic-group-1 and traffic-group-2 on those devices. This allows each traffic group to stay active on its current device.

Now suppose that the trunk on BIG_IP A loses another link. We see that even though BIG-IP A is still up, traffic-group-1 has failed over because BIG-IP A no longer meets the HA group criteria for hosting the traffic group: only two of four trunk links are now up on that device.

Because we've configured traffic-group-1 to use HA scores to select the next-active device, the traffic group fails over to BIG-IP C, because this is the device with the most trunk links up and therefore has the highest HA score for hosting this traffic group.

As for traffic-group-2, it stays on its current device because BIG-IP B still meets the minimum criteria specified in its HA group.

The remainder of this document provides the step-by-step instructions you'll need to implement this example.

Before you begin

To create the sample HA groups configuration described in this document, make sure that you have:

Knowledge of F5 Networks® device service clustering (DSC®)
You'll need a working knowledge of Sync-Failover device groups, including traffic groups and BIG-IP® config sync and failover operations.
The Administrator user role
Your BIG-IP® user account must have the Administrator user role assigned to it.
A working Sync-Failover device group
The device group should contain three BIG-IP® devices with failover capability working successfully.
Two VLANs per device
At a minimum, each device should have a VLAN for the external network and another for the internal network.
An active traffic group on BIG-IP A and another on BIG-IP B
Each traffic group should contain:
  • Two floating self IP addresses for the external and internal VLANs
  • A floating virtual IP address
A trunk on each device
Each BIG-IP device should have a 4-link trunk.

Task summary for optimizing BIG-IP resources for an application flow

There are a few tasks you need to perform to optimize BIG-IP resources (such as trunk links) for an application flow.

Define trunk health criteria for traffic-group-1

You can use this task to create three HA groups, one per device, shown in the sample illustrations for traffic-group-1. Each HA group defines the criteria for acceptable trunk health for traffic-group-1.

Important: HA groups never sync to other devices in the device group, which means you'll need to log in to each device and create a separate HA group for each instance of traffic-group-1.
  1. Open a browser window and log in to BIG-IP A, using the management IP address.
    The login screen of the BIG-IP® Configuration utility opens.
  2. On the Main tab, click System > High Availability > HA Groups
  3. Click Create.
  4. In the HA Group Name field, type ha_group_deviceA_tg1.
  5. In the Active Bonus field, keep the default value.
    The purpose of the active bonus is to boost the HA score to prevent failover if trunk links oscillate up and down.
  6. In the Trunks setting, click Add.
    If the Add button is grayed out, there are no trunks on the BIG-IP system.
    The Add Trunk to HA Group dialog box opens.
  7. From the Trunk list, select the name of the trunk configured on the device you are logged in to.
  8. Using the drop-down list, select a minimum number of active links required for this device to process traffic, which in our example, is 3.
    This value is the minimum number of trunk links that you want to be up in order for traffic-group-1 to remain on its current device. If the number of trunk links falls below this value, traffic-group-1 will fail over to another device.
  9. For the Weight field, type 100, and for the number of active trunk links that are sufficient to be up for calculating the weight, select 3.
    Important: The BIG-IP system uses the values for the weight and the sufficient number of trunk links to calculate an HA score for the device you're logged in to. The system only uses this score when you configure the Failover to Device with Best HA Score failover method on a traffic group. The score indicates this device's suitability to be the next-active device for a traffic group.
    For example, suppose you had an HA group where the total number of trunk links was 4 and the minimum threshold was 2, but the sufficient threshold was 3. If there were only two links currently available, the BIG-IP system would calculate the score by multiplying the weight you configured for the trunk by the percentage of links available compared to the sufficient threshold value, not to the total number of links. If the weight we configured for the trunk was 100, and 66% of the links on the device were up (2 of 3), then the HA score calculation for the device would be 66 (100 x 66% ).
  10. Click Add.
    The New HA Group screen opens and shows the trunk member criteria that must be met to prevent the traffic group from failing over.
  11. Click Create HA Group.
  12. Log in to BIG-IP B and then to BIG-IP C and repeat this task, naming their HA groups ha_group_deviceB_tg1 and ha_group_deviceC_tg1, respectively.
You now have an HA group on each device that you will later associate with each instance of traffic-group-1.

Assign trunk health criteria and a failover method to traffic-group-1

Important: Before you start, make sure that traffic-group-1 is active on BIG-IP A. This will prevent unintentional failover.

This task assigns trunk health criteria (an HA group) to traffic-group-1 on all devices. You can also use this task to direct the BIG-IP® system to pick the next-active device for traffic-group-1 based on the HA scores of the other BIG-IP devices.

  1. Open a browser window and log in to BIG-IP A, using the management IP address.
  2. On the Main tab, click Device Management > Traffic Groups .
  3. In the Name column, click traffic-group-1.
    This displays the properties of the traffic group.
  4. From the HA Group list, select the HA group named ha_group_deviceA_tg1.
    Note: Because each instance of this traffic group has its own HA group, the BIG-IP system never syncs this value to the other devices in the device group.
  5. For the Failover Method setting, choose Failover to Device With Best HA Score.
    Note: The BIG-IP system never syncs this value to the other devices in the device group.
  6. Click Update.
  7. Log in to BIG-IP B and then to BIG-IP C and repeat this task, assigning the HA groups ha_group_deviceB_tg1 and ha_group_deviceC_tg1, respectively.
After you complete this task, traffic-group-1 on each device has trunk criteria assigned to it, and the BIG-IP system will pick the device with the highest HA score to be the next-active device for traffic-group-1 .

Define trunk health criteria for traffic-group-2

You can use this task to create three HA groups, one per device, shown in the sample illustrations for traffic-group-2. Each HA group defines the criteria for acceptable trunk health for traffic-group-2.

Important: HA groups never sync to other devices in the device group, which means you need to log in to each device and create a separate HA group for each instance of traffic-group-2.
  1. Open a browser window and log in to BIG-IP A), using the management IP address.
    The login screen of the BIG-IP® Configuration utility opens.
  2. On the Main tab, click System > High Availability > HA Groups
  3. Click Create.
  4. In the HA Group Name field, type ha_group_deviceA_tg2.
  5. In the Active Bonus field, keep the default value.
    The purpose of the active bonus is to boost the HA score to prevent failover if trunk links oscillate up and down.
  6. In the Trunks setting, click Add.
    If the Add button is grayed out, there are no trunks on the BIG-IP system.
    The Add Trunk to HA Group dialog box opens.
  7. From the Trunk list, select a trunk name.
  8. Using the drop-down list, select a minimum number of active trunk links required for this device to process traffic, which in our example is 2.
    This value is the minimum number of trunk links that you want to be up in order for a specific active traffic group to remain on its current device. If the number of trunk links falls below this value, traffic-group-2 will fail over to another device.
  9. Use the default weight (10) and retain the default value of all because we will not be using HA scores to choose the next-active device.
  10. Click Add.
    The New HA Group screen opens and shows the trunk member criteria that must be met to prevent the traffic group from failing over.
  11. Click Create HA Group.
  12. Log in to BIG-IP and then to BIG-IP C and repeat this task, naming their HA groups ha_group_deviceB_tg2 and ha_group_deviceC_tg2, respectively.
You now have an HA group on each device that you will later associate with each instance of traffic-group-2.

Assign trunk health criteria and a failover method to traffic-group-2 on BIG-IP B

Important: Before you start, make sure that traffic-group-2 is active on BIG-IP B. This will prevent unintentional failover.

This task associates trunk health criteria (that is, an HA group) with traffic-group-2 on BIG-IP B. You can also use this task to direct the BIG-IP® system to pick the next-active device for traffic-group-2 based on an ordered list of the devices in the device group.

Note: You only need to do this task on BIG-IP B; later, you'll sync the BIG-IP B configuration (including traffic-group-2) to the other devices in the device group.
  1. Open a browser window and log in to BIG-IP B, using the management IP address.
  2. On the Main tab, click Device Management > Traffic Groups .
  3. In the Name column, click traffic-group-2.
    This displays the properties of the traffic group.
  4. From the HA Group list, select the HA group named ha_group_deviceB_tg2.
    Note: Because each instance of this traffic group has its own HA group, the BIG-IP system never syncs this value to the other devices in the device group.
  5. For the Failover Method setting, choose Failover using Preferred Device Order and then Load Aware.
  6. For the Failover Order setting:
    1. Select a device in the Load Aware list and using the Move button, move the device to the Preferred Order list.
    2. Repeat for each device that you want to include in the ordered list.
    3. In the Preferred Order list, use the Up and Down buttons to set the order you want the system to use to select the next-active device for this traffic group.
      The result is that the first device in the list will be designated as the next-active device for this traffic group. If the first device is unavailable, the second device will be designated as the next-active device, and so on.
    Note: The HA group you assigned to this traffic group monitors the first device in the list to see how suitable it is to be the next-active device for this traffic group. If the HA group sees that the next-active device doesn't meet the minimum resource criteria specified in the HA group, the HA group monitors the second device in the list, and so on, until it finds a suitable device. If the HA group can't find a suitable device for next-active, the system switches to using load-aware failover to pick the next-active device. If the system still can't find a suitable next-active device, it chooses the device that the HA group most recently deemed suitable to host this traffic group.
  7. Click Update.
After you do this task, traffic-group-2 on BIG-IP B is ready for you to sync traffic-group-2 to the other devices in the device group.

Sync the BIG-IP configuration from BIG-IP B to the device group

This task synchronizes the latest BIG-IP® configuration data from BIG-IP B, including the active instance of traffic-group-2, to the other devices in the device group.
Important: If you enabled automation synchronization for your device group, you can skip this task. Also, be aware that the BIG-IP system never syncs an HA group or the value of the HA Group property of a traffic group during a config sync operation.
  1. Open a browser window and log in to BIG-IP B, using the management IP address.
    The BIG-IP Configuration utility opens.
  2. On the Main tab, click Device Management > Overview .
  3. In the Sync Issues area of the screen, find the device group name and click the arrow.
    This displays detailed information about the sync status of the device group.
  4. In the Recent Changes area of the screen, choose BIG-IP B.
    This device should show a status of Changes Pending.
  5. In the Sync Issues area of the screen, find the device group name and click the arrow.
    This displays detailed information about the sync status of the device group.
  6. In the Sync Options area of the screen, select Push the selected device configuration to the group.
  7. Click Sync.
    The BIG-IP system syncs the configuration data of BIG-IP B to the other members of the device group.

Assign trunk health criteria to traffic-group-2 on BIG-IP A and BIG-IP C

You use this task to assign trunk health criteria (an HA group) to traffic-group-2 on BIG-IP A and BIG-IP C.

  1. Open a browser window and log in to BIG-IP A, using the management IP address.
  2. On the Main tab, click Device Management > Traffic Groups .
  3. In the Name column, click traffic-group-2.
    This displays the properties of the traffic group.
  4. From the HA Group list, select the HA group named ha_group_deviceA_tg2.
    Note: Because each instance of this traffic group has its own HA group, the BIG-IP system never syncs this value to the other devices in the device group.
  5. Click Update.
  6. Open a browser window and log in to BIG-IP C, using the management IP address.
  7. Repeat this task on BIG-IP C, except from the HA Group list, select the HA group named ha_group_deviceC_tg2.
After you do this task, an HA group is assigned to BIG-IP A and BIG-IP C for traffic-group-2. The BIG-IP® system can now pick the next-active device for traffic-group-2 based on a list of devices in a preferred order. The BIG-IP system will use the calculated HA score on each device to decide whether a device in the list is eligible to become the next-active device. Any device with a non-zero score is eligible.

Configuration results

After you have completed the tasks in this document, based on our sample configuration, the BIG-IP® system manages high availability for the traffic groups in these ways:

For traffic-group-1:

  • The active instance of traffic-group-1 will automatically fail over to another device whenever the number of available trunk links on the current device falls below three.
  • The method for picking the next-active device is through a comparison of all HA scores for traffic-group-1 in the device group.

For traffic-group-2:

  • The traffic group will automatically fail over to another device whenever the number of available trunk links on the current device falls below two.
  • The method for picking the next-active device is through a list of devices in preferred order.

More About HA Scores

About HA score calculation

The HA score on a device for a traffic group is the sum of all HA score contributions from the resources defined in the relevant HA group.

This means that if an HA group on a device had multiple trunks defined and any one of those trunks failed to meet the minimum availability criteria (resulting in a score of 0), the full HA score on the device for the traffic group would be 0.

For example, suppose you have two 4-link trunks in an HA group, each with a weight of 50 and a minimum threshold of 2. If the first trunk contributes a score of 50 because all links are up, and the second trunk contributes a score of 0 because only one link is up (failing to meet the minimum threshold), the full HA score on the device for the traffic group is 0.

If you intentionally set a resource's minimum threshold to 0, and all of the resource's links go down, then the resulting score is whatever the other resources contribute, which in the case of the above example would be 50.

View the HA score for a traffic group using the BIG-IP Configuration utility

You can view the HA score for a traffic group on a particular device using the BIG-IP® Configuration utility.

  1. On any device in the device group, open a browser window and log in, using the management IP address.
  2. From the Main tab, click System > High Availability > HA Group List .
    This displays a list of HA groups on the device.
  3. In the Name column, click an HA group name.
  4. Find the HA Score property near the bottom of the screen and view the score.

View the HA score for a traffic group using tmsh

You can view the HA score for a traffic group on a particular device using the Traffic Management shell (tmsh) .

  1. On any device in the device group, log in to the Bash shell.
    Note: Your user account must grant you permission to access the Bash shell.
  2. At the command-line prompt, type tmsh.
  3. Type show sys ha-status all-properties.

    For example, this output shows that on a particular device, the HA score for traffic-group-1 is 60, and the score for traffic-group-2 is 30:

                                  
    
    -------------------------------------------------------------------------------
    Sys::HA Status      
    Feature               Key           Action          Fail  Feature  Take  Client  
                                                              Enabled  Act   Data  
    --------------------------------------------------------------------------------
    daemon-heartbeat      bigd          restart         no    yes      no    6.3M   
    daemon-heartbeat      cbrd          restart         no    yes      no    253.1K
    daemon-heartbeat      mcpd          restart         no    yes      no    37.1M
    daemon-heartbeat      snmpd         restart         no    yes      no    253.1K
    daemon-heartbeat      sod           restart-all     no    yes      no    2.5M
    daemon-heartbeat      tmm           restart         no    yes      no    506.5K
    daemon-heartbeat      tmrouted      restart         no    no       no    0 
    ha-group-score        tg1           failover        no    yes      no    60
    ha-group-score        tg2           failover        no    yes      no    30
                                  
                               
    

Other HA resources

For more general documentation about BIG-IP® device service clustering (DSC®), see the document titled BIG-IP Device Service Clustering: Administration on the AskF5™ Knowledge Base at support.f5.com.