Applies To:

Show Versions Show Versions

Manual Chapter: Configuring High Availability in BIG-IP VE
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Checklist: Configure high availability in BIG-IP

To set up high availability (HA), continue by creating these HA objects in the BIG-IP® software.

Important: Both BIG-IP VE instances must be in the same availability zone.
Create a VLAN for HA communication
On each BIG-IP VE, create a VLAN that corresponds to the HA subnet.
VLAN name: HA
Create a static self IP address for each HA VLAN
On each BIG-IP VE, create a static self IP address used for failover communication. These IP addresses must match the private IP addresses assigned to the HA subnet in AWS.
  • Self IP on BIG-IP A: 10.0.3.96
  • Self IP on BIG-IP B: 10.0.3.185
Establish device trust
The BIG-IP VEs must establish trust by exchanging certificates. Use management IP addresses to do this.
  • Management IP on BIG-IP A: 10.0.0.200
  • Management IP on BIG-IP B: 10.0.0.201
Specify config sync and failover addresses
These are the static self IP addresses that you want the BIG-IP VEs to use for config sync and failover operations to one another.
Operation BIG-IP A BIG-IP B
Config Sync Static self IP for the internal VLAN: 10.0.2.200 Static self IP for the internal VLAN: 10.0.2.201
Failover Static self IP for the HA VLAN: 10.0.3.96 Static self IP for the HA VLAN: 10.0.3.185
Create a BIG-IP Sync-Failover device group
BIG-IP VEs in a Sync-Failover device group can sync their configurations and fail over to one another.
An example of a device group name is bigip_ve_dg.
Verify the contents of the traffic group
The default floating traffic group, traffic-group-1, contains the floating virtual IP address that you want to become active on the other BIG-IP VE instance when failover occurs.
  • Floating virtual IP: 10.0.1.202
Synchronize the BIG-IP configuration
Log into BIG-IP A and sync its configuration to BIG-IP B.
Specify the access key and secret key on each BIG-IP VE
These keys are the access key and secret key for the AWS IAM user account. The BIG-IP software uses these keys to make programmatic requests to AWS during failover.
Synchronize the BIG-IP configuration again
After you have specified the access and secret keys on each BIG-IP VE instance, sync the BIG-IP configuration again.

Create VLANs for HA communication

You must create a VLAN on each BIG-IP® VE. The two BIG-IP VEs will use this VLAN for high availability communication with each other.
  1. Log in to the BIG-IP Configuration utility on BIG-IP A.
  2. On the Main tab, click Network > VLANs . The VLAN List screen opens.
  3. Click Create and fill in the appropriate fields for the HA VLAN.
    Field Value
    Name HA
    Interface 1.3
    Tagging Untagged
  4. Click Finished.
  5. Now log in to the BIG-IP Configuration utility on BIG-IP B.
  6. Repeat this task, using the same name for the VLAN:
    Field Value
    Name HA
    Interface 1.3
    Tagging Untagged
After you complete this task, each BIG-IP VE has a VLAN for high availability communications that corresponds to the HA subnet in your Amazon Virtual Private Cloud (VPC).

Create static self IP addresses for the HA VLANs

Each BIG-IP® VE needs a static self IP address to send failover communications to the other BIG-IP VE. This self IP address must match the primary private IP address of the instance's network interface for the HA subnet.
  1. Log in to the BIG-IP Configuration utility on BIG-IP A.
  2. On the Main tab, click Network > Self IPs .
  3. Click Create and populate the appropriate fields:
    Field Value
    Name HAselfIP_A
    IP Address 10.0.3.96
    Netmask 255.255.255.0
    VLAN/Tunnel HA
    Port Lockdown Allow All
    Traffic Group traffic-group-local-only
  4. Click Finished.
  5. Now log in to the BIG-IP Configuration utility on BIG-IP B.
  6. Repeat this task, specifying these values:
    Field Value
    Name HAselfIP_B
    IP Address 10.0.3.185
    Netmask 255.255.255.0
    VLAN/Tunnel HA
    Port Lockdown Allow All
    Traffic Group traffic-group-local-only
The two BIG-IP VEs can now monitor each other's availability status through the HA VLAN.

Establish trust between the BIG-IP VEs

Before joining a Sync-Failover device group, both BIG-IP® VEs must authenticate each others' certificates to create trust.
Note: Do this task on BIG-IP A only.
  1. Log in to the BIG-IP Configuration utility on BIG-IP A.
  2. On the Main tab, click Device Management > Device Trust , and then select Peer List.
  3. Click Add.
  4. For the IP address, type the management address for BIG-IP B, 10.0.0.201.
    This is the primary private IP address associated with BIG-IP B's management subnet.
  5. Type the administrative user name (admin).
  6. Click Retrieve Device Information.
    BIG-IP A discovers BIG-IP B and displays information about it.
  7. Confirm that BIG-IP B's certificate is correct.
  8. Confirm that the management IP address and name of BIG-IP B are correct.
  9. Click Finished.
BIG-IP A and BIG-IP B now trust each other.

Specify config sync, failover, and mirroring addresses

On BIG-IP A, you will need to specify the IP addresses that BIG-IP B should use to synchronize its configuration to and assess the health of BIG-IP A. On BIG-IP B, you will need to specify the addresses that BIG-IP A should use to synchronize its configuration to and assess the health of BIG-IP B.

  1. Log in to the BIG-IP® Configuration utility on BIG-IP A.
  2. On the Main tab, click Device Management > Devices
  3. In the Name column, click BIG-IP A.
  4. From the Device Connectivity menu, choose ConfigSync.
  5. For the Local Address setting, select the static self IP address for BIG-IP A's internal VLAN, 10.0.2.200.
  6. From the Device Connectivity menu, choose Failover Network.
  7. For the Failover Unicast Configuration settings, click Add and specify the static self IP address for BIG-IP A's HA VLAN, 10.0.3.96.
  8. Click Update.
  9. Now log in to BIG-IP B.
  10. On the Main tab, click Device Management > Devices
  11. In the Name column, click BIG-IP B.
  12. From the Device Connectivity menu, choose ConfigSync.
  13. For the Local Address setting, select the static self IP address for BIG-IP B's internal VLAN, 10.0.2.201.
  14. From the Device Connectivity menu, choose Failover Network.
  15. For the Failover Unicast Configuration settings, click Add and specify the static self IP address for BIG-IP B's HA VLAN, 10.0.3.185.
  16. Click Update.
Now each BIG-IP VE can use the IP addresses of the other BIG-IP VE to sync its configuration and fail over to each other.

Create a Sync-Failover device group

You must put the two BIG-IP-IP® VEs into a Sync-Failover device group. If an active BIG-IP VE in the Sync-Failover device group becomes unavailable, its configuration objects fail over to the other BIG-IP VE and traffic processing resumes.

Note: Do this task on BIG-IP A only.
  1. Log in to the BIG-IP Configuration utility on BIG-IP A.
  2. On the Main tab, click Device Management > Device Groups .
  3. On the Device Groups list screen, click Create.
    The New Device Group screen opens.
  4. Type a name for the device group, such as bigip_ve_dg.
  5. Select the device group type Sync-Failover.
  6. Type a description for the device group.
  7. In the Configuration area of the screen, select BIG-IP B from the Available list, and use the Move button to move the name to the Includes list. Repeat this action to add BIG-IP A to the device group.
  8. For the Network Failover setting, verify that network failover is enabled.
  9. Click Finished.
You now have a Sync-Failover device group that contains both BIG-IP VEs.

View the traffic group

The default floating traffic group, traffic-group-1, contains the floating virtual IP address. You can use the BIG-IP® Configuration utility to view traffic-group-1 and see that it contains this address. Any application traffic targeting this address is re-directed to the other BIG-IP VE when failover occurs.
Note: Do this task on BIG-IP A only.
  1. Log in to the BIG-IP Configuration utility on BIG-IP A.
  2. On the Main tab, click Device Management > Traffic Groups .
  3. In the Name column, click the name traffic-group-1.
    Note: When you sync the configuration on BIG-IP A to BIG-IP B later, the floating traffic group will appear on BIG-IP B.
    You can see that the virtual floating IP address is in the traffic group. 10.0.1.202.

Sync the BIG-IP configuration to the device group

You must synchronize the BIG-IP® configuration data from BIG-IP A to BIG-IP B. This data includes the floating virtual IP address, 10.0.1.202.
Note: Do this task on BIG-IP A only.
  1. Log in to the BIG-IP Configuration utility on BIG-IP A.
  2. On the Main tab, click Device Management > Overview .
  3. In the Device Groups area of the screen, from the Name column, select the device group you created earlier, such as bigip_ve_dg.
    The screen expands to show a summary and details of the sync status of the device group, as well as a list of the two BIG-IP VEs within the device group.
  4. In the Devices area of the screen, from the Sync Status column, select the device that shows a sync status of Changes Pending.
  5. In the Sync Options area of the screen, select Sync Device to Group.
    This syncs the most recent changes on BIG-IP A to the other member of bigip_ve_dg, BIG-IP B.

Specify access and secret keys

Use this task to specify the special access key and secret key that you previously created from within AWS. These keys are required for failover to be successful.

Note: Do this task on BIG-IP A only.
  1. Log in to the BIG-IP® Configuration utility on BIG-IP A.
  2. On the Main tab of the BIG-IP® Configuration utility, click System > Configuration > AWS > Global Settings .
  3. In the Access Key field, paste the access key you copied from AWS.
  4. In the Secret Key field, paste the secret key you copied from AWS.
  5. Click Update.
When you sync the BIG-IP configuration later, these keys will appear on BIG-IP B.

Sync the BIG-IP configuration to the device group

You must synchronize the BIG-IP® configuration data from BIG-IP A to BIG-IP B. This data includes the floating virtual IP address, 10.0.1.202.
Note: Do this task on BIG-IP A only.
  1. Log in to the BIG-IP Configuration utility on BIG-IP A.
  2. On the Main tab, click Device Management > Overview .
  3. In the Device Groups area of the screen, from the Name column, select the device group you created earlier, such as bigip_ve_dg.
    The screen expands to show a summary and details of the sync status of the device group, as well as a list of the two BIG-IP VEs within the device group.
  4. In the Devices area of the screen, from the Sync Status column, select the device that shows a sync status of Changes Pending.
  5. In the Sync Options area of the screen, select Sync Device to Group.
    This syncs the most recent changes on BIG-IP A to the other member of bigip_ve_dg, BIG-IP B.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)