There are a few things you can do if failover is not working:
- Confirm that the Port Lockdown setting on each self IP address is set to Allow All.
- Confirm that the IAM user account has the security policy AmazonEC2FullAcess assigned to it.
- For the external, internal, and HA VLANs,
confirm that the interface assigned to each VLAN matches the device index assigned to the
corresponding subnet. For example, the internal subnet in AWS should have a device index of
eth2, and the internal VLAN in the BIG-IP®
software should have interface 1.2 assigned to it.
- Check the log messages by using SSH to log in
to the BIG-IP VEs. At the system prompt, type the command tail -n 20
/var/log/ltm. This shows the most recent twenty rows of log messages.
- Confirm that the two instances show the same date and time.
If none of the above solves the problem, use the BIG-IP® Configuration
utility to do the following:
- Delete the peer authority in the local
- Remove the BIG-IP VEs from the device
group and then delete the empty device group.
On BIG-IP A,
re-establish trust with BIG-IP B, specifying BIG-IP
B's management address, 10.0.0.240.
- Re-create the Sync-Failover device
group with the Network Failover setting enabled.
- On BIG-IP A,
sync the configuration to the device group (in this case, BIG-IP