Applies To:

Show Versions Show Versions

Manual Chapter: Testing the High Availability Configuration
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Trigger failover to the standby BIG-IP VE

Before doing this task, confirm in AWS that both BIG-IP® VE instances are running.

You can test your HA configuration by forcing the active BIG-IP VE to fail over to the standby peer and then viewing the HA status of each BIG-IP VE.

  1. Using SSH, log in to both BIG-IP VEs.

    In the upper left corner of the BIG-IP Configuration utility, BIG-IP A should show a status of ACTIVE, while BIG-IP B shows a status of STANDBY:

  2. In the AWS Management Console, from the Services menu at the top of the screen, select EC2.
  3. In the Navigation pane, under NETWORK & SECURITY, select Network Interfaces.
    This displays the list of EC2 network interfaces.
  4. Find the secondary private IP address to be used as the virtual IP address (, and see that it is assigned to BIG-IP A's external interface:

  5. On the active BIG-IP VE (BIG-IP A), from the Main tab, click Device Management > Traffic Groups .
    This displays a list of one traffic group.
  6. To the left of traffic-group-1, select the check box.
  7. Click Force to Standby.
    A confirmation message appears.
  8. Click Force to Standby again.

    In the upper left corner of the BIG-IP Configuration utility, BIG-IP A now shows a status of STANDBY, while BIG-IP B shows a status of ACTIVE:

  9. Now switch to the AWS list of network interfaces and find the secondary private IP address again. You can see that the IP address floated to BIG-IP B's external interface during failover:

Troubleshooting the HA configuration

There are a few things you can do if failover is not working:

  • Confirm that the Port Lockdown setting on each self IP address is set to Allow All.
  • Confirm that the IAM user account has the security policy AmazonEC2FullAcess assigned to it.
  • For the external, internal, and HA VLANs, confirm that the interface assigned to each VLAN matches the device index assigned to the corresponding subnet. For example, the internal subnet in AWS should have a device index of eth2, and the internal VLAN in the BIG-IP® software should have interface 1.2 assigned to it.
  • Check the log messages by using SSH to log in to the BIG-IP VEs. At the system prompt, type the command tail -n 20 /var/log/ltm. This shows the most recent twenty rows of log messages.
  • Confirm that the two instances show the same date and time.

If none of the above solves the problem, use the BIG-IP® Configuration utility to do the following:

  1. Delete the peer authority in the local trust domain.
  2. Remove the BIG-IP VEs from the device group and then delete the empty device group.
  3. On BIG-IP A, re-establish trust with BIG-IP B, specifying BIG-IP B's management address,
  4. Re-create the Sync-Failover device group with the Network Failover setting enabled.
  5. On BIG-IP A, sync the configuration to the device group (in this case, BIG-IP B).
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)