Applies To:

Show Versions Show Versions

Manual Chapter: Increasing BIG-IP VE Availability in Azure
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

About increasing BIG-IP VE availability in Azure

The following diagram shows a basic deployment of two BIG-IP® VE virtual appliances in a Microsoft Azure availability set.

The two BIG-IP VEs are synchronizing their configurations to one another; they are not communicating for the purpose of failover. The BIG-IP VE high availability feature does not work in Azure, and you cannot create an active-standby pair.

This deployment has the following benefits:
  • The two BIG-IP VEs are on different hardware, because they are in an Azure availability set, and as such, both servers should not be down at the same time.
  • Changes on one BIG-IP VE are propagated to the other, because config sync is enabled.
  • If one BIG-IP VE fails, the other BIG-IP VE continues to process traffic, though packets on the failed system are lost.
  • Both BIG-IP VEs have Active status and are available to process traffic.
  • More traffic can be processed; if each BIG-IP VE has 1Gbps of throughput, then together they have 2Gbps.

Enable config sync for BIG-IP VE in Azure

Before you can complete this task:
  • Both BIG-IP VEs must be deployed within the same availability set.
  • The Azure network security group for each BIG-IP VE must have inbound port 4354 and 6699 open (in addition to other ports you've enabled).
  • Both BIG-IP VEs must be running the same version of BIG-IP VE system software.
  • The BIG-IP VEs must not have the same device name. To view the name, use the tmsh command: list /cm device. The device name is in the first line that is returned, for example cm device bigip1 {. To change the name, use mv cm device <current_device_name> <new_device_name> .
Enable config sync communication when you want to automatically or manually synchronize configuration information.
Note: The following steps apply to single-NIC configuration only. If you have multiple NICs, follow the standard procedures for enabling config sync.
  1. Determine the static private IP address of each BIG-IP VE in the Azure virtual network. To find this address, in the Azure portal, select the virtual machine, and click Properties.
  2. Use an SSH tool to connect to each of the BIG-IP VEs.
  3. Ensure you are at the tmsh prompt.
  4. On each BIG-IP VE, disable functionality that enforces single NIC setup.
    modify sys db provision.1nicautoconfig value disable
  5. Confirm that the value was set correctly by typing list sys db provision.1nicautoconfig.
    The following text is returned: value "disable".
  6. On each BIG-IP VE, specify the static private IP address of the BIG-IP VE itself.
    modify cm device <device_name> configsync-ip <private_ip_address>
  7. Establish device trust: On one BIG-IP VE, enter the static private IP address of the other BIG-IP VE, along with its user name and password.
    modify cm trust-domain root ca-devices add { <peer_private_ip_address> } name <peer_device_name> username <peer_username> password <peer_password>
  8. On the same BIG-IP VE as the previous step, create a sync-failover device group with network failover disabled.
    create cm device-group <device_group_name> devices add { <all-bigip-device-names-separated-by-space> } type sync-failover auto-sync enabled network-failover disabled
  9. Sync the BIG-IP VE to the other BIG-IP VE.
    run cm config-sync to-group <device_group_name>
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)