Applies To:

Show Versions Show Versions

Manual Chapter: Configuring a Sync-Failover Device Group
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Configuring a Sync-Failover device group

A Sync-Failover device group with two members and two traffic groups provides configuration synchronization and device failover. It can also provide connection mirroring between the two devices.

Application traffic in a Sync-Failover device group is processed by IP addresses that are configured to float from one device to the other. The floating IP addresses are assigned to a traffic group that resides on each device in the group. The traffic group is active on only one device at a time.

If the active device goes offline, the traffic group becomes active on a Sync-Failover peer in the group and application processing is handled by that device. The process of taking over these functions is known as failover.

Failover device groups Failover device groups

Task summary

Each BIG-IP device in a device group has a default traffic group (traffic group 1). Floating IP addresses are assigned to traffic group 1 and that traffic group processes application traffic.

To process traffic for additional applications with Sync-Failover capability, create a second device group and a second traffic group.

Use the tasks in this implementation to create a new device group to which you can assign a second traffic group. In this active-active configuration, each device in the group has one active traffic group.

Task list

Before you begin

Verify that the following configuration objects are defined on each device in the device group.

Three VLANs
One VLAN is internal, one is external, and one is HA. Each VLAN is assigned to an interface.
Three non-floating self IP addresses
One non-floating self IP is associated with the internal VLAN, one is associated with the external VLAN, and one is associated with the HA VLAN.
ImportantColonSymbol Self IPs that you create for this device group must support Port Lockdown. You can specify All, Custom, or Default, but not None.
Two floating self IP addresses
One floating self IP is associated with the internal VLAN and the other is associated with the external VLAN.
A virtual server
The virtual server IP addresses are used to process application traffic. Because the virtual IP addresses are configured to float between devices in the device group, traffic can failover when necessary.

Specifying an IP address for config sync

Before configuring the config sync address, verify that all devices in the device group are running the same version of BIG-IP system software.
This task identifies the IP address that devices in the device group will use to synchronize their configuration objects. Use the BIG-IP Configuration utility to set up config sync.
Important: You must perform this task on each device in the device group.
  1. Confirm that you are logged in to the actual device you want to configure.
  2. On the Main tab, click Device Management > Devices. This displays a list of device objects discovered by the local device.
  3. In the Name column, click the name of the device to which you are currently logged in.
  4. From the Device Connectivity menu, choose ConfigSync.
  5. For the Local Address setting, retain the displayed IP address or select another address from the list. F5 Networks recommends that you use the default value, which is the self IP address for VLAN internal. This address must be a non-floating self IP address and not a management IP address.
  6. Click Update.

Specifying IP addresses for connection mirroring

Before configuring mirroring addresses, verify that the mirroring peers have the same hardware platform.
This task configures connection mirroring between two devices to ensure that in-process connections are not dropped when failover occurs. You can mirror connections between a maximum of two devices in a device group.
Important: You must perform this task on each device in the device group.
  1. Confirm that you are logged in to the actual device you want to configure.
  2. On the Main tab, click Device Management > Devices. This displays a list of device objects discovered by the local device.
  3. In the Name column, click the name of the device to which you are currently logged in.
  4. From the Device Connectivity menu, choose Mirroring.
  5. For the Primary Local Mirror Address setting, retain the displayed IP address or select another address from the list. The recommended IP address is the self IP address for either VLAN HA or VLAN internal.
  6. For the Secondary Local Mirror Address setting, retain the default value of None, or select an address from the list. This setting is optional. The system uses the selected IP address in the event that the primary mirroring address becomes unavailable.
  7. Click Update.

Establishing device trust

Verify that each BIG-IP device that is to be part of a local trust domain has a device certificate installed on it.
This task establishes a local trust domain between the local device (that is, the device you are logged in to) and devices you specify during the process. A local trust domain is any number of BIG-IP devices that have a trust relationship with one another. Perform this task on any one of the BIG-IP devices that will be in the same device group.
  1. On the Main tab, click Device Management/Device Trust, and then either Peer List or Subordinate List.
  2. In the Peer Authority Devices or the Subordinate Non-Authority Devices area of the screen, click Add.
  3. Type an IP address, administrator user name, and administrator password for the remote BIG-IP device. This IP address can be either a management IP address or a self IP address.
  4. Click Retrieve Device Information.
  5. Verify that the certificate of the remote device is correct.
  6. Verify that the name of the remote device is correct.
  7. Verify that the management IP address and name of the remote device are correct.
  8. Click Finished.

Creating a Sync-Failover device group

This task establishes failover capability between two BIG-IP devices. If the active device in a Sync-Failover device group becomes unavailable, the configuration objects fail over to another member of the device group and traffic processing is unaffected. You can perform this task on any authority device within the local trust domain.
  1. On the Main tab, click Device Management > Device Groups. The Device Groups screen displays a list of existing device groups.
  2. On the Device Group List screen, click Create.
  3. Type a name for the device group, select the device group type Sync-Failover, and type a description for the device group.
  4. In the Configuration area of the screen, select a host name from the Available list for each BIG-IP device that you want to include in the device group. Use the Move button to move the host name to the Selected list. The Available list shows any devices that are members of the device's local trust domain but not currently members of a Sync-Failover device group. A device can be a member of one Sync-Failover group only.
  5. For Network Failover, select the Enabled check box.
  6. Click Finished.
You now have a Sync-Failover device group containing two BIG-IP devices as members.

Syncing the BIG-IP configuration to the device group

Before starting this task, verify that all devices targeted for ConfigSync are members of a device group and that device trust has been established.
This task synchronizes the BIG-IP configuration data from the local device to all devices in the group. This synchronization ensures that the entire redundant system configuration operates properly within the device group. When synchronizing self IP addresses, the BIG-IP system synchronizes floating self IP addresses only.
Important: Perform the following procedure on only one of the two devices.
  1. On the Main tab, click Device Management > Device Groups. The Device Groups screen displays a list of existing device groups.
  2. In the Group Name column, click the name of the relevant device group.
  3. On the menu bar, click ConfigSync.
  4. Click Synchronize To Group.
Except for non-floating self IP addresses, the entire set of BIG-IP configuration data is replicated on each device in the device group.

Specifying IP addresses for failover

This task specifies the local IP addresses that you want other devices in the device group to use for failover communications with the local device. You must perform this task on each device in the device group.
Note: The failover addresses that you specify must belong to route domain 0.
  1. Confirm that you are logged in to the actual device you want to configure.
  2. On the Main tab, click Device Management > Devices. This displays a list of device objects discovered by the local device.
  3. In the Name column, click the name of the device to which you are currently logged in.
  4. From the Device Connectivity menu, choose Failover.
  5. For the Failover Unicast Configuration settings, retain the displayed IP addresses. You can also click Add to specify additional IP addresses that the system can use for failover communications. F5 Networks recommends that you use the self IP address assigned to the HA VLAN.
  6. If the BIG-IP system is running on a VIPRION platform, then for the Use Failover Multicast Address setting, select the Enabled check box.
  7. If you enable Use Failover Multicast Address, either accept the default Address and Port values, or specify values appropriate for the device. If you revise the default Address and Port values, but then decide to revert back to the default values, click Reset Defaults.
  8. Click Update.
After you perform this task, other devices in the device group can send failover messages to the local device using the specified IP addresses.

Creating a second traffic group for the device group

This task creates a second active floating traffic group to process application traffic. The default floating traffic group (traffic-group-1) processes application traffic for the local device.
Note: For this implementation, name this traffic group traffic-group-2.
  1. On the Main tab, click Network > Traffic Groups.
  2. On the Traffic Group List screen, click Create.
  3. Type the name traffic-group-2 for the new traffic group.
  4. Select the remote device as the default device for the new traffic group, and optionally specify a MAC masquerade address.
  5. Select or clear the check box for the Auto Failback option.
    • Select causes the traffic group to be active on its default device whenever that device is as available, or more available, than another device in the group.
    • Clear causes the traffic group to remain active on its current device until failover occurs again.
  6. Confirm that the displayed traffic group settings are correct.
  7. Click Finished.
You now have a second floating traffic group on the local device (in addition to the default floating traffic group) so that once the traffic group is activated on the remote devices, devices in the device group can process traffic for different applications.

Assigning traffic-group-2 to a floating virtual IP address

This task assigns your new traffic group to the device group's internal virtual IP address.
  1. On the Main tab, click Local Traffic > Virtual Servers > Virtual Address List. The Virtual Address List screen opens.
  2. In the Name column, click the virtual address that you want to assign to the traffic group. This displays the properties of that virtual address.
  3. From the Traffic Group list, select traffic-group-2 (floating).
  4. Click Update.
The device's floating virtual IP address is now a member of your second traffic group. The virtual IP address can now fail over to other devices in the traffic group.

Assigning traffic-group-2 to a floating self IP address

This task assigns your floating self IP address to traffic-group-2.
  1. On the Main tab, click Network > Self IPs. The Self IPs screen opens.
  2. In the Name column, click the floating self IP address assigned to VLAN internal. This displays the properties of that self IP address.
  3. From the Traffic Group list, select traffic-group-2 (floating).
  4. Click Update.
The device's floating self IP address is now a member of your second traffic group. The self IP address can now fail over to other devices in the traffic group.

Syncing the BIG-IP configuration to the device group

Before starting this task, verify that all devices targeted for ConfigSync are members of a device group and that device trust has been established.
This task synchronizes the BIG-IP configuration data from the local device to all devices in the group. This synchronization ensures that the entire redundant system configuration operates properly within the device group. When synchronizing self IP addresses, the BIG-IP system synchronizes floating self IP addresses only.
Important: Perform the following procedure on only one of the two devices.
  1. On the Main tab, click Device Management > Device Groups. The Device Groups screen displays a list of existing device groups.
  2. In the Group Name column, click the name of the relevant device group.
  3. On the menu bar, click ConfigSync.
  4. Click Synchronize To Group.
Except for non-floating self IP addresses, the entire set of BIG-IP configuration data is replicated on each device in the device group.

Forcing a traffic group to a standby state

This task causes the selected traffic group on the local device to switch to a standby state. By forcing the traffic group into a standby state, the traffic group becomes active on another device in the device group. For device groups with more than two members, you can choose the specific device to which the traffic group fails over. This task is optional.

  1. Log in to the device on which the traffic group is currently active.
  2. On the Main tab, click Network > Traffic Groups.
  3. In the Name column, locate the name of the traffic group that you want to run on the peer device.
  4. Select the check box to the left of the traffic group name. If the check box is unavailable, the traffic group is not active on the device to which you are currently logged in. Perform this task on the device on which the traffic group is active.
  5. Click Force to Standby. This displays target device options.
  6. Choose one of these actions:
    • If the device group has two members only, click Force to Standby. This displays the list of traffic groups for the device group and causes the local device to appear in the Next Active Device column.
    • If the device group has more than two members, then from the Target Device list, select a value and click Force to Standby.
The selected traffic group is now active on another device in the device group.

Implementation result

You now have a Sync-Failover device group set up with an active-active configuration. In this configuration, each traffic group is initially configured to be active on one device. If one device goes offline, the traffic group that was active on that device becomes active on the other device in the group. Application processing for both traffic groups continues without interruption.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)