Applies To:

Show Versions Show Versions

Manual Chapter: Introducing BIG-IP System Redundancy
Manual Chapter
Table of Contents   |   Next Chapter >>

What is BIG-IP system redundancy?

The Traffic Management Operation System® (TMOS®) within the BIG-IP® system includes an underlying architecture that allows you to create a redundant system configuration, known as device service clustering (DSC), for multiple BIG-IP devices on a network. This redundant system architecture provides both synchronization of BIG-IP configuration data and high availability at user-defined levels of granularity. More specifically, you can configure a BIG-IP device on a network to:

  • Synchronize some or all of its configuration data among any number of BIG-IP devices on a network
  • Fail over to one of many available devices
  • Mirror connections to a peer device to prevent interruption in service during failover

If you have two BIG-IP devices only, you can create either an active/standby or an active-active configuration. With more than two devices, you can create a configuration in which multiple devices are active and can fail over to one of many, if necessary.

By setting up a redundant system configuration, you ensure that BIG-IP configuration objects are synchronized and can fail over at useful levels of granularity to appropriate BIG-IP devices on the network. You also ensure that failover from one device to another, when enabled, occurs seamlessly, with minimal interruption in application delivery.

Configuration components

BIG-IP® redundant system configuration is based on a few key components.

Devices

A device is a physical or virtual BIG-IP system, as well as a member of a local trust domain and a device group. Each device member has a set of unique identification properties that the BIG-IP® system generates.

Device groups

A device group is a collection of BIG-IP® devices that trust each other and can synchronize, and sometimes fail over, their BIG-IP configuration data.

Important: To configure redundancy on a device, you do not need to explicitly specify that you want the BIG-IP device to be part of a redundant configuration. Instead, this occurs automatically when you add the device to an existing device group.

You can create two types of devices groups:

Sync-Failover
A Sync-Failover device group contains devices that synchronize configuration data and support traffic groups for failover purposes when a device becomes unavailable. Devices in a Sync-Failover device group must match with respect to hardware platform, product licensing, and module provisioning.
Sync-Only
A Sync-Only device group contains devices that synchronize configuration data, such as policy data, but do not synchronize failover objects.

A BIG-IP device can be a member of only one Sync-Failover group. However, a device can be a member of both a Sync-Failover device group and a Sync-Only device group.

Traffic groups

A traffic group is a collection of related configuration objects (such as a virtual IP address and a self IP address) that run on a BIG-IP device and process a particular type of application traffic. When a BIG-IP device becomes unavailable, a traffic group can float to another device in a device group to ensure that application traffic continues to be processed with little to no interruption in service.

Device trust and trust domains

Underlying successful operation of device groups and traffic groups is a feature known as device trust. Device trust establishes trust relationships between BIG-IP devices on the network, through mutual certificate-based authentication. A trust domain is a collection of BIG-IP devices that trust one another and can therefore synchronize and fail over their BIG-IP configuration data, as well as exchange status and failover messages on a regular basis. A local trust domain is a trust domain that includes the local device, that is, the device you are currently logged in to.

Folders and sub folders

Folders and sub-folders are containers for the configuration objects on a BIG-IP device. For every administrative partition on the BIG-IP system, there is a high-level folder. At the highest level of the folder hierarchy is a folder named root. The BIG-IP system uses folders to affect the level of granularity to which it synchronizes configuration data to other devices in the device group. You can create sub-folders within a high-level folder, using tmsh.

Note: In most cases, you can manage redundancy for all device group members remotely from one specific member. However, there are cases when you must log in locally to a device group member to perform a task. An example is when resetting device trust on a device.

About configuration synchronization

When you have more than one BIG-IP® device on the local area network, you can synchronize their BIG-IP configuration data among devices in a device group. If you want to exclude certain devices from configuration synchronization, you simply exclude them from membership in that particular device group.

You can synchronize some types of data on a global level across all BIG-IP devices, while synchronizing other data in a more granular way, on an individual application level to a subset of devices. For example, you can set up a large device group to synchronize resource and policy data (such as iRules® and profiles) among all BIG-IP devices in a data center, while setting up a smaller device group for synchronizing application-specific data (such as virtual IP addresses) between the specific devices that are delivering those applications.

Configuration overview for configuration synchronization

To set up configuration synchronization, you perform these tasks:

  • Add the local device as a member of the local trust domain.
  • Specify on the local device the IP address that you want the system to use when synchronizing data.
  • Add the local device as a member of a Sync-Only or Sync-Failover device group.
  • Assign the device group to the folder that you want to synchronize (either the root folder or a sub-folder).
Note: When you are configuring a BIG-IP® system for the first time, the Setup utility automatically performs some or all of the these tasks, depending on the desired configuration.

About failover

When you have more than one BIG-IP® device on the local area network, you can configure a device to fail over a user-specified set of configuration objects (that is, a traffic group) to any of the devices in a device group. This selective failover gives you granular control of configuration objects that you want to include in failover operations.

Group-based failover means that multiple devices are available for the BIG-IP system to choose from to assume traffic processing for an off-line device. Also, if you want to exclude certain devices from being peers in failover operations, you simply exclude them from membership in that particular device group.

Configuration overview for failover

To set up failover, you perform these tasks:

  • Add the local device as a member of the local trust domain.
  • Specify on the local device the IP addresses that you want the system to use for configuration synchronization, failover, and mirroring.
  • Add the local device as a member of a Sync-Failover device group.
  • If needed, create a custom traffic group.
  • Assign the relevant traffic group to the folder that you want to fail over (either the root folder or a sub-folder).
Note: When you are configuring a BIG-IP® system for the first time, the Setup utility automatically performs some or all of the above tasks, depending on the required configuration.

About redundancy setup

The way that you set up redundancy on a BIG-IP® device depends on the required configuration.

Required configuration Method
Existing active/standby pair If you want to upgrade an active/standby pair to the latest version of the BIG-IP system, the upgrade software performs all redundant system configuration tasks for you, on each device, including establishing device trust between the two systems, creating a device group with two members, and creating a default traffic group.
New active/standby pair If you want to set up a new pair of BIG-IP devices as an active/standby pair, you simply run the Setup utility wizard (on each device), available from the BIG-IP® Configuration utility Welcome screen. Like the upgrade procedure, the Setup utility performs all redundant system configuration tasks for you, but based on information you provide. This includes establishing device trust between the two systems, creating a device group with two members, and creating a default traffic group.
Existing active/standby pair converted to active-active pair If you have an existing active/standby pair and want to convert it to an active-active pair, you can upgrade the active/standby pair to the latest version of the BIG-IP system, and then use the BIG-IP® Configuration utility Traffic Group screens to convert the pair to an active-active pair.
Multiple new BIG-IP devices If you want to set up multiple new BIG-IP devices in a redundant system configuration, you can run the Setup utility wizard, and then use the BIG-IP® Configuration utility Platform, Device Management, and Traffic Group screens to configure some advanced features.

Serial and network failover

When you create a device group, you can specify whether you want the BIG-IP® system to use a serial cable or the network for failover operations.

Note: You can use serial failover only when the device group contains a maximum of two devices. For a group with more than two devices, network failover is required. Also, if the hardware platform is a VIPRION® platform, you must use network failover.
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)