You can create two types of devices groups:
A BIG-IP® device can be a member of only one Sync-Failover group. However, a device can be a member of both a Sync-Failover device group and a Sync-Only device group.
The following configuration restrictions apply to Sync-Failover device groups:
Sometimes when one BIG-IP® object references another, one of the objects gets synchronized to a particular device, but the other object does not. This can result in an invalid device group configuration.
For example, suppose you create two device groups that share some devices but not all. In the following illustration, Device A is a member of both Device Group 1 and Device Group 2.
Device Group 1 is associated with folder /Common, and Device Group 2 is associated with the sub-folder /Common/my_app. This configuration causes Device A to synchronize all of the data in folder /Common to Device B only, and not to Device C. The only data that Device A synchronizes to Device C is the data in sub-folder my_app.
Now suppose that you created a pool in the my_app folder. When you created the pool members in that sub-folder, the BIG-IP system automatically created the associated node addresses, putting them in folder /Common. This results in an invalid configuration, because the node data in folder /Common does not get synchronized to the device on which the nodes' pool members reside, Device C. When an object is not synchronized to the device on which its referenced objects reside, an invalid configuration results.
One of the types of device groups that you can create is a Sync-Failover type of device group. A Sync-Failover device group contains devices that synchronize configuration data and fail over to one another when a device becomes unavailable. A maximum of eight devices is supported in a Sync-Failover device group.
A device in a trust domain can belong to one Sync-Failover device group only.
For devices in this type of device group, the BIG-IP® system uses both the device group and the traffic group attributes of a folder to make decisions about which devices to target for synchronizing the contents of the folder, and which objects to include in failover.
In the simplest configuration, you can use the BIG-IP Configuration utility to:
The result is that all folders inherit the default device group and the default traffic group as their device group and traffic group attribute values, causing all BIG-IP configuration data on a BIG-IP device to be synchronized to all devices in that device group, and the objects in traffic-group-1 to fail over to another member of the device group when a device becomes unavailable.
You can use a Sync-Failover device group in a variety of ways. This sample configuration shows two separate Sync-Failover device groups in the local trust domain. Device group A is a standard active/standby configuration. Only Bigip1 normally processes traffic for application A. This means that Bigip1 and Bigip2 synchronize their configurations, and Bigip1 fails over to Bigip2 if Bigip1 becomes unavailable. Bigip1 cannot fail over to Bigip3 or Bigip4 because those devices are in a separate device group.
Device group B is also a standard active/standby configuration, in which Bigip3 normally processes traffic for application B. This means that Bigip3 and Bigip4 synchronize their configurations, and Bigip3 fails over to Bigip4 if Bigip3 becomes unavailable. Bigip3 cannot fail over to Bigip1 or Bigip2 because those devices are in a separate device group.
One of the types of device groups that you can create is a Sync-Only device group. A Sync-Only device group contains devices that synchronize configuration data with one another, but their configuration data does not fail over to other members of the device group. A maximum of 32 devices is supported in a Sync-Only device group.
A device in a trust domain can be a member of more than one Sync-Only device group. A device can also be a member of both a Sync-Failover group and a Sync-Only group.
A typical use of a Sync-Only device group is one in which you configure a device to synchronize the contents of a specific folder to a different device group than to the device group to which the other folders are synchronized.
The most common reason to use a Sync-Only device group is to synchronize a specific folder containing policy data that you want to share across all BIG-IP® devices in a local trust domain, while setting up a Sync-Failover device group to fail over the remaining configuration objects to a subset of devices in the domain. In this configuration, you are using a Sync-Only device group attribute on the policy folder to override the inherited Sync-Failover device group attribute. Note that in this configuration, Bigip1 and Bigip2 are members of both the Sync-Only and the Sync-Failover groups.
To implement this configuration, follow this process.
|Synchronize TO Group||Synchronizes the configuration data on the local device to all device group members.|
|Synchronize FROM Group||Synchronizes the configuration data on other device group members to the local member.|