Applies To:

Show Versions Show Versions

Manual Chapter: Understanding Device Groups
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Types of device groups

You can create two types of devices groups:

Sync-Failover
A Sync-Failover device group contains devices that synchronize configuration data and support traffic groups for failover purposes when a device becomes unavailable. A maximum of eight devices is supported in a Sync-Failover device group.
Sync-Only
A Sync-Only device group contains devices that synchronize configuration data, such as policy data, but do not synchronize failover objects. A maximum of 32 devices is supported in a Sync-Only device group.

A BIG-IP® device can be a member of only one Sync-Failover group. However, a device can be a member of both a Sync-Failover device group and a Sync-Only device group.

Before you configure a device group

The following configuration restrictions apply to Sync-Failover device groups:

  • A device can be a member of one Sync-Failover device group only.
  • On each device in a Sync-Failover device group, the BIG-IP® system automatically assigns the device group name to the root and /Common folders. This ensures that the system synchronizes any traffic groups for that device to the correct devices in the local trust domain.
  • The BIG-IP system creates all traffic-groups in the /Common folder, regardless of the partition to which the system is currently set.
  • If no Sync-Failover device group is defined on a device, then the system sets the device group value that is assigned to the root and /Commonfolders to None.
  • By default, on each device, the BIG-IP system assigns a Sync-Failover device group to any sub-folders of the root or /Common folders that inherit the device group attribute.

A note about folders and overlapping device groups

Sometimes when one BIG-IP® object references another, one of the objects gets synchronized to a particular device, but the other object does not. This can result in an invalid device group configuration.

For example, suppose you create two device groups that share some devices but not all. In the following illustration, Device A is a member of both Device Group 1 and Device Group 2.

Device Group 1 is associated with folder /Common, and Device Group 2 is associated with the sub-folder /Common/my_app. This configuration causes Device A to synchronize all of the data in folder /Common to Device B only, and not to Device C. The only data that Device A synchronizes to Device C is the data in sub-folder my_app.

Now suppose that you created a pool in the my_app folder. When you created the pool members in that sub-folder, the BIG-IP system automatically created the associated node addresses, putting them in folder /Common. This results in an invalid configuration, because the node data in folder /Common does not get synchronized to the device on which the nodes' pool members reside, Device C. When an object is not synchronized to the device on which its referenced objects reside, an invalid configuration results.

Working with Sync-Failover device groups

One of the types of device groups that you can create is a Sync-Failover type of device group. A Sync-Failover device group contains devices that synchronize configuration data and fail over to one another when a device becomes unavailable. A maximum of eight devices is supported in a Sync-Failover device group.

A device in a trust domain can belong to one Sync-Failover device group only.

For devices in this type of device group, the BIG-IP® system uses both the device group and the traffic group attributes of a folder to make decisions about which devices to target for synchronizing the contents of the folder, and which objects to include in failover.

In the simplest configuration, you can use the BIG-IP Configuration utility to:

  1. Create a Sync-Failover device group containing all of local BIG-IP devices.
  2. Assign the device group to the root folder as the default device group.
  3. Assign the default traffic group, traffic-group-1, to the root folder as the default traffic group.

The result is that all folders inherit the default device group and the default traffic group as their device group and traffic group attribute values, causing all BIG-IP configuration data on a BIG-IP device to be synchronized to all devices in that device group, and the objects in traffic-group-1 to fail over to another member of the device group when a device becomes unavailable.

Creating a Sync-Failover device group

Perform this procedure to create a Sync-Failover type of device group. You can perform this task on any authority device within the local trust domain.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. On the Device Group List screen, click Create.
  3. Type a name for the device group, select the device group type Sync-Failover, and type a description for the device group.
  4. Click Next.
  5. Select the IP address and host name for each BIG-IP device that you want to include in the device group. The list shows any devices that are members of the device's local trust domain but not currently members of a Sync-Failover device group. A device can be a member of one Sync-Failover group only.
  6. Click Next.
  7. Check the box labeled Yes, enable network failover for the group.
  8. Click Next.
  9. Click Finished.
You now have a Sync-Failover type of device group containing BIG-IP devices as members.

Configuring failover settings on a device group

You use this procedure to configure some failover settings for a specific device group.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. In the Group Name column, click the name of a device group.
  3. On the menu bar, click Failover.
  4. In the Link Down Time on Failover field, use the default value of 0.0, or specify a new value. This setting specifies the amount of time, in seconds, that interfaces for any VLANs on external devices are down when a traffic group fails over and goes to the Standby state. Specifying a value other than 0.0 for this setting causes other vendor switches to use the specified time to learn the MAC address of the newly-active device.
  5. Click Save Changes.

Sample Sync-Failover configuration

You can use a Sync-Failover device group in a variety of ways. This sample configuration shows two separate Sync-Failover device groups in the local trust domain. Device group A is a standard active/standby configuration. Only Bigip1 normally processes traffic for application A. This means that Bigip1 and Bigip2 synchronize their configurations, and Bigip1 fails over to Bigip2 if Bigip1 becomes unavailable. Bigip1 cannot fail over to Bigip3 or Bigip4 because those devices are in a separate device group.

Device group B is also a standard active/standby configuration, in which Bigip3 normally processes traffic for application B. This means that Bigip3 and Bigip4 synchronize their configurations, and Bigip3 fails over to Bigip4 if Bigip3 becomes unavailable. Bigip3 cannot fail over to Bigip1 or Bigip2 because those devices are in a separate device group.

Working with Sync-Only device groups

One of the types of device groups that you can create is a Sync-Only device group. A Sync-Only device group contains devices that synchronize configuration data with one another, but their configuration data does not fail over to other members of the device group. A maximum of 32 devices is supported in a Sync-Only device group.

A device in a trust domain can be a member of more than one Sync-Only device group. A device can also be a member of both a Sync-Failover group and a Sync-Only group.

A typical use of a Sync-Only device group is one in which you configure a device to synchronize the contents of a specific folder to a different device group than to the device group to which the other folders are synchronized.

Creating a Sync-Only device group

Use this procedure to create a Sync-Only type of device group. You can perform this task on any BIG-IP® device within the local trust domain.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. On the Device Group List screen, click Create.
  3. Type a name for the device group, select the device group type Sync-Only, and type a description for the device group.
  4. Click Next.
  5. Select the IP address and host name for each BIG-IP device that you want to include in the device group. The list shows any devices that are members of the device's local trust domain.
  6. Click Next.
  7. Select the check box labeled Yes, automatically sync the configuration between devices.
  8. Click Next.
  9. Click Finished.
You now have a Sync-Only type of device group containing BIG-IP devices as members.

Enabling and disabling Automatic Sync

For Sync-Only device groups, you can choose to either automatically or manually synchronize configuration data in a device group.
Note: For Sync-Failover device groups, the BIG-IP® system supports manual synchronization only.
You can use the BIG-IP® Configuration utility to enable or disable automatic synchronization. When enabled, this feature causes any BIG-IP device in the device group to synchronize its configuration data to the other members of the device group whenever that data changes.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. In the Group Name column, click the name of the relevant device group.
  3. On the menu bar, click Config Sync.
  4. For the Sync Type setting, clear or select the Automatic Sync box.
  5. Click Save Changes.

Sample Sync-Only configuration

The most common reason to use a Sync-Only device group is to synchronize a specific folder containing policy data that you want to share across all BIG-IP® devices in a local trust domain, while setting up a Sync-Failover device group to fail over the remaining configuration objects to a subset of devices in the domain. In this configuration, you are using a Sync-Only device group attribute on the policy folder to override the inherited Sync-Failover device group attribute. Note that in this configuration, Bigip1 and Bigip2 are members of both the Sync-Only and the Sync-Failover groups.

To implement this configuration, follow this process.

  1. Create a Sync-Only device group on the local device, adding all devices in the local trust domain as members.
  2. Create a Sync-Failover device group on the local device, adding a subset of devices as members.
  3. On the folder containing the policy data, use tmsh to set the value of the device group attribute to the name of the Sync-Only device group.
  4. On the root folder, retain the default Sync-Failover device group assignment.

More about device groups

Viewing a list of device group members

You can list the members of a device group and view information about them, such as their management IP addresses and host names.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. In the Group Name column, click the name of the relevant device group.
The screen shows a list of the device group members.

Adding a device to a device group

Prerequisite: You must ensure that the device you are adding is a member of the local trust domain.
Use this procedure to add a member to an existing device group.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. In the Group Name column, click the name of the relevant device group.
  3. In the Members area of the screen, click Add. This action displays a list of the devices in the local trust domain.
  4. Check the box for the member you want to add to the device group. The displayed list shows any devices that are members of the device's local trust domain. If you are attempting to add a member to a Sync-Failover group and you do not see the member name in the list, it is possible that the device is already a member of another Sync-Failover device group. A device can be a member of one Sync-Failover group only.
  5. Click Add. The device appears in the list of device group members.

Determining config sync status

You can use the BIG-IP® Configuration utility to view the config sync status of a device group and each of its members.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. In the Group Name column, click the name of the relevant device group.
  3. On the menu bar, click Config Sync.

Manually synchronizing the BIG-IP configuration

You can manually synchronize the BIG-IP® configuration to or from other device group members. To determine if a manual config sync is necessary, you can list the members of the device group and view the synchronization status of each member.
Note: When synchronizing self IP addresses, the BIG-IP system synchronizes floating self IP addresses only. Static self IP addresses are not synchronized. Also, for Sync-Only device groups, you can configure automatic synchronization.
  1. On the Main tab, click Device Management > Device Groups. This displays a list of existing device groups, if any.
  2. In the Group Name column, click the name of the relevant device group.
  3. On the menu bar, click Config Sync.
  4. Determine a direction for synchronization, and then click one of these buttons:
    Option Description
    Synchronize TO Group Synchronizes the configuration data on the local device to all device group members.
    Synchronize FROM Group Synchronizes the configuration data on other device group members to the local member.
Except for static self IP addresses, the entire set of BIG-IP configuration data is replicated on each device in the device group.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)