The Traffic Management Operation System® (TMOS®) within the BIG-IP® system includes an underlying architecture that makes it possible for you to create a redundant system configuration, known as device service clustering (DSC), for multiple BIG-IP devices on a network. This redundant system architecture provides both synchronization of BIG-IP configuration data and high availability at user-defined levels of granularity. More specifically, you can configure a BIG-IP device on a network to:
If you have two BIG-IP devices only, you can create either an active/standby or an active-active configuration. With more than two devices, you can create a configuration in which multiple devices are active and can fail over to one of many, if necessary.
By setting up a redundant system configuration, you ensure that BIG-IP configuration objects are synchronized and can fail over at useful levels of granularity to appropriate BIG-IP devices on the network. You also ensure that failover from one device to another, when enabled, occurs seamlessly, with minimal interruption in application delivery.
BIG-IP® redundant system configuration is based on a few key components.
A device is a physical or virtual BIG-IP system, as well as a member of a local trust domain and a device group. Each device member has a set of unique identification properties that the BIG-IP® system generates.
A device group is a collection of BIG-IP® devices that trust each other and can synchronize, and sometimes fail over, their BIG-IP configuration data.
You can create two types of devices groups:
A BIG-IP device can be a member of only one Sync-Failover group. However, a device can be a member of both a Sync-Failover device group and a Sync-Only device group.
To minimize issues with config sync, failover, or mirroring, F5 Networks recommends as a best practice that devices in a device group match as closely as possible with respect to hardware platform, product licensing, and module provisioning. At a minimum, mirroring requires that the hardware platforms of the mirrored devices match, and config sync between devices requires that the devices are running the same version of BIG-IP system software.
A traffic group is a collection of related configuration objects (such as a virtual IP address and a self IP address) that run on a BIG-IP device and process a particular type of application traffic. When a BIG-IP device becomes unavailable, a traffic group can float to another device in a device group to ensure that application traffic continues to be processed with little to no interruption in service.
Underlying successful operation of device groups and traffic groups is a feature known as device trust. Device trust establishes trust relationships between BIG-IP devices on the network, through mutual certificate-based authentication. A trust domain is a collection of BIG-IP devices that trust one another and can therefore synchronize and fail over their BIG-IP configuration data, as well as exchange status and failover messages on a regular basis. A local trust domain is a trust domain that includes the local device, that is, the device you are currently logged in to.
Folders and sub-folders are containers for the configuration objects on a BIG-IP device. For every administrative partition on the BIG-IP system, there is a high-level folder. At the highest level of the folder hierarchy is a folder named root. The BIG-IP system uses folders to affect the level of granularity to which it synchronizes configuration data to other devices in the device group. You can create sub-folders within a high-level folder, using tmsh.
When you have more than one BIG-IP® device on the local area network, you can synchronize their BIG-IP configuration data among devices in a device group. If you want to exclude certain devices from configuration synchronization, you simply exclude them from membership in that particular device group.
You can synchronize some types of data on a global level across all BIG-IP devices, while synchronizing other data in a more granular way, on an individual application level to a subset of devices. For example, you can set up a large device group to synchronize resource and policy data (such as iRules® and profiles) among all BIG-IP devices in a data center, while setting up a smaller device group for synchronizing application-specific data (such as virtual IP addresses) between the specific devices that are delivering those applications.
To set up configuration synchronization, you perform these tasks:
When you have more than one BIG-IP® device on the local area network, you can configure a device to fail over a user-specified set of configuration objects (that is, a traffic group) to any of the devices in a device group. This selective failover gives you granular control of configuration objects that you want to include in failover operations.
Group-based failover means that multiple devices are available for the BIG-IP system to choose from to assume traffic processing for an off-line device. Also, if you want to exclude certain devices from being peers in failover operations, you simply exclude them from membership in that particular device group.
To set up failover, you perform these tasks:
The way that you set up redundancy on a BIG-IP® device depends on the required configuration.
|Existing active/standby pair||If you want to upgrade an active/standby pair to the latest version of the BIG-IP system, the upgrade software performs all redundant system configuration tasks for you, on each device, including establishing device trust between the two systems, creating a device group with two members, and creating a default traffic group.|
|New active/standby pair||If you want to set up a new pair of BIG-IP devices as an active/standby pair, you simply run the Setup utility wizard (on each device), available from the BIG-IP® Configuration utility Welcome screen. Like the upgrade procedure, the Setup utility performs all redundant system configuration tasks for you, but based on information you provide. This includes establishing device trust between the two systems, creating a device group with two members, and creating a default traffic group.|
|Existing active/standby pair converted to active-active pair||If you have an existing active/standby pair and want to convert it to an active-active pair, you can upgrade the active/standby pair to the latest version of the BIG-IP system, and then use the BIG-IP® Configuration utility Traffic Group screens to convert the pair to an active-active pair.|
|Multiple new BIG-IP devices||If you want to set up multiple new BIG-IP devices in a redundant system configuration, you can run the Setup utility wizard, and then use the BIG-IP® Configuration utility Platform, Device Management, and Traffic Group screens to configure some advanced features.|
When you create a device group, you can specify whether you want the BIG-IP® system to use a serial cable or the network for failover operations.
The tmsh utility includes a set of debugging commands for troublehsooting Sync-Only and Sync-Failover device group operations. For detailed reference material on tmsh commands, see the F5 Networks Technical Support web site http://support.f5.com.
|sniff-updates||Displays the commit ID updates that occur over the CMI communications channel.|
|watch-devicegroup-device||Displays information about the devices in the device group to which the local device belongs.|
|watch-sys-device||Displays information about the local device.|
|watch-trafficgroup-device||Displays information about the traffic groups associated with devices in a device group.|