The most common TMOS® device service clustering (DSC™) implementation is an active-standby configuration, where a single traffic group is active on one of the devices in the device group and is in a standby state on a peer device. If failover occurs, the standby traffic group on the peer device becomes active and begins processing the application traffic.
To implement this DSC implementation, you can create a Sync-Failover device group. A Sync-Failover device group with two members and one traffic group provides configuration synchronization and device failover.
If the device with the active traffic group goes offline, the traffic group becomes active on the peer device, and application processing is handled by that device.
The way you configure device service clustering (DSC) on a VIPRION® system varies depending on whether the system is provisioned to run the vCMP® feature.
On a VIPRION system that is not provisioned for vCMP, the management IP address that you specify for establishing device trust and enabling failover should be the system's primary cluster IP address. This is a floating management IP address.
On a vCMP system, the devices in a device group are virtual devices, known as vCMP guests. You configure config sync and failover to occur between equivalent vCMP guests in separate chassis.
For example, if you have a pair of VIPRION systems running vCMP, and each system has three vCMP guests, you can create a separate device group for each pair of equivalent guests. The Table shows an example.
|Device groups for vCMP||Device group members|
By isolating guests into separate device groups, you ensure that each guest synchronizes and fails over to its equivalent guest.
The self IP addresses that you specify per guest for config sync and failover should be the self IP addresses that you previously configured on the guest (not the host). Similarly, the management IP address that you specify per guest for device trust and failover should be the cluster IP address of the guest.
Use the tasks in this implementation to create a device group that syncs the BIG-IP® configuration to the peer device and provides failover capability if the peer device goes offline. Note that on a vCMP® system, the devices in a specific device group are vCMP guests, one per chassis.
Before you set up device service clustering (DSC), you must configure these BIG-IP components on each device that you intend to include in the device group.
|Hardware, licensing, and provisioning||Devices in a device group must match as closely as possible with respect to hardware platform, product licensing, and module provisioning. If you want to configure mirroring, ensure that the hardware platforms of the mirrored devices match.|
|BIG-IP software version||Each device must be running BIG-IP version 11.x. This ensures successful configuration synchronization.|
|Management IP addresses||Each device must have a management IP address, a network mask, and a management route defined.|
|FQDN||Each device must have a fully-qualified domain name (FQDN) as its host name.|
|User name and password||Each device must have a user name and password defined on it that you will use when logging in to the BIG-IP Configuration utility.|
|root folder properties||The platform properties for the root folder must be set correctly (Sync-Failover and traffic-group-1).|
|VLANs||For non-vCMP systems, you must create these VLANs on each device if you have not
already done so:
|Self IP addresses||For non-vCMP systems, you must create these self IP addresses on each device if
you have not already done so:
Note: When you create self IP addresses, they are floating addresses by default because the BIG-IP system automatically adds the addresses to the default floating traffic group, traffic-group-1. To create non-floating self IP addresses, you must explicitly change the value of the Traffic Group setting on the Self IP Create screen to traffic-group-local-only.
|Port lockdown||For self IP addresses that you create on each device, you should verify that the Port Lockdown setting is set to Allow All, All Default, or Allow Custom. Do not specify None.|
|Application-related objects||You must create any virtual IP addresses and, optionally, SNAT translation addresses, as part of BIG-IP Local Traffic Manager configuration. You must also configure any iApps application services if they are required for your application. When you create these addresses or services, the objects automatically become members of the default traffic group, traffic-group-1.|
|Time synchronization||The times set by the NTP service on all devices must be synchronized. This is a requirement for configuration synchronization to operate successfully.|
|Device certificates||Verify that each device includes an x509 device certificate. Devices with device certificates can authenticate and therefore trust one another, which is a prerequisite for device-to-device communication and data exchange.|
You now have a Sync-Failover device group set up with an active-standby configuration. In this configuration, each traffic group is initially configured to be active on one device. If one device goes offline, the traffic group that was active on that device becomes active on the other device in the group. Application processing for both traffic groups continues without interruption.