You can configure BIG-IP Link Controller in an active-standby configuration, which is a set of two Link Controller systems: one operating as the active unit, the other operating as the standby unit. If the active unit in the active traffic group goes offline, the standby unit immediately assumes responsibility for managing traffic. The new active unit remains active until another event occurs that would cause the unit to go offline, or you manually reset the status of each unit.
This illustration shows Link Controller devices in an active-standby configuration.
Before you set up an active-standby BIG-IPLink Controller configuration, you must configure these BIG-IP components on each device that you intend to include in the device group.
|Hardware, licensing, and provisioning||Devices in a device group must match with respect to product licensing and module provisioning. Heterogeneous hardware platforms within a device group are supported.|
|BIG-IP software version||Each device must be running BIG-IP version 11.x. This ensures successful configuration synchronization.|
|Management IP addresses||Each device must have a management IP address, a network mask, and a management route defined.|
|FQDN||Each device must have a fully-qualified domain name (FQDN) as its host name.|
|User name and password||Each device must have a user name and password defined on it that you will use when logging in to the BIG-IP Configuration utility.|
|root folder properties||The platform properties for the root folder must be set correctly (Sync-Failover and traffic-group-1).|
|VLANs||You must create these VLANs on each device, if you have not already done so:
|Self IP addresses||You must create these self IP addresses on each device, if you have not already
Note: When you create floating self IP addresses, the BIG-IP system automatically adds them to the default floating traffic group, traffic-group-1. To add a self IP address to a different traffic group, you must modify the value of the self IP address Traffic Group property.
Important: If the BIG-IP device you are configuring is accessed using Amazon Web Services, then the IP address you specify must be the floating IP address for high availability fast failover that you configured for the EC2 instance.
|Port lockdown||For self IP addresses that you create on each device, you should verify that the Port Lockdown setting is set to Allow All, All Default, or Allow Custom. Do not specify None.|
|Application-related objects||You must create any virtual IP addresses and optionally, SNAT translation addresses, as part of the local traffic configuration. You must also configure any iApp application services if they are required for your application. When you create these addresses or services, the objects automatically become members of the default traffic group traffic-group-1.|
|Time synchronization||The times set by the NTP service on all devices must be synchronized. This is a requirement for configuration synchronization to operate successfully.|
|Device certificates||Verify that each device includes an x509 device certificate. Devices with device certificates can authenticate, and thus, trust one another, which is a prerequisite for device-to-device communication and data exchange.|
Use the tasks in this implementation to create a two-member device group, with one active traffic group that syncs the BIG-IP configuration to the peer device and provides failover capability if the peer device goes offline.
Before you begin this task, verify that:
By default, the BIG-IP software includes a local trust domain with one member, which is the local device. You can choose any one of the BIG-IP devices slated for a device group and log into that device to add other devices to the local trust domain.
Specify the local self IP address that you want other devices in a device group to use when mirroring their connections to this device. Connection mirroring ensures that in-process connections for an active traffic group are not dropped when failover occurs.
|Appliance without vCMP||Type a static self IP address associated with an internal VLAN (preferably VLAN HA) and the static management IP address currently assigned to the device.|
|Appliance with vCMP||Type a static self IP address associated with an internal VLAN (preferably VLAN HA) and the unique management IP address currently assigned to the guest.|
|VIPRION without vCMP||Type a static self IP address associated with an internal VLAN (preferably VLAN HA). If you choose to specify unicast addresses only (and not a multicast address), you must also type the existing, static management IP addresses that you previously configured for all slots in the cluster. If you choose to specify one or more unicast addresses and a multicast address, then you do not need to specify the existing, per-slot static management IP addresses when configuring addresses for failover communication.|
|VIPRION with vCMP||Type a self IP address that is defined on the guest and associated with an internal VLAN on the host (preferably VLAN HA). If you choose to specify unicast failover addresses only (and not a a multicast address), you must also type the existing, virtual static management IP addresses that you previously configured for all slots in the guest's virtual cluster. If you choose to specify one or more unicast addresses and a multicast address, you do not need to specify the existing, per-slot static and virtual management IP addresses when configuring addresses for failover communication.|
This task establishes failover capability between two or more BIG-IP devices. If an active device in a Sync-Failover device group becomes unavailable, the configuration objects fail over to another member of the device group and traffic processing is unaffected. You perform this task on any one of the authority devices within the local trust domain.
Repeat this task for each Sync-Failover device group that you want to create for your network configuration.