Applies To:

Show Versions Show Versions

Manual Chapter: Creating a Basic BIG-IP WOM Configuration for an ActiveStandby Pair
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Configuring BIG-IP WOM for high availability

When you are configuring WAN optimization, you can avoid a single point of failure by setting up a pair of BIG-IP WOM devices in an active/standby configuration, in place of a single BIG-IP WOM device, on one or both sides of the WAN. To configure two BIG-IP WOM devices for high availability, set up redundancy as you would for any two BIG-IP systems, and then set up WAN optimization using the floating IP address as the WAN self IP address of the local endpoint for both BIG-IP WOM systems. For WAN optimization, you can use only the active/standby redundancy mode (not the active-active mode).

Note: Deduplication failure or restart does not trigger the failover mechanism. Restarting deduplication on the same BIG-IP system is a more effective recovery method than changing BIG-IP platforms by failover.

The following illustration shows an example of a redundant BIG-IP WOM configuration on one side of the WAN. For optimization to take place, you must also configure a BIG-IP WOM system on the other side of the WAN. As long as you configure an iSession connection across the WAN, it does not matter what configuration you choose for the BIG-IP WOM system on the other side.

Example of a redundant WOM configuration Example of a redundant WOM configuration

Overview: Creating a basic active/standby configuration

This implementation describes how to configure two new BIG-IP devices that function as an active/standby pair. An active/standby pair is a pair of BIG-IP devices configured so that one device is actively processing traffic while the other device remains ready to take over if failover occurs. The two devices synchronize their configuration data and can fail over to one another in the event that one of the devices becomes unavailable.

Important: The same version of BIG-IP system software must be running on all devices in the device group.

First, you can run the Setup utility on each device to configure base network components (that is, a management port, administrative passwords, and the default VLANs and their associated self IP addresses). Continue running it on each device to establish a trust relationship between the two devices, and create a Sync-Failover type of device group that contains two member devices.

After the Setup utility is run on both devices, each device contains the default traffic group that the BIG-IP system automatically created during setup. A traffic group represents a set of configuration objects (such as floating self IP addresses and virtual IP addresses) that process application traffic. This traffic group actively processes traffic on one of the two devices, making that device the active device. When failover occurs, the traffic group will become active on (that is, float to) the peer BIG-IP device.

By default, the traffic group contains the floating self IP addresses of the default VLANs. Whenever you create additional configuration objects such as self IP addresses, virtual IP addresses, and SNATs, the system automatically adds these objects to the default traffic group.

Task summary

The configuration process for a redundant pair of BIG-IP WOM systems entails running the Setup utility on both BIG-IP WOM devices. Complete these Setup utility tasks to properly configure both BIG-IP WOM devices for an active/standby implementation on one side of the WAN.

Note: Although BIG-IP WOM does not support connection mirroring, the mirroring task is included as part of the Setup utility flow.

Task list

Licensing and provisioning the BIG-IP system

Using the Setup utility, you can activate the license and provision the BIG-IP system.
  1. In a browser window, type the URL that specifies the management IP address of the BIG-IP device: https://<management_IP_address>. The login screen for the Configuration utility opens.
  2. At the login prompt, type user name admin, and password admin, and click Log in.
    Tip: admin/admin are the default login values.
    The Setup utility screen opens.
  3. Click Next.
  4. Click Activate. The License screen opens.
  5. In the Base Registration Key field, paste the registration key.
  6. Click Next and follow the process for licensing and provisioning the BIG-IP system.
  7. Click Next. This displays the screen for configuring general properties and user administration settings.
The BIG-IP system license is now activated, and the relevant BIG-IP modules are provisioned.

Configuring the management port and administrative user accounts

Configure the management port, time zone, and the administrative user names and passwords.
  1. On the screen for configuring general properties, for the Management Port Configuration setting, select Manual and specify the IP address, network mask, and default gateway.
  2. In the Host Name field, type a fully-qualified domain name (FQDN) for the system. You must type letters, numbers, and/or the characters underscore ( _ ), dash ( - ) and period ( . ).
  3. For the Host IP Address setting, retain the default value Use Management Port IP Address.
  4. From the Time Zone list, select a time zone. The time zone you select typically reflects the location of the BIG-IP system.
  5. For the Root Account setting, type and confirm a password for the root account. The root account provides console access only.
  6. For the Admin Account setting, type and confirm a password. Typing a password for the admin account causes the system to terminate the login session. When this happens, log in to the BIG-IP Configuration utility again, using the new password. The system returns to the appropriate screen in the Setup utility.
  7. For the SSH Access setting, select or clear the check box.
  8. From the SSH IP Allow list, retain the default value of *All Addresses, or specify a range.
  9. Click Next.
  10. In the Standard Network Configuration area of the screen, click Next. This displays the screen for enabling configuration synchronization and high availability.

Example of management port and user account configuration

The following example shows a completed Setup utility screen for configuring the management port and user accounts.

Example management port and user account configuration Example of a management port and user account configuration

Enabling ConfigSync and high availability

When you perform this task, the Setup utility enables ConfigSync and connection mirroring, and allows you to specify the failover method (network, serial, or both).
  1. For the Config Sync setting, select the Display configuration synchronization options check box. This causes an additional ConfigSync screen to be displayed later.
  2. For the High Availability setting, select the Display failover and mirroring options check box. This displays the Failover Method list and causes additional failover screens to be displayed later.
  3. From the Failover Method list, select Network and serial cable. If you have a VIPRION system, select Network.
  4. Click Next. This displays the screen for configuring the default VLAN internal.

Configuring the internal network

Specify self IP addresses and settings for VLAN internal, which is the default VLAN for the internal network.
  1. Specify the Self IP setting for the internal network:
    1. In the Address field, type a self IP address.
    2. In the Netmask field, type a network mask for the self IP address.
    3. For the Port Lockdown setting, retain the default value.
  2. Specify the Floating IP setting:
    1. In the Address field, type a floating IP address. This address should be distinct from the address you type for the Self IP setting.
    2. For the Port Lockdown setting, retain the default value.
  3. For the VLAN Tag ID setting, retain the default value, auto. This is the recommended value.
  4. For the VLAN Interfaces setting, click the interface 1.1 and, using the Move button, move the interface number from the Available list to the Untagged list.
  5. Click Next. This completes the configuration of the internal self IP addresses and VLAN, and displays the screen for configuring the default VLAN external.

Example of internal network configuration

The following example shows a completed Setup utility screen for configuring an internal VLAN.

Example internal VLAN configuration Example of an internal VLAN configuration

Configuring the external network

Specify self IP addresses and settings for VLAN external, which is the default VLAN for the external network.
  1. Specify the Self IP setting for the external network:
    1. In the Address field, type a self IP address.
    2. In the Netmask field, type a network mask for the self IP address.
    3. For the Port Lockdown setting, retain the default value.
  2. In the Default Gateway field, type the IP address that you want to use as the default gateway to VLAN external.
  3. Specify the Floating IP setting:
    1. In the Address field, type a floating IP address. This address should be distinct from the address you type for the Self IP setting.
    2. For the Port Lockdown setting, retain the default value.
  4. For the VLAN Tag ID setting, retain the default value, auto. This is the recommended value.
  5. For the VLAN Interfaces setting, click the interface 1.2 and, using the Move button, move the interface number from the Available list to the Untagged list.
  6. Click Next. This completes the configuration of the external self IP addresses and VLAN, and displays the screen for configuring the default VLAN HA.

Example of external network configuration

The following example shows a completed Setup utility screen for configuring an external VLAN.

Example external VLAN configuration Example of an external VLAN configuration

Configuring the network for high availability

To configure a network for high availability, specify self IP addresses and settings for VLAN HA, which is the VLAN that the system will use for failover and connection mirroring.
  1. For the High Availability VLAN setting, retain the default value, Create VLAN HA.
  2. Specify the Self IP setting for VLAN HA:
    1. In the Address field, type a self IP address.
    2. In the Netmask field, type a network mask for the self IP address.
  3. For the VLAN Tag ID setting, retain the default value, auto. This is the recommended value.
  4. For the VLAN Interfaces setting, click an interface number, and using the Move button, move the interface number from the Available list to the Untagged list.
  5. Click Next. This configures the self IP address and VLAN that the system will use for high availability and displays the default IP address that the system will use for configuration synchronization.

Configuring a ConfigSync address

Use this task to specify the address that you want the system to use for configuration synchronization.
  1. From the Local Address list, select a self IP address. Do not select a management IP address.
  2. Click Next. This displays the screen for configuring unicast and multicast failover addresses.

Configuring failover and mirroring addresses

Follow these steps to specify the local unicast and mirroring addresses that you want the BIG-IP system to use for high availability. During the final step of running the Setup utility, the system exchanges these addresses with its trusted peer. If you are configuring a VIPRION system, configure a multicast failover address as well.
  1. Locate the Failover Unicast Configuration area of the screen.
  2. Under Local Address, confirm that there are entries for the self IP address that is assigned to the HA and internal and VLANs and for the local management IP address for this device. If these entries are not absent, click the Add button to add the missing entries to the list of Failover Unicast Addresses.
    1. For the Address setting, select the self IP address for the VLAN you need to add (either HA or internal).
    2. In the Port field, type a port number or retain the default port number, 1026.
    3. Either click Repeat to add additional addresses, or click Finished.
  3. Click Next.
  4. From the Primary Local Mirror Address list, retain the default value, which is the self IP address for VLAN HA.
  5. From the Secondary Local Mirror Address list, select the address for VLAN internal.
  6. Click Finished.

Example of mirroring address configuration

The following example shows a completed Setup utility screen for configuring mirroring addresses.

Example mirroring configuration Example of a mirroring configuration

Discovering a peer device

You can use the Setup utility to discover a peer device for the purpose of exchanging failover and mirroring information.

  1. Under Standard Pair Configuration, click Next.
  2. If this is the first device of the pair that you are setting up, then under Configure Peer Device, click Finished. To activate device discovery, you must first run the Setup utility on the peer device.
  3. If this is the second device of the pair that you are setting up:
    1. Under Discover Configured Peer Device, click Next.
    2. Under Remote Device Credentials, specify the Management IP address, Administrator Username, and Administrator Password.
    3. Click Retrieve Device Information.
  4. Click Finished.
After the second device has discovered the first device, the two devices have a trust relationship and constitute a two-member device group. Also, each device in the pair contains a default traffic group named Traffic-Group-1. By default, this traffic group contains the floating IP addresses that you defined for VLANs internaland external.

Example of peer discovery configuration

The following example shows a Setup utility screen for configuring the discovery of a peer device.

Example peer device discovery configuration Example of a peer device discovery configuration

Verifying device trust

After you have used the Setup utility to configure two BIG-IP devices as an active/standby pair, you can verify the trust relationship.
  1. In the navigation pane, click Device Management > Device Trust
  2. Verify that the Trust Status field displays In Sync.
  3. Verify that the peer authority device listed is the BIG-IP device you configured as the peer device.
The following image is an example of the resulting screen from using the Setup utility to configure an active/standby pair of BIG-IP devices.
device trust verification after using the Setup utility Example of device trust verification after using the Setup utility

Verifying members of a device group

After you have used the Setup utility to configure two BIG-IP devices as an active/standby pair, you can verify the members of a device group.
  1. In the navigation pane, click Device Management > Device Groups
  2. Click the device group failover name link.
  3. Verify that the two group members are the peer BIG-IP devices you configured.
The following image is an example of the resulting screen from using the Setup utility to configure an active/standby pair of BIG-IP devices.
device group membership after using the Setup utility Example of device group membership after using the Setup utility

Configuring WAN optimization

After you have used the Setup utility to configure a pair of BIG-IP WOM systems for high availability, you can configure WAN optimization on each system using the Quick Start screen.
  1. On the Main tab, click WAN Optimization > Quick Start.
  2. In the WAN Self IP Address field, type the IP address you used for the Floating IP setting when you set up the external VLAN on the same system.
  3. Verify that the Discovery setting is set to Enabled. If you disable the Discovery setting, or discovery fails, you must manually configure any remote endpoints and advertised routes.
  4. Specify the VLANs on which the virtual servers on this system receive incoming traffic.
    • For the LAN VLANs setting, select the VLANs that receive incoming LAN traffic destined for the WAN.
    • For the WAN VLANs setting, select the VLANs that receive traffic from the WAN through an iSession connection.
  5. In the Authentication area, for the Outbound iSession to WAN setting, select the SSL profile to use for all encrypted outbound iSession connections. To get WAN optimization up and running, you can use the default selection serverssl, but you need to customize this profile for your production environment.
  6. For the Inbound iSession from WAN setting, leave the default selection wom-default-clientssl or select another SSL profile for which the Non-SSL Connections setting is enabled.
  7. In the IP Encapsulation area, from the IP Encapsulation Type list, select the encapsulation type, if any, for outbound iSession traffic.
    1. If you select IPsec, select an IPsec policy from the IPSEC Policy list that appears, or retain the default, default-ipsec-policy-isession.
    2. If you select IPIP, the system uses the IP over IP tunneling protocol, and no additional encapsulation setting is necessary.
    3. If you select GRE, select a GRE profile from the GRE Profile list that appears, or retain the default, gre.
  8. Select the applications you want to optimize by selecting the adjacent check boxes in the Create Optimized Applications list. To secure and encrypt data, enable the Data Encryption setting for each optimized application you select. If you selected IPsec for the IP Encapsulation Type, the IPsec policy you selected determines encryption of TCP traffic.
  9. Click Apply.
The system creates the necessary virtual servers and associated profiles to optimize the selected application traffic, as indicated by the green check marks in the Optimizations Enabled column on the Quick Start screen. If your network supports IPv6, the BIG-IP WOM automatically creates virtual servers for both IPv6 and IPv4 networks, and then selects the appropriate virtual server to use. The following example of a completed Quick Start screen shows a configuration that optimizes HTTP traffic. BIG-IP WOM uses the floating IP address specified in the WAN Self IP Address field as the local endpoint for iSession connections.
completed WOM Quick Start screen Example of completed WOM Quick Start screen
To complete the high availability configuration, repeat this task on the paired BIG-IP WOM system. To complete the WAN optimization setup, repeat this task on the BIG-IP WOM system on the other side of the WAN.

Implementation result

To summarize, you now have the following BIG-IP configuration on each device of the pair:

  • A management port, management route, and administrative passwords defined.
  • A VLAN named internal, with one static and one floating IP address.
  • A VLAN named external, with one static and one floating IP address.
  • A VLAN named HA with a static IP address.
  • Configuration synchronization, failover, and mirroring enabled.
  • Failover methods of serial cable and network (or network-only, for a VIPRION platform.
  • A designation as an authority device, where trust was established with the peer device.
  • A Sync-Failover type of device group with two members defined.
  • A default traffic group that floats to the peer device to process application traffic when this device becomes unavailable. This traffic group contains two floating self IP addresses for VLANs internal and external.
  • One end of an iSession connection for WAN traffic optimization.

On either device in the device group, you can create additional configuration objects, such as virtual IP addresses and SNATs. The system automatically adds these objects to Traffic-Group-1.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)